package kotlin.reflect.jvm.internal;

import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import com.hihonor.cloudservice.framework.netdiag.util.Contants;
import com.hihonor.cloudservice.hutils.PackageUtils;
import com.hihonor.cloudservice.hutils.SecureRandomCreator;
import com.hihonor.hnid.common.constant.HnAccountConstants;
import com.hihonor.hnid.common.util.log.LogX;
import com.hihonor.iap.core.utils.HuksVerifyUtil;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.Date;
import java.util.GregorianCalendar;
import javax.security.auth.x500.X500Principal;

/* compiled from: HuksVerifyUtil.java */
/* loaded from: classes2.dex */
public class cd0 {

    /* renamed from: a, reason: collision with root package name */
    public static final Provider f826a = qc0.c();
    public static long b = 0;
    public static int c = 1;

    public static KeyPair a(String str) {
        try {
            String str2 = HnAccountConstants.HNID_APPID;
            byte[] a2 = et.a(str2 + "|" + PackageUtils.getCertFingerprint(str2).toLowerCase() + "|" + d() + "|" + str);
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
            gregorianCalendar2.add(1, 10);
            Date date = new Date(gregorianCalendar.getTimeInMillis() - Contants.NetDiagBase.DETECT_REST_TIME);
            StringBuilder sb = new StringBuilder();
            sb.append("generateKeyPair -- startDate:");
            sb.append(date);
            LogX.i(HuksVerifyUtil.TAG, sb.toString(), true);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", f826a);
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(e(), 12).setCertificateSubject(new X500Principal("CN=" + e())).setDigests("SHA-256").setCertificateSerialNumber(BigInteger.valueOf(1337L)).setCertificateNotBefore(date).setCertificateNotAfter(gregorianCalendar2.getTime()).setKeyValidityStart(date).setKeyValidityForConsumptionEnd(gregorianCalendar2.getTime()).setAttestationChallenge(a2).setUserAuthenticationRequired(false).build());
            return keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            LogX.e(HuksVerifyUtil.TAG, "Failed to generateKeyPair: " + e.getMessage(), true);
            return null;
        }
    }

    public static Certificate[] b(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("HwKeyStore");
            keyStore.load(null);
            LogX.i(HuksVerifyUtil.TAG, "Load  keystore success!", true);
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (entry == null) {
                LogX.w(HuksVerifyUtil.TAG, "Entry is not exist", true);
                return null;
            }
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                return ((KeyStore.PrivateKeyEntry) entry).getCertificateChain();
            }
            LogX.w(HuksVerifyUtil.TAG, "Not an instance of a PrivateKeyEntry", true);
            return null;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            LogX.e(HuksVerifyUtil.TAG, "Failed to getCertificateChain: " + e.getMessage(), true);
            return null;
        }
    }

    public static String c(String str) {
        if (TextUtils.isEmpty(str)) {
            LogX.e(HuksVerifyUtil.TAG, "getSenderNonceAndCertificates -- challenge is empty", true);
            return null;
        }
        LogX.d(HuksVerifyUtil.TAG, "getSenderNonceAndCertificates -- challenge: " + str, true);
        a(str);
        try {
            Certificate[] b2 = b(e());
            StringBuilder sb = new StringBuilder();
            if (b2 != null) {
                sb = new StringBuilder(Base64.encodeToString(b2[0].getEncoded(), 2));
                for (int i = 1; i < b2.length; i++) {
                    sb.append(";");
                    sb.append(Base64.encodeToString(b2[i].getEncoded(), 2));
                }
            }
            LogX.d(HuksVerifyUtil.TAG, "certificates: " + ((Object) sb), true);
            return sb.toString();
        } catch (CertificateEncodingException e) {
            LogX.e(HuksVerifyUtil.TAG, "Failed to obtainHuksVerifyToken: " + e.getMessage(), true);
            return null;
        }
    }

    public static long d() {
        if (b == 0) {
            b = SecureRandomCreator.getInstance().getSecureRandom().nextLong();
        }
        return b;
    }

    public static String e() {
        return "HnIdSignatureKeyPriv" + c;
    }

    public static void f(int i) {
        c = i;
    }

    public static String g(String str) {
        return h(e(), str);
    }

    public static String h(String str, String str2) {
        try {
            KeyStore keyStore = KeyStore.getInstance("HwKeystore");
            keyStore.load(null);
            Key key = keyStore.getKey(str, null);
            if (key == null) {
                return null;
            }
            Signature signature = Signature.getInstance("SHA256withECDSA", f826a);
            signature.initSign((PrivateKey) key);
            signature.update(jd0.a(str2).getBytes(StandardCharsets.UTF_8));
            return Base64.encodeToString(signature.sign(), 2);
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | SignatureException | UnrecoverableKeyException | CertificateException e) {
            LogX.e(HuksVerifyUtil.TAG, "Failed to sign data: " + e.getMessage(), true);
            return null;
        }
    }
}
