package com.hihonor.pkiauth.pki.cert;

import android.icu.util.GregorianCalendar;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.annotation.RequiresApi;
import com.hihonor.android.support.utils.ToolKit;
import com.hihonor.gameengine.common.magicCompat.CompatHwUniversalKeyStoreProvider;
import java.io.IOException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Optional;
import java.util.regex.Pattern;
import org.hapjs.log.HLog;

/* loaded from: classes3.dex */
public class PkiCertChainStore {
    private static final String a = "PkiCertChainStore";
    private static final String b = "alias_quickEngine";
    private static final String c = "challenge_quickEngine";
    private static final int d = 2048;
    private static final int e = 4;
    private static final Pattern f = Pattern.compile("\\s*|\t|\r|\n");
    private static final String g = "HwKeystore";
    private static final String h = "-----BEGIN CERTIFICATE-----";
    private static final String i = "-----END CERTIFICATE-----;";

    private PkiCertChainStore() {
    }

    @RequiresApi(api = 24)
    private static Optional<String> a() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance(g);
        keyStore.load(null);
        Certificate[] certificateChain = keyStore.getCertificateChain(b);
        if (certificateChain == null || certificateChain.length < 4) {
            HLog.err(a, "getCertChain: get cert exception, cert count < 4");
            return Optional.empty();
        }
        StringBuilder sb = new StringBuilder();
        for (Certificate certificate : certificateChain) {
            String encodeToString = Base64.encodeToString(certificate.getEncoded(), 0);
            sb.append(h);
            sb.append(f.matcher(encodeToString).replaceAll(""));
            sb.append(i);
        }
        return Optional.of(sb.substring(0, sb.length() - 1));
    }

    @RequiresApi(api = 24)
    private static boolean b() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", CompatHwUniversalKeyStoreProvider.getKeystoreProvider());
        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(b, 12);
        builder.setDigests(ToolKit.DIGEST_ALGORITHM_SHA256).setKeySize(2048).setSignaturePaddings("PKCS1");
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.add(1, 10);
        keyPairGenerator.initialize(builder.setAttestationChallenge(c.getBytes()).setKeyValidityStart(gregorianCalendar.getTime()).setKeyValidityForConsumptionEnd(gregorianCalendar2.getTime()).setCertificateNotBefore(gregorianCalendar.getTime()).setCertificateNotAfter(gregorianCalendar2.getTime()).build());
        if (keyPairGenerator.generateKeyPair() != null) {
            return true;
        }
        HLog.err(a, "createCertChain: keypair is null, Key creation failed");
        return false;
    }

    @RequiresApi(api = 24)
    public static synchronized Optional<String> generateCertChain() {
        synchronized (PkiCertChainStore.class) {
            try {
                CompatHwUniversalKeyStoreProvider.install();
                Optional<String> a2 = a();
                if (a2.isPresent()) {
                    return a2;
                }
                HLog.info(a, "get cert fail, try create....");
                if (b()) {
                    return a();
                }
                HLog.debug(a, "Preconditions are not met, Failed to create key");
                return Optional.empty();
            } catch (Throwable th) {
                HLog.err(a, "generateCertChain: error", th);
                return Optional.empty();
            }
        }
    }
}
