package com.iqiyi.passportsdk.thirdparty.finger;

import a01aUx.a01auX.a01COn.a01aux.a;
import a01aUx.a01auX.a01COn.a01aux.a01auX.d;
import android.app.KeyguardManager;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.support.annotation.RequiresApi;
import android.util.Base64;
import com.iqiyi.passportsdk.PassportUtil;
import com.iqiyi.passportsdk.utils.PassportLog;
import com.iqiyi.passportsdk.utils.PassportSpUtils;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.util.GregorianCalendar;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.security.auth.x500.X500Principal;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class FingerSelfKeytoreHelper {
    private static final String BEGIN_PERM = "-----BEGIN CERTIFICATE-----\n";
    private static final String END_PERM = "\n-----END CERTIFICATE-----";
    private static final String KEYSTORE_PROVIDER = "AndroidKeyStore";
    private static final String KEYSTORE_TYPE = "AndroidKeyStore";
    private static final String SHA256withECDSA = "SHA256withECDSA";
    private static final String TAG = "FingerSelfKeytoreHelper---->";

    private FingerSelfKeytoreHelper() {
    }

    private static String base64WithNoWrap(byte[] bArr) {
        return Base64.encodeToString(bArr, 2);
    }

    public static boolean checkUserPrivateKey() {
        int userRegFingerType = PassportSpUtils.getUserRegFingerType();
        if (userRegFingerType == 0) {
            return false;
        }
        if (userRegFingerType == 1 || userRegFingerType == 2) {
            return true;
        }
        boolean isIqiyiKeystoreFingerLoginOpen = PassportSpUtils.isIqiyiKeystoreFingerLoginOpen();
        boolean hasUserPrivateKey = hasUserPrivateKey();
        if (isIqiyiKeystoreFingerLoginOpen && !hasUserPrivateKey) {
            FingerSDKLoginHelper.delKey();
        }
        return isIqiyiKeystoreFingerLoginOpen && hasUserPrivateKey;
    }

    @RequiresApi(api = 24)
    public static void generateKey(String str) {
        try {
            byte[] decode = Base64.decode(str, 2);
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            String keyAlias = getKeyAlias();
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(keyAlias, 4).setUserAuthenticationRequired(true).setAttestationChallenge(decode).setDigests("SHA-256").setCertificateSubject(new X500Principal("CN=" + keyAlias)).setCertificateSerialNumber(BigInteger.valueOf(1337L)).setUserAuthenticationValidityDurationSeconds(300).setCertificateNotBefore(gregorianCalendar.getTime()).build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            PassportLog.d(TAG, e.getMessage());
        }
    }

    public static String getBase64PERMJsonString() {
        try {
            Certificate[] certificateChain = getKeyStore().getCertificateChain(getKeyAlias());
            JSONObject jSONObject = new JSONObject();
            for (int i = 0; i < certificateChain.length; i++) {
                try {
                    String base64WithNoWrap = base64WithNoWrap(certificateChain[i].getEncoded());
                    jSONObject.put(String.valueOf(i), BEGIN_PERM + base64WithNoWrap + END_PERM);
                } catch (JSONException e) {
                    PassportLog.d(TAG, e.getMessage());
                }
            }
            return base64WithNoWrap(jSONObject.toString().getBytes());
        } catch (Exception e2) {
            PassportLog.d(TAG, e2.getMessage());
            return "";
        }
    }

    public static String getBase64PublicKey() {
        try {
            return base64WithNoWrap(getCertificate().getPublicKey().getEncoded());
        } catch (Exception e) {
            PassportLog.d(TAG, e.getMessage());
            return "";
        }
    }

    public static String getBase64SignData(String str) {
        try {
            byte[] decode = Base64.decode(str, 2);
            Signature sign = getSign();
            sign.update(decode);
            return base64WithNoWrap(sign.sign());
        } catch (Exception e) {
            PassportLog.d(TAG, e.getMessage());
            return "";
        }
    }

    private static Certificate getCertificate() {
        try {
            return getPrivateEntry().getCertificate();
        } catch (Exception e) {
            PassportLog.d(TAG, e.getMessage());
            return null;
        }
    }

    private static String getKeyAlias() {
        return "IQIYI_FINGER_" + PassportUtil.getLastUserIdWhenLogout();
    }

    private static KeyStore getKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore;
        } catch (Exception e) {
            PassportLog.d(TAG, e.getMessage());
            return null;
        }
    }

    private static KeyStore.PrivateKeyEntry getPrivateEntry() {
        try {
            KeyStore.Entry entry = getKeyStore().getEntry(getKeyAlias(), null);
            if (entry == null) {
                d.sendQosPingback(1, "");
                return null;
            }
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                return (KeyStore.PrivateKeyEntry) entry;
            }
            return null;
        } catch (Exception e) {
            PassportLog.d(TAG, e.getMessage());
            return null;
        }
    }

    private static PrivateKey getPrivateKey() {
        try {
            KeyStore.PrivateKeyEntry privateEntry = getPrivateEntry();
            if (privateEntry != null) {
                return privateEntry.getPrivateKey();
            }
            return null;
        } catch (Exception e) {
            PassportLog.d(TAG, e.getMessage());
            return null;
        }
    }

    public static Signature getSign() {
        Signature signature = null;
        try {
            signature = Signature.getInstance(SHA256withECDSA);
            signature.initSign(getPrivateKey());
            return signature;
        } catch (Exception e) {
            PassportLog.d(TAG, e.getMessage());
            return signature;
        }
    }

    public static boolean hasUserPrivateKey() {
        return getPrivateEntry() != null;
    }

    @RequiresApi(api = 23)
    public static boolean isDeviceSecure() {
        try {
            return ((KeyguardManager) a.app().getSystemService("keyguard")).isDeviceSecure();
        } catch (Exception e) {
            PassportLog.d(TAG, e.getMessage());
            return false;
        }
    }

    @RequiresApi(api = 23)
    public static boolean isKeyProtectedEnforcedBySecureHardware() {
        try {
            SecretKey secretKey = (SecretKey) getKeyStore().getKey(getKeyAlias(), null);
            if (secretKey == null) {
                return false;
            }
            KeyInfo keyInfo = (KeyInfo) SecretKeyFactory.getInstance("EC", "AndroidKeyStore").getKeySpec(secretKey, KeyInfo.class);
            if (keyInfo.isInsideSecureHardware()) {
                return keyInfo.isUserAuthenticationRequirementEnforcedBySecureHardware();
            }
            return false;
        } catch (Exception e) {
            PassportLog.d(TAG, e.getMessage());
            return false;
        }
    }
}
