package ru.ozon.app.android.account.auth.biometry.keystore;

import android.app.KeyguardManager;
import android.content.Context;
import android.hardware.fingerprint.FingerprintManager;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.RequiresApi;
import androidx.biometric.BiometricManager;
import androidx.core.content.ContextCompat;
import androidx.exifinterface.media.ExifInterface;
import com.huawei.hms.aaid.constant.AaidIdConstant;
import f1.a.a;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.spec.ECGenParameterSpec;
import kotlin.Metadata;
import kotlin.j;
import kotlin.jvm.internal.j;

@Metadata(bv = {1, 0, 3}, d1 = {"\u0000d\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\b\u0000\u0018\u0000 -2\u00020\u0001:\u0001-B\u0011\b\u0007\u0012\u0006\u0010 \u001a\u00020\u001f¢\u0006\u0004\b+\u0010,J\u000f\u0010\u0003\u001a\u00020\u0002H\u0003¢\u0006\u0004\b\u0003\u0010\u0004J\u0011\u0010\u0006\u001a\u0004\u0018\u00010\u0005H\u0003¢\u0006\u0004\b\u0006\u0010\u0007J\u0019\u0010\n\u001a\u0004\u0018\u00010\u00052\u0006\u0010\t\u001a\u00020\bH\u0003¢\u0006\u0004\b\n\u0010\u000bJ\u0019\u0010\u000e\u001a\u0004\u0018\u00010\u00052\u0006\u0010\r\u001a\u00020\fH\u0003¢\u0006\u0004\b\u000e\u0010\u000fJ\"\u0010\u0013\u001a\u00020\u0012\"\u0004\b\u0000\u0010\u0010*\b\u0012\u0004\u0012\u00028\u00000\u0011H\u0002ø\u0001\u0000¢\u0006\u0004\b\u0013\u0010\u0014J\u0011\u0010\u0015\u001a\u0004\u0018\u00010\u0005H\u0003¢\u0006\u0004\b\u0015\u0010\u0007J\u000f\u0010\u0016\u001a\u00020\u0002H\u0016¢\u0006\u0004\b\u0016\u0010\u0004J\u0011\u0010\u0018\u001a\u0004\u0018\u00010\u0017H\u0017¢\u0006\u0004\b\u0018\u0010\u0019J\u0011\u0010\u001b\u001a\u0004\u0018\u00010\u001aH\u0017¢\u0006\u0004\b\u001b\u0010\u001cJ\u000f\u0010\u001d\u001a\u00020\u0012H\u0017¢\u0006\u0004\b\u001d\u0010\u001eR\u0016\u0010 \u001a\u00020\u001f8\u0002@\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b \u0010!R\u0016\u0010#\u001a\u00020\"8\u0002@\u0002X\u0082.¢\u0006\u0006\n\u0004\b#\u0010$R\u0016\u0010&\u001a\u00020%8\u0002@\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b&\u0010'R\u0016\u0010)\u001a\u00020(8\u0002@\u0002X\u0082.¢\u0006\u0006\n\u0004\b)\u0010*\u0082\u0002\u0004\n\u0002\b\u0019¨\u0006."}, d2 = {"Lru/ozon/app/android/account/auth/biometry/keystore/KeyStoreRepositoryImpl;", "Lru/ozon/app/android/account/auth/biometry/keystore/KeyStoreRepository;", "", "canAuthByBiometrySystem", "()Z", "Ljava/security/KeyPair;", "createKeyPair", "()Ljava/security/KeyPair;", "Landroid/security/keystore/KeyGenParameterSpec$Builder;", "builder", "generateKeyPairStrongBoxBacked", "(Landroid/security/keystore/KeyGenParameterSpec$Builder;)Ljava/security/KeyPair;", "Landroid/security/keystore/KeyGenParameterSpec;", "keySpec", "generateKeyPair", "(Landroid/security/keystore/KeyGenParameterSpec;)Ljava/security/KeyPair;", ExifInterface.GPS_DIRECTION_TRUE, "Lkotlin/j;", "Lkotlin/o;", "logException", "(Ljava/lang/Object;)V", "getKeyPair", "canAuth", "", "getOrCreateKey", "()Ljava/lang/String;", "Ljava/security/Signature;", "initSign", "()Ljava/security/Signature;", "deleteKey", "()V", "Landroid/content/Context;", "context", "Landroid/content/Context;", "Ljava/security/KeyPairGenerator;", "keyGenerator", "Ljava/security/KeyPairGenerator;", "Landroidx/biometric/BiometricManager;", "biometricManager", "Landroidx/biometric/BiometricManager;", "Ljava/security/KeyStore;", "keyStore", "Ljava/security/KeyStore;", "<init>", "(Landroid/content/Context;)V", "Companion", "account_release"}, k = 1, mv = {1, 4, 2})
/* loaded from: classes5.dex */
public final class KeyStoreRepositoryImpl implements KeyStoreRepository {
    private static final String ALGO_PARAM_SPEC = "prime256v1";
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String OZON_PAY_KEY = "OZON_PAY_KEY";
    private static final String SIGNATURE_ALGO = "SHA256withECDSA";
    private final BiometricManager biometricManager;
    private final Context context;
    private KeyPairGenerator keyGenerator;
    private KeyStore keyStore;

    public KeyStoreRepositoryImpl(Context context) {
        j.f(context, "context");
        this.context = context;
        BiometricManager from = BiometricManager.from(context);
        j.e(from, "BiometricManager.from(context)");
        this.biometricManager = from;
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore.load(null);
            j.e(keyStore, "KeyStore.getInstance(AND…ORE).apply { load(null) }");
            this.keyStore = keyStore;
        } catch (Exception e) {
            a.k(e);
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", ANDROID_KEY_STORE);
            j.e(keyPairGenerator, "KeyPairGenerator.getInst…HM_EC, ANDROID_KEY_STORE)");
            this.keyGenerator = keyPairGenerator;
        } catch (Exception e2) {
            a.k(e2);
        }
    }

    public static final /* synthetic */ KeyPairGenerator access$getKeyGenerator$p(KeyStoreRepositoryImpl keyStoreRepositoryImpl) {
        KeyPairGenerator keyPairGenerator = keyStoreRepositoryImpl.keyGenerator;
        if (keyPairGenerator != null) {
            return keyPairGenerator;
        }
        j.o("keyGenerator");
        throw null;
    }

    public static final /* synthetic */ KeyStore access$getKeyStore$p(KeyStoreRepositoryImpl keyStoreRepositoryImpl) {
        KeyStore keyStore = keyStoreRepositoryImpl.keyStore;
        if (keyStore != null) {
            return keyStore;
        }
        j.o("keyStore");
        throw null;
    }

    @RequiresApi(23)
    private final boolean canAuthByBiometrySystem() {
        KeyguardManager keyguardManager = (KeyguardManager) ContextCompat.getSystemService(this.context, KeyguardManager.class);
        FingerprintManager fingerprintManager = (FingerprintManager) ContextCompat.getSystemService(this.context, FingerprintManager.class);
        return (ContextCompat.checkSelfPermission(this.context, "android.permission.USE_FINGERPRINT") == 0) && fingerprintManager != null && fingerprintManager.hasEnrolledFingerprints() && keyguardManager != null && keyguardManager.isKeyguardSecure();
    }

    @RequiresApi(23)
    private final KeyPair createKeyPair() {
        KeyGenParameterSpec.Builder digests = new KeyGenParameterSpec.Builder(OZON_PAY_KEY, 12).setAlgorithmParameterSpec(new ECGenParameterSpec(ALGO_PARAM_SPEC)).setUserAuthenticationRequired(true).setDigests(AaidIdConstant.SIGNATURE_SHA256);
        j.e(digests, "KeyGenParameterSpec.Buil…Properties.DIGEST_SHA256)");
        int i = Build.VERSION.SDK_INT;
        if (i >= 24) {
            digests.setInvalidatedByBiometricEnrollment(false);
        }
        if (i >= 28) {
            return generateKeyPairStrongBoxBacked(digests);
        }
        KeyGenParameterSpec build = digests.build();
        j.e(build, "keySpecBuilder.build()");
        return generateKeyPair(build);
    }

    @RequiresApi(23)
    private final KeyPair generateKeyPair(KeyGenParameterSpec keySpec) {
        Object P;
        KeyPairGenerator keyPairGenerator;
        try {
            keyPairGenerator = this.keyGenerator;
        } catch (Throwable th) {
            P = c0.a.t.a.P(th);
        }
        if (keyPairGenerator == null) {
            j.o("keyGenerator");
            throw null;
        }
        keyPairGenerator.initialize(keySpec);
        KeyPairGenerator keyPairGenerator2 = this.keyGenerator;
        if (keyPairGenerator2 == null) {
            j.o("keyGenerator");
            throw null;
        }
        P = keyPairGenerator2.genKeyPair();
        logException(P);
        return (KeyPair) (P instanceof j.a ? null : P);
    }

    @RequiresApi(28)
    private final KeyPair generateKeyPairStrongBoxBacked(KeyGenParameterSpec.Builder builder) {
        KeyGenParameterSpec build = builder.setIsStrongBoxBacked(true).build();
        kotlin.jvm.internal.j.e(build, "builder.setIsStrongBoxBacked(true).build()");
        KeyPair generateKeyPair = generateKeyPair(build);
        if (generateKeyPair != null) {
            return generateKeyPair;
        }
        KeyGenParameterSpec build2 = builder.setIsStrongBoxBacked(false).build();
        kotlin.jvm.internal.j.e(build2, "builder.setIsStrongBoxBacked(false).build()");
        return generateKeyPair(build2);
    }

    @RequiresApi(23)
    private final KeyPair getKeyPair() {
        try {
            KeyStore keyStore = this.keyStore;
            if (keyStore == null) {
                kotlin.jvm.internal.j.o("keyStore");
                throw null;
            }
            Key key = keyStore.getKey(OZON_PAY_KEY, null);
            if (!(key instanceof PrivateKey)) {
                key = null;
            }
            PrivateKey privateKey = (PrivateKey) key;
            KeyStore keyStore2 = this.keyStore;
            if (keyStore2 == null) {
                kotlin.jvm.internal.j.o("keyStore");
                throw null;
            }
            Certificate certificate = keyStore2.getCertificate(OZON_PAY_KEY);
            kotlin.jvm.internal.j.e(certificate, "certificate");
            return new KeyPair(certificate.getPublicKey(), privateKey);
        } catch (Throwable th) {
            Object P = c0.a.t.a.P(th);
            logException(P);
            if (kotlin.j.b(P) != null) {
                deleteKey();
                P = createKeyPair();
            }
            return (KeyPair) P;
        }
    }

    private final <T> void logException(Object obj) {
        if (obj instanceof j.a) {
            a.b(kotlin.j.b(obj));
        }
    }

    @Override // ru.ozon.app.android.account.auth.biometry.keystore.KeyStoreRepository
    public boolean canAuth() {
        return this.keyStore != null && this.keyGenerator != null && this.biometricManager.canAuthenticate() == 0 && canAuthByBiometrySystem();
    }

    @Override // ru.ozon.app.android.account.auth.biometry.keystore.KeyStoreRepository
    @RequiresApi(23)
    public void deleteKey() {
        KeyStore keyStore = this.keyStore;
        if (keyStore == null) {
            kotlin.jvm.internal.j.o("keyStore");
            throw null;
        }
        if (keyStore.containsAlias(OZON_PAY_KEY)) {
            try {
                KeyStore keyStore2 = this.keyStore;
                if (keyStore2 != null) {
                    keyStore2.deleteEntry(OZON_PAY_KEY);
                } else {
                    kotlin.jvm.internal.j.o("keyStore");
                    throw null;
                }
            } catch (Exception unused) {
            }
        }
    }

    @Override // ru.ozon.app.android.account.auth.biometry.keystore.KeyStoreRepository
    @RequiresApi(23)
    public String getOrCreateKey() {
        PublicKey publicKey;
        KeyStore keyStore = this.keyStore;
        if (keyStore == null) {
            kotlin.jvm.internal.j.o("keyStore");
            throw null;
        }
        KeyPair keyPair = keyStore.containsAlias(OZON_PAY_KEY) ? getKeyPair() : createKeyPair();
        byte[] encoded = (keyPair == null || (publicKey = keyPair.getPublic()) == null) ? null : publicKey.getEncoded();
        if (encoded != null) {
            return EncryptExtKt.encryptBase64(encoded);
        }
        return null;
    }

    @Override // ru.ozon.app.android.account.auth.biometry.keystore.KeyStoreRepository
    @RequiresApi(23)
    public Signature initSign() {
        try {
            Signature signature = Signature.getInstance(SIGNATURE_ALGO);
            KeyStore keyStore = this.keyStore;
            if (keyStore == null) {
                kotlin.jvm.internal.j.o("keyStore");
                throw null;
            }
            Key key = keyStore.getKey(OZON_PAY_KEY, null);
            if (!(key instanceof PrivateKey)) {
                key = null;
            }
            PrivateKey privateKey = (PrivateKey) key;
            if (privateKey == null) {
                return null;
            }
            signature.initSign(privateKey);
            return signature;
        } catch (Exception unused) {
            return null;
        }
    }
}
