package cm;

import android.annotation.SuppressLint;
import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import com.ccpp.pgw.sdk.android.model.Constants;
import com.huawei.wisesecurity.ucs.credential.Credential;
import com.huawei.wisesecurity.ucs.credential.CredentialClient;
import com.huawei.wisesecurity.ucs.credential.entity.ErrorBody;
import com.huawei.wisesecurity.ucs.credential.nativelib.UcsLib;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkCapability;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkResponse;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.util.List;
import org.json.JSONException;
import org.json.JSONObject;
import y6.u2;

/* loaded from: classes2.dex */
public final class f extends d {
    public f(CredentialClient credentialClient, Context context, NetworkCapability networkCapability) throws yl.c {
        super(credentialClient, context, networkCapability);
        KeyStore keyStore = e.f4752a;
        if (bm.b.b("ucs_keystore_sp_key_t", context) == -1) {
            bm.b.d("ucs_keystore_sp_key_t", 1, context);
        } else {
            xn.c.e("KeyStoreManager", "keyStoreRootKey status already init", new Object[0]);
        }
        if (bm.b.b("ucs_keystore_sp_key_t", context) == 1) {
            return;
        }
        xn.c.b("KeyStoreHandler", " keyStoreCertificateChain is off.", new Object[0]);
        throw new yl.c(1022L, " keyStoreCertificateChain is off.");
    }

    @Override // cm.d
    public final Credential a(String str) throws yl.c {
        try {
            if (Integer.parseInt(new JSONObject(str).getString(Constants.JSON_NAME_EXPIRE)) == 0) {
                return this.f4751g.genCredentialFromString(str);
            }
            throw new yl.c(1017L, "unenable expire.");
        } catch (NumberFormatException e10) {
            StringBuilder b10 = android.support.v4.media.d.b("parse TSMS resp expire error : ");
            b10.append(e10.getMessage());
            throw new yl.c(2001L, b10.toString());
        } catch (JSONException e11) {
            StringBuilder b11 = android.support.v4.media.d.b("parse TSMS resp get json error : ");
            b11.append(e11.getMessage());
            throw new yl.c(1002L, b11.toString());
        }
    }

    @Override // cm.d
    @SuppressLint({"NewApi"})
    public final String c() throws yl.c {
        byte[] sign;
        e.b();
        e eVar = e.f4753b;
        try {
            if (e.f4752a.containsAlias("ucs_alias_rootKey")) {
                xn.c.e("KeyStoreManager", "the alias exists", new Object[0]);
            } else {
                try {
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                    keyPairGenerator.initialize(new KeyGenParameterSpec.Builder("ucs_alias_rootKey", 15).setDigests("SHA-256", "SHA-512").setKeySize(3072).setAttestationChallenge("AndroidKeyStore".getBytes(StandardCharsets.UTF_8)).setSignaturePaddings("PSS").setEncryptionPaddings("OAEPPadding").build());
                    keyPairGenerator.generateKeyPair();
                    xn.c.e("KeyStoreManager", "generateKeyPair OK", new Object[0]);
                } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e10) {
                    StringBuilder b10 = android.support.v4.media.d.b("generateKeyPair failed, ");
                    b10.append(e10.getMessage());
                    xn.c.b("KeyStoreManager", b10.toString(), new Object[0]);
                    StringBuilder b11 = android.support.v4.media.d.b("generateKeyPair failed , exception ");
                    b11.append(e10.getMessage());
                    throw new yl.d(b11.toString());
                }
            }
            try {
                String u2Var = new u2(e.f4752a.getCertificateChain("ucs_alias_rootKey")).toString();
                List<String> pkgNameCertFP = UcsLib.getPkgNameCertFP(this.f4746b);
                String wVar = new w(this.f4749e, this.f4748d, pkgNameCertFP.get(0), pkgNameCertFP.get(1)).toString();
                if (TextUtils.isEmpty(u2Var) || TextUtils.isEmpty(wVar)) {
                    throw new yl.c(1006L, "Get signStr error");
                }
                String c10 = android.support.v4.media.b.c(u2Var, ".", wVar);
                synchronized (e.f4754c) {
                    try {
                        Signature signature = Signature.getInstance("SHA256withRSA/PSS");
                        signature.initSign(eVar.a());
                        signature.update(c10.getBytes(StandardCharsets.UTF_8));
                        sign = signature.sign();
                    } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e11) {
                        xn.c.b("KeyStoreManager", "doSign failed, " + e11.getMessage(), new Object[0]);
                        throw new yl.d("doSign failed , exception " + e11.getMessage());
                    }
                }
                String c11 = bm.c.c(sign, 10);
                if (TextUtils.isEmpty(u2Var) || TextUtils.isEmpty(wVar) || TextUtils.isEmpty(c11)) {
                    throw new yl.c(1006L, "get credential JWS is empty...");
                }
                StringBuilder sb2 = new StringBuilder();
                if (TextUtils.isEmpty(u2Var) || TextUtils.isEmpty(wVar)) {
                    throw new yl.c(1006L, "Get signStr error");
                }
                sb2.append(u2Var + "." + wVar);
                sb2.append(".");
                sb2.append(c11);
                return sb2.toString();
            } catch (KeyStoreException e12) {
                StringBuilder b12 = android.support.v4.media.d.b("getCertificateChain failed, ");
                b12.append(e12.getMessage());
                xn.c.b("KeyStoreManager", b12.toString(), new Object[0]);
                StringBuilder b13 = android.support.v4.media.d.b("getCertificateChain failed , exception ");
                b13.append(e12.getMessage());
                throw new yl.d(b13.toString());
            }
        } catch (KeyStoreException e13) {
            StringBuilder b14 = android.support.v4.media.d.b("containsAlias failed, ");
            b14.append(e13.getMessage());
            xn.c.b("KeyStoreManager", b14.toString(), new Object[0]);
            StringBuilder b15 = android.support.v4.media.d.b("containsAlias failed , exception ");
            b15.append(e13.getMessage());
            throw new yl.d(b15.toString());
        }
    }

    @Override // cm.d
    public final String d(NetworkResponse networkResponse) throws yl.c {
        if (networkResponse.isSuccessful()) {
            return networkResponse.getBody();
        }
        ErrorBody fromString = ErrorBody.fromString(networkResponse.getBody());
        StringBuilder b10 = android.support.v4.media.d.b("tsms service error, ");
        b10.append(fromString.getErrorMessage());
        String sb2 = b10.toString();
        xn.c.b("KeyStoreHandler", sb2, new Object[0]);
        String errorCode = fromString.getErrorCode();
        if ("tsms.1018".equalsIgnoreCase(errorCode) || "tsms.1019".equalsIgnoreCase(errorCode)) {
            e.d(this.f4746b);
            xn.c.e("KeyStoreHandler", "turn off androidkeystore CertificateChain", new Object[0]);
        }
        throw new yl.c(1024L, sb2);
    }
}
