package com.samsung.android.tvplus.api.tvplus.auth;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import android.util.Log;
import com.samsung.android.security.keystore.AttestationUtils;
import com.samsung.android.tvplus.basics.debug.b;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.Certificate;
import kotlin.h;
import kotlin.i;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.o;
import kotlin.jvm.internal.q;
import kotlin.k;

/* loaded from: classes2.dex */
public final class e {
    public static final a d = new a(null);
    public static final int e = 8;
    public final h a = i.lazy(k.NONE, (kotlin.jvm.functions.a) b.g);
    public KeyStore b;
    public AttestationUtils c;

    /* loaded from: classes2.dex */
    public static final class a {
        public a() {
        }

        public /* synthetic */ a(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* loaded from: classes2.dex */
    public static final class b extends q implements kotlin.jvm.functions.a {
        public static final b g = new b();

        public b() {
            super(0);
        }

        @Override // kotlin.jvm.functions.a
        /* renamed from: b, reason: merged with bridge method [inline-methods] */
        public final com.samsung.android.tvplus.basics.debug.b invoke() {
            com.samsung.android.tvplus.basics.debug.b bVar = new com.samsung.android.tvplus.basics.debug.b();
            bVar.j("SamsungAttestationKeyManager");
            bVar.h(4);
            return bVar;
        }
    }

    public final boolean a(byte[] challenge) {
        o.h(challenge, "challenge");
        try {
            c();
            if (this.c == null) {
                this.c = new AttestationUtils();
            }
            AttestationUtils attestationUtils = this.c;
            if (attestationUtils == null) {
                o.z("attestationUtils");
                attestationUtils = null;
            }
            attestationUtils.storeCertificateChain("TvpMobileSak", attestationUtils.attestKey("TvpMobileSak", challenge));
            return true;
        } catch (Throwable th) {
            com.samsung.android.tvplus.basics.debug.b g = g();
            Log.e(g.f(), g.d() + com.samsung.android.tvplus.basics.debug.b.h.a("failed to attest key", 0));
            th.printStackTrace();
            return false;
        }
    }

    public final String b(Certificate[] certificateArr) {
        if (certificateArr.length < 2) {
            return null;
        }
        byte[] bArr = new byte[certificateArr[0].getEncoded().length + certificateArr[1].getEncoded().length];
        System.arraycopy(certificateArr[1].getEncoded(), 0, bArr, 0, certificateArr[1].getEncoded().length);
        System.arraycopy(certificateArr[0].getEncoded(), 0, bArr, certificateArr[1].getEncoded().length, certificateArr[0].getEncoded().length);
        return Base64.encodeToString(bArr, 2);
    }

    public final void c() {
        if (i()) {
            return;
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder("TvpMobileSak", 15);
        byte[] bytes = "TvpMobileSak".getBytes(kotlin.text.c.b);
        o.g(bytes, "this as java.lang.String).getBytes(charset)");
        KeyGenParameterSpec.Builder encryptionPaddings = builder.setAttestationChallenge(bytes).setDigests("SHA-256", "SHA-512").setSignaturePaddings("PKCS1").setEncryptionPaddings("PKCS1Padding");
        o.g(encryptionPaddings, "Builder(\n               …YPTION_PADDING_RSA_PKCS1)");
        keyPairGenerator.initialize(encryptionPaddings.build());
        keyPairGenerator.generateKeyPair();
    }

    public final ATokenRequestBody d(String challenge) {
        o.h(challenge, "challenge");
        com.samsung.android.tvplus.basics.debug.b g = g();
        boolean a2 = g.a();
        if (com.samsung.android.tvplus.basics.debug.c.a() || g.b() <= 4 || a2) {
            Log.i(g.f(), g.d() + com.samsung.android.tvplus.basics.debug.b.h.a("generate req body", 0));
        }
        byte[] bytes = challenge.getBytes(kotlin.text.c.b);
        o.g(bytes, "this as java.lang.String).getBytes(charset)");
        if (!a(bytes)) {
            return null;
        }
        Certificate[] e2 = e();
        String b2 = e2 != null ? b(e2) : null;
        byte[] k = k(challenge);
        String encodeToString = k != null ? Base64.encodeToString(k, 2) : null;
        if (b2 != null && encodeToString != null) {
            return new ATokenRequestBody(b2, challenge, encodeToString);
        }
        com.samsung.android.tvplus.basics.debug.b g2 = g();
        String f = g2.f();
        StringBuilder sb = new StringBuilder();
        sb.append(g2.d());
        b.a aVar = com.samsung.android.tvplus.basics.debug.b.h;
        StringBuilder sb2 = new StringBuilder();
        sb2.append("failed to generate req body. cert : ");
        sb2.append(!(b2 == null || b2.length() == 0));
        sb2.append(", sign : ");
        sb2.append(!(encodeToString == null || encodeToString.length() == 0));
        sb.append(aVar.a(sb2.toString(), 0));
        Log.e(f, sb.toString());
        return null;
    }

    public final Certificate[] e() {
        try {
            c();
            KeyStore f = f();
            if (f != null) {
                return f.getCertificateChain("TvpMobileSak");
            }
            return null;
        } catch (Exception e2) {
            com.samsung.android.tvplus.basics.debug.b g = g();
            Log.e(g.f(), g.d() + com.samsung.android.tvplus.basics.debug.b.h.a("failed to get cert chain", 0));
            e2.printStackTrace();
            return null;
        }
    }

    public final KeyStore f() {
        try {
            KeyStore keyStore = this.b;
            if (keyStore == null) {
                keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                this.b = keyStore;
            }
            return keyStore;
        } catch (Exception e2) {
            com.samsung.android.tvplus.basics.debug.b g = g();
            Log.e(g.f(), g.d() + com.samsung.android.tvplus.basics.debug.b.h.a("Failed to getKeyStore", 0));
            e2.printStackTrace();
            return null;
        }
    }

    public final com.samsung.android.tvplus.basics.debug.b g() {
        return (com.samsung.android.tvplus.basics.debug.b) this.a.getValue();
    }

    public final PrivateKey h() {
        c();
        KeyStore f = f();
        KeyStore.Entry entry = f != null ? f.getEntry("TvpMobileSak", null) : null;
        KeyStore.PrivateKeyEntry privateKeyEntry = entry instanceof KeyStore.PrivateKeyEntry ? (KeyStore.PrivateKeyEntry) entry : null;
        if (privateKeyEntry != null) {
            return privateKeyEntry.getPrivateKey();
        }
        return null;
    }

    public final boolean i() {
        KeyStore.Entry entry = null;
        try {
            KeyStore f = f();
            if (f != null) {
                entry = f.getEntry("TvpMobileSak", null);
            }
        } catch (Exception e2) {
            com.samsung.android.tvplus.basics.debug.b g = g();
            Log.e(g.f(), g.d() + com.samsung.android.tvplus.basics.debug.b.h.a("failed while getting entry from keystore", 0));
            e2.printStackTrace();
        }
        return entry != null;
    }

    public final boolean j() {
        return com.samsung.android.tvplus.sep.os.c.a.c();
    }

    public final byte[] k(String str) {
        try {
            PrivateKey h = h();
            if (h == null) {
                return null;
            }
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(h);
            byte[] bytes = str.getBytes(kotlin.text.c.b);
            o.g(bytes, "this as java.lang.String).getBytes(charset)");
            signature.update(bytes);
            return signature.sign();
        } catch (Exception e2) {
            com.samsung.android.tvplus.basics.debug.b g = g();
            Log.e(g.f(), g.d() + com.samsung.android.tvplus.basics.debug.b.h.a("failed to sign", 0));
            e2.printStackTrace();
            return null;
        }
    }
}
