package com.google.android.libraries.privacy.ppn.krypton;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Log;
import defpackage.gvf;
import defpackage.jfc;
import defpackage.jhh;
import defpackage.jhi;
import defpackage.khz;
import defpackage.kig;
import defpackage.kih;
import defpackage.kjh;
import defpackage.nis;
import defpackage.nix;
import defpackage.njj;
import defpackage.nkg;
import defpackage.nkm;
import defpackage.nku;
import j$.nio.charset.StandardCharsets;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.ProviderException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.ExecutionException;

/* compiled from: PG */
/* loaded from: classes.dex */
public abstract class AttestingOAuthTokenProvider implements OAuthTokenProvider {
    public static final String ANDROID_ATTESTATION_DATA_TYPE_URL = "type.googleapis.com/privacy.ppn.AndroidAttestationData";
    private static final String ANDROID_KEYSTORE_NAME = "AndroidKeyStore";
    private static final String HARDWARE_CERTIFICATE_ALIAS = "AndroidHardwareCerts";
    private static final String NONCE_HASH_FUNCTION = "SHA-256";
    private static final String TAG = "AttestingOAuthTokenProv";
    private final khz integrityManager;
    private final jfc options;

    /* JADX WARN: Type inference failed for: r1v3, types: [java.lang.Object, pmx] */
    public AttestingOAuthTokenProvider(Context context, jfc jfcVar) {
        this.integrityManager = (khz) kjh.j(context.getApplicationContext()).c.b();
        this.options = jfcVar;
    }

    private static KeyGenParameterSpec buildKeyGenParameterSpec(String str) {
        return new KeyGenParameterSpec.Builder(HARDWARE_CERTIFICATE_ALIAS, 4).setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4)).setDigests(NONCE_HASH_FUNCTION).setUserAuthenticationRequired(false).setDevicePropertiesAttestationIncluded(true).setAttestationChallenge(sha256(str.getBytes(StandardCharsets.UTF_8))).build();
    }

    private static KryptonException getErrorMessage(String str, Throwable th) {
        throw new KryptonException(str, th);
    }

    private List getHardwareBackedCerts(String str) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEYSTORE_NAME);
            try {
                keyPairGenerator.initialize(buildKeyGenParameterSpec(str));
                try {
                    keyPairGenerator.generateKeyPair();
                    KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE_NAME);
                    keyStore.load(null);
                    Certificate[] certificateChain = keyStore.getCertificateChain(HARDWARE_CERTIFICATE_ALIAS);
                    ArrayList arrayList = new ArrayList();
                    for (Certificate certificate : certificateChain) {
                        arrayList.add(njj.s(certificate.getEncoded()));
                    }
                    return arrayList;
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | ProviderException | CertificateException e) {
                    throw getErrorMessage("Failed to retrieve hardware certificates", e);
                }
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e2) {
                throw getErrorMessage("Failed to generate hardware certificates", e2);
            }
        } catch (NoSuchAlgorithmException | NoSuchProviderException e3) {
            throw getErrorMessage("Failed to fetch RSA KeyPairGenerator", e3);
        }
    }

    private String getIntegrityToken(String str) {
        try {
            if (str != null) {
                return ((kih) gvf.d(this.integrityManager.a(new kig(str, !this.options.n.isEmpty() ? Long.valueOf(((Long) this.options.n.get()).longValue()) : null)))).a;
            }
            throw new NullPointerException("Null nonce");
        } catch (InterruptedException | ExecutionException e) {
            throw getErrorMessage("Failed to retrieve integrity token", e);
        }
    }

    private static byte[] sha256(byte[] bArr) {
        return MessageDigest.getInstance(NONCE_HASH_FUNCTION).digest(bArr);
    }

    @Override // com.google.android.libraries.privacy.ppn.krypton.OAuthTokenProvider
    public byte[] getAttestationData(String str) {
        nkg o = jhh.c.o();
        try {
            String integrityToken = getIntegrityToken(str);
            if (!o.b.E()) {
                o.u();
            }
            jhh jhhVar = (jhh) o.b;
            integrityToken.getClass();
            jhhVar.a = integrityToken;
            if (this.options.m) {
                if (Build.VERSION.SDK_INT < 23) {
                    Log.e(TAG, "Cannot perform hardware attestation on devices API 22 or lower.");
                    return null;
                }
                try {
                    List hardwareBackedCerts = getHardwareBackedCerts(str);
                    if (!o.b.E()) {
                        o.u();
                    }
                    jhh jhhVar2 = (jhh) o.b;
                    nku nkuVar = jhhVar2.b;
                    if (!nkuVar.c()) {
                        jhhVar2.b = nkm.w(nkuVar);
                    }
                    nis.h(hardwareBackedCerts, jhhVar2.b);
                } catch (KryptonException e) {
                    Log.e(TAG, "Unable to get hardware-backed certs.", e);
                }
            }
            nkg o2 = jhi.b.o();
            nkg o3 = nix.c.o();
            if (!o3.b.E()) {
                o3.u();
            }
            ((nix) o3.b).a = ANDROID_ATTESTATION_DATA_TYPE_URL;
            njj g = ((jhh) o.r()).g();
            if (!o3.b.E()) {
                o3.u();
            }
            ((nix) o3.b).b = g;
            if (!o2.b.E()) {
                o2.u();
            }
            jhi jhiVar = (jhi) o2.b;
            nix nixVar = (nix) o3.r();
            nixVar.getClass();
            jhiVar.a = nixVar;
            return ((jhi) o2.r()).j();
        } catch (KryptonException e2) {
            Log.e(TAG, "Unable to fetch integrity token.", e2);
            return null;
        }
    }

    @Override // com.google.android.libraries.privacy.ppn.krypton.OAuthTokenProvider
    public abstract String getOAuthToken();
}
