package com.daon.sdk.crypto.d;

import android.content.Context;
import android.os.Bundle;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import android.util.Log;
import com.daon.sdk.crypto.CryptoSdk;
import com.daon.sdk.crypto.Cryptography;
import com.daon.sdk.crypto.SecureKeyStore;
import com.daon.sdk.crypto.g;
import com.daon.sdk.crypto.i;
import com.google.android.gms.vision.barcode.Barcode;
import com.google.android.material.card.MaterialCardViewHelper;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import java.util.Enumeration;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.json.JSONArray;

/* loaded from: classes.dex */
public class a implements SecureKeyStore {

    /* renamed from: a, reason: collision with root package name */
    protected String f9752a = "RSA";

    /* renamed from: b, reason: collision with root package name */
    protected int f9753b = Barcode.PDF417;

    /* renamed from: c, reason: collision with root package name */
    protected String f9754c = "secp256r1";

    /* renamed from: d, reason: collision with root package name */
    protected Context f9755d;

    /* renamed from: e, reason: collision with root package name */
    protected Cryptography f9756e;

    /* renamed from: f, reason: collision with root package name */
    protected SecretKey f9757f;

    /* renamed from: g, reason: collision with root package name */
    private Bundle f9758g;

    /* renamed from: h, reason: collision with root package name */
    private String f9759h;

    public a(Context context, Cryptography cryptography, SecretKey secretKey, Bundle bundle) throws NoSuchAlgorithmException {
        this.f9759h = "Software";
        this.f9755d = context;
        this.f9756e = cryptography;
        this.f9757f = secretKey;
        this.f9758g = bundle;
        if (bundle != null) {
            a(bundle.getString("key.property.algorithm", "RSA"), bundle.getInt("key.property.size", Barcode.PDF417), bundle.getString("key.property.curve", "secp256r1"));
            this.f9759h = bundle.getString("keystore.property.type", "Software");
        }
    }

    private void a(String str, int i10, String str2) throws NoSuchAlgorithmException {
        if ("RSA".equals(str)) {
            this.f9752a = str;
            this.f9753b = i10;
        } else if ("EC".equals(str)) {
            this.f9752a = str;
            this.f9754c = str2;
        } else {
            throw new NoSuchAlgorithmException("Algorithm not supported: " + str);
        }
    }

    private void a(KeyPair keyPair, String str) throws Exception {
        if (this.f9756e != null) {
            PrivateKey privateKey = keyPair.getPrivate();
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(keyPair.getPublic().getEncoded());
            this.f9756e.encrypt(new ByteArrayInputStream(x509EncodedKeySpec.getEncoded()), a(str, "public"), this.f9757f);
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(privateKey.getEncoded());
            this.f9756e.encrypt(new ByteArrayInputStream(pKCS8EncodedKeySpec.getEncoded()), a(str, "private"), this.f9757f);
        }
    }

    private void a(SecretKey secretKey, String str) throws Exception {
        if (this.f9756e != null) {
            SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getEncoded(), "AES");
            this.f9756e.encrypt(new ByteArrayInputStream(secretKeySpec.getEncoded()), a(str, "private"), this.f9757f);
        }
    }

    private PrivateKey c(String str) throws Exception {
        PrivateKey b10 = b(str);
        if (b10 != null) {
            return b10;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return (PrivateKey) keyStore.getKey(str, null);
        } catch (KeyStoreException | NoSuchAlgorithmException unused) {
            return null;
        }
    }

    private Date c(String str, String str2) {
        File file = new File(this.f9755d.getFilesDir(), str + "." + str2);
        if (file.exists()) {
            return new Date(file.lastModified());
        }
        return null;
    }

    private SecretKey d(String str) {
        if (str != null && this.f9756e != null) {
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                this.f9756e.decrypt(b(str, "private"), byteArrayOutputStream, this.f9757f);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                if (byteArray == null) {
                    return null;
                }
                return new SecretKeySpec(byteArray, "AES");
            } catch (Exception unused) {
            }
        }
        return null;
    }

    protected FileOutputStream a(String str, String str2) throws Exception {
        return this.f9755d.openFileOutput(str + "." + str2, 0);
    }

    public String a() {
        return "EC".equals(this.f9752a) ? "SHA256withECDSA" : "SHA256withRSA";
    }

    protected PublicKey a(String str) {
        if (str != null && this.f9756e != null) {
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                this.f9756e.decrypt(b(str, "public"), byteArrayOutputStream, this.f9757f);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                if (byteArray == null) {
                    return null;
                }
                return KeyFactory.getInstance(this.f9752a).generatePublic(new X509EncodedKeySpec(byteArray));
            } catch (Exception unused) {
            }
        }
        return null;
    }

    protected FileInputStream b(String str, String str2) throws Exception {
        return this.f9755d.openFileInput(str + "." + str2);
    }

    protected PrivateKey b(String str) {
        if (str != null && this.f9756e != null) {
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                this.f9756e.decrypt(b(str, "private"), byteArrayOutputStream, this.f9757f);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                if (byteArray == null) {
                    return null;
                }
                return KeyFactory.getInstance(this.f9752a).generatePrivate(new PKCS8EncodedKeySpec(byteArray));
            } catch (Exception unused) {
            }
        }
        return null;
    }

    @Override // com.daon.sdk.crypto.SecureKeyStore
    public void createKeyPair(String str, Bundle bundle) throws Exception {
        KeyGenParameterSpec.Builder digests;
        KeyGenParameterSpec.Builder keySize;
        KeyGenParameterSpec.Builder signaturePaddings;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder userAuthenticationRequired;
        KeyGenParameterSpec.Builder userAuthenticationValidityDurationSeconds;
        KeyGenParameterSpec build;
        if (hasKey(str)) {
            return;
        }
        boolean z10 = bundle != null ? bundle.getBoolean("key.property.authentication.required", false) : false;
        boolean z11 = bundle != null ? bundle.getBoolean("key.property.biometric.enroll.invalidate", false) : false;
        boolean z12 = bundle != null ? bundle.getBoolean("key.property.use.crypto.object", false) : false;
        Log.d("DAON", "Keystore: Algorithm: " + this.f9752a + ", Auth: " + z10);
        if (this.f9752a.equals("RSA")) {
            Log.d("DAON", "Size: " + this.f9753b);
        } else {
            Log.d("DAON", "Curve: " + this.f9754c);
        }
        if (!com.daon.sdk.crypto.h.b.b()) {
            Log.d("DAON", "Keystore: None");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.f9752a);
            if (this.f9752a.equals("EC")) {
                keyPairGenerator.initialize(new ECGenParameterSpec(this.f9754c));
            } else {
                keyPairGenerator.initialize(this.f9753b);
            }
            a(keyPairGenerator.generateKeyPair(), str);
            return;
        }
        Log.d("DAON", "Keystore: M");
        KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance(this.f9752a, "AndroidKeyStore");
        if (this.f9752a.equals("EC")) {
            userAuthenticationValidityDurationSeconds = i.a(str, 6);
            userAuthenticationValidityDurationSeconds.setAlgorithmParameterSpec(new ECGenParameterSpec(this.f9754c));
            userAuthenticationValidityDurationSeconds.setDigests("SHA-256");
            userAuthenticationValidityDurationSeconds.setUserAuthenticationRequired(z10);
            if (!z12) {
                userAuthenticationValidityDurationSeconds.setUserAuthenticationValidityDurationSeconds(MaterialCardViewHelper.DEFAULT_FADE_ANIM_DURATION);
            }
            if (com.daon.sdk.crypto.h.b.a()) {
                userAuthenticationValidityDurationSeconds.setInvalidatedByBiometricEnrollment(z11);
            }
        } else {
            digests = i.a(str, 6).setDigests("SHA-256");
            keySize = digests.setKeySize(this.f9753b);
            signaturePaddings = keySize.setSignaturePaddings("PKCS1");
            encryptionPaddings = signaturePaddings.setEncryptionPaddings("PKCS1Padding");
            userAuthenticationRequired = encryptionPaddings.setUserAuthenticationRequired(z10);
            userAuthenticationValidityDurationSeconds = userAuthenticationRequired.setUserAuthenticationValidityDurationSeconds(MaterialCardViewHelper.DEFAULT_FADE_ANIM_DURATION);
        }
        if (com.daon.sdk.crypto.h.b.a() && CryptoSdk.getInstance().isKeyAttestationSupported()) {
            Log.d("DAON", "Keystore: N and above and key attestation supported");
            byte[] byteArray = bundle != null ? bundle.getByteArray("key.property.attestation.challenge") : null;
            if (byteArray != null) {
                Log.d("DAON", "Keystore: N with attestation");
                userAuthenticationValidityDurationSeconds.setAttestationChallenge(byteArray);
            }
        }
        build = userAuthenticationValidityDurationSeconds.build();
        keyPairGenerator2.initialize(build);
        keyPairGenerator2.generateKeyPair();
    }

    @Override // com.daon.sdk.crypto.SecureKeyStore
    public void createSecretKey(String str, Bundle bundle) throws Exception {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder userAuthenticationRequired;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec build;
        if (hasKey(str)) {
            return;
        }
        boolean z10 = bundle != null ? bundle.getBoolean("key.property.authentication.required", false) : false;
        if (!com.daon.sdk.crypto.h.b.b()) {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            a(keyGenerator.generateKey(), str);
            return;
        }
        KeyGenerator keyGenerator2 = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        blockModes = i.a(str, 3).setBlockModes("CBC");
        userAuthenticationRequired = blockModes.setUserAuthenticationRequired(z10);
        encryptionPaddings = userAuthenticationRequired.setEncryptionPaddings("PKCS7Padding");
        build = encryptionPaddings.build();
        keyGenerator2.init(build);
        keyGenerator2.generateKey();
    }

    @Override // com.daon.sdk.crypto.SecureKeyStore
    public byte[] decrypt(String str, byte[] bArr) throws Exception {
        PrivateKey c10 = c(str);
        if (c10 == null) {
            return null;
        }
        Cipher cipher = Cipher.getInstance("RSA".equals(this.f9752a) ? "RSA/ECB/PKCS1Padding" : "DES");
        cipher.init(2, c10);
        return cipher.doFinal(bArr);
    }

    @Override // com.daon.sdk.crypto.SecureKeyStore
    public byte[] encrypt(String str, byte[] bArr) throws Exception {
        PublicKey publicKey = getPublicKey(str);
        if (publicKey == null) {
            return null;
        }
        Cipher cipher = Cipher.getInstance("RSA".equals(this.f9752a) ? "RSA/ECB/PKCS1Padding" : "DES");
        cipher.init(1, publicKey);
        return cipher.doFinal(bArr);
    }

    @Override // com.daon.sdk.crypto.SecureKeyStore
    public Date getDate(String str) throws Exception {
        Date c10 = c(str, "private");
        if (c10 != null) {
            return c10;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore.getCreationDate(str);
        } catch (KeyStoreException | NoSuchAlgorithmException unused) {
            return null;
        }
    }

    @Override // com.daon.sdk.crypto.SecureKeyStore
    public String getKeyAttestationData(String str) throws Exception {
        if (com.daon.sdk.crypto.h.b.a()) {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Certificate[] certificateChain = keyStore.getCertificateChain(str);
            if (certificateChain != null) {
                String[] strArr = new String[certificateChain.length];
                int i10 = 0;
                for (Certificate certificate : certificateChain) {
                    if (i10 == 0 && ((X509Certificate) certificate).getExtensionValue("1.3.6.1.4.1.11129.2.1.17") == null) {
                        return null;
                    }
                    strArr[i10] = new String(Base64.encode(certificate.getEncoded(), 0));
                    i10++;
                }
                return new JSONArray(strArr).toString();
            }
        }
        return null;
    }

    @Override // com.daon.sdk.crypto.SecureKeyStore
    public PublicKey getPublicKey(String str) throws Exception {
        PublicKey a10 = a(str);
        if (a10 != null) {
            return a10;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Certificate certificate = keyStore.getCertificate(str);
            if (certificate != null) {
                return certificate.getPublicKey();
            }
        } catch (KeyStoreException | NoSuchAlgorithmException unused) {
        }
        return null;
    }

    @Override // com.daon.sdk.crypto.SecureKeyStore
    public SecretKey getSecretKey(String str) throws Exception {
        SecretKey d10 = d(str);
        if (d10 != null) {
            return d10;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return (SecretKey) keyStore.getKey(str, null);
        } catch (KeyStoreException | NoSuchAlgorithmException unused) {
            return null;
        }
    }

    @Override // com.daon.sdk.crypto.SecureKeyStore
    public Signature getSignature(String str) throws Exception {
        PrivateKey c10 = c(str);
        if (c10 == null) {
            return null;
        }
        Signature signature = Signature.getInstance(a());
        signature.initSign(c10, new SecureRandom());
        return signature;
    }

    @Override // com.daon.sdk.crypto.SecureKeyStore
    public String getType() {
        return this.f9759h;
    }

    @Override // com.daon.sdk.crypto.SecureKeyStore
    public boolean hasKey(String str) throws Exception {
        if (b(str) != null || d(str) != null) {
            return true;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                if (aliases.nextElement().equals(str)) {
                    return keyStore.getKey(str, null) != null;
                }
            }
        } catch (KeyStoreException | NoSuchAlgorithmException unused) {
        }
        return false;
    }

    @Override // com.daon.sdk.crypto.SecureKeyStore
    public boolean isStoredInHardware(String str) throws Exception {
        boolean isInsideSecureHardware;
        if (!com.daon.sdk.crypto.h.b.b()) {
            return false;
        }
        PrivateKey c10 = c(str);
        isInsideSecureHardware = g.a(KeyFactory.getInstance(c10.getAlgorithm(), "AndroidKeyStore").getKeySpec(c10, com.daon.sdk.crypto.f.a())).isInsideSecureHardware();
        return isInsideSecureHardware;
    }

    @Override // com.daon.sdk.crypto.SecureKeyStore
    public boolean removeKey(String str) throws Exception {
        if (this.f9755d.deleteFile(str + ".private")) {
            return this.f9755d.deleteFile(str + ".public");
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry(str);
            return true;
        } catch (KeyStoreException | NoSuchAlgorithmException unused) {
            return false;
        }
    }

    @Override // com.daon.sdk.crypto.SecureKeyStore
    public byte[] sign(String str, byte[] bArr) throws Exception {
        PrivateKey c10 = c(str);
        if (c10 == null) {
            return null;
        }
        Signature signature = Signature.getInstance(a());
        signature.initSign(c10, new SecureRandom());
        signature.update(bArr);
        return signature.sign();
    }

    @Override // com.daon.sdk.crypto.SecureKeyStore
    public boolean verify(String str, byte[] bArr, byte[] bArr2) throws Exception {
        PublicKey publicKey = getPublicKey(str);
        if (publicKey == null) {
            return false;
        }
        Signature signature = Signature.getInstance(a());
        signature.initVerify(publicKey);
        signature.update(bArr);
        return signature.verify(bArr2);
    }
}
