package com.oplus.engineermode.security.sdk;

import android.security.keystore.KeyGenParameterSpec;
import com.android.org.bouncycastle.asn1.ASN1Encodable;
import com.android.org.bouncycastle.asn1.ASN1Enumerated;
import com.android.org.bouncycastle.asn1.ASN1InputStream;
import com.android.org.bouncycastle.asn1.ASN1Integer;
import com.android.org.bouncycastle.asn1.ASN1OctetString;
import com.android.org.bouncycastle.asn1.ASN1Primitive;
import com.android.org.bouncycastle.asn1.ASN1Sequence;
import com.android.org.bouncycastle.asn1.ASN1TaggedObject;
import com.oplus.engineermode.core.sdk.mmi.constants.ReserveCommonCommands;
import com.oplus.engineermode.core.sdk.utils.Log;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Locale;
import java.util.regex.Pattern;
import javax.crypto.KeyGenerator;

/* loaded from: classes2.dex */
public class KeyAttestationTest {
    private static final int ATTESTATION_CHALLENGE_INDEX = 4;
    private static final int ATTESTATION_SECURITY_LEVEL_INDEX = 1;
    private static final int ATTESTATION_VERSION_INDEX = 0;
    private static final int CONSUMPTION_TIME_OFFSET = 2000000;
    private static final int HW_AUTH_FINGERPRINT = 2;
    private static final int HW_AUTH_PASSWORD = 1;
    private static final int KEYMASTER_SECURITY_LEVEL_INDEX = 3;
    private static final String KEY_DESCRIPTION_OID = "1.3.6.1.4.1.11129.2.1.17";
    private static final int KEY_USAGE_BITSTRING_LENGTH = 9;
    private static final int KEY_USAGE_DATA_ENCIPHERMENT_BIT_OFFSET = 3;
    private static final int KEY_USAGE_DIGITAL_SIGNATURE_BIT_OFFSET = 0;
    private static final int KEY_USAGE_KEY_ENCIPHERMENT_BIT_OFFSET = 2;
    private static final int KM_ERROR_INVALID_INPUT_LENGTH = -21;
    private static final int KM_ERROR_PERMISSION_DENIED = 6;
    private static final int KM_ORIGIN_GENERATED = 0;
    public static final int KM_SECURITY_LEVEL_SOFTWARE = 0;
    public static final int KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT = 1;
    private static final int KM_TAG_ALGORITHM = 2;
    private static final int KM_TAG_AUTH_TIMEOUT = 505;
    private static final int KM_TAG_KEY_SIZE = 3;
    private static final int KM_TAG_ORIGIN = 702;
    private static final int KM_TAG_PURPOSE = 1;
    private static final int KM_TAG_ROLLBACK_RESISTANT = 703;
    private static final int KM_TAG_USER_AUTH_TYPE = 504;
    private static final int ORIGINATION_TIME_OFFSET = 1000000;
    private static final int OS_MAJOR_VERSION_MATCH_GROUP_NAME = 1;
    private static final int OS_MINOR_VERSION_MATCH_GROUP_NAME = 2;
    private static final int OS_PATCH_LEVEL_MONTH_GROUP_NAME = 2;
    private static final int OS_PATCH_LEVEL_YEAR_GROUP_NAME = 1;
    private static final int OS_SUBMINOR_VERSION_MATCH_GROUP_NAME = 3;
    private static final int SW_ENFORCED_INDEX = 6;
    static final String TAG = "KeyAttestationTest";
    private static final int TEE_ENFORCED_INDEX = 7;
    private static final Pattern OS_VERSION_STRING_PATTERN = Pattern.compile("([0-9]{1,2})(?:\\.([0-9]{1,2}))?(?:\\.([0-9]{1,2}))?(?:[^0-9.]+.*)?");
    private static final Pattern OS_PATCH_LEVEL_STRING_PATTERN = Pattern.compile("([0-9]{4})-([0-9]{2})-[0-9]{2}");

    static int bigIntegerToInt(BigInteger bigInteger) throws Exception {
        if (bigInteger.compareTo(BigInteger.valueOf(2147483647L)) > 0 || bigInteger.compareTo(BigInteger.ZERO) < 0) {
            throw new Exception("INTEGER out of bounds");
        }
        return bigInteger.intValue();
    }

    private static ASN1Sequence extractAttestationSequence(Certificate certificate) throws Exception, IOException {
        byte[] extensionValue = ((X509Certificate) certificate).getExtensionValue(KEY_DESCRIPTION_OID);
        if (extensionValue == null || extensionValue.length == 0) {
            throw new Exception("Couldn't find the keystore attestation extension data.");
        }
        ASN1Sequence aSN1Sequence = null;
        ASN1InputStream aSN1InputStream = new ASN1InputStream(extensionValue);
        try {
            ASN1OctetString readObject = aSN1InputStream.readObject();
            if (readObject != null) {
                ASN1InputStream aSN1InputStream2 = new ASN1InputStream(readObject.getOctets());
                try {
                    ASN1Sequence aSN1Sequence2 = (ASN1Sequence) aSN1InputStream2.readObject();
                    aSN1InputStream2.close();
                    aSN1Sequence = aSN1Sequence2;
                } finally {
                }
            }
            aSN1InputStream.close();
            return aSN1Sequence;
        } catch (Throwable th) {
            try {
                aSN1InputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static ASN1Primitive findAuthorizationListEntry(ASN1Encodable[] aSN1EncodableArr, int i) {
        for (ASN1Encodable aSN1Encodable : aSN1EncodableArr) {
            ASN1TaggedObject aSN1TaggedObject = (ASN1TaggedObject) aSN1Encodable;
            if (aSN1TaggedObject.getTagNo() == i) {
                return aSN1TaggedObject.getObject();
            }
        }
        return null;
    }

    private void generateKey(KeyGenParameterSpec keyGenParameterSpec, String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(str, "AndroidKeyStore");
        keyGenerator.init(keyGenParameterSpec);
        keyGenerator.generateKey();
    }

    private void generateKeyPair(String str, KeyGenParameterSpec keyGenParameterSpec) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, "AndroidKeyStore");
        keyPairGenerator.initialize(keyGenParameterSpec);
        keyPairGenerator.generateKeyPair();
    }

    public static int getIntegerFromAsn1(ASN1Encodable aSN1Encodable) throws Exception {
        if (aSN1Encodable instanceof ASN1Integer) {
            return bigIntegerToInt(((ASN1Integer) aSN1Encodable).getValue());
        }
        if (aSN1Encodable instanceof ASN1Enumerated) {
            return bigIntegerToInt(((ASN1Enumerated) aSN1Encodable).getValue());
        }
        throw new Exception("Integer value expected; found " + aSN1Encodable.getClass().getName() + " instead.");
    }

    private boolean isEncryptionPurpose(int i) {
        return ((i & 2) == 0 && (i & 1) == 0) ? false : true;
    }

    private boolean isSignaturePurpose(int i) {
        return ((i & 4) == 0 && (i & 8) == 0) ? false : true;
    }

    private static String securityLevelToString(int i) throws Exception {
        if (i == 0) {
            return "Software";
        }
        if (i == 1) {
            return "TEE";
        }
        throw new Exception("Invalid security level.");
    }

    private void testEcAttestation(byte[] bArr, boolean z, String str, int i, int i2) throws Exception {
        long currentTimeMillis = System.currentTimeMillis();
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("EEE MMM dd HH:mm:ss zzz yyyy", Locale.US);
        String format = simpleDateFormat.format(Long.valueOf(currentTimeMillis));
        String format2 = simpleDateFormat.format(Long.valueOf(1000000 + currentTimeMillis));
        String format3 = simpleDateFormat.format(Long.valueOf(currentTimeMillis + 2000000));
        KeyGenParameterSpec.Builder attestationChallenge = new KeyGenParameterSpec.Builder("test_key", i2).setAlgorithmParameterSpec(new ECGenParameterSpec(str)).setDigests("NONE", "SHA-256", "SHA-512").setAttestationChallenge(bArr);
        if (z) {
            attestationChallenge.setKeyValidityStart(simpleDateFormat.parse(format)).setKeyValidityForOriginationEnd(simpleDateFormat.parse(format2)).setKeyValidityForConsumptionEnd(simpleDateFormat.parse(format3));
        }
        generateKeyPair("EC", attestationChallenge.build());
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        try {
            Certificate[] certificateChain = keyStore.getCertificateChain("test_key");
            if (certificateChain != null) {
                verifyCertificateSignatures(certificateChain);
                verifyAttestation(certificateChain, 3, bArr, i, i2);
            } else {
                Log.e(TAG, "certificates is null");
            }
        } finally {
            keyStore.deleteEntry("test_key");
        }
    }

    private void testRsaAttestation(byte[] bArr, boolean z, int i, int i2, String[] strArr) throws Exception {
        long currentTimeMillis = System.currentTimeMillis();
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("EEE MMM dd HH:mm:ss zzz yyyy", Locale.US);
        String format = simpleDateFormat.format(Long.valueOf(currentTimeMillis));
        String format2 = simpleDateFormat.format(Long.valueOf(1000000 + currentTimeMillis));
        String format3 = simpleDateFormat.format(Long.valueOf(currentTimeMillis + 2000000));
        KeyGenParameterSpec.Builder attestationChallenge = new KeyGenParameterSpec.Builder("test_key", i2).setKeySize(i).setDigests("NONE", "SHA-256", "SHA-512").setAttestationChallenge(bArr);
        if (z) {
            attestationChallenge.setKeyValidityStart(simpleDateFormat.parse(format)).setKeyValidityForOriginationEnd(simpleDateFormat.parse(format2)).setKeyValidityForConsumptionEnd(simpleDateFormat.parse(format3));
        }
        if (isEncryptionPurpose(i2)) {
            attestationChallenge.setEncryptionPaddings(strArr);
            attestationChallenge.setRandomizedEncryptionRequired(false);
        }
        if (isSignaturePurpose(i2)) {
            attestationChallenge.setSignaturePaddings(strArr);
        }
        generateKeyPair("RSA", attestationChallenge.build());
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        try {
            Certificate[] certificateChain = keyStore.getCertificateChain("test_key");
            if (certificateChain != null) {
                verifyCertificateSignatures(certificateChain);
                verifyAttestation(certificateChain, 1, bArr, i, i2);
            } else {
                Log.e(TAG, "certificates is null");
            }
        } finally {
            keyStore.deleteEntry("test_key");
        }
    }

    private void testRsaAttestations(int i, byte[] bArr, int i2, String[][] strArr) throws Exception {
        for (String[] strArr2 : strArr) {
            try {
                testRsaAttestation(bArr, true, i, i2, strArr2);
                testRsaAttestation(bArr, false, i, i2, strArr2);
            } catch (Throwable th) {
                throw new Exception("Failed on key size " + i + " challenge [" + new String(bArr) + "], purposes " + i2 + " and paddings " + Arrays.toString(strArr2), th);
            }
        }
    }

    public static void verifyAttestation(Certificate[] certificateArr, int i, byte[] bArr, int i2, int i3) throws Exception {
        ASN1Sequence extractAttestationSequence = extractAttestationSequence(certificateArr[0]);
        if (extractAttestationSequence == null) {
            throw new Exception("invalid extensionData");
        }
        int integerFromAsn1 = getIntegerFromAsn1(extractAttestationSequence.getObjectAt(0));
        Log.i(TAG, "attestationVersion = " + integerFromAsn1);
        if (integerFromAsn1 != 1 && integerFromAsn1 != 2 && integerFromAsn1 != 3 && integerFromAsn1 != 4 && integerFromAsn1 != 100 && integerFromAsn1 != 200) {
            throw new Exception("Unexpected attestation version. Attestation version must be 1 or 2 or 3 or 4 or 100 or 200");
        }
        int integerFromAsn12 = getIntegerFromAsn1(extractAttestationSequence.getObjectAt(1));
        int integerFromAsn13 = getIntegerFromAsn1(extractAttestationSequence.getObjectAt(3));
        Log.e(TAG, "Attestation security level: " + securityLevelToString(integerFromAsn12));
        Log.e(TAG, "Keymaster security level: " + securityLevelToString(integerFromAsn13));
        if (integerFromAsn12 != 1) {
            throw new Exception("Unexpected attestation security level value.");
        }
        if (integerFromAsn13 != 1) {
            throw new Exception("Unexpected keymaster security level value.");
        }
        if (!Arrays.equals(bArr, extractAttestationSequence.getObjectAt(4).getOctets())) {
            throw new Exception("Incorrect challenge string; key is not fresh");
        }
        extractAttestationSequence.getObjectAt(6).toArray();
        ASN1Encodable[] array = extractAttestationSequence.getObjectAt(7).toArray();
        int integerFromAsn14 = getIntegerFromAsn1(findAuthorizationListEntry(array, 3));
        Log.e(TAG, "Key size: " + integerFromAsn14);
        if (integerFromAsn14 != i2) {
            throw new Exception("The key does not have the expected size.");
        }
        int integerFromAsn15 = getIntegerFromAsn1(findAuthorizationListEntry(array, 2));
        Log.e(TAG, "Key cryptographic algorithm: " + integerFromAsn15);
        if (integerFromAsn15 != i) {
            throw new Exception("This key is not an elliptic curve (EC) key, which was expected.");
        }
        int integerFromAsn16 = getIntegerFromAsn1(findAuthorizationListEntry(array, 702));
        Log.e(TAG, "Key origin: " + integerFromAsn16);
        if (integerFromAsn16 != 0) {
            throw new Exception("This key does not have the expected origin.");
        }
    }

    private void verifyCertificateSignatures(Certificate[] certificateArr) throws GeneralSecurityException {
        for (int i = 1; i < certificateArr.length; i++) {
            int i2 = i - 1;
            try {
                certificateArr[i2].verify(certificateArr[i].getPublicKey());
            } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e) {
                throw new GeneralSecurityException("Failed to verify certificate " + certificateArr[i2] + " with public key " + certificateArr[i].getPublicKey(), e);
            }
        }
    }

    public void testEcAttestation() throws Exception {
        String[] strArr = {"secp224r1"};
        int[] iArr = {ReserveCommonCommands.FM_AT_SLEEP_ON};
        byte[][] bArr = {"challenge".getBytes()};
        int[] iArr2 = {2};
        for (int i = 0; i < 1; i++) {
            for (int i2 = 0; i2 < 1; i2++) {
                for (int i3 = 0; i3 < 1; i3++) {
                    try {
                        testEcAttestation(bArr[i2], true, strArr[i], iArr[i], iArr2[i3]);
                        testEcAttestation(bArr[i2], false, strArr[i], iArr[i], iArr2[i3]);
                    } catch (Throwable th) {
                        throw new Exception("Failed on curve " + i + " and challege " + i2, th);
                    }
                }
            }
        }
    }

    public void testRsaAttestation() throws Exception {
        int[] iArr = {512};
        byte[][] bArr = {"challenge".getBytes()};
        int[] iArr2 = {12};
        String[][] strArr = {new String[]{"NoPadding"}};
        String[][] strArr2 = {new String[]{"PKCS1"}};
        for (int i = 0; i < 1; i++) {
            int i2 = iArr[i];
            for (int i3 = 0; i3 < 1; i3++) {
                byte[] bArr2 = bArr[i3];
                for (int i4 = 0; i4 < 1; i4++) {
                    int i5 = iArr2[i4];
                    if (isEncryptionPurpose(i5)) {
                        testRsaAttestations(i2, bArr2, i5, strArr);
                    } else {
                        testRsaAttestations(i2, bArr2, i5, strArr2);
                    }
                }
            }
        }
    }
}
