package com.yandex.runtime.attestation_storage.internal;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.google.android.gms.internal.appset.i;
import com.google.android.gms.tasks.e;
import com.google.android.gms.tasks.zzw;
import com.google.android.play.core.integrity.a;
import com.google.android.play.core.integrity.c;
import com.google.android.play.core.integrity.d;
import com.google.android.play.core.integrity.f;
import com.google.android.play.core.integrity.g;
import com.yandex.runtime.Runtime;
import com.yandex.runtime.attestation.EcPublicKey;
import com.yandex.runtime.logging.Logger;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;

/* loaded from: classes3.dex */
public class PlatformKeystoreImpl implements PlatformKeystore {
    private static final String KEY_ALIAS_BASE = "MAPKIT_ATTESTED_KEY_";
    private String alias;
    private KeyStore keyStore;
    private KeyStore.PrivateKeyEntry privateKeyEntry;

    private PlatformKeystoreImpl(String str) throws IOException, CertificateException {
        this.alias = str;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            this.keyStore = keyStore;
            try {
                keyStore.load(null);
                if (hasEntry()) {
                    tryLoadEntry();
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new IllegalStateException("Can't check the integrity of keystore: " + e2.getMessage());
            }
        } catch (KeyStoreException e3) {
            throw new IllegalStateException("No Android Key Store in the system: " + e3.getMessage());
        }
    }

    public static boolean attestationAvailable() {
        Provider provider = Security.getProvider("AndroidKeyStore");
        if (provider == null || provider.getService("KeyPairGenerator", "EC") == null || provider.getService("KeyFactory", "EC") == null || Security.getProviders("Signature.NONEwithECDSA").length == 0) {
            return false;
        }
        try {
            CertificateFactory.getInstance("X.509");
            return Security.getProviders("MessageDigest.SHA-256").length != 0;
        } catch (CertificateException unused) {
            return false;
        }
    }

    public static void cleanupUnusedKeys(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            try {
                keyStore.load(null);
                try {
                    Iterator it = Collections.list(keyStore.aliases()).iterator();
                    while (it.hasNext()) {
                        String str2 = (String) it.next();
                        if (str2.startsWith(KEY_ALIAS_BASE)) {
                            if (str != null) {
                                if (str2.equals(KEY_ALIAS_BASE + str)) {
                                }
                            }
                            keyStore.deleteEntry(str2);
                        }
                    }
                } catch (KeyStoreException e2) {
                    Logger.error("Could not delete entry: " + e2.getMessage());
                }
            } catch (IOException e3) {
                Logger.error("Could not load keystore for key cleanup. I/O error: " + e3.getMessage());
            } catch (NoSuchAlgorithmException e4) {
                Logger.error("Could not load keystore for key cleanup. No such algorithm for checking keystore integrity: " + e4.getMessage());
            } catch (CertificateException e5) {
                Logger.error("Could not load keystore for key cleanup. Could not load certificate: " + e5.getMessage());
            }
        } catch (KeyStoreException e6) {
            Logger.error("Could not get keystore implementation for key cleanup: " + e6.getMessage());
        }
    }

    public static PlatformKeystore createKeystore(String str) {
        try {
            return new PlatformKeystoreImpl(KEY_ALIAS_BASE + str);
        } catch (IOException | CertificateException unused) {
            return null;
        }
    }

    private String createNonce(byte[] bArr) {
        try {
            byte[] certificateChain = getCertificateChain();
            if (certificateChain == null) {
                return null;
            }
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            messageDigest.update(certificateChain);
            return Base64.encodeToString(messageDigest.digest(), 10);
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("No SHA-256 algorithm in the environment: " + e2.getMessage());
        }
    }

    private byte[] getCertificateChain() {
        if (this.privateKeyEntry == null) {
            throw new IllegalStateException("Key entry is null. Generate key first.");
        }
        try {
            try {
                return CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(this.privateKeyEntry.getCertificateChain())).getEncoded();
            } catch (CertificateEncodingException | CertificateException unused) {
                return null;
            }
        } catch (CertificateException e2) {
            throw new IllegalStateException("X.509 is unsupported in the system: " + e2.getMessage());
        }
    }

    private boolean hasEntry() {
        try {
            return this.keyStore.containsAlias(this.alias);
        } catch (KeyStoreException e2) {
            throw new IllegalStateException("Keystore is not initialized: " + e2.getMessage());
        }
    }

    private void tryLoadEntry() {
        try {
            KeyStore.Entry entry = this.keyStore.getEntry(this.alias, null);
            if (entry == null) {
                return;
            }
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new IllegalStateException("Key entry is not an instance of a KeyStore.PrivateKeyEntry");
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            this.privateKeyEntry = privateKeyEntry;
            if (privateKeyEntry.getPrivateKey().getAlgorithm() != "EC") {
                removeKey();
            }
        } catch (KeyStoreException e2) {
            throw new IllegalStateException("Keystore has not been loaded: " + e2.getMessage());
        } catch (NoSuchAlgorithmException e3) {
            throw new IllegalStateException("No such algorithm in the environment: " + e3.getMessage());
        } catch (UnrecoverableEntryException e4) {
            throw new IllegalStateException("Entry is protected: " + e4.getMessage());
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public byte[] ecSign(byte[] bArr) {
        if (this.privateKeyEntry == null) {
            throw new IllegalStateException("Key entry is null. Generate key first.");
        }
        try {
            Signature signature = Signature.getInstance("NONEwithECDSA");
            try {
                signature.initSign(this.privateKeyEntry.getPrivateKey());
                try {
                    signature.update(bArr);
                    return signature.sign();
                } catch (SignatureException e2) {
                    throw new IllegalStateException("Could not sign provided data: " + e2.getMessage());
                }
            } catch (InvalidKeyException e3) {
                throw new IllegalStateException("Key provided for signing is invalid: " + e3.getMessage());
            }
        } catch (NoSuchAlgorithmException e4) {
            throw new IllegalStateException("No NONEwithECDSA support: " + e4.getMessage());
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public void generateKey(byte[] bArr) {
        KeyGenParameterSpec.Builder attestationChallenge;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            try {
                attestationChallenge = new KeyGenParameterSpec.Builder(this.alias, 4).setDigests("NONE").setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setAttestationChallenge(bArr);
                keyPairGenerator.initialize(attestationChallenge.setKeySize(256).build());
                keyPairGenerator.generateKeyPair();
                tryLoadEntry();
            } catch (InvalidAlgorithmParameterException e2) {
                throw new IllegalStateException("Arguments for initialization of EC algorithm are invalid: " + e2.getMessage());
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new IllegalStateException("EC algorithm is unsupported in AndroidKeyStore: " + e3.getMessage());
        } catch (NoSuchProviderException e4) {
            throw new IllegalStateException("No Android Key Store in the system: " + e4.getMessage());
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public byte[] getAppAttestKeyAssertion() {
        throw new UnsupportedOperationException("No AppAttest for Android");
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public String getAppAttestKeyId() {
        throw new UnsupportedOperationException("No AppAttest for Android");
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public String getApplicationId() {
        throw new UnsupportedOperationException("Should not be used for Android");
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public EcPublicKey getEcPublicKey() {
        try {
            ECPoint w = ((ECPublicKeySpec) KeyFactory.getInstance("EC").getKeySpec(this.privateKeyEntry.getCertificate().getPublicKey(), ECPublicKeySpec.class)).getW();
            return new EcPublicKey(w.getAffineX().toByteArray(), w.getAffineY().toByteArray());
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("EC algorithm is unsupported in AndroidKeyStore: " + e2.getMessage());
        } catch (InvalidKeySpecException e3) {
            throw new IllegalStateException("Invalid KeySpec or key could not be processed: " + e3.getMessage());
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public byte[] getKeystoreProof() {
        return getCertificateChain();
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public boolean hasKey() {
        return this.privateKeyEntry != null;
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public void removeKey() {
        this.privateKeyEntry = null;
        if (hasEntry()) {
            try {
                this.keyStore.deleteEntry(this.alias);
            } catch (KeyStoreException e2) {
                throw new IllegalStateException("Keystore is not initialized: " + e2.getMessage());
            }
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public void requestAttestKey(byte[] bArr, long j, final AttestationListener attestationListener) {
        f fVar;
        String createNonce = createNonce(bArr);
        if (createNonce == null) {
            attestationListener.onAttestationFailed("Could not create nonce");
        }
        if (createNonce == null) {
            throw new NullPointerException("Null nonce");
        }
        d dVar = new d(createNonce, Long.valueOf(j));
        Context applicationContext = Runtime.getApplicationContext();
        synchronized (g.class) {
            if (g.f33886a == null) {
                i iVar = new i();
                Context applicationContext2 = applicationContext.getApplicationContext();
                if (applicationContext2 != null) {
                    applicationContext = applicationContext2;
                }
                iVar.f30397a = applicationContext;
                g.f33886a = new f(applicationContext);
            }
            fVar = g.f33886a;
        }
        zzw a2 = ((a) fVar.f33885a.a()).a(dVar);
        a2.g(new com.google.android.gms.tasks.f<c>() { // from class: com.yandex.runtime.attestation_storage.internal.PlatformKeystoreImpl.1
            @Override // com.google.android.gms.tasks.f
            public void onSuccess(c cVar) {
                attestationListener.onAttestationReceived(cVar.a().getBytes());
            }
        });
        a2.e(new e() { // from class: com.yandex.runtime.attestation_storage.internal.PlatformKeystoreImpl.2
            @Override // com.google.android.gms.tasks.e
            public void onFailure(Exception exc) {
                attestationListener.onAttestationFailed(exc.getMessage());
            }
        });
    }
}
