package com.samsung.android.tvplus.api.tvplus.v3.auth;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import android.util.Log;
import com.samsung.android.security.keystore.AttestationUtils;
import java.nio.charset.Charset;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.Certificate;
import kotlin.i;
import kotlin.jvm.internal.j;
import kotlin.k;

/* compiled from: SamsungAttestationKeyManager.kt */
/* loaded from: classes2.dex */
public final class f {
    public final kotlin.g a = i.lazy(k.NONE, (kotlin.jvm.functions.a) a.b);
    public KeyStore b;
    public AttestationUtils c;

    /* compiled from: SamsungAttestationKeyManager.kt */
    /* loaded from: classes2.dex */
    public static final class a extends kotlin.jvm.internal.k implements kotlin.jvm.functions.a<com.samsung.android.tvplus.basics.debug.b> {
        public static final a b = new a();

        public a() {
            super(0);
        }

        @Override // kotlin.jvm.functions.a
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final com.samsung.android.tvplus.basics.debug.b d() {
            com.samsung.android.tvplus.basics.debug.b bVar = new com.samsung.android.tvplus.basics.debug.b();
            bVar.j("SamsungAttestationKeyManager");
            bVar.h(4);
            return bVar;
        }
    }

    public final boolean a(byte[] challenge) {
        j.e(challenge, "challenge");
        try {
            c();
            if (this.c == null) {
                this.c = new AttestationUtils();
            }
            AttestationUtils attestationUtils = this.c;
            if (attestationUtils != null) {
                attestationUtils.storeCertificateChain("TvpMobileSak", attestationUtils.attestKey("TvpMobileSak", challenge));
                return true;
            }
            j.q("attestationUtils");
            throw null;
        } catch (Throwable th) {
            com.samsung.android.tvplus.basics.debug.b g = g();
            Log.e(g.f(), j.k(g.d(), com.samsung.android.tvplus.basics.ktx.a.e("failed to attest key", 0)));
            th.printStackTrace();
            return false;
        }
    }

    public final String b(Certificate[] certificateArr) {
        if (certificateArr.length < 2) {
            return null;
        }
        byte[] bArr = new byte[certificateArr[0].getEncoded().length + certificateArr[1].getEncoded().length];
        System.arraycopy(certificateArr[1].getEncoded(), 0, bArr, 0, certificateArr[1].getEncoded().length);
        System.arraycopy(certificateArr[0].getEncoded(), 0, bArr, certificateArr[1].getEncoded().length, certificateArr[0].getEncoded().length);
        return Base64.encodeToString(bArr, 2);
    }

    public final void c() {
        if (i()) {
            return;
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder("TvpMobileSak", 15);
        byte[] bytes = "TvpMobileSak".getBytes(kotlin.text.c.a);
        j.d(bytes, "(this as java.lang.String).getBytes(charset)");
        KeyGenParameterSpec.Builder encryptionPaddings = builder.setAttestationChallenge(bytes).setDigests("SHA-256", "SHA-512").setSignaturePaddings("PKCS1").setEncryptionPaddings("PKCS1Padding");
        j.d(encryptionPaddings, "Builder(\n                KEYSTORE_ALIAS,\n                PURPOSE_SIGN or PURPOSE_VERIFY or PURPOSE_ENCRYPT or PURPOSE_DECRYPT\n            ).setAttestationChallenge(KEYSTORE_ALIAS.toByteArray())\n                .setDigests(DIGEST_SHA256, DIGEST_SHA512)\n                .setSignaturePaddings(SIGNATURE_PADDING_RSA_PKCS1)\n                .setEncryptionPaddings(ENCRYPTION_PADDING_RSA_PKCS1)");
        keyPairGenerator.initialize(encryptionPaddings.build());
        keyPairGenerator.generateKeyPair();
    }

    public final ATokenRequestBody d(String challenge) {
        j.e(challenge, "challenge");
        com.samsung.android.tvplus.basics.debug.b g = g();
        boolean a2 = g.a();
        if (com.samsung.android.tvplus.basics.debug.c.b() || g.b() <= 4 || a2) {
            Log.i(g.f(), j.k(g.d(), com.samsung.android.tvplus.basics.ktx.a.e("generate req body", 0)));
        }
        byte[] bytes = challenge.getBytes(kotlin.text.c.a);
        j.d(bytes, "(this as java.lang.String).getBytes(charset)");
        if (!a(bytes)) {
            return null;
        }
        Certificate[] e = e();
        String b = e == null ? null : b(e);
        byte[] k = k(challenge);
        String encodeToString = k == null ? null : Base64.encodeToString(k, 2);
        if (b != null && encodeToString != null) {
            return new ATokenRequestBody(b, challenge, encodeToString);
        }
        com.samsung.android.tvplus.basics.debug.b g2 = g();
        String f = g2.f();
        String d = g2.d();
        StringBuilder sb = new StringBuilder();
        sb.append("failed to generate req body. cert : ");
        sb.append(!(b == null || b.length() == 0));
        sb.append(", sign : ");
        sb.append(!(encodeToString == null || encodeToString.length() == 0));
        Log.e(f, j.k(d, com.samsung.android.tvplus.basics.ktx.a.e(sb.toString(), 0)));
        return null;
    }

    public final Certificate[] e() {
        try {
            c();
            KeyStore f = f();
            if (f == null) {
                return null;
            }
            return f.getCertificateChain("TvpMobileSak");
        } catch (Exception e) {
            com.samsung.android.tvplus.basics.debug.b g = g();
            Log.e(g.f(), j.k(g.d(), com.samsung.android.tvplus.basics.ktx.a.e("failed to get cert chain", 0)));
            e.printStackTrace();
            return null;
        }
    }

    public final KeyStore f() {
        try {
            KeyStore keyStore = this.b;
            if (keyStore == null) {
                keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                this.b = keyStore;
            }
            return keyStore;
        } catch (Exception e) {
            com.samsung.android.tvplus.basics.debug.b g = g();
            Log.e(g.f(), j.k(g.d(), com.samsung.android.tvplus.basics.ktx.a.e("Failed to getKeyStore", 0)));
            e.printStackTrace();
            return null;
        }
    }

    public final com.samsung.android.tvplus.basics.debug.b g() {
        return (com.samsung.android.tvplus.basics.debug.b) this.a.getValue();
    }

    public final PrivateKey h() {
        c();
        KeyStore f = f();
        KeyStore.Entry entry = f == null ? null : f.getEntry("TvpMobileSak", null);
        KeyStore.PrivateKeyEntry privateKeyEntry = entry instanceof KeyStore.PrivateKeyEntry ? (KeyStore.PrivateKeyEntry) entry : null;
        if (privateKeyEntry == null) {
            return null;
        }
        return privateKeyEntry.getPrivateKey();
    }

    public final boolean i() {
        KeyStore.Entry entry = null;
        try {
            KeyStore f = f();
            if (f != null) {
                entry = f.getEntry("TvpMobileSak", null);
            }
        } catch (Exception e) {
            com.samsung.android.tvplus.basics.debug.b g = g();
            Log.e(g.f(), j.k(g.d(), com.samsung.android.tvplus.basics.ktx.a.e("failed while getting entry from keystore", 0)));
            e.printStackTrace();
        }
        return entry != null;
    }

    public final boolean j() {
        return com.samsung.android.tvplus.sep.os.b.a.b();
    }

    public final byte[] k(String str) {
        try {
            PrivateKey h = h();
            if (h == null) {
                return null;
            }
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(h);
            Charset charset = kotlin.text.c.a;
            if (str == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
            }
            byte[] bytes = str.getBytes(charset);
            j.d(bytes, "(this as java.lang.String).getBytes(charset)");
            signature.update(bytes);
            return signature.sign();
        } catch (Exception e) {
            com.samsung.android.tvplus.basics.debug.b g = g();
            Log.e(g.f(), j.k(g.d(), com.samsung.android.tvplus.basics.ktx.a.e("failed to sign", 0)));
            e.printStackTrace();
            return null;
        }
    }
}
