package com.threatmetrix.TrustDefender.internal;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.KeyChain;
import android.security.KeyPairGeneratorSpec;
import com.adjust.sdk.Constants;
import com.threatmetrix.TrustDefender.StrongAuth;
import com.threatmetrix.TrustDefender.THMStatusCode;
import com.threatmetrix.TrustDefender.internal.D;
import com.threatmetrix.TrustDefender.internal.V;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.nio.charset.UnsupportedCharsetException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collections;
import java.util.HashSet;
import java.util.Random;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class NH {

    /* renamed from: new, reason: not valid java name */
    private static final String f483new = PH.m255do(NH.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public interface E {
        /* renamed from: for */
        byte[] mo221for();

        /* renamed from: int */
        byte[] mo222int();

        /* renamed from: new */
        BigInteger mo223new();

        /* renamed from: new */
        byte[] mo224new(byte[] bArr);
    }

    /* loaded from: classes2.dex */
    public enum I {
        THM_UNKNOWN_METHOD("unknownmethod"),
        THM_USER_PRESENCE("tmxuserpresence"),
        THM_DEVICE_PRESENCE("tmxdevicepresence");


        /* renamed from: int, reason: not valid java name */
        final String f490int;

        I(String str) {
            this.f490int = str;
        }

        /* renamed from: for, reason: not valid java name */
        public static I m225for(String str) {
            for (I i : values()) {
                if (str.equals(i.f490int)) {
                    return i;
                }
            }
            return THM_UNKNOWN_METHOD;
        }
    }

    /* loaded from: classes2.dex */
    public enum L {
        MISSING_PARAMETER("MISSING_PARAMETER", THMStatusCode.THM_Internal_Error),
        NOT_SUPPORTED("NOT_SUPPORTED", THMStatusCode.THM_StrongAuth_Unsupported),
        MISSING_FUNCTION("MISSING_FUNCTION", THMStatusCode.THM_Internal_Error),
        REGISTRATION_FAILED("REGISTRATION_FAILED", THMStatusCode.THM_StrongAuth_Failed),
        REGISTRATION_CANCELLED("REGISTRATION_CANCELLED", THMStatusCode.THM_StrongAuth_Cancelled),
        CONTEXT_NOT_FOUND("CONTEXT_NOT_FOUND", THMStatusCode.THM_StrongAuth_Failed),
        STEPUP_FAILED("STEPUP_FAILED", THMStatusCode.THM_StrongAuth_Failed),
        STEPUP_CANCELLED("STEPUP_CANCELLED", THMStatusCode.THM_StrongAuth_Cancelled),
        REGISTERED("REGISTERED", THMStatusCode.THM_OK),
        STEPUP_COMPLETE("STEPUP_COMPLETE", THMStatusCode.THM_OK);


        /* renamed from: break, reason: not valid java name */
        public final THMStatusCode f502break;

        /* renamed from: goto, reason: not valid java name */
        public final String f503goto;

        L(String str, THMStatusCode tHMStatusCode) {
            this.f503goto = str;
            this.f502break = tHMStatusCode;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class O implements E {

        /* renamed from: do, reason: not valid java name */
        final byte[] f504do;

        /* renamed from: if, reason: not valid java name */
        @Nonnull
        final PrivateKey f505if;

        /* renamed from: new, reason: not valid java name */
        final BigInteger f506new;

        O(@Nonnull PrivateKey privateKey, BigInteger bigInteger, byte[] bArr) {
            this.f505if = privateKey;
            this.f506new = bigInteger;
            this.f504do = bArr;
        }

        @Override // com.threatmetrix.TrustDefender.internal.NH.E
        /* renamed from: for */
        public final byte[] mo221for() {
            return NH.m209do(this.f505if);
        }

        @Override // com.threatmetrix.TrustDefender.internal.NH.E
        /* renamed from: int */
        public final byte[] mo222int() {
            return this.f504do;
        }

        @Override // com.threatmetrix.TrustDefender.internal.NH.E
        /* renamed from: new */
        public final BigInteger mo223new() {
            return this.f506new;
        }

        @Override // com.threatmetrix.TrustDefender.internal.NH.E
        /* renamed from: new */
        public final byte[] mo224new(byte[] bArr) {
            return NH.m214if(this.f505if, bArr);
        }
    }

    /* loaded from: classes.dex */
    public static class W {

        /* renamed from: for, reason: not valid java name */
        @Nullable
        public final String f507for;

        /* renamed from: int, reason: not valid java name */
        @Nonnull
        public final L f508int;

        W(@Nonnull L l, @Nullable String str) {
            this.f508int = l;
            this.f507for = str;
        }
    }

    NH() {
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    /* renamed from: do, reason: not valid java name */
    public static byte[] m208do(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(Constants.SHA256);
            messageDigest.update(str.getBytes(Charset.forName("utf-8")));
            byte[] digest = messageDigest.digest();
            messageDigest.reset();
            return T.m282for(Arrays.asList(new HashSet(Arrays.asList(Arrays.asList(T.f566int, NK.m231do(digest))))));
        } catch (NoSuchAlgorithmException unused) {
            return null;
        }
    }

    /* renamed from: do, reason: not valid java name */
    static /* synthetic */ byte[] m209do(PrivateKey privateKey) {
        return "EC".equalsIgnoreCase(privateKey.getAlgorithm()) ? T.f567new : T.f564for;
    }

    @Nonnull
    @TargetApi(18)
    /* renamed from: for, reason: not valid java name */
    public static W m210for(@Nonnull V.E e, @Nonnull I i, @Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull byte[] bArr, @Nullable StrongAuth.StrongAuthCallback strongAuthCallback) {
        X509Certificate x509Certificate;
        byte[] signature;
        if (i != I.THM_USER_PRESENCE) {
            return new W(L.MISSING_FUNCTION, null);
        }
        if (NK.m241if(str3)) {
            return new W(L.MISSING_PARAMETER, null);
        }
        String m242int = NK.m242int(str3);
        String concat = "TrustDefenderSDKStrongAuth".concat(str3);
        StrongAuth.AuthenticationStatus m163if = (strongAuthCallback == null || D.O.E.f141if < 21) ? StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_NOT_POSSIBLE : IL.m163if(e.f657do, str, str2, strongAuthCallback);
        if (m163if == StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_NOT_POSSIBLE) {
            PH.m263if(f483new, "Register Failure: Not supported, authentication only possible for API 21+ ");
            return new W(L.NOT_SUPPORTED, null);
        }
        if (m163if == StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_CANCELLED) {
            PH.m263if(f483new, "Register Failure: User cancelled authentication");
            return new W(L.REGISTRATION_CANCELLED, null);
        }
        if (m163if != StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_OK) {
            PH.m263if(f483new, "Register Failure: User didn't proceed with authentication");
            return new W(L.REGISTRATION_FAILED, null);
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            try {
                keyStore.deleteEntry(concat);
            } catch (Exception unused) {
            }
            BigInteger bigInteger = new BigInteger(32, new Random());
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 5);
            KeyPair m213if = m213if("EC", e.f657do, "AndroidKeyStore", concat, m242int, bigInteger, calendar, calendar2, true, bArr);
            if (m213if == null) {
                m213if = m213if("RSA", e.f657do, "AndroidKeyStore", concat, m242int, bigInteger, calendar, calendar2, true, bArr);
            }
            if (m213if == null) {
                m213if = m213if("EC", e.f657do, "AndroidKeyStore", concat, m242int, bigInteger, calendar, calendar2, false, bArr);
            }
            if (m213if == null || m213if.getPrivate() == null || m213if.getPublic() == null) {
                return new W(L.REGISTRATION_FAILED, null);
            }
            try {
                Certificate[] certificateChain = keyStore.getCertificateChain(concat);
                if (certificateChain.length == 0) {
                    return new W(L.REGISTRATION_FAILED, null);
                }
                if (certificateChain.length != 1 || !(certificateChain[0] instanceof X509Certificate) || ((signature = (x509Certificate = (X509Certificate) certificateChain[0]).getSignature()) != null && signature.length > 2)) {
                    byte[] encoded = certificateChain[0].getEncoded();
                    StringBuilder sb = new StringBuilder(((encoded.length * 2) + 1) * certificateChain.length);
                    sb.append(NK.m231do(encoded));
                    for (int i2 = 1; i2 < certificateChain.length; i2++) {
                        sb.append(",");
                        sb.append(NK.m231do(certificateChain[i2].getEncoded()));
                    }
                    return new W(L.REGISTERED, sb.toString());
                }
                byte[] tBSCertificate = x509Certificate.getTBSCertificate();
                byte[] m214if = m214if(m213if.getPrivate(), tBSCertificate);
                if (m214if == null) {
                    return new W(L.REGISTRATION_FAILED, null);
                }
                Object[] objArr = new Object[3];
                objArr[0] = tBSCertificate;
                byte[][] bArr2 = new byte[1];
                bArr2[0] = "EC".equalsIgnoreCase(m213if.getPrivate().getAlgorithm()) ? T.f567new : T.f564for;
                objArr[1] = Arrays.asList(bArr2);
                objArr[2] = T.m289new(m214if);
                return new W(L.REGISTERED, NK.m231do(T.m282for(Arrays.asList(objArr))));
            } catch (KeyStoreException unused2) {
                return new W(L.REGISTRATION_FAILED, null);
            } catch (CertificateException unused3) {
                return new W(L.REGISTRATION_FAILED, null);
            }
        } catch (Exception unused4) {
            return new W(L.REGISTRATION_FAILED, null);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* renamed from: for, reason: not valid java name */
    private static W m211for(@Nonnull String str, @Nonnull byte[] bArr, @Nonnull I i, @Nonnull E e) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(Constants.SHA256);
            try {
                byte[] bytes = str.getBytes(Charset.forName("utf-8"));
                messageDigest.update(bytes);
                byte[] digest = messageDigest.digest();
                messageDigest.reset();
                HashSet hashSet = new HashSet(3);
                hashSet.add(Arrays.asList(T.f565if, new HashSet(Arrays.asList(T.m283for(digest)))));
                hashSet.add(Arrays.asList(T.f562do, new HashSet(Arrays.asList(T.m283for(bArr)))));
                hashSet.add(Arrays.asList(T.f561char, new HashSet(Arrays.asList(T.f559byte))));
                hashSet.add(Arrays.asList(T.f568try, new HashSet(Arrays.asList(T.m283for(i.f490int.getBytes())))));
                byte[] m282for = T.m282for(hashSet);
                NK.m231do(m282for);
                byte[] mo224new = e.mo224new(m282for);
                return mo224new == null ? new W(L.STEPUP_FAILED, null) : new W(L.STEPUP_COMPLETE, NK.m231do(T.m282for(Arrays.asList(T.f560case, T.m288new(Collections.singletonList(Arrays.asList(1, new HashSet(Collections.singletonList(Arrays.asList(T.f563else, null))), Arrays.asList(T.f559byte, T.m288new(Collections.singletonList(T.m283for(bytes)))), new HashSet(Collections.singletonList(Arrays.asList(1, Arrays.asList(e.mo222int(), e.mo223new()), Arrays.asList(T.f563else, null), T.m288new((Object) m282for), Arrays.asList(e.mo221for()), T.m283for(mo224new)))))))))));
            } catch (UnsupportedCharsetException unused) {
                return new W(L.MISSING_PARAMETER, null);
            } catch (IllegalArgumentException unused2) {
                return new W(L.MISSING_PARAMETER, null);
            }
        } catch (NoSuchAlgorithmException unused3) {
            return new W(L.NOT_SUPPORTED, null);
        }
    }

    @Nonnull
    /* renamed from: if, reason: not valid java name */
    public static W m212if(@Nonnull V.E e, @Nonnull I i, @Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull byte[] bArr, @Nonnull StrongAuth.StrongAuthCallback strongAuthCallback) {
        if (i != I.THM_USER_PRESENCE) {
            return i == I.THM_DEVICE_PRESENCE ? m216int(e, str3, str, str2, bArr, i, strongAuthCallback) : new W(L.MISSING_FUNCTION, null);
        }
        StrongAuth.AuthenticationStatus m163if = (strongAuthCallback == null || D.O.E.f141if < 21) ? StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_NOT_POSSIBLE : IL.m163if(e.f657do, str, str2, strongAuthCallback);
        if (m163if == StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_NOT_POSSIBLE) {
            PH.m263if(f483new, "StepUp Failure: Authentication is only for API 21+");
            return new W(L.NOT_SUPPORTED, null);
        }
        if (m163if == StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_CANCELLED) {
            PH.m263if(f483new, "StepUp Failure: User cancelled authentication");
            return new W(L.STEPUP_CANCELLED, null);
        }
        if (m163if != StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_OK) {
            PH.m263if(f483new, "StepUp Failure: User didn't proceed with authentication");
            return new W(L.STEPUP_FAILED, null);
        }
        O m215int = m215int(str3);
        return m215int == null ? new W(L.CONTEXT_NOT_FOUND, null) : m211for(str2, bArr, i, m215int);
    }

    @Nullable
    @TargetApi(18)
    /* renamed from: if, reason: not valid java name */
    private static KeyPair m213if(@Nonnull String str, @Nonnull Context context, String str2, String str3, String str4, @Nonnull BigInteger bigInteger, @Nonnull Calendar calendar, @Nonnull Calendar calendar2, boolean z, byte[] bArr) {
        if (!KeyChain.isKeyAlgorithmSupported(str)) {
            return null;
        }
        if (D.W.m94new()) {
            return CO.m54do(str, str2, str3, str4, bigInteger, calendar, calendar2, z, bArr);
        }
        if (z) {
            try {
                if (!KeyChain.isBoundKeyAlgorithm(str)) {
                    return null;
                }
            } catch (IllegalStateException | NoSuchAlgorithmException unused) {
            } catch (InvalidAlgorithmParameterException e) {
                PH.m268int(f483new, "Can't create KeyPair {}", e.toString());
            } catch (NoSuchProviderException e2) {
                PH.m268int(f483new, "Can't create KeyPair {}", e2.toString());
            }
        }
        if (D.O.E.f141if >= D.O.L.f154goto && D.O.E.f141if < 23 && D.W.m92for()) {
            KeyPairGeneratorSpec.Builder endDate = new KeyPairGeneratorSpec.Builder(context).setAlias(str3).setSubject(new X500Principal("CN=".concat(String.valueOf(str4)))).setSerialNumber(bigInteger).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime());
            if (Build.VERSION.SDK_INT > 18) {
                endDate.setKeyType(str);
            }
            endDate.setEncryptionRequired();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, str2);
            keyPairGenerator.initialize(endDate.build());
            return keyPairGenerator.generateKeyPair();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nullable
    /* renamed from: if, reason: not valid java name */
    public static byte[] m214if(@Nonnull PrivateKey privateKey, @Nonnull byte[] bArr) {
        try {
            if (!D.W.m93if()) {
                return null;
            }
            Signature signature = Signature.getInstance("EC".equalsIgnoreCase(privateKey.getAlgorithm()) ? "SHA256withECDSA" : "SHA256withRSA");
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException e) {
            PH.m268int(f483new, "Can't sign the input {}", e.toString());
            return null;
        } catch (NoSuchAlgorithmException e2) {
            PH.m268int(f483new, "Can't sign the input {}", e2.toString());
            return null;
        } catch (SignatureException e3) {
            PH.m268int(f483new, "Can't sign the input {}", e3.toString());
            return null;
        }
    }

    /* renamed from: int, reason: not valid java name */
    private static O m215int(@Nonnull String str) {
        byte[] m208do;
        BigInteger bigInteger;
        String concat = "TrustDefenderSDKStrongAuth".concat(str);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(concat, null);
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                return null;
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            PrivateKey privateKey = privateKeyEntry.getPrivateKey();
            Certificate certificate = privateKeyEntry.getCertificate();
            if (certificate instanceof X509Certificate) {
                bigInteger = ((X509Certificate) certificate).getSerialNumber();
                m208do = ((X509Certificate) certificate).getSubjectX500Principal().getEncoded();
            } else {
                BigInteger bigInteger2 = BigInteger.ZERO;
                m208do = m208do(str);
                bigInteger = bigInteger2;
            }
            return new O(privateKey, bigInteger, m208do);
        } catch (IOException unused) {
            return null;
        } catch (KeyStoreException unused2) {
            return null;
        } catch (NoSuchAlgorithmException unused3) {
            return null;
        } catch (UnrecoverableEntryException unused4) {
            return null;
        } catch (CertificateException unused5) {
            return null;
        }
    }

    /* renamed from: int, reason: not valid java name */
    private static W m216int(@Nonnull V.E e, @Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull byte[] bArr, @Nonnull I i, @Nonnull StrongAuth.StrongAuthCallback strongAuthCallback) {
        StrongAuth.AuthenticationStatus authenticationStatus = StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_NOT_POSSIBLE;
        if (strongAuthCallback instanceof StrongAuth.StrongAuthPromptCallback) {
            try {
                authenticationStatus = ((StrongAuth.StrongAuthPromptCallback) strongAuthCallback).prompt(str2, str, str3);
            } catch (Throwable th) {
                String str4 = f483new;
                StringBuilder sb = new StringBuilder("Unexpected exception occurred when calling prompt callback ");
                sb.append(th.toString());
                PH.m266int(str4, sb.toString());
            }
        }
        if (authenticationStatus == StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_NOT_POSSIBLE) {
            authenticationStatus = (strongAuthCallback == null || D.O.E.f141if < 21) ? StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_NOT_POSSIBLE : IL.m163if(e.f657do, str2, str3, strongAuthCallback);
        }
        if (authenticationStatus == StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_OK) {
            return m217int(e, str, str3, bArr, i);
        }
        if (authenticationStatus == StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_CANCELLED) {
            PH.m263if(f483new, "StepUp Failure: User cancelled authentication");
            return new W(L.STEPUP_CANCELLED, null);
        }
        if (authenticationStatus != StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_NOT_POSSIBLE) {
            return new W(L.STEPUP_FAILED, null);
        }
        PH.m263if(f483new, "StepUp Failure: Authentication not possible");
        return new W(L.NOT_SUPPORTED, null);
    }

    /* renamed from: int, reason: not valid java name */
    private static W m217int(@Nonnull final V.E e, @Nonnull final String str, @Nonnull String str2, @Nonnull byte[] bArr, @Nonnull I i) {
        if (NC.m203do(e)) {
            PrivateKey privateKey = NC.f478do;
            return privateKey == null ? new W(L.CONTEXT_NOT_FOUND, null) : m211for(str2, bArr, i, new O(privateKey, BigInteger.valueOf(NC.f482new), m208do(str)));
        }
        if (VW.m348do().f672byte) {
            return m211for(str2, bArr, i, new E() { // from class: com.threatmetrix.TrustDefender.internal.NH.1
                @Override // com.threatmetrix.TrustDefender.internal.NH.E
                /* renamed from: for, reason: not valid java name */
                public final byte[] mo221for() {
                    return T.f567new;
                }

                @Override // com.threatmetrix.TrustDefender.internal.NH.E
                /* renamed from: int, reason: not valid java name */
                public final byte[] mo222int() {
                    return NH.m208do(str);
                }

                @Override // com.threatmetrix.TrustDefender.internal.NH.E
                /* renamed from: new, reason: not valid java name */
                public final BigInteger mo223new() {
                    return BigInteger.ZERO;
                }

                @Override // com.threatmetrix.TrustDefender.internal.NH.E
                /* renamed from: new, reason: not valid java name */
                public final byte[] mo224new(byte[] bArr2) {
                    return VW.m348do().m353do(bArr2, V.E.this.f657do.getContentResolver());
                }
            });
        }
        try {
            PrivateKey privateKey2 = (PrivateKey) ((Class) DI.m138if(0, 42, (char) 50513)).getDeclaredField("for").get(null);
            return privateKey2 == null ? new W(L.CONTEXT_NOT_FOUND, null) : m211for(str2, bArr, i, new O(privateKey2, BigInteger.valueOf(((Class) DI.m138if(0, 42, (char) 50513)).getDeclaredField("do").getLong(null)), m208do(str)));
        } catch (Throwable th) {
            PH.m267int(f483new, "Grave problem with strong ID", th);
            return new W(L.NOT_SUPPORTED, null);
        }
    }

    @Nonnull
    /* renamed from: new, reason: not valid java name */
    public static W m218new(@Nonnull L l) {
        return new W(l, null);
    }
}
