package com.samsung.android.spay.common.security;

import android.app.enterprise.EnterpriseDeviceManager;
import android.os.Build;
import android.os.IBinder;
import android.os.RemoteException;
import com.sec.dcm.DcmAdapter;
import com.sec.dcm.DcmKeyManager;
import com.sec.enterprise.knox.ccm.IClientCertificateManager;
import defpackage.ti;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/* loaded from: classes.dex */
public class KnoxTimaUtils {
    private static final String ALGORITHM = "SHA1withRSA";
    private static final String PROVIDER = "AndroidOpenSSL";
    private static final String TAG = "KnoxTimaUtils";

    private static Object callMethod(Class cls, String str, Object... objArr) {
        if (cls == null) {
            return null;
        }
        try {
            ti.a(TAG, "callMethod() Class : " + cls.getName() + " Method : " + str);
            Class<?>[] clsArr = new Class[objArr.length];
            for (int i = 0; i < objArr.length; i++) {
                clsArr[i] = objArr[i].getClass();
            }
            return cls.getMethod(str, clsArr).invoke(null, objArr);
        } catch (IllegalAccessException e) {
            e.printStackTrace();
            return null;
        } catch (NoSuchMethodException e2) {
            e2.printStackTrace();
            return null;
        } catch (InvocationTargetException e3) {
            e3.printStackTrace();
            return null;
        }
    }

    private static void enableDefaultCCMProfile() {
        IClientCertificateManager iClientCertificateManager = null;
        try {
            Class<?> cls = Class.forName("android.os.ServiceManager");
            iClientCertificateManager = IClientCertificateManager.Stub.asInterface((IBinder) cls.getMethod("getService", String.class).invoke(cls, EnterpriseDeviceManager.KNOX_CCM_POLICY_SERVICE));
            ti.b(TAG, "success to bind CCM service");
        } catch (ClassNotFoundException e) {
            ti.b(TAG, "ClassNotFoundException : " + e.getMessage());
        } catch (IllegalAccessException e2) {
            ti.b(TAG, "IllegalAccessException : " + e2.getMessage());
        } catch (InvocationTargetException e3) {
            ti.b(TAG, "InvocationTargetException : " + e3.getMessage());
        } catch (Exception e4) {
            ti.e(TAG, "Exception : " + e4.getMessage());
        } catch (NoSuchMethodError e5) {
            ti.b(TAG, "NoSuchMethodError : " + e5.getMessage());
        } catch (NoSuchMethodException e6) {
            ti.b(TAG, "NoSuchMethodException : " + e6.getMessage());
        }
        if (iClientCertificateManager != null) {
            try {
                ti.b(TAG, "setDefaultCCMProfile : " + iClientCertificateManager.setDefaultCCMProfile());
            } catch (RemoteException e7) {
                e7.printStackTrace();
            } catch (Exception e8) {
                ti.e(TAG, "Exception : " + e8.getMessage());
            } catch (NoSuchMethodError e9) {
                ti.b(TAG, "NoSuchMethodError : " + e9.getMessage());
            }
        }
    }

    public static X509Certificate[] getCCMCertificationChain() {
        Exception exc;
        X509Certificate[] x509CertificateArr;
        enableDefaultCCMProfile();
        ti.c(TAG, "getCCMCertificationChain()");
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("TimaKeyStore");
                if (keyStore == null) {
                    return null;
                }
                keyStore.load(null, null);
                KeyStore keyStore2 = KeyStore.getInstance("PKCS11", "SECPkcs11");
                if (keyStore2 == null) {
                    return null;
                }
                keyStore2.load(null, null);
                Certificate[] certificateChain = keyStore2.getCertificateChain("Samsung default");
                if (certificateChain == null || certificateChain.length == 0) {
                    return null;
                }
                X509Certificate[] x509CertificateArr2 = new X509Certificate[certificateChain.length];
                int i = 0;
                while (true) {
                    try {
                        int i2 = i;
                        if (i2 >= certificateChain.length) {
                            return x509CertificateArr2;
                        }
                        x509CertificateArr2[i2] = (X509Certificate) certificateChain[i2];
                        i = i2 + 1;
                    } catch (Exception e) {
                        x509CertificateArr = x509CertificateArr2;
                        exc = e;
                        exc.printStackTrace();
                        return x509CertificateArr;
                    }
                }
            } catch (Exception e2) {
                exc = e2;
                x509CertificateArr = null;
            }
        } catch (IOException e3) {
            e3.printStackTrace();
            return null;
        } catch (IllegalArgumentException e4) {
            e4.printStackTrace();
            return null;
        } catch (KeyStoreException e5) {
            e5.printStackTrace();
            return null;
        } catch (NoSuchAlgorithmException e6) {
            e6.printStackTrace();
            return null;
        } catch (CertificateException e7) {
            e7.printStackTrace();
            return null;
        }
    }

    public static X509Certificate[] getDcmCertificateChain() {
        X509Certificate[] x509CertificateArr;
        X509Certificate[] x509CertificateArr2;
        ti.c(TAG, "getDcmCertificateChain() start");
        if (Build.VERSION.SDK_INT < 23) {
            try {
                x509CertificateArr2 = new DcmKeyManager().getCertificateChain((String) callMethod(DcmAdapter.class, "getDefaultAlias", new Object[0]));
            } catch (NoClassDefFoundError | NoSuchMethodError | UnsatisfiedLinkError e) {
                try {
                    x509CertificateArr = getCCMCertificationChain();
                } catch (Exception e2) {
                    ti.e(TAG, "Getting certification failed.");
                    x509CertificateArr = null;
                }
                x509CertificateArr2 = x509CertificateArr;
            }
        } else {
            x509CertificateArr2 = getCCMCertificationChain();
        }
        if (x509CertificateArr2 == null || x509CertificateArr2.length == 0) {
            ti.e(TAG, "chain is empty.");
            return x509CertificateArr2;
        }
        for (int i = 0; i < x509CertificateArr2.length; i++) {
            ti.a(TAG, "chain[" + i + "] : " + x509CertificateArr2[i]);
        }
        ti.b(TAG, "getDcmCertificateChain() end");
        return x509CertificateArr2;
    }

    public static byte[] signInput(byte[] bArr) {
        byte[] bArr2;
        ti.c(TAG, "signInput() start");
        try {
            Signature signature = Signature.getInstance(ALGORITHM, PROVIDER);
            DcmKeyManager dcmKeyManager = new DcmKeyManager();
            ti.a(TAG, "DCM Alias : " + callMethod(DcmAdapter.class, "getDefaultAlias", new Object[0]));
            PrivateKey privateKey = dcmKeyManager.getPrivateKey((String) callMethod(DcmAdapter.class, "getDefaultAlias", new Object[0]));
            if (privateKey != null) {
                signature.initSign(privateKey);
            }
            signature.update(bArr);
            bArr2 = signature.sign();
        } catch (InvalidKeyException e) {
            e.printStackTrace();
            bArr2 = null;
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            bArr2 = null;
        } catch (NoSuchProviderException e3) {
            e3.printStackTrace();
            bArr2 = null;
        } catch (SignatureException e4) {
            e4.printStackTrace();
            bArr2 = null;
        }
        ti.b(TAG, "signInput() end");
        return bArr2;
    }

    public static boolean verifySignature(byte[] bArr, byte[] bArr2) {
        boolean z;
        ti.c(TAG, "verifySignature() start");
        try {
            X509Certificate[] certificateChain = new DcmKeyManager().getCertificateChain((String) callMethod(DcmAdapter.class, "getDefaultAlias", new Object[0]));
            PublicKey publicKey = certificateChain != null ? certificateChain[0].getPublicKey() : null;
            Signature signature = Signature.getInstance(ALGORITHM, PROVIDER);
            if (publicKey != null) {
                signature.initVerify(publicKey);
            }
            signature.update(bArr);
            z = signature.verify(bArr2);
        } catch (InvalidKeyException e) {
            e.printStackTrace();
            z = false;
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            z = false;
        } catch (NoSuchProviderException e3) {
            e3.printStackTrace();
            z = false;
        } catch (SignatureException e4) {
            e4.printStackTrace();
            z = false;
        }
        ti.b(TAG, "verifySignature() end  result : " + z);
        return z;
    }
}
