package com.huawei.library.rainbow.certificate;

import android.annotation.TargetApi;
import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.huawei.android.os.SystemPropertiesEx;
import com.huawei.frameworkwrap.HwLog;
import com.huawei.grs.util.GrsSha256;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectOutputStream;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.GregorianCalendar;

/* loaded from: classes.dex */
public class HwCertificate {
    private static final String CHALLENGE = "HwSystemManager";
    private static final String HW_KEY_STORE_PROVIDER = "HwUniversalKeyStoreProvider";
    public static final int ID_TYPE_SERIAL = 1;
    public static final int ID_TYPE_SKIP_DEFAULT = -65536;
    private static final String ID_TYPE_SKIP_DEFAULT_NAME = "ID_TYPE_SKIP_DEFAULT";
    private static final String KEYSTORE_PROVIDER_ANDROID_KEYSTORE = "HwKeyStore";
    private static final String KEY_ALIAS = "hsm_key";
    private static final String TAG = "HwCertificate";
    private static HwCertificate sInstance = null;
    private int mEffectiveTime = 2;
    private int mSerialNumber = 1337;

    private HwCertificate() {
    }

    private KeyPair generateKeyPair(String str, String str2, int i, String str3, String str4) {
        if (getCertificate() == null) {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str2, HW_KEY_STORE_PROVIDER);
                GregorianCalendar gregorianCalendar = new GregorianCalendar();
                GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
                gregorianCalendar2.add(1, this.mEffectiveTime);
                keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, i).setDigests(str3).setSignaturePaddings(str4).setCertificateSerialNumber(BigInteger.valueOf(this.mSerialNumber)).setCertificateNotBefore(gregorianCalendar.getTime()).setCertificateNotAfter(gregorianCalendar2.getTime()).setAttestationChallenge("HwSystemManager".getBytes("UTF-8")).setUserAuthenticationRequired(false).build());
                return keyPairGenerator.generateKeyPair();
            } catch (UnsupportedEncodingException e) {
                HwLog.e(TAG, "generateKeyPair UnsupportedEncodingException");
            } catch (InvalidAlgorithmParameterException e2) {
                HwLog.e(TAG, "generateKeyPair InvalidAlgorithmParameterException");
            } catch (NoSuchAlgorithmException e3) {
                HwLog.e(TAG, "generateKeyPair NoSuchAlgorithmException");
            } catch (NoSuchProviderException e4) {
                HwLog.e(TAG, "generateKeyPair NoSuchProviderException");
            }
        }
        return null;
    }

    public static X509Certificate[] getCertificateChain(Context context, int[] iArr, String str) {
        boolean z = false;
        try {
            Class<?> cls = Class.forName("com.huawei.security.keystore.HwAttestationUtils");
            Method method = cls.getMethod("attestDeviceIds", Context.class, int[].class, byte[].class);
            for (Field field : cls.getDeclaredFields()) {
                if (field.getName().equals(ID_TYPE_SKIP_DEFAULT_NAME)) {
                    z = true;
                }
            }
            method.setAccessible(true);
            if (z) {
                HwLog.i(TAG, "new method");
                return (X509Certificate[]) method.invoke(null, context, iArr, str.getBytes(Charset.forName("UTF-8")));
            }
            HwLog.i(TAG, "old method");
            try {
                return (X509Certificate[]) method.invoke(null, context, new int[]{iArr[0]}, str.getBytes(Charset.forName("UTF-8")));
            } catch (ClassNotFoundException e) {
                HwLog.e(TAG, "getCertificateChain ClassNotFoundException");
                return null;
            } catch (IllegalAccessException e2) {
                HwLog.e(TAG, "getCertificateChain IllegalAccessException");
                return null;
            } catch (NoSuchMethodException e3) {
                HwLog.e(TAG, "getCertificateChain NoSuchMethodException");
                return null;
            } catch (InvocationTargetException e4) {
                HwLog.e(TAG, "getCertificateChain InvocationTargetException");
                return null;
            }
        } catch (ClassNotFoundException e5) {
        } catch (IllegalAccessException e6) {
        } catch (NoSuchMethodException e7) {
        } catch (InvocationTargetException e8) {
        }
    }

    public static synchronized HwCertificate getInstance() {
        HwCertificate hwCertificate;
        synchronized (HwCertificate.class) {
            if (sInstance == null) {
                sInstance = new HwCertificate();
            }
            hwCertificate = sInstance;
        }
        return hwCertificate;
    }

    public static boolean isRegisterKeyStoreProvider() {
        try {
            Method method = Class.forName("com.huawei.security.keystore.HwUniversalKeyStoreProvider").getMethod("install", new Class[0]);
            method.setAccessible(true);
            method.invoke(null, new Object[0]);
            return true;
        } catch (ClassNotFoundException e) {
            HwLog.e(TAG, "HwUniversalKeyStore: no HwUniversalKeyStore found");
            return false;
        } catch (IllegalAccessException e2) {
            HwLog.e(TAG, "HwUniversalKeyStore: cannot access");
            return false;
        } catch (NoSuchMethodException e3) {
            HwLog.e(TAG, "HwUniversalKeyStore: function not found");
            return false;
        } catch (InvocationTargetException e4) {
            HwLog.e(TAG, "HwUniversalKeyStore: InvocationTargetException");
            return false;
        }
    }

    public static boolean isSupportHwPKI() {
        return "true".equalsIgnoreCase(SystemPropertiesEx.get("ro.config.support_hwpki", "false"));
    }

    private String signData(String str) {
        byte[] bArr = new byte[0];
        try {
            bArr = str.getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
            HwLog.e(TAG, "signData UnsupportedEncodingException...");
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
            keyStore.load(null);
            HwLog.i(TAG, "Load  keystore success!");
            KeyStore.Entry entry = keyStore.getEntry(KEY_ALIAS, null);
            Signature signature = Signature.getInstance("SHA256withRSA", HW_KEY_STORE_PROVIDER);
            signature.initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
            signature.update(bArr);
            return base64EncodeToString(signature.sign());
        } catch (IOException e2) {
            HwLog.e(TAG, "signData IOException");
            return null;
        } catch (InvalidKeyException e3) {
            HwLog.e(TAG, "signData InvalidKeyException ");
            return null;
        } catch (KeyStoreException e4) {
            HwLog.e(TAG, "signData KeyStoreException");
            return null;
        } catch (NoSuchAlgorithmException e5) {
            HwLog.e(TAG, "signData NoSuchAlgorithmException");
            return null;
        } catch (NoSuchProviderException e6) {
            HwLog.e(TAG, "signData NoSuchProviderException ");
            return null;
        } catch (SignatureException e7) {
            HwLog.e(TAG, "signData: SignatureException");
            return null;
        } catch (UnrecoverableEntryException e8) {
            HwLog.e(TAG, "signData UnrecoverableEntryException ");
            return null;
        } catch (CertificateException e9) {
            HwLog.e(TAG, "signData CertificateException");
            return null;
        }
    }

    public String base64EncodeToString(byte[] bArr) {
        return Base64.encodeToString(bArr, 0);
    }

    public KeyPair generateKeyPair() {
        return generateKeyPair(KEY_ALIAS, "RSA", 12, GrsSha256.ALGORITHM_SHA256, "PKCS1");
    }

    @TargetApi(24)
    public Certificate[] getCertificate() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
            keyStore.load(null);
            return keyStore.getCertificateChain(KEY_ALIAS);
        } catch (IOException e) {
            HwLog.e(TAG, "getCertificate IOException");
            return null;
        } catch (KeyStoreException e2) {
            HwLog.e(TAG, "getCertificate KeyStoreException");
            return null;
        } catch (NoSuchAlgorithmException e3) {
            HwLog.e(TAG, "getCertificate NoSuchAlgorithmException");
            return null;
        } catch (CertificateException e4) {
            HwLog.e(TAG, "getCertificate CertificateException");
            return null;
        }
    }

    public String getSignature(String str) {
        return signData(str);
    }

    public String objectToBase64(Object obj) {
        ObjectOutputStream objectOutputStream;
        String str = null;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ObjectOutputStream objectOutputStream2 = null;
        try {
            try {
                objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
            } catch (Throwable th) {
                th = th;
            }
        } catch (IOException e) {
        }
        try {
            objectOutputStream.writeObject(obj);
            byteArrayOutputStream.flush();
            str = Base64.encodeToString(byteArrayOutputStream.toByteArray(), 0);
            if (objectOutputStream != null) {
                try {
                    objectOutputStream.close();
                } catch (IOException e2) {
                    HwLog.e(TAG, "ObjectOutputStream IOException...");
                }
            }
            if (byteArrayOutputStream != null) {
                try {
                    byteArrayOutputStream.close();
                } catch (IOException e3) {
                    HwLog.e(TAG, "ByteArrayOutputStream IOException...");
                    objectOutputStream2 = objectOutputStream;
                }
            }
            objectOutputStream2 = objectOutputStream;
        } catch (IOException e4) {
            objectOutputStream2 = objectOutputStream;
            HwLog.e(TAG, "objectToBase64 IOException...");
            if (objectOutputStream2 != null) {
                try {
                    objectOutputStream2.close();
                } catch (IOException e5) {
                    HwLog.e(TAG, "ObjectOutputStream IOException...");
                }
            }
            if (byteArrayOutputStream != null) {
                try {
                    byteArrayOutputStream.close();
                } catch (IOException e6) {
                    HwLog.e(TAG, "ByteArrayOutputStream IOException...");
                }
            }
            return str;
        } catch (Throwable th2) {
            th = th2;
            objectOutputStream2 = objectOutputStream;
            if (objectOutputStream2 != null) {
                try {
                    objectOutputStream2.close();
                } catch (IOException e7) {
                    HwLog.e(TAG, "ObjectOutputStream IOException...");
                }
            }
            if (byteArrayOutputStream != null) {
                try {
                    byteArrayOutputStream.close();
                } catch (IOException e8) {
                    HwLog.e(TAG, "ByteArrayOutputStream IOException...");
                }
            }
            throw th;
        }
        return str;
    }
}
