package io.eagle.sdk.ext.attestation;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import android.util.Log;
import io.eagle.sdk.ext.attestation.g;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.Arrays;
import java.util.Optional;
import java.util.UUID;
import org.bouncycastle.asn1.j;
import org.json.JSONArray;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class h {
    /* JADX INFO: Access modifiers changed from: package-private */
    public static int a(org.bouncycastle.asn1.d dVar) {
        BigInteger j;
        if (dVar instanceof j) {
            j = ((j) dVar).j();
        } else {
            if (!(dVar instanceof org.bouncycastle.asn1.f)) {
                StringBuilder a2 = c.b.a.a.a.a("Integer value expected; found ");
                a2.append(dVar.getClass().getName());
                a2.append(" instead.");
                throw new IllegalArgumentException(a2.toString());
            }
            j = ((org.bouncycastle.asn1.f) dVar).j();
        }
        return j.intValue();
    }

    private static X509Certificate a(String str) throws CertificateException {
        if (str != null) {
            try {
                if (!str.trim().isEmpty()) {
                    return (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(Base64.decode(str.replace("-----BEGIN CERTIFICATE-----\n", "").replace("-----END CERTIFICATE-----", ""), 3)));
                }
            } catch (CertificateException e2) {
                throw new CertificateException(e2);
            }
        }
        return null;
    }

    public static JSONObject a() {
        Certificate[] certificateArr;
        boolean z;
        JSONObject jSONObject = new JSONObject();
        if (Build.VERSION.SDK_INT < 24) {
            StringBuilder a2 = c.b.a.a.a.a("The Build Version ");
            a2.append(Build.VERSION.SDK_INT);
            a2.append(" < 24");
            Log.e("AttestationSdk", a2.toString());
            return jSONObject;
        }
        String uuid = UUID.randomUUID().toString();
        try {
            jSONObject.put("keyPairGenerator", b(uuid));
            X509Certificate[] x509CertificateArr = null;
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                certificateArr = keyStore.getCertificateChain(uuid);
            } catch (Throwable unused) {
                certificateArr = null;
            }
            if (certificateArr != null) {
                try {
                    X509Certificate[] x509CertificateArr2 = new X509Certificate[certificateArr.length];
                    int i2 = 0;
                    for (Certificate certificate : certificateArr) {
                        x509CertificateArr2[i2] = a(Base64.encodeToString(certificate.getEncoded(), 3));
                        i2++;
                    }
                    x509CertificateArr = x509CertificateArr2;
                } catch (Exception unused2) {
                }
            }
            if (x509CertificateArr != null && x509CertificateArr.length != 0) {
                try {
                    X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
                    int length = x509CertificateArr.length - 1;
                    while (length >= 0) {
                        X509Certificate x509Certificate2 = x509CertificateArr[length];
                        x509Certificate2.checkValidity();
                        x509Certificate2.verify(x509Certificate.getPublicKey());
                        length--;
                        x509Certificate = x509Certificate2;
                    }
                    z = Arrays.equals(x509CertificateArr[x509CertificateArr.length - 1].getPublicKey().getEncoded(), Base64.decode("MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAQ==", 0));
                } catch (Exception unused3) {
                    z = false;
                }
                jSONObject.put("verifyCertificateChain", z);
                a(jSONObject, x509CertificateArr[0]);
            }
        } catch (Exception unused4) {
        }
        return jSONObject;
    }

    private static void a(AuthorizationList authorizationList, JSONObject jSONObject) throws Exception {
        a(authorizationList.f6720a, "purpose", jSONObject);
        a(authorizationList.f6721b, "algorithm", jSONObject);
        a(authorizationList.f6722c, "keySize", jSONObject);
        a(authorizationList.f6723d, "digest", jSONObject);
        a(authorizationList.f6724e, "padding", jSONObject);
        a(authorizationList.f6725f, "ecCurve", jSONObject);
        a(authorizationList.f6726g, "rsaPublicExponent", jSONObject);
        jSONObject.put("rollbackResistance", authorizationList.f6727h);
        a(authorizationList.f6728i, "activeDateTime", jSONObject);
        a(authorizationList.j, "originationExpireDateTime", jSONObject);
        a(authorizationList.k, "usageExpireDateTime", jSONObject);
        jSONObject.put("noAuthRequired", authorizationList.l);
        a(authorizationList.m, "userAuthType", jSONObject);
        a(authorizationList.n, "authTimeout", jSONObject);
        jSONObject.put("allowWhileOnBody", authorizationList.o);
        jSONObject.put("trustedUserPresenceRequired", authorizationList.p);
        jSONObject.put("trustedConfirmationRequired", authorizationList.q);
        jSONObject.put("unlockedDeviceRequired", authorizationList.r);
        jSONObject.put("allApplications", authorizationList.s);
        a(authorizationList.t, "applicationId", jSONObject);
        a(authorizationList.u, "creationDateTime", jSONObject);
        a(authorizationList.v, "origin", jSONObject);
        jSONObject.put("rollbackResistant", authorizationList.w);
        JSONObject jSONObject2 = new JSONObject();
        Optional<RootOfTrust> optional = authorizationList.x;
        if (optional.isPresent()) {
            jSONObject2.put("verifiedBootKey", i.a(optional.get().f6746a));
            jSONObject2.put("deviceLocked", optional.get().f6747b);
            jSONObject2.put("verifiedBootState", optional.get().f6748c.name());
            jSONObject2.put("verifiedBootHash", i.a(optional.get().f6749d));
        }
        jSONObject.put("rootOfTrust", jSONObject2);
        a(authorizationList.y, "osVersion", jSONObject);
        a(authorizationList.z, "osPatchLevel", jSONObject);
        JSONObject jSONObject3 = new JSONObject();
        Optional<g> optional2 = authorizationList.A;
        if (optional2.isPresent()) {
            JSONArray jSONArray = new JSONArray();
            for (g.b bVar : optional2.get().f6761d) {
                JSONObject jSONObject4 = new JSONObject();
                jSONObject4.put("packageName", bVar.f6763d);
                jSONObject4.put("version", bVar.f6764e);
                jSONArray.put(jSONObject4);
            }
            jSONObject3.put("packageInfo", jSONArray);
            JSONArray jSONArray2 = new JSONArray();
            for (byte[] bArr : optional2.get().f6762e) {
                JSONObject jSONObject5 = new JSONObject();
                jSONObject5.put("digest", i.a(bArr));
                jSONArray2.put(jSONObject5);
            }
            jSONObject3.put("signatureDigest", jSONArray2);
        }
        jSONObject.put("attestationApplicationId", jSONObject3);
        a(authorizationList.B, "attestationApplicationIdBytes", jSONObject);
        a(authorizationList.C, "attestationIdBrand", jSONObject);
        a(authorizationList.D, "attestationIdDevice", jSONObject);
        a(authorizationList.E, "attestationIdProduct", jSONObject);
        a(authorizationList.F, "attestationIdSerial", jSONObject);
        a(authorizationList.G, "attestationIdImei", jSONObject);
        a(authorizationList.H, "attestationIdMeid", jSONObject);
        a(authorizationList.I, "attestationIdManufacturer", jSONObject);
        a(authorizationList.J, "attestationIdModel", jSONObject);
        a(authorizationList.K, "vendorPatchLevel", jSONObject);
        a(authorizationList.L, "bootPatchLevel", jSONObject);
    }

    private static <T> void a(Optional<T> optional, String str, JSONObject jSONObject) throws Exception {
        if (optional.isPresent()) {
            boolean z = optional.get() instanceof byte[];
            Object obj = optional.get();
            if (z) {
                obj = i.a((byte[]) obj);
            }
            jSONObject.put(str, obj);
        }
    }

    private static void a(JSONObject jSONObject, X509Certificate x509Certificate) throws Exception {
        ParsedAttestationRecord a2 = ParsedAttestationRecord.a(x509Certificate);
        jSONObject.put("attestationVersion", a2.f6734a);
        jSONObject.put("attestationSecurityLevel", a2.f6735b.name());
        jSONObject.put("keymasterVersion", a2.f6736c);
        jSONObject.put("keymasterSecurityLevel", a2.f6737d.name());
        Log.i("AttestationSdk", String.format("attestationChallenge: %s", a2.f6738e));
        jSONObject.put("attestationChallenge", i.a(a2.f6738e));
        jSONObject.put("uniqueId", Arrays.toString(a2.f6739f));
        JSONObject jSONObject2 = new JSONObject();
        a(a2.f6740g, jSONObject2);
        jSONObject.put("softwareEnforced", jSONObject2);
        JSONObject jSONObject3 = new JSONObject();
        a(a2.f6741h, jSONObject3);
        jSONObject.put("teeEnforced", jSONObject3);
    }

    static boolean b(String str) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            KeyGenParameterSpec.Builder userAuthenticationRequired = new KeyGenParameterSpec.Builder(str, 4).setDigests("SHA-256").setAlgorithmParameterSpec(new ECGenParameterSpec("prime256v1")).setUserAuthenticationRequired(false);
            byte[] bArr = new byte[32];
            new SecureRandom().nextBytes(bArr);
            userAuthenticationRequired.setAttestationChallenge(bArr);
            keyPairGenerator.initialize(userAuthenticationRequired.build());
            keyPairGenerator.generateKeyPair();
            return true;
        } catch (Exception unused) {
            return false;
        }
    }
}
