package at.bluecode.sdk.token;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.GregorianCalendar;
import javax.security.auth.x500.X500Principal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public final class p0 {

    /* renamed from: a, reason: collision with root package name */
    private final String f2514a;

    /* renamed from: b, reason: collision with root package name */
    private boolean f2515b;

    /* JADX INFO: Access modifiers changed from: protected */
    public p0(Context context, String str, boolean z) throws q0 {
        this.f2514a = str;
        a(str, false, z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(InputStream inputStream, InputStream inputStream2) throws q0 {
        Certificate certificate;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            try {
                Certificate generateCertificate = certificateFactory.generateCertificate(inputStream);
                BCLog.d("BCTokenSecureKeyStore", "Token SDK: at.bluecode.sdk.token.BC_TOKEN_CA=" + ((X509Certificate) generateCertificate).getSubjectDN());
                if (inputStream2 != null) {
                    certificate = certificateFactory.generateCertificate(inputStream2);
                    BCLog.d("BCTokenSecureKeyStore", "Token SDK: at.bluecode.sdk.token.BC_TOKEN_CA-Old=" + ((X509Certificate) certificate).getSubjectDN());
                } else {
                    certificate = null;
                }
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                keyStore.setCertificateEntry("at.bluecode.sdk.token.BC_TOKEN_CA", generateCertificate);
                if (certificate != null) {
                    keyStore.setCertificateEntry("at.bluecode.sdk.token.BC_TOKEN_CA-Old", certificate);
                }
                BCLog.d("BCTokenSecureKeyStore", "Token SDK: Refreshed server certificates.");
            } finally {
                inputStream.close();
                if (inputStream2 != null) {
                    inputStream2.close();
                }
            }
        } catch (Exception e) {
            throw new q0("Token SDK: Failed to set server certificate.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(String str) throws q0 {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)));
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.setCertificateEntry("at.bluecode.sdk.token.BC_TOKEN_X-SIGNED", x509Certificate);
            BCLog.d("BCTokenSecureKeyStore", "Token SDK: Set new client certificate.");
        } catch (Exception e) {
            throw new q0("Token SDK: Failed to set client certificate.", e);
        }
    }

    private void a(String str, boolean z, boolean z2) throws q0 {
        if (!z) {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                if (keyStore.containsAlias(str)) {
                    return;
                }
            } catch (Exception unused) {
            }
        }
        try {
            KeyStore keyStore2 = KeyStore.getInstance("AndroidKeyStore");
            keyStore2.load(null);
            keyStore2.deleteEntry(str);
            a(z2);
            try {
                KeyStore keyStore3 = KeyStore.getInstance("AndroidKeyStore");
                keyStore3.load(null);
                if (keyStore3.containsAlias(str)) {
                    this.f2515b = z2;
                    BCLog.d("BCTokenSecureKeyStore", "Token SDK: Generated new key pair.");
                    return;
                }
            } catch (Exception unused2) {
            }
            throw new q0("Token SDK: Failed to generate new key pair.");
        } catch (Exception e) {
            throw new q0("Token SDK: Failed to initialize key store.", e);
        }
    }

    private void a(boolean z) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, SignatureException {
        KeyGenParameterSpec.Builder builder;
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.add(1, 30);
        BigInteger valueOf = BigInteger.valueOf(Math.abs(this.f2514a.hashCode()));
        X500Principal x500Principal = new X500Principal("CN=" + this.f2514a);
        if (z) {
            keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            builder = new KeyGenParameterSpec.Builder(this.f2514a, 12);
            builder.setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setDigests("NONE", "SHA-256", "SHA-512").setKeySize(256);
        } else {
            builder = new KeyGenParameterSpec.Builder(this.f2514a, 15);
            builder.setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4)).setBlockModes("ECB").setEncryptionPaddings("PKCS1Padding", "OAEPPadding").setSignaturePaddings("PKCS1").setDigests("SHA-1", "SHA-256", "SHA-512", "NONE").setKeySize(2048);
        }
        builder.setCertificateSubject(x500Principal).setCertificateSerialNumber(valueOf).setCertificateNotBefore(gregorianCalendar.getTime()).setCertificateNotAfter(gregorianCalendar2.getTime());
        keyPairGenerator.initialize(builder.build());
        keyPairGenerator.generateKeyPair();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final PrivateKey a() throws q0 {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return (PrivateKey) keyStore.getKey(this.f2514a, null);
        } catch (Exception e) {
            throw new q0("Token SDK: Failed to get private key.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final PublicKey b() throws q0 {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Certificate certificate = keyStore.getCertificate(this.f2514a);
            if (certificate != null) {
                return certificate.getPublicKey();
            }
            a(this.f2514a, true, this.f2515b);
            return keyStore.getCertificate(this.f2514a).getPublicKey();
        } catch (Exception e) {
            throw new q0("Token SDK: Failed to get public key.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean c() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return ((X509Certificate) keyStore.getCertificate(this.f2514a)).getSigAlgName().contains("EC");
        } catch (Exception unused) {
            return this.f2515b;
        }
    }
}
