package com.gmrz.idaas.utils;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import com.gmrz.appsdk.FidoReInfo;
import com.gmrz.appsdk.commlib.api.FidoStatus;
import com.gmrz.appsdk.util.Compatibility;
import com.huawei.hms.aaid.constant.AaidIdConstant;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.util.Arrays;
import java.util.Calendar;
import java.util.UUID;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class DeviceIDUtil {
    private static final int FLAG_BASE64 = 11;
    private static final String SP_FILE_NAME = "device_id";
    private static final String TAG = "DEVICE_ID";

    public static boolean clearDeviceId(Context context, String str) {
        Log.d(TAG, "clear cached device id");
        if (TextUtils.isEmpty(context.getSharedPreferences(SP_FILE_NAME, 0).getString(str, null))) {
            return false;
        }
        return context.getSharedPreferences(SP_FILE_NAME, 0).edit().remove(str).commit();
    }

    private static FidoReInfo generateDeviceId(Context context, String str) {
        FidoReInfo fidoReInfo = new FidoReInfo();
        fidoReInfo.setStatus(FidoStatus.FAILED);
        if (context == null) {
            fidoReInfo.setStatus(FidoStatus.INVALID_PARAM);
            return fidoReInfo;
        }
        String uuid = UUID.randomUUID().toString();
        try {
            if (Build.VERSION.SDK_INT >= 23) {
                Log.d(TAG, "operating system higher Android M use ECC public key as deviceId");
                generateEcKeyPair(uuid);
                uuid = Base64.encodeToString(getEcPubKey(uuid), 11);
            } else {
                Log.d(TAG, "operating system below Android M use RSA public key as deviceId");
                generateRsaKeyPair(context, uuid);
                uuid = SHAUtil.SHA256(Base64.encodeToString(getRsaPubKey(uuid), 11));
            }
        } catch (Exception unused) {
            Log.d(TAG, "Android keystore generate keypair cause exception use compatible mode UUID as deviceId");
            uuid = Compatibility.AesEncrypt(uuid).trim();
        }
        if (context.getSharedPreferences(SP_FILE_NAME, 0).edit().putString(str, uuid).commit()) {
            Log.d(TAG, "IDaaS device id generate successful");
            fidoReInfo.setStatus(FidoStatus.SUCCESS);
            fidoReInfo.setUniqueID(uuid);
        }
        return fidoReInfo;
    }

    private static void generateEcKeyPair(String str) throws Exception {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 20);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 4).setDigests(AaidIdConstant.SIGNATURE_SHA256).setAlgorithmParameterSpec(new ECGenParameterSpec("prime256v1")).setCertificateSubject(new X500Principal(String.format("CN=%s, OU=%s", str, TAG))).setCertificateSerialNumber(BigInteger.ONE).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).setUserAuthenticationRequired(false).build());
        keyPairGenerator.generateKeyPair();
    }

    private static void generateRsaKeyPair(Context context, String str) throws Exception {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 20);
        KeyPairGeneratorSpec.Builder builder = new KeyPairGeneratorSpec.Builder(context);
        builder.setAlias(str).setSubject(new X500Principal(String.format("CN=%s, OU=%s", str, context.getPackageName()))).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(builder.build());
        keyPairGenerator.generateKeyPair();
    }

    public static FidoReInfo getDeviceId(Context context, String str) {
        FidoReInfo fidoReInfo = new FidoReInfo();
        fidoReInfo.setStatus(FidoStatus.FAILED);
        if (context == null) {
            fidoReInfo.setStatus(FidoStatus.INVALID_PARAM);
            return fidoReInfo;
        }
        String string = context.getSharedPreferences(SP_FILE_NAME, 0).getString(str, null);
        if (TextUtils.isEmpty(string)) {
            Log.d(TAG, "no deviceId in sharedPreference and generate it");
            return generateDeviceId(context, str);
        }
        Log.d(TAG, "get deviceId from sharedPreference");
        Log.d(TAG, "IDaaS deviceId:" + string);
        fidoReInfo.setStatus(FidoStatus.SUCCESS);
        fidoReInfo.setUniqueID(string);
        return fidoReInfo;
    }

    private static byte[] getEcPubKey(String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        KeyStore.Entry entry = keyStore.getEntry(str, null);
        if (entry == null) {
            throw new Exception("Unable to get the signing key by name " + str);
        }
        ECPublicKey eCPublicKey = (ECPublicKey) ((KeyStore.PrivateKeyEntry) entry).getCertificate().getPublicKey();
        byte[] byteArray = eCPublicKey.getW().getAffineX().toByteArray();
        byte[] byteArray2 = eCPublicKey.getW().getAffineY().toByteArray();
        if (byteArray.length > 33) {
            Log.e(TAG, "Export EC public key failed: Incorrect length of x");
            throw new Exception("Export EC public key failed: Incorrect length of x");
        }
        if (byteArray2.length > 33) {
            Log.e(TAG, "Export EC public key failed: Incorrect length of y");
            throw new Exception("Export EC public key failed: Incorrect length of y");
        }
        ByteBuffer allocate = ByteBuffer.allocate(68);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        allocate.putShort((short) 32);
        allocate.put(getRawData(byteArray));
        allocate.putShort((short) 32);
        allocate.put(getRawData(byteArray2));
        return allocate.array();
    }

    private static byte[] getRawData(byte[] bArr) {
        byte[] bArr2 = new byte[32];
        Arrays.fill(bArr2, (byte) 0);
        if (bArr.length > 32) {
            System.arraycopy(bArr, 1, bArr2, 0, 32);
        } else {
            System.arraycopy(bArr, 0, bArr2, 32 - bArr.length, bArr.length);
        }
        return bArr2;
    }

    private static byte[] getRsaPubKey(String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        Certificate certificate = keyStore.getCertificate(str);
        if (certificate == null || certificate.getPublicKey() == null) {
            L.e(TAG, "keystore certificate or public key of cert is null");
            return null;
        }
        RSAPublicKey rSAPublicKey = (RSAPublicKey) certificate.getPublicKey();
        byte[] byteArray = rSAPublicKey.getModulus().toByteArray();
        byte[] byteArray2 = rSAPublicKey.getPublicExponent().toByteArray();
        byte[] bArr = new byte[byteArray2.length + 256];
        if (byteArray.length > 257 || (byteArray.length == 257 && byteArray[0] != 0)) {
            throw new IllegalStateException("Modulus of RSA public key has wrong size.");
        }
        if (byteArray.length == 257) {
            System.arraycopy(byteArray, 1, bArr, 0, 256);
        } else {
            System.arraycopy(byteArray, 0, bArr, 0, 256);
        }
        System.arraycopy(byteArray2, 0, bArr, 256, byteArray2.length);
        return bArr;
    }
}
