package com.daon.sdk.crypto;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Bundle;
import android.preference.PreferenceManager;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.util.Log;
import com.daon.sdk.crypto.cert.RevocationCheckConstants;
import com.daon.sdk.crypto.e.b;
import com.daon.sdk.crypto.h.g;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.spec.ECGenParameterSpec;
import java.util.UUID;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;

/* loaded from: classes3.dex */
public class CryptoSdk {
    public static String DEFAULT_CIPHER_ALGORITHM = "AES";
    private static String g = "cipherAlgorithm";
    private static String h = "cipherKeyCached";
    private static CryptoSdk i = new CryptoSdk();

    /* renamed from: a, reason: collision with root package name */
    private boolean f448a;
    private boolean b;
    private boolean c;
    private boolean d;
    private boolean e = true;
    private String f = DEFAULT_CIPHER_ALGORITHM;

    /* loaded from: classes3.dex */
    public interface IInitializeCallback {
        void onInitializeComplete(Throwable th);
    }

    /* loaded from: classes3.dex */
    class a implements IInitializeCallback {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ Context f449a;
        final /* synthetic */ IInitializeCallback b;

        a(Context context, IInitializeCallback iInitializeCallback) {
            this.f449a = context;
            this.b = iInitializeCallback;
        }

        @Override // com.daon.sdk.crypto.CryptoSdk.IInitializeCallback
        public void onInitializeComplete(Throwable th) {
            if (th != null) {
                Log.e("DAON", "TEE crypto framework failed to initialize.", th);
            }
            CryptoSdk.this.d = com.daon.sdk.crypto.g.a.e().d();
            CryptoSdk.this.a(this.f449a, this.b, th);
        }
    }

    private CryptoSdk() {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void a(Context context, IInitializeCallback iInitializeCallback, Throwable th) {
        if (th == null) {
            try {
                this.b = a();
                this.f448a = true;
                b.a(context);
            } catch (Throwable th2) {
                iInitializeCallback.onInitializeComplete(th2);
                return;
            }
        }
        iInitializeCallback.onInitializeComplete(th);
    }

    private void a(Bundle bundle) {
        if (bundle != null) {
            this.f = bundle.getString(g, DEFAULT_CIPHER_ALGORITHM);
            this.e = bundle.getBoolean(h, true);
        }
    }

    private boolean a() {
        KeyPair keyPair;
        if (com.daon.sdk.crypto.h.b.a()) {
            try {
                String uuid = UUID.randomUUID().toString();
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
                KeyGenParameterSpec.Builder userAuthenticationRequired = new KeyGenParameterSpec.Builder(uuid, 6).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setDigests(MessageDigestAlgorithms.SHA_256).setUserAuthenticationRequired(false);
                if (com.daon.sdk.crypto.h.b.b()) {
                    Log.d("DAON", "Android N and above: Try key attestation");
                    userAuthenticationRequired.setAttestationChallenge(new byte[]{1, 2, 3, 4, 5, 6, 7, 8});
                }
                keyPairGenerator.initialize(userAuthenticationRequired.build());
                try {
                    keyPair = keyPairGenerator.generateKeyPair();
                } catch (Exception e) {
                    e = e;
                    keyPair = null;
                }
                try {
                    if (com.daon.sdk.crypto.h.b.b()) {
                        Log.d("DAON", "Android N and above: Key with attestation generated successfully. Attestation supported.");
                        this.c = true;
                    }
                } catch (Exception e2) {
                    e = e2;
                    Log.e("DAON", "Generate key exception", e);
                    if (!com.daon.sdk.crypto.h.b.b()) {
                        Log.e("DAON", "Throw exception");
                        throw e;
                    }
                    Log.d("DAON", "Android N and above: Generate key with key attestation failed. Try without key attestation");
                    userAuthenticationRequired.setAttestationChallenge(null);
                    try {
                        KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
                        keyPairGenerator2.initialize(userAuthenticationRequired.build());
                        keyPairGenerator2.generateKeyPair();
                        Log.d("DAON", "Android N and above: Key without attestation generated successfully. Attestation not supported.");
                        boolean isInsideSecureHardware = ((KeyInfo) KeyFactory.getInstance("EC", "AndroidKeyStore").getKeySpec(keyPair.getPrivate(), KeyInfo.class)).isInsideSecureHardware();
                        Log.d("DAON", "Asym key in hardware: " + isInsideSecureHardware);
                        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                        keyStore.load(null);
                        keyStore.deleteEntry(uuid);
                        return isInsideSecureHardware;
                    } catch (Exception e3) {
                        Log.e("DAON", "Generate key without attestation exception", e3);
                        throw e3;
                    }
                }
                boolean isInsideSecureHardware2 = ((KeyInfo) KeyFactory.getInstance("EC", "AndroidKeyStore").getKeySpec(keyPair.getPrivate(), KeyInfo.class)).isInsideSecureHardware();
                Log.d("DAON", "Asym key in hardware: " + isInsideSecureHardware2);
                KeyStore keyStore2 = KeyStore.getInstance("AndroidKeyStore");
                keyStore2.load(null);
                keyStore2.deleteEntry(uuid);
                return isInsideSecureHardware2;
            } catch (Exception e4) {
                Log.e("DAON", "Failed to check for hardware OS key support.", e4);
            }
        }
        return false;
    }

    public static CryptoSdk getInstance() {
        return i;
    }

    public String getCipherAlgorithm() {
        return this.f;
    }

    public void initialize(Context context, Bundle bundle, IInitializeCallback iInitializeCallback) {
        this.f448a = false;
        this.b = false;
        this.c = false;
        this.d = false;
        this.e = true;
        this.f = DEFAULT_CIPHER_ALGORITHM;
        g.b();
        a(bundle);
        boolean a2 = com.daon.sdk.crypto.g.b.a();
        Log.d("DAON", "Ext TEE? " + a2);
        if (a2 && com.daon.sdk.crypto.h.b.a()) {
            com.daon.sdk.crypto.g.a.e().a(context, bundle, new a(context, iInitializeCallback));
        } else {
            a(context, iInitializeCallback, null);
        }
    }

    public boolean isCipherKeyCached() {
        return this.e;
    }

    public boolean isExtCryptoSupported() {
        return this.d;
    }

    public boolean isHardwareOsKeysSupported() {
        return this.b;
    }

    public boolean isInitialized() {
        return this.f448a;
    }

    public boolean isKeyAttestationSupported() {
        return this.c;
    }

    public void reset(Context context) throws Exception {
        for (String str : context.fileList()) {
            if (str.endsWith(".public") || str.endsWith(".private")) {
                context.deleteFile(str);
            }
            if (str.equals("s1.dat") || str.equals("s2.dat") || str.equals("s3.dat")) {
                context.deleteFile(str);
            }
        }
        SharedPreferences.Editor edit = PreferenceManager.getDefaultSharedPreferences(context).edit();
        edit.remove("daon.cipher.2");
        edit.remove(RevocationCheckConstants.REVOCATION_CHECK_TIME_STORAGE_ID);
        edit.commit();
    }
}
