package com.yandex.runtime.attestation_storage.internal;

import I5.AbstractC3820b;
import I5.d;
import I5.e;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.google.android.gms.tasks.Task;
import com.yandex.runtime.Runtime;
import com.yandex.runtime.attestation.EcPublicKey;
import com.yandex.runtime.logging.Logger;
import h5.InterfaceC9524f;
import h5.InterfaceC9525g;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;

/* loaded from: classes7.dex */
public class PlatformKeystoreImpl implements PlatformKeystore {
    private static final int CERTIFICATE_VALID_YEARS = 10;
    private static final String KEY_ALIAS_BASE = "MAPKIT_ATTESTED_KEY_";
    private String alias;
    private KeyStore keyStore;
    private KeyStore.PrivateKeyEntry privateKeyEntry;

    private PlatformKeystoreImpl(String str) throws IOException, CertificateException {
        this.alias = str;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            this.keyStore = keyStore;
            try {
                keyStore.load(null);
                if (hasEntry()) {
                    tryLoadEntry();
                }
            } catch (NoSuchAlgorithmException e10) {
                throw new IllegalStateException("Can't check the integrity of keystore: " + e10.getMessage());
            }
        } catch (KeyStoreException e11) {
            throw new IllegalStateException("No Android Key Store in the system: " + e11.getMessage());
        }
    }

    public static boolean attestationAvailable() {
        Provider provider = Security.getProvider("AndroidKeyStore");
        if (provider == null || provider.getService("KeyPairGenerator", "EC") == null || provider.getService("KeyFactory", "EC") == null || Security.getProviders("Signature.NONEwithECDSA").length == 0) {
            return false;
        }
        try {
            CertificateFactory.getInstance("X.509");
            return Security.getProviders("MessageDigest.SHA-256").length != 0;
        } catch (CertificateException unused) {
            return false;
        }
    }

    public static void cleanupUnusedKeys(String str) {
        StringBuilder sb2;
        String str2;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            try {
                keyStore.load(null);
                try {
                    Iterator it = Collections.list(keyStore.aliases()).iterator();
                    while (it.hasNext()) {
                        String str3 = (String) it.next();
                        if (str3.startsWith(KEY_ALIAS_BASE)) {
                            if (str != null) {
                                if (str3.equals(KEY_ALIAS_BASE + str)) {
                                }
                            }
                            keyStore.deleteEntry(str3);
                        }
                    }
                } catch (KeyStoreException e10) {
                    e = e10;
                    sb2 = new StringBuilder();
                    str2 = "Could not delete entry: ";
                    sb2.append(str2);
                    sb2.append(e.getMessage());
                    Logger.error(sb2.toString());
                }
            } catch (IOException e11) {
                e = e11;
                sb2 = new StringBuilder();
                str2 = "Could not load keystore for key cleanup. I/O error: ";
            } catch (NoSuchAlgorithmException e12) {
                e = e12;
                sb2 = new StringBuilder();
                str2 = "Could not load keystore for key cleanup. No such algorithm for checking keystore integrity: ";
            } catch (CertificateException e13) {
                e = e13;
                sb2 = new StringBuilder();
                str2 = "Could not load keystore for key cleanup. Could not load certificate: ";
            }
        } catch (KeyStoreException e14) {
            e = e14;
            sb2 = new StringBuilder();
            str2 = "Could not get keystore implementation for key cleanup: ";
        }
    }

    public static PlatformKeystore createKeystore(String str) {
        try {
            return new PlatformKeystoreImpl(KEY_ALIAS_BASE + str);
        } catch (IOException | CertificateException unused) {
            return null;
        }
    }

    private String createNonce(byte[] bArr) {
        try {
            byte[] certificateChain = getCertificateChain();
            if (certificateChain == null) {
                return null;
            }
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            messageDigest.update(certificateChain);
            return Base64.encodeToString(messageDigest.digest(), 10);
        } catch (NoSuchAlgorithmException e10) {
            throw new IllegalStateException("No SHA-256 algorithm in the environment: " + e10.getMessage());
        }
    }

    private byte[] getCertificateChain() {
        if (this.privateKeyEntry == null) {
            throw new IllegalStateException("Key entry is null. Generate key first.");
        }
        try {
            try {
                return CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(this.privateKeyEntry.getCertificateChain())).getEncoded();
            } catch (CertificateEncodingException | CertificateException unused) {
                return null;
            }
        } catch (CertificateException e10) {
            throw new IllegalStateException("X.509 is unsupported in the system: " + e10.getMessage());
        }
    }

    private boolean hasEntry() {
        try {
            return this.keyStore.containsAlias(this.alias);
        } catch (KeyStoreException e10) {
            throw new IllegalStateException("Keystore is not initialized: " + e10.getMessage());
        }
    }

    private void tryLoadEntry() {
        try {
            KeyStore.Entry entry = this.keyStore.getEntry(this.alias, null);
            if (entry == null) {
                return;
            }
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new IllegalStateException("Key entry is not an instance of a KeyStore.PrivateKeyEntry");
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            this.privateKeyEntry = privateKeyEntry;
            if (privateKeyEntry.getPrivateKey().getAlgorithm() != "EC") {
                removeKey();
            }
        } catch (KeyStoreException e10) {
            throw new IllegalStateException("Keystore has not been loaded: " + e10.getMessage());
        } catch (NoSuchAlgorithmException e11) {
            throw new IllegalStateException("No such algorithm in the environment: " + e11.getMessage());
        } catch (UnrecoverableEntryException e12) {
            throw new IllegalStateException("Entry is protected: " + e12.getMessage());
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public byte[] ecSign(byte[] bArr) {
        if (this.privateKeyEntry == null) {
            throw new IllegalStateException("Key entry is null. Generate key first.");
        }
        try {
            Signature signature = Signature.getInstance("NONEwithECDSA");
            try {
                signature.initSign(this.privateKeyEntry.getPrivateKey());
                try {
                    signature.update(bArr);
                    return signature.sign();
                } catch (SignatureException e10) {
                    throw new IllegalStateException("Could not sign provided data: " + e10.getMessage());
                }
            } catch (InvalidKeyException e11) {
                throw new IllegalStateException("Key provided for signing is invalid: " + e11.getMessage());
            }
        } catch (NoSuchAlgorithmException e12) {
            throw new IllegalStateException("No NONEwithECDSA support: " + e12.getMessage());
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public void generateKey(byte[] bArr) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            try {
                Calendar calendar = Calendar.getInstance();
                Date time = calendar.getTime();
                calendar.add(1, 10);
                keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(this.alias, 4).setDigests("NONE").setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setAttestationChallenge(bArr).setKeySize(256).setCertificateNotBefore(time).setCertificateNotAfter(calendar.getTime()).build());
                keyPairGenerator.generateKeyPair();
                tryLoadEntry();
            } catch (InvalidAlgorithmParameterException e10) {
                throw new IllegalStateException("Arguments for initialization of EC algorithm are invalid: " + e10.getMessage());
            }
        } catch (NoSuchAlgorithmException e11) {
            throw new IllegalStateException("EC algorithm is unsupported in AndroidKeyStore: " + e11.getMessage());
        } catch (NoSuchProviderException e12) {
            throw new IllegalStateException("No Android Key Store in the system: " + e12.getMessage());
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public byte[] getAppAttestKeyAssertion() {
        throw new UnsupportedOperationException("No AppAttest for Android");
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public String getAppAttestKeyId() {
        throw new UnsupportedOperationException("No AppAttest for Android");
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public String getApplicationId() {
        throw new UnsupportedOperationException("Should not be used for Android");
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public EcPublicKey getEcPublicKey() {
        try {
            ECPoint w10 = ((ECPublicKeySpec) KeyFactory.getInstance("EC").getKeySpec(this.privateKeyEntry.getCertificate().getPublicKey(), ECPublicKeySpec.class)).getW();
            return new EcPublicKey(w10.getAffineX().toByteArray(), w10.getAffineY().toByteArray());
        } catch (NoSuchAlgorithmException e10) {
            throw new IllegalStateException("EC algorithm is unsupported in AndroidKeyStore: " + e10.getMessage());
        } catch (InvalidKeySpecException e11) {
            throw new IllegalStateException("Invalid KeySpec or key could not be processed: " + e11.getMessage());
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public byte[] getKeystoreProof() {
        return getCertificateChain();
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public boolean hasKey() {
        return this.privateKeyEntry != null;
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public void removeKey() {
        this.privateKeyEntry = null;
        if (hasEntry()) {
            try {
                this.keyStore.deleteEntry(this.alias);
            } catch (KeyStoreException e10) {
                throw new IllegalStateException("Keystore is not initialized: " + e10.getMessage());
            }
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public void requestAttestKey(byte[] bArr, long j10, final AttestationListener attestationListener) {
        String createNonce = createNonce(bArr);
        if (createNonce == null) {
            attestationListener.onAttestationFailed("Could not create nonce");
        }
        Task a10 = AbstractC3820b.a(Runtime.getApplicationContext()).a(d.a().c(createNonce).b(j10).a());
        a10.g(new InterfaceC9525g() { // from class: com.yandex.runtime.attestation_storage.internal.PlatformKeystoreImpl.1
            @Override // h5.InterfaceC9525g
            public void onSuccess(e eVar) {
                attestationListener.onAttestationReceived(eVar.a().getBytes());
            }
        });
        a10.e(new InterfaceC9524f() { // from class: com.yandex.runtime.attestation_storage.internal.PlatformKeystoreImpl.2
            @Override // h5.InterfaceC9524f
            public void onFailure(Exception exc) {
                attestationListener.onAttestationFailed(exc.getMessage());
            }
        });
    }
}
