package at.asitplus.utils.deviceintegrity;

import android.security.keystore.KeyGenParameterSpec;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1Boolean;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Enumerated;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DLTaggedObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes8.dex */
public class AttestationHelper {
    private static final String ALGORITHM = "EC";
    private static final String KEYSTORE_ALIAS = "attestation";
    private static final String KEYSTORE_NAME = "AndroidKeyStore";
    private static final String KEY_DESCRIPTION_OID = "1.3.6.1.4.1.11129.2.1.17";
    private static final int KM_TAG_ROOT_OF_TRUST = 704;
    private static final int TEE_ENFORCED_INDEX = 7;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AttestationHelper.class);

    /* loaded from: classes8.dex */
    public enum BootState {
        VERIFIED(0),
        SELF_SIGNED(1),
        UNVERIFIED(2),
        FAILED(3),
        OTHER(-1),
        NOT_ATTESTED(-2);

        private final int code;

        BootState(int i) {
            this.code = i;
        }
    }

    private static int bigIntegerToInt(BigInteger bigInteger) {
        if (bigInteger.compareTo(BigInteger.valueOf(2147483647L)) > 0 || bigInteger.compareTo(BigInteger.ZERO) < 0) {
            return -1;
        }
        return bigInteger.intValue();
    }

    private static ASN1Sequence extractAttestationSequence(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(KEY_DESCRIPTION_OID);
        if (extensionValue == null || extensionValue.length == 0) {
            return null;
        }
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(extensionValue);
            try {
                ASN1InputStream aSN1InputStream2 = new ASN1InputStream(((ASN1OctetString) aSN1InputStream.readObject()).getOctets());
                try {
                    ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1InputStream2.readObject();
                    aSN1InputStream2.close();
                    aSN1InputStream.close();
                    return aSN1Sequence;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            return null;
        }
    }

    private static ASN1Primitive findAuthorizationListEntry(ASN1Encodable[] aSN1EncodableArr, int i) {
        for (ASN1Encodable aSN1Encodable : aSN1EncodableArr) {
            ASN1TaggedObject aSN1TaggedObject = (ASN1TaggedObject) aSN1Encodable;
            if (aSN1TaggedObject.getTagNo() == i) {
                ASN1Primitive loadedObject = aSN1TaggedObject.getLoadedObject();
                return loadedObject instanceof DLTaggedObject ? ((DLTaggedObject) loadedObject).getBaseObject().toASN1Primitive() : loadedObject;
            }
        }
        return null;
    }

    private X509Certificate getAttestationCertificate() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null, null);
            return (X509Certificate) keyStore.getCertificateChain(KEYSTORE_ALIAS)[0];
        } catch (Exception e) {
            return null;
        }
    }

    private static BootState getBootStateFromAsn1(ASN1Primitive aSN1Primitive) {
        if (!(aSN1Primitive instanceof ASN1Sequence)) {
            return BootState.NOT_ATTESTED;
        }
        ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1Primitive;
        return !((ASN1Boolean) aSN1Sequence.getObjectAt(1)).isTrue() ? BootState.UNVERIFIED : parseBootState(getIntegerFromAsn1((ASN1Enumerated) aSN1Sequence.getObjectAt(2)));
    }

    private static int getIntegerFromAsn1(ASN1Encodable aSN1Encodable) {
        if (aSN1Encodable == null) {
            return -1;
        }
        if (aSN1Encodable instanceof ASN1Integer) {
            return bigIntegerToInt(((ASN1Integer) aSN1Encodable).getValue());
        }
        if (aSN1Encodable instanceof ASN1Enumerated) {
            return bigIntegerToInt(((ASN1Enumerated) aSN1Encodable).getValue());
        }
        return -1;
    }

    private static BootState parseBootState(int i) {
        for (BootState bootState : BootState.values()) {
            if (bootState.code == i) {
                return bootState;
            }
        }
        return BootState.OTHER;
    }

    public boolean createKey() {
        try {
            KeyGenParameterSpec.Builder keySize = new KeyGenParameterSpec.Builder(KEYSTORE_ALIAS, 4).setDigests("SHA-256").setKeySize(256);
            keySize.setAttestationChallenge("random".getBytes());
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM, "AndroidKeyStore");
            keyPairGenerator.initialize(keySize.build());
            keyPairGenerator.generateKeyPair();
            return true;
        } catch (Exception e) {
            log.warn("createKey: Creation of attestation key failed", (Throwable) e);
            return false;
        }
    }

    public BootState getBootState() {
        ASN1Sequence extractAttestationSequence;
        ASN1Primitive findAuthorizationListEntry;
        X509Certificate attestationCertificate = getAttestationCertificate();
        if (attestationCertificate != null && (extractAttestationSequence = extractAttestationSequence(attestationCertificate)) != null) {
            ASN1Encodable[] array = ((ASN1Sequence) extractAttestationSequence.getObjectAt(7)).toArray();
            if (array.length > 0 && (findAuthorizationListEntry = findAuthorizationListEntry(array, 704)) != null) {
                return getBootStateFromAsn1(findAuthorizationListEntry);
            }
            return BootState.NOT_ATTESTED;
        }
        return BootState.NOT_ATTESTED;
    }

    public Boolean isAttestationSupported() {
        X509Certificate attestationCertificate = getAttestationCertificate();
        if (attestationCertificate == null) {
            log.debug("isAttestationSupported: certificate = null");
            return false;
        }
        ASN1Sequence extractAttestationSequence = extractAttestationSequence(attestationCertificate);
        if (extractAttestationSequence == null) {
            log.debug("isAttestationSupported: extensionData = null");
            return false;
        }
        ASN1Encodable[] array = ((ASN1Sequence) extractAttestationSequence.getObjectAt(7)).toArray();
        if (array.length <= 0) {
            log.debug("isAttestationSupported: teeEnforced.length <= 0");
            return false;
        }
        if (findAuthorizationListEntry(array, 704) == null) {
            log.debug("isAttestationSupported: primitive = null");
            return false;
        }
        log.debug("isAttestationSupported: check successful");
        return true;
    }
}
