package com.oath.mobile.platform.phoenix.core;

import android.content.Context;
import android.content.SharedPreferences;
import android.util.Base64;
import androidx.annotation.RequiresApi;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import kotlin.Metadata;
import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.generators.KDF2BytesGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.IESParameterSpec;

@RequiresApi(api = 23)
@Metadata(d1 = {"\u00000\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u000e\bÇ\u0002\u0018\u00002\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u001a\u0010\u001bJ\u0010\u0010\u0005\u001a\u00020\u00042\u0006\u0010\u0003\u001a\u00020\u0002H\u0007J\u0012\u0010\u0007\u001a\u0004\u0018\u00010\u00062\u0006\u0010\u0003\u001a\u00020\u0002H\u0007J\u0010\u0010\t\u001a\u00020\b2\u0006\u0010\u0003\u001a\u00020\u0002H\u0007J\u0010\u0010\n\u001a\u00020\b2\u0006\u0010\u0003\u001a\u00020\u0002H\u0007J\u0010\u0010\r\u001a\u00020\f2\u0006\u0010\u000b\u001a\u00020\u0004H\u0007J\u0018\u0010\u0010\u001a\u00020\u000e2\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u000f\u001a\u00020\u000eH\u0007J\u0018\u0010\u0011\u001a\u00020\u000e2\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u000f\u001a\u00020\u000eH\u0007J\u0018\u0010\u0012\u001a\u00020\u000e2\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u000f\u001a\u00020\u000eH\u0007J\u0018\u0010\u0014\u001a\u00020\u000e2\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0013\u001a\u00020\u000eH\u0007R\u0014\u0010\u0015\u001a\u00020\u000e8\u0002X\u0082T¢\u0006\u0006\n\u0004\b\u0015\u0010\u0016R\u0014\u0010\u0017\u001a\u00020\u000e8\u0002X\u0082T¢\u0006\u0006\n\u0004\b\u0017\u0010\u0016R\u0014\u0010\u0018\u001a\u00020\u000e8\u0002X\u0082T¢\u0006\u0006\n\u0004\b\u0018\u0010\u0016R\u0014\u0010\u0019\u001a\u00020\u000e8\u0002X\u0082T¢\u0006\u0006\n\u0004\b\u0019\u0010\u0016¨\u0006\u001c"}, d2 = {"Lcom/oath/mobile/platform/phoenix/core/KeyStoreUtils;", "", "Landroid/content/Context;", "context", "Ljava/security/PublicKey;", "generateDCRKeyPair", "Ljava/security/KeyPair;", "getDcrKeyPair", "", "isDcrKeyPairAvailable", "isBouncyCastleDcrKeyPairAvailable", "publicKey", "Lcom/google/gson/i;", "generateJwkFromPublicKey", "", "data", "encrypt", "decrypt", "decryptWithECIESEncryptionCofactorVariableIVX963SHA256AESGCM", "input", "sign", "ELLIPTIC_CURVE_PARAMETER_SPEC", "Ljava/lang/String;", "KEY_NAME", "KEY_PUBLIC_NAME", "KEY_PRIVATE_NAME", "<init>", "()V", "dynamic-client-reg_release"}, k = 1, mv = {1, 6, 0})
/* loaded from: classes4.dex */
public final class KeyStoreUtils {
    private static final String ELLIPTIC_CURVE_PARAMETER_SPEC = "secp256r1";
    public static final KeyStoreUtils INSTANCE = new KeyStoreUtils();
    private static final String KEY_NAME = "dcrKey";
    private static final String KEY_PRIVATE_NAME = "dcrPrivateKey";
    private static final String KEY_PUBLIC_NAME = "dcrPublicKey";

    private KeyStoreUtils() {
    }

    public static final String decrypt(Context context, String data) {
        kotlin.jvm.internal.o.f(context, "context");
        kotlin.jvm.internal.o.f(data, "data");
        if (!isDcrKeyPairAvailable(context)) {
            return data;
        }
        KeyPair dcrKeyPair = getDcrKeyPair(context);
        if (dcrKeyPair == null) {
            return "";
        }
        PrivateKey privateKey = dcrKeyPair.getPrivate();
        kotlin.jvm.internal.o.e(privateKey, "keyPair.private");
        Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
        cipher.init(2, privateKey);
        byte[] decodedData = cipher.doFinal(Base64.decode(data, 0));
        kotlin.jvm.internal.o.e(decodedData, "decodedData");
        Charset UTF_8 = StandardCharsets.UTF_8;
        kotlin.jvm.internal.o.e(UTF_8, "UTF_8");
        return new String(decodedData, UTF_8);
    }

    public static final String decryptWithECIESEncryptionCofactorVariableIVX963SHA256AESGCM(Context context, String data) {
        kotlin.jvm.internal.o.f(context, "context");
        kotlin.jvm.internal.o.f(data, "data");
        if (!isBouncyCastleDcrKeyPairAvailable(context)) {
            return data;
        }
        KeyPair dcrKeyPair = getDcrKeyPair(context);
        if (dcrKeyPair == null) {
            return "";
        }
        PrivateKey privateKey = dcrKeyPair.getPrivate();
        kotlin.jvm.internal.o.e(privateKey, "keyPair.private");
        byte[] decode = Base64.decode(data, 8);
        kotlin.jvm.internal.o.e(decode, "decode(data, Base64.URL_SAFE)");
        IESParameterSpec iESParameterSpec = new IESParameterSpec(null, null, 128, 128, null);
        i4 i4Var = new i4(new j4(new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA256Digest()), new a()));
        i4Var.engineInit(2, privateKey, iESParameterSpec, new SecureRandom());
        byte[] engineDoFinal = i4Var.engineDoFinal(decode, 0, decode.length);
        kotlin.jvm.internal.o.e(engineDoFinal, "cipher.engineDoFinal(enc…, 0, encryptedBytes.size)");
        return new String(engineDoFinal, kotlin.text.a.f28919b);
    }

    public static final String encrypt(Context context, String data) {
        kotlin.jvm.internal.o.f(context, "context");
        kotlin.jvm.internal.o.f(data, "data");
        if (!isDcrKeyPairAvailable(context)) {
            return data;
        }
        KeyPair dcrKeyPair = getDcrKeyPair(context);
        if (dcrKeyPair == null) {
            return "";
        }
        PublicKey publicKey = dcrKeyPair.getPublic();
        kotlin.jvm.internal.o.e(publicKey, "keyPair.public");
        Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
        cipher.init(1, publicKey);
        byte[] bytes = data.getBytes(kotlin.text.a.f28919b);
        kotlin.jvm.internal.o.e(bytes, "this as java.lang.String).getBytes(charset)");
        String encodeToString = Base64.encodeToString(cipher.doFinal(bytes), 0);
        kotlin.jvm.internal.o.e(encodeToString, "encodeToString(bytes, Base64.DEFAULT)");
        return encodeToString;
    }

    public static final PublicKey generateDCRKeyPair(Context context) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException {
        kotlin.jvm.internal.o.f(context, "context");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
        keyPairGenerator.initialize(new ECGenParameterSpec(ELLIPTIC_CURVE_PARAMETER_SPEC));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        byte[] encode = Base64.encode(generateKeyPair.getPublic().getEncoded(), 8);
        kotlin.jvm.internal.o.e(encode, "encode(keyPair.public.encoded, Base64.URL_SAFE)");
        Charset charset = kotlin.text.a.f28919b;
        String str = new String(encode, charset);
        byte[] encode2 = Base64.encode(generateKeyPair.getPrivate().getEncoded(), 8);
        kotlin.jvm.internal.o.e(encode2, "encode(keyPair.private.encoded, Base64.URL_SAFE)");
        String str2 = new String(encode2, charset);
        SharedPreferences.Editor edit = autodispose2.h.N(context).edit();
        edit.putString(KEY_PUBLIC_NAME, str);
        edit.putString(KEY_PRIVATE_NAME, str2);
        edit.apply();
        Signature.getInstance("SHA256withECDSA").initSign(generateKeyPair.getPrivate());
        PublicKey publicKey = generateKeyPair.getPublic();
        kotlin.jvm.internal.o.e(publicKey, "keyPair.public");
        return publicKey;
    }

    public static final com.google.gson.i generateJwkFromPublicKey(PublicKey publicKey) {
        kotlin.jvm.internal.o.f(publicKey, "publicKey");
        com.google.gson.i iVar = new com.google.gson.i();
        iVar.n("kty", publicKey.getAlgorithm());
        iVar.n("use", "sig");
        ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
        iVar.n("crv", "P-" + eCPublicKey.getParams().getCurve().getField().getFieldSize());
        String encodeToString = Base64.encodeToString(eCPublicKey.getW().getAffineX().toByteArray(), 8);
        kotlin.jvm.internal.o.e(encodeToString, "encodeToString(ecPublicK…Array(), Base64.URL_SAFE)");
        iVar.n("x", kotlin.text.m.x0(encodeToString).toString());
        String encodeToString2 = Base64.encodeToString(eCPublicKey.getW().getAffineY().toByteArray(), 8);
        kotlin.jvm.internal.o.e(encodeToString2, "encodeToString(ecPublicK…Array(), Base64.URL_SAFE)");
        iVar.n("y", kotlin.text.m.x0(encodeToString2).toString());
        return iVar;
    }

    public static final KeyPair getDcrKeyPair(Context context) {
        kotlin.jvm.internal.o.f(context, "context");
        SharedPreferences N = autodispose2.h.N(context);
        String string = N.getString(KEY_PUBLIC_NAME, null);
        String string2 = N.getString(KEY_PRIVATE_NAME, null);
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (!(string == null || kotlin.text.k.N(string))) {
            if (!(string2 == null || kotlin.text.k.N(string2))) {
                KeyFactory keyFactory = KeyFactory.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
                PublicKey generatePublic = keyFactory.generatePublic(new X509EncodedKeySpec(Base64.decode(string, 8)));
                kotlin.jvm.internal.o.e(generatePublic, "keyFactory.generatePublic(x509ks)");
                PrivateKey generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(string2, 8)));
                kotlin.jvm.internal.o.e(generatePrivate, "keyFactory.generatePrivate(p8ks)");
                return new KeyPair(generatePublic, generatePrivate);
            }
        }
        if (!keyStore.isKeyEntry(KEY_NAME)) {
            return null;
        }
        Key key = keyStore.getKey(KEY_NAME, null);
        if (key == null) {
            throw new NullPointerException("null cannot be cast to non-null type java.security.PrivateKey");
        }
        PublicKey publicKey = keyStore.getCertificate(KEY_NAME).getPublicKey();
        kotlin.jvm.internal.o.e(publicKey, "keyStore.getCertificate(KEY_NAME).publicKey");
        return new KeyPair(publicKey, (PrivateKey) key);
    }

    public static final boolean isBouncyCastleDcrKeyPairAvailable(Context context) {
        kotlin.jvm.internal.o.f(context, "context");
        SharedPreferences N = autodispose2.h.N(context);
        return (N.getString(KEY_PUBLIC_NAME, null) == null || N.getString(KEY_PRIVATE_NAME, null) == null) ? false : true;
    }

    public static final boolean isDcrKeyPairAvailable(Context context) {
        kotlin.jvm.internal.o.f(context, "context");
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return isBouncyCastleDcrKeyPairAvailable(context) || keyStore.isKeyEntry(KEY_NAME);
    }

    public static final String sign(Context context, String input) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, SignatureException, InvalidKeyException {
        KeyPair dcrKeyPair;
        kotlin.jvm.internal.o.f(context, "context");
        kotlin.jvm.internal.o.f(input, "input");
        if (!isDcrKeyPairAvailable(context) || (dcrKeyPair = getDcrKeyPair(context)) == null) {
            return "";
        }
        PrivateKey privateKey = dcrKeyPair.getPrivate();
        kotlin.jvm.internal.o.e(privateKey, "keyPair.private");
        Charset forName = Charset.forName("UTF8");
        kotlin.jvm.internal.o.e(forName, "forName(charsetName)");
        byte[] bytes = input.getBytes(forName);
        kotlin.jvm.internal.o.e(bytes, "this as java.lang.String).getBytes(charset)");
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(privateKey);
        signature.update(bytes);
        byte[] sign = signature.sign();
        kotlin.jvm.internal.o.e(sign, "signature.sign()");
        String encodeToString = Base64.encodeToString(sign, 8);
        kotlin.jvm.internal.o.e(encodeToString, "encodeToString(signatureBytes, Base64.URL_SAFE)");
        return kotlin.text.m.x0(encodeToString).toString();
    }
}
