package com.hihonor.pkiauth.pki.b;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.ProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Optional;
import java.util.regex.Pattern;

/* loaded from: classes.dex */
public final class a {

    /* renamed from: a, reason: collision with root package name */
    private static final Pattern f7882a = Pattern.compile("\\s*|\t|\r|\n");

    private a() {
    }

    public static synchronized Optional<String> a() {
        boolean z;
        synchronized (a.class) {
            long currentTimeMillis = System.currentTimeMillis();
            b();
            try {
                Optional<String> d2 = d();
                if (d2.isPresent()) {
                    return d2;
                }
                com.hihonor.quickengine.a.a.a("PkiCertChainStore", "get cert fail, try create....");
                long currentTimeMillis2 = System.currentTimeMillis();
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", c());
                KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder("alias_quickEngine", 12);
                builder.setDigests("SHA-256").setKeySize(2048).setSignaturePaddings("PKCS1");
                keyPairGenerator.initialize(builder.setAttestationChallenge("challenge_quickEngine".getBytes()).build());
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                new StringBuilder("createCertChain duration: ").append(System.currentTimeMillis() - currentTimeMillis2);
                com.hihonor.quickengine.a.a.a("PkiCertChainStore");
                if (generateKeyPair != null) {
                    z = true;
                } else {
                    com.hihonor.quickengine.a.a.c("PkiCertChainStore", "createCertChain: keypair is null, Key creation failed");
                    z = false;
                }
                if (!z) {
                    com.hihonor.quickengine.a.a.a("PkiCertChainStore");
                    return Optional.empty();
                }
                new StringBuilder("getCertChainOrCreate duration: ").append(System.currentTimeMillis() - currentTimeMillis);
                com.hihonor.quickengine.a.a.a("PkiCertChainStore");
                return d();
            } catch (IOException | ClassNotFoundException | IllegalAccessException | InstantiationException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | ProviderException | CertificateException e2) {
                com.hihonor.quickengine.a.a.c("PkiCertChainStore", "getCertChainOrCreate: " + e2.getClass().getSimpleName());
                "getCertChainOrCreate: Exception ".concat(String.valueOf(e2));
                com.hihonor.quickengine.a.a.a("PkiCertChainStore");
                return Optional.empty();
            }
        }
    }

    public static Optional<String> a(byte[] bArr) {
        long currentTimeMillis = System.currentTimeMillis();
        b();
        try {
            KeyStore keyStore = KeyStore.getInstance("HwKeystore");
            keyStore.load(null);
            Key key = keyStore.getKey("alias_quickEngine", null);
            if (key == null) {
                com.hihonor.quickengine.a.a.c("PkiCertChainStore", "signData: privateKey is null, Signature failed");
                return Optional.empty();
            }
            Signature signature = Signature.getInstance("SHA256withRSA", c());
            signature.initSign((PrivateKey) key);
            signature.update(bArr);
            byte[] sign = signature.sign();
            new StringBuilder("sign duration: ").append(System.currentTimeMillis() - currentTimeMillis);
            com.hihonor.quickengine.a.a.a("PkiCertChainStore");
            return Optional.of(Base64.encodeToString(sign, 0));
        } catch (IOException | ClassNotFoundException | IllegalAccessException | InstantiationException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | SignatureException | UnrecoverableKeyException | CertificateException e2) {
            com.hihonor.quickengine.a.a.c("PkiCertChainStore", "sign: " + e2.getClass().getSimpleName());
            "sign: Exception ".concat(String.valueOf(e2));
            com.hihonor.quickengine.a.a.a("PkiCertChainStore");
            return Optional.empty();
        }
    }

    private static void b() {
        try {
            Class.forName("com.hihonor.android.security.keystore.HwUniversalKeyStoreProvider").getDeclaredMethod("install", new Class[0]).invoke(null, new Object[0]);
        } catch (ClassNotFoundException unused) {
            com.hihonor.quickengine.a.a.c("PkiCertChainStore", "installKeyStore: ClassNotFoundException");
        } catch (IllegalAccessException unused2) {
            com.hihonor.quickengine.a.a.c("PkiCertChainStore", "installKeyStore: IllegalAccessException");
        } catch (NoSuchMethodException unused3) {
            com.hihonor.quickengine.a.a.c("PkiCertChainStore", "installKeyStore: NoSuchMethodException");
        } catch (InvocationTargetException unused4) {
            com.hihonor.quickengine.a.a.c("PkiCertChainStore", "installKeyStore: InvocationTargetException");
        }
    }

    private static Provider c() throws ClassNotFoundException, InstantiationException, IllegalAccessException {
        return (Provider) Class.forName("com.hihonor.android.security.keystore.HwUniversalKeyStoreProvider").newInstance();
    }

    private static Optional<String> d() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        long currentTimeMillis = System.currentTimeMillis();
        KeyStore keyStore = KeyStore.getInstance("HwKeystore");
        keyStore.load(null);
        Certificate[] certificateChain = keyStore.getCertificateChain("alias_quickEngine");
        if (certificateChain == null || certificateChain.length < 4) {
            com.hihonor.quickengine.a.a.c("PkiCertChainStore", "getCertChain: get cert exception, cert count < 4");
            return Optional.empty();
        }
        new StringBuilder("getCertChain duration: ").append(System.currentTimeMillis() - currentTimeMillis);
        com.hihonor.quickengine.a.a.a("PkiCertChainStore");
        StringBuilder sb = new StringBuilder();
        for (Certificate certificate : certificateChain) {
            String encodeToString = Base64.encodeToString(certificate.getEncoded(), 0);
            sb.append("-----BEGIN CERTIFICATE-----");
            sb.append(f7882a.matcher(encodeToString).replaceAll(""));
            sb.append("-----END CERTIFICATE-----;");
        }
        String substring = sb.substring(0, sb.length() - 1);
        "******all chain*****: ".concat(String.valueOf(substring));
        com.hihonor.quickengine.a.a.a("PkiCertChainStore");
        return Optional.of(substring);
    }
}
