package com.iqiyi.passportsdk.thirdparty.finger;

import android.app.KeyguardManager;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.annotation.RequiresApi;
import com.bytedance.common.utility.StringEncryptUtils;
import com.cmic.sso.sdk.e.y;
import com.cmic.sso.sdk.e.z;
import com.iqiyi.passportsdk.PassportUtil;
import com.iqiyi.passportsdk.register.RegisterManager;
import com.iqiyi.passportsdk.utils.PassportLog;
import com.iqiyi.passportsdk.utils.PassportSpUtils;
import com.iqiyi.passportsdk.utils.PsdkUtils;
import com.iqiyi.psdk.base.utils.m;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.GregorianCalendar;
import javax.security.auth.x500.X500Principal;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes14.dex */
public class FingerSelfKeytoreHelper {
    private static final String BEGIN_PERM = "-----BEGIN CERTIFICATE-----\n";
    private static final String END_PERM = "\n-----END CERTIFICATE-----";
    private static final String KEYSTORE_TYPE = "AndroidKeyStore";
    private static final String SHA256_WITH_ECDSA = "SHA256withECDSA";
    private static final String TAG = "FingerSelfKeytoreHelper---->";

    private FingerSelfKeytoreHelper() {
    }

    private static String base64WithNoWrap(byte[] bArr) {
        return Base64.encodeToString(bArr, 2);
    }

    public static boolean checkUserPrivateKey() {
        int userRegFingerType = PassportSpUtils.getUserRegFingerType();
        if (userRegFingerType == 0) {
            return false;
        }
        if (userRegFingerType == 1 || userRegFingerType == 2) {
            return true;
        }
        boolean isIqiyiKeystoreFingerLoginOpen = com.iqiyi.psdk.base.utils.h.isIqiyiKeystoreFingerLoginOpen();
        boolean hasUserPrivateKey = hasUserPrivateKey();
        if (isIqiyiKeystoreFingerLoginOpen && !hasUserPrivateKey) {
            FingerSDKLoginHelper.delKey();
        }
        return isIqiyiKeystoreFingerLoginOpen && hasUserPrivateKey;
    }

    @RequiresApi(api = 24)
    public static void generateKey(String str) {
        KeyGenParameterSpec.Builder userAuthenticationRequired;
        KeyGenParameterSpec.Builder attestationChallenge;
        KeyGenParameterSpec.Builder digests;
        KeyGenParameterSpec.Builder certificateSubject;
        KeyGenParameterSpec.Builder certificateSerialNumber;
        KeyGenParameterSpec.Builder userAuthenticationValidityDurationSeconds;
        KeyGenParameterSpec.Builder certificateNotBefore;
        KeyGenParameterSpec build;
        try {
            byte[] decode = Base64.decode(str, 2);
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            String keyAlias = getKeyAlias();
            z.a();
            userAuthenticationRequired = y.a(keyAlias, 4).setUserAuthenticationRequired(true);
            attestationChallenge = userAuthenticationRequired.setAttestationChallenge(decode);
            digests = attestationChallenge.setDigests(StringEncryptUtils.SHA_256);
            certificateSubject = digests.setCertificateSubject(new X500Principal("CN=" + keyAlias));
            certificateSerialNumber = certificateSubject.setCertificateSerialNumber(BigInteger.valueOf(1337L));
            userAuthenticationValidityDurationSeconds = certificateSerialNumber.setUserAuthenticationValidityDurationSeconds(300);
            certificateNotBefore = userAuthenticationValidityDurationSeconds.setCertificateNotBefore(gregorianCalendar.getTime());
            build = certificateNotBefore.build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", KEYSTORE_TYPE);
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
        } catch (IllegalArgumentException e11) {
            com.iqiyi.psdk.base.utils.b.b(TAG, e11);
            PassportLog.d(TAG, "IllegalArgumentException: " + e11.getMessage());
        } catch (InvalidAlgorithmParameterException e12) {
            PassportLog.d(TAG, "InvalidAlgorithmParameterException: " + e12.getMessage());
            com.iqiyi.psdk.base.utils.b.b(TAG, e12);
        } catch (NoSuchAlgorithmException e13) {
            e = e13;
            com.iqiyi.psdk.base.utils.b.b(TAG, e);
            PassportLog.d(TAG, "NoSuchAlgorithmException: " + e.getMessage());
        } catch (NoSuchProviderException e14) {
            e = e14;
            com.iqiyi.psdk.base.utils.b.b(TAG, e);
            PassportLog.d(TAG, "NoSuchAlgorithmException: " + e.getMessage());
        } catch (ProviderException e15) {
            PassportLog.d(TAG, "ProviderException: " + e15.getMessage());
            com.iqiyi.psdk.base.utils.b.b(TAG, e15);
            updateFingerType();
        }
    }

    public static String getBase64PERMJsonString() {
        KeyStore keyStore = getKeyStore();
        if (keyStore == null) {
            PassportLog.d(TAG, "getBase64PERMJsonString, keyStore == null");
            return "";
        }
        try {
            Certificate[] certificateChain = keyStore.getCertificateChain(getKeyAlias());
            if (certificateChain == null) {
                return "";
            }
            JSONObject jSONObject = new JSONObject();
            for (int i11 = 0; i11 < certificateChain.length; i11++) {
                try {
                    String base64WithNoWrap = base64WithNoWrap(certificateChain[i11].getEncoded());
                    jSONObject.put(String.valueOf(i11), BEGIN_PERM + base64WithNoWrap + END_PERM);
                } catch (CertificateEncodingException e11) {
                    com.iqiyi.psdk.base.utils.b.b(TAG, e11);
                    PassportLog.d(TAG, "CertificateEncodingException : " + e11.getMessage());
                    return "";
                } catch (JSONException e12) {
                    com.iqiyi.psdk.base.utils.b.b(TAG, e12);
                    PassportLog.d(TAG, "JSONException : " + e12.getMessage());
                    return "";
                }
            }
            return base64WithNoWrap(jSONObject.toString().getBytes());
        } catch (KeyStoreException e13) {
            com.iqiyi.psdk.base.utils.b.b(TAG, e13);
            PassportLog.d(TAG, "KeyStoreException : " + e13.getMessage());
            return "";
        }
    }

    public static String getBase64PublicKey() {
        Certificate certificate = getCertificate();
        if (certificate != null) {
            return base64WithNoWrap(certificate.getPublicKey().getEncoded());
        }
        PassportLog.d(TAG, "getBase64PublicKey failed");
        return "";
    }

    public static String getBase64SignData(String str) {
        try {
            byte[] decode = Base64.decode(str, 2);
            Signature sign = getSign();
            if (sign == null) {
                return "";
            }
            sign.update(decode);
            return base64WithNoWrap(sign.sign());
        } catch (SignatureException e11) {
            com.iqiyi.psdk.base.utils.b.b(TAG, e11);
            PassportLog.d(TAG, "getBase64SignData SignatureException : " + e11.getMessage());
            return "";
        }
    }

    private static Certificate getCertificate() {
        KeyStore.PrivateKeyEntry privateEntry = getPrivateEntry();
        if (privateEntry != null) {
            return privateEntry.getCertificate();
        }
        PassportLog.d(TAG, "getCertificate == null");
        return null;
    }

    private static String getKeyAlias() {
        return "IQIYI_FINGER_" + PassportUtil.getLastUserIdWhenLogout();
    }

    private static KeyStore getKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
            keyStore.load(null);
            return keyStore;
        } catch (IOException e11) {
            e = e11;
            com.iqiyi.psdk.base.utils.b.b(TAG, e);
            PassportLog.d(TAG, "getKeyStore: " + e.getMessage());
            return null;
        } catch (KeyStoreException e12) {
            com.iqiyi.psdk.base.utils.b.b(TAG, e12);
            PassportLog.d(TAG, "getKeyStore: KeyStoreException: " + e12.getMessage());
            return null;
        } catch (NoSuchAlgorithmException e13) {
            e = e13;
            com.iqiyi.psdk.base.utils.b.b(TAG, e);
            PassportLog.d(TAG, "getKeyStore: " + e.getMessage());
            return null;
        } catch (CertificateException e14) {
            e = e14;
            com.iqiyi.psdk.base.utils.b.b(TAG, e);
            PassportLog.d(TAG, "getKeyStore: " + e.getMessage());
            return null;
        }
    }

    public static long getLastUpdateFingerTime() {
        return kn.a.c("KEY_CHECK_FINGER_TIME_AFTER_EXCEPTION", 0L, "com.iqiyi.passportsdk.SharedPreferences");
    }

    /* JADX WARN: Removed duplicated region for block: B:5:0x0037  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0043  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.security.KeyStore.PrivateKeyEntry getPrivateEntry() {
        /*
            java.lang.String r0 = getKeyAlias()
            java.security.KeyStore r1 = getKeyStore()
            java.lang.String r2 = "FingerSelfKeytoreHelper---->"
            r3 = 0
            if (r1 == 0) goto L34
            java.security.KeyStore$Entry r0 = r1.getEntry(r0, r3)     // Catch: java.lang.UnsupportedOperationException -> L12 java.security.UnrecoverableEntryException -> L14 java.security.NoSuchAlgorithmException -> L16 java.security.KeyStoreException -> L18
            goto L35
        L12:
            r0 = move-exception
            goto L19
        L14:
            r0 = move-exception
            goto L19
        L16:
            r0 = move-exception
            goto L19
        L18:
            r0 = move-exception
        L19:
            com.iqiyi.psdk.base.utils.b.b(r2, r0)
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r1.<init>()
            java.lang.String r4 = "getPrivateEntry:"
            r1.append(r4)
            java.lang.String r0 = r0.getMessage()
            r1.append(r0)
            java.lang.String r0 = r1.toString()
            com.iqiyi.passportsdk.utils.PassportLog.d(r2, r0)
        L34:
            r0 = r3
        L35:
            if (r0 != 0) goto L43
            r0 = 1
            java.lang.String r1 = ""
            com.iqiyi.psdk.base.utils.g.v(r0, r1)
            java.lang.String r0 = "keyStoreEntry == null"
            com.iqiyi.passportsdk.utils.PassportLog.d(r2, r0)
            return r3
        L43:
            boolean r1 = r0 instanceof java.security.KeyStore.PrivateKeyEntry
            if (r1 == 0) goto L4a
            java.security.KeyStore$PrivateKeyEntry r0 = (java.security.KeyStore.PrivateKeyEntry) r0
            return r0
        L4a:
            java.lang.String r0 = "getPrivateEntry == null"
            com.iqiyi.passportsdk.utils.PassportLog.d(r2, r0)
            return r3
        */
        throw new UnsupportedOperationException("Method not decompiled: com.iqiyi.passportsdk.thirdparty.finger.FingerSelfKeytoreHelper.getPrivateEntry():java.security.KeyStore$PrivateKeyEntry");
    }

    private static PrivateKey getPrivateKey() {
        KeyStore.PrivateKeyEntry privateEntry = getPrivateEntry();
        if (privateEntry != null) {
            return privateEntry.getPrivateKey();
        }
        PassportLog.d(TAG, "getPrivateKey failed");
        return null;
    }

    public static Signature getSign() {
        Signature signature = null;
        try {
            signature = Signature.getInstance(SHA256_WITH_ECDSA);
            signature.initSign(getPrivateKey());
            return signature;
        } catch (InvalidKeyException e11) {
            com.iqiyi.psdk.base.utils.b.b(TAG, e11);
            PassportLog.d(TAG, "InvalidKeyException : " + e11.getMessage());
            removeInvaildKeyStore();
            return signature;
        } catch (NoSuchAlgorithmException e12) {
            com.iqiyi.psdk.base.utils.b.b(TAG, e12);
            PassportLog.d(TAG, "NoSuchAlgorithmException : " + e12.getMessage());
            removeInvaildKeyStore();
            return signature;
        }
    }

    public static boolean hasUserPrivateKey() {
        return getPrivateEntry() != null;
    }

    @RequiresApi(api = 23)
    public static boolean isDeviceSecure() {
        boolean isDeviceSecure;
        try {
            KeyguardManager keyguardManager = (KeyguardManager) hn.a.app().getSystemService("keyguard");
            if (keyguardManager == null) {
                return false;
            }
            isDeviceSecure = keyguardManager.isDeviceSecure();
            return isDeviceSecure;
        } catch (NullPointerException e11) {
            PassportLog.d(TAG, "isDeviceSecure : " + e11.getMessage());
            return false;
        }
    }

    private static void removeInvaildKeyStore() {
        KeyStore keyStore = getKeyStore();
        String keyAlias = getKeyAlias();
        if (keyStore != null) {
            try {
                if (keyStore.containsAlias(keyAlias)) {
                    keyStore.deleteEntry(keyAlias);
                }
            } catch (KeyStoreException e11) {
                com.iqiyi.psdk.base.utils.b.a(e11);
            }
        }
    }

    public static void setLastUpdateFingerTime(long j11) {
        kn.a.j("KEY_CHECK_FINGER_TIME_AFTER_EXCEPTION", j11, "com.iqiyi.passportsdk.SharedPreferences");
    }

    private static void updateFingerType() {
        if (hn.a.client().sdkLogin().isPassportPluginEnable() && !PsdkUtils.isJailBreak() && com.iqiyi.psdk.base.utils.h.isFingerLoginEnable()) {
            long currentTimeMillis = System.currentTimeMillis();
            long lastUpdateFingerTime = getLastUpdateFingerTime();
            if (currentTimeMillis - lastUpdateFingerTime < 3600000) {
                PassportLog.d(TAG, "updateFingerType time limit");
            } else {
                setLastUpdateFingerTime(lastUpdateFingerTime);
                m.a(new Runnable() { // from class: com.iqiyi.passportsdk.thirdparty.finger.FingerSelfKeytoreHelper.1
                    @Override // java.lang.Runnable
                    public void run() {
                        RegisterManager.getInstance().queryServerAndLocalFingerVerifyType(false);
                    }
                });
            }
        }
    }
}
