package com.samsung.android.iap.security.sakattestation;

import android.os.Build;
import android.os.SystemProperties;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import android.util.Log;
import androidx.annotation.RequiresApi;
import com.samsung.android.iap.util.LogUtil;
import com.samsung.android.security.keystore.AttestationUtils;
import com.samsung.android.security.keystore.DeviceIdAttestationException;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.ProviderException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Iterator;
import org.json.JSONArray;
import org.json.JSONObject;

/* compiled from: ProGuard */
/* loaded from: classes3.dex */
public class Attestation {

    /* renamed from: a, reason: collision with root package name */
    static final String f3013a = "Attestation";

    @RequiresApi(23)
    private static ArrayList<String> a(String str) {
        ArrayList<String> arrayList = new ArrayList<>();
        LogUtil.i(f3013a, "start getSAKAttestationCerts");
        if (str != null && str.length() == 0) {
            return null;
        }
        if (checkSupportSAK()) {
            LogUtil.i(f3013a, "Support SAK, Build.VERSION.SDK_INT : " + Build.VERSION.SDK_INT);
            if (Build.VERSION.SDK_INT < 28) {
                LogUtil.e(f3013a, "Not support Build.VERSION : " + Build.VERSION.SDK_INT);
            } else if (generateKeyPair("IAPsaktest", 1)) {
                try {
                    LogUtil.i(f3013a, "success generateKeyPair");
                    Iterable<byte[]> attestKey = attestKey("IAPsaktest", str, true);
                    if (attestKey != null) {
                        Iterator<byte[]> it = attestKey.iterator();
                        if (it != null) {
                            while (it.hasNext()) {
                                byte[] next = it.next();
                                if (next != null) {
                                    arrayList.add(new String(Base64.encode(next, 0)));
                                }
                            }
                        } else {
                            LogUtil.e(f3013a, "certificateChain.iterator is null");
                        }
                    } else {
                        LogUtil.e(f3013a, "certificateChain is null");
                    }
                    return arrayList;
                } catch (Exception e) {
                    LogUtil.e(f3013a, e);
                }
            } else {
                LogUtil.e(f3013a, "failure generateKeyPair");
            }
        } else {
            LogUtil.e(f3013a, "Not support SAK");
        }
        LogUtil.i(f3013a, "finish getSAKAttestationCerts");
        return null;
    }

    protected static Iterable<byte[]> attestKey(String str, String str2, boolean z) {
        try {
            KeyStore.getInstance("AndroidKeyStore").load(null);
            AttestationUtils attestationUtils = new AttestationUtils();
            Iterable<byte[]> attestDevice = z ? attestationUtils.attestDevice(str, str2.getBytes()) : attestationUtils.attestKey(str, str2.getBytes());
            attestationUtils.storeCertificateChain(str, attestDevice);
            return attestDevice;
        } catch (IOException | NoSuchAlgorithmException | ProviderException | CertificateException | DeviceIdAttestationException | KeyStoreException e) {
            Log.e(f3013a, "retriveCertificateChain", e);
            return null;
        }
    }

    protected static boolean checkSupportSAK() {
        return SystemProperties.get("ro.security.keystore.keytype").contains("sak");
    }

    @RequiresApi(23)
    protected static boolean generateKeyPair(String str, int i) {
        KeyPairGenerator keyPairGenerator;
        KeyGenParameterSpec build;
        try {
            if (i == 0) {
                keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                build = new KeyGenParameterSpec.Builder(str, 12).setDigests("SHA-256").setSignaturePaddings("PSS").setKeySize(2048).build();
            } else {
                keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
                build = new KeyGenParameterSpec.Builder(str, 12).setDigests("SHA-256").setKeySize(256).build();
            }
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            Log.e(f3013a, "retriveCertificateChain", e);
        }
        return true;
    }

    @RequiresApi(23)
    public static String getSAKCertificates(String str) {
        ArrayList<String> a2 = a(str);
        if (a2 != null && a2.size() > 2) {
            try {
                JSONArray jSONArray = new JSONArray();
                for (int i = 0; i < a2.size(); i++) {
                    jSONArray.put(a2.get(i));
                }
                JSONObject jSONObject = new JSONObject();
                jSONObject.put("certList", jSONArray);
                return jSONObject.toString();
            } catch (Exception unused) {
            }
        }
        return null;
    }
}
