package defpackage;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.StrongBoxUnavailableException;
import android.util.Base64;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.Calendar;
import javax.security.auth.x500.X500Principal;
import org.npci.upi.security.pinactivitycomponent.R;

/* compiled from: PG */
/* loaded from: classes.dex */
final class jme {
    private static final hyi a = hyi.m("com/google/nbu/paisa/flutter/plugins/securekey/EllipticCurveSecureKey");
    private static final ECGenParameterSpec b = new ECGenParameterSpec("secp256r1");
    private static final X500Principal c = new X500Principal("CN=Gpay3, O=Google");

    public static hvj a(String str, long j, byte[] bArr, int i, boolean z, boolean z2) {
        if (str.length() == 0) {
            throw new IllegalArgumentException("The argument alias cannot be a null or zero length string.");
        }
        if (j <= 0) {
            throw new IllegalArgumentException("The argument ttlSeconds must be greater than zero.");
        }
        if (z2 && bArr.length != 4) {
            throw new IllegalArgumentException("The argument nonce must be a byte array of length 4.");
        }
        if (z && Build.VERSION.SDK_INT < 30) {
            throw new IllegalArgumentException("Authentication requires SDK version 30");
        }
        Certificate[] g = Build.VERSION.SDK_INT < 28 ? g(str, j, bArr, i, z, z2) : h(str, j, bArr, i, z, z2);
        if (g == null) {
            throw new IllegalStateException("Requested key was not supported by the device.");
        }
        hve j2 = hvj.j();
        for (Certificate certificate : g) {
            j2.g(Base64.encodeToString(certificate.getEncoded(), 0));
        }
        ((hyg) ((hyg) a.f()).i("com/google/nbu/paisa/flutter/plugins/securekey/EllipticCurveSecureKey", "generateECKeyPair", R.styleable.AppCompatTheme_textAppearanceSmallPopupMenu, "EllipticCurveSecureKey.java")).p("Returning certificate chain as an immutable list...");
        return j2.f();
    }

    public static boolean b(String str) {
        PrivateKey e;
        if (Build.VERSION.SDK_INT < 30 || (e = e(str)) == null) {
            return false;
        }
        Signature.getInstance("SHA256withECDSA").initSign(e);
        return true;
    }

    public static boolean c(String str, int i) {
        if (Build.VERSION.SDK_INT < 30) {
            return false;
        }
        return f(str, i);
    }

    public static byte[] d(String str, byte[] bArr) {
        PrivateKey e = e(str);
        if (e == null) {
            throw new InvalidKeyException("Error while accessing private key.");
        }
        try {
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initSign(e);
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | SignatureException e2) {
            ((hyg) ((hyg) a.h()).i("com/google/nbu/paisa/flutter/plugins/securekey/EllipticCurveSecureKey", "signNonce", 356, "EllipticCurveSecureKey.java")).p("Fail to update signature with nonce.");
            throw e2;
        }
    }

    private static PrivateKey e(String str) {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        try {
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (entry != null) {
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
                if (privateKeyEntry.getPrivateKey() != null) {
                    return privateKeyEntry.getPrivateKey();
                }
            }
            ((hyg) ((hyg) a.h()).i("com/google/nbu/paisa/flutter/plugins/securekey/EllipticCurveSecureKey", "retrievePrivateKey", 369, "EllipticCurveSecureKey.java")).p("Fail to access the key due to empty key.");
            return null;
        } catch (UnrecoverableEntryException e) {
            ((hyg) ((hyg) ((hyg) a.h()).h(e)).i("com/google/nbu/paisa/flutter/plugins/securekey/EllipticCurveSecureKey", "retrievePrivateKey", (char) 374, "EllipticCurveSecureKey.java")).p("Fail to access the key due to not authed or unrecoverable.");
            return null;
        }
    }

    private static boolean f(String str, int i) {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        try {
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (entry != null) {
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
                if (privateKeyEntry.getPrivateKey() != null) {
                    if (privateKeyEntry.getCertificate() instanceof X509Certificate) {
                        X509Certificate x509Certificate = (X509Certificate) privateKeyEntry.getCertificate();
                        Calendar calendar = Calendar.getInstance();
                        calendar.add(13, i);
                        if (calendar.getTime().after(x509Certificate.getNotAfter())) {
                            return false;
                        }
                    }
                    return true;
                }
            }
            ((hyg) ((hyg) a.h()).i("com/google/nbu/paisa/flutter/plugins/securekey/EllipticCurveSecureKey", "tryCheckKeyValidity", 313, "EllipticCurveSecureKey.java")).p("Fail to check key validilty due to empty key.");
            return false;
        } catch (UnrecoverableEntryException e) {
            ((hyg) ((hyg) ((hyg) a.h()).h(e)).i("com/google/nbu/paisa/flutter/plugins/securekey/EllipticCurveSecureKey", "tryCheckKeyValidity", (char) 327, "EllipticCurveSecureKey.java")).p("Unrecoverable key when checking validity.");
            return false;
        }
    }

    private static Certificate[] g(String str, long j, byte[] bArr, int i, boolean z, boolean z2) {
        ((hyg) ((hyg) a.f()).i("com/google/nbu/paisa/flutter/plugins/securekey/EllipticCurveSecureKey", "generateHardwareAttestedECKeyPair", 136, "EllipticCurveSecureKey.java")).v("Generating Hardware backed attested keypair with alias: %s, ttl: %d", str, j);
        SecureRandom secureRandom = new SecureRandom();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(13, (int) j);
        KeyGenParameterSpec.Builder builder = z2 ? new KeyGenParameterSpec.Builder(str, 4) : new KeyGenParameterSpec.Builder(str, 12);
        builder.setAlgorithmParameterSpec(b).setAttestationChallenge(bArr).setKeySize(256).setKeyValidityStart(calendar.getTime()).setKeyValidityEnd(calendar2.getTime()).setCertificateSubject(c).setCertificateSerialNumber(BigInteger.ONE).setDigests("SHA-256");
        if (z) {
            builder.setUserAuthenticationParameters(i, 3).setUserAuthenticationRequired(true);
        }
        try {
            keyPairGenerator.initialize(builder.build(), secureRandom);
            keyPairGenerator.generateKeyPair();
            return keyStore.getCertificateChain(str);
        } catch (InvalidAlgorithmParameterException e) {
            ((hyg) ((hyg) ((hyg) a.g()).h(e)).i("com/google/nbu/paisa/flutter/plugins/securekey/EllipticCurveSecureKey", "generateHardwareAttestedECKeyPair", (char) 182, "EllipticCurveSecureKey.java")).p("Algorithm parameters were not supported by device.");
            return null;
        }
    }

    private static Certificate[] h(String str, long j, byte[] bArr, int i, boolean z, boolean z2) {
        hyi hyiVar = a;
        ((hyg) ((hyg) hyiVar.f()).i("com/google/nbu/paisa/flutter/plugins/securekey/EllipticCurveSecureKey", "generateStrongboxAttestedECKeyPair", 210, "EllipticCurveSecureKey.java")).v("Generating Strongbox backed attested keypair with alias: %s, ttl: %d", str, j);
        SecureRandom secureRandom = new SecureRandom();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(13, (int) j);
        KeyGenParameterSpec.Builder builder = z2 ? new KeyGenParameterSpec.Builder(str, 4) : new KeyGenParameterSpec.Builder(str, 12);
        builder.setAlgorithmParameterSpec(b).setAttestationChallenge(bArr).setKeySize(256).setKeyValidityStart(calendar.getTime()).setKeyValidityEnd(calendar2.getTime()).setCertificateSubject(c).setCertificateSerialNumber(BigInteger.ONE).setDigests("SHA-256");
        if (z) {
            builder.setUserAuthenticationParameters(i, 3).setUserAuthenticationRequired(true);
        }
        try {
            ((hyg) ((hyg) hyiVar.f()).i("com/google/nbu/paisa/flutter/plugins/securekey/EllipticCurveSecureKey", "generateStrongboxAttestedECKeyPair", 252, "EllipticCurveSecureKey.java")).p("Attempting to generate a Strongbox keypair...");
            keyPairGenerator.initialize(builder.setIsStrongBoxBacked(true).build(), secureRandom);
            keyPairGenerator.generateKeyPair();
        } catch (StrongBoxUnavailableException e) {
            ((hyg) ((hyg) a.f()).i("com/google/nbu/paisa/flutter/plugins/securekey/EllipticCurveSecureKey", "generateStrongboxAttestedECKeyPair", 258, "EllipticCurveSecureKey.java")).p("Strongbox unavailable! Generating keypair without strongbox...");
            keyPairGenerator.initialize(builder.setIsStrongBoxBacked(false).build(), secureRandom);
            keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException e2) {
            ((hyg) ((hyg) ((hyg) a.g()).h(e2)).i("com/google/nbu/paisa/flutter/plugins/securekey/EllipticCurveSecureKey", "generateStrongboxAttestedECKeyPair", (char) 264, "EllipticCurveSecureKey.java")).p("Algorithm parameters were not supported by device.");
            return null;
        }
        return keyStore.getCertificateChain(str);
    }
}
