package defpackage;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import com.davemorrissey.labs.subscaleview.BuildConfig;
import de.incloud.etmo.api.error.AndroidKeyStoreException;
import de.incloud.etmo.bouncycastle.asn1.ASN1Encodable;
import de.incloud.etmo.bouncycastle.asn1.ASN1Enumerated;
import de.incloud.etmo.bouncycastle.asn1.ASN1InputStream;
import de.incloud.etmo.bouncycastle.asn1.ASN1Integer;
import de.incloud.etmo.bouncycastle.asn1.ASN1OctetString;
import de.incloud.etmo.bouncycastle.asn1.ASN1Primitive;
import de.incloud.etmo.bouncycastle.asn1.ASN1Sequence;
import de.swm.mobitick.repository.LogRepository;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.KeySpec;
import java.util.Base64;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import kotlin.Unit;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;

/* loaded from: classes3.dex */
public final class te {

    /* renamed from: a, reason: collision with root package name */
    public int f26535a = -2;

    public static int a(X509Certificate[] x509CertificateArr) {
        BigInteger value;
        byte[] extensionValue = x509CertificateArr[0].getExtensionValue("1.3.6.1.4.1.11129.2.1.17");
        Intrinsics.checkNotNullExpressionValue(extensionValue, "attestationCert.getExten…DESCRIPTION_OID\n        )");
        if (!(!(extensionValue.length == 0))) {
            throw new IllegalArgumentException("Couldn't find the keystore attestation extension data.".toString());
        }
        ASN1InputStream aSN1InputStream = new ASN1InputStream(extensionValue);
        try {
            ASN1Primitive readObject = aSN1InputStream.readObject();
            Intrinsics.checkNotNull(readObject, "null cannot be cast to non-null type de.incloud.etmo.bouncycastle.asn1.ASN1OctetString");
            byte[] octets = ((ASN1OctetString) readObject).getOctets();
            Intrinsics.checkNotNullExpressionValue(octets, "asn1InputStream.readObje…s ASN1OctetString).octets");
            aSN1InputStream = new ASN1InputStream(octets);
            try {
                ASN1Primitive readObject2 = aSN1InputStream.readObject();
                Intrinsics.checkNotNull(readObject2, "null cannot be cast to non-null type de.incloud.etmo.bouncycastle.asn1.ASN1Sequence");
                ASN1Sequence aSN1Sequence = (ASN1Sequence) readObject2;
                Unit unit = Unit.INSTANCE;
                CloseableKt.closeFinally(aSN1InputStream, null);
                CloseableKt.closeFinally(aSN1InputStream, null);
                Intrinsics.checkNotNull(aSN1Sequence);
                ASN1Encodable asn1Value = aSN1Sequence.getObjectAt(1);
                Intrinsics.checkNotNullExpressionValue(asn1Value, "extensionData.getObjectA…L_INDEX\n                )");
                Intrinsics.checkNotNullParameter(asn1Value, "asn1Value");
                if (asn1Value instanceof ASN1Integer) {
                    value = ((ASN1Integer) asn1Value).getValue();
                } else {
                    if (!(asn1Value instanceof ASN1Enumerated)) {
                        throw new IllegalArgumentException("Integer value expected; found " + asn1Value.getClass().getName() + " instead.");
                    }
                    value = ((ASN1Enumerated) asn1Value).getValue();
                }
                int intValue = value.intValue();
                d("Attestation SecurityLevel From Chain (" + intValue + ')');
                return intValue;
            } finally {
            }
        } catch (Throwable th2) {
            try {
                throw th2;
            } finally {
            }
        }
    }

    public static void d(String message) {
        Intrinsics.checkNotNullParameter("MoticsKH", LogRepository.Schema.COLUMN_NAME_TAG);
        Intrinsics.checkNotNullParameter(message, "message");
    }

    public final synchronized String b(byte[] challenge, String alias) {
        List list;
        String str;
        Intrinsics.checkNotNullParameter(challenge, "challenge");
        Intrinsics.checkNotNullParameter(alias, "alias");
        try {
            KeyGenParameterSpec build = e(alias).setAttestationChallenge(challenge).build();
            Intrinsics.checkNotNullExpressionValue(build, "getKeyGenSpecBuilder(ali…llenge(challenge).build()");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
            d("KeyStore access: getAttestation()");
            KeyStore f10 = f();
            if (f10 == null) {
                throw new AndroidKeyStoreException("KeyStore Access failed");
            }
            Certificate[] certificateChain = f10.getCertificateChain(alias);
            Intrinsics.checkNotNullExpressionValue(certificateChain, "keyStore.getCertificateChain(alias)");
            list = ArraysKt___ArraysKt.toList(certificateChain);
            str = BuildConfig.FLAVOR;
            byte[] bytes = "\n".getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
            Base64.Encoder mimeEncoder = Base64.getMimeEncoder(64, bytes);
            Iterator it = list.iterator();
            while (it.hasNext()) {
                String str2 = str + "-----BEGIN CERTIFICATE-----\n";
                str = (str2 + mimeEncoder.encodeToString(((Certificate) it.next()).getEncoded())) + "\n-----END CERTIFICATE-----\n";
            }
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                byte[] bytes2 = str.getBytes(Charsets.UTF_8);
                Intrinsics.checkNotNullExpressionValue(bytes2, "this as java.lang.String).getBytes(charset)");
                Collection<? extends Certificate> generateCertificates = certificateFactory.generateCertificates(new ByteArrayInputStream(bytes2));
                Intrinsics.checkNotNull(generateCertificates, "null cannot be cast to non-null type kotlin.collections.Collection<java.security.cert.X509Certificate>");
                this.f26535a = a((X509Certificate[]) generateCertificates.toArray(new X509Certificate[0]));
            } catch (Exception unused) {
                d("Error parsing SecurityLevel from attestationChain");
            }
        } catch (Exception e10) {
            throw new AndroidKeyStoreException(e10.getMessage());
        }
        return str;
    }

    public final synchronized void c() {
        try {
            d("KeyStore access: generateKeyPair()");
            KeyStore f10 = f();
            if (f10 == null) {
                throw new AndroidKeyStoreException("KeyStore Access failed");
            }
            if (!f10.containsAlias("moticsAlias")) {
                KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("moticsAlias", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).setRandomizedEncryptionRequired(true).build();
                Intrinsics.checkNotNullExpressionValue(build, "Builder(\n               …                 .build()");
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                keyGenerator.init(build, new SecureRandom());
                keyGenerator.generateKey();
                d("Created new key pair");
            }
        } catch (Exception e10) {
            throw new AndroidKeyStoreException(e10.getMessage());
        }
    }

    public final synchronized KeyGenParameterSpec.Builder e(String str) {
        KeyGenParameterSpec.Builder digests;
        digests = new KeyGenParameterSpec.Builder(str, 12).setKeySize(256).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setDigests("SHA-256");
        Intrinsics.checkNotNullExpressionValue(digests, "Builder(alias, purposes)…Properties.DIGEST_SHA256)");
        return digests;
    }

    public final synchronized KeyStore f() {
        KeyStore keyStore;
        int i10 = 0;
        while (true) {
            try {
                d("KeyStore access retry " + i10);
                keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
            } catch (Exception e10) {
                d("KeyStore access retry " + i10 + ": Exception thrown (" + e10.getMessage() + ')');
                Thread.sleep(100L);
                if (i10 >= 2) {
                    throw new AndroidKeyStoreException(e10.getMessage());
                }
                if (i10 == 2) {
                    return null;
                }
                i10++;
            }
        }
        return keyStore;
    }

    public final synchronized KeyPair g(String str) {
        int securityLevel;
        int securityLevel2;
        d("KeyStore access: getKeyPair()");
        KeyStore f10 = f();
        if (f10 == null) {
            throw new AndroidKeyStoreException("KeyStore Access failed");
        }
        if (!f10.containsAlias(str)) {
            KeyGenParameterSpec build = e(str).build();
            Intrinsics.checkNotNullExpressionValue(build, "getKeyGenSpecBuilder(alias).build()");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Intrinsics.checkNotNullExpressionValue(generateKeyPair, "keyPairGenerator.generateKeyPair()");
            return generateKeyPair;
        }
        Key key = f10.getKey(str, null);
        Intrinsics.checkNotNull(key, "null cannot be cast to non-null type java.security.PrivateKey");
        PrivateKey privateKey = (PrivateKey) key;
        PublicKey publicKey = f10.getCertificate(str).getPublicKey();
        if (Build.VERSION.SDK_INT >= 31) {
            KeySpec keySpec = KeyFactory.getInstance(privateKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(privateKey, KeyInfo.class);
            Intrinsics.checkNotNullExpressionValue(keySpec, "keyFactory.getKeySpec(pr…Key, KeyInfo::class.java)");
            KeyInfo keyInfo = (KeyInfo) keySpec;
            StringBuilder sb2 = new StringBuilder("SecurityLevel: ");
            securityLevel = keyInfo.getSecurityLevel();
            sb2.append(securityLevel);
            d(sb2.toString());
            securityLevel2 = keyInfo.getSecurityLevel();
            this.f26535a = securityLevel2;
        }
        return new KeyPair(publicKey, privateKey);
    }

    public final synchronized SecretKey h() {
        SecretKey secretKey;
        d("KeyStore access: secretKey()");
        KeyStore f10 = f();
        if (f10 == null) {
            throw new AndroidKeyStoreException("KeyStore Access failed");
        }
        KeyStore.Entry entry = f10.getEntry("moticsAlias", null);
        Intrinsics.checkNotNull(entry, "null cannot be cast to non-null type java.security.KeyStore.SecretKeyEntry");
        secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
        Intrinsics.checkNotNullExpressionValue(secretKey, "secretKeyEntry.secretKey");
        return secretKey;
    }

    public final synchronized void i(String alias) {
        Intrinsics.checkNotNullParameter(alias, "alias");
        try {
            d("KeyStore access: removeAlias()");
            KeyStore f10 = f();
            if (f10 == null) {
                throw new AndroidKeyStoreException("KeyStore Access failed");
            }
            f10.deleteEntry(alias);
        } catch (Exception e10) {
            throw new AndroidKeyStoreException(e10.getMessage());
        }
    }
}
