package u9;

import J4.AbstractC0430c;
import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import com.huawei.wisesecurity.ucs.credential.Credential;
import com.huawei.wisesecurity.ucs.credential.CredentialClient;
import com.huawei.wisesecurity.ucs.credential.entity.ErrorBody;
import com.huawei.wisesecurity.ucs.credential.nativelib.UcsLib;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkCapability;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkResponse;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.util.List;
import n9.AbstractC1863c;
import org.json.JSONException;
import org.json.JSONObject;
import q9.C2082b;
import t9.AbstractC2248a;

/* renamed from: u9.e, reason: case insensitive filesystem */
/* loaded from: classes2.dex */
public final class C2338e extends AbstractC2336c {
    public C2338e(CredentialClient credentialClient, Context context, NetworkCapability networkCapability) {
        super(credentialClient, context, networkCapability);
        if (AbstractC2248a.e(context).getInt("ucs_keystore_sp_key_t", -1) != -1) {
            AbstractC1863c.q("KeyStoreManager", "keyStoreRootKey status already init", new Object[0]);
        } else if (Build.VERSION.SDK_INT >= 24) {
            AbstractC2248a.e(context).edit().putInt("ucs_keystore_sp_key_t", 1).apply();
        } else {
            AbstractC2248a.e(context).edit().putInt("ucs_keystore_sp_key_t", 0).apply();
        }
        if (AbstractC2248a.e(context).getInt("ucs_keystore_sp_key_t", -1) == 1) {
            return;
        }
        AbstractC1863c.h("KeyStoreHandler", " keyStoreCertificateChain is off.", new Object[0]);
        throw new C2082b(1022L, " keyStoreCertificateChain is off.");
    }

    @Override // u9.AbstractC2336c
    public final Credential a(String str) {
        try {
            if (Integer.parseInt(new JSONObject(str).getString("expire")) == 0) {
                return this.f27576g.genCredentialFromString(str);
            }
            throw new C2082b(1017L, "unenable expire.");
        } catch (NumberFormatException e2) {
            throw new C2082b(2001L, "parse TSMS resp expire error : " + e2.getMessage());
        } catch (JSONException e10) {
            throw new C2082b(1002L, "parse TSMS resp get json error : " + e10.getMessage());
        }
    }

    @Override // u9.AbstractC2336c
    public final String c() {
        KeyGenParameterSpec.Builder attestationChallenge;
        byte[] sign;
        f0.a.o();
        try {
            if (f0.a.f21805c.containsAlias("ucs_alias_rootKey")) {
                AbstractC1863c.q("KeyStoreManager", "the alias exists", new Object[0]);
            } else {
                try {
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                    attestationChallenge = new KeyGenParameterSpec.Builder("ucs_alias_rootKey", 15).setDigests("SHA-256", "SHA-512").setKeySize(3072).setAttestationChallenge("AndroidKeyStore".getBytes(StandardCharsets.UTF_8));
                    keyPairGenerator.initialize(attestationChallenge.setSignaturePaddings("PSS").setEncryptionPaddings("OAEPPadding").build());
                    keyPairGenerator.generateKeyPair();
                    AbstractC1863c.q("KeyStoreManager", "generateKeyPair OK", new Object[0]);
                } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e2) {
                    AbstractC1863c.h("KeyStoreManager", "generateKeyPair failed, " + e2.getMessage(), new Object[0]);
                    throw new C2082b(1022L, "generateKeyPair failed , exception " + e2.getMessage());
                }
            }
            try {
                Certificate[] certificateChain = f0.a.f21805c.getCertificateChain("ucs_alias_rootKey");
                Tb.e eVar = new Tb.e(7);
                eVar.f11383b = "PS256";
                eVar.f11384c = "AndroidKS";
                eVar.f11385d = certificateChain;
                String eVar2 = eVar.toString();
                List<String> pkgNameCertFP = UcsLib.getPkgNameCertFP(this.f27571b);
                String str = this.f27574e;
                String str2 = this.f27573d;
                String str3 = pkgNameCertFP.get(0);
                String str4 = pkgNameCertFP.get(1);
                O6.c cVar = new O6.c();
                cVar.f9946b = 2;
                cVar.f9947c = 1;
                cVar.f9948d = str;
                cVar.f9950f = str2;
                cVar.f9949e = 1;
                cVar.f9951g = str3;
                cVar.h = str4;
                String cVar2 = cVar.toString();
                if (TextUtils.isEmpty(eVar2) || TextUtils.isEmpty(cVar2)) {
                    throw new C2082b(1006L, "Get signStr error");
                }
                String B3 = AbstractC0430c.B(eVar2, ".", cVar2);
                synchronized (f0.a.f21806d) {
                    try {
                        Signature signature = Signature.getInstance("SHA256withRSA/PSS");
                        signature.initSign(f0.a.n());
                        signature.update(B3.getBytes(StandardCharsets.UTF_8));
                        sign = signature.sign();
                    } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e10) {
                        AbstractC1863c.h("KeyStoreManager", "doSign failed, " + e10.getMessage(), new Object[0]);
                        throw new C2082b(1022L, "doSign failed , exception " + e10.getMessage());
                    }
                }
                String f5 = Q3.c.f(10, sign);
                if (TextUtils.isEmpty(eVar2) || TextUtils.isEmpty(cVar2) || TextUtils.isEmpty(f5)) {
                    throw new C2082b(1006L, "get credential JWS is empty...");
                }
                StringBuilder sb2 = new StringBuilder();
                if (TextUtils.isEmpty(eVar2) || TextUtils.isEmpty(cVar2)) {
                    throw new C2082b(1006L, "Get signStr error");
                }
                sb2.append(eVar2 + "." + cVar2);
                sb2.append(".");
                sb2.append(f5);
                return sb2.toString();
            } catch (KeyStoreException e11) {
                AbstractC1863c.h("KeyStoreManager", "getCertificateChain failed, " + e11.getMessage(), new Object[0]);
                throw new C2082b(1022L, "getCertificateChain failed , exception " + e11.getMessage());
            }
        } catch (KeyStoreException e12) {
            AbstractC1863c.h("KeyStoreManager", "containsAlias failed, " + e12.getMessage(), new Object[0]);
            throw new C2082b(1022L, "containsAlias failed , exception " + e12.getMessage());
        }
    }

    @Override // u9.AbstractC2336c
    public final String d(NetworkResponse networkResponse) {
        if (networkResponse.isSuccessful()) {
            return networkResponse.getBody();
        }
        ErrorBody fromString = ErrorBody.fromString(networkResponse.getBody());
        String str = "tsms service error, " + fromString.getErrorMessage();
        AbstractC1863c.h("KeyStoreHandler", str, new Object[0]);
        String errorCode = fromString.getErrorCode();
        if ("tsms.1018".equalsIgnoreCase(errorCode) || "tsms.1019".equalsIgnoreCase(errorCode)) {
            AbstractC2248a.e(this.f27571b).edit().putInt("ucs_keystore_sp_key_t", 0).apply();
            AbstractC1863c.q("KeyStoreHandler", "turn off androidkeystore CertificateChain", new Object[0]);
        }
        throw new C2082b(1024L, str);
    }
}
