package com.yandex.runtime.attestation_storage.internal;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import android.util.Log;
import com.google.android.gms.tasks.OnFailureListener;
import com.google.android.gms.tasks.OnSuccessListener;
import com.google.android.gms.tasks.Task;
import com.google.android.gms.tasks.TaskCompletionSource;
import com.google.android.gms.tasks.Tasks;
import com.yandex.runtime.Runtime;
import com.yandex.runtime.attestation.EcPublicKey;
import com.yandex.runtime.logging.Logger;
import defpackage.an1;
import defpackage.cn1;
import defpackage.en1;
import defpackage.hn1;
import defpackage.om1;
import defpackage.q50;
import defpackage.r50;
import defpackage.rl1;
import defpackage.rm1;
import defpackage.um1;
import defpackage.vm1;
import defpackage.xm1;
import defpackage.ym1;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;

/* loaded from: classes.dex */
public class PlatformKeystoreImpl implements PlatformKeystore {
    private static final int CERTIFICATE_VALID_YEARS = 10;
    private static final String KEY_ALIAS_BASE = "MAPKIT_ATTESTED_KEY_";
    private String alias;
    private KeyStore keyStore;
    private KeyStore.PrivateKeyEntry privateKeyEntry;

    private PlatformKeystoreImpl(String str) {
        this.alias = str;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            this.keyStore = keyStore;
            try {
                keyStore.load(null);
                if (hasEntry()) {
                    tryLoadEntry();
                }
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalStateException("Can't check the integrity of keystore: " + e.getMessage());
            }
        } catch (KeyStoreException e2) {
            throw new IllegalStateException("No Android Key Store in the system: " + e2.getMessage());
        }
    }

    public static boolean attestationAvailable() {
        Provider provider = Security.getProvider("AndroidKeyStore");
        if (provider == null || provider.getService("KeyPairGenerator", "EC") == null || provider.getService("KeyFactory", "EC") == null || Security.getProviders("Signature.NONEwithECDSA").length == 0) {
            return false;
        }
        try {
            CertificateFactory.getInstance("X.509");
            return Security.getProviders("MessageDigest.SHA-256").length != 0;
        } catch (CertificateException unused) {
            return false;
        }
    }

    public static void cleanupUnusedKeys(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            try {
                keyStore.load(null);
                try {
                    Iterator it = Collections.list(keyStore.aliases()).iterator();
                    while (it.hasNext()) {
                        String str2 = (String) it.next();
                        if (str2.startsWith(KEY_ALIAS_BASE)) {
                            if (str != null) {
                                if (str2.equals(KEY_ALIAS_BASE + str)) {
                                }
                            }
                            keyStore.deleteEntry(str2);
                        }
                    }
                } catch (KeyStoreException e) {
                    Logger.error("Could not delete entry: " + e.getMessage());
                }
            } catch (IOException e2) {
                Logger.error("Could not load keystore for key cleanup. I/O error: " + e2.getMessage());
            } catch (NoSuchAlgorithmException e3) {
                Logger.error("Could not load keystore for key cleanup. No such algorithm for checking keystore integrity: " + e3.getMessage());
            } catch (CertificateException e4) {
                Logger.error("Could not load keystore for key cleanup. Could not load certificate: " + e4.getMessage());
            }
        } catch (KeyStoreException e5) {
            Logger.error("Could not get keystore implementation for key cleanup: " + e5.getMessage());
        }
    }

    public static PlatformKeystore createKeystore(String str) {
        try {
            return new PlatformKeystoreImpl(KEY_ALIAS_BASE + str);
        } catch (IOException | CertificateException unused) {
            return null;
        }
    }

    private String createNonce(byte[] bArr) {
        try {
            byte[] certificateChain = getCertificateChain();
            if (certificateChain == null) {
                return null;
            }
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            messageDigest.update(certificateChain);
            return Base64.encodeToString(messageDigest.digest(), 10);
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("No SHA-256 algorithm in the environment: " + e.getMessage());
        }
    }

    private byte[] getCertificateChain() {
        if (this.privateKeyEntry == null) {
            throw new IllegalStateException("Key entry is null. Generate key first.");
        }
        try {
            try {
                return CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(this.privateKeyEntry.getCertificateChain())).getEncoded();
            } catch (CertificateEncodingException | CertificateException unused) {
                return null;
            }
        } catch (CertificateException e) {
            throw new IllegalStateException("X.509 is unsupported in the system: " + e.getMessage());
        }
    }

    private boolean hasEntry() {
        try {
            return this.keyStore.containsAlias(this.alias);
        } catch (KeyStoreException e) {
            throw new IllegalStateException("Keystore is not initialized: " + e.getMessage());
        }
    }

    private void tryLoadEntry() {
        try {
            KeyStore.Entry entry = this.keyStore.getEntry(this.alias, null);
            if (entry == null) {
                return;
            }
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new IllegalStateException("Key entry is not an instance of a KeyStore.PrivateKeyEntry");
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            this.privateKeyEntry = privateKeyEntry;
            if (privateKeyEntry.getPrivateKey().getAlgorithm() != "EC") {
                removeKey();
            }
        } catch (KeyStoreException e) {
            throw new IllegalStateException("Keystore has not been loaded: " + e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("No such algorithm in the environment: " + e2.getMessage());
        } catch (UnrecoverableEntryException e3) {
            throw new IllegalStateException("Entry is protected: " + e3.getMessage());
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public byte[] ecSign(byte[] bArr) {
        if (this.privateKeyEntry == null) {
            throw new IllegalStateException("Key entry is null. Generate key first.");
        }
        try {
            Signature signature = Signature.getInstance("NONEwithECDSA");
            try {
                signature.initSign(this.privateKeyEntry.getPrivateKey());
                try {
                    signature.update(bArr);
                    return signature.sign();
                } catch (SignatureException e) {
                    throw new IllegalStateException("Could not sign provided data: " + e.getMessage());
                }
            } catch (InvalidKeyException e2) {
                throw new IllegalStateException("Key provided for signing is invalid: " + e2.getMessage());
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new IllegalStateException("No NONEwithECDSA support: " + e3.getMessage());
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public void generateKey(byte[] bArr) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            try {
                Calendar calendar = Calendar.getInstance();
                Date time = calendar.getTime();
                calendar.add(1, 10);
                keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(this.alias, 4).setDigests("NONE").setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setAttestationChallenge(bArr).setKeySize(256).setCertificateNotBefore(time).setCertificateNotAfter(calendar.getTime()).build());
                keyPairGenerator.generateKeyPair();
                tryLoadEntry();
            } catch (InvalidAlgorithmParameterException e) {
                throw new IllegalStateException("Arguments for initialization of EC algorithm are invalid: " + e.getMessage());
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("EC algorithm is unsupported in AndroidKeyStore: " + e2.getMessage());
        } catch (NoSuchProviderException e3) {
            throw new IllegalStateException("No Android Key Store in the system: " + e3.getMessage());
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public byte[] getAppAttestKeyAssertion() {
        throw new UnsupportedOperationException("No AppAttest for Android");
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public String getAppAttestKeyId() {
        throw new UnsupportedOperationException("No AppAttest for Android");
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public String getApplicationId() {
        throw new UnsupportedOperationException("Should not be used for Android");
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public EcPublicKey getEcPublicKey() {
        try {
            ECPoint w = ((ECPublicKeySpec) KeyFactory.getInstance("EC").getKeySpec(this.privateKeyEntry.getCertificate().getPublicKey(), ECPublicKeySpec.class)).getW();
            return new EcPublicKey(w.getAffineX().toByteArray(), w.getAffineY().toByteArray());
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("EC algorithm is unsupported in AndroidKeyStore: " + e.getMessage());
        } catch (InvalidKeySpecException e2) {
            throw new IllegalStateException("Invalid KeySpec or key could not be processed: " + e2.getMessage());
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public byte[] getKeystoreProof() {
        return getCertificateChain();
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public boolean hasKey() {
        return this.privateKeyEntry != null;
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public void removeKey() {
        this.privateKeyEntry = null;
        if (hasEntry()) {
            try {
                this.keyStore.deleteEntry(this.alias);
            } catch (KeyStoreException e) {
                throw new IllegalStateException("Keystore is not initialized: " + e.getMessage());
            }
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public void requestAttestKey(byte[] bArr, long j, final AttestationListener attestationListener) {
        um1 um1Var;
        Task forException;
        String createNonce = createNonce(bArr);
        if (createNonce == null) {
            attestationListener.onAttestationFailed("Could not create nonce");
        }
        if (createNonce == null) {
            throw new NullPointerException("Null nonce");
        }
        Long valueOf = Long.valueOf(j);
        om1 om1Var = new om1(createNonce, valueOf);
        Context applicationContext = Runtime.getApplicationContext();
        synchronized (xm1.class) {
            try {
                if (xm1.A == null) {
                    Context applicationContext2 = applicationContext.getApplicationContext();
                    if (applicationContext2 != null) {
                        applicationContext = applicationContext2;
                    }
                    xm1.A = new um1(applicationContext);
                }
                um1Var = xm1.A;
            } finally {
            }
        }
        en1 en1Var = ((ym1) um1Var.A.A()).A;
        if (en1Var.C == null) {
            forException = Tasks.forException(new q50(-2, null));
        } else {
            try {
                byte[] decode = Base64.decode(createNonce, 10);
                en1Var.A.A("requestIntegrityToken(%s)", om1Var);
                TaskCompletionSource taskCompletionSource = new TaskCompletionSource();
                hn1 hn1Var = en1Var.C;
                cn1 cn1Var = new cn1(en1Var, taskCompletionSource, decode, valueOf, taskCompletionSource, om1Var);
                synchronized (hn1Var.F) {
                    hn1Var.E.add(taskCompletionSource);
                    taskCompletionSource.getTask().addOnCompleteListener(new rl1(hn1Var, taskCompletionSource, false));
                }
                synchronized (hn1Var.F) {
                    try {
                        if (hn1Var.e.getAndIncrement() > 0) {
                            vm1 vm1Var = hn1Var.B;
                            Object[] objArr = new Object[0];
                            vm1Var.getClass();
                            if (Log.isLoggable("PlayCore", 3)) {
                                vm1.B(vm1Var.A, "Already connected to the service.", objArr);
                            }
                        }
                    } finally {
                    }
                }
                hn1Var.A().post(new an1(hn1Var, taskCompletionSource, cn1Var));
                forException = taskCompletionSource.getTask();
            } catch (IllegalArgumentException e) {
                forException = Tasks.forException(new q50(-13, e));
            }
        }
        forException.addOnSuccessListener(new OnSuccessListener<r50>() { // from class: com.yandex.runtime.attestation_storage.internal.PlatformKeystoreImpl.1
            @Override // com.google.android.gms.tasks.OnSuccessListener
            public void onSuccess(r50 r50Var) {
                attestationListener.onAttestationReceived(((rm1) r50Var).A.getBytes());
            }
        });
        forException.addOnFailureListener(new OnFailureListener() { // from class: com.yandex.runtime.attestation_storage.internal.PlatformKeystoreImpl.2
            @Override // com.google.android.gms.tasks.OnFailureListener
            public void onFailure(Exception exc) {
                attestationListener.onAttestationFailed(exc.getMessage());
            }
        });
    }
}
