package com.threatmetrix.TrustDefender.internal;

import android.annotation.TargetApi;
import android.content.Context;
import android.security.KeyChain;
import android.security.KeyPairGeneratorSpec;
import com.appboy.ui.inappmessage.views.AppboyInAppMessageHtmlBaseView;
import com.google.firebase.crashlytics.internal.settings.model.AppSettingsData;
import com.threatmetrix.TrustDefender.StrongAuth;
import com.threatmetrix.TrustDefender.THMStatusCode;
import com.threatmetrix.TrustDefender.internal.P;
import com.threatmetrix.TrustDefender.internal.Y;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.nio.charset.UnsupportedCharsetException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collections;
import java.util.HashSet;
import java.util.Random;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.security.auth.x500.X500Principal;
import org.conscrypt.SSLUtils;

/* loaded from: classes8.dex */
public class CO {

    /* renamed from: new, reason: not valid java name */
    public static final String f81new = Z2.m388do(CO.class);

    /* loaded from: classes8.dex */
    public interface E {
        /* renamed from: if */
        byte[] mo66if();

        /* renamed from: if */
        byte[] mo67if(byte[] bArr);

        /* renamed from: int */
        BigInteger mo68int();

        /* renamed from: new */
        byte[] mo69new();
    }

    /* loaded from: classes8.dex */
    public static class I {

        /* renamed from: if, reason: not valid java name */
        @Nullable
        public final String f84if;

        /* renamed from: int, reason: not valid java name */
        @Nonnull
        public final W f85int;

        public I(@Nonnull W w, @Nullable String str) {
            this.f85int = w;
            this.f84if = str;
        }
    }

    /* loaded from: classes8.dex */
    public static class L implements E {

        /* renamed from: do, reason: not valid java name */
        @Nonnull
        public final PrivateKey f86do;

        /* renamed from: for, reason: not valid java name */
        public final byte[] f87for;

        /* renamed from: int, reason: not valid java name */
        public final BigInteger f88int;

        public L(@Nonnull PrivateKey privateKey, BigInteger bigInteger, byte[] bArr) {
            this.f86do = privateKey;
            this.f88int = bigInteger;
            this.f87for = bArr;
        }

        @Override // com.threatmetrix.TrustDefender.internal.CO.E
        /* renamed from: if */
        public final byte[] mo66if() {
            return CO.m59for(this.f86do);
        }

        @Override // com.threatmetrix.TrustDefender.internal.CO.E
        /* renamed from: if */
        public final byte[] mo67if(byte[] bArr) {
            return CO.m60for(this.f86do, bArr);
        }

        @Override // com.threatmetrix.TrustDefender.internal.CO.E
        /* renamed from: int */
        public final BigInteger mo68int() {
            return this.f88int;
        }

        @Override // com.threatmetrix.TrustDefender.internal.CO.E
        /* renamed from: new */
        public final byte[] mo69new() {
            return this.f87for;
        }
    }

    /* loaded from: classes8.dex */
    public enum O {
        THM_UNKNOWN_METHOD("unknownmethod"),
        THM_USER_PRESENCE("tmxuserpresence"),
        THM_DEVICE_PRESENCE("tmxdevicepresence");


        /* renamed from: new, reason: not valid java name */
        public final String f93new;

        O(String str) {
            this.f93new = str;
        }

        /* renamed from: int, reason: not valid java name */
        public static O m70int(String str) {
            for (O o2 : values()) {
                if (str.equals(o2.f93new)) {
                    return o2;
                }
            }
            return THM_UNKNOWN_METHOD;
        }
    }

    /* loaded from: classes8.dex */
    public enum W {
        MISSING_PARAMETER("MISSING_PARAMETER", THMStatusCode.THM_Internal_Error),
        NOT_SUPPORTED("NOT_SUPPORTED", THMStatusCode.THM_StrongAuth_Unsupported),
        MISSING_FUNCTION("MISSING_FUNCTION", THMStatusCode.THM_Internal_Error),
        REGISTRATION_FAILED("REGISTRATION_FAILED", THMStatusCode.THM_StrongAuth_Failed),
        REGISTRATION_CANCELLED("REGISTRATION_CANCELLED", THMStatusCode.THM_StrongAuth_Cancelled),
        CONTEXT_NOT_FOUND("CONTEXT_NOT_FOUND", THMStatusCode.THM_StrongAuth_Failed),
        STEPUP_FAILED("STEPUP_FAILED", THMStatusCode.THM_StrongAuth_Failed),
        STEPUP_CANCELLED("STEPUP_CANCELLED", THMStatusCode.THM_StrongAuth_Cancelled),
        REGISTERED("REGISTERED", THMStatusCode.THM_OK),
        STEPUP_COMPLETE("STEPUP_COMPLETE", THMStatusCode.THM_OK);


        /* renamed from: goto, reason: not valid java name */
        public final THMStatusCode f105goto;

        /* renamed from: this, reason: not valid java name */
        public final String f106this;

        W(String str, THMStatusCode tHMStatusCode) {
            this.f106this = str;
            this.f105goto = tHMStatusCode;
        }
    }

    @Nonnull
    /* renamed from: do, reason: not valid java name */
    public static I m54do(@Nonnull W w) {
        return new I(w, null);
    }

    /* renamed from: do, reason: not valid java name */
    public static I m55do(@Nonnull final P.E e, @Nonnull final String str, @Nonnull String str2, @Nonnull byte[] bArr, @Nonnull O o2) {
        if (K5.m185for(e)) {
            PrivateKey privateKey = K5.f268int;
            return privateKey == null ? new I(W.CONTEXT_NOT_FOUND, null) : m58for(str2, bArr, o2, new L(privateKey, BigInteger.valueOf(K5.f267if), m56do(str)));
        }
        if (EF.m103for().f178else) {
            return m58for(str2, bArr, o2, new E() { // from class: com.threatmetrix.TrustDefender.internal.CO.4
                @Override // com.threatmetrix.TrustDefender.internal.CO.E
                /* renamed from: if, reason: not valid java name */
                public final byte[] mo66if() {
                    return T.f481int;
                }

                @Override // com.threatmetrix.TrustDefender.internal.CO.E
                /* renamed from: if, reason: not valid java name */
                public final byte[] mo67if(byte[] bArr2) {
                    return EF.m103for().m123int(bArr2, P.E.this.f383if.getContentResolver());
                }

                @Override // com.threatmetrix.TrustDefender.internal.CO.E
                /* renamed from: int, reason: not valid java name */
                public final BigInteger mo68int() {
                    return BigInteger.ZERO;
                }

                @Override // com.threatmetrix.TrustDefender.internal.CO.E
                /* renamed from: new, reason: not valid java name */
                public final byte[] mo69new() {
                    return CO.m56do(str);
                }
            });
        }
        try {
            PrivateKey privateKey2 = (PrivateKey) ((Class) OE.m220for(42, 0, (char) 4520)).getDeclaredField(AppSettingsData.STATUS_NEW).get(null);
            return privateKey2 == null ? new I(W.CONTEXT_NOT_FOUND, null) : m58for(str2, bArr, o2, new L(privateKey2, BigInteger.valueOf(((Class) OE.m220for(42, 0, (char) 4520)).getDeclaredField("if").getLong(null)), m56do(str)));
        } catch (Throwable th) {
            Z2.m396if(f81new, "Grave problem with strong ID", th);
            return new I(W.NOT_SUPPORTED, null);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* renamed from: do, reason: not valid java name */
    public static byte[] m56do(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(str.getBytes(Charset.forName(AppboyInAppMessageHtmlBaseView.HTML_ENCODING)));
            byte[] digest = messageDigest.digest();
            messageDigest.reset();
            return T.m291if(Arrays.asList(new HashSet(Arrays.asList(Arrays.asList(T.f480if, IL.m157do(digest))))));
        } catch (NoSuchAlgorithmException unused) {
            return null;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* renamed from: for, reason: not valid java name */
    public static I m58for(@Nonnull String str, @Nonnull byte[] bArr, @Nonnull O o2, @Nonnull E e) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            try {
                byte[] bytes = str.getBytes(Charset.forName(AppboyInAppMessageHtmlBaseView.HTML_ENCODING));
                messageDigest.update(bytes);
                byte[] digest = messageDigest.digest();
                messageDigest.reset();
                HashSet hashSet = new HashSet(3);
                hashSet.add(Arrays.asList(T.f479for, new HashSet(Arrays.asList(T.m292if(digest)))));
                hashSet.add(Arrays.asList(T.f482new, new HashSet(Arrays.asList(T.m292if(bArr)))));
                hashSet.add(Arrays.asList(T.f476char, new HashSet(Arrays.asList(T.f478else))));
                hashSet.add(Arrays.asList(T.f474byte, new HashSet(Arrays.asList(T.m292if(o2.f93new.getBytes())))));
                byte[] m291if = T.m291if(hashSet);
                IL.m157do(m291if);
                byte[] mo67if = e.mo67if(m291if);
                return mo67if == null ? new I(W.STEPUP_FAILED, null) : new I(W.STEPUP_COMPLETE, IL.m157do(T.m291if(Arrays.asList(T.f475case, T.m289for(Collections.singletonList(Arrays.asList(1, new HashSet(Collections.singletonList(Arrays.asList(T.f483try, null))), Arrays.asList(T.f478else, T.m289for(Collections.singletonList(T.m292if(bytes)))), new HashSet(Collections.singletonList(Arrays.asList(1, Arrays.asList(e.mo69new(), e.mo68int()), Arrays.asList(T.f483try, null), T.m289for(m291if), Arrays.asList(e.mo66if()), T.m292if(mo67if)))))))))));
            } catch (UnsupportedCharsetException unused) {
                return new I(W.MISSING_PARAMETER, null);
            } catch (IllegalArgumentException unused2) {
                return new I(W.MISSING_PARAMETER, null);
            }
        } catch (NoSuchAlgorithmException unused3) {
            return new I(W.NOT_SUPPORTED, null);
        }
    }

    /* renamed from: for, reason: not valid java name */
    public static /* synthetic */ byte[] m59for(PrivateKey privateKey) {
        return "EC".equalsIgnoreCase(privateKey.getAlgorithm()) ? T.f481int : T.f477do;
    }

    @Nullable
    /* renamed from: for, reason: not valid java name */
    public static byte[] m60for(@Nonnull PrivateKey privateKey, @Nonnull byte[] bArr) {
        try {
            if (!Y.O.m353new()) {
                return null;
            }
            Signature signature = Signature.getInstance("EC".equalsIgnoreCase(privateKey.getAlgorithm()) ? "SHA256withECDSA" : "SHA256withRSA");
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException e) {
            Z2.m400new(f81new, "Can't sign the input {}", e.toString());
            return null;
        } catch (NoSuchAlgorithmException e2) {
            Z2.m400new(f81new, "Can't sign the input {}", e2.toString());
            return null;
        } catch (SignatureException e3) {
            Z2.m400new(f81new, "Can't sign the input {}", e3.toString());
            return null;
        }
    }

    @Nonnull
    @TargetApi(18)
    /* renamed from: if, reason: not valid java name */
    public static I m61if(@Nonnull P.E e, @Nonnull O o2, @Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull byte[] bArr, @Nullable StrongAuth.StrongAuthCallback strongAuthCallback) {
        X509Certificate x509Certificate;
        byte[] signature;
        if (o2 != O.THM_USER_PRESENCE) {
            return new I(W.MISSING_FUNCTION, null);
        }
        if (IL.m158do(str3)) {
            return new I(W.MISSING_PARAMETER, null);
        }
        try {
            String m162for = IL.m162for(str3);
            String concat = "TrustDefenderSDKStrongAuth".concat(str3);
            StrongAuth.AuthenticationStatus m213do = (strongAuthCallback == null || Y.L.O.f668for < 21) ? StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_NOT_POSSIBLE : NH.m213do(e.f383if, str, str2, strongAuthCallback);
            if (m213do == StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_NOT_POSSIBLE) {
                Z2.m392for(f81new, "Register Failure: Not supported, authentication only possible for API 21+ ");
                return new I(W.NOT_SUPPORTED, null);
            }
            if (m213do == StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_CANCELLED) {
                Z2.m392for(f81new, "Register Failure: User cancelled authentication");
                return new I(W.REGISTRATION_CANCELLED, null);
            }
            if (m213do != StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_OK) {
                Z2.m392for(f81new, "Register Failure: User didn't proceed with authentication");
                return new I(W.REGISTRATION_FAILED, null);
            }
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                try {
                    keyStore.deleteEntry(concat);
                } catch (Exception unused) {
                }
                BigInteger bigInteger = new BigInteger(32, new Random());
                Calendar calendar = Calendar.getInstance();
                Calendar calendar2 = Calendar.getInstance();
                calendar2.add(1, 5);
                KeyPair m63int = m63int("EC", e.f383if, "AndroidKeyStore", concat, m162for, bigInteger, calendar, calendar2, true, bArr);
                if (m63int == null) {
                    m63int = m63int(SSLUtils.KEY_TYPE_RSA, e.f383if, "AndroidKeyStore", concat, m162for, bigInteger, calendar, calendar2, true, bArr);
                }
                if (m63int == null) {
                    m63int = m63int("EC", e.f383if, "AndroidKeyStore", concat, m162for, bigInteger, calendar, calendar2, false, bArr);
                }
                if (m63int == null || m63int.getPrivate() == null || m63int.getPublic() == null) {
                    return new I(W.REGISTRATION_FAILED, null);
                }
                try {
                    Certificate[] certificateChain = keyStore.getCertificateChain(concat);
                    if (certificateChain.length == 0) {
                        return new I(W.REGISTRATION_FAILED, null);
                    }
                    if (certificateChain.length != 1 || !(certificateChain[0] instanceof X509Certificate) || ((signature = (x509Certificate = (X509Certificate) certificateChain[0]).getSignature()) != null && signature.length > 2)) {
                        byte[] encoded = certificateChain[0].getEncoded();
                        StringBuilder sb = new StringBuilder(((encoded.length * 2) + 1) * certificateChain.length);
                        sb.append(IL.m157do(encoded));
                        for (int i = 1; i < certificateChain.length; i++) {
                            sb.append(",");
                            sb.append(IL.m157do(certificateChain[i].getEncoded()));
                        }
                        return new I(W.REGISTERED, sb.toString());
                    }
                    byte[] tBSCertificate = x509Certificate.getTBSCertificate();
                    byte[] m60for = m60for(m63int.getPrivate(), tBSCertificate);
                    if (m60for == null) {
                        return new I(W.REGISTRATION_FAILED, null);
                    }
                    Object[] objArr = new Object[3];
                    objArr[0] = tBSCertificate;
                    byte[][] bArr2 = new byte[1];
                    bArr2[0] = "EC".equalsIgnoreCase(m63int.getPrivate().getAlgorithm()) ? T.f481int : T.f477do;
                    objArr[1] = Arrays.asList(bArr2);
                    objArr[2] = T.m295new(m60for);
                    return new I(W.REGISTERED, IL.m157do(T.m291if(Arrays.asList(objArr))));
                } catch (KeyStoreException unused2) {
                    return new I(W.REGISTRATION_FAILED, null);
                } catch (CertificateException unused3) {
                    return new I(W.REGISTRATION_FAILED, null);
                }
            } catch (Exception unused4) {
                return new I(W.REGISTRATION_FAILED, null);
            }
        } catch (InterruptedException unused5) {
            return new I(W.REGISTRATION_FAILED, null);
        }
    }

    /* renamed from: if, reason: not valid java name */
    public static L m62if(@Nonnull String str) {
        byte[] m56do;
        BigInteger bigInteger;
        String concat = "TrustDefenderSDKStrongAuth".concat(str);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(concat, null);
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                return null;
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            PrivateKey privateKey = privateKeyEntry.getPrivateKey();
            Certificate certificate = privateKeyEntry.getCertificate();
            if (certificate instanceof X509Certificate) {
                bigInteger = ((X509Certificate) certificate).getSerialNumber();
                m56do = ((X509Certificate) certificate).getSubjectX500Principal().getEncoded();
            } else {
                BigInteger bigInteger2 = BigInteger.ZERO;
                m56do = m56do(str);
                bigInteger = bigInteger2;
            }
            return new L(privateKey, bigInteger, m56do);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException unused) {
            return null;
        }
    }

    @Nullable
    @TargetApi(18)
    /* renamed from: int, reason: not valid java name */
    public static KeyPair m63int(@Nonnull String str, @Nonnull Context context, String str2, String str3, String str4, @Nonnull BigInteger bigInteger, @Nonnull Calendar calendar, @Nonnull Calendar calendar2, boolean z, byte[] bArr) {
        if (!KeyChain.isKeyAlgorithmSupported(str)) {
            return null;
        }
        if (Y.O.m350do()) {
            return NC.m212int(str, str2, str3, str4, bigInteger, calendar, calendar2, z, bArr);
        }
        if (z) {
            try {
                if (!KeyChain.isBoundKeyAlgorithm(str)) {
                    return null;
                }
            } catch (IllegalStateException | NoSuchAlgorithmException unused) {
            } catch (InvalidAlgorithmParameterException e) {
                Z2.m400new(f81new, "Can't create KeyPair {}", e.toString());
            } catch (NoSuchProviderException e2) {
                Z2.m400new(f81new, "Can't create KeyPair {}", e2.toString());
            }
        }
        if (Y.L.O.f668for >= Y.L.I.f665this && Y.L.O.f668for < 23 && Y.O.m352if()) {
            KeyPairGeneratorSpec.Builder endDate = new KeyPairGeneratorSpec.Builder(context).setAlias(str3).setSubject(new X500Principal("CN=".concat(String.valueOf(str4)))).setSerialNumber(bigInteger).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime());
            endDate.setKeyType(str);
            endDate.setEncryptionRequired();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, str2);
            keyPairGenerator.initialize(endDate.build());
            return keyPairGenerator.generateKeyPair();
        }
        return null;
    }

    @Nonnull
    /* renamed from: new, reason: not valid java name */
    public static I m65new(@Nonnull P.E e, @Nonnull O o2, @Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull byte[] bArr, @Nonnull StrongAuth.StrongAuthCallback strongAuthCallback) {
        if (o2 == O.THM_USER_PRESENCE) {
            StrongAuth.AuthenticationStatus m213do = (strongAuthCallback == null || Y.L.O.f668for < 21) ? StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_NOT_POSSIBLE : NH.m213do(e.f383if, str, str2, strongAuthCallback);
            if (m213do == StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_NOT_POSSIBLE) {
                Z2.m392for(f81new, "StepUp Failure: Authentication is only for API 21+");
                return new I(W.NOT_SUPPORTED, null);
            }
            if (m213do == StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_CANCELLED) {
                Z2.m392for(f81new, "StepUp Failure: User cancelled authentication");
                return new I(W.STEPUP_CANCELLED, null);
            }
            if (m213do != StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_OK) {
                Z2.m392for(f81new, "StepUp Failure: User didn't proceed with authentication");
                return new I(W.STEPUP_FAILED, null);
            }
            L m62if = m62if(str3);
            return m62if == null ? new I(W.CONTEXT_NOT_FOUND, null) : m58for(str2, bArr, o2, m62if);
        }
        if (o2 != O.THM_DEVICE_PRESENCE) {
            return new I(W.MISSING_FUNCTION, null);
        }
        StrongAuth.AuthenticationStatus authenticationStatus = StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_NOT_POSSIBLE;
        if (strongAuthCallback instanceof StrongAuth.StrongAuthPromptCallback) {
            authenticationStatus = ((StrongAuth.StrongAuthPromptCallback) strongAuthCallback).prompt(str, str3, str2);
        }
        if (authenticationStatus == StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_NOT_POSSIBLE) {
            authenticationStatus = (strongAuthCallback == null || Y.L.O.f668for < 21) ? StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_NOT_POSSIBLE : NH.m213do(e.f383if, str, str2, strongAuthCallback);
        }
        if (authenticationStatus == StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_OK) {
            return m55do(e, str3, str2, bArr, o2);
        }
        if (authenticationStatus == StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_CANCELLED) {
            Z2.m392for(f81new, "StepUp Failure: User cancelled authentication");
            return new I(W.STEPUP_CANCELLED, null);
        }
        if (authenticationStatus != StrongAuth.AuthenticationStatus.THM_STRONG_AUTH_NOT_POSSIBLE) {
            return new I(W.STEPUP_FAILED, null);
        }
        Z2.m392for(f81new, "StepUp Failure: Authentication not possible");
        return new I(W.NOT_SUPPORTED, null);
    }
}
