package com.scl.rdservice.ecsclient.cryptoservice;

import android.app.Activity;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import com.scl.rdservice.ecsclient.fpmorpho.MSODevice;
import com.scl.rdservice.ecsclient.fpmorpho.MorphoSmartErrors;
import com.scl.rdservice.ecsclient.fpmorpho.MorphoSmartLiteCallback;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

/* loaded from: classes2.dex */
public class CryptoService {
    private static final String DEFAULT_SIGNATURE_ALGORITHM = "SHA256withRSA";
    private static CryptoService cryptoInstance;
    private KeyPair keyPair;
    private DeviceIntegrityCheck mDeviceIntegrityCheckInstance;
    private MorphoSmartLiteCallback morphoSmartLiteCallback;
    private final String ANDROID_KEYSTORE_INSTANCE = "AndroidKeyStore";
    private String serialNumber = null;

    private CryptoService() {
    }

    private KeyPair generateKeyStore(Context context, String str) {
        if (Build.VERSION.SDK_INT >= 23) {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(str, 4);
                builder.setDigests(McElieceCCA2KeyGenParameterSpec.SHA256).setKeySize(2048).setSignaturePaddings("PKCS1").setCertificateSerialNumber(BigInteger.valueOf(1337L)).setCertificateNotBefore(new Date(System.currentTimeMillis())).setCertificateNotAfter(new Date(System.currentTimeMillis() + 86400000));
                keyPairGenerator.initialize(builder.build());
                return keyPairGenerator.generateKeyPair();
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
                e.getCause();
            }
        } else if (Build.VERSION.SDK_INT >= 18 && Build.VERSION.SDK_INT < 23) {
            try {
                KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                KeyPairGeneratorSpec.Builder builder2 = new KeyPairGeneratorSpec.Builder(context);
                builder2.setAlias(str).setSubject(new X500Principal("CN=rd_device")).setSerialNumber(BigInteger.valueOf(1337L)).setStartDate(new Date(System.currentTimeMillis())).setEndDate(new Date(System.currentTimeMillis() + 86400000));
                if (Build.VERSION.SDK_INT >= 19) {
                    builder2.setKeySize(2048);
                }
                keyPairGenerator2.initialize(builder2.build());
                return keyPairGenerator2.generateKeyPair();
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e2) {
                return null;
            }
        }
        return null;
    }

    private X509Certificate getDeviceCert(Context context, String str) {
        Certificate certificate;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null);
            if (privateKeyEntry != null && (certificate = privateKeyEntry.getCertificate()) != null) {
                return (X509Certificate) certificate;
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            e.getCause();
        }
        return null;
    }

    public static final synchronized CryptoService getInstance(MorphoSmartLiteCallback morphoSmartLiteCallback, Activity activity) {
        CryptoService cryptoService;
        synchronized (CryptoService.class) {
            synchronized (CryptoService.class) {
                if (cryptoInstance == null) {
                    cryptoInstance = new CryptoService();
                    cryptoInstance.morphoSmartLiteCallback = morphoSmartLiteCallback;
                    cryptoInstance.mDeviceIntegrityCheckInstance = DeviceIntegrityCheck.getInstance(activity);
                    cryptoInstance.setKeyPair(activity);
                    cryptoService = cryptoInstance;
                } else {
                    cryptoService = cryptoInstance;
                }
            }
            return cryptoService;
        }
        return cryptoService;
    }

    private void setKeyPair(Activity activity) {
        KeyStore.PrivateKeyEntry privateKeyEntry;
        Certificate certificate;
        try {
            setSerialNumber(activity);
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (this.serialNumber == null || DeviceDataManager.getAlias(activity, this.serialNumber) == null || (privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(DeviceDataManager.getAlias(activity, this.serialNumber), null)) == null || (certificate = privateKeyEntry.getCertificate()) == null) {
                return;
            }
            certificate.getPublicKey();
            this.keyPair = new KeyPair(certificate.getPublicKey(), privateKeyEntry.getPrivateKey());
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            e.getCause();
        }
    }

    private void setSerialNumber(Context context) {
        try {
            this.serialNumber = null;
            this.serialNumber = MSODevice.getInstance().getDeviceSerialNumber(this.morphoSmartLiteCallback, context);
        } catch (IOException e) {
            this.morphoSmartLiteCallback.onFailure(MorphoSmartErrors.Errors.COMMUNICATION_ERROR);
        }
    }

    private byte[] signData(byte[] bArr, Context context) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(DeviceDataManager.getAlias(context, this.serialNumber), null);
            if (privateKeyEntry != null) {
                Signature signature = Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM);
                signature.initSign(privateKeyEntry.getPrivateKey());
                signature.update(bArr);
                return signature.sign();
            }
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | SignatureException | UnrecoverableEntryException | CertificateException e) {
            e.getCause();
        }
        return null;
    }

    private byte[] signDataD(byte[] bArr, Context context) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(DeviceDataManager.getAlias(context, this.serialNumber), null);
            if (privateKeyEntry != null) {
                Signature signature = Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM);
                signature.initSign(privateKeyEntry.getPrivateKey());
                signature.update(bArr);
                return signature.sign();
            }
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | SignatureException | UnrecoverableEntryException | CertificateException e) {
            e.getCause();
        }
        return null;
    }

    public boolean checkAlreadyRegisteredDeviceCertificate(Context context) {
        Certificate certificate;
        String deviceCode;
        try {
            setSerialNumber(context);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            e.getCause();
        }
        if (this.serialNumber == null) {
            return false;
        }
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(DeviceDataManager.getAlias(context, this.serialNumber), null);
        if (privateKeyEntry != null && (certificate = privateKeyEntry.getCertificate()) != null && (deviceCode = DeviceDataManager.getDeviceCode(context, this.serialNumber)) != null) {
            if (((X509Certificate) certificate).getSubjectX500Principal().getName().contains(deviceCode)) {
                return true;
            }
        }
        return false;
    }

    public boolean checkCertificateExpiry(Context context) {
        Certificate certificate;
        try {
            setSerialNumber(context);
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(DeviceDataManager.getAlias(context, this.serialNumber), null);
            if (privateKeyEntry == null || (certificate = privateKeyEntry.getCertificate()) == null) {
                return false;
            }
            ((X509Certificate) certificate).checkValidity(new Date(System.currentTimeMillis()));
            return true;
        } catch (IOException e) {
            return false;
        } catch (KeyStoreException e2) {
            return false;
        } catch (NoSuchAlgorithmException e3) {
            return false;
        } catch (UnrecoverableEntryException e4) {
            return false;
        } catch (CertificateExpiredException e5) {
            return false;
        } catch (CertificateNotYetValidException e6) {
            return false;
        } catch (CertificateException e7) {
            return false;
        }
    }

    public void deleteAllKeystore() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            for (String str : Collections.list(keyStore.aliases())) {
                if (keyStore.containsAlias(str)) {
                    keyStore.deleteEntry(str);
                }
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            e.getCause();
        }
    }

    public void deleteGarbageKeystores(Context context, String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            for (Object obj : Collections.list(keyStore.aliases())) {
                if (obj.toString().contains(str) && DeviceDataManager.getAlias(context, str) == null) {
                    deleteKeystoreEntry(obj.toString());
                }
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            e.getCause();
        }
    }

    public boolean deleteKeystoreEntry(String str) {
        if (str != null) {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                if (((KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null)) != null) {
                    keyStore.deleteEntry(str);
                    return !keyStore.containsAlias(str);
                }
            } catch (IOException | NullPointerException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
                e.getCause();
            }
        }
        return false;
    }

    public KeyPair getAliasKeyPair(Context context, String str) {
        Certificate certificate;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null);
            if (privateKeyEntry != null && (certificate = privateKeyEntry.getCertificate()) != null) {
                certificate.getPublicKey();
                return new KeyPair(certificate.getPublicKey(), privateKeyEntry.getPrivateKey());
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            e.getCause();
        }
        return null;
    }

    public X509Certificate getDeviceCertificate(Context context) {
        Certificate certificate;
        setSerialNumber(context);
        if (this.serialNumber != null && checkAlreadyRegisteredDeviceCertificate(context)) {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(DeviceDataManager.getAlias(context, this.serialNumber), null);
                if (privateKeyEntry != null && (certificate = privateKeyEntry.getCertificate()) != null) {
                    return (X509Certificate) certificate;
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
                e.getCause();
            }
        }
        return null;
    }

    public KeyPair getLastKeyPairForConnectedDevice(String str, String str2) {
        KeyStore.PrivateKeyEntry privateKeyEntry;
        Certificate certificate;
        try {
            this.serialNumber = str2;
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (this.serialNumber != null && (privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null)) != null && (certificate = privateKeyEntry.getCertificate()) != null) {
                certificate.getPublicKey();
                return new KeyPair(certificate.getPublicKey(), privateKeyEntry.getPrivateKey());
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            e.getCause();
        }
        return null;
    }

    public final byte[] getSignature(byte[] bArr, Context context) {
        setSerialNumber(context);
        if (!this.mDeviceIntegrityCheckInstance.isDeviceRooted() && this.serialNumber != null) {
            if (!checkAlreadyRegisteredDeviceCertificate(context)) {
                throw new SecurityException("Device not registered");
            }
            if (getDeviceCert(context, DeviceDataManager.getAlias(context, this.serialNumber)) != null) {
                if (Build.VERSION.SDK_INT >= 23) {
                    return signData(bArr, context);
                }
                if (Build.VERSION.SDK_INT >= 18) {
                    return signDataD(bArr, context);
                }
            }
        }
        return null;
    }

    public KeyPair initRegistration(Context context, String str, CryptoServiceCallback cryptoServiceCallback) {
        setSerialNumber(context);
        KeyPair generateKeyStore = generateKeyStore(context, str);
        if (generateKeyStore != null) {
            return generateKeyStore;
        }
        cryptoServiceCallback.onCryptoServiceError("Error in Registration");
        return null;
    }

    public KeyPair initRotation(Context context, String str, CryptoServiceCallback cryptoServiceCallback) {
        KeyPair generateKeyStore = generateKeyStore(context, str);
        if (generateKeyStore != null) {
            return generateKeyStore;
        }
        cryptoServiceCallback.onCryptoServiceError("Error in Rotation");
        return null;
    }

    public boolean replaceCertificates(Context context, Certificate certificate, String str, String str2) {
        try {
            if (((X509Certificate) certificate).getSubjectX500Principal().getName().contains(str)) {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                if (((KeyStore.PrivateKeyEntry) keyStore.getEntry(str2, null)) != null) {
                    keyStore.setKeyEntry(str2, getAliasKeyPair(context, str2).getPrivate(), null, new Certificate[]{certificate});
                    if (getDeviceCert(context, str2).equals(certificate)) {
                        return true;
                    }
                }
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            e.getCause();
        }
        return false;
    }

    public byte[] signDataWithPrivateKey(String str, KeyPair keyPair) {
        try {
            Signature signature = Signature.getInstance(DEFAULT_SIGNATURE_ALGORITHM);
            signature.initSign(keyPair.getPrivate());
            signature.update(str.getBytes());
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            e.getCause();
            return null;
        }
    }
}
