package b.l.a.b.a.c.c;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Base64;
import b.l.a.a.b.c.c;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.util.ArrayList;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.security.auth.x500.X500Principal;

@TargetApi(23)
/* loaded from: classes2.dex */
public class a extends b.l.a.b.a.c.b.a {
    public static final String f = b.l.a.b.a.e.a.f(a.class);

    public a(Context context) {
        super(context);
    }

    @Override // b.l.a.b.a.c.a
    public KeyPair I(KeyPairGenerator keyPairGenerator, String str) {
        try {
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            R(generateKeyPair);
            return generateKeyPair;
        } catch (Exception e) {
            StringBuilder t0 = b.d.a.a.a.t0("Could not generate keys; ");
            t0.append(N());
            throw new RuntimeException(t0.toString(), e);
        }
    }

    @Override // b.l.a.b.a.c.a
    public void J(String str) {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setKeySize(256).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").build());
        keyGenerator.generateKey();
    }

    @Override // b.l.a.b.a.c.a
    public SecretKey K() {
        String string = B().getString(".master_key.alias", null);
        if (string == null) {
            throw new c("No stored master key alias");
        }
        KeyStore.Entry entry = P().getEntry(string, null);
        if (entry == null) {
            H();
            throw new c("Stored master key alias is not present in key store");
        }
        if (entry instanceof KeyStore.SecretKeyEntry) {
            return ((KeyStore.SecretKeyEntry) entry).getSecretKey();
        }
        if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
            throw new c("Unexpected entry type");
        }
        b.l.a.b.a.e.a.b(f, "Master key is using private key");
        return super.K();
    }

    public final KeyPairGenerator Q(String str, String str2, boolean z) {
        int i;
        int i2;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str2, "AndroidKeyStore");
            ArrayList arrayList = new ArrayList(1);
            if (str2.equals("RSA")) {
                i = 15;
                i2 = 2048;
                arrayList.add("SHA-1");
                arrayList.add("SHA-256");
            } else {
                if (!str2.equals("EC")) {
                    throw new RuntimeException("Unsupported key algorithm: " + str2);
                }
                i = 4;
                i2 = 256;
                arrayList.add("SHA-256");
            }
            KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(str, i);
            builder.setDigests((String[]) arrayList.toArray(new String[0])).setKeySize(i2).setUserAuthenticationRequired(z).setInvalidatedByBiometricEnrollment(z);
            if (str2.equals("RSA")) {
                builder.setBlockModes("ECB", "CBC").setEncryptionPaddings("PKCS1Padding", "OAEPPadding").setSignaturePaddings("PKCS1").setCertificateSerialNumber(BigInteger.valueOf(1L)).setCertificateSubject(new X500Principal("CN=TransmitSecurity"));
            }
            keyPairGenerator.initialize(builder.build());
            return keyPairGenerator;
        } catch (Exception e) {
            StringBuilder t0 = b.d.a.a.a.t0("Could not initialize keys generator; ");
            t0.append(N());
            throw new RuntimeException(t0.toString(), e);
        }
    }

    public final void R(KeyPair keyPair) {
        boolean isInsideSecureHardware;
        try {
            PrivateKey privateKey = keyPair.getPrivate();
            KeyInfo keyInfo = (KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(privateKey, KeyInfo.class);
            if (!"EC".equals(privateKey.getAlgorithm()) || (keyInfo.getPurposes() & 4) == 0) {
                return;
            }
            if (Build.VERSION.SDK_INT >= 31) {
                int securityLevel = keyInfo.getSecurityLevel();
                isInsideSecureHardware = true;
                if (securityLevel != 2 && securityLevel != 1 && securityLevel != -1) {
                    isInsideSecureHardware = false;
                }
            } else {
                isInsideSecureHardware = keyInfo.isInsideSecureHardware();
            }
            A().putBoolean("hw_sec_chk_k_pref", isInsideSecureHardware).apply();
            if (P().containsAlias("hw_sec_chk_k_alias")) {
                try {
                    P().deleteEntry("hw_sec_chk_k_alias");
                } catch (IOException | GeneralSecurityException e) {
                    throw new RuntimeException("Failed clearing key", e);
                }
            }
        } catch (Exception e2) {
            b.l.a.b.a.e.a.e(f, "Failed to store HW security", e2);
        }
    }

    @Override // b.l.a.b.a.c.a, b.l.a.a.b.c.b
    public boolean g(String str) {
        try {
            f(str).sign();
            return false;
        } catch (Exception e) {
            return (e.getCause() instanceof InvalidKeyException) || (e.getCause() instanceof KeyPermanentlyInvalidatedException);
        }
    }

    @Override // b.l.a.a.b.c.b
    public Cipher i(String str) {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
            cipher.init(2, L(str));
            return cipher;
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException("Failed loading cipher for decryption", e);
        }
    }

    @Override // b.l.a.a.b.c.b
    public Boolean j() {
        if (B().contains("hw_sec_chk_k_pref")) {
            return Boolean.valueOf(B().getBoolean("hw_sec_chk_k_pref", false));
        }
        try {
            if (!P().containsAlias("hw_sec_chk_k_alias")) {
                return null;
            }
            PrivateKey L = L("hw_sec_chk_k_alias");
            try {
                return Boolean.valueOf(((KeyInfo) KeyFactory.getInstance(L.getAlgorithm(), "AndroidKeyStore").getKeySpec(L, KeyInfo.class)).isInsideSecureHardware());
            } catch (Exception e) {
                b.l.a.b.a.e.a.e(f, "Failed to query HW security", e);
                return null;
            }
        } catch (Exception e2) {
            b.l.a.b.a.e.a.e(f, "failed to get device private key", e2);
            return null;
        }
    }

    @Override // b.l.a.a.b.c.b
    public String x(Cipher cipher, byte[] bArr) {
        try {
            return Base64.encodeToString(cipher.doFinal(bArr), 2);
        } catch (Exception e) {
            throw new RuntimeException("Could not decrypt.", e);
        }
    }
}
