package com.gmrz.appsdk.util;

import android.annotation.TargetApi;
import android.content.Context;
import android.hardware.fingerprint.FingerprintManager;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.UserNotAuthenticatedException;
import android.text.TextUtils;
import android.util.Log;
import com.gmrz.appsdk.assestation.KeyASecurityType;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.Calendar;
import java.util.UUID;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class g {
    public static byte a = 2;
    public static byte b = 48;
    public static byte c = 4;
    public static byte d = 10;
    private static final String e = "g";
    private static final String f = "g";

    private static int a(ByteBuffer byteBuffer) {
        byte b2 = byteBuffer.get();
        if ((b2 & 128) == 0) {
            return b2;
        }
        int i = b2 & Byte.MAX_VALUE;
        if (i > 4) {
            return -1;
        }
        byte[] bArr = new byte[i];
        byteBuffer.get(bArr);
        int length = bArr.length;
        int i2 = 0;
        for (int i3 = 0; i3 < length; i3++) {
            i2 |= (bArr[i3] & 255) << (((length - 1) - i3) * 8);
        }
        return i2;
    }

    public static KeyASecurityType a(String str) {
        try {
            com.gmrz.appsdk.assestation.a a2 = a(((X509Certificate) b(str)[0]).getExtensionValue("1.3.6.1.4.1.11129.2.1.17"));
            if (a2 == null) {
                i.c(f, "keyDescription is null");
                return KeyASecurityType.NOATTESTATION;
            }
            String str2 = f;
            StringBuilder sb = new StringBuilder();
            sb.append(a2.b);
            i.c(str2, sb.toString());
            return a2.b;
        } catch (Exception e2) {
            i.c(f, "getASecurityLevel: " + e2.getMessage());
            return KeyASecurityType.NOATTESTATION;
        }
    }

    private static com.gmrz.appsdk.assestation.a a(byte[] bArr) {
        com.gmrz.appsdk.assestation.a aVar = new com.gmrz.appsdk.assestation.a();
        if (bArr != null) {
            try {
                if (bArr.length != 0) {
                    ByteBuffer wrap = ByteBuffer.wrap(bArr);
                    wrap.order(ByteOrder.LITTLE_ENDIAN);
                    byte b2 = wrap.get();
                    int a2 = a(wrap);
                    if (b2 == c && wrap.hasRemaining() && wrap.remaining() == a2) {
                        byte b3 = wrap.get();
                        a(wrap);
                        if (b3 == b && wrap.hasRemaining()) {
                            byte b4 = wrap.get();
                            byte[] bArr2 = new byte[a(wrap)];
                            wrap.get(bArr2);
                            if (b4 != a) {
                                Log.e(f, "is not attestion extension by attestation version");
                                return null;
                            }
                            aVar.a = bArr2[0] & 255;
                            byte b5 = wrap.get();
                            byte[] bArr3 = new byte[a(wrap)];
                            wrap.get(bArr3);
                            if (b5 != d) {
                                Log.e(f, "is not attestion extension by tmp1");
                                return null;
                            }
                            aVar.b = KeyASecurityType.convert(bArr3[0] & 255);
                            byte b6 = wrap.get();
                            int a3 = a(wrap);
                            if (a3 != 0) {
                                byte[] bArr4 = new byte[a3];
                                wrap.get(bArr4);
                                if (b6 != a) {
                                    Log.e(f, "is not attestion extension by tmp2");
                                    return null;
                                }
                                aVar.c = bArr4[0] & 255;
                            }
                            byte b7 = wrap.get();
                            byte[] bArr5 = new byte[a(wrap)];
                            wrap.get(bArr5);
                            if (b7 != d) {
                                Log.e(f, "is not attestion extension by keymaster security");
                                return null;
                            }
                            aVar.d = KeyASecurityType.convert(bArr5[0] & 255);
                            byte b8 = wrap.get();
                            int a4 = a(wrap);
                            if (a4 != 0) {
                                byte[] bArr6 = new byte[a4];
                                wrap.get(bArr6);
                                if (b8 != c) {
                                    Log.e(f, "is not attestion extension by challenge");
                                    return null;
                                }
                                aVar.e = bArr6;
                            }
                            byte b9 = wrap.get();
                            int a5 = a(wrap);
                            if (a5 != 0) {
                                wrap.get(new byte[a5]);
                                if (b9 != c) {
                                    Log.e(f, "is not attestion extension by tmp2");
                                    return null;
                                }
                            }
                            byte b10 = wrap.get();
                            int a6 = a(wrap);
                            if (a6 != 0) {
                                wrap.get(new byte[a6]);
                                if (b10 != b) {
                                    Log.e(f, "is not attestion extension by sw");
                                    return null;
                                }
                            }
                            byte b11 = wrap.get();
                            int a7 = a(wrap);
                            if (a7 != 0) {
                                wrap.get(new byte[a7]);
                                if (b11 != b) {
                                    Log.e(f, "is not attestion extension by tee");
                                    return null;
                                }
                            }
                            return aVar;
                        }
                        Log.e(f, "is not attestation extension by root sequence");
                        return null;
                    }
                    Log.e(f, "is not attestation extension by root , maybe not der");
                    return null;
                }
            } catch (Exception e2) {
                Log.e(f, "verifyAttestionExtension:" + e2.getMessage());
            }
        }
        return null;
    }

    @TargetApi(23)
    public static boolean a(Context context) {
        String str;
        String str2;
        UUID randomUUID = UUID.randomUUID();
        String uuid = randomUUID.toString();
        i.b(e, "ECDSA Key generation Begin");
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 20);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(uuid, 4).setDigests("SHA-256").setAlgorithmParameterSpec(new ECGenParameterSpec("prime256v1")).setCertificateSubject(new X500Principal(String.format("CN=%s, OU=%s", randomUUID, context.getPackageName()))).setCertificateSerialNumber(BigInteger.ONE).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).setUserAuthenticationRequired(true).build());
            keyPairGenerator.generateKeyPair();
            i.b(e, "Algorithm used to generate: " + keyPairGenerator.getAlgorithm());
            i.b(e, "ECDSA Key generation complete");
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(uuid, null);
            if (entry == null) {
                i.c(e, "Failed to get key entry for uuid ".concat(String.valueOf(uuid)));
                return false;
            }
            Signature.getInstance("SHA256withECDSA").initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
            return true;
        } catch (UserNotAuthenticatedException unused) {
            str = e;
            str2 = "ECDSA Key generation failed,UserNotAuthenticatedException ";
            i.c(str, str2);
            return false;
        } catch (Error | Exception unused2) {
            str = e;
            str2 = "ECDSA Key generation failed. ";
            i.c(str, str2);
            return false;
        }
    }

    @TargetApi(24)
    public static boolean a(Context context, String str) {
        try {
            if (context == null) {
                i.b(f, "context is null");
                return false;
            }
            if (!((FingerprintManager) context.getSystemService("fingerprint")).isHardwareDetected()) {
                i.b(f, "The mobile not support HardwareDetected");
                return false;
            }
            i.b(f, "ECDSA Key generation Begin");
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 20);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            KeyGenParameterSpec.Builder userAuthenticationRequired = new KeyGenParameterSpec.Builder(str, 4).setDigests("SHA-256").setAlgorithmParameterSpec(new ECGenParameterSpec("prime256v1")).setCertificateSubject(new X500Principal(String.format("CN=%s, OU=%s", str, context.getPackageName()))).setCertificateSerialNumber(BigInteger.ONE).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).setUserAuthenticationRequired(true);
            if (Build.VERSION.SDK_INT > 23) {
                byte[] bArr = new byte[32];
                new SecureRandom().nextBytes(bArr);
                userAuthenticationRequired.setAttestationChallenge(bArr);
            }
            if (TextUtils.equals("MI 5s", Build.MODEL)) {
                return false;
            }
            keyPairGenerator.initialize(userAuthenticationRequired.build());
            keyPairGenerator.generateKeyPair();
            i.b(f, "ECDSA Key generation complete");
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (entry == null) {
                i.c(f, "Failed to get key entry for uuid ".concat(String.valueOf(str)));
                return false;
            }
            Signature.getInstance("SHA256withECDSA").initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
            return true;
        } catch (Exception e2) {
            i.c(f, "ECDSA Key generation failed." + e2.getMessage());
            return false;
        }
    }

    private static Certificate[] b(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore.getCertificateChain(str);
        } catch (Exception e2) {
            i.c(f, "getCertificatesFromChain: " + e2.getMessage());
            return null;
        }
    }
}
