package com.gmrz.asm.fp.authenticator;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Base64;
import com.gmrz.appsdk.util.Constant;
import com.noknok.android.client.utils.Logger;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.util.Arrays;
import java.util.Calendar;
import java.util.UUID;
import javax.security.auth.x500.X500Principal;
import org.json.JSONArray;
import org.json.JSONException;

/* loaded from: classes.dex */
public class FpCryptoStoreUtils {
    private static final String CIPHER_ALG = "AESPKCS7Padding";
    private static final String CRYPTO_KEY_ALIAS = "CalKsCryptoKey";
    public static final short EC_KEY_SIZE = 32;
    public static final String TAG = "FpCryptoStoreUtils";

    public static String bytesToHexString(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            String hexString = Integer.toHexString(b & 255);
            if (hexString.length() == 1) {
                sb.append(Constant.USER_CHECK_STATUS_NOT_ACTIVE);
            }
            sb.append(hexString);
        }
        return sb.toString();
    }

    public static boolean checkSupport(Context context) {
        String uuid = UUID.randomUUID().toString();
        generateKsEcdsaKeyPair(uuid, context);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(uuid, null);
            if (entry != null) {
                Signature.getInstance("SHA256withECDSA").initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
                return true;
            }
            Logger.e(TAG, "Failed to get key entry for uuid " + uuid);
            return false;
        } catch (UserNotAuthenticatedException unused) {
            return false;
        } catch (Exception unused2) {
            return true;
        }
    }

    public static String exportKeyAttestation(String str) {
        StringBuilder sb = new StringBuilder();
        if (Build.VERSION.SDK_INT < 24) {
            sb.append("p");
            return sb.toString();
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Certificate[] certificateChain = keyStore.getCertificateChain(str);
            String[] strArr = new String[certificateChain.length];
            int i = 0;
            for (Certificate certificate : certificateChain) {
                strArr[i] = new String(Base64.encode(certificate.getEncoded(), 0));
                i++;
            }
            sb.append(new JSONArray(strArr).toString());
            return sb.toString();
        } catch (IOException e) {
            e.printStackTrace();
            sb.append("a");
            return sb.toString();
        } catch (KeyStoreException e2) {
            e2.printStackTrace();
            sb.append("a");
            return sb.toString();
        } catch (NoSuchAlgorithmException e3) {
            e3.printStackTrace();
            sb.append("a");
            return sb.toString();
        } catch (CertificateException e4) {
            e4.printStackTrace();
            sb.append("a");
            return sb.toString();
        } catch (JSONException e5) {
            e5.printStackTrace();
            sb.append("a");
            return sb.toString();
        }
    }

    @TargetApi(23)
    public static boolean generateKsEcdsaKeyPair(String str, Context context) {
        Logger.d(TAG, "ECDSA Key generation Begin");
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 20);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 4).setDigests("SHA-256").setAlgorithmParameterSpec(new ECGenParameterSpec("prime256v1")).setCertificateSubject(new X500Principal(String.format("CN=%s, OU=%s", str, context.getPackageName()))).setCertificateSerialNumber(BigInteger.ONE).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).setUserAuthenticationRequired(true).build());
            keyPairGenerator.generateKeyPair();
            Logger.d(TAG, "Algorithm used to generate: " + keyPairGenerator.getAlgorithm());
            Logger.d(TAG, "ECDSA Key generation complete");
            return true;
        } catch (Exception e) {
            Logger.e(TAG, "ECDSA Key generation failed , reason:" + e.getMessage());
            return false;
        }
    }

    @TargetApi(24)
    public static boolean generateKsEcdsaKeyPair(String str, byte[] bArr, Context context) {
        Logger.d(TAG, "ECDSA Key generation Begin");
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 20);
        try {
            Logger.d(TAG, "ECDSA Key generation Begin  fc" + Base64.encodeToString(bArr, 2));
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 4).setDigests("SHA-256").setAlgorithmParameterSpec(new ECGenParameterSpec("prime256v1")).setCertificateSubject(new X500Principal(String.format("CN=%s, OU=%s", str, context.getPackageName()))).setCertificateSerialNumber(BigInteger.ONE).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).setUserAuthenticationRequired(true).setAttestationChallenge(bArr).build());
            keyPairGenerator.generateKeyPair();
            Logger.d(TAG, "Algorithm used to generate: " + keyPairGenerator.getAlgorithm());
            Logger.d(TAG, "ECDSA Key generation complete");
            return true;
        } catch (ProviderException e) {
            Logger.e(TAG, "ECDSA Key generation failed , reason:" + e.getMessage());
            Logger.e(TAG, "try build without fc");
            return generateKsEcdsaKeyPair(str, context);
        } catch (Exception e2) {
            Logger.e(TAG, "ECDSA Key generation failed , reason:" + e2.getMessage());
            return false;
        }
    }

    public static byte[] getFpsKsEcdsaPublicKey(String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        KeyStore.Entry entry = keyStore.getEntry(str, null);
        if (entry == null) {
            throw new Exception("Unable to get the signing key by name " + str);
        }
        ECPublicKey eCPublicKey = (ECPublicKey) ((KeyStore.PrivateKeyEntry) entry).getCertificate().getPublicKey();
        byte[] byteArray = eCPublicKey.getW().getAffineX().toByteArray();
        byte[] byteArray2 = eCPublicKey.getW().getAffineY().toByteArray();
        if (byteArray.length > 33) {
            Logger.e(TAG, "Export EC public key failed: Incorrect length of x");
            throw new Exception("Export EC public key failed: Incorrect length of x");
        }
        if (byteArray2.length > 33) {
            Logger.e(TAG, "Export EC public key failed: Incorrect length of y");
            throw new Exception("Export EC public key failed: Incorrect length of y");
        }
        ByteBuffer allocate = ByteBuffer.allocate(68);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        allocate.putShort((short) 32);
        allocate.put(getRawData(byteArray));
        allocate.putShort((short) 32);
        allocate.put(getRawData(byteArray2));
        return allocate.array();
    }

    protected static byte[] getRawData(byte[] bArr) {
        byte[] bArr2 = new byte[32];
        Arrays.fill(bArr2, (byte) 0);
        if (bArr.length > 32) {
            System.arraycopy(bArr, 1, bArr2, 0, bArr2.length);
        } else {
            System.arraycopy(bArr, 0, bArr2, bArr2.length - bArr.length, bArr.length);
        }
        return bArr2;
    }

    public static Signature initKsEcdsaSignature(String str) {
        Signature signature = null;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (entry == null) {
                Logger.e(TAG, "Failed to get key entry for uuid " + str);
                return null;
            }
            Signature signature2 = Signature.getInstance("SHA256withECDSA");
            try {
                signature2.initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
                return signature2;
            } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
                signature = signature2;
                e = e;
                Logger.e(TAG, "init ECDSA Signature failed , reason:" + e.getMessage());
                return signature;
            }
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e2) {
            e = e2;
        }
    }

    public static byte[] packageKsEcdsaSignedData(byte[] bArr) throws Exception {
        Logger.i(TAG, "packageKsEcdsaSignedData");
        byte b = bArr[3];
        if (b > 33) {
            throw new Exception("Invalid ECDSA signature: incorrect length of r");
        }
        int i = b + 4;
        byte[] rawData = getRawData(Arrays.copyOfRange(bArr, 4, i));
        byte b2 = bArr[i + 1];
        if (b > 33) {
            throw new Exception("Invalid ECDSA signature: incorrect length of s");
        }
        int i2 = i + 2;
        byte[] rawData2 = getRawData(Arrays.copyOfRange(bArr, i2, b2 + i2));
        byte[] bArr2 = new byte[rawData.length + rawData2.length];
        System.arraycopy(rawData, 0, bArr2, 0, rawData.length);
        System.arraycopy(rawData2, 0, bArr2, rawData.length, rawData2.length);
        String bytesToHexString = bytesToHexString(bArr2);
        Logger.d(TAG, "Data Signing complete , len = " + bArr2.length + "   Signature: " + bytesToHexString);
        return bArr2;
    }

    public static void removeKey(String str) {
        Logger.i(TAG, "removeKey");
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry(str);
            Logger.i(TAG, "Successfully removed the key from KeyStore");
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            Logger.e(TAG, "Failed to remove the key from KeyStore", e);
        }
    }

    public static byte[] signDataUsingUnAuthenticatedKsEcdsaKey(String str, byte[] bArr) {
        Logger.i(TAG, "signDataWithECDSA");
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Signature signature = Signature.getInstance("SHA256withECDSA");
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null);
            if (privateKeyEntry == null) {
                Logger.e(TAG, "Unable to get the signing key by name " + str);
                return null;
            }
            signature.initSign(privateKeyEntry.getPrivateKey());
            signature.update(bArr);
            byte[] sign = signature.sign();
            byte b = sign[3];
            if (b > 33) {
                Logger.e(TAG, "Invalid ECDSA signature: incorrect length of r");
                return null;
            }
            int i = b + 4;
            byte[] rawData = getRawData(Arrays.copyOfRange(sign, 4, i));
            byte b2 = sign[i + 1];
            if (b > 33) {
                Logger.e(TAG, "Invalid ECDSA signature: incorrect length of s");
                return null;
            }
            int i2 = i + 2;
            byte[] rawData2 = getRawData(Arrays.copyOfRange(sign, i2, b2 + i2));
            byte[] bArr2 = new byte[rawData.length + rawData2.length];
            System.arraycopy(rawData, 0, bArr2, 0, rawData.length);
            System.arraycopy(rawData2, 0, bArr2, rawData.length, rawData2.length);
            String bytesToHexString = bytesToHexString(bArr2);
            Logger.d(TAG, "Data Signing complete , len = " + bArr2.length + "   Signature: " + bytesToHexString);
            return bArr2;
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | SignatureException | UnrecoverableEntryException | CertificateException e) {
            Logger.e(TAG, "Failed to sign Data with ECDSA", e);
            return null;
        }
    }
}
