package com.tencent.tmf.biometricauth.core.keystore.rsa;

import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import com.tencent.tmf.biometricauth.core.keystore.BaseKeyStore;
import com.tencent.tmf.biometricauth.core.model.Triple;
import com.tencent.tmf.biometricauth.model.PubKeyModel;
import com.tencent.tmf.biometricauth.model.ReturnResult;
import com.tencent.tmf.biometricauth.util.DebugLogger;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import t.a;

/* loaded from: classes.dex */
public class SystemRsaKeyStore extends BaseRsaKeyStore {
    public int mPurpose;

    public SystemRsaKeyStore(@NonNull String str) {
        this("AndroidKeyStore", str);
    }

    public SystemRsaKeyStore(@NonNull String str, @NonNull String str2) {
        super(str, str2);
        this.mPurpose = 4;
        this.isSupport = true;
    }

    private Signature getASKSignature() throws InvalidKeyException, NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException, UnrecoverableEntryException {
        KeyStore keyStore = KeyStore.getInstance(this.mProviderName);
        keyStore.load(null);
        Signature signature = Signature.getInstance("SHA256withRSA/PSS");
        Key key = keyStore.getKey(this.mAppSecureKeyName, null);
        if (key != null) {
            signature.initSign((PrivateKey) key);
            return signature;
        }
        DebugLogger.e(BaseKeyStore.TAG, "entry not exists", new Object[0]);
        return null;
    }

    private String getAuthKeyFullName(@NonNull String str) {
        StringBuilder a10 = a.a(str);
        a10.append(this.mAppSecureKeyName);
        return a10.toString();
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IAuthHelper
    public byte[] finishAuth(long j10) {
        return new byte[0];
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IKeyStoreHelper
    public ReturnResult generateAppGlobalSecureKey() {
        if (!this.isSupport.booleanValue()) {
            return new ReturnResult(2);
        }
        try {
            KeyStore.getInstance(this.mProviderName).load(null);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KeyPropertiesCompact.KEY_ALGORITHM_RSA, this.mProviderName);
            keyPairGenerator.initialize(KeyGenParameterSpecCompatBuilder.newInstance(this.mAppSecureKeyName, this.mPurpose).setDigests(KeyPropertiesCompact.DIGEST_SHA256).setSignaturePaddings(KeyPropertiesCompact.SIGNATURE_PADDING_RSA_PSS).build());
            keyPairGenerator.generateKeyPair();
            return new ReturnResult(0);
        } catch (Exception e10) {
            StringBuilder a10 = a.a("generateAppGlobalSecureKey ");
            a10.append(e10.toString());
            DebugLogger.e(BaseKeyStore.TAG, a10.toString(), new Object[0]);
            DebugLogger.printErrStackTrace(BaseKeyStore.TAG, e10, "generateAppGlobalSecureKey error");
            return new ReturnResult(4, e10.toString());
        } catch (OutOfMemoryError e11) {
            DebugLogger.printErrStackTrace(BaseKeyStore.TAG, e11, "out of memory when generate ASK!! maybe no attk inside");
            return new ReturnResult(4);
        }
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IAuthKeyStoreHelper
    public ReturnResult generateAuthKey(String str) {
        if (!isNativeSupport()) {
            return null;
        }
        if (TextUtils.isEmpty(str)) {
            return new ReturnResult(1);
        }
        if (!hasAppGlobalSecureKey()) {
            return new ReturnResult(3, "app secure key not exist");
        }
        try {
            try {
                if (!hasAppGlobalSecureKey()) {
                    return new ReturnResult(3, "app secure key not exist");
                }
                KeyStore.getInstance(this.mProviderName).load(null);
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KeyPropertiesCompact.KEY_ALGORITHM_RSA, this.mProviderName);
                try {
                    keyPairGenerator.initialize(KeyGenParameterSpecCompatBuilder.newInstance(getAuthKeyFullName(str), 4).setDigests(KeyPropertiesCompact.DIGEST_SHA256).setUserAuthenticationRequired(true).setSignaturePaddings(KeyPropertiesCompact.SIGNATURE_PADDING_RSA_PSS).build());
                    keyPairGenerator.generateKeyPair();
                    return new ReturnResult(0);
                } catch (Exception e10) {
                    DebugLogger.e(BaseKeyStore.TAG, "cause exception. maybe reflection exception: " + e10.toString(), new Object[0]);
                    return new ReturnResult(6, e10.toString());
                }
            } catch (OutOfMemoryError e11) {
                DebugLogger.printErrStackTrace(BaseKeyStore.TAG, e11, "out of memory when generate AuthKey!! maybe no attk inside");
                return null;
            }
        } catch (Exception e12) {
            StringBuilder a10 = a.a("generate auth key failed: ");
            a10.append(e12.toString());
            DebugLogger.e(BaseKeyStore.TAG, a10.toString(), new Object[0]);
            return new ReturnResult(6, e12.toString());
        }
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IKeyStoreHelper
    public PubKeyModel getAppGlobalSecureKeyModel() {
        if (!isNativeSupport()) {
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(this.mProviderName);
            keyStore.load(null);
            try {
                Certificate[] certificateChain = keyStore.getCertificateChain(this.mAppSecureKeyName);
                if (certificateChain == null || certificateChain.length <= 0) {
                    DebugLogger.e(BaseKeyStore.TAG, "key can not be retrieved", new Object[0]);
                    return null;
                }
                PubKeyModel pubKeyModel = new PubKeyModel(certificateChain);
                Certificate certificate = certificateChain[0];
                if (certificate != null) {
                    pubKeyModel.setPubKeyInX509(Base64.encodeToString(certificate.getPublicKey().getEncoded(), 2));
                }
                return pubKeyModel;
            } catch (ClassCastException e10) {
                DebugLogger.e(BaseKeyStore.TAG, "cast error: " + e10.toString(), new Object[0]);
                return null;
            }
        } catch (Exception e11) {
            DebugLogger.printErrStackTrace(BaseKeyStore.TAG, e11, "error when get ask");
            return null;
        } catch (OutOfMemoryError e12) {
            DebugLogger.printErrStackTrace(BaseKeyStore.TAG, e12, "out of memory when getting ask!! maybe no attk inside");
            return null;
        }
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IAuthHelper
    public Triple<Signature, Cipher, Mac> getAuthInitAndSign(String str) {
        if (isNativeSupport()) {
            try {
                Signature initAuthKeySignature = initAuthKeySignature(str);
                if (initAuthKeySignature == null) {
                    return null;
                }
                return new Triple<>(initAuthKeySignature, null, null);
            } catch (InvalidKeyException | UnrecoverableEntryException unused) {
                DebugLogger.e(BaseKeyStore.TAG, "key invalid. Advice remove the key", new Object[0]);
            } catch (Exception e10) {
                StringBuilder a10 = a.a("exception when getSignatureResult: ");
                a10.append(e10.toString());
                DebugLogger.e(BaseKeyStore.TAG, a10.toString(), new Object[0]);
                DebugLogger.printErrStackTrace(BaseKeyStore.TAG, e10, "exception when getSignatureResult");
                return null;
            } catch (OutOfMemoryError e11) {
                DebugLogger.printErrStackTrace(BaseKeyStore.TAG, e11, "out of memory when getAuthInitAndSign!! maybe no attk inside");
            }
        }
        return null;
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IAuthKeyStoreHelper
    public PubKeyModel getAuthKeyModel(String str) {
        if (!TextUtils.isEmpty(str) && isNativeSupport()) {
            try {
                KeyStore keyStore = KeyStore.getInstance(this.mProviderName);
                keyStore.load(null);
                try {
                    Certificate[] certificateChain = keyStore.getCertificateChain(getAuthKeyFullName(str));
                    if (certificateChain == null || certificateChain.length <= 0) {
                        DebugLogger.e(BaseKeyStore.TAG, "key can not be retrieved", new Object[0]);
                        return null;
                    }
                    PubKeyModel pubKeyModel = new PubKeyModel(certificateChain);
                    Certificate certificate = certificateChain[0];
                    if (certificate != null) {
                        byte[] encoded = certificate.getPublicKey().getEncoded();
                        pubKeyModel.setPubKeyInX509(Base64.encodeToString(encoded, 2));
                        Signature aSKSignature = getASKSignature();
                        if (aSKSignature != null) {
                            aSKSignature.update(encoded);
                            pubKeyModel.setSignature(Base64.encodeToString(aSKSignature.sign(), 2));
                            DebugLogger.i(BaseKeyStore.TAG, "getAuthKeyModel = " + pubKeyModel.toString(), new Object[0]);
                        }
                    }
                    return pubKeyModel;
                } catch (ClassCastException e10) {
                    DebugLogger.e(BaseKeyStore.TAG, "cast error: " + e10.toString(), new Object[0]);
                    return null;
                }
            } catch (Exception e11) {
                DebugLogger.printErrStackTrace(BaseKeyStore.TAG, e11, "error when get ask");
            } catch (OutOfMemoryError e12) {
                DebugLogger.printErrStackTrace(BaseKeyStore.TAG, e12, "out of memory when getting ask!! maybe no attk inside");
            }
        }
        return null;
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IKeyStoreHelper
    public int getKeyStoreType() {
        return 1;
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IKeyStoreHelper
    public boolean hasAppGlobalSecureKey() {
        if (!isNativeSupport()) {
            return false;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(this.mProviderName);
            keyStore.load(null);
            return keyStore.getCertificate(this.mAppSecureKeyName) != null;
        } catch (Exception e10) {
            StringBuilder a10 = a.a("hasAppGlobalSecureKey exception: ");
            a10.append(e10.toString());
            DebugLogger.e(BaseKeyStore.TAG, a10.toString(), new Object[0]);
            return false;
        }
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IAuthKeyStoreHelper
    public boolean hasAuthKey(String str) {
        if (TextUtils.isEmpty(str)) {
            return false;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(this.mProviderName);
            keyStore.load(null);
            return keyStore.getCertificate(getAuthKeyFullName(str)) != null;
        } catch (Exception e10) {
            StringBuilder a10 = a.a("hasAppGlobalSecureKey exception: ");
            a10.append(e10.toString());
            DebugLogger.e(BaseKeyStore.TAG, a10.toString(), new Object[0]);
            return false;
        }
    }

    public Signature initAuthKeySignature(String str) throws InvalidKeyException, NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException, UnrecoverableEntryException {
        DebugLogger.d(BaseKeyStore.TAG, "initAuthKeySignature", new Object[0]);
        if (TextUtils.isEmpty(str)) {
            DebugLogger.e(BaseKeyStore.TAG, "auth key name is null or nil. abort.", new Object[0]);
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance(this.mProviderName);
        keyStore.load(null);
        Signature signature = Signature.getInstance("SHA256withRSA/PSS");
        Key key = keyStore.getKey(getAuthKeyFullName(str), null);
        if (key != null) {
            signature.initSign((PrivateKey) key);
            return signature;
        }
        DebugLogger.e(BaseKeyStore.TAG, "entry not exists", new Object[0]);
        return null;
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IKeyStoreHelper
    public boolean isAppGlobalSecureKeyValid() {
        return hasAppGlobalSecureKey() && getAppGlobalSecureKeyModel() != null;
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IAuthKeyStoreHelper
    public boolean isAuthKeyValid(String str, boolean z9) {
        if (TextUtils.isEmpty(str) || !isNativeSupport()) {
            return false;
        }
        try {
            initAuthKeySignature(str);
            DebugLogger.i(BaseKeyStore.TAG, "key valid", new Object[0]);
            return true;
        } catch (OutOfMemoryError e10) {
            DebugLogger.printErrStackTrace(BaseKeyStore.TAG, e10, "out of memory when isAuthKeyValid!! maybe no attk inside");
            return false;
        } catch (InvalidKeyException | UnrecoverableEntryException unused) {
            DebugLogger.e(BaseKeyStore.TAG, "key invalid.", new Object[0]);
            if (z9) {
                removeAuthKey(str, false);
            }
            return false;
        } catch (Exception e11) {
            DebugLogger.e(BaseKeyStore.TAG, "occurs other exceptions: %s", e11.toString());
            DebugLogger.printErrStackTrace(BaseKeyStore.TAG, e11, " occurs other exceptions");
            return false;
        }
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IKeyStoreHelper
    public boolean isKeyProtectedEnforcedBySecureHardware() {
        return true;
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IKeyStoreHelper
    public boolean isNativeSupport() {
        if (this.isSupport == null) {
            this.isSupport = true;
        }
        return this.isSupport.booleanValue();
    }

    @Override // com.tencent.tmf.biometricauth.core.model.IRelease
    public void release() {
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IKeyStoreHelper
    public ReturnResult removeAppGlobalSecureKey() {
        if (!isNativeSupport()) {
            return new ReturnResult(2);
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(this.mProviderName);
            keyStore.load(null);
            keyStore.deleteEntry(this.mAppSecureKeyName);
            return new ReturnResult(0);
        } catch (Exception e10) {
            StringBuilder a10 = a.a("removeAppGlobalSecureKey ");
            a10.append(e10.toString());
            DebugLogger.e(BaseKeyStore.TAG, a10.toString(), new Object[0]);
            return new ReturnResult(5, e10.toString());
        }
    }

    @Override // com.tencent.tmf.biometricauth.core.keystore.IAuthKeyStoreHelper
    public ReturnResult removeAuthKey(String str, boolean z9) {
        if (!isNativeSupport()) {
            return new ReturnResult(2);
        }
        if (TextUtils.isEmpty(str)) {
            return new ReturnResult(1);
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(this.mProviderName);
            keyStore.load(null);
            keyStore.deleteEntry(getAuthKeyFullName(str));
            if (z9) {
                DebugLogger.i(BaseKeyStore.TAG, "auto delete ask", new Object[0]);
                if (hasAppGlobalSecureKey()) {
                    removeAppGlobalSecureKey();
                }
            }
            return new ReturnResult(0);
        } catch (Exception e10) {
            StringBuilder a10 = a.a("removeAuthKey ");
            a10.append(e10.toString());
            DebugLogger.e(BaseKeyStore.TAG, a10.toString(), new Object[0]);
            return new ReturnResult(7, e10.toString());
        }
    }
}
