package j7;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import ch.qos.logback.core.util.FileSize;
import com.huawei.wisesecurity.ucs.credential.Credential;
import com.huawei.wisesecurity.ucs.credential.CredentialClient;
import com.huawei.wisesecurity.ucs.credential.entity.ErrorBody;
import com.huawei.wisesecurity.ucs.credential.nativelib.UcsLib;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkCapability;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkResponse;
import g7.AbstractC1439b;
import i7.AbstractC1538c;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.util.List;
import org.json.JSONException;
import org.json.JSONObject;

/* renamed from: j7.A, reason: case insensitive filesystem */
/* loaded from: classes2.dex */
public class C1890A extends AbstractC1900d {
    public C1890A(CredentialClient credentialClient, Context context, NetworkCapability networkCapability) {
        super(credentialClient, context, networkCapability);
        C1891B.e(context);
        if (!C1891B.c(context)) {
            throw k.a("KeyStoreHandler", " keyStoreCertificateChain is off.", new Object[0], 1022L, " keyStoreCertificateChain is off.");
        }
    }

    @Override // j7.AbstractC1900d
    public Credential a(String str) {
        try {
            if (Integer.parseInt(new JSONObject(str).getString("expire")) == 0) {
                return this.f20244g.genCredentialFromString(str);
            }
            throw new f7.c(1017L, "unenable expire.");
        } catch (NumberFormatException e10) {
            StringBuilder a10 = AbstractC1905i.a("parse TSMS resp expire error : ");
            a10.append(e10.getMessage());
            throw new f7.c(2001L, a10.toString());
        } catch (JSONException e11) {
            StringBuilder a11 = AbstractC1905i.a("parse TSMS resp get json error : ");
            a11.append(e11.getMessage());
            throw new f7.c(1002L, a11.toString());
        }
    }

    @Override // j7.AbstractC1900d
    public String c() {
        KeyGenParameterSpec.Builder digests;
        KeyGenParameterSpec.Builder keySize;
        KeyGenParameterSpec.Builder attestationChallenge;
        KeyGenParameterSpec.Builder signaturePaddings;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec build;
        String str;
        byte[] sign;
        C1891B.a();
        C1891B c1891b = C1891B.f20229b;
        try {
            if (C1891B.f20228a.containsAlias("ucs_alias_rootKey")) {
                AbstractC1439b.e("KeyStoreManager", "the alias exists", new Object[0]);
            } else {
                try {
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                    com.google.android.gms.internal.p002firebaseauthapi.h.a();
                    digests = com.google.android.gms.internal.p002firebaseauthapi.g.a("ucs_alias_rootKey", 15).setDigests("SHA-256", "SHA-512");
                    keySize = digests.setKeySize(3072);
                    attestationChallenge = keySize.setAttestationChallenge("AndroidKeyStore".getBytes(StandardCharsets.UTF_8));
                    signaturePaddings = attestationChallenge.setSignaturePaddings("PSS");
                    encryptionPaddings = signaturePaddings.setEncryptionPaddings("OAEPPadding");
                    build = encryptionPaddings.build();
                    keyPairGenerator.initialize(build);
                    keyPairGenerator.generateKeyPair();
                    AbstractC1439b.e("KeyStoreManager", "generateKeyPair OK", new Object[0]);
                } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e10) {
                    StringBuilder a10 = AbstractC1905i.a("generateKeyPair failed, ");
                    a10.append(e10.getMessage());
                    AbstractC1439b.b("KeyStoreManager", a10.toString(), new Object[0]);
                    StringBuilder a11 = AbstractC1905i.a("generateKeyPair failed , exception ");
                    a11.append(e10.getMessage());
                    throw new f7.d(1022L, a11.toString());
                }
            }
            try {
                String mVar = new m("PS256", C1891B.f20228a.getCertificateChain("ucs_alias_rootKey"), "AndroidKS").toString();
                List<String> pkgNameCertFP = UcsLib.getPkgNameCertFP(this.f20239b);
                String str2 = this.f20242e;
                String str3 = this.f20241d;
                String str4 = pkgNameCertFP.get(0);
                String str5 = pkgNameCertFP.get(1);
                try {
                    JSONObject jSONObject = new JSONObject();
                    jSONObject.put("alg", 2);
                    jSONObject.put("kekAlg", 1);
                    jSONObject.put("packageName", str2);
                    jSONObject.put("appId", str3);
                    jSONObject.put("akskVersion", 1);
                    jSONObject.put("appPkgName", str4);
                    jSONObject.put("appCertFP", str5);
                    str = AbstractC1538c.c(jSONObject.toString().getBytes(StandardCharsets.UTF_8), 10);
                } catch (f7.c | JSONException e11) {
                    AbstractC1439b.b("CredentialJws", "generate payload exception: {0}", e11.getMessage());
                    str = "";
                }
                if (TextUtils.isEmpty(mVar) || TextUtils.isEmpty(str)) {
                    throw new f7.c(1006L, "Get signStr error");
                }
                String str6 = mVar + "." + str;
                synchronized (C1891B.f20230c) {
                    try {
                        Signature signature = Signature.getInstance("SHA256withRSA/PSS");
                        signature.initSign(c1891b.b("ucs_alias_rootKey"));
                        signature.update(str6.getBytes(StandardCharsets.UTF_8));
                        sign = signature.sign();
                    } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e12) {
                        AbstractC1439b.b("KeyStoreManager", "doSign failed, " + e12.getMessage(), new Object[0]);
                        throw new f7.d(1022L, "doSign failed , exception " + e12.getMessage());
                    }
                }
                String c10 = AbstractC1538c.c(sign, 10);
                if (TextUtils.isEmpty(mVar) || TextUtils.isEmpty(str) || TextUtils.isEmpty(c10)) {
                    throw new f7.c(1006L, "get credential JWS is empty...");
                }
                StringBuilder sb = new StringBuilder();
                if (TextUtils.isEmpty(mVar) || TextUtils.isEmpty(str)) {
                    throw new f7.c(1006L, "Get signStr error");
                }
                sb.append(mVar + "." + str);
                sb.append(".");
                sb.append(c10);
                return sb.toString();
            } catch (KeyStoreException e13) {
                StringBuilder a12 = AbstractC1905i.a("getCertificateChain failed, ");
                a12.append(e13.getMessage());
                AbstractC1439b.b("KeyStoreManager", a12.toString(), new Object[0]);
                StringBuilder a13 = AbstractC1905i.a("getCertificateChain failed , exception ");
                a13.append(e13.getMessage());
                throw new f7.d(1022L, a13.toString());
            }
        } catch (KeyStoreException e14) {
            StringBuilder a14 = AbstractC1905i.a("containsAlias failed, ");
            a14.append(e14.getMessage());
            AbstractC1439b.b("KeyStoreManager", a14.toString(), new Object[0]);
            StringBuilder a15 = AbstractC1905i.a("containsAlias failed , exception ");
            a15.append(e14.getMessage());
            throw new f7.d(1022L, a15.toString());
        }
    }

    @Override // j7.AbstractC1900d
    public String d(NetworkResponse networkResponse) {
        if (networkResponse.isSuccessful()) {
            return networkResponse.getBody();
        }
        ErrorBody fromString = ErrorBody.fromString(networkResponse.getBody());
        StringBuilder a10 = AbstractC1905i.a("tsms service error, ");
        a10.append(fromString.getErrorMessage());
        String sb = a10.toString();
        AbstractC1439b.b("KeyStoreHandler", sb, new Object[0]);
        String errorCode = fromString.getErrorCode();
        if ("tsms.1018".equalsIgnoreCase(errorCode) || "tsms.1019".equalsIgnoreCase(errorCode)) {
            C1891B.f(this.f20239b);
            AbstractC1439b.e("KeyStoreHandler", "turn off androidkeystore CertificateChain", new Object[0]);
        }
        throw new f7.c(FileSize.KB_COEFFICIENT, sb);
    }
}
