package com.hihonor.intellianalytics.utils.encrypt;

import android.app.Application;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.hihonor.android.security.keystore.HwUniversalKeyStoreProvider;
import com.hihonor.android.support.utils.ToolKit;
import com.hihonor.intellianalytics.utils.log.RunLog;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.ProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Optional;
import java.util.regex.Pattern;

/* loaded from: classes3.dex */
public class CertChainStore {
    private static final String ALGORITHM_NAME = "SHA256withECDSA";
    private static final String CERT_BEGIN_TAG = "-----BEGIN CERTIFICATE-----";
    private static final int CERT_COUNT = 4;
    private static final String CERT_END_TAG = "-----END CERTIFICATE-----;";
    private static final String CHALLENGE = "challenge_intellianalytics";
    private static final String TAG = "CertChainStore";
    private static final String TYPE_OF_KEY_STORE = "HwKeystore";
    private static final String ALIAS = "alias_intelli_" + Application.getProcessName();
    private static final Pattern PATTERN_FOR_REPLACE_ALL_BLANK_SPACE = Pattern.compile("\\s*|\t|\r|\n");

    private CertChainStore() {
    }

    public static synchronized Optional<String> generateCertChain() {
        synchronized (CertChainStore.class) {
            long currentTimeMillis = System.currentTimeMillis();
            HwUniversalKeyStoreProvider.install();
            try {
                Optional<String> certChain = getCertChain();
                if (certChain.isPresent()) {
                    return certChain;
                }
                String str = TAG;
                RunLog.i(str, "get cert fail, try create....");
                if (!haveCreatedCertChain()) {
                    RunLog.w(str, "Preconditions are not met, Failed to create key");
                    return Optional.empty();
                }
                RunLog.d(str, "getCertChainOrCreate duration: " + (System.currentTimeMillis() - currentTimeMillis));
                return getCertChain();
            } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | ProviderException | CertificateException e10) {
                RunLog.e(TAG, "getCertChainOrCreate: " + e10.getClass().getSimpleName(), e10);
                return Optional.empty();
            }
        }
    }

    private static Optional<String> getCertChain() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        long currentTimeMillis = System.currentTimeMillis();
        KeyStore keyStore = KeyStore.getInstance(TYPE_OF_KEY_STORE);
        keyStore.load(null);
        Certificate[] certificateChain = keyStore.getCertificateChain(ALIAS);
        if (certificateChain == null || certificateChain.length < 4) {
            RunLog.e(TAG, "getCertChain: get cert exception, cert count < 4");
            return Optional.empty();
        }
        RunLog.d(TAG, "getCertChain duration: " + (System.currentTimeMillis() - currentTimeMillis));
        StringBuilder sb2 = new StringBuilder();
        int length = certificateChain.length;
        for (int i10 = 0; i10 < length; i10++) {
            String encodeToString = Base64.encodeToString(certificateChain[i10].getEncoded(), 0);
            sb2.append(CERT_BEGIN_TAG);
            sb2.append(PATTERN_FOR_REPLACE_ALL_BLANK_SPACE.matcher(encodeToString).replaceAll(""));
            sb2.append(CERT_END_TAG);
        }
        String substring = sb2.substring(0, sb2.length() - 1);
        RunLog.d(TAG, "******all chain*****: " + substring);
        return Optional.of(substring);
    }

    private static boolean haveCreatedCertChain() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, ProviderException {
        long currentTimeMillis = System.currentTimeMillis();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", (Provider) new HwUniversalKeyStoreProvider());
        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(ALIAS, 12).setDigests(ToolKit.DIGEST_ALGORITHM_SHA256).setAttestationChallenge(CHALLENGE.getBytes()).build());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        String str = TAG;
        RunLog.d(str, "createCertChain duration: " + (System.currentTimeMillis() - currentTimeMillis));
        if (generateKeyPair != null) {
            return true;
        }
        RunLog.e(str, "createCertChain: keypair is null, Key creation failed");
        return false;
    }

    public static Optional<String> sign(byte[] bArr) {
        long currentTimeMillis = System.currentTimeMillis();
        HwUniversalKeyStoreProvider.install();
        try {
            KeyStore keyStore = KeyStore.getInstance(TYPE_OF_KEY_STORE);
            keyStore.load(null);
            Key key = keyStore.getKey(ALIAS, null);
            if (key == null) {
                RunLog.e(TAG, "signData: privateKey is null, Signature failed");
                return Optional.empty();
            }
            Signature signature = Signature.getInstance(ALGORITHM_NAME, (Provider) new HwUniversalKeyStoreProvider());
            signature.initSign((PrivateKey) key);
            signature.update(bArr);
            byte[] sign = signature.sign();
            RunLog.d(TAG, "sign duration: " + (System.currentTimeMillis() - currentTimeMillis));
            return Optional.of(Base64.encodeToString(sign, 0));
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | SignatureException | UnrecoverableKeyException | CertificateException e10) {
            RunLog.e(TAG, "sign: " + e10.getClass().getSimpleName(), e10);
            return Optional.empty();
        }
    }
}
