package kotlin;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.io.ByteArrayInputStream;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.stream.Collectors;

/* loaded from: classes.dex */
public final class pv2 {
    public final KeyStore a;

    public pv2() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        this.a = keyStore;
    }

    public static String a(byte[] bArr) {
        return Base64.encodeToString(bArr, 2);
    }

    public static byte[] d(String str, String str2) {
        byte[] bytes = str.getBytes();
        byte[] bytes2 = str2.getBytes();
        byte[] bArr = new byte[bytes.length];
        for (int i = 0; i < bytes.length; i++) {
            bArr[i] = (byte) (bytes[i] ^ bytes2[i % bytes2.length]);
        }
        return bArr;
    }

    public static pv2 i() {
        return new pv2();
    }

    public static X509Certificate j(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)));
        } catch (Exception e) {
            throw new qv2(e);
        }
    }

    public static String k(PublicKey publicKey) {
        return "sha256/" + Base64.encodeToString(tv2.f(publicKey.getEncoded()), 2);
    }

    public static PublicKey m(String str) {
        try {
            return j(str).getPublicKey();
        } catch (Exception e) {
            throw new qv2(e);
        }
    }

    public static byte[] p(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    public synchronized void b() {
        try {
            c(this.a.aliases());
        } catch (KeyStoreException e) {
            throw new qv2(e);
        }
    }

    public final synchronized void c(Enumeration<String> enumeration) {
        if (enumeration == null) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        while (enumeration.hasMoreElements()) {
            String nextElement = enumeration.nextElement();
            try {
                this.a.deleteEntry(nextElement);
            } catch (KeyStoreException e) {
                nu4.l("CryptoApi/clearStore", "Unable to delete entry: " + nextElement + ", error: " + e.getMessage());
                arrayList.add(e.getMessage());
            }
        }
        if (arrayList.isEmpty()) {
            return;
        }
        throw new qv2("clearStore failed:" + ((String) arrayList.stream().collect(Collectors.joining(", "))));
    }

    public KeyPair e(String str, byte[] bArr, int i, boolean z) {
        nu4.o("CryptoApi/generateKeyPair", "Generating key pair");
        this.a.deleteEntry(str);
        tj4 tj4Var = new tj4(tj4.X().U(1));
        nu4.o("CryptoApi/generateKeyPair", "Start Time is: " + tj4Var.toString());
        int i2 = i + 1;
        tj4 tj4Var2 = new tj4(tj4Var.Z(i2));
        nu4.o("CryptoApi/generateKeyPair", "End Time is: " + tj4Var2.toString());
        tj4 tj4Var3 = new tj4(tj4Var.Z(i2));
        tj4 tj4Var4 = new tj4(tj4Var.Z(i2));
        KeyGenParameterSpec.Builder c = ft2.c(new KeyGenParameterSpec.Builder(str, 15).setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4)).setDigests("SHA-256").setSignaturePaddings("PKCS1").setEncryptionPaddings("PKCS1Padding").setAttestationChallenge(bArr));
        if (z) {
            c = ft2.d(c);
        }
        c.setKeyValidityStart(tj4Var.j()).setKeyValidityForOriginationEnd(tj4Var3.j()).setKeyValidityForConsumptionEnd(tj4Var4.j()).setKeyValidityEnd(tj4Var2.j()).setCertificateNotBefore(tj4Var.j()).setCertificateNotAfter(tj4Var2.j());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(c.build());
        return keyPairGenerator.generateKeyPair();
    }

    public boolean f(byte[] bArr) {
        try {
            e("^P2:jh_Q#X{V8g.e", bArr, 7, true);
            nu4.o("CryptoApi/generateRegKeyPair", "reg keypair was successfully generated");
            return true;
        } catch (InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException e) {
            nu4.g("CryptoApi/generateRegKeyPair", e);
            return false;
        }
    }

    public boolean g(byte[] bArr, Boolean bool) {
        try {
            e("^P2:jh_Q#X{V8g.e", bArr, 7, bool.booleanValue());
            nu4.o("CryptoApi/generateRegKeyPair", "reg keypair was successfully generated");
            return true;
        } catch (InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException e) {
            nu4.g("CryptoApi/generateRegKeyPair", e);
            return false;
        }
    }

    public boolean h(byte[] bArr, boolean z) {
        try {
            e("C%;Y~b*jmB\"XT4>.@:LfLS", bArr, 4015, z);
            nu4.o("CryptoApi/generateWrkKeyPair", "wrk keypair was successfully generated");
            return true;
        } catch (InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException e) {
            nu4.g("CryptoApi/generateWrkKeyPair", e);
            return false;
        }
    }

    public synchronized Certificate[] l(String str) {
        Certificate[] certificateArr;
        try {
            certificateArr = this.a.getCertificateChain(str);
        } catch (KeyStoreException e) {
            nu4.l("CryptoApi/getWrkKeyCertificateChain", "cannot get certificate chain for given keyAlias: " + str + ", error: " + e.getMessage());
            certificateArr = null;
        }
        return certificateArr;
    }

    public byte[] n(String str, String str2) {
        return o(str.getBytes(StandardCharsets.UTF_8), str2);
    }

    public final synchronized byte[] o(byte[] bArr, String str) {
        Signature signature;
        try {
            if (!this.a.containsAlias(str)) {
                throw new Exception("Key alias doesn't exist");
            }
            KeyStore.Entry entry = this.a.getEntry(str, null);
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new Exception("Not an instance of a PrivateKeyEntry");
            }
            signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
            signature.update(bArr);
        } catch (Exception e) {
            nu4.g("CryptoApi/getRSAsignature", e);
            throw new qv2(e);
        }
        return signature.sign();
    }

    public boolean q(Certificate[] certificateArr) {
        for (Certificate certificate : certificateArr) {
            nu4.l("CryptoApi/generateKeyPair", Base64.encodeToString(certificate.getEncoded(), 2));
        }
        for (int i = 1; i < certificateArr.length; i++) {
            PublicKey publicKey = certificateArr[i].getPublicKey();
            int i2 = i - 1;
            try {
                certificateArr[i2].verify(publicKey);
                if (i == certificateArr.length - 1) {
                    try {
                        certificateArr[i].verify(publicKey);
                    } catch (CertificateException e) {
                        throw new GeneralSecurityException("Root cert " + certificateArr[i] + " is not correctly self-signed", e);
                    }
                }
            } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e2) {
                throw new GeneralSecurityException("FAILED to verify certificate " + certificateArr[i2] + " with public key " + certificateArr[i].getPublicKey(), e2);
            }
        }
        return true;
    }

    public boolean r(String str, byte[] bArr, PublicKey publicKey) {
        return s(str.getBytes(StandardCharsets.UTF_8), bArr, publicKey);
    }

    public final boolean s(byte[] bArr, byte[] bArr2, PublicKey publicKey) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(publicKey);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (Exception e) {
            nu4.g("CryptoApi/verifyRSAsignature", e);
            throw new qv2(e);
        }
    }
}
