package defpackage;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Base64;
import com.miteksystems.misnap.params.BarcodeApi;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.util.ArrayList;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes4.dex */
public class hcl extends fcl {
    public static final String g = uog.f(hcl.class);

    public hcl(Context context) {
        super(context);
    }

    @Override // defpackage.pe5
    public KeyPair N(KeyPairGenerator keyPairGenerator, String str) {
        try {
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            e0(generateKeyPair);
            return generateKeyPair;
        } catch (Exception e) {
            throw new RuntimeException("Could not generate keys; " + Y(), e);
        }
    }

    @Override // defpackage.pe5
    public KeyPair O(KeyPairGenerator keyPairGenerator, String str) {
        return N(keyPairGenerator, str);
    }

    @Override // defpackage.pe5
    public void P(String str) {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setKeySize(BarcodeApi.BARCODE_CODE_25).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").build());
        keyGenerator.generateKey();
    }

    @Override // defpackage.pe5
    public SecretKey S() {
        String H = H(".master_key.alias");
        if (H == null) {
            throw new awh("No stored master key alias");
        }
        if (Build.VERSION.SDK_INT == 28) {
            Key key = b0().getKey(H, null);
            if (key == null) {
                L();
                throw new awh("Stored master key alias is not present in key store");
            }
            if (key instanceof SecretKey) {
                return (SecretKey) key;
            }
            if (!(key instanceof PrivateKey)) {
                throw new awh("Unexpected entry type");
            }
            uog.b(g, "Master key is using private key");
            return super.S();
        }
        KeyStore.Entry entry = b0().getEntry(H, null);
        if (entry == null) {
            L();
            throw new awh("Stored master key alias is not present in key store");
        }
        if (entry instanceof KeyStore.SecretKeyEntry) {
            return ((KeyStore.SecretKeyEntry) entry).getSecretKey();
        }
        if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
            throw new awh("Unexpected entry type");
        }
        uog.b(g, "Master key is using private key");
        return super.S();
    }

    @Override // defpackage.pe5
    public KeyPairGenerator V(String str, boolean z) {
        return c0(str, "EC", z);
    }

    @Override // defpackage.pe5
    public KeyPairGenerator W(String str, boolean z) {
        return d0(str, z);
    }

    @Override // defpackage.aia
    public Cipher b(String str) {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
            cipher.init(2, T(str));
            return cipher;
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException("Failed loading cipher for decryption", e);
        }
    }

    public final KeyPairGenerator c0(String str, String str2, boolean z) {
        int i;
        int i2;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str2, "AndroidKeyStore");
            ArrayList arrayList = new ArrayList(1);
            if (str2.equals("RSA")) {
                arrayList.add("SHA-1");
                arrayList.add("SHA-256");
                i = 15;
                i2 = 2048;
            } else {
                if (!str2.equals("EC")) {
                    throw new RuntimeException("Unsupported key algorithm: " + str2);
                }
                arrayList.add("SHA-256");
                i = 4;
                i2 = BarcodeApi.BARCODE_CODE_25;
            }
            KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(str, i);
            builder.setDigests((String[]) arrayList.toArray(new String[0])).setKeySize(i2).setUserAuthenticationRequired(z).setInvalidatedByBiometricEnrollment(z);
            if (str2.equals("RSA")) {
                builder.setBlockModes("ECB", "CBC").setEncryptionPaddings("PKCS1Padding", "OAEPPadding").setSignaturePaddings("PKCS1").setCertificateSerialNumber(BigInteger.valueOf(1L)).setCertificateSubject(new X500Principal("CN=TransmitSecurity"));
            }
            keyPairGenerator.initialize(builder.build());
            return keyPairGenerator;
        } catch (Exception e) {
            throw new RuntimeException("Could not initialize keys generator; " + Y(), e);
        }
    }

    public final KeyPairGenerator d0(String str, boolean z) {
        return c0(str, "RSA", z);
    }

    @Override // defpackage.aia
    public Boolean e() {
        if (D("hw_sec_chk_k_pref")) {
            return Boolean.valueOf(F("hw_sec_chk_k_pref"));
        }
        try {
            if (!U("hw_sec_chk_k_alias")) {
                return null;
            }
            PrivateKey T = T("hw_sec_chk_k_alias");
            try {
                return Boolean.valueOf(((KeyInfo) KeyFactory.getInstance(T.getAlgorithm(), "AndroidKeyStore").getKeySpec(T, KeyInfo.class)).isInsideSecureHardware());
            } catch (Exception e) {
                uog.e(g, "Failed to query HW security", e);
                return null;
            }
        } catch (Exception e2) {
            uog.e(g, "failed to get device private key", e2);
            return null;
        }
    }

    public final void e0(KeyPair keyPair) {
        boolean isInsideSecureHardware;
        int securityLevel;
        try {
            PrivateKey privateKey = keyPair.getPrivate();
            KeyInfo keyInfo = (KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(privateKey, KeyInfo.class);
            if (!"EC".equals(privateKey.getAlgorithm()) || (keyInfo.getPurposes() & 4) == 0) {
                return;
            }
            if (Build.VERSION.SDK_INT >= 31) {
                securityLevel = keyInfo.getSecurityLevel();
                isInsideSecureHardware = true;
                if (securityLevel != 2 && securityLevel != 1 && securityLevel != -1) {
                    isInsideSecureHardware = false;
                }
            } else {
                isInsideSecureHardware = keyInfo.isInsideSecureHardware();
            }
            I("hw_sec_chk_k_pref", isInsideSecureHardware);
            if (U("hw_sec_chk_k_alias")) {
                h("hw_sec_chk_k_alias");
            }
        } catch (Exception e) {
            uog.e(g, "Failed to store HW security", e);
        }
    }

    @Override // defpackage.aia
    public String n(Cipher cipher, byte[] bArr) {
        try {
            return Base64.encodeToString(cipher.doFinal(bArr), 2);
        } catch (Exception e) {
            throw new RuntimeException("Could not decrypt.", e);
        }
    }

    @Override // defpackage.aia
    public boolean t(String str) {
        try {
            s(str).sign();
            return false;
        } catch (Exception e) {
            return (e.getCause() instanceof InvalidKeyException) || (e.getCause() instanceof KeyPermanentlyInvalidatedException);
        }
    }
}
