package M4;

import L4.q;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Log;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes.dex */
public final class l extends h {
    @Override // M4.d
    public final boolean b() {
        return true;
    }

    @Override // M4.d
    public final String d() {
        return "KeystoreRSAECB";
    }

    @Override // M4.d
    public final void e(O4.c handler, String alias, String username, String password, q level) {
        kotlin.jvm.internal.h.e(handler, "handler");
        kotlin.jvm.internal.h.e(alias, "alias");
        kotlin.jvm.internal.h.e(username, "username");
        kotlin.jvm.internal.h.e(password, "password");
        kotlin.jvm.internal.h.e(level, "level");
        w(level);
        String str = alias.length() == 0 ? "KeystoreRSAECB" : alias;
        try {
            m(str, level, new AtomicInteger(1));
            handler.a(y(str, password, username), null);
        } catch (Exception e8) {
            if (e8 instanceof NoSuchAlgorithmException ? true : e8 instanceof InvalidKeySpecException ? true : e8 instanceof NoSuchPaddingException ? true : e8 instanceof InvalidKeyException) {
                throw new GeneralSecurityException("Could not encrypt data for service ".concat(alias), e8);
            }
            if (e8 instanceof KeyStoreException ? true : e8 instanceof N4.c) {
                throw new GeneralSecurityException("Could not access Keystore for service ".concat(alias), e8);
            }
            if (!(e8 instanceof IOException)) {
                throw new GeneralSecurityException(com.google.firebase.crashlytics.internal.model.a.g("Unknown error: ", e8.getMessage()), e8);
            }
            throw new GeneralSecurityException(com.google.firebase.crashlytics.internal.model.a.g("I/O error: ", e8.getMessage()), e8);
        }
    }

    @Override // M4.d
    public final int f() {
        return 23;
    }

    @Override // M4.d
    public final void h(O4.c handler, String alias, byte[] username, byte[] password) {
        Key key;
        q qVar = q.f1498e;
        kotlin.jvm.internal.h.e(handler, "handler");
        kotlin.jvm.internal.h.e(alias, "alias");
        kotlin.jvm.internal.h.e(username, "username");
        kotlin.jvm.internal.h.e(password, "password");
        w(qVar);
        if (alias.length() == 0) {
            alias = "KeystoreRSAECB";
        }
        String str = alias;
        try {
            try {
                Key m7 = m(str, qVar, new AtomicInteger(1));
                try {
                    handler.f(new b(i(m7, username), i(m7, password)), null);
                } catch (UserNotAuthenticatedException e8) {
                    e = e8;
                    key = m7;
                    Log.d(this.f1588b, com.google.firebase.crashlytics.internal.model.a.g("Unlock of keystore is needed. Error: ", e.getMessage()), e);
                    kotlin.jvm.internal.h.b(key);
                    handler.d(new O4.a(str, key, password, username, O4.b.f1735f));
                }
            } catch (UserNotAuthenticatedException e9) {
                e = e9;
                key = null;
            }
        } catch (Throwable th) {
            handler.f(null, th);
        }
    }

    @Override // M4.h
    public final Key n(KeyGenParameterSpec keyGenParameterSpec) {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(keyGenParameterSpec);
        PrivateKey privateKey = keyPairGenerator.generateKeyPair().getPrivate();
        kotlin.jvm.internal.h.d(privateKey, "getPrivate(...)");
        return privateKey;
    }

    @Override // M4.h
    public final String r() {
        return "RSA";
    }

    @Override // M4.h
    public final String s() {
        return "RSA/ECB/PKCS1Padding";
    }

    @Override // M4.h
    public final KeyGenParameterSpec.Builder t(String str, boolean z7) {
        int i2 = Build.VERSION.SDK_INT;
        KeyGenParameterSpec.Builder keySize = new KeyGenParameterSpec.Builder(str, 3).setBlockModes("ECB").setEncryptionPaddings("PKCS1Padding").setRandomizedEncryptionRequired(true).setUserAuthenticationRequired(true).setKeySize(z7 ? 512 : 2048);
        kotlin.jvm.internal.h.d(keySize, "setKeySize(...)");
        if (i2 >= 30) {
            keySize.setUserAuthenticationParameters(5, 2);
        } else {
            keySize.setUserAuthenticationValidityDurationSeconds(5);
        }
        return keySize;
    }

    @Override // M4.h
    public final KeyInfo u(Key key) {
        kotlin.jvm.internal.h.e(key, "key");
        KeySpec keySpec = KeyFactory.getInstance(key.getAlgorithm(), "AndroidKeyStore").getKeySpec(key, KeyInfo.class);
        kotlin.jvm.internal.h.d(keySpec, "getKeySpec(...)");
        return (KeyInfo) keySpec;
    }

    public final c y(String str, String str2, String str3) {
        Certificate certificate = v().getCertificate(str);
        if (certificate == null) {
            throw new GeneralSecurityException("Certificate is null for alias ".concat(str));
        }
        PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(certificate.getPublicKey().getEncoded()));
        kotlin.jvm.internal.h.b(generatePublic);
        return new c(k(generatePublic, str3), k(generatePublic, str2), this);
    }
}
