package com.trustkernel.uauth.model;

import a.a.a.a.a;
import a.c.c.a.b;
import android.util.Base64;
import com.google.gson.JsonArray;
import com.google.gson.JsonObject;
import com.google.gson.TypeAdapter;
import com.google.gson.stream.JsonReader;
import com.google.gson.stream.JsonWriter;
import com.trustkernel.uauth.model.AttestablePubKeyModel;
import java.io.ByteArrayInputStream;
import java.security.InvalidKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import org.apache.http.cookie.ClientCookie;

@com.google.gson.annotations.JsonAdapter(JsonAdapter.class)
/* loaded from: classes3.dex */
public class Keymaster3PubKeyModel extends AttestablePubKeyModel {
    public static final Keymaster3PubKeyModel Stub;
    public static final String TAG = "Keymaster3PubKeyModel";
    public String[] certs;
    public short keyAlgorithm;

    /* loaded from: classes3.dex */
    public static class JsonAdapter extends TypeAdapter<Keymaster3PubKeyModel> {
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.google.gson.TypeAdapter
        /* renamed from: read */
        public Keymaster3PubKeyModel read2(JsonReader jsonReader) {
            return null;
        }

        @Override // com.google.gson.TypeAdapter
        public void write(JsonWriter jsonWriter, Keymaster3PubKeyModel keymaster3PubKeyModel) {
            JsonObject jsonObject = new JsonObject();
            jsonObject.addProperty(ClientCookie.VERSION_ATTR, Integer.valueOf(keymaster3PubKeyModel.getVersion()));
            jsonObject.addProperty("keyName", keymaster3PubKeyModel.getKeyName());
            jsonObject.addProperty("keyType", Integer.valueOf(keymaster3PubKeyModel.getKeyType().value()));
            if (keymaster3PubKeyModel.getAttKeyName() != null) {
                jsonObject.addProperty("attKeyName", keymaster3PubKeyModel.getAttKeyName());
            }
            JsonArray jsonArray = new JsonArray();
            for (String str : keymaster3PubKeyModel.getCertificateChain()) {
                jsonArray.add(str);
            }
            jsonObject.add("certs", jsonArray);
            jsonObject.addProperty("keyAlgorithm", Short.valueOf(keymaster3PubKeyModel.getKeyAlgorithm()));
            jsonWriter.value(jsonObject.toString());
        }
    }

    static {
        try {
            Stub = new Keymaster3PubKeyModel("stub");
        } catch (InvalidKeyException unused) {
            throw new RuntimeException("Invalid stub key");
        }
    }

    public Keymaster3PubKeyModel(String str) {
        super(str, AttestablePubKeyModel.KeyType.KM3, null);
        this.certs = new String[]{""};
    }

    public Keymaster3PubKeyModel(String str, Certificate[] certificateArr, short s) {
        super(str, AttestablePubKeyModel.KeyType.KM3, null);
        if (certificateArr == null || !verifyCertificateChain(certificateArr)) {
            b.f120a.e(TAG, "invalid cert chain", new Object[0]);
            throw new CertificateException("cert chain not verifiable");
        }
        this.certs = new String[certificateArr.length];
        int i = 0;
        while (true) {
            String[] strArr = this.certs;
            if (i >= strArr.length) {
                this.keyAlgorithm = s;
                return;
            }
            try {
                strArr[i] = Base64.encodeToString(certificateArr[i].getEncoded(), 0);
                i++;
            } catch (CertificateEncodingException e) {
                StringBuilder a2 = a.a("invalid encoding for certificate ");
                a2.append(e.getMessage());
                b.f120a.e(TAG, a2.toString(), new Object[0]);
                throw e;
            }
        }
    }

    private boolean verifyCertificateChain(Certificate[] certificateArr) {
        int i = 0;
        while (i < certificateArr.length - 1) {
            try {
                int i2 = i + 1;
                certificateArr[i].verify(certificateArr[i2].getPublicKey());
                i = i2;
            } catch (Exception e) {
                b.f120a.e(TAG, "Cert " + i + " verify failed: " + e, new Object[0]);
                return false;
            }
        }
        try {
            certificateArr[certificateArr.length - 1].verify(certificateArr[certificateArr.length - 1].getPublicKey());
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    public String[] getCertificateChain() {
        return this.certs;
    }

    public short getKeyAlgorithm() {
        return this.keyAlgorithm;
    }

    @Override // com.trustkernel.uauth.model.AttestablePubKeyModel
    public String getPublicKey() {
        String[] strArr = this.certs;
        if (strArr != null && strArr.length != 0) {
            try {
                byte[] decode = Base64.decode(strArr[strArr.length - 1], 0);
                StringBuilder sb = new StringBuilder();
                sb.append("-----BEGIN PUBLIC KEY-----\n");
                sb.append(Base64.encodeToString(CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decode)).getPublicKey().getEncoded(), 0));
                sb.append("-----END PUBLIC KEY-----");
                return sb.toString();
            } catch (CertificateException e) {
                StringBuilder a2 = a.a("invalid certificate");
                a2.append(e.getMessage());
                b.f120a.e(TAG, a2.toString(), new Object[0]);
            }
        }
        return null;
    }
}
