package com.samsung.android.spay.vas.globalgiftcards.data.securedata.source.keystore.providers;

import android.annotation.TargetApi;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
import com.samsung.android.spay.common.CommonLib;
import com.samsung.android.spay.common.util.log.LogUtil;
import com.samsung.android.spay.common.util.pref.ProvisioningPref;
import com.xshield.dc;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.List;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes5.dex */
public class UKSProvider extends KeyStoreProvider {
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.samsung.android.spay.vas.globalgiftcards.data.securedata.source.keystore.providers.KeyStoreProvider
    public KeyStore fetchKeyStoreInstance() {
        String m2797 = dc.m2797(-502705483);
        LogUtil.i(m2797, dc.m2800(627740156));
        try {
            return KeyStore.getInstance("KnoxAndroidKeyStore");
        } catch (KeyStoreException e) {
            LogUtil.i(m2797, dc.m2794(-876888598) + e);
            return null;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.samsung.android.spay.vas.globalgiftcards.data.securedata.source.keystore.providers.KeyStoreProvider
    @TargetApi(23)
    public String generateCSR(String str) {
        String m2797 = dc.m2797(-502705483);
        LogUtil.i(m2797, dc.m2805(-1513646833));
        X500Principal x500Principal = new X500Principal(dc.m2805(-1513646889) + ProvisioningPref.getDevicePrimaryId(CommonLib.getApplicationContext()) + dc.m2798(-456943733) + dc.m2794(-878111998) + dc.m2795(-1780768544) + dc.m2794(-884976062) + dc.m2805(-1513646201) + dc.m2798(-468343293) + dc.m2805(-1513646097) + dc.m2805(-1513646121) + dc.m2794(-884976350) + dc.m2804(1833410721));
        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(str, 15);
        builder.setDigests(dc.m2805(-1523498417), dc.m2804(1839260145));
        builder.setEncryptionPaddings(dc.m2794(-878245150));
        builder.setSignaturePaddings(dc.m2797(-487716435), dc.m2794(-878244902));
        builder.setCertificateSubject(x500Principal);
        builder.setKeySize(2048);
        KeyGenParameterSpec build = builder.build();
        try {
            Class<?> cls = Class.forName("com.samsung.android.knox.keystore.KnoxKeyGenParameterSpec$Builder");
            Object newInstance = cls.newInstance();
            cls.getMethod("setKeyGenParameterSpec", KeyGenParameterSpec.class).invoke(newInstance, build);
            Class<?> cls2 = Boolean.TYPE;
            Method method = cls.getMethod("setKnoxObjectProtectionRequired", cls2);
            Boolean bool = Boolean.TRUE;
            method.invoke(newInstance, bool);
            cls.getMethod("setKnoxCsrResponseRequired", cls2).invoke(newInstance, bool);
            Object invoke = cls.getMethod(JsonPOJOBuilder.DEFAULT_BUILD_METHOD, new Class[0]).invoke(newInstance, new Object[0]);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize((AlgorithmParameterSpec) invoke);
            keyPairGenerator.generateKeyPair();
            Class<?> cls3 = Class.forName("com.samsung.android.knox.keystore.KnoxCSR");
            KeyStore fetchKeyStoreInstance = fetchKeyStoreInstance();
            if (fetchKeyStoreInstance == null) {
                LogUtil.e(m2797, "Keystore is null");
                return null;
            }
            fetchKeyStoreInstance.load(null, null);
            byte[] bArr = (byte[]) cls3.getMethod("getCSR", String.class).invoke(cls3.getConstructor(KeyStore.class).newInstance(fetchKeyStoreInstance), str);
            if (bArr == null) {
                return null;
            }
            String encodeToString = Base64.encodeToString(bArr, 2);
            LogUtil.i(m2797, "Generated csr with UKS key pair successfully");
            return encodeToString;
        } catch (IOException | ClassNotFoundException | IllegalAccessException | InstantiationException | NoSuchMethodException | InvocationTargetException | InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException e) {
            LogUtil.i(m2797, dc.m2795(-1794846664) + e);
            return null;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.samsung.android.spay.vas.globalgiftcards.data.securedata.source.keystore.providers.KeyStoreProvider
    public List<String> generateClientCertificateChain() {
        return null;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.samsung.android.spay.vas.globalgiftcards.data.securedata.source.keystore.providers.KeyStoreProvider
    @TargetApi(23)
    public String storeCertificate(Certificate[] certificateArr, String str) {
        KeyStore.Entry entry;
        KeyStore fetchKeyStoreInstance = fetchKeyStoreInstance();
        String m2797 = dc.m2797(-502705483);
        if (fetchKeyStoreInstance == null) {
            LogUtil.v(m2797, "get Keystore failed");
            return null;
        }
        LogUtil.v(m2797, dc.m2804(1833410825));
        try {
            fetchKeyStoreInstance.load(null, null);
            entry = fetchKeyStoreInstance.getEntry(str, null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            LogUtil.i(m2797, "Exception: " + e);
        }
        if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
            LogUtil.i(m2797, "Not an instance of a PrivateKeyEntry");
            return str;
        }
        fetchKeyStoreInstance.setKeyEntry(str, ((KeyStore.PrivateKeyEntry) entry).getPrivateKey(), "".toCharArray(), certificateArr);
        LogUtil.i(m2797, "UKS Certificate installation is successful");
        return str;
    }
}
