package com.huawei.wisesecurity.ucs_credential;

import android.content.Context;
import android.text.TextUtils;
import com.huawei.wisesecurity.kfs.crypto.key.KeyGenerateParam;
import com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager;
import com.huawei.wisesecurity.kfs.crypto.key.KfsKeyPurpose;
import com.huawei.wisesecurity.kfs.crypto.key.RSAKeyStoreKeyManager;
import com.huawei.wisesecurity.kfs.crypto.signer.KfsSigner;
import com.huawei.wisesecurity.kfs.crypto.signer.SignAlg;
import com.huawei.wisesecurity.kfs.crypto.signer.rsa.RSASigner;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.ucs.common.exception.UcsException;
import com.huawei.wisesecurity.ucs.common.exception.UcsKeyStoreException;
import com.huawei.wisesecurity.ucs.common.log.LogUcs;
import com.huawei.wisesecurity.ucs.common.utils.SpUtil;
import com.huawei.wisesecurity.ucs.common.utils.StringUtil;
import com.huawei.wisesecurity.ucs.credential.Credential;
import com.huawei.wisesecurity.ucs.credential.entity.ErrorBody;
import com.huawei.wisesecurity.ucs.credential.nativelib.UcsLib;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkResponse;
import java.nio.charset.StandardCharsets;
import java.security.cert.Certificate;
import java.util.List;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class a0 extends b {
    @Override // com.huawei.wisesecurity.ucs_credential.b
    public final Credential a(String str) {
        try {
            if (Integer.parseInt(new JSONObject(str).getString("expire")) == 0) {
                return this.g.genCredentialFromString(str);
            }
            throw new UcsException(1017L, "unenable expire.");
        } catch (NumberFormatException e) {
            StringBuilder a = f.a("parse TSMS resp expire error : ");
            a.append(e.getMessage());
            throw new UcsException(2001L, a.toString());
        } catch (JSONException e2) {
            StringBuilder a2 = f.a("parse TSMS resp get json error : ");
            a2.append(e2.getMessage());
            throw new UcsException(1002L, a2.toString());
        }
    }

    @Override // com.huawei.wisesecurity.ucs_credential.b
    public final Credential c(String str, String str2, String str3, String str4, d dVar) {
        try {
            LogUcs.e("KeyStoreHandler", "applyCredential use KeyStoreHandler.", new Object[0]);
            return b(str, str2, str3, str4);
        } catch (Throwable th) {
            StringBuilder a = f.a("applyCredential use KeyStoreHandler get exception: ");
            a.append(th.getMessage());
            LogUcs.b("KeyStoreHandler", a.toString(), new Object[0]);
            return dVar.a(0, str, str2, str3, str4, dVar);
        }
    }

    @Override // com.huawei.wisesecurity.ucs_credential.b
    public final String d(NetworkResponse networkResponse) {
        if (networkResponse.isSuccessful()) {
            return networkResponse.getBody();
        }
        ErrorBody fromString = ErrorBody.fromString(networkResponse.getBody());
        StringBuilder a = f.a("tsms service error, ");
        a.append(fromString.getErrorMessage());
        String sb = a.toString();
        LogUcs.b("KeyStoreHandler", sb, new Object[0]);
        if (b.g(fromString.getErrorCode())) {
            SpUtil.b(this.f6754b, 0, "ucs_keystore_sp_key_t");
            LogUcs.e("KeyStoreHandler", "turn off android keystore CertificateChain", new Object[0]);
        }
        throw new UcsException(1024L, sb);
    }

    @Override // com.huawei.wisesecurity.ucs_credential.b
    public final void e() {
        if (SpUtil.a(this.f6754b).getInt("ucs_keystore_sp_key_t", -1) == 0) {
            throw h.a("KeyStoreHandler", "keyStoreCertificateChain is off. not support keyStore RSA.", new Object[0], 1022L, "keyStoreCertificateChain is off. not support keyStore RSA.");
        }
    }

    /* JADX WARN: Type inference failed for: r2v25, types: [com.huawei.wisesecurity.kfs.crypto.key.RSAKeyStoreKeyManager, com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager] */
    /* JADX WARN: Type inference failed for: r4v9, types: [com.huawei.wisesecurity.ucs_credential.j, java.lang.Object] */
    @Override // com.huawei.wisesecurity.ucs_credential.b
    public final String f() {
        String str;
        byte[] sign;
        RSAKeyStoreKeyManager rSAKeyStoreKeyManager = p0.a;
        p0 p0Var = p0.f6761b;
        if (rSAKeyStoreKeyManager == null) {
            p0.a = new KeyStoreKeyManager();
        }
        try {
            if (p0.a.e("ucs_alias_rootKey")) {
                LogUcs.e("KeyStoreManager", "the alias exists", new Object[0]);
            } else {
                try {
                    p0.a.a(new KeyGenerateParam("ucs_alias_rootKey", 3072, KfsKeyPurpose.PURPOSE_ALL));
                    LogUcs.e("KeyStoreManager", "generateKeyPair OK", new Object[0]);
                } catch (KfsException e) {
                    StringBuilder a = f.a("generateKeyPair failed, ");
                    a.append(e.getMessage());
                    LogUcs.b("KeyStoreManager", a.toString(), new Object[0]);
                    StringBuilder a2 = f.a("generateKeyPair failed , exception ");
                    a2.append(e.getMessage());
                    throw new UcsKeyStoreException(a2.toString());
                }
            }
            try {
                Certificate[] c = p0.a.c("ucs_alias_rootKey");
                boolean a3 = c0.a(c);
                Context context = this.f6754b;
                if (a3) {
                    SpUtil.b(context, 0, "ucs_keystore_sp_key_t");
                    throw new UcsException(2001L, "android keystore RSA no support software attestation root.");
                }
                ?? obj = new Object();
                obj.a = c;
                String jVar = obj.toString();
                List<String> pkgNameCertFP = UcsLib.getPkgNameCertFP(context);
                String str2 = this.e;
                String str3 = this.d;
                String str4 = pkgNameCertFP.get(0);
                String str5 = pkgNameCertFP.get(1);
                try {
                    JSONObject jSONObject = new JSONObject();
                    jSONObject.put("alg", 2);
                    jSONObject.put("kekAlg", 1);
                    jSONObject.put("packageName", str2);
                    jSONObject.put("appId", str3);
                    jSONObject.put("akskVersion", 1);
                    jSONObject.put("appPkgName", str4);
                    jSONObject.put("appCertFP", str5);
                    str = StringUtil.c(10, jSONObject.toString().getBytes(StandardCharsets.UTF_8));
                } catch (UcsException | JSONException e2) {
                    LogUcs.b("CredentialJws", "generate payload exception: {0}", e2.getMessage());
                    str = "";
                }
                if (TextUtils.isEmpty(jVar) || TextUtils.isEmpty(str)) {
                    throw new UcsException(1006L, "Get signStr error");
                }
                String str6 = jVar + "." + str;
                p0Var.getClass();
                synchronized (p0.c) {
                    try {
                        RSASigner.Builder builder = new RSASigner.Builder(p0.a.f6712b);
                        builder.d = SignAlg.RSA_SHA256_PSS;
                        builder.a("ucs_alias_rootKey");
                        sign = ((KfsSigner) builder.b()).getSignHandler().from(str6).sign();
                    } catch (KfsException e3) {
                        LogUcs.b("KeyStoreManager", "doSign failed, " + e3.getMessage(), new Object[0]);
                        throw new UcsKeyStoreException("doSign failed , exception " + e3.getMessage());
                    }
                }
                String c2 = StringUtil.c(10, sign);
                if (TextUtils.isEmpty(jVar) || TextUtils.isEmpty(str) || TextUtils.isEmpty(c2)) {
                    throw new UcsException(1006L, "get credential JWS is empty...");
                }
                StringBuilder sb = new StringBuilder();
                if (TextUtils.isEmpty(jVar) || TextUtils.isEmpty(str)) {
                    throw new UcsException(1006L, "Get signStr error");
                }
                sb.append(jVar + "." + str);
                sb.append(".");
                sb.append(c2);
                return sb.toString();
            } catch (KfsException e4) {
                StringBuilder a4 = f.a("getCertificateChain failed, ");
                a4.append(e4.getMessage());
                LogUcs.b("KeyStoreManager", a4.toString(), new Object[0]);
                StringBuilder a5 = f.a("getCertificateChain failed , exception ");
                a5.append(e4.getMessage());
                throw new UcsKeyStoreException(a5.toString());
            }
        } catch (KfsException e5) {
            StringBuilder a6 = f.a("containsAlias failed, ");
            a6.append(e5.getMessage());
            LogUcs.b("KeyStoreManager", a6.toString(), new Object[0]);
            StringBuilder a7 = f.a("containsAlias failed , exception ");
            a7.append(e5.getMessage());
            throw new UcsKeyStoreException(a7.toString());
        }
    }
}
