package com.gmrz.appsdk.util;

import android.annotation.SuppressLint;
import android.annotation.TargetApi;
import android.content.Context;
import android.hardware.fingerprint.FingerprintManager;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.UserNotAuthenticatedException;
import android.text.TextUtils;
import android.util.Log;
import com.facebook.imagepipeline.producers.ProducerContext;
import com.gmrz.appsdk.attestation.KeyASecurityType;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.UUID;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;

/* compiled from: FpUtil.java */
/* loaded from: classes2.dex */
public class l {

    /* renamed from: a, reason: collision with root package name */
    private static final String f9352a = "FpUtil";

    /* renamed from: b, reason: collision with root package name */
    public static byte f9353b = 2;

    /* renamed from: c, reason: collision with root package name */
    public static byte f9354c = 48;

    /* renamed from: d, reason: collision with root package name */
    public static byte f9355d = 4;

    /* renamed from: e, reason: collision with root package name */
    public static byte f9356e = 5;

    /* renamed from: f, reason: collision with root package name */
    public static byte f9357f = 10;

    /* renamed from: g, reason: collision with root package name */
    public static byte f9358g = 49;
    public static int h = 1;
    public static int i = 2;
    public static int j = 3;
    public static int k = 5;
    public static int l = 10;
    public static int m = 503;
    public static int n = 504;
    public static int o = 505;
    public static int p = 600;
    public static int q = 702;
    public static final String r = "1.3.6.1.4.1.11129.2.1.17";

    public static String a(byte b2) {
        return b(new byte[]{b2});
    }

    public static String b(byte[] bArr) {
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (byte b2 : bArr) {
            sb.append("0123456789ABCDEF".charAt((b2 & 240) >> 4));
            sb.append("0123456789ABCDEF".charAt(b2 & 15));
        }
        return sb.toString();
    }

    private static int c(byte[] bArr) {
        int length = bArr.length;
        int i2 = 0;
        for (int i3 = 0; i3 < length; i3++) {
            i2 |= (bArr[i3] & 255) << (((length - 1) - i3) * 8);
        }
        return i2;
    }

    @SuppressLint({"NewApi"})
    @TargetApi(23)
    public static boolean d(Context context) {
        UUID randomUUID = UUID.randomUUID();
        String uuid = randomUUID.toString();
        n.a(f9352a, "ECDSA Key generation Begin");
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 20);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(uuid, 4).setDigests(MessageDigestAlgorithms.SHA_256).setAlgorithmParameterSpec(new ECGenParameterSpec("prime256v1")).setCertificateSubject(new X500Principal(String.format("CN=%s, OU=%s", randomUUID, context.getPackageName()))).setCertificateSerialNumber(BigInteger.ONE).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).build());
            keyPairGenerator.generateKeyPair();
            n.a(f9352a, "Algorithm used to generate: " + keyPairGenerator.getAlgorithm());
            n.a(f9352a, "ECDSA Key generation complete");
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Key key = keyStore.getKey(uuid, null);
            if (key != null) {
                Signature.getInstance("SHA256withECDSA").initSign((PrivateKey) key);
                return true;
            }
            n.b(f9352a, "Failed to get key entry for uuid " + uuid);
            return false;
        } catch (UserNotAuthenticatedException unused) {
            n.b(f9352a, "ECDSA Key generation failed,UserNotAuthenticatedException ");
            return false;
        } catch (Error unused2) {
            n.b(f9352a, "ECDSA Key generation failed. ");
            return false;
        } catch (Exception unused3) {
            n.b(f9352a, "ECDSA Key generation failed. ");
            return false;
        }
    }

    public static boolean e(Context context, String str) {
        try {
            if (Build.VERSION.SDK_INT < 23) {
                n.a(f9352a, "can not perform below Android M");
                return false;
            }
            if (context == null) {
                n.a(f9352a, "context is null");
                return false;
            }
            try {
                Class.forName("android.hardware.fingerprint.FingerprintManager");
                if (!((FingerprintManager) context.getSystemService("fingerprint")).isHardwareDetected()) {
                    n.a(f9352a, "The mobile not support HardwareDetected");
                    return false;
                }
                n.a(f9352a, "ECDSA Key generation Begin");
                Calendar calendar = Calendar.getInstance();
                Calendar calendar2 = Calendar.getInstance();
                calendar2.add(1, 20);
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
                KeyGenParameterSpec.Builder certificateNotAfter = new KeyGenParameterSpec.Builder(str, 4).setDigests(MessageDigestAlgorithms.SHA_256).setAlgorithmParameterSpec(new ECGenParameterSpec("prime256v1")).setCertificateSubject(new X500Principal(String.format("CN=%s, OU=%s", str, context.getPackageName()))).setCertificateSerialNumber(BigInteger.ONE).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime());
                if (Build.VERSION.SDK_INT > 23) {
                    certificateNotAfter.setAttestationChallenge(f());
                }
                if (TextUtils.equals("MI 5s", Build.MODEL)) {
                    return false;
                }
                keyPairGenerator.initialize(certificateNotAfter.build());
                keyPairGenerator.generateKeyPair();
                n.a(f9352a, "ECDSA Key generation complete");
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                Key key = keyStore.getKey(str, null);
                if (key != null) {
                    Signature.getInstance("SHA256withECDSA").initSign((PrivateKey) key);
                    return true;
                }
                n.b(f9352a, "Failed to get key entry for uuid " + str);
                return false;
            } catch (Exception e2) {
                e2.printStackTrace();
                return false;
            }
        } catch (Exception e3) {
            n.b(f9352a, "ECDSA Key generation failed." + e3.getMessage());
            return false;
        }
    }

    private static byte[] f() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private static int g(ByteBuffer byteBuffer) {
        byte b2 = byteBuffer.get();
        if ((b2 & 128) == 0) {
            return b2;
        }
        int i2 = b2 & kotlin.jvm.internal.n.f28301b;
        if (i2 > 4) {
            return -1;
        }
        byte[] bArr = new byte[i2];
        byteBuffer.get(bArr);
        return c(bArr);
    }

    private static int h(ByteBuffer byteBuffer) {
        return byteBuffer.get();
    }

    public static KeyASecurityType i(String str) {
        try {
            com.gmrz.appsdk.attestation.b l2 = l(str);
            if (l2 == null) {
                n.b(f9352a, "keyDescription is null");
                return KeyASecurityType.NOATTESTATION;
            }
            n.b(f9352a, "KeyASecurityType: " + l2.a());
            return l2.a();
        } catch (Exception e2) {
            n.b(f9352a, "getASecurityLevel: " + e2.getMessage());
            return KeyASecurityType.NOATTESTATION;
        }
    }

    private static int j(ByteBuffer byteBuffer) {
        byte b2;
        byte b3 = byteBuffer.get();
        Log.d(f9352a, "getAbsoulteASN1Tag:" + a(b3));
        int i2 = b3 & com.bailingcloud.bailingvideo.engine.binstack.bintransaction.binmessage.i.A;
        if ((i2 ^ 31) != 0) {
            Log.d(f9352a, "getAbsoulteASN1Tag low");
            return i2;
        }
        Log.d(f9352a, "getAbsoulteASN1Tag high");
        ArrayList arrayList = new ArrayList();
        do {
            b2 = byteBuffer.get();
            arrayList.add(Byte.valueOf(b2));
        } while ((b2 & 128) != 0);
        int size = arrayList.size();
        int i3 = 0;
        for (int i4 = 0; i4 < size; i4++) {
            i3 |= (((Byte) arrayList.get(i4)).byteValue() & kotlin.jvm.internal.n.f28301b) << (((size - 1) - i4) * 7);
        }
        return i3;
    }

    private static Certificate[] k(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore.getCertificateChain(str);
        } catch (Exception e2) {
            n.b(f9352a, "getCertificatesFromChain: " + e2.getMessage());
            return null;
        }
    }

    private static com.gmrz.appsdk.attestation.b l(String str) {
        try {
            byte[] extensionValue = ((X509Certificate) k(str)[0]).getExtensionValue(r);
            Log.d(f9352a, "extensionValue:" + b(extensionValue));
            return o(extensionValue);
        } catch (Exception e2) {
            n.b(f9352a, "getKeyDescription: " + e2.getMessage());
            return null;
        }
    }

    public static Object m(String str, String str2) {
        try {
            Class<?> cls = Class.forName(str);
            Constructor<?> constructor = cls.getConstructor(new Class[0]);
            Field declaredField = cls.getDeclaredField(str2);
            declaredField.setAccessible(true);
            return declaredField.get(constructor.newInstance(new Object[0]));
        } catch (ClassNotFoundException e2) {
            e2.printStackTrace();
            return Boolean.FALSE;
        } catch (NoSuchFieldException e3) {
            e3.printStackTrace();
            return Boolean.FALSE;
        } catch (Exception e4) {
            e4.printStackTrace();
            return Boolean.FALSE;
        }
    }

    private static com.gmrz.appsdk.attestation.a n(byte[] bArr) {
        Log.d(f9352a, "parseAuthorizationList:" + b(bArr));
        com.gmrz.appsdk.attestation.a aVar = new com.gmrz.appsdk.attestation.a();
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        while (wrap.hasRemaining()) {
            int j2 = j(wrap);
            int g2 = g(wrap);
            if (g2 != 0) {
                byte[] bArr2 = new byte[g2];
                wrap.get(bArr2);
                ByteBuffer wrap2 = ByteBuffer.wrap(bArr2);
                if (j2 == h) {
                    Log.d(f9352a, "purpose:" + b(bArr2));
                    int h2 = h(wrap2);
                    g(wrap2);
                    if (h2 != f9358g) {
                        n.b(f9352a, "is not attestion extension by purpose set");
                    } else {
                        ArrayList arrayList = new ArrayList();
                        while (wrap2.hasRemaining()) {
                            int h3 = h(wrap2);
                            byte[] bArr3 = new byte[g(wrap2)];
                            wrap2.get(bArr3);
                            if (h3 != f9353b) {
                                n.b(f9352a, "is not attestion extension by purpose int");
                            } else {
                                arrayList.add(Integer.valueOf(bArr3[0] & 255));
                            }
                        }
                        int[] iArr = new int[arrayList.size()];
                        for (int i2 = 0; i2 < arrayList.size(); i2++) {
                            iArr[i2] = ((Integer) arrayList.get(i2)).intValue();
                        }
                        aVar.h(iArr);
                    }
                }
                if (j2 == i) {
                    Log.d(f9352a, "algorithm");
                    int h4 = h(wrap2);
                    byte[] bArr4 = new byte[g(wrap2)];
                    wrap2.get(bArr4);
                    if (h4 != f9353b) {
                        n.b(f9352a, "is not attestion extension by algorithm");
                    } else {
                        aVar.b(bArr4[0] & 255);
                    }
                }
                if (j2 == j) {
                    Log.d(f9352a, "keysize");
                    int h5 = h(wrap2);
                    byte[] bArr5 = new byte[g(wrap2)];
                    wrap2.get(bArr5);
                    if (h5 != f9353b) {
                        n.b(f9352a, "is not attestion extension by keysize");
                    } else {
                        aVar.k(c(bArr5));
                    }
                }
                if (j2 == k) {
                    Log.d(f9352a, "digest");
                    int h6 = h(wrap2);
                    g(wrap2);
                    if (h6 != f9358g) {
                        n.b(f9352a, "is not attestion extension by digest set");
                    } else {
                        ArrayList arrayList2 = new ArrayList();
                        while (wrap2.hasRemaining()) {
                            int h7 = h(wrap2);
                            byte[] bArr6 = new byte[g(wrap2)];
                            wrap2.get(bArr6);
                            if (h7 != f9353b) {
                                n.b(f9352a, "is not attestion extension by digest int");
                            } else {
                                arrayList2.add(Integer.valueOf(bArr6[0] & 255));
                            }
                        }
                        int[] iArr2 = new int[arrayList2.size()];
                        for (int i3 = 0; i3 < arrayList2.size(); i3++) {
                            iArr2[i3] = ((Integer) arrayList2.get(i3)).intValue();
                        }
                        aVar.d(iArr2);
                    }
                }
                if (j2 == l) {
                    Log.d(f9352a, "ecc");
                    int h8 = h(wrap2);
                    byte[] bArr7 = new byte[g(wrap2)];
                    wrap2.get(bArr7);
                    if (h8 != f9353b) {
                        n.b(f9352a, "is not attestion extension by ecc");
                    } else {
                        aVar.i(bArr7[0] & 255);
                    }
                }
                if (j2 == n) {
                    Log.d(f9352a, "auth type");
                    int h9 = h(wrap2);
                    byte[] bArr8 = new byte[g(wrap2)];
                    wrap2.get(bArr8);
                    if (h9 != f9353b) {
                        n.b(f9352a, "is not attestion extension by auth type");
                    } else {
                        aVar.n(bArr8[0] & 255);
                    }
                }
                if (j2 == o) {
                    Log.d(f9352a, "auth timeout");
                    int h10 = h(wrap2);
                    byte[] bArr9 = new byte[g(wrap2)];
                    wrap2.get(bArr9);
                    if (h10 != f9353b) {
                        n.b(f9352a, "is not attestion extension by auth type");
                    } else {
                        aVar.f(bArr9[0] & 255);
                    }
                }
                if (j2 == m) {
                    Log.d(f9352a, "auth required");
                    if (h(wrap2) != f9356e) {
                        n.b(f9352a, "is not attestion extension by no auth required");
                    } else {
                        aVar.g(true);
                    }
                }
                if (j2 == p) {
                    Log.d(f9352a, "all applications");
                    if (h(wrap2) != f9356e) {
                        n.b(f9352a, "is not attestion extension by all application");
                    } else {
                        aVar.c(true);
                    }
                }
                if (j2 == q) {
                    Log.d(f9352a, ProducerContext.ExtraKeys.ORIGIN);
                    int h11 = h(wrap2);
                    byte[] bArr10 = new byte[g(wrap2)];
                    wrap2.get(bArr10);
                    if (h11 != f9353b) {
                        n.b(f9352a, "is not attestion extension by origin");
                    } else {
                        aVar.m(bArr10[0] & 255);
                    }
                }
            }
        }
        return aVar;
    }

    private static com.gmrz.appsdk.attestation.b o(byte[] bArr) {
        com.gmrz.appsdk.attestation.b bVar = new com.gmrz.appsdk.attestation.b();
        if (bArr != null) {
            try {
                if (bArr.length != 0) {
                    ByteBuffer wrap = ByteBuffer.wrap(bArr);
                    wrap.order(ByteOrder.LITTLE_ENDIAN);
                    byte b2 = wrap.get();
                    int g2 = g(wrap);
                    if (b2 == f9355d && wrap.hasRemaining() && wrap.remaining() == g2) {
                        byte b3 = wrap.get();
                        if (g(wrap) != 0 && (b3 != f9354c || !wrap.hasRemaining())) {
                            n.b(f9352a, "is not attestation extension by root sequence");
                            return null;
                        }
                        byte b4 = wrap.get();
                        byte[] bArr2 = new byte[g(wrap)];
                        wrap.get(bArr2);
                        if (b4 != f9353b) {
                            n.b(f9352a, "is not attestion extension by attestation version");
                            return null;
                        }
                        bVar.f(bArr2[0] & 255);
                        byte b5 = wrap.get();
                        byte[] bArr3 = new byte[g(wrap)];
                        wrap.get(bArr3);
                        if (b5 != f9357f) {
                            n.b(f9352a, "is not attestion extension by tmp1");
                            return null;
                        }
                        bVar.b(bArr3[0] & 255);
                        byte b6 = wrap.get();
                        int g3 = g(wrap);
                        if (g3 != 0) {
                            byte[] bArr4 = new byte[g3];
                            wrap.get(bArr4);
                            if (b6 != f9353b) {
                                n.b(f9352a, "is not attestion extension by tmp2");
                                return null;
                            }
                            bVar.k(bArr4[0] & 255);
                        }
                        byte b7 = wrap.get();
                        byte[] bArr5 = new byte[g(wrap)];
                        wrap.get(bArr5);
                        if (b7 != f9357f) {
                            n.b(f9352a, "is not attestion extension by keymaster security");
                            return null;
                        }
                        bVar.i(bArr5[0] & 255);
                        byte b8 = wrap.get();
                        int g4 = g(wrap);
                        if (g4 != 0) {
                            byte[] bArr6 = new byte[g4];
                            wrap.get(bArr6);
                            if (b8 != f9355d) {
                                n.b(f9352a, "is not attestion extension by challenge");
                                return null;
                            }
                            bVar.d(bArr6);
                        }
                        byte b9 = wrap.get();
                        int g5 = g(wrap);
                        if (g5 != 0) {
                            wrap.get(new byte[g5]);
                            if (b9 != f9355d) {
                                n.b(f9352a, "is not attestion extension by tmp2");
                                return null;
                            }
                        }
                        byte b10 = wrap.get();
                        int g6 = g(wrap);
                        if (g6 != 0) {
                            byte[] bArr7 = new byte[g6];
                            wrap.get(bArr7);
                            if (b10 != f9354c) {
                                n.b(f9352a, "is not attestion extension by sw");
                                return null;
                            }
                            Log.d(f9352a, "check softwareEnforced");
                            com.gmrz.appsdk.attestation.a n2 = n(bArr7);
                            bVar.c(n2);
                            Log.d(f9352a, "swEnforcedList:" + n2.toString());
                        }
                        byte b11 = wrap.get();
                        int g7 = g(wrap);
                        if (g7 != 0) {
                            byte[] bArr8 = new byte[g7];
                            wrap.get(bArr8);
                            if (b11 != f9354c) {
                                n.b(f9352a, "is not attestion extension by tee");
                                return null;
                            }
                            Log.d(f9352a, "check teeEnforced");
                            com.gmrz.appsdk.attestation.a n3 = n(bArr8);
                            bVar.g(n3);
                            Log.d(f9352a, "teeEnforcedList:" + n3.toString());
                        }
                        return bVar;
                    }
                    n.b(f9352a, "is not attestation extension by root , maybe not der");
                    return null;
                }
            } catch (Exception e2) {
                n.b(f9352a, "verifyAttestionExtension:" + e2.getMessage());
                e2.printStackTrace();
            }
        }
        return null;
    }

    public static boolean p(String str, boolean z) {
        try {
            com.gmrz.appsdk.attestation.b l2 = l(str);
            if (l2 == null) {
                n.b(f9352a, "KeyDescription is null");
                return false;
            }
            if (z && l2.a() != KeyASecurityType.TEE) {
                n.b(f9352a, "AttestationSecurity is not tee");
                return false;
            }
            if (l2.e() != KeyASecurityType.TEE) {
                n.b(f9352a, "KeymasterSecurityLevel is not tee");
                return false;
            }
            l2.h();
            com.gmrz.appsdk.attestation.a j2 = l2.j();
            if (j2.j() == null || j2.j().length != 1) {
                n.b(f9352a, "purpose is not sign,else");
                return false;
            }
            int binarySearch = Arrays.binarySearch(j2.j(), 2);
            if (binarySearch < 1 && binarySearch > -1) {
                if (j2.a() != 0) {
                    n.b(f9352a, "user auth timeout is not 0");
                    return false;
                }
                if (j2.l()) {
                    n.b(f9352a, "all applications is not granted");
                    return false;
                }
                if (j2.e() == 0) {
                    return true;
                }
                n.b(f9352a, "key is need generate");
                return false;
            }
            n.b(f9352a, "purpose is not sign");
            return false;
        } catch (Exception e2) {
            n.b(f9352a, "verifySecure: " + e2.getMessage());
            return false;
        }
    }
}
