package com.oath.mobile.platform.phoenix.core;

import android.content.Context;
import android.content.SharedPreferences;
import android.util.Base64;
import androidx.annotation.RequiresApi;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECField;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.EllipticCurve;
import javax.crypto.Cipher;
import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.generators.KDF2BytesGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.IESParameterSpec;

@RequiresApi(api = 23)
/* loaded from: classes.dex */
public final class KeyStoreUtils {
    private static final String ELLIPTIC_CURVE_PARAMETER_SPEC = "secp256r1";
    public static final KeyStoreUtils INSTANCE = new KeyStoreUtils();
    private static final String KEY_NAME = "dcrKey";
    private static final String KEY_PRIVATE_NAME = "dcrPrivateKey";
    private static final String KEY_PUBLIC_NAME = "dcrPublicKey";

    static {
        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
        Security.insertProviderAt(new BouncyCastleProvider(), 0);
    }

    private KeyStoreUtils() {
    }

    public static final String decrypt(Context context, String str) {
        h.u.d.j.d(context, "context");
        h.u.d.j.d(str, "data");
        if (!isDcrKeyPairAvailable(context)) {
            return str;
        }
        KeyPair dcrKeyPair = getDcrKeyPair(context);
        if (dcrKeyPair == null) {
            return "";
        }
        PrivateKey privateKey = dcrKeyPair.getPrivate();
        h.u.d.j.a((Object) privateKey, "keyPair.private");
        Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
        cipher.init(2, privateKey);
        byte[] doFinal = cipher.doFinal(Base64.decode(str, 0));
        h.u.d.j.a((Object) doFinal, "decodedData");
        Charset charset = StandardCharsets.UTF_8;
        h.u.d.j.a((Object) charset, "StandardCharsets.UTF_8");
        return new String(doFinal, charset);
    }

    public static final String decryptWithECIESEncryptionCofactorVariableIVX963SHA256AESGCM(Context context, String str) {
        h.u.d.j.d(context, "context");
        h.u.d.j.d(str, "data");
        if (!isBouncyCastleDcrKeyPairAvailable(context)) {
            return str;
        }
        KeyPair dcrKeyPair = getDcrKeyPair(context);
        if (dcrKeyPair == null) {
            return "";
        }
        PrivateKey privateKey = dcrKeyPair.getPrivate();
        h.u.d.j.a((Object) privateKey, "keyPair.private");
        byte[] decode = Base64.decode(str, 8);
        h.u.d.j.a((Object) decode, "Base64.decode(data, Base64.URL_SAFE)");
        IESParameterSpec iESParameterSpec = new IESParameterSpec(null, null, 128, 128, null);
        h6 h6Var = new h6(new i6(new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA256Digest()), new e3()), 16);
        h6Var.engineInit(2, privateKey, iESParameterSpec, new SecureRandom());
        byte[] engineDoFinal = h6Var.engineDoFinal(decode, 0, decode.length);
        h.u.d.j.a((Object) engineDoFinal, "cipher.engineDoFinal(enc…, 0, encryptedBytes.size)");
        return new String(engineDoFinal, h.z.d.a);
    }

    public static final String encrypt(Context context, String str) {
        h.u.d.j.d(context, "context");
        h.u.d.j.d(str, "data");
        if (!isDcrKeyPairAvailable(context)) {
            return str;
        }
        KeyPair dcrKeyPair = getDcrKeyPair(context);
        if (dcrKeyPair == null) {
            return "";
        }
        PublicKey publicKey = dcrKeyPair.getPublic();
        h.u.d.j.a((Object) publicKey, "keyPair.public");
        Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
        cipher.init(1, publicKey);
        byte[] bytes = str.getBytes(h.z.d.a);
        h.u.d.j.a((Object) bytes, "(this as java.lang.String).getBytes(charset)");
        String encodeToString = Base64.encodeToString(cipher.doFinal(bytes), 0);
        h.u.d.j.a((Object) encodeToString, "Base64.encodeToString(bytes, Base64.DEFAULT)");
        return encodeToString;
    }

    public static final PublicKey generateDCRKeyPair(Context context) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException {
        h.u.d.j.d(context, "context");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
        keyPairGenerator.initialize(new ECGenParameterSpec(ELLIPTIC_CURVE_PARAMETER_SPEC));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        h.u.d.j.a((Object) generateKeyPair, "keyPair");
        PublicKey publicKey = generateKeyPair.getPublic();
        h.u.d.j.a((Object) publicKey, "keyPair.public");
        byte[] encode = Base64.encode(publicKey.getEncoded(), 8);
        h.u.d.j.a((Object) encode, "Base64.encode(keyPair.pu…encoded, Base64.URL_SAFE)");
        String str = new String(encode, h.z.d.a);
        PrivateKey privateKey = generateKeyPair.getPrivate();
        h.u.d.j.a((Object) privateKey, "keyPair.private");
        byte[] encode2 = Base64.encode(privateKey.getEncoded(), 8);
        h.u.d.j.a((Object) encode2, "Base64.encode(keyPair.pr…encoded, Base64.URL_SAFE)");
        String str2 = new String(encode2, h.z.d.a);
        SharedPreferences.Editor edit = n5.a(context).edit();
        edit.putString(KEY_PUBLIC_NAME, str);
        edit.putString(KEY_PRIVATE_NAME, str2);
        edit.apply();
        Signature.getInstance("SHA256withECDSA").initSign(generateKeyPair.getPrivate());
        PublicKey publicKey2 = generateKeyPair.getPublic();
        h.u.d.j.a((Object) publicKey2, "keyPair.public");
        return publicKey2;
    }

    public static final d.f.e.o generateJwkFromPublicKey(PublicKey publicKey) {
        CharSequence f2;
        CharSequence f3;
        h.u.d.j.d(publicKey, "publicKey");
        d.f.e.o oVar = new d.f.e.o();
        oVar.a("kty", publicKey.getAlgorithm());
        oVar.a("use", "sig");
        ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
        StringBuilder sb = new StringBuilder();
        sb.append("P-");
        ECParameterSpec params = eCPublicKey.getParams();
        h.u.d.j.a((Object) params, "ecPublicKey.params");
        EllipticCurve curve = params.getCurve();
        h.u.d.j.a((Object) curve, "ecPublicKey.params.curve");
        ECField field = curve.getField();
        h.u.d.j.a((Object) field, "ecPublicKey.params.curve.field");
        sb.append(field.getFieldSize());
        oVar.a("crv", sb.toString());
        ECPoint w = eCPublicKey.getW();
        h.u.d.j.a((Object) w, "ecPublicKey.w");
        String encodeToString = Base64.encodeToString(w.getAffineX().toByteArray(), 8);
        h.u.d.j.a((Object) encodeToString, "Base64.encodeToString(ec…Array(), Base64.URL_SAFE)");
        if (encodeToString == null) {
            throw new h.l("null cannot be cast to non-null type kotlin.CharSequence");
        }
        f2 = h.z.q.f(encodeToString);
        oVar.a("x", f2.toString());
        ECPoint w2 = eCPublicKey.getW();
        h.u.d.j.a((Object) w2, "ecPublicKey.w");
        String encodeToString2 = Base64.encodeToString(w2.getAffineY().toByteArray(), 8);
        h.u.d.j.a((Object) encodeToString2, "Base64.encodeToString(ec…Array(), Base64.URL_SAFE)");
        if (encodeToString2 == null) {
            throw new h.l("null cannot be cast to non-null type kotlin.CharSequence");
        }
        f3 = h.z.q.f(encodeToString2);
        oVar.a("y", f3.toString());
        return oVar;
    }

    /* JADX WARN: Code restructure failed: missing block: B:9:0x0035, code lost:
    
        if (r5 != false) goto L13;
     */
    /* JADX WARN: Removed duplicated region for block: B:17:0x0076  */
    /* JADX WARN: Removed duplicated region for block: B:23:0x009e A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:7:0x002f  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static final java.security.KeyPair getDcrKeyPair(android.content.Context r6) {
        /*
            java.lang.String r0 = "context"
            h.u.d.j.d(r6, r0)
            android.content.SharedPreferences r6 = com.oath.mobile.platform.phoenix.core.n5.a(r6)
            r0 = 0
            java.lang.String r1 = "dcrPublicKey"
            java.lang.String r1 = r6.getString(r1, r0)
            java.lang.String r2 = "dcrPrivateKey"
            java.lang.String r6 = r6.getString(r2, r0)
            java.lang.String r2 = "AndroidKeyStore"
            java.security.KeyStore r2 = java.security.KeyStore.getInstance(r2)
            r2.load(r0)
            r3 = 0
            r4 = 1
            if (r1 == 0) goto L2c
            boolean r5 = h.z.g.a(r1)
            if (r5 == 0) goto L2a
            goto L2c
        L2a:
            r5 = 0
            goto L2d
        L2c:
            r5 = 1
        L2d:
            if (r5 != 0) goto L6e
            if (r6 == 0) goto L37
            boolean r5 = h.z.g.a(r6)
            if (r5 == 0) goto L38
        L37:
            r3 = 1
        L38:
            if (r3 != 0) goto L6e
            java.lang.String r0 = "EC"
            java.lang.String r2 = "BC"
            java.security.KeyFactory r0 = java.security.KeyFactory.getInstance(r0, r2)
            java.security.spec.X509EncodedKeySpec r2 = new java.security.spec.X509EncodedKeySpec
            r3 = 8
            byte[] r1 = android.util.Base64.decode(r1, r3)
            r2.<init>(r1)
            java.security.PublicKey r1 = r0.generatePublic(r2)
            java.lang.String r2 = "keyFactory.generatePublic(x509ks)"
            h.u.d.j.a(r1, r2)
            java.security.spec.PKCS8EncodedKeySpec r2 = new java.security.spec.PKCS8EncodedKeySpec
            byte[] r6 = android.util.Base64.decode(r6, r3)
            r2.<init>(r6)
            java.security.PrivateKey r6 = r0.generatePrivate(r2)
            java.lang.String r0 = "keyFactory.generatePrivate(p8ks)"
            h.u.d.j.a(r6, r0)
            java.security.KeyPair r0 = new java.security.KeyPair
            r0.<init>(r1, r6)
            return r0
        L6e:
            java.lang.String r6 = "dcrKey"
            boolean r1 = r2.isKeyEntry(r6)
            if (r1 == 0) goto L9e
            java.security.Key r0 = r2.getKey(r6, r0)
            if (r0 == 0) goto L96
            java.security.PrivateKey r0 = (java.security.PrivateKey) r0
            java.security.cert.Certificate r6 = r2.getCertificate(r6)
            java.lang.String r1 = "keyStore.getCertificate(KEY_NAME)"
            h.u.d.j.a(r6, r1)
            java.security.PublicKey r6 = r6.getPublicKey()
            java.lang.String r1 = "keyStore.getCertificate(KEY_NAME).publicKey"
            h.u.d.j.a(r6, r1)
            java.security.KeyPair r1 = new java.security.KeyPair
            r1.<init>(r6, r0)
            return r1
        L96:
            h.l r6 = new h.l
            java.lang.String r0 = "null cannot be cast to non-null type java.security.PrivateKey"
            r6.<init>(r0)
            throw r6
        L9e:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.oath.mobile.platform.phoenix.core.KeyStoreUtils.getDcrKeyPair(android.content.Context):java.security.KeyPair");
    }

    public static final boolean isBouncyCastleDcrKeyPairAvailable(Context context) {
        h.u.d.j.d(context, "context");
        SharedPreferences a = n5.a(context);
        return (a.getString(KEY_PUBLIC_NAME, null) == null || a.getString(KEY_PRIVATE_NAME, null) == null) ? false : true;
    }

    public static final boolean isDcrKeyPairAvailable(Context context) {
        h.u.d.j.d(context, "context");
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return isBouncyCastleDcrKeyPairAvailable(context) || keyStore.isKeyEntry(KEY_NAME);
    }

    public static final String sign(Context context, String str) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, SignatureException, InvalidKeyException {
        KeyPair dcrKeyPair;
        CharSequence f2;
        h.u.d.j.d(context, "context");
        h.u.d.j.d(str, "input");
        if (!isDcrKeyPairAvailable(context) || (dcrKeyPair = getDcrKeyPair(context)) == null) {
            return "";
        }
        PrivateKey privateKey = dcrKeyPair.getPrivate();
        h.u.d.j.a((Object) privateKey, "keyPair.private");
        Charset forName = Charset.forName("UTF8");
        h.u.d.j.a((Object) forName, "Charset.forName(charsetName)");
        byte[] bytes = str.getBytes(forName);
        h.u.d.j.a((Object) bytes, "(this as java.lang.String).getBytes(charset)");
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(privateKey);
        signature.update(bytes);
        byte[] sign = signature.sign();
        h.u.d.j.a((Object) sign, "signature.sign()");
        String encodeToString = Base64.encodeToString(sign, 8);
        h.u.d.j.a((Object) encodeToString, "Base64.encodeToString(si…reBytes, Base64.URL_SAFE)");
        if (encodeToString == null) {
            throw new h.l("null cannot be cast to non-null type kotlin.CharSequence");
        }
        f2 = h.z.q.f(encodeToString);
        return f2.toString();
    }
}
