package com.theminesec.minehadescore.Attestation.Components;

import android.content.Context;
import android.icu.util.Calendar;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import com.theminesec.minehadescore.Utils.GenericTools;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Base64;
import java.util.Map;
import org.json.JSONArray;
import org.json.JSONException;
import ulid.BaseEncodingBase64Encoding;
import ulid.getChecksum;

/* loaded from: classes3.dex */
public class DeviceKeyAttestation extends AbstractAttestCollector {
    private static final BaseEncodingBase64Encoding log = getChecksum.setObjects("AMS");

    private Certificate[] KeyAttest(Context context, String str, String str2, String str3) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(str)) {
                keyStore.deleteEntry(str);
            }
            genAttestKey(Build.VERSION.SDK_INT > 28 ? context.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore") : false, str, str2, str3);
            try {
                try {
                    Certificate[] certificateChain = keyStore.getCertificateChain(str);
                    try {
                        keyStore.deleteEntry(str);
                    } catch (KeyStoreException e) {
                        log.error("Key Attestation KeyAttest Exception", (Throwable) e);
                        e.printStackTrace();
                    }
                    return certificateChain;
                } catch (KeyStoreException e2) {
                    log.error("Key Attestation KeyAttest getCertificateChain Exception", (Throwable) e2);
                    throw new RuntimeException("KeyStore Get Certification Chain fails " + e2.getMessage());
                }
            } catch (Throwable th) {
                try {
                    keyStore.deleteEntry(str);
                } catch (KeyStoreException e3) {
                    log.error("Key Attestation KeyAttest Exception", (Throwable) e3);
                    e3.printStackTrace();
                }
                throw th;
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e4) {
            log.error("Key Attestation KeyAttest get KeyStoreInstance Exception", (Throwable) e4);
            throw new RuntimeException("KeyAttestation KeyStore Exception " + e4.getMessage());
        }
    }

    private void genAttestKey(boolean z2, String str, String str2, String str3) {
        synchronized (this) {
            Calendar calendar = Calendar.getInstance();
            calendar.add(12, -60);
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(12, 60);
            try {
                try {
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str3, "AndroidKeyStore");
                    KeyGenParameterSpec.Builder digests = new KeyGenParameterSpec.Builder(str, 4).setKeyValidityStart(calendar.getTime()).setKeyValidityEnd(calendar2.getTime()).setAttestationChallenge(str2.getBytes()).setDigests("NONE", "SHA-256");
                    if ("RSA".equals(str3)) {
                        digests.setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4));
                    } else {
                        if (!"EC".equals(str3)) {
                            log.error("Key Attestation KeyGen Exception algorithm {} not supported", str3);
                            throw new RuntimeException("Key Attestation Key Algorithm Not Supported " + str3);
                        }
                        digests.setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1"));
                    }
                    if (z2 && Build.VERSION.SDK_INT > 28) {
                        digests.setIsStrongBoxBacked(true);
                    }
                    try {
                        keyPairGenerator.initialize(digests.build());
                        try {
                            keyPairGenerator.generateKeyPair();
                        } catch (ProviderException e) {
                            log.error("Key Attestation KeyGen Exception", (Throwable) e);
                            throw new RuntimeException("Key Attestation ProviderException  " + e.getMessage());
                        }
                    } catch (InvalidAlgorithmParameterException e2) {
                        log.error("Key Attestation KeyGen Init Exception", (Throwable) e2);
                        throw new RuntimeException("Key Attestation InvalidAlgorithmParameterException  " + e2.getMessage());
                    }
                } catch (NoSuchAlgorithmException e3) {
                    log.error("Key Attestation KeyGen Exception", (Throwable) e3);
                    throw new RuntimeException("Key Attestation NoSuchAlgorithmException");
                }
            } catch (NoSuchProviderException e4) {
                log.error("Key Attestation KeyGen Exception", (Throwable) e4);
                throw new RuntimeException("Key Attestation NoSuchProviderException");
            }
        }
    }

    @Override // com.theminesec.minehadescore.Attestation.Components.AttestCollector
    public void collect(Context context, Map<String, Object> map) {
        map.put("KeyAttestation", genKeyAttestCertificateArray(context, GenericTools.sha256String((String) map.get("TimeStamp"))));
    }

    public String[] doKeyAttest(Context context, String str) {
        Certificate[] KeyAttest;
        byte[] bArr = new byte[8];
        new SecureRandom().nextBytes(bArr);
        String encodeToString = Base64.getEncoder().encodeToString(bArr);
        try {
            KeyAttest = KeyAttest(context, encodeToString, str, "EC");
        } catch (Exception unused) {
            KeyAttest = KeyAttest(context, encodeToString, str, "RSA");
        }
        String[] strArr = new String[KeyAttest.length];
        for (int i = 0; i < KeyAttest.length; i++) {
            try {
                strArr[i] = GenericTools.convertCertToPem((X509Certificate) KeyAttest[i]);
            } catch (IOException e) {
                log.error("Key Attestation Error certificate convert", (Throwable) e);
                strArr[i] = "IOException";
            } catch (CertificateEncodingException e2) {
                log.error("Key Attestation Error certificate convert", (Throwable) e2);
                strArr[i] = "CertificateEncodingException";
            }
        }
        return strArr;
    }

    public JSONArray genKeyAttestCertificateArray(Context context, String str) {
        JSONArray jSONArray = new JSONArray();
        try {
            String[] doKeyAttest = doKeyAttest(context, str);
            for (int i = 0; i < doKeyAttest.length; i++) {
                jSONArray.put(i, doKeyAttest[i]);
            }
        } catch (Exception e) {
            log.error("Key Attestation genKeyAttestCertificateArray Exception", (Throwable) e);
        }
        if (jSONArray.length() == 0) {
            try {
                jSONArray.put(0, "Key Attestation Certificate Array size = 0");
            } catch (JSONException unused) {
            }
        }
        return jSONArray;
    }
}
