package m.a.a;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.google.firebase.analytics.FirebaseAnalytics;
import java.io.StringWriter;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Date;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import s.l;
import s.n;
import s.n0.j;
import s.s0.c.r;
import s.s0.c.s;
import s.y0.d;
import s.y0.w;
import v.b.f.b.i.p;
import v.b.g.j.b.c;
import v.b.g.j.b.e;
import v.f.a.q;
import v.f.a.t;

/* compiled from: KeyStoreUtils.kt */
/* loaded from: classes.dex */
public final class a {
    public static final a a = new a();
    private static final l b;

    /* renamed from: c, reason: collision with root package name */
    private static final l f3113c;

    /* compiled from: KeyStoreUtils.kt */
    /* renamed from: m.a.a.a$a, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    static final class C0369a extends s implements s.s0.b.a<KeyStore> {
        public static final C0369a a = new C0369a();

        C0369a() {
            super(0);
        }

        @Override // s.s0.b.a
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final KeyStore invoke() {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore;
        }
    }

    /* compiled from: KeyStoreUtils.kt */
    /* loaded from: classes.dex */
    static final class b extends s implements s.s0.b.a<Signature> {
        public static final b a = new b();

        b() {
            super(0);
        }

        @Override // s.s0.b.a
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final Signature invoke() {
            return Signature.getInstance(Build.VERSION.SDK_INT >= 23 ? "SHA256withECDSA" : "SHA256withRSA");
        }
    }

    static {
        l b2;
        l b3;
        b2 = n.b(C0369a.a);
        b = b2;
        b3 = n.b(b.a);
        f3113c = b3;
    }

    private a() {
    }

    private final String[] a(Certificate[] certificateArr) {
        String T0;
        int length = certificateArr.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        int length2 = certificateArr.length;
        String[] strArr = new String[length2];
        for (int i = 0; i < length; i++) {
            Certificate certificate = certificateArr[i];
            x509CertificateArr[i] = certificate instanceof X509Certificate ? (X509Certificate) certificate : null;
        }
        for (int i2 = 0; i2 < length2; i2++) {
            StringWriter stringWriter = new StringWriter();
            e eVar = new e(stringWriter);
            eVar.b(new c("CERTIFICATE", certificateArr[i2].getEncoded()));
            eVar.flush();
            eVar.close();
            String stringWriter2 = stringWriter.toString();
            r.f(stringWriter2, "writer.toString()");
            T0 = w.T0(stringWriter2, 1);
            strArr[i2] = T0;
        }
        return strArr;
    }

    private final KeyPair b(Context context, String str, boolean z, t tVar, boolean z2) {
        t i = i();
        if (tVar == null) {
            tVar = j();
        }
        t tVar2 = tVar;
        r.f(i, "startDate");
        r.f(tVar2, "endDateExpiration");
        v(context, i, tVar2);
        KeyPairGenerator k2 = k();
        try {
            k2.initialize(g(context, str, i, tVar2, z, z2));
            return k2.genKeyPair();
        } catch (Exception unused) {
            return null;
        }
    }

    public static final String[] c(Context context, String str) {
        String[] strArr;
        List u2;
        r.g(context, "context");
        r.g(str, "alias");
        n.j.b.a.a(context);
        KeyPair f = f(a, context, str, null, 4, null);
        if (f == null || f.getPublic() == null) {
            return null;
        }
        Certificate[] certificateChain = a.h().getCertificateChain(str);
        if (certificateChain != null) {
            r.f(certificateChain, "getCertificateChain(alias)");
            u2 = j.u(a.a(certificateChain));
            Object[] array = u2.toArray(new String[0]);
            r.e(array, "null cannot be cast to non-null type kotlin.Array<T of kotlin.collections.ArraysKt__ArraysJVMKt.toTypedArray>");
            strArr = (String[]) array;
        } else {
            strArr = null;
        }
        if (strArr == null) {
            return null;
        }
        return strArr;
    }

    static /* synthetic */ KeyPair d(a aVar, Context context, String str, boolean z, t tVar, boolean z2, int i, Object obj) {
        if ((i & 16) != 0) {
            z2 = false;
        }
        return aVar.b(context, str, z, tVar, z2);
    }

    private final KeyPair e(Context context, String str, t tVar) {
        try {
            return d(this, context, str, false, tVar, false, 16, null);
        } catch (Exception unused) {
            FirebaseAnalytics.getInstance(context).b("ka_kp_gen_with_att_fail", "true");
            try {
                return d(this, context, str, true, tVar, false, 16, null);
            } catch (Exception e) {
                u(context, e);
                return null;
            }
        }
    }

    static /* synthetic */ KeyPair f(a aVar, Context context, String str, t tVar, int i, Object obj) {
        if ((i & 4) != 0) {
            tVar = null;
        }
        return aVar.e(context, str, tVar);
    }

    private final AlgorithmParameterSpec g(Context context, String str, t tVar, t tVar2, boolean z, boolean z2) {
        KeyGenParameterSpec.Builder certificateNotAfter = new KeyGenParameterSpec.Builder(str, 4).setCertificateSubject(new X500Principal("CN=" + str)).setDigests(p.SHA_256).setCertificateNotBefore(t(tVar)).setCertificateNotAfter(t(tVar2));
        r.f(certificateNotAfter, "Builder(alias, KeyProper…otAfter(endDate.toDate())");
        o(z, certificateNotAfter, tVar);
        q(certificateNotAfter, z2);
        p(context, certificateNotAfter);
        KeyGenParameterSpec build = certificateNotAfter.build();
        r.f(build, "builder.build()");
        return build;
    }

    private final KeyStore h() {
        Object value = b.getValue();
        r.f(value, "<get-androidKeyStore>(...)");
        return (KeyStore) value;
    }

    private final t i() {
        return t.E(q.o("UTC"));
    }

    private final t j() {
        return i().L(10L);
    }

    private final KeyPairGenerator k() {
        return KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
    }

    private final Signature l() {
        Object value = f3113c.getValue();
        r.f(value, "<get-signature>(...)");
        return (Signature) value;
    }

    private final boolean m(Context context) {
        return Build.VERSION.SDK_INT >= 28 && context.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore");
    }

    private final boolean n(boolean z) {
        return Build.VERSION.SDK_INT >= 24 && !z;
    }

    private final void o(boolean z, KeyGenParameterSpec.Builder builder, t tVar) {
        if (n(z)) {
            String date = t(tVar).toString();
            r.f(date, "startDate.toDate().toString()");
            byte[] bytes = date.getBytes(d.UTF_8);
            r.f(bytes, "this as java.lang.String).getBytes(charset)");
            builder.setAttestationChallenge(bytes);
        }
    }

    private final void p(Context context, KeyGenParameterSpec.Builder builder) {
        if (m(context)) {
            builder.setIsStrongBoxBacked(true);
        }
    }

    private final void q(KeyGenParameterSpec.Builder builder, boolean z) {
        builder.setUserAuthenticationRequired(z);
        if (z) {
            r(builder, 30);
        }
    }

    @SuppressLint({"WrongConstant"})
    private final void r(KeyGenParameterSpec.Builder builder, int i) {
        if (Build.VERSION.SDK_INT >= 30) {
            builder.setUserAuthenticationParameters(i, 2);
        } else {
            builder.setUserAuthenticationValidityDurationSeconds(i);
        }
    }

    public static final String s(byte[] bArr, String str) {
        String C;
        r.g(bArr, "dataToSign");
        r.g(str, "alias");
        Key key = a.h().getKey(str, null);
        if (!(key instanceof PrivateKey)) {
            return null;
        }
        a.l().initSign((PrivateKey) key);
        a.l().update(bArr);
        String encodeToString = Base64.encodeToString(a.l().sign(), 0);
        r.f(encodeToString, "encodeResult");
        C = s.y0.t.C(encodeToString, "\n", "", false, 4, null);
        return C;
    }

    private final Date t(t tVar) {
        return new Date(tVar.s().z());
    }

    private final void u(Context context, Exception exc) {
        int d;
        FirebaseAnalytics.getInstance(context).b("ka_kp_generation_failed", "true");
        FirebaseAnalytics.getInstance(context).b("ka_kp_gen_exception", exc.getClass().toString());
        String localizedMessage = exc.getLocalizedMessage();
        if (localizedMessage != null) {
            d = s.v0.l.d(localizedMessage.length(), 36);
            String substring = localizedMessage.substring(0, d);
            r.f(substring, "this as java.lang.String…ing(startIndex, endIndex)");
            FirebaseAnalytics.getInstance(context).b("ka_kp_gen_exception_msg", substring);
        }
    }

    private final void v(Context context, t tVar, t tVar2) {
        t G = t.G(v.f.a.e.EPOCH, q.o("UTC"));
        if (tVar.o(G) || tVar2.o(G)) {
            FirebaseAnalytics.getInstance(context).b("ka_kp_gen_incorrect_date", "Device date is wrong");
        }
    }
}
