package z1;

import android.content.SharedPreferences;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.util.Base64;
import io.fusionauth.jwt.domain.Algorithm;
import io.fusionauth.jwt.ec.ECDSASignature;
import io.fusionauth.security.DefaultCryptoProvider;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECPoint;
import java.util.List;
import java.util.UUID;
import javax.crypto.Cipher;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import y1.C0737a;

/* loaded from: classes3.dex */
public final class f {

    /* renamed from: a, reason: collision with root package name */
    public static final a f10601a = new a(null);

    /* renamed from: b, reason: collision with root package name */
    private static final Algorithm f10602b = Algorithm.ES256;

    /* loaded from: classes3.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    private final byte[] a(BigInteger bigInteger, BigInteger bigInteger2, int i3) {
        int i4 = i3 / 2;
        byte[] bArr = new byte[i3];
        byte[] j3 = j(bigInteger, i4);
        byte[] j4 = j(bigInteger2, i4);
        System.arraycopy(j3, 0, bArr, 0, i4);
        System.arraycopy(j4, 0, bArr, i4, i4);
        return bArr;
    }

    private final String d(Key key, byte[] bArr) {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(ENCRYPTION_TRANSFORMATION)");
        try {
            cipher.init(2, key, c.f10599a.a(bArr));
            byte[] decryptedBytes = cipher.doFinal(bArr, 16, bArr.length - 16);
            Intrinsics.checkNotNullExpressionValue(decryptedBytes, "decryptedBytes");
            Charset forName = Charset.forName("UTF-8");
            Intrinsics.checkNotNullExpressionValue(forName, "forName(\"UTF-8\")");
            return new String(decryptedBytes, forName);
        } catch (Throwable th) {
            C0737a.f10570a.c(th, "SecureKeyService::decryptBytes");
            throw th;
        }
    }

    private final byte[] e(ECPublicKey eCPublicKey) {
        int bitLength = eCPublicKey.getParams().getOrder().bitLength() / 8;
        ECPoint w3 = eCPublicKey.getW();
        BigInteger x3 = w3.getAffineX();
        BigInteger y3 = w3.getAffineY();
        Intrinsics.checkNotNullExpressionValue(x3, "x");
        Intrinsics.checkNotNullExpressionValue(y3, "y");
        int i3 = bitLength * 2;
        byte[] a3 = a(x3, y3, i3);
        byte[] bArr = new byte[i3 + 1];
        int i4 = 0;
        bArr[0] = 4;
        int length = a3.length;
        while (i4 < length) {
            int i5 = i4 + 1;
            bArr[i5] = a3[i4];
            i4 = i5;
        }
        return bArr;
    }

    private final byte[] i(SharedPreferences sharedPreferences, String str) {
        String string = sharedPreferences.getString(str + ":p", null);
        if (string != null) {
            return Base64.decode(string, 0);
        }
        return null;
    }

    private final byte[] j(BigInteger bigInteger, int i3) {
        byte[] b3 = bigInteger.toByteArray();
        if (b3.length == i3) {
            Intrinsics.checkNotNullExpressionValue(b3, "b");
            return b3;
        }
        int i4 = i3 + 1;
        if (b3.length > i4) {
            throw new InvalidKeyException("key too big (" + b3.length + ") max is " + i4);
        }
        byte[] bArr = new byte[i3];
        Intrinsics.checkNotNullExpressionValue(b3, "b");
        if (b3.length == 0) {
            return bArr;
        }
        byte b4 = b3[0];
        if (((byte) (((byte) 128) & b4)) != 0) {
            throw new InvalidKeyException("negative");
        }
        if (b3.length <= i3) {
            System.arraycopy(b3, 0, bArr, i3 - b3.length, b3.length);
            return bArr;
        }
        if (b4 == 0) {
            System.arraycopy(b3, 1, bArr, 0, i3);
            return bArr;
        }
        throw new InvalidKeyException("key too big (" + b3.length + ") max is " + i3);
    }

    public final ECPublicKey b(String aliasId, AbstractC0743a abstractC0743a) {
        Intrinsics.checkNotNullParameter(aliasId, "aliasId");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
        Intrinsics.checkNotNullExpressionValue(keyPairGenerator, "getInstance(\n           …  keyStoreName,\n        )");
        KeyGenParameterSpec.Builder keySize = new KeyGenParameterSpec.Builder(aliasId, 12).setDigests("SHA-256", "SHA-512", "NONE").setKeySize(256);
        Intrinsics.checkNotNullExpressionValue(keySize, "Builder(\n            ali…        ).setKeySize(256)");
        KeyGenParameterSpec build = keySize.build();
        Intrinsics.checkNotNullExpressionValue(build, "parameterSpecBuilder.build()");
        keyPairGenerator.initialize(build);
        PublicKey publicKey = keyPairGenerator.genKeyPair().getPublic();
        ECPublicKey eCPublicKey = publicKey instanceof ECPublicKey ? (ECPublicKey) publicKey : null;
        if (eCPublicKey == null) {
            return null;
        }
        return eCPublicKey;
    }

    public final ECPublicKey c() {
        boolean isInsideSecureHardware;
        int securityLevel;
        int securityLevel2;
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
        Intrinsics.checkNotNullExpressionValue(keyPairGenerator, "getInstance(\n           …  keyStoreName,\n        )");
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("JumpCloudGo", 12).setDigests("SHA-256", "SHA-512", "NONE").setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).build();
        Intrinsics.checkNotNullExpressionValue(build, "Builder(\n            jum…erSpec)\n        ).build()");
        keyPairGenerator.initialize(build);
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        KeyInfo keyInfo = (KeyInfo) KeyFactory.getInstance("EC", "AndroidKeyStore").getKeySpec(genKeyPair.getPrivate(), KeyInfo.class);
        if (Build.VERSION.SDK_INT >= 31) {
            securityLevel = keyInfo.getSecurityLevel();
            isInsideSecureHardware = true;
            if (securityLevel != 1) {
                securityLevel2 = keyInfo.getSecurityLevel();
                if (securityLevel2 != 2) {
                    isInsideSecureHardware = false;
                }
            }
        } else {
            isInsideSecureHardware = keyInfo.isInsideSecureHardware();
        }
        if (!isInsideSecureHardware) {
            return null;
        }
        PublicKey publicKey = genKeyPair.getPublic();
        ECPublicKey eCPublicKey = publicKey instanceof ECPublicKey ? (ECPublicKey) publicKey : null;
        if (eCPublicKey == null) {
            return null;
        }
        return eCPublicKey;
    }

    public final String f(String keyAlias, SharedPreferences rnSharedPreferences) {
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        Intrinsics.checkNotNullParameter(rnSharedPreferences, "rnSharedPreferences");
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        byte[] i3 = i(rnSharedPreferences, keyAlias);
        if (i3 == null) {
            return null;
        }
        Key key = keyStore.getKey(keyAlias, null);
        Intrinsics.checkNotNullExpressionValue(key, "keyStore.getKey(keyAlias, null)");
        return d(key, i3);
    }

    public final D1.d g() {
        List list;
        String h3 = h();
        ECPublicKey b3 = b(h3, null);
        if (b3 == null) {
            return null;
        }
        List<Byte> drop = ArraysKt.drop(e(b3), 1);
        List chunked = CollectionsKt.chunked(drop, drop.size() / 2);
        List list2 = (List) CollectionsKt.getOrNull(chunked, 0);
        if (list2 == null || (list = (List) CollectionsKt.getOrNull(chunked, 1)) == null) {
            return null;
        }
        return new D1.d(CollectionsKt.toByteArray(list2), CollectionsKt.toByteArray(list), h3);
    }

    public final String h() {
        String uuid = UUID.randomUUID().toString();
        Intrinsics.checkNotNullExpressionValue(uuid, "randomUUID().toString()");
        return uuid;
    }

    public final byte[] k(String str, byte[] bArr, boolean z3, String str2) {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (z3) {
            str = "JumpCloudGo";
        }
        KeyStore.Entry entry = keyStore.getEntry(str, null);
        KeyStore.PrivateKeyEntry privateKeyEntry = entry instanceof KeyStore.PrivateKeyEntry ? (KeyStore.PrivateKeyEntry) entry : null;
        if (privateKeyEntry == null) {
            return null;
        }
        if (!z3) {
            r1 = bArr != null ? MessageDigest.getInstance("SHA-256").digest(bArr) : null;
            Signature signature = Signature.getInstance("NONEwithECDSA");
            signature.initSign(privateKeyEntry.getPrivateKey());
            signature.update(r1);
            byte[] sign = signature.sign();
            Intrinsics.checkNotNullExpressionValue(sign, "getInstance(keySignature… sign()\n                }");
            return sign;
        }
        DefaultCryptoProvider defaultCryptoProvider = new DefaultCryptoProvider();
        Algorithm algorithm = f10602b;
        Signature signatureInstance = defaultCryptoProvider.getSignatureInstance(algorithm.getName());
        Intrinsics.checkNotNullExpressionValue(signatureInstance, "cryptoProvider.getSignat…ySignatureAlgo.getName())");
        signatureInstance.initSign(privateKeyEntry.getPrivateKey());
        if (str2 != null) {
            Charset UTF_8 = StandardCharsets.UTF_8;
            Intrinsics.checkNotNullExpressionValue(UTF_8, "UTF_8");
            r1 = str2.getBytes(UTF_8);
            Intrinsics.checkNotNullExpressionValue(r1, "getBytes(...)");
        }
        signatureInstance.update(r1);
        return new ECDSASignature(signatureInstance.sign()).derDecode(algorithm);
    }
}
