package com.iproov.sdk.crypto;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Build;
import android.security.KeyChain;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.RequiresApi;
import androidx.browser.trusted.b;
import com.iproov.sdk.logging.IPLog;
import com.iproov.sdk.p032this.Cdo;
import e.c;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import x7.d;

/* compiled from: KeyStoreManager.java */
/* renamed from: com.iproov.sdk.crypto.if, reason: invalid class name */
/* loaded from: classes3.dex */
public final class Cif {

    /* renamed from: new, reason: not valid java name */
    private static final String f497new = "🗝 if";

    /* renamed from: try, reason: not valid java name */
    private static Cif f498try;

    /* renamed from: do, reason: not valid java name */
    private final Context f499do;

    /* renamed from: for, reason: not valid java name */
    private final KeyPair f500for;

    /* renamed from: if, reason: not valid java name */
    private final KeyStore f501if;

    private Cif(Context context) {
        this.f499do = context.getApplicationContext();
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            this.f501if = keyStore;
            keyStore.load(null);
            com.iproov.sdk.p020interface.Cif cif = new com.iproov.sdk.p020interface.Cif(context);
            if (m4972goto() && cif.m5502break() && m4973new()) {
                cif.m5507const();
            }
            KeyPair m4969try = m4969try();
            this.f500for = m4969try;
            if (m4969try.getPublic() == null) {
                throw new IllegalStateException("Public Key cannot be null");
            }
            if (m4969try.getPrivate() == null) {
                throw new IllegalStateException("Private Key cannot be null");
            }
        } catch (Exception e10) {
            e10.printStackTrace();
            throw new Cdo(e10);
        }
    }

    @SuppressLint({"WrongConstant"})
    /* renamed from: break, reason: not valid java name */
    private boolean m4958break() {
        return KeyChain.isBoundKeyAlgorithm("EC");
    }

    @RequiresApi(api = 23)
    /* renamed from: catch, reason: not valid java name */
    private boolean m4959catch() {
        boolean isInsideSecureHardware;
        PrivateKey privateKey = this.f500for.getPrivate();
        try {
            isInsideSecureHardware = b.a(KeyFactory.getInstance(privateKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(privateKey, c.a())).isInsideSecureHardware();
            return isInsideSecureHardware;
        } catch (Exception e10) {
            IPLog.w(f497new, "Error retrieving key info");
            e10.printStackTrace();
            return false;
        }
    }

    /* renamed from: class, reason: not valid java name */
    private static void m4960class() {
        Provider[] providers = Security.getProviders();
        StringBuilder sb2 = new StringBuilder("Services available for SHA256withECDSA algorithm: [");
        for (Provider provider : providers) {
            Provider.Service service = provider.getService("Signature", "SHA256withECDSA");
            if (service != null) {
                sb2.append(service.toString());
            }
        }
        sb2.append("]");
        IPLog.w(f497new, sb2.toString());
    }

    /* renamed from: do, reason: not valid java name */
    public static synchronized Cdo m4961do(@Nullable Cif cif) {
        synchronized (Cif.class) {
            if (cif == null) {
                return Cdo.UNSUPPORTED;
            }
            return cif.m4974this() ? Cdo.HARDWARE : Cdo.SOFTWARE;
        }
    }

    /* renamed from: do, reason: not valid java name */
    public static synchronized Cif m4962do(Context context) {
        Cif cif;
        synchronized (Cif.class) {
            try {
                if (f498try == null) {
                    f498try = new Cif(context);
                }
                cif = f498try;
            } catch (Throwable th2) {
                throw th2;
            }
        }
        return cif;
    }

    @NonNull
    /* renamed from: do, reason: not valid java name */
    private KeyPair m4963do(KeyStore keyStore) {
        try {
            KeyStore.Entry entry = keyStore.getEntry("com.iproov.sdk", null);
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new IllegalStateException("Unsupported Key type");
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
        } catch (NullPointerException e10) {
            throw new Cdo(e10);
        }
    }

    @SuppressLint({"WrongConstant"})
    /* renamed from: do, reason: not valid java name */
    private AlgorithmParameterSpec m4964do() {
        return new KeyPairGeneratorSpec.Builder(this.f499do).setAlias("com.iproov.sdk").setSubject(new X500Principal("CN=com.iproov.sdk")).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setSerialNumber(new BigInteger(25, new SecureRandom())).setStartDate(new Date(0L)).setEndDate(new Date(2461449600000L)).setKeyType("EC").build();
    }

    /* renamed from: else, reason: not valid java name */
    private Signature m4965else() {
        try {
            return Signature.getInstance("SHA256withECDSA", Build.VERSION.SDK_INT >= 23 ? "AndroidKeyStoreBCWorkaround" : "AndroidOpenSSL");
        } catch (NoSuchProviderException e10) {
            e10.printStackTrace();
            m4960class();
            return Signature.getInstance("SHA256withECDSA");
        }
    }

    /* renamed from: for, reason: not valid java name */
    private KeyPair m4966for() {
        int i = Build.VERSION.SDK_INT;
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(i > 23 ? "EC" : "RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(i > 23 ? m4968if() : m4964do());
        return keyPairGenerator.generateKeyPair();
    }

    @NonNull
    /* renamed from: if, reason: not valid java name */
    private KeyPair m4967if(KeyStore keyStore) {
        Key key = keyStore.getKey("com.iproov.sdk", null);
        Certificate certificate = keyStore.getCertificate("com.iproov.sdk");
        if (!(key instanceof PrivateKey)) {
            throw new IllegalStateException("Unsupported Key type");
        }
        return new KeyPair(certificate.getPublicKey(), (PrivateKey) key);
    }

    @RequiresApi(api = 23)
    /* renamed from: if, reason: not valid java name */
    private AlgorithmParameterSpec m4968if() {
        KeyGenParameterSpec.Builder algorithmParameterSpec;
        KeyGenParameterSpec.Builder digests;
        KeyGenParameterSpec build;
        algorithmParameterSpec = d.a().setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1"));
        digests = algorithmParameterSpec.setDigests("SHA-256");
        if (Build.VERSION.SDK_INT >= 28 && this.f499do.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore")) {
            digests.setIsStrongBoxBacked(false);
        }
        build = digests.build();
        return build;
    }

    @NonNull
    /* renamed from: try, reason: not valid java name */
    private KeyPair m4969try() {
        return this.f501if.containsAlias("com.iproov.sdk") ? Build.VERSION.SDK_INT >= 28 ? m4967if(this.f501if) : m4963do(this.f501if) : m4966for();
    }

    @NonNull
    /* renamed from: case, reason: not valid java name */
    public PublicKey m4970case() {
        return new PublicKey(this.f500for.getPublic());
    }

    @NonNull
    /* renamed from: do, reason: not valid java name */
    public synchronized byte[] m4971do(@NonNull byte[] bArr) {
        Signature m4965else;
        try {
            m4965else = m4965else();
            m4965else.initSign(this.f500for.getPrivate());
            m4965else.update(bArr);
        } catch (Exception e10) {
            e10.printStackTrace();
            throw new Cdo(e10);
        }
        return m4965else.sign();
    }

    /* renamed from: goto, reason: not valid java name */
    public boolean m4972goto() {
        return Build.VERSION.SDK_INT >= 28 && this.f499do.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore");
    }

    /* renamed from: new, reason: not valid java name */
    public boolean m4973new() {
        try {
            this.f501if.deleteEntry("com.iproov.sdk");
            return true;
        } catch (KeyStoreException e10) {
            IPLog.e(f497new, e10.getLocalizedMessage());
            e10.printStackTrace();
            return false;
        }
    }

    /* renamed from: this, reason: not valid java name */
    public boolean m4974this() {
        synchronized (this) {
            try {
                if (Build.VERSION.SDK_INT < 23) {
                    return m4958break();
                }
                return m4959catch();
            } catch (Throwable th2) {
                throw th2;
            }
        }
    }
}
