package o;

import android.app.Activity;
import android.content.Context;
import android.text.TextUtils;
import android.util.Base64;
import com.huawei.hms.support.api.hwid.SignInHuaweiId;
import com.huawei.hms.support.api.hwid.SignInResult;
import com.huawei.operation.utils.Constants;
import com.huawei.security.hccm.EnrollmentException;
import com.huawei.security.hccm.common.callback.EnrollCertificateCallback;
import com.huawei.security.keystore.HwUniversalKeyStoreProvider;
import com.huawei.wallet.commonbase.log.LogC;
import com.huawei.wallet.logic.account.AccountManager;
import com.huawei.wallet.logic.account.HmsAccountManager;
import com.huawei.wallet.utils.crypto.SHA_256;
import com.hwawei.application.hwpay.HWPayServiceManager;
import com.hwawei.application.hwpay.TokenInfo;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: classes9.dex */
public class dpi {
    private static volatile dpi d;
    private static final byte[] e = new byte[0];
    private dpj c;
    private Context g;
    private boolean h;
    private KeyStore m;
    private HWPayServiceManager n;
    private a a = null;
    private Map<String, String> i = new ConcurrentHashMap();
    private String f = null;
    private String k = null;
    private Signature p = null;
    Map<String, dph> b = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes9.dex */
    public static class a implements EnrollCertificateCallback {
    }

    private dpi() {
        this.h = false;
        try {
            this.h = dpf.a().e();
            if (!this.h) {
                LogC.c("PayHccmRequestManager", "bSupportPKI is not support", false);
                return;
            }
            this.g = dup.c().a();
            if (Security.getProvider("BC") == null) {
                Security.addProvider(new BouncyCastleProvider());
            }
            if (Security.getProvider("HwUniversalKeyStoreProvider") == null) {
                HwUniversalKeyStoreProvider.install();
            }
            try {
                this.c = new dpj();
            } catch (Exception unused) {
                LogC.c("PayHccmRequestManager new mKeyGen exception:", false);
            }
            try {
                this.n = new HWPayServiceManager();
            } catch (EnrollmentException unused2) {
                LogC.c("PayHccmRequestManager new HWMobileServiceManager exception:", false);
            }
        } catch (Throwable unused3) {
            LogC.a("PayHccmRequestManager is not support. ", false);
        }
    }

    private String a(X509Certificate x509Certificate) {
        byte[] bArr;
        try {
            bArr = x509Certificate.getEncoded();
        } catch (CertificateEncodingException unused) {
            LogC.a("PayHccmRequestManager exception getCerificatePemStr fail:CertificateEncodingException", false);
            bArr = null;
        }
        if (bArr == null) {
            return null;
        }
        return "-----BEGIN CERTIFICATE-----\r" + Base64.encodeToString(bArr, 0) + "-----END CERTIFICATE-----";
    }

    /* JADX INFO: Access modifiers changed from: private */
    public dpa a(String str, KeyStore keyStore) {
        dpa dpaVar = new dpa(99);
        if (keyStore != null && str != null) {
            try {
                Certificate[] certificateChain = keyStore.getCertificateChain(str);
                if (certificateChain == null || certificateChain.length <= 3) {
                    LogC.c("generate key certificateChain length error", false);
                    dpaVar.c(3);
                } else {
                    Certificate certificate = certificateChain[1];
                    Certificate certificate2 = certificateChain[0];
                    Certificate certificate3 = certificateChain[2];
                    String encodeToString = Base64.encodeToString(certificate.getEncoded(), 0);
                    String encodeToString2 = Base64.encodeToString(certificate2.getEncoded(), 0);
                    String encodeToString3 = Base64.encodeToString(certificate3.getEncoded(), 0);
                    dpaVar.c(0);
                    dpaVar.b(encodeToString);
                    dpaVar.d(encodeToString2);
                    dpaVar.e(encodeToString3);
                    LogC.c("generate key local certificateChain success", false);
                }
            } catch (KeyStoreException unused) {
                LogC.c("requestKey KeyStoreException error", false);
                dpaVar.c(3);
            } catch (CertificateEncodingException unused2) {
                dpaVar.c(3);
                LogC.c("requestKey CertificateEncodingException", false);
            }
        }
        return dpaVar;
    }

    private dph a(String str, boolean z) {
        if (TextUtils.isEmpty(str)) {
            LogC.a("PayHccmRequestManager queryPayCertificate invalidate uid", false);
            return new dph(1);
        }
        dph dphVar = z ? this.b.get(str) : null;
        if (dphVar != null) {
            return dphVar;
        }
        if (this.h) {
            return null;
        }
        LogC.a("PayHccmRequestManager queryPayCertificate not support paycertifacate:", false);
        return new dph(2);
    }

    private X500Name a(String str) {
        byte[] bArr = new byte[0];
        try {
            bArr = MessageDigest.getInstance("SHA-256").digest(str.getBytes("UTF-8"));
        } catch (UnsupportedEncodingException unused) {
            LogC.a("PayHccmRequestManagerconstructSubject UnsupportedEncodingException", false);
        } catch (NoSuchAlgorithmException unused2) {
            LogC.a("PayHccmRequestManagerconstructSubject NoSuchAlgorithmException", false);
        }
        String str2 = "com.huawei.wallet." + Hex.toHexString(bArr).substring(0, 32);
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.CN, str2);
        x500NameBuilder.addRDN(BCStyle.OU, "Huawei Pay");
        x500NameBuilder.addRDN(BCStyle.O, "Huawei");
        x500NameBuilder.addRDN(BCStyle.C, "CN");
        return x500NameBuilder.build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public KeyStore b() {
        KeyStore keyStore;
        try {
            keyStore = KeyStore.getInstance("HwKeyStore");
        } catch (IOException unused) {
            keyStore = null;
        } catch (KeyStoreException unused2) {
            keyStore = null;
        } catch (NoSuchAlgorithmException unused3) {
            keyStore = null;
        } catch (CertificateException unused4) {
            keyStore = null;
        }
        try {
            keyStore.load(null, null);
        } catch (IOException unused5) {
            LogC.a("PayHccmRequestManagergetKeyStore  IOException", false);
            return keyStore;
        } catch (KeyStoreException unused6) {
            LogC.a("PayHccmRequestManagergetKeyStore  KeyStoreException", false);
            return keyStore;
        } catch (NoSuchAlgorithmException unused7) {
            LogC.a("PayHccmRequestManagergetKeyStore  NoSuchAlgorithmException", false);
            return keyStore;
        } catch (CertificateException unused8) {
            LogC.a("PayHccmRequestManagergetKeyStore  CertificateException", false);
            return keyStore;
        }
        return keyStore;
    }

    public static dpi c() {
        if (d == null) {
            synchronized (e) {
                if (d == null) {
                    d = new dpi();
                }
            }
        }
        return d;
    }

    private boolean c(X509Certificate x509Certificate, int i) {
        Date date = new Date();
        date.setTime(date.getTime() + TimeUnit.DAYS.toMillis(i));
        try {
            x509Certificate.checkValidity(date);
            return true;
        } catch (CertificateExpiredException unused) {
            LogC.a("PayHccmRequestManagercheckValidity expired ", false);
            return false;
        } catch (CertificateNotYetValidException unused2) {
            LogC.a("PayHccmRequestManagercheckValidity notyetvalid ", false);
            return false;
        }
    }

    private String f(String str) {
        String str2;
        synchronized (e) {
            if (!str.equals(this.f) || TextUtils.isEmpty(this.k)) {
                this.f = str;
                this.k = SHA_256.d("com.huawei.wallet_" + this.f, null);
            }
            str2 = this.k;
        }
        return str2;
    }

    public Signature b(String str) {
        try {
            LogC.c("PayHccmRequestManager signData keystore access:", false);
            if (this.m == null) {
                this.m = b();
            }
            if (this.m != null) {
                String f = f(str);
                Certificate certificate = this.m.getCertificate(f);
                if (certificate == null) {
                    return null;
                }
                this.p = Signature.getInstance(((X509Certificate) certificate).getSigAlgName(), "HwUniversalKeyStoreProvider");
                this.p.initSign((PrivateKey) this.m.getKey(f, (char[]) null));
                return this.p;
            }
        } catch (InvalidKeyException unused) {
            LogC.a("PayHccmRequestManager signData InvalidKeyException", false);
        } catch (KeyStoreException unused2) {
            LogC.a("PayHccmRequestManager signData KeyStoreException", false);
        } catch (NoSuchAlgorithmException unused3) {
            LogC.a("PayHccmRequestManager signData NoSuchAlgorithmException", false);
        } catch (NoSuchProviderException unused4) {
            LogC.a("PayHccmRequestManager signData NoSuchProviderException", false);
        } catch (UnrecoverableKeyException unused5) {
            LogC.a("PayHccmRequestManager signData SignatureException", false);
        } catch (Throwable th) {
            LogC.d("PayHccmRequestManager", "Unexpected throwable " + th.getMessage(), false);
        }
        return this.p;
    }

    public void b(final dpd dpdVar, Activity activity) {
        LogC.c("obtainCertificateChain start", false);
        if (this.c == null) {
            dpdVar.onResult(null);
        } else if (HmsAccountManager.d(activity).d() != null) {
            b(dpdVar, HmsAccountManager.d(activity).d().getAccessToken());
        } else {
            HmsAccountManager.d(activity).a(new HmsAccountManager.SignInCallback() { // from class: o.dpi.2
                @Override // com.huawei.wallet.logic.account.HmsAccountManager.SignInCallback
                public void onResult(SignInResult signInResult) {
                    LogC.c("PayHccmRequestManager", "LicenseQueryTask sign in result  ", true);
                    if (!signInResult.isSuccess()) {
                        LogC.c("PayHccmRequestManager", "LicenseQueryTask sign in fail", false);
                        return;
                    }
                    SignInHuaweiId signInHuaweiId = signInResult.getSignInHuaweiId();
                    LogC.c("PayHccmRequestManager", "LicenseQueryTask sign in success", false);
                    dpi.this.b(dpdVar, signInHuaweiId.getAccessToken());
                }
            });
        }
    }

    public void b(final dpd dpdVar, String str) {
        if (str == null) {
            LogC.c("obtainCertificateChain accessToken false", false);
            dpdVar.onResult(null);
            return;
        }
        LogC.c("obtainCertificateChain accessToken true", false);
        final String f = f(AccountManager.getInstance().getAccountInfo().d());
        TokenInfo tokenInfo = new TokenInfo("AccessToken", str);
        dpa d2 = d(f);
        if (d2.c() == 0) {
            dpdVar.onResult(d2);
            return;
        }
        dpc dpcVar = new dpc() { // from class: o.dpi.5
            @Override // o.dpc
            public void a() {
                LogC.c("generate key success", false);
                dpdVar.onResult(dpi.this.a(f, dpi.this.b()));
            }

            @Override // o.dpc
            public void d(int i) {
                LogC.c("generate key error: Error (" + i + Constants.RIGHT_BRACKET_ONLY, false);
                dpdVar.onResult(new dpa(3));
            }
        };
        this.c.b(f, tokenInfo, "PKCS1", 0);
        this.c.b(dpcVar);
    }

    public dph c(String str) {
        if (this.p == null || TextUtils.isEmpty(str)) {
            LogC.a("PayHccmRequestManager signData invalidate signature or orignStr isEmpty", false);
            return new dph(1);
        }
        if (!this.h) {
            LogC.a("PayHccmRequestManager signData not support paycertifacate:", false);
            return new dph(2);
        }
        synchronized (e) {
            if (this.a != null) {
                LogC.a("PayHccmRequestManager signData exist updatepaycerificate call:", false);
                return new dph(6);
            }
            try {
                LogC.c("PayHccmRequestManager signData keystore access:", false);
                byte[] bytes = str.getBytes("UTF-8");
                if (this.m != null) {
                    this.p.update(bytes);
                    byte[] sign = this.p.sign();
                    LogC.c("PayHccmRequestManager signData complete:", false);
                    return new dph(0, Base64.encodeToString(sign, 2));
                }
            } catch (UnsupportedEncodingException unused) {
                LogC.a("PayHccmRequestManager signData UnsupportedEncodingException", false);
            } catch (SignatureException e2) {
                LogC.a("PayHccmRequestManager signData SignatureException", false);
                LogC.c("PayHccmRequestManager", " signData SignatureException", e2, false);
            } catch (Exception e3) {
                LogC.d("PayHccmRequestManager", "Unexpected Exception " + e3.getMessage(), false);
            }
            LogC.a("PayHccmRequestManager signData return other error", false);
            return new dph(99);
        }
    }

    public dph c(String str, boolean z) {
        dph a2 = a(str, z);
        if (a2 != null) {
            return a2;
        }
        synchronized (e) {
            if (this.a != null) {
                LogC.a("PayHccmRequestManager queryPayCertificate exist updatepaycerificate call:", false);
                return new dph(6);
            }
            try {
                LogC.c("PayHccmRequestManager queryPayCertificate keystore access:", false);
                this.m = b();
                if (this.m != null) {
                    String f = f(str);
                    Certificate certificate = this.m.getCertificate(f);
                    if (certificate == null) {
                        LogC.a("PayHccmRequestManager queryPayCertificate error: certificate is null", false);
                        return new dph(4);
                    }
                    if (!c((X509Certificate) certificate, 2)) {
                        return new dph(5);
                    }
                    Certificate[] certificateArr = null;
                    try {
                        certificateArr = this.m.getCertificateChain(f);
                    } catch (RuntimeException e2) {
                        LogC.a("PayHccmRequestManager Hit exception when try to getCertificateChain: " + e2.getMessage(), false);
                    }
                    if (certificateArr == null || certificateArr.length <= 0) {
                        LogC.a("PayHccmRequestManager queryPayCertificate error: certChain is null", false);
                        return new dph(4);
                    }
                    X500Principal x500Principal = new X500Principal(a(str).getEncoded());
                    X509Certificate x509Certificate = (X509Certificate) certificateArr[0];
                    if (!x509Certificate.getSubjectX500Principal().equals(x500Principal)) {
                        LogC.a("PayHccmRequestManager queryPayCertificate subject complete:", false);
                        return new dph(4);
                    }
                    LogC.c("PayHccmRequestManager queryPayCertificate complete:", false);
                    dph dphVar = new dph(0, a((X509Certificate) certificateArr[0]), x509Certificate.getSerialNumber().toString());
                    this.b.put(str, dphVar);
                    return dphVar;
                }
            } catch (IOException unused) {
                LogC.c("PayHccmRequestManager queryPayCertificate IOException", false);
            } catch (KeyStoreException unused2) {
                LogC.c("PayHccmRequestManager queryPayCertificate KeyStoreException", false);
            }
            return new dph(99);
        }
    }

    public dpa d(String str) {
        LogC.c("queryDeviceCertificate start", false);
        if (TextUtils.isEmpty(str)) {
            LogC.d("PayHccmRequestManager", " queryDeviceCertificate invalidate alias fail", false);
            return new dpa(1);
        }
        try {
            LogC.c("PayHccmRequestManager", " queryDeviceCertificate keystore access:", false);
            KeyStore b = b();
            if (b != null) {
                Certificate certificate = b.getCertificate(str);
                if (certificate == null) {
                    LogC.c("PayHccmRequestManager", " queryDeviceCertificate certificate is null", false);
                    return new dpa(4);
                }
                if (c((X509Certificate) certificate, 1)) {
                    return a(str, b);
                }
                LogC.c("PayHccmRequestManager", " queryDeviceCertificate validation is false", false);
                return new dpa(5);
            }
        } catch (KeyStoreException unused) {
            LogC.c("PayHccmRequestManager", " queryPayCertificate KeyStoreException", false);
        }
        return new dpa(99);
    }

    public Signature e() {
        return this.p;
    }

    public dph e(String str) {
        return c(str, true);
    }

    public boolean e(String str, String str2) {
        if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2)) {
            LogC.c("PayHccmRequestManager checkCerificateValidate return false uid | serialnum are empty:", false);
            return false;
        }
        String str3 = this.i.get(str);
        if (TextUtils.isEmpty(str3)) {
            dph e2 = e(str);
            int b = e2.b();
            if (b == 0) {
                str3 = e2.c();
                this.i.put(str, str3);
            } else {
                LogC.c("PayHccmRequestManager checkCerificateValidate queryPayCerificate fail " + b, false);
            }
        }
        if (!str2.equals(str3)) {
            return false;
        }
        LogC.c("PayHccmRequestManager checkCerificateValidate return true:", false);
        return true;
    }
}
