package com.allawn.cryptography.security.attestation;

import com.allawn.cryptography.EncryptException;
import com.allawn.cryptography.exception.InvalidArgumentException;
import com.allawn.cryptography.security.cert.CertUtils;
import com.allawn.cryptography.teesdk.CryptoEngCmd;
import com.allawn.cryptography.teesdk.TAInterfaceException;
import com.allawn.cryptography.teesdk.type.CryptoEngCmdType;
import com.allawn.cryptography.teesdk.type.PrivKeyLabelType;
import com.allawn.cryptography.util.DateUtil;
import com.allawn.cryptography.util.HexStringUtils;
import com.allawn.cryptography.util.LogUtil;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.List;
import java.util.Locale;
import java.util.TimeZone;
import java.util.concurrent.TimeUnit;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class AttestationManager {
    public X509Certificate mAttestCertificate;
    public String mAttestationData;
    public byte[] mAttestationDataSignature;
    public List mSigningCertChain;
    public X509Certificate mSigningCertEntity;

    /* JADX WARN: Code restructure failed: missing block: B:30:0x0064, code lost:
    
        r4 = r4.getApplicationPublicKeyStr();
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.lang.String getApplicationPublicKey(com.allawn.cryptography.security.attestation.AttestationParameters r4) {
        /*
            com.allawn.cryptography.security.attestation.AttestationProperties$ApplicationKeyAlgorithmEnum r0 = r4.getApplicationKeyAlgorithm()
            java.security.PublicKey r1 = r4.getApplicationPublicKey()
            if (r0 == 0) goto L62
            java.lang.String r2 = "EC"
            if (r1 != 0) goto L2f
            java.lang.String r1 = r4.getApplicationPublicKeyStr()     // Catch: java.security.NoSuchAlgorithmException -> L21
            java.lang.String r1 = com.allawn.cryptography.util.KeyUtil.pemToPublicKey(r1)     // Catch: java.security.NoSuchAlgorithmException -> L21
            byte[] r1 = com.allawn.cryptography.util.Base64Utils.decodeFromString(r1)     // Catch: java.security.NoSuchAlgorithmException -> L21
            com.allawn.cryptography.security.attestation.AttestationProperties$ApplicationKeyAlgorithmEnum r3 = com.allawn.cryptography.security.attestation.AttestationProperties$ApplicationKeyAlgorithmEnum.RSA     // Catch: java.security.NoSuchAlgorithmException -> L21
            if (r0 != r3) goto L23
            java.lang.String r3 = "RSA"
            goto L24
        L21:
            r4 = move-exception
            goto L29
        L23:
            r3 = r2
        L24:
            java.security.PublicKey r1 = com.allawn.cryptography.util.KeyUtil.bytesToPublicKey(r1, r3)     // Catch: java.security.NoSuchAlgorithmException -> L21
            goto L2f
        L29:
            java.security.spec.InvalidKeySpecException r0 = new java.security.spec.InvalidKeySpecException
            r0.<init>(r4)
            throw r0
        L2f:
            java.lang.String r3 = r1.getAlgorithm()     // Catch: java.lang.Throwable -> L5b
            boolean r2 = r2.equals(r3)     // Catch: java.lang.Throwable -> L5b
            if (r2 == 0) goto L62
            java.lang.String r2 = r0.getAlgorithm()     // Catch: java.lang.Throwable -> L5b
            boolean r2 = com.allawn.cryptography.util.KeyUtil.checkECGroup(r1, r2)     // Catch: java.lang.Throwable -> L5b
            if (r2 == 0) goto L44
            goto L62
        L44:
            java.security.spec.InvalidKeySpecException r4 = new java.security.spec.InvalidKeySpecException     // Catch: java.lang.Throwable -> L5b
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L5b
            r1.<init>()     // Catch: java.lang.Throwable -> L5b
            java.lang.String r2 = "The algorithm of the incoming application public key is not "
            r1.append(r2)     // Catch: java.lang.Throwable -> L5b
            r1.append(r0)     // Catch: java.lang.Throwable -> L5b
            java.lang.String r0 = r1.toString()     // Catch: java.lang.Throwable -> L5b
            r4.<init>(r0)     // Catch: java.lang.Throwable -> L5b
            throw r4     // Catch: java.lang.Throwable -> L5b
        L5b:
            r4 = move-exception
            java.security.spec.InvalidKeySpecException r0 = new java.security.spec.InvalidKeySpecException
            r0.<init>(r4)
            throw r0
        L62:
            if (r1 != 0) goto L69
            java.lang.String r4 = r4.getApplicationPublicKeyStr()
            goto L71
        L69:
            byte[] r4 = r1.getEncoded()
            java.lang.String r4 = com.allawn.cryptography.util.Base64Utils.encodeToString(r4)
        L71:
            java.lang.String r4 = com.allawn.cryptography.util.KeyUtil.publicKeyToPem(r4)
            java.nio.charset.Charset r0 = java.nio.charset.StandardCharsets.UTF_8
            byte[] r0 = r4.getBytes(r0)
            int r0 = r0.length
            r1 = 1024(0x400, float:1.435E-42)
            if (r0 >= r1) goto L81
            return r4
        L81:
            com.allawn.cryptography.exception.InvalidArgumentException r4 = new com.allawn.cryptography.exception.InvalidArgumentException
            java.lang.String r0 = "ApplicationPublicKey length needs to be less than 1024 bytes"
            r4.<init>(r0)
            throw r4
        */
        throw new UnsupportedOperationException("Method not decompiled: com.allawn.cryptography.security.attestation.AttestationManager.getApplicationPublicKey(com.allawn.cryptography.security.attestation.AttestationParameters):java.lang.String");
    }

    public static int getSigningKeyAliasCode(int i) {
        return i == 1 ? PrivKeyLabelType.DEVICE_EE_PRIV_KEY_LABEL.getCode() : i == 2 ? PrivKeyLabelType.GROUP_DEVICE_EE_PRIV_KEY_LABEL.getCode() : PrivKeyLabelType.DEFAULT_DEVICE_EE_PRIV_KEY_LABEL.getCode();
    }

    public static void packBasicAttestation(AttestationParameters attestationParameters, JSONObject jSONObject, String str) {
        packTimeInfo(attestationParameters, jSONObject);
        if (attestationParameters.getNonce() != null) {
            if (attestationParameters.getNonce().getBytes(StandardCharsets.UTF_8).length >= 65) {
                throw new InvalidArgumentException("Nonce length needs to be less than 65 bytes");
            }
            jSONObject.put("nonce", attestationParameters.getNonce());
        }
        if (attestationParameters.getDevice() != null) {
            if (attestationParameters.getDevice().getBytes(StandardCharsets.UTF_8).length >= 65) {
                throw new InvalidArgumentException("DeviceId length needs to be less than 65 bytes");
            }
            jSONObject.put("appDeviceId", attestationParameters.getDevice());
        }
        if (attestationParameters.getRotateDevice() != null) {
            if (attestationParameters.getRotateDevice().getBytes(StandardCharsets.UTF_8).length >= 65) {
                throw new InvalidArgumentException("RotateDeviceId length needs to be less than 65 bytes");
            }
            jSONObject.put("appRotateDeviceId", attestationParameters.getRotateDevice());
        }
        jSONObject.put("signingKeyAlias", getSigningKeyAliasCode(attestationParameters.getSigningKeyAlias()));
        if (attestationParameters.getApplicationKeyAlias() != null) {
            if (attestationParameters.getApplicationKeyAlias().getBytes(StandardCharsets.UTF_8).length >= 16) {
                throw new InvalidArgumentException("ApplicationKeyAlias length needs to be less than 16 bytes");
            }
            jSONObject.put("applicationKeyAlias", attestationParameters.getApplicationKeyAlias());
        }
        if (attestationParameters.getApplicationKeyAlgorithm() != null) {
            jSONObject.put("applicationKeyAlgorithm", attestationParameters.getApplicationKeyAlgorithm().getName());
        }
        packPublicKeyInfo(attestationParameters, jSONObject, str);
        if (attestationParameters.getApplicationCustomizeDataDgst() != null) {
            if (attestationParameters.getApplicationCustomizeDataDgst().getBytes(StandardCharsets.UTF_8).length >= 65) {
                throw new InvalidArgumentException("ApplicationCustomizeDataDgst length needs to be less than 65 bytes");
            }
            jSONObject.put("applicationCustomizeDataDgst", attestationParameters.getApplicationCustomizeDataDgst());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v10 */
    /* JADX WARN: Type inference failed for: r0v11 */
    /* JADX WARN: Type inference failed for: r0v2 */
    /* JADX WARN: Type inference failed for: r0v5 */
    public static boolean packIdAttestation(AttestationParameters attestationParameters, JSONObject jSONObject) {
        boolean isIncludedAttestationIdSerial = attestationParameters.isIncludedAttestationIdSerial();
        boolean z = isIncludedAttestationIdSerial;
        if (attestationParameters.isIncludedAttestationIdImei()) {
            z = (isIncludedAttestationIdSerial ? 1 : 0) | 2;
        }
        ?? r0 = z;
        if (attestationParameters.isIncludedOSVersion()) {
            r0 = (z ? 1 : 0) | 4;
        }
        if (r0 == 0) {
            return false;
        }
        jSONObject.put("privacy", Integer.toBinaryString(r0 | 8).substring(1));
        return true;
    }

    public static CryptoEngCmdType packParametersToCryptoEng(AttestationParameters attestationParameters, JSONObject jSONObject, String str) {
        CryptoEngCmdType cryptoEngCmdType = CryptoEngCmdType.CE_CMD_RUN_PKI_BASIC_ATTESTATION;
        packBasicAttestation(attestationParameters, jSONObject, str);
        return attestationParameters.isIdAttestationIncluded() ? packIdAttestation(attestationParameters, jSONObject) ? CryptoEngCmdType.CE_CMD_RUN_PKI_PRIVACY_ID_ATTESTATION : CryptoEngCmdType.CE_CMD_RUN_PKI_COMMON_ID_ATTESTATION : cryptoEngCmdType;
    }

    public static void packPublicKeyInfo(AttestationParameters attestationParameters, JSONObject jSONObject, String str) {
        if (attestationParameters.getApplicationPublicKeyStr() != null || attestationParameters.getApplicationPublicKey() != null) {
            jSONObject.put("applicationPublicKey", getApplicationPublicKey(attestationParameters));
            jSONObject.put("applicationKeySecurityLevel", "APP");
            return;
        }
        if ("x.509v3".equals(str)) {
            if (attestationParameters.getApplicationKeyAlgorithm() == null) {
                throw new InvalidArgumentException("Missing application key algorithm");
            }
            if (attestationParameters.getApplicationKeyAlias() == null) {
                throw new InvalidArgumentException("Missing application key alias");
            }
            LogUtil.d("AttestationManager", "packPublicKeyInfo use the generated keystore public key");
            String createApplicationPublicKey = AttestationUtil.createApplicationPublicKey(attestationParameters.getApplicationKeyAlgorithm(), attestationParameters.getApplicationKeyAlias());
            if (createApplicationPublicKey != null) {
                jSONObject.put("applicationPublicKey", createApplicationPublicKey);
                jSONObject.put("applicationKeySecurityLevel", "APP");
            }
        }
    }

    public static void packTimeInfo(AttestationParameters attestationParameters, JSONObject jSONObject) {
        long timestamp = attestationParameters.getTimestamp();
        if (timestamp == -1) {
            timestamp = DateUtil.now() - 1000;
        }
        jSONObject.put("timestamp", String.valueOf(timestamp));
        int expireDays = attestationParameters.getExpireDays();
        if (expireDays == 0) {
            LogUtil.d("AttestationManager", "packTimeInfo use default expiration days");
            expireDays = 30;
        }
        if (expireDays < 0 || expireDays > 90) {
            throw new InvalidArgumentException("ExpireDays should not be greater than 90 or less than 0");
        }
        jSONObject.put("expireDays", expireDays);
        Calendar calendar = Calendar.getInstance();
        calendar.setTimeInMillis(timestamp);
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMddHHmmss", Locale.getDefault());
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
        String format = simpleDateFormat.format(calendar.getTime());
        calendar.setTimeInMillis(timestamp + TimeUnit.DAYS.toMillis(expireDays));
        String format2 = simpleDateFormat.format(calendar.getTime());
        jSONObject.put("notBefore", format);
        jSONObject.put("notAfter", format2);
    }

    public final void clear() {
        this.mSigningCertEntity = null;
        this.mSigningCertChain = null;
        this.mAttestationData = null;
        this.mAttestationDataSignature = null;
        this.mAttestCertificate = null;
    }

    public final JSONObject generate(String str, AttestationParameters attestationParameters) {
        JSONObject jSONObject = new JSONObject();
        CryptoEngCmdType packParametersToCryptoEng = packParametersToCryptoEng(attestationParameters, jSONObject, str);
        jSONObject.put("targetFormat", str);
        return new JSONObject(new String(CryptoEngCmd.pkiCommonAsk(jSONObject.toString(), packParametersToCryptoEng), StandardCharsets.UTF_8));
    }

    public void generateRaw(AttestationParameters attestationParameters) {
        if (attestationParameters == null) {
            throw new NullPointerException("Attestation parameter is null");
        }
        clear();
        try {
            JSONObject generate = generate("raw", attestationParameters);
            this.mAttestationData = generate.getString("attestationData");
            this.mSigningCertEntity = CertUtils.readCertificate(generate.getString("signingCert").getBytes(StandardCharsets.UTF_8));
            this.mAttestationDataSignature = HexStringUtils.hexStringToByteArray(generate.getString("signature"));
        } catch (InvalidArgumentException | TAInterfaceException | IOException | KeyStoreException | CertificateException | InvalidKeySpecException | JSONException e) {
            throw new EncryptException(e);
        }
    }

    public void generateX509(AttestationParameters attestationParameters) {
        if (attestationParameters == null) {
            throw new NullPointerException("Attestation parameter is null");
        }
        clear();
        try {
            JSONObject generate = generate("x.509v3", attestationParameters);
            String string = generate.getString("signingCert");
            Charset charset = StandardCharsets.UTF_8;
            this.mSigningCertEntity = CertUtils.readCertificate(string.getBytes(charset));
            this.mAttestCertificate = CertUtils.readCertificate(generate.getString("attestCert").getBytes(charset));
        } catch (InvalidArgumentException | TAInterfaceException | IOException | KeyStoreException | CertificateException | InvalidKeySpecException | JSONException e) {
            throw new EncryptException(e);
        }
    }

    public X509Certificate getAttestCertificate() {
        return this.mAttestCertificate;
    }

    public String getAttestationData() {
        return this.mAttestationData;
    }

    public byte[] getAttestationDataSignature() {
        return this.mAttestationDataSignature;
    }

    public X509Certificate getSigningCertEntity() {
        return this.mSigningCertEntity;
    }
}
