package defpackage;

import android.content.SharedPreferences;
import android.content.pm.PackageManager;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import androidx.lifecycle.b;
import io.github.vvb2060.keyattestation.AppApplication;
import java.io.ByteArrayInputStream;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.ProviderException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.util.ArrayList;
import java.util.Date;
import javax.security.auth.x500.X500Principal;

/* renamed from: fb, reason: case insensitive filesystem */
/* loaded from: classes.dex */
public final class C0127fb extends Pk {
    public final SharedPreferences c;
    public final KeyStore d;
    public final CertificateFactory e;
    public final b f;
    public ArrayList g;
    public boolean h;
    public final boolean i;
    public boolean j;
    public final boolean k;
    public boolean l;
    public final boolean m;
    public boolean n;

    public C0127fb(PackageManager packageManager, SharedPreferences sharedPreferences) {
        this.c = sharedPreferences;
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        this.d = keyStore;
        this.e = CertificateFactory.getInstance("X.509");
        this.f = new b();
        this.h = sharedPreferences.getBoolean("secret_mode", true);
        int i = Build.VERSION.SDK_INT;
        this.i = i >= 28 && packageManager.hasSystemFeature("android.hardware.strongbox_keystore");
        this.j = sharedPreferences.getBoolean("prefer_strongbox", false);
        this.k = i >= 31 && packageManager.hasSystemFeature("android.hardware.keystore.app_attest_key");
        this.l = sharedPreferences.getBoolean("prefer_attest_key", false);
        this.m = i >= 31 && packageManager.hasSystemFeature("android.software.device_id_attestation");
        this.n = sharedPreferences.getBoolean("prefer_including_props", false);
        keyStore.load(null);
        d(this);
    }

    public static void c(String str, boolean z, boolean z2, String str2) {
        Date date = new Date();
        boolean f = W4.f(str, str2);
        int i = Build.VERSION.SDK_INT;
        KeyGenParameterSpec.Builder attestationChallenge = new KeyGenParameterSpec.Builder(str, (i < 31 || !f) ? 4 : 128).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setDigests("SHA-256").setCertificateNotBefore(date).setAttestationChallenge(date.toString().getBytes(X4.a));
        if (i >= 28 && z) {
            attestationChallenge.setIsStrongBoxBacked(true);
        }
        if (i >= 31) {
            if (z2) {
                attestationChallenge.setDevicePropertiesAttestationIncluded(true);
            }
            if (f) {
                attestationChallenge.setCertificateSubject(new X500Principal("CN=App Attest Key"));
            } else {
                attestationChallenge.setAttestKeyAlias(str2);
            }
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
        keyPairGenerator.initialize(attestationChallenge.build());
        keyPairGenerator.generateKeyPair();
    }

    public static void d(C0127fb c0127fb) {
        c0127fb.getClass();
        AppApplication.c.execute(new RunnableC0081db(c0127fb, false));
    }

    public final C0508w3 b(boolean z, boolean z2, boolean z3) {
        String message;
        int numericErrorCode;
        boolean isTransientFailure;
        CertificateFactory certificateFactory;
        ArrayList arrayList = new ArrayList();
        String str = z ? "KeyAttestation_strongbox" : "KeyAttestation";
        String concat = z3 ? str.concat("_persistent") : null;
        KeyStore keyStore = this.d;
        if (z3) {
            try {
                if (!keyStore.containsAlias(concat)) {
                    c(concat, z, z2, concat);
                }
            } catch (ProviderException e) {
                Throwable cause = e.getCause();
                int i = Build.VERSION.SDK_INT;
                if (i >= 28 && Q.m(e)) {
                    throw new C0462u3(3, e);
                }
                if (i < 33 || !W.k(cause)) {
                    if (cause == null || (message = cause.getMessage()) == null || AbstractC0523wi.x0(message, "device ids", 0, false) < 0) {
                        throw new C0462u3(0, e);
                    }
                    throw new C0462u3(4, e);
                }
                numericErrorCode = W.b(cause).getNumericErrorCode();
                if (numericErrorCode == 8) {
                    throw new C0462u3(4, e);
                }
                isTransientFailure = W.b(cause).isTransientFailure();
                if (numericErrorCode != 16) {
                    if (isTransientFailure) {
                        throw new C0462u3(7, e);
                    }
                    throw new C0462u3(0, e);
                }
                if (isTransientFailure) {
                    throw new C0462u3(6, e);
                }
                throw new C0462u3(5, e);
            } catch (Exception e2) {
                throw new C0462u3(-1, e2);
            }
        }
        c(str, z, z2, concat);
        Certificate[] certificateChain = keyStore.getCertificateChain(str);
        if (certificateChain == null) {
            throw new CertificateException("Unable to get certificate chain");
        }
        int length = certificateChain.length;
        int i2 = 0;
        while (true) {
            certificateFactory = this.e;
            if (i2 >= length) {
                break;
            }
            arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(certificateChain[i2].getEncoded())));
            i2++;
        }
        if (z3) {
            Certificate[] certificateChain2 = keyStore.getCertificateChain(concat);
            if (certificateChain2 == null) {
                throw new CertificateException("Unable to get certificate chain");
            }
            for (Certificate certificate : certificateChain2) {
                arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(certificate.getEncoded())));
            }
        }
        this.g = arrayList;
        return M4.b(arrayList);
    }
}
