package com.okta.android.auth.security.idx;

import android.util.Base64;
import com.okta.android.auth.data.FipsKeyInfoRepository;
import com.okta.android.auth.storage.data.FipsKeyInfo;
import com.okta.devices.api.security.SignatureProvider;
import com.okta.devices.data.repository.KeyType;
import io.jsonwebtoken.security.SignatureException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.spec.X509EncodedKeySpec;
import javax.inject.Inject;
import javax.inject.Singleton;
import kotlin.Deprecated;
import kotlin.Metadata;
import kotlin.ResultKt;
import kotlin.Unit;
import kotlin.coroutines.Continuation;
import kotlin.coroutines.intrinsics.a;
import kotlin.coroutines.jvm.internal.DebugMetadata;
import kotlin.coroutines.jvm.internal.SuspendLambda;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.internal.Intrinsics;
import kotlinx.coroutines.AbstractC1603c;
import kotlinx.coroutines.CoroutineScope;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import yg.AbstractC0855;
import yg.C0739;
import yg.C0745;
import yg.C0746;
import yg.C0751;
import yg.C0809;
import yg.C0832;
import yg.C0838;
import yg.C0847;
import yg.C0866;
import yg.C0884;
import yg.C0893;
import yg.C0911;
import yg.C0917;
import yg.C0920;

@Singleton
@Metadata(d1 = {"\u0000Z\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0010\u0001\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\b\u0007\u0018\u00002\u00020\u00012\u00020\u0002B\u000f\b\u0007\u0012\u0006\u0010\u0003\u001a\u00020\u0004¢\u0006\u0002\u0010\u0005J\b\u0010\b\u001a\u00020\tH\u0016J\u0012\u0010\n\u001a\u00020\u000b2\b\u0010\f\u001a\u0004\u0018\u00010\tH\u0002J\u0018\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\t2\u0006\u0010\u0010\u001a\u00020\u0011H\u0017J\u0018\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\t2\u0006\u0010\u0012\u001a\u00020\tH\u0016J\u001c\u0010\u0013\u001a\u0004\u0018\u00010\u00142\u0006\u0010\u000f\u001a\u00020\t2\b\u0010\u0015\u001a\u0004\u0018\u00010\tH\u0016J\u0012\u0010\u0016\u001a\u0004\u0018\u00010\u00172\u0006\u0010\u000f\u001a\u00020\tH\u0016J\u0012\u0010\u0018\u001a\u0004\u0018\u00010\u00192\u0006\u0010\u000f\u001a\u00020\tH\u0016J\b\u0010\u001a\u001a\u00020\u0011H\u0016J\b\u0010\u001b\u001a\u00020\tH\u0016J \u0010\u001c\u001a\u00020\u00112\u0006\u0010\u000f\u001a\u00020\t2\u0006\u0010\u001d\u001a\u00020\u000b2\u0006\u0010\u001e\u001a\u00020\u000bH\u0016J\u0014\u0010\u001f\u001a\u00020 2\n\u0010!\u001a\u00060\"j\u0002`#H\u0016R\u0014\u0010\u0003\u001a\u00020\u0004X\u0096\u0004¢\u0006\b\n\u0000\u001a\u0004\b\u0006\u0010\u0007¨\u0006$"}, d2 = {"Lcom/okta/android/auth/security/idx/FipsDigitalSignatureProvider;", "Lcom/okta/devices/api/security/SignatureProvider;", "Lcom/okta/android/auth/security/idx/SdkBoundaryExceptionHandler;", "deviceKeyStore", "Lcom/okta/android/auth/security/idx/FipsDeviceKeyStore;", "(Lcom/okta/android/auth/security/idx/FipsDeviceKeyStore;)V", "getDeviceKeyStore", "()Lcom/okta/android/auth/security/idx/FipsDeviceKeyStore;", "algorithm", "", "decode", "", "data", "generateAndStoreKeyPair", "", "alias", "userVerification", "", "keyType", "getPrivateKey", "Ljava/security/PrivateKey;", "password", "getPublicKey", "Ljava/security/PublicKey;", "getSignature", "Ljava/security/Signature;", "isFipsCompliant", "jwsAlg", "verify", "message", "signature", "wrapAndThrowException", "", "e", "Ljava/lang/Exception;", "Lkotlin/Exception;", "okta-auth-app_productionPublicRelease"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class FipsDigitalSignatureProvider extends SdkBoundaryExceptionHandler implements SignatureProvider {

    @NotNull
    public final FipsDeviceKeyStore deviceKeyStore;

    @Inject
    public FipsDigitalSignatureProvider(@NotNull FipsDeviceKeyStore fipsDeviceKeyStore) {
        short m1268 = (short) (C0751.m1268() ^ 22021);
        short m12682 = (short) (C0751.m1268() ^ 4685);
        int[] iArr = new int["~\u0001\u0013\u0007\u0002\u0005k\u0007\u001cv\u0019\u0015\u0019\r".length()];
        C0746 c0746 = new C0746("~\u0001\u0013\u0007\u0002\u0005k\u0007\u001cv\u0019\u0015\u0019\r");
        int i = 0;
        while (c0746.m1261()) {
            int m1260 = c0746.m1260();
            AbstractC0855 m1609 = AbstractC0855.m1609(m1260);
            iArr[i] = m1609.mo1376((m1609.mo1374(m1260) - (m1268 + i)) - m12682);
            i++;
        }
        Intrinsics.checkNotNullParameter(fipsDeviceKeyStore, new String(iArr, 0, i));
        this.deviceKeyStore = fipsDeviceKeyStore;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final byte[] decode(String data) {
        byte[] decode = Base64.decode(data, 2);
        Intrinsics.checkNotNullExpressionValue(decode, C0866.m1621("ttq|pp2765/", (short) (C0884.m1684() ^ 10893)));
        return decode;
    }

    @Override // com.okta.devices.api.security.SignatureProvider
    @NotNull
    public String algorithm() {
        short m1268 = (short) (C0751.m1268() ^ 31865);
        short m12682 = (short) (C0751.m1268() ^ 28813);
        int[] iArr = new int["\u0006a\u0019".length()];
        C0746 c0746 = new C0746("\u0006a\u0019");
        int i = 0;
        while (c0746.m1261()) {
            int m1260 = c0746.m1260();
            AbstractC0855 m1609 = AbstractC0855.m1609(m1260);
            iArr[i] = m1609.mo1376(m1609.mo1374(m1260) - ((i * m12682) ^ m1268));
            i++;
        }
        return new String(iArr, 0, i);
    }

    @Override // com.okta.devices.api.security.SignatureProvider
    public void generateAndStoreKeyPair(@NotNull String alias, @NotNull String keyType) {
        short m1268 = (short) (C0751.m1268() ^ 623);
        short m12682 = (short) (C0751.m1268() ^ 28684);
        int[] iArr = new int["n#W\u0017P".length()];
        C0746 c0746 = new C0746("n#W\u0017P");
        int i = 0;
        while (c0746.m1261()) {
            int m1260 = c0746.m1260();
            AbstractC0855 m1609 = AbstractC0855.m1609(m1260);
            iArr[i] = m1609.mo1376(((i * m12682) ^ m1268) + m1609.mo1374(m1260));
            i++;
        }
        Intrinsics.checkNotNullParameter(alias, new String(iArr, 0, i));
        Intrinsics.checkNotNullParameter(keyType, C0739.m1253("pT\u001c\u0018AKv", (short) (C0920.m1761() ^ (-17258)), (short) (C0920.m1761() ^ (-29884))));
        getDeviceKeyStore().generateAndStoreKeyPair(algorithm(), 2048, alias, keyType);
    }

    @Override // com.okta.devices.api.security.SignatureProvider
    @Deprecated(message = "Use generateAndStoreKeyPair(alias: String, keyType: String")
    public void generateAndStoreKeyPair(@NotNull String alias, boolean userVerification) {
        Intrinsics.checkNotNullParameter(alias, C0893.m1702("\".,%8", (short) (C0884.m1684() ^ 26773)));
        generateAndStoreKeyPair(alias, (userVerification ? KeyType.USER_VERIFICATION_KEY : KeyType.PROOF_OF_POSSESSION_KEY).getSerializedName());
    }

    @Override // com.okta.devices.api.security.SignatureProvider
    @NotNull
    public FipsDeviceKeyStore getDeviceKeyStore() {
        return this.deviceKeyStore;
    }

    @Override // com.okta.devices.api.security.SignatureProvider
    @Nullable
    public PrivateKey getPrivateKey(@NotNull String alias, @Nullable String password) {
        Intrinsics.checkNotNullParameter(alias, C0893.m1688("Q[WN_", (short) (C0920.m1761() ^ (-32340)), (short) (C0920.m1761() ^ (-1317))));
        KeyPair keyPair = getDeviceKeyStore().getKeyPair(alias);
        if (keyPair != null) {
            return keyPair.getPrivate();
        }
        return null;
    }

    @Override // com.okta.devices.api.security.SignatureProvider
    @Nullable
    public PublicKey getPublicKey(@NotNull final String alias) {
        short m1259 = (short) (C0745.m1259() ^ (-17503));
        int[] iArr = new int["T`^Wj".length()];
        C0746 c0746 = new C0746("T`^Wj");
        int i = 0;
        while (c0746.m1261()) {
            int m1260 = c0746.m1260();
            AbstractC0855 m1609 = AbstractC0855.m1609(m1260);
            iArr[i] = m1609.mo1376((m1259 ^ i) + m1609.mo1374(m1260));
            i++;
        }
        Intrinsics.checkNotNullParameter(alias, new String(iArr, 0, i));
        return (PublicKey) executeAtSdkBoundaryNullable(new Function0<PublicKey>() { // from class: com.okta.android.auth.security.idx.FipsDigitalSignatureProvider$getPublicKey$1

            @Metadata(d1 = {"\u0000\f\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\u0010\u0000\u001a\n \u0002*\u0004\u0018\u00010\u00010\u0001*\u00020\u0003H\u008a@"}, d2 = {"<anonymous>", "Ljava/security/PublicKey;", "kotlin.jvm.PlatformType", "Lkotlinx/coroutines/CoroutineScope;"}, k = 3, mv = {1, 9, 0}, xi = 48)
            @DebugMetadata(c = "com.okta.android.auth.security.idx.FipsDigitalSignatureProvider$getPublicKey$1$1", f = "FipsDigitalSignatureProvider.kt", i = {}, l = {49}, m = "invokeSuspend", n = {}, s = {})
            /* renamed from: com.okta.android.auth.security.idx.FipsDigitalSignatureProvider$getPublicKey$1$1, reason: invalid class name */
            /* loaded from: classes3.dex */
            public static final class AnonymousClass1 extends SuspendLambda implements Function2<CoroutineScope, Continuation<? super PublicKey>, Object> {
                public final /* synthetic */ String $alias;
                public Object L$0;
                public int label;
                public final /* synthetic */ FipsDigitalSignatureProvider this$0;

                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                public AnonymousClass1(FipsDigitalSignatureProvider fipsDigitalSignatureProvider, String str, Continuation<? super AnonymousClass1> continuation) {
                    super(2, continuation);
                    this.this$0 = fipsDigitalSignatureProvider;
                    this.$alias = str;
                }

                @Override // kotlin.coroutines.jvm.internal.BaseContinuationImpl
                @NotNull
                public final Continuation<Unit> create(@Nullable Object obj, @NotNull Continuation<?> continuation) {
                    return new AnonymousClass1(this.this$0, this.$alias, continuation);
                }

                @Override // kotlin.jvm.functions.Function2
                @Nullable
                /* renamed from: invoke, reason: avoid collision after fix types in other method and merged with bridge method [inline-methods] */
                public final Object mo2invoke(@NotNull CoroutineScope coroutineScope, @Nullable Continuation<? super PublicKey> continuation) {
                    return ((AnonymousClass1) create(coroutineScope, continuation)).invokeSuspend(Unit.INSTANCE);
                }

                @Override // kotlin.coroutines.jvm.internal.BaseContinuationImpl
                @Nullable
                public final Object invokeSuspend(@NotNull Object obj) {
                    Object coroutine_suspended;
                    FipsDigitalSignatureProvider fipsDigitalSignatureProvider;
                    byte[] decode;
                    coroutine_suspended = a.getCOROUTINE_SUSPENDED();
                    int i = this.label;
                    if (i == 0) {
                        ResultKt.throwOnFailure(obj);
                        fipsDigitalSignatureProvider = this.this$0;
                        FipsKeyInfoRepository fipsKeyInfoRepository = fipsDigitalSignatureProvider.getDeviceKeyStore().getFipsKeyInfoRepository();
                        String str = this.$alias;
                        this.L$0 = fipsDigitalSignatureProvider;
                        this.label = 1;
                        obj = fipsKeyInfoRepository.getFipsKeyInfo(str, this);
                        if (obj == coroutine_suspended) {
                            return coroutine_suspended;
                        }
                    } else {
                        if (i != 1) {
                            throw new IllegalStateException(C0739.m1242("UR\\[\u000ea[\u000b\u0011[MZ[RI\n\u0002CEEMOAz\u0001BFME@9yqH9C6l/:<8=;/3)", (short) (C0884.m1684() ^ 20537)));
                        }
                        fipsDigitalSignatureProvider = (FipsDigitalSignatureProvider) this.L$0;
                        ResultKt.throwOnFailure(obj);
                    }
                    FipsKeyInfo fipsKeyInfo = (FipsKeyInfo) obj;
                    decode = fipsDigitalSignatureProvider.decode(fipsKeyInfo != null ? fipsKeyInfo.getPublicKey() : null);
                    return KeyFactory.getInstance(this.this$0.algorithm()).generatePublic(new X509EncodedKeySpec(decode));
                }
            }

            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            @Nullable
            public final PublicKey invoke() {
                Object b;
                b = AbstractC1603c.b(null, new AnonymousClass1(FipsDigitalSignatureProvider.this, alias, null), 1, null);
                return (PublicKey) b;
            }
        });
    }

    @Override // com.okta.devices.api.security.SignatureProvider
    @Nullable
    public Signature getSignature(@NotNull final String alias) {
        Intrinsics.checkNotNullParameter(alias, C0832.m1501("iusl\u007f", (short) (C0745.m1259() ^ (-11658))));
        return (Signature) executeAtSdkBoundaryNullable(new Function0<Signature>() { // from class: com.okta.android.auth.security.idx.FipsDigitalSignatureProvider$getSignature$1
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            @Nullable
            public final Signature invoke() {
                PrivateKey privateKey$default = SignatureProvider.DefaultImpls.getPrivateKey$default(FipsDigitalSignatureProvider.this, alias, null, 2, null);
                if (privateKey$default != null) {
                    Signature signature = FipsDigitalSignatureProvider.this.getDeviceKeyStore().getFipsKeyMaterialProvider().getSignature(C0739.m1242("znfVXX\u0019\n\u0014\u0007", (short) (C0884.m1684() ^ 25130)) + FipsDigitalSignatureProvider.this.algorithm());
                    signature.initSign(privateKey$default);
                    return signature;
                }
                short m1757 = (short) (C0917.m1757() ^ (-28082));
                int[] iArr = new int["Lex\u001eckm\u001am``i\u0015U_[Rc\u000feN_Y\u0011]\bNKSIUCUEC".length()];
                C0746 c0746 = new C0746("Lex\u001eckm\u001am``i\u0015U_[Rc\u000feN_Y\u0011]\bNKSIUCUEC");
                int i = 0;
                while (c0746.m1261()) {
                    int m1260 = c0746.m1260();
                    AbstractC0855 m1609 = AbstractC0855.m1609(m1260);
                    iArr[i] = m1609.mo1376(m1757 + m1757 + i + m1609.mo1374(m1260));
                    i++;
                }
                throw new GeneralSecurityException(new String(iArr, 0, i));
            }
        });
    }

    @Override // com.okta.devices.api.security.SignatureProvider
    public boolean isFipsCompliant() {
        return true;
    }

    @Override // com.okta.devices.api.security.SignatureProvider
    @NotNull
    public String jwsAlg() {
        return C0911.m1724("!\u0003S).", (short) (C0917.m1757() ^ (-25286)), (short) (C0917.m1757() ^ (-24663)));
    }

    @Override // com.okta.devices.api.security.SignatureProvider
    public boolean verify(@NotNull final String alias, @NotNull final byte[] message, @NotNull final byte[] signature) {
        short m1757 = (short) (C0917.m1757() ^ (-5537));
        int[] iArr = new int["BLH?P".length()];
        C0746 c0746 = new C0746("BLH?P");
        int i = 0;
        while (c0746.m1261()) {
            int m1260 = c0746.m1260();
            AbstractC0855 m1609 = AbstractC0855.m1609(m1260);
            iArr[i] = m1609.mo1376(m1757 + i + m1609.mo1374(m1260));
            i++;
        }
        Intrinsics.checkNotNullParameter(alias, new String(iArr, 0, i));
        short m1259 = (short) (C0745.m1259() ^ (-16296));
        int[] iArr2 = new int["i`mlY^[".length()];
        C0746 c07462 = new C0746("i`mlY^[");
        int i2 = 0;
        while (c07462.m1261()) {
            int m12602 = c07462.m1260();
            AbstractC0855 m16092 = AbstractC0855.m1609(m12602);
            iArr2[i2] = m16092.mo1376(m1259 + m1259 + i2 + m16092.mo1374(m12602));
            i2++;
        }
        Intrinsics.checkNotNullParameter(message, new String(iArr2, 0, i2));
        short m1268 = (short) (C0751.m1268() ^ 8190);
        int[] iArr3 = new int["`0:[5zY5x".length()];
        C0746 c07463 = new C0746("`0:[5zY5x");
        int i3 = 0;
        while (c07463.m1261()) {
            int m12603 = c07463.m1260();
            AbstractC0855 m16093 = AbstractC0855.m1609(m12603);
            int mo1374 = m16093.mo1374(m12603);
            short[] sArr = C0809.f263;
            iArr3[i3] = m16093.mo1376(mo1374 - (sArr[i3 % sArr.length] ^ (m1268 + i3)));
            i3++;
        }
        Intrinsics.checkNotNullParameter(signature, new String(iArr3, 0, i3));
        return ((Boolean) executeAtSdkBoundary(new Function0<Boolean>() { // from class: com.okta.android.auth.security.idx.FipsDigitalSignatureProvider$verify$1
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // kotlin.jvm.functions.Function0
            @NotNull
            public final Boolean invoke() {
                PublicKey publicKey = FipsDigitalSignatureProvider.this.getPublicKey(alias);
                if (publicKey == null) {
                    short m17572 = (short) (C0917.m1757() ^ (-20905));
                    short m17573 = (short) (C0917.m1757() ^ (-32662));
                    int[] iArr4 = new int["j\u0004\u0017<\u0002\n\f8\f~~\b3s}yp\u0002-\u0004l}w/{&liqgsasca".length()];
                    C0746 c07464 = new C0746("j\u0004\u0017<\u0002\n\f8\f~~\b3s}yp\u0002-\u0004l}w/{&liqgsasca");
                    int i4 = 0;
                    while (c07464.m1261()) {
                        int m12604 = c07464.m1260();
                        AbstractC0855 m16094 = AbstractC0855.m1609(m12604);
                        iArr4[i4] = m16094.mo1376(((m17572 + i4) + m16094.mo1374(m12604)) - m17573);
                        i4++;
                    }
                    throw new GeneralSecurityException(new String(iArr4, 0, i4));
                }
                KeyMaterialProvider fipsKeyMaterialProvider = FipsDigitalSignatureProvider.this.getDeviceKeyStore().getFipsKeyMaterialProvider();
                String algorithm = FipsDigitalSignatureProvider.this.algorithm();
                StringBuilder sb = new StringBuilder();
                short m1761 = (short) (C0920.m1761() ^ (-14791));
                int[] iArr5 = new int["u3}RL\u0019z{`\u0014".length()];
                C0746 c07465 = new C0746("u3}RL\u0019z{`\u0014");
                int i5 = 0;
                while (c07465.m1261()) {
                    int m12605 = c07465.m1260();
                    AbstractC0855 m16095 = AbstractC0855.m1609(m12605);
                    int mo13742 = m16095.mo1374(m12605);
                    short[] sArr2 = C0809.f263;
                    iArr5[i5] = m16095.mo1376(mo13742 - (sArr2[i5 % sArr2.length] ^ (m1761 + i5)));
                    i5++;
                }
                sb.append(new String(iArr5, 0, i5));
                sb.append(algorithm);
                Signature signature2 = fipsKeyMaterialProvider.getSignature(sb.toString());
                byte[] bArr = message;
                signature2.initVerify(publicKey);
                signature2.update(bArr);
                return Boolean.valueOf(signature2.verify(signature));
            }
        })).booleanValue();
    }

    @Override // com.okta.android.auth.security.idx.SdkBoundaryExceptionHandler
    @NotNull
    public Void wrapAndThrowException(@NotNull Exception e) {
        GeneralSecurityException generalSecurityException;
        short m1523 = (short) (C0838.m1523() ^ 26128);
        short m15232 = (short) (C0838.m1523() ^ 12032);
        int[] iArr = new int["\u0007".length()];
        C0746 c0746 = new C0746("\u0007");
        int i = 0;
        while (c0746.m1261()) {
            int m1260 = c0746.m1260();
            AbstractC0855 m1609 = AbstractC0855.m1609(m1260);
            iArr[i] = m1609.mo1376(((m1523 + i) + m1609.mo1374(m1260)) - m15232);
            i++;
        }
        Intrinsics.checkNotNullParameter(e, new String(iArr, 0, i));
        if (e instanceof IllegalStateException) {
            Exception initializationError = getDeviceKeyStore().getIdXFipsSoftwareKeystore().getKeystoreStatus().getInitializationError();
            if (initializationError != null) {
                throw new GeneralSecurityException(C0832.m1512("@\\Q@dlpQnfuydvjQl\u0002|~z~r.x~z\u0007|u\u0002\u007f\u0012}9\u0001|\u0006\n\u0004\u0004N", (short) (C0847.m1586() ^ (-7846))), initializationError);
            }
            generalSecurityException = new GeneralSecurityException(e.getMessage(), e);
        } else {
            if ((e instanceof KeyStoreException) || (e instanceof GeneralSecurityException) || (e instanceof SignatureException) || (e instanceof UnrecoverableKeyException)) {
                throw e;
            }
            generalSecurityException = new GeneralSecurityException(e.getMessage(), e);
        }
        throw generalSecurityException;
    }
}
