package pc;

import android.annotation.SuppressLint;
import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import ch.qos.logback.core.util.FileSize;
import com.huawei.wisesecurity.ucs.credential.Credential;
import com.huawei.wisesecurity.ucs.credential.CredentialClient;
import com.huawei.wisesecurity.ucs.credential.entity.ErrorBody;
import com.huawei.wisesecurity.ucs.credential.nativelib.UcsLib;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkCapability;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkResponse;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.util.List;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public final class q extends d {
    public q(CredentialClient credentialClient, Context context, NetworkCapability networkCapability) throws lc.b {
        super(credentialClient, context, networkCapability);
        KeyStore keyStore = r.f12697a;
        if (oc.b.a(context).getInt("ucs_keystore_sp_key_t", -1) == -1) {
            oc.b.a(context).edit().putInt("ucs_keystore_sp_key_t", 1).apply();
        } else {
            mc.b.e("KeyStoreManager", "keyStoreRootKey status already init", new Object[0]);
        }
        if (!(oc.b.a(context).getInt("ucs_keystore_sp_key_t", -1) == 1)) {
            throw a.a.k("KeyStoreHandler", " keyStoreCertificateChain is off.", new Object[0], 1022L, " keyStoreCertificateChain is off.");
        }
    }

    @Override // pc.d
    public final Credential a(String str) throws lc.b {
        try {
            if (Integer.parseInt(new JSONObject(str).getString("expire")) == 0) {
                return this.f12678g.genCredentialFromString(str);
            }
            throw new lc.b(1017L, "unenable expire.");
        } catch (NumberFormatException e5) {
            StringBuilder g10 = ba.e.g("parse TSMS resp expire error : ");
            g10.append(e5.getMessage());
            throw new lc.b(2001L, g10.toString());
        } catch (JSONException e10) {
            StringBuilder g11 = ba.e.g("parse TSMS resp get json error : ");
            g11.append(e10.getMessage());
            throw new lc.b(1002L, g11.toString());
        }
    }

    @Override // pc.d
    @SuppressLint({"NewApi"})
    public final String c() throws lc.b {
        String str;
        byte[] sign;
        r.b();
        KeyStore keyStore = r.f12697a;
        try {
            if (r.f12697a.containsAlias("ucs_alias_rootKey")) {
                mc.b.e("KeyStoreManager", "the alias exists", new Object[0]);
            } else {
                try {
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                    keyPairGenerator.initialize(new KeyGenParameterSpec.Builder("ucs_alias_rootKey", 15).setDigests("SHA-256", "SHA-512").setKeySize(3072).setAttestationChallenge("AndroidKeyStore".getBytes(StandardCharsets.UTF_8)).setSignaturePaddings("PSS").setEncryptionPaddings("OAEPPadding").build());
                    keyPairGenerator.generateKeyPair();
                    mc.b.e("KeyStoreManager", "generateKeyPair OK", new Object[0]);
                } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e5) {
                    StringBuilder g10 = ba.e.g("generateKeyPair failed, ");
                    g10.append(e5.getMessage());
                    mc.b.b("KeyStoreManager", g10.toString(), new Object[0]);
                    StringBuilder g11 = ba.e.g("generateKeyPair failed , exception ");
                    g11.append(e5.getMessage());
                    throw new lc.c(g11.toString());
                }
            }
            try {
                String qVar = new q1.q(r.f12697a.getCertificateChain("ucs_alias_rootKey")).toString();
                List<String> pkgNameCertFP = UcsLib.getPkgNameCertFP(this.f12673b);
                String str2 = this.f12676e;
                String str3 = this.f12675d;
                String str4 = pkgNameCertFP.get(0);
                String str5 = pkgNameCertFP.get(1);
                try {
                    JSONObject jSONObject = new JSONObject();
                    jSONObject.put("alg", 2);
                    jSONObject.put("kekAlg", 1);
                    jSONObject.put("packageName", str2);
                    jSONObject.put("appId", str3);
                    jSONObject.put("akskVersion", 1);
                    jSONObject.put("appPkgName", str4);
                    jSONObject.put("appCertFP", str5);
                    str = oc.c.b(jSONObject.toString().getBytes(StandardCharsets.UTF_8), 10);
                } catch (lc.b | JSONException e10) {
                    mc.b.b("CredentialJws", "generate payload exception: {0}", e10.getMessage());
                    str = "";
                }
                if (TextUtils.isEmpty(qVar) || TextUtils.isEmpty(str)) {
                    throw new lc.b(1006L, "Get signStr error");
                }
                String q10 = android.support.v4.media.a.q(qVar, ".", str);
                synchronized (r.f12698b) {
                    try {
                        Signature signature = Signature.getInstance("SHA256withRSA/PSS");
                        signature.initSign(r.a());
                        signature.update(q10.getBytes(StandardCharsets.UTF_8));
                        sign = signature.sign();
                    } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e11) {
                        mc.b.b("KeyStoreManager", "doSign failed, " + e11.getMessage(), new Object[0]);
                        throw new lc.c("doSign failed , exception " + e11.getMessage());
                    }
                }
                String b10 = oc.c.b(sign, 10);
                if (TextUtils.isEmpty(qVar) || TextUtils.isEmpty(str) || TextUtils.isEmpty(b10)) {
                    throw new lc.b(1006L, "get credential JWS is empty...");
                }
                StringBuilder sb2 = new StringBuilder();
                if (TextUtils.isEmpty(qVar) || TextUtils.isEmpty(str)) {
                    throw new lc.b(1006L, "Get signStr error");
                }
                sb2.append(qVar + "." + str);
                sb2.append(".");
                sb2.append(b10);
                return sb2.toString();
            } catch (KeyStoreException e12) {
                StringBuilder g12 = ba.e.g("getCertificateChain failed, ");
                g12.append(e12.getMessage());
                mc.b.b("KeyStoreManager", g12.toString(), new Object[0]);
                StringBuilder g13 = ba.e.g("getCertificateChain failed , exception ");
                g13.append(e12.getMessage());
                throw new lc.c(g13.toString());
            }
        } catch (KeyStoreException e13) {
            StringBuilder g14 = ba.e.g("containsAlias failed, ");
            g14.append(e13.getMessage());
            mc.b.b("KeyStoreManager", g14.toString(), new Object[0]);
            StringBuilder g15 = ba.e.g("containsAlias failed , exception ");
            g15.append(e13.getMessage());
            throw new lc.c(g15.toString());
        }
    }

    @Override // pc.d
    public final String d(NetworkResponse networkResponse) throws lc.b {
        boolean isSuccessful = networkResponse.isSuccessful();
        String body = networkResponse.getBody();
        if (isSuccessful) {
            return body;
        }
        ErrorBody fromString = ErrorBody.fromString(body);
        StringBuilder g10 = ba.e.g("tsms service error, ");
        g10.append(fromString.getErrorMessage());
        String sb2 = g10.toString();
        mc.b.b("KeyStoreHandler", sb2, new Object[0]);
        String errorCode = fromString.getErrorCode();
        if ("tsms.1018".equalsIgnoreCase(errorCode) || "tsms.1019".equalsIgnoreCase(errorCode)) {
            KeyStore keyStore = r.f12697a;
            oc.b.a(this.f12673b).edit().putInt("ucs_keystore_sp_key_t", 0).apply();
            mc.b.e("KeyStoreHandler", "turn off androidkeystore CertificateChain", new Object[0]);
        }
        throw new lc.b(FileSize.KB_COEFFICIENT, sb2);
    }
}
