package com.couchbase.lite.internal;

import android.annotation.SuppressLint;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.RequiresApi;
import androidx.annotation.VisibleForTesting;
import com.couchbase.lite.CBLError;
import com.couchbase.lite.CouchbaseLiteException;
import com.couchbase.lite.LogDomain;
import com.couchbase.lite.internal.KeyStoreManager;
import com.couchbase.lite.internal.core.C4KeyPair;
import com.couchbase.lite.internal.support.Log;
import com.couchbase.lite.internal.utils.Fn;
import defpackage.C7244pg0;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
public class KeyStoreManagerDelegate extends KeyStoreManager {

    @VisibleForTesting
    static final String ANDROID_KEY_STORE = "AndroidKeyStore";

    @Nullable
    private PrivateKey getPrivateKey(@NonNull KeyStore keyStore, @NonNull String str) {
        try {
            Key key = keyStore.getKey(str, null);
            if (key instanceof PrivateKey) {
                return (PrivateKey) key;
            }
            Log.w(LogDomain.LISTENER, "No private key found for alias " + str);
            return null;
        } catch (Exception e) {
            Log.w(LogDomain.LISTENER, "Failed retrieving key for alias " + str, e);
            return null;
        }
    }

    @NonNull
    @RequiresApi
    private KeyPairGenerator initKeyFactoryM(@NonNull String str, @NonNull Date date, @NonNull X500Principal x500Principal) throws InvalidAlgorithmParameterException, NoSuchProviderException, NoSuchAlgorithmException {
        KeyGenParameterSpec.Builder algorithmParameterSpec;
        KeyGenParameterSpec.Builder digests;
        KeyGenParameterSpec.Builder signaturePaddings;
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder certificateSubject;
        KeyGenParameterSpec.Builder certificateSerialNumber;
        KeyGenParameterSpec.Builder certificateNotBefore;
        KeyGenParameterSpec.Builder certificateNotAfter;
        KeyGenParameterSpec.Builder userAuthenticationRequired;
        KeyGenParameterSpec build;
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        algorithmParameterSpec = C7244pg0.a(str, 15).setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(KeyStoreManager.KeySize.BIT_2048.getBitLength(), RSAKeyGenParameterSpec.F0));
        digests = algorithmParameterSpec.setDigests("NONE", "SHA-256");
        signaturePaddings = digests.setSignaturePaddings("PKCS1");
        blockModes = signaturePaddings.setBlockModes("ECB");
        encryptionPaddings = blockModes.setEncryptionPaddings("PKCS1Padding");
        certificateSubject = encryptionPaddings.setCertificateSubject(x500Principal);
        certificateSerialNumber = certificateSubject.setCertificateSerialNumber(BigInteger.ONE);
        certificateNotBefore = certificateSerialNumber.setCertificateNotBefore(new Date());
        certificateNotAfter = certificateNotBefore.setCertificateNotAfter(date);
        userAuthenticationRequired = certificateNotAfter.setUserAuthenticationRequired(false);
        build = userAuthenticationRequired.build();
        keyPairGenerator.initialize(build);
        return keyPairGenerator;
    }

    @NonNull
    @SuppressLint({"WrongConstant"})
    private KeyPairGenerator initKeyFactoryPreM(@NonNull String str, @NonNull Date date, @NonNull X500Principal x500Principal) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, NoSuchProviderException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(CouchbaseLiteInternal.getContext()).setAlias(str).setKeyType("RSA").setKeySize(KeyStoreManager.KeySize.BIT_2048.getBitLength()).setSubject(x500Principal).setSerialNumber(BigInteger.ONE).setStartDate(new Date()).setEndDate(date).build());
        return keyPairGenerator;
    }

    @Nullable
    private KeyStore loadKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            Log.w(LogDomain.LISTENER, "Failed to load key store", e);
            return null;
        }
    }

    @Override // com.couchbase.lite.internal.KeyStoreManager
    @SuppressLint({"NewApi"})
    public void createSelfSignedCertEntry(@Nullable KeyStore keyStore, @NonNull String str, @Nullable char[] cArr, boolean z, @NonNull Map<String, String> map, @Nullable Date date) throws CouchbaseLiteException {
        if (findAlias(null, str)) {
            throw new CouchbaseLiteException("Key already exits: " + str, CBLError.Domain.CBLITE, 22);
        }
        HashMap hashMap = new HashMap(map);
        String str2 = (String) hashMap.remove(BaseTLSIdentity.CERT_ATTRIBUTE_COMMON_NAME);
        if (str2 == null) {
            throw new IllegalArgumentException("The Common Name (CN) attribute is required");
        }
        X500Principal x500Principal = new X500Principal("CN=" + str2, hashMap);
        Date date2 = new Date(getExpirationMs(date));
        try {
            (Build.VERSION.SDK_INT >= 23 ? initKeyFactoryM(str, date2, x500Principal) : initKeyFactoryPreM(str, date2, x500Principal)).generateKeyPair();
        } catch (InvalidAlgorithmParameterException e) {
            e = e;
            throw new CouchbaseLiteException("Failed to create entry: " + str, e);
        } catch (NoSuchAlgorithmException e2) {
            e = e2;
            throw new CouchbaseLiteException("Failed to create entry: " + str, e);
        } catch (NoSuchProviderException e3) {
            e = e3;
            throw new CouchbaseLiteException("Failed to create entry: " + str, e);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:5:0x0008, code lost:
    
        r5 = r5.getKeyAlias();
     */
    @Override // com.couchbase.lite.internal.KeyStoreManager
    @androidx.annotation.Nullable
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public byte[] decrypt(@androidx.annotation.NonNull com.couchbase.lite.internal.core.C4KeyPair r5, @androidx.annotation.NonNull byte[] r6) {
        /*
            r4 = this;
            java.security.KeyStore r0 = r4.loadKeyStore()
            r1 = 0
            if (r0 != 0) goto L8
            return r1
        L8:
            java.lang.String r5 = r5.getKeyAlias()
            java.security.PrivateKey r0 = r4.getPrivateKey(r0, r5)
            if (r0 != 0) goto L13
            return r1
        L13:
            java.lang.String r2 = "RSA/ECB/PKCS1Padding"
            javax.crypto.Cipher r2 = javax.crypto.Cipher.getInstance(r2)     // Catch: javax.crypto.IllegalBlockSizeException -> L22 javax.crypto.BadPaddingException -> L24 java.security.InvalidKeyException -> L26 javax.crypto.NoSuchPaddingException -> L28 java.security.NoSuchAlgorithmException -> L2a
            r3 = 2
            r2.init(r3, r0)     // Catch: javax.crypto.IllegalBlockSizeException -> L22 javax.crypto.BadPaddingException -> L24 java.security.InvalidKeyException -> L26 javax.crypto.NoSuchPaddingException -> L28 java.security.NoSuchAlgorithmException -> L2a
            byte[] r5 = r2.doFinal(r6)     // Catch: javax.crypto.IllegalBlockSizeException -> L22 javax.crypto.BadPaddingException -> L24 java.security.InvalidKeyException -> L26 javax.crypto.NoSuchPaddingException -> L28 java.security.NoSuchAlgorithmException -> L2a
            return r5
        L22:
            r6 = move-exception
            goto L2b
        L24:
            r6 = move-exception
            goto L2b
        L26:
            r6 = move-exception
            goto L2b
        L28:
            r6 = move-exception
            goto L2b
        L2a:
            r6 = move-exception
        L2b:
            com.couchbase.lite.LogDomain r0 = com.couchbase.lite.LogDomain.LISTENER
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            r2.<init>()
            java.lang.String r3 = "Decrypt: failed with "
            r2.append(r3)
            r2.append(r5)
            java.lang.String r5 = r2.toString()
            com.couchbase.lite.internal.support.Log.w(r0, r5, r6)
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: com.couchbase.lite.internal.KeyStoreManagerDelegate.decrypt(com.couchbase.lite.internal.core.C4KeyPair, byte[]):byte[]");
    }

    @Override // com.couchbase.lite.internal.KeyStoreManager
    @VisibleForTesting
    public int deleteEntries(@Nullable KeyStore keyStore, @NonNull Fn.Predicate<String> predicate) throws CouchbaseLiteException {
        KeyStore loadKeyStore = loadKeyStore();
        if (loadKeyStore != null) {
            return deleteStoreEntries(loadKeyStore, predicate);
        }
        throw new IllegalStateException("Failed loading keystore");
    }

    @Override // com.couchbase.lite.internal.KeyStoreManager
    public boolean findAlias(@Nullable KeyStore keyStore, @NonNull String str) {
        KeyStore loadKeyStore = loadKeyStore();
        if (loadKeyStore == null) {
            throw new IllegalStateException("Failed loading keystore");
        }
        try {
            return loadKeyStore.containsAlias(str);
        } catch (KeyStoreException e) {
            throw new IllegalStateException("Failed loading keystore", e);
        }
    }

    @Override // com.couchbase.lite.internal.KeyStoreManager
    public void free(@NonNull C4KeyPair c4KeyPair) {
    }

    @Override // com.couchbase.lite.internal.KeyStoreManager
    @Nullable
    public List<Certificate> getCertificateChain(@Nullable KeyStore keyStore, @NonNull String str) {
        KeyStore loadKeyStore = loadKeyStore();
        if (loadKeyStore != null) {
            return getCertificates(loadKeyStore, str);
        }
        throw new IllegalStateException("Failed loading keystore");
    }

    @Override // com.couchbase.lite.internal.KeyStoreManager
    @Nullable
    public PrivateKey getKey(@Nullable KeyStore keyStore, @NonNull String str, @Nullable char[] cArr) {
        KeyStore loadKeyStore = loadKeyStore();
        if (loadKeyStore != null) {
            return getPrivateKey(str, loadKeyStore, null);
        }
        throw new IllegalStateException("Failed loading keystore");
    }

    @Override // com.couchbase.lite.internal.KeyStoreManager
    @Nullable
    public byte[] getKeyData(@NonNull C4KeyPair c4KeyPair) {
        KeyStore loadKeyStore = loadKeyStore();
        if (loadKeyStore == null) {
            return null;
        }
        return getEncodedKey(loadKeyStore, c4KeyPair);
    }

    /* JADX WARN: Code restructure failed: missing block: B:5:0x0008, code lost:
    
        r4 = r4.getKeyAlias();
     */
    @Override // com.couchbase.lite.internal.KeyStoreManager
    @androidx.annotation.Nullable
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public byte[] sign(@androidx.annotation.NonNull com.couchbase.lite.internal.core.C4KeyPair r4, @androidx.annotation.NonNull com.couchbase.lite.internal.security.Signature.SignatureDigestAlgorithm r5, @androidx.annotation.NonNull byte[] r6) {
        /*
            r3 = this;
            java.security.KeyStore r0 = r3.loadKeyStore()
            r1 = 0
            if (r0 != 0) goto L8
            return r1
        L8:
            java.lang.String r4 = r4.getKeyAlias()
            java.security.PrivateKey r0 = r3.getPrivateKey(r0, r4)
            if (r0 != 0) goto L13
            return r1
        L13:
            byte[] r4 = com.couchbase.lite.internal.security.Signature.signHashData(r0, r6, r5)     // Catch: java.io.IOException -> L18 java.security.InvalidKeyException -> L1a java.security.SignatureException -> L1c java.security.NoSuchAlgorithmException -> L1e
            return r4
        L18:
            r5 = move-exception
            goto L1f
        L1a:
            r5 = move-exception
            goto L1f
        L1c:
            r5 = move-exception
            goto L1f
        L1e:
            r5 = move-exception
        L1f:
            com.couchbase.lite.LogDomain r6 = com.couchbase.lite.LogDomain.LISTENER
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            r0.<init>()
            java.lang.String r2 = "Sign: failed with "
            r0.append(r2)
            r0.append(r4)
            java.lang.String r4 = r0.toString()
            com.couchbase.lite.internal.support.Log.w(r6, r4, r5)
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: com.couchbase.lite.internal.KeyStoreManagerDelegate.sign(com.couchbase.lite.internal.core.C4KeyPair, com.couchbase.lite.internal.security.Signature$SignatureDigestAlgorithm, byte[]):byte[]");
    }
}
