package com.gmrz.appsdk.util;

import android.annotation.TargetApi;
import android.content.Context;
import android.hardware.fingerprint.FingerprintManager;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.UserNotAuthenticatedException;
import android.text.TextUtils;
import android.util.Log;
import com.fsck.k9.view.CustomSearchView;
import com.gmrz.appsdk.assestation.KeyASecurityType;
import com.gmrz.appsdk.assestation.a;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.Calendar;
import java.util.UUID;
import javax.security.auth.x500.X500Principal;
import kotlin.jvm.internal.ByteCompanionObject;

/* loaded from: classes2.dex */
public class FpUtil {
    public static final String KEY_DESCRIPTION_OID = "1.3.6.1.4.1.11129.2.1.17";
    private static final String TAG = "FpUtil";
    public static byte TAG_ASN1_ENUM = 10;
    public static byte TAG_ASN1_INT = 2;
    public static byte TAG_ASN1_OCTETSTRING = 4;
    public static byte TAG_ASN1_SEQUENCE = 48;
    private static final String aTag = "FpUtil";

    private static int byteArrayToInt(byte[] bArr) {
        int length = bArr.length;
        int i = 0;
        for (int i2 = 0; i2 < length; i2++) {
            i |= (bArr[i2] & CustomSearchView.KEYBOARD_STATE_INIT) << (((length - 1) - i2) * 8);
        }
        return i;
    }

    @TargetApi(23)
    public static boolean checkSupport(Context context) {
        UUID randomUUID = UUID.randomUUID();
        String uuid = randomUUID.toString();
        Logger.d(TAG, "ECDSA Key generation Begin");
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 20);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(uuid, 4).setDigests("SHA-256").setAlgorithmParameterSpec(new ECGenParameterSpec("prime256v1")).setCertificateSubject(new X500Principal(String.format("CN=%s, OU=%s", randomUUID, context.getPackageName()))).setCertificateSerialNumber(BigInteger.ONE).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).build());
            keyPairGenerator.generateKeyPair();
            Logger.d(TAG, "Algorithm used to generate: " + keyPairGenerator.getAlgorithm());
            Logger.d(TAG, "ECDSA Key generation complete");
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(uuid, null);
            if (entry != null) {
                Signature.getInstance("SHA256withECDSA").initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
                return true;
            }
            Logger.e(TAG, "Failed to get key entry for uuid " + uuid);
            return false;
        } catch (UserNotAuthenticatedException unused) {
            Logger.e(TAG, "ECDSA Key generation failed,UserNotAuthenticatedException ");
            return false;
        } catch (Error unused2) {
            Logger.e(TAG, "ECDSA Key generation failed. ");
            return false;
        } catch (Exception unused3) {
            Logger.e(TAG, "ECDSA Key generation failed. ");
            return false;
        }
    }

    @TargetApi(24)
    public static boolean checkSupport(Context context, String str) {
        try {
            if (context == null) {
                Logger.d(aTag, "context is null");
                return false;
            }
            if (!((FingerprintManager) context.getSystemService("fingerprint")).isHardwareDetected()) {
                Logger.d(aTag, "The mobile not support HardwareDetected");
                return false;
            }
            Logger.d(aTag, "ECDSA Key generation Begin");
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 20);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            KeyGenParameterSpec.Builder certificateNotAfter = new KeyGenParameterSpec.Builder(str, 4).setDigests("SHA-256").setAlgorithmParameterSpec(new ECGenParameterSpec("prime256v1")).setCertificateSubject(new X500Principal(String.format("CN=%s, OU=%s", str, context.getPackageName()))).setCertificateSerialNumber(BigInteger.ONE).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime());
            if (Build.VERSION.SDK_INT > 23) {
                certificateNotAfter.setAttestationChallenge(genChallenge());
            }
            if (TextUtils.equals("MI 5s", Build.MODEL)) {
                return false;
            }
            keyPairGenerator.initialize(certificateNotAfter.build());
            keyPairGenerator.generateKeyPair();
            Logger.d(aTag, "ECDSA Key generation complete");
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (entry != null) {
                Signature.getInstance("SHA256withECDSA").initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
                return true;
            }
            Logger.e(aTag, "Failed to get key entry for uuid " + str);
            return false;
        } catch (Exception e) {
            Logger.e(aTag, "ECDSA Key generation failed." + e.getMessage());
            return false;
        }
    }

    private static byte[] genChallenge() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private static int getASN1Length(ByteBuffer byteBuffer) {
        Log.d(aTag, "getASN1Length");
        byte b = byteBuffer.get();
        if ((b & ByteCompanionObject.MIN_VALUE) == 0) {
            return b;
        }
        int i = b & ByteCompanionObject.MAX_VALUE;
        if (i > 4) {
            return -1;
        }
        byte[] bArr = new byte[i];
        byteBuffer.get(bArr);
        return byteArrayToInt(bArr);
    }

    public static KeyASecurityType getASecurityLevel(String str) {
        try {
            a verifyAttestionExtension = verifyAttestionExtension(((X509Certificate) getCertificatesFromChain(str)[0]).getExtensionValue("1.3.6.1.4.1.11129.2.1.17"));
            if (verifyAttestionExtension == null) {
                Logger.e(aTag, "keyDescription is null");
                return KeyASecurityType.NOATTESTATION;
            }
            Logger.e(aTag, verifyAttestionExtension.a() + "");
            return verifyAttestionExtension.a();
        } catch (Exception e) {
            Logger.e(aTag, "getASecurityLevel: " + e.getMessage());
            return KeyASecurityType.NOATTESTATION;
        }
    }

    private static Certificate[] getCertificatesFromChain(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore.getCertificateChain(str);
        } catch (Exception e) {
            Logger.e(aTag, "getCertificatesFromChain: " + e.getMessage());
            return null;
        }
    }

    public static Object getReflectionValue(String str, String str2) {
        try {
            Class<?> cls = Class.forName(str);
            Constructor<?> constructor = cls.getConstructor(new Class[0]);
            Field declaredField = cls.getDeclaredField(str2);
            declaredField.setAccessible(true);
            return declaredField.get(constructor.newInstance(new Object[0]));
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
            return false;
        } catch (NoSuchFieldException e2) {
            e2.printStackTrace();
            return false;
        } catch (Exception e3) {
            e3.printStackTrace();
            return false;
        }
    }

    private static a verifyAttestionExtension(byte[] bArr) {
        a aVar = new a();
        if (bArr != null) {
            try {
                if (bArr.length != 0) {
                    ByteBuffer wrap = ByteBuffer.wrap(bArr);
                    wrap.order(ByteOrder.LITTLE_ENDIAN);
                    byte b = wrap.get();
                    int aSN1Length = getASN1Length(wrap);
                    if (b == TAG_ASN1_OCTETSTRING && wrap.hasRemaining() && wrap.remaining() == aSN1Length) {
                        byte b2 = wrap.get();
                        getASN1Length(wrap);
                        if (b2 == TAG_ASN1_SEQUENCE && wrap.hasRemaining()) {
                            byte b3 = wrap.get();
                            byte[] bArr2 = new byte[getASN1Length(wrap)];
                            wrap.get(bArr2);
                            if (b3 != TAG_ASN1_INT) {
                                Log.e(aTag, "is not attestion extension by attestation version");
                                return null;
                            }
                            aVar.a(bArr2[0] & CustomSearchView.KEYBOARD_STATE_INIT);
                            byte b4 = wrap.get();
                            byte[] bArr3 = new byte[getASN1Length(wrap)];
                            wrap.get(bArr3);
                            if (b4 != TAG_ASN1_ENUM) {
                                Log.e(aTag, "is not attestion extension by tmp1");
                                return null;
                            }
                            aVar.b(bArr3[0] & CustomSearchView.KEYBOARD_STATE_INIT);
                            byte b5 = wrap.get();
                            int aSN1Length2 = getASN1Length(wrap);
                            if (aSN1Length2 != 0) {
                                byte[] bArr4 = new byte[aSN1Length2];
                                wrap.get(bArr4);
                                if (b5 != TAG_ASN1_INT) {
                                    Log.e(aTag, "is not attestion extension by tmp2");
                                    return null;
                                }
                                aVar.c(bArr4[0] & CustomSearchView.KEYBOARD_STATE_INIT);
                            }
                            byte b6 = wrap.get();
                            byte[] bArr5 = new byte[getASN1Length(wrap)];
                            wrap.get(bArr5);
                            if (b6 != TAG_ASN1_ENUM) {
                                Log.e(aTag, "is not attestion extension by keymaster security");
                                return null;
                            }
                            aVar.d(bArr5[0] & CustomSearchView.KEYBOARD_STATE_INIT);
                            byte b7 = wrap.get();
                            int aSN1Length3 = getASN1Length(wrap);
                            if (aSN1Length3 != 0) {
                                byte[] bArr6 = new byte[aSN1Length3];
                                wrap.get(bArr6);
                                if (b7 != TAG_ASN1_OCTETSTRING) {
                                    Log.e(aTag, "is not attestion extension by challenge");
                                    return null;
                                }
                                aVar.a(bArr6);
                            }
                            byte b8 = wrap.get();
                            int aSN1Length4 = getASN1Length(wrap);
                            if (aSN1Length4 != 0) {
                                wrap.get(new byte[aSN1Length4]);
                                if (b8 != TAG_ASN1_OCTETSTRING) {
                                    Log.e(aTag, "is not attestion extension by tmp2");
                                    return null;
                                }
                            }
                            byte b9 = wrap.get();
                            int aSN1Length5 = getASN1Length(wrap);
                            if (aSN1Length5 != 0) {
                                wrap.get(new byte[aSN1Length5]);
                                if (b9 != TAG_ASN1_SEQUENCE) {
                                    Log.e(aTag, "is not attestion extension by sw");
                                    return null;
                                }
                            }
                            byte b10 = wrap.get();
                            int aSN1Length6 = getASN1Length(wrap);
                            if (aSN1Length6 != 0) {
                                wrap.get(new byte[aSN1Length6]);
                                if (b10 != TAG_ASN1_SEQUENCE) {
                                    Log.e(aTag, "is not attestion extension by tee");
                                    return null;
                                }
                            }
                            return aVar;
                        }
                        Log.e(aTag, "is not attestation extension by root sequence");
                        return null;
                    }
                    Log.e(aTag, "is not attestation extension by root , maybe not der");
                    return null;
                }
            } catch (Exception e) {
                Log.e(aTag, "verifyAttestionExtension:" + e.getMessage());
                return null;
            }
        }
        return null;
    }
}
