package r4;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Build;
import android.text.TextUtils;
import com.huawei.hms.network.embedded.q3;
import com.huawei.wisesecurity.ucs.common.exception.UcsErrorCode;
import com.huawei.wisesecurity.ucs.common.exception.UcsException;
import com.huawei.wisesecurity.ucs.common.exception.UcsKeyStoreException;
import com.huawei.wisesecurity.ucs.common.log.LogUcs;
import com.huawei.wisesecurity.ucs.common.utils.SpUtil;
import com.huawei.wisesecurity.ucs.common.utils.StringUtil;
import com.huawei.wisesecurity.ucs.credential.Credential;
import com.huawei.wisesecurity.ucs.credential.CredentialClient;
import com.huawei.wisesecurity.ucs.credential.entity.ErrorBody;
import com.huawei.wisesecurity.ucs.credential.nativelib.UcsLib;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkCapability;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkResponse;
import java.nio.charset.StandardCharsets;
import java.security.cert.Certificate;
import java.util.List;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public final class a extends d {
    public a(CredentialClient credentialClient, Context context, NetworkCapability networkCapability) throws UcsException {
        super(credentialClient, context, networkCapability);
    }

    @Override // r4.d
    public final Credential a(String str) throws UcsException {
        try {
            if (Integer.parseInt(new JSONObject(str).getString("expire")) == 0) {
                return this.f17409g.genCredentialFromString(str);
            }
            throw new UcsException(1017L, "unenable expire.");
        } catch (NumberFormatException e9) {
            StringBuilder c = a7.i.c("parse TSMS resp expire error : ");
            c.append(e9.getMessage());
            throw new UcsException(2001L, c.toString());
        } catch (JSONException e10) {
            StringBuilder c9 = a7.i.c("parse TSMS resp get json error : ");
            c9.append(e10.getMessage());
            throw new UcsException(UcsErrorCode.JSON_ERROR, c9.toString());
        }
    }

    @Override // r4.d
    public final Credential c(String str, String str2, String str3, String str4, g gVar) throws UcsException {
        try {
            LogUcs.i("KeyStoreHandler", "applyCredential use KeyStoreHandler.", new Object[0]);
            return b(str, str2, str3, str4);
        } catch (Throwable th) {
            StringBuilder c = a7.i.c("applyCredential use KeyStoreHandler get exception: ");
            c.append(th.getMessage());
            LogUcs.e("KeyStoreHandler", c.toString(), new Object[0]);
            return gVar.a(0, str, str2, str3, str4, gVar);
        }
    }

    @Override // r4.d
    public final String d(NetworkResponse networkResponse) throws UcsException {
        boolean isSuccessful = networkResponse.isSuccessful();
        String body = networkResponse.getBody();
        if (isSuccessful) {
            return body;
        }
        ErrorBody fromString = ErrorBody.fromString(body);
        StringBuilder c = a7.i.c("tsms service error, ");
        c.append(fromString.getErrorMessage());
        String sb = c.toString();
        LogUcs.e("KeyStoreHandler", sb, new Object[0]);
        if (d.g(fromString.getErrorCode())) {
            SpUtil.putInt("ucs_keystore_sp_key_t", 0, this.f17405b);
            LogUcs.i("KeyStoreHandler", "turn off android keystore CertificateChain", new Object[0]);
        }
        throw new UcsException(1024L, sb);
    }

    @Override // r4.d
    public final void e() throws UcsException {
        if (!((Build.VERSION.SDK_INT >= 24) && SpUtil.getInt("ucs_keystore_sp_key_t", -1, this.f17405b) != 0)) {
            throw a7.i.b("KeyStoreHandler", "keyStoreCertificateChain is off. not support keyStore RSA.", new Object[0], 1022L, "keyStoreCertificateChain is off. not support keyStore RSA.");
        }
    }

    @Override // r4.d
    @SuppressLint({"NewApi"})
    public final String f() throws UcsException {
        String str;
        if (u.f17431a == null) {
            w3.e eVar = u.f17431a;
            u.f17431a = new w3.e();
        }
        u uVar = u.f17432b;
        try {
            if (u.f17431a.e("ucs_alias_rootKey")) {
                LogUcs.i("KeyStoreManager", "the alias exists", new Object[0]);
            } else {
                try {
                    u.f17431a.a(new w3.c("ucs_alias_rootKey", 3072, 3));
                    LogUcs.i("KeyStoreManager", "generateKeyPair OK", new Object[0]);
                } catch (a4.c e9) {
                    LogUcs.e("KeyStoreManager", e.a(e9, a7.i.c("generateKeyPair failed, ")), new Object[0]);
                    throw new UcsKeyStoreException(e.a(e9, a7.i.c("generateKeyPair failed , exception ")));
                }
            }
            try {
                Certificate[] c = u.f17431a.c("ucs_alias_rootKey");
                boolean b9 = e.b(c);
                Context context = this.f17405b;
                if (b9) {
                    SpUtil.putInt("ucs_keystore_sp_key_t", 0, context);
                    throw new UcsException(2001L, "android keystore RSA no support software attestation root.");
                }
                String aVar = new com.huawei.location.lite.common.http.a(c).toString();
                List<String> pkgNameCertFP = UcsLib.getPkgNameCertFP(context);
                String str2 = this.f17407e;
                String str3 = this.f17406d;
                String str4 = pkgNameCertFP.get(0);
                String str5 = pkgNameCertFP.get(1);
                try {
                    JSONObject jSONObject = new JSONObject();
                    jSONObject.put("alg", 2);
                    jSONObject.put("kekAlg", 1);
                    jSONObject.put(q3.f12687n, str2);
                    jSONObject.put("appId", str3);
                    jSONObject.put("akskVersion", 1);
                    jSONObject.put("appPkgName", str4);
                    jSONObject.put("appCertFP", str5);
                    str = StringUtil.base64EncodeToString(jSONObject.toString().getBytes(StandardCharsets.UTF_8), 10);
                } catch (UcsException | JSONException e10) {
                    LogUcs.e("CredentialJws", "generate payload exception: {0}", e10.getMessage());
                    str = "";
                }
                if (TextUtils.isEmpty(aVar) || TextUtils.isEmpty(str)) {
                    throw new UcsException(1006L, "Get signStr error");
                }
                String base64EncodeToString = StringUtil.base64EncodeToString(uVar.a("ucs_alias_rootKey", aVar + "." + str), 10);
                if (TextUtils.isEmpty(aVar) || TextUtils.isEmpty(str) || TextUtils.isEmpty(base64EncodeToString)) {
                    throw new UcsException(1006L, "get credential JWS is empty...");
                }
                StringBuilder sb = new StringBuilder();
                if (TextUtils.isEmpty(aVar) || TextUtils.isEmpty(str)) {
                    throw new UcsException(1006L, "Get signStr error");
                }
                sb.append(aVar + "." + str);
                sb.append(".");
                sb.append(base64EncodeToString);
                return sb.toString();
            } catch (a4.c e11) {
                LogUcs.e("KeyStoreManager", e.a(e11, a7.i.c("getCertificateChain failed, ")), new Object[0]);
                throw new UcsKeyStoreException(e.a(e11, a7.i.c("getCertificateChain failed , exception ")));
            }
        } catch (a4.c e12) {
            LogUcs.e("KeyStoreManager", e.a(e12, a7.i.c("containsAlias failed, ")), new Object[0]);
            throw new UcsKeyStoreException(e.a(e12, a7.i.c("containsAlias failed , exception ")));
        }
    }
}
