package com.heineken.utils;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.heineken.data.net.util.Constants;
import com.heineken.di.PerActivity;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.GregorianCalendar;
import javax.inject.Inject;
import javax.security.auth.x500.X500Principal;

@PerActivity
/* loaded from: classes3.dex */
public class EtradeKeystore {
    private Context context;
    private LogUtil log;

    @Inject
    public EtradeKeystore(Context context, LogUtil logUtil) {
        this.context = context;
        this.log = logUtil;
    }

    public void createKeys() throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.add(1, 1);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(Constants.TYPE_RSA, Constants.KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
        keyPairGenerator.initialize(Build.VERSION.SDK_INT < 23 ? new KeyPairGeneratorSpec.Builder(this.context).setAlias(Constants.SECURITY_ALIAS_PIN).setSubject(new X500Principal("CN=MY_PIN_ALIAS")).setSerialNumber(BigInteger.valueOf(1337L)).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build() : new KeyGenParameterSpec.Builder(Constants.SECURITY_ALIAS_PIN, 4).setCertificateSubject(new X500Principal("CN=MY_PIN_ALIAS")).setDigests("SHA-256").setSignaturePaddings("PKCS1").setCertificateSerialNumber(BigInteger.valueOf(1337L)).setCertificateNotBefore(gregorianCalendar.getTime()).setCertificateNotAfter(gregorianCalendar2.getTime()).build());
        keyPairGenerator.generateKeyPair();
    }

    public String signData(String str) throws KeyStoreException, UnrecoverableEntryException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException, CertificateException {
        byte[] bytes = str.getBytes();
        KeyStore keyStore = KeyStore.getInstance(Constants.KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
        keyStore.load(null);
        KeyStore.Entry entry = keyStore.getEntry(Constants.SECURITY_ALIAS_PIN, null);
        if (entry == null) {
            this.log.logDebug("No key found under alias: MY_PIN_ALIAS");
            return null;
        }
        if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
            this.log.logDebug("Not an instance of a PrivateKeyEntry");
            return null;
        }
        Signature signature = Signature.getInstance(Constants.SIGNATURE_SHA256withRSA);
        signature.initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
        signature.update(bytes);
        return Base64.encodeToString(signature.sign(), 0);
    }

    public boolean verifyData(String str, String str2) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, UnrecoverableEntryException, InvalidKeyException, SignatureException {
        byte[] bytes = str.getBytes();
        if (str2 == null) {
            return false;
        }
        try {
            byte[] decode = Base64.decode(str2, 0);
            KeyStore keyStore = KeyStore.getInstance(Constants.KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(Constants.SECURITY_ALIAS_PIN, null);
            if (entry == null) {
                this.log.logDebug("No key found under alias: MY_PIN_ALIAS");
                return false;
            }
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                this.log.logDebug("Not an instance of a PrivateKeyEntry");
                return false;
            }
            Signature signature = Signature.getInstance(Constants.SIGNATURE_SHA256withRSA);
            signature.initVerify(((KeyStore.PrivateKeyEntry) entry).getCertificate());
            signature.update(bytes);
            return signature.verify(decode);
        } catch (IllegalArgumentException unused) {
            return false;
        }
    }
}
