package defpackage;

import com.huawei.hms.app.CoreApplication;
import com.huawei.hms.support.api.entity.tss.EnrollCertRequ;
import com.huawei.hms.support.api.entity.tss.EnrollCertResp;
import com.huawei.hms.support.api.entity.tss.base.BaseResp;
import com.huawei.hms.tss.exception.TssException;
import com.huawei.hms.tss.hmsservice.TssTaHandler;
import com.huawei.hsf.pm.api.HwPackageManager;
import defpackage.C0199Ex;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;

/* loaded from: classes.dex */
public final class DY extends AbstractC0190Eo {
    private EnrollCertRequ b;
    private C0155Df c;
    private EN d;

    public DY(EnrollCertRequ enrollCertRequ) {
        super(enrollCertRequ, "InnerEnrollCertHandler");
        this.b = enrollCertRequ;
    }

    private X509Certificate[] a(C0421Nl[] c0421NlArr) throws TssException {
        try {
            X509Certificate[] x509CertificateArr = new X509Certificate[c0421NlArr.length];
            for (int i = 0; i < c0421NlArr.length; i++) {
                x509CertificateArr[i] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(c0421NlArr[i].o()));
            }
            return x509CertificateArr;
        } catch (IOException e) {
            throw new TssException(201008L, "convert cert fail with IOException, message : " + e.getMessage());
        } catch (CertificateException e2) {
            throw new TssException(201008L, "convert cert fail with CertificateException, message : " + e2.getMessage());
        }
    }

    private X509Certificate b(NE ne) throws TssException {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(((C0427Nr) ne.d().b()).e()[0].b().c().e().o()));
        } catch (IOException unused) {
            throw new TssException(201008L, "fail to serialize CMPCertificate");
        } catch (Exception e) {
            throw new TssException(201008L, "fail to get cert from cmp response, exception : " + e.getMessage());
        }
    }

    private void b(String str, EnrollCertResp enrollCertResp, X509Certificate[] x509CertificateArr, X509Certificate x509Certificate, String str2) throws TssException {
        X509Certificate[] x509CertificateArr2 = {x509Certificate, x509CertificateArr[0], x509CertificateArr[1], x509CertificateArr[2]};
        try {
            this.c.a(str, this.b.getAlias(), this.b.getAlias(), x509Certificate.getEncoded(), str2, this.d);
            this.c.a(str, this.b.getAlias(), "ca", x509CertificateArr[1].getEncoded(), str2, this.d);
            this.c.a(str, this.b.getAlias(), "cbgRootCert", x509CertificateArr[2].getEncoded(), str2, this.d);
            enrollCertResp.setCertChain(x509CertificateArr2);
            enrollCertResp.setRtnCode(0);
        } catch (CertificateEncodingException e) {
            throw new TssException(201008L, "convert cert fail with CertificateEncodingException, message : " + e.getMessage());
        }
    }

    private boolean c(String str, String str2) {
        try {
            this.c.a(str, this.b.getAlias(), this.b.getAlias(), str2, null).b();
            C0200Ey.b("InnerEnrollCertHandler", "service cert " + this.b.getAlias() + " is exist");
            return true;
        } catch (TssException | CertificateException unused) {
            return false;
        }
    }

    private NE d(String str, byte[] bArr) throws TssException {
        try {
            EI d = new C0199Ex.e(CoreApplication.getCoreBaseContext(), this.b.getCaUrl()).c(bArr).b("application/pkixcmp").e(str).c(this.b.getAccessToken()).c().d();
            if (200 == d.a()) {
                if (d.d() != null) {
                    return NE.d(d.d());
                }
                throw new TssException(201007L, "cmp req error, return repMsg is null..");
            }
            throw new TssException(201007L, "cmp req error, return " + d.a());
        } catch (IOException e) {
            String str2 = "request cmp error: " + e.getMessage();
            C0200Ey.e("InnerEnrollCertHandler", str2);
            throw new TssException(201007L, str2);
        }
    }

    private byte[] d(int i) throws TssException {
        try {
            byte[] bArr = new byte[i];
            SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
            return bArr;
        } catch (NoSuchAlgorithmException e) {
            throw new TssException(201005L, "fail to generateRandomBytes, NoSuchAlgorithmException " + e.getMessage());
        }
    }

    private X509Certificate[] d(NE ne, String str, String str2) throws TssException {
        try {
            X509Certificate[] a = a(ne.c());
            X509Certificate x509Certificate = a[0];
            X509Certificate x509Certificate2 = a[1];
            X509Certificate x509Certificate3 = a[2];
            x509Certificate.verify(x509Certificate2.getPublicKey());
            x509Certificate2.verify(x509Certificate3.getPublicKey());
            if (Arrays.equals((str == null || str.length() <= 0) ? this.c.b(0, str2, this.d).a() : C0202Fa.e(str, 0), ne.c()[2].o())) {
                return a;
            }
            throw new TssException(201008L, "cmp extra cbg root cert not equal to preset cbg root cert");
        } catch (IOException e) {
            throw new TssException(201008L, "verifyCertChain fail with IOException, message : " + e.getMessage());
        } catch (InvalidKeyException e2) {
            throw new TssException(201008L, "verifyCertChain fail with InvalidKeyException, message : " + e2.getMessage());
        } catch (NoSuchAlgorithmException e3) {
            throw new TssException(201008L, "verifyCertChain fail with NoSuchAlgorithmException, message : " + e3.getMessage());
        } catch (NoSuchProviderException e4) {
            throw new TssException(201008L, "verifyCertChain fail with NoSuchProviderException, message : " + e4.getMessage());
        } catch (SignatureException e5) {
            throw new TssException(201008L, "verifyCertChain fail with SignatureException, message : " + e5.getMessage());
        } catch (CertificateException e6) {
            throw new TssException(201008L, "verifyCertChain fail with CertificateException, message : " + e6.getMessage());
        }
    }

    private X509Certificate[] d(NE ne, byte[] bArr, String str, String str2) throws TssException {
        if (ne.d().a() == 23) {
            NF a = C0428Ns.d(ne.d().b()).a();
            throw new TssException(201008L, "Server returned error: errorCode:" + a.d().intValue() + " errorDetail: " + a.e().e(0));
        }
        if (ne.d().a() != 1) {
            throw new TssException(201008L, "response body type error : " + ne.d().a());
        }
        if (ne.a().c() == null || !Arrays.equals(bArr, ne.a().c().d())) {
            throw new TssException(201008L, "The receipt nonce should be the same as the sender nonce!");
        }
        X509Certificate[] d = d(ne, str, str2);
        e(ne, d[0]);
        return d;
    }

    private void e(NE ne, X509Certificate x509Certificate) throws TssException {
        try {
            C0465Pd c0465Pd = new C0465Pd(ne);
            if (!c0465Pd.b()) {
                throw new TssException(201008L, "The response PKIMessage was not protected!");
            }
            if (!new C0463Pb(c0465Pd).c(new QH().a(x509Certificate.getPublicKey()))) {
                throw new TssException(201008L, "cmp response verify pki protection fail");
            }
        } catch (C0464Pc e) {
            throw new TssException(201008L, "verifyCmpRspSignature fail with CMPException, message : " + e.getMessage());
        } catch (QE e2) {
            throw new TssException(201008L, "verifyCmpRspSignature fail with OperatorCreationException, message : " + e2.getMessage());
        }
    }

    private byte[] e(String str, byte[] bArr, String str2) throws TssException {
        try {
            return new CX(new BigInteger(this.b.getCertReqId()), this.b.getIssuer(), this.b.getSubject(), this.c.c(str, this.b.getAlias(), str2, this.d).b(), this.c.e(str2, this.d).b(), str2).d(this.b.getKeyType()).d(C0150Da.b.get(this.b.getAlgorithm()).longValue()).e(str).d(this.b.getAlias()).d(d(16)).b(bArr).d().o();
        } catch (IOException e) {
            throw new TssException(201005L, "fail to serialize pki message, IOException : " + e.getMessage());
        } catch (IllegalArgumentException e2) {
            throw new TssException(201005L, "fail to generate cmp request message, IllegalArgumentException ：" + e2.getMessage());
        } catch (CertificateException unused) {
            throw new TssException(201006L, "fail to generate cert from return bytes");
        } catch (Exception e3) {
            throw new TssException(201005L, "fail to generate cmp request message, exception : " + e3.getMessage());
        }
    }

    @Override // defpackage.InterfaceC0188Em
    public void a() throws TssException {
        EX.c();
        TssTaHandler.initTa();
    }

    @Override // defpackage.AbstractC0190Eo
    public BaseResp d(String str, String str2, EN en) throws TssException {
        this.d = en;
        EnrollCertResp enrollCertResp = new EnrollCertResp();
        try {
            this.c = new C0155Df();
            if (c(str, str2)) {
                enrollCertResp.setCertChain(C0182Eg.d(str, str2, this.b.getAlias(), en));
                return enrollCertResp;
            }
            new C0158Di().b(this.b.getKeyType(), HwPackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS, 0L, str, this.b.getAlias(), str2, en);
            en.k();
            this.c.d(str, this.b.getAlias(), str2, this.d);
            en.n();
            byte[] d = d(16);
            NE d2 = d(str, e(str, d, str2));
            en.m();
            X509Certificate[] d3 = d(d2, d, this.b.getCbgRootCert(), str2);
            en.l();
            b(str, enrollCertResp, d3, b(d2), str2);
            en.o();
            return enrollCertResp;
        } catch (CertificateException unused) {
            throw new TssException(201006L, "fail to generate cert from return bytes");
        }
    }
}
