package com.kastle.kastlesdk.ble.pkoc;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import com.allegion.alsecurity.AlEcc;
import com.amazonaws.services.s3.internal.crypto.JceEncryptionConstants;
import com.assaabloy.seos.access.crypto.EccKeyPair;
import com.kastle.kastlesdk.KastleManager;
import com.kastle.kastlesdk.logging.KSLogger;
import com.kastle.kastlesdk.services.api.model.KSDigitalSignatureDetails;
import com.kastle.kastlesdk.storage.preference.KSAppPreference;
import com.myclay.claysdk.internal.Config;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.ECGenParameterSpec;
import java.util.Calendar;
import java.util.TimeZone;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import org.jetbrains.anko._AppWidgetHostView$$ExternalSyntheticOutline1;

/* loaded from: classes4.dex */
public class KSPKOCCredentialsManager {
    public static KSPKOCCredentialsManager sInstance;
    public boolean mIsInitialized;
    public boolean mIsKeysLoaded;
    public KeyStore mKeyStore;
    public PrivateKey mPrivateKey;
    public byte[] mPublicKeyBytes;

    public static String convertByteArrayToHexString(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b2 : bArr) {
            sb.append(String.format("%02x", Integer.valueOf(b2 & 255)));
        }
        return sb.toString();
    }

    public static KSPKOCCredentialsManager getInstance() {
        if (sInstance == null) {
            synchronized (KSPKOCCredentialsManager.class) {
                if (sInstance == null) {
                    sInstance = new KSPKOCCredentialsManager();
                }
            }
        }
        return sInstance;
    }

    public static byte[] removeASNHeaderFromSignature(byte[] bArr) {
        StringBuilder m2 = _AppWidgetHostView$$ExternalSyntheticOutline1.m("Signature Length - ***** ");
        m2.append(bArr.length);
        KSLogger.d(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", m2.toString());
        if (bArr.length == 64) {
            return bArr;
        }
        byte[] bArr2 = new byte[64];
        byte b2 = bArr[3];
        byte[] bArr3 = new byte[32];
        KSLogger.d(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", "rLength : " + ((int) b2));
        System.arraycopy(bArr, b2 <= 32 ? 4 : 5, bArr3, b2 < 32 ? 32 - b2 : 0, b2 > 32 ? (byte) 32 : b2);
        int i2 = b2 + 3 + 2;
        byte b3 = bArr[i2];
        byte[] bArr4 = new byte[32];
        KSLogger.d(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", "sLength : " + ((int) b3));
        int i3 = i2 + 1;
        if (b3 > 32) {
            i3++;
        }
        int i4 = b3 < 32 ? 32 - b3 : 0;
        if (b3 > 32) {
            b3 = 32;
        }
        System.arraycopy(bArr, i3, bArr4, i4, b3);
        System.arraycopy(bArr3, 0, bArr2, 0, 32);
        System.arraycopy(bArr4, 0, bArr2, 32, 32);
        return bArr2;
    }

    public synchronized boolean deleteKey() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        boolean z2;
        if (!this.mIsInitialized) {
            initialize();
        }
        KeyStore keyStore = this.mKeyStore;
        z2 = false;
        if (keyStore == null) {
            KSLogger.e(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", "Key Store is null.");
        } else if (keyStore.containsAlias("KS_PKOC_READER_CREDENTIALS_KEY")) {
            this.mKeyStore.deleteEntry("KS_PKOC_READER_CREDENTIALS_KEY");
            KSLogger.i(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", "PKOC Key removed from the key-store");
            synchronized (this) {
                this.mPublicKeyBytes = null;
                this.mPrivateKey = null;
                this.mIsKeysLoaded = false;
                z2 = true;
            }
        } else {
            KSLogger.i(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", "PKOC Key does not exists.");
        }
        return z2;
    }

    public synchronized boolean generateKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        boolean z2;
        try {
            try {
                deleteKey();
            } catch (Exception e2) {
                KSLogger.exception(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", e2);
            }
            KSLogger.i(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", "Create PKOC Key.");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(AlEcc.EC_ALGORITHM, Config.Keystore.ANDROID_KEY_STORE);
            z2 = false;
            KeyGenParameterSpec.Builder algorithmParameterSpec = new KeyGenParameterSpec.Builder("KS_PKOC_READER_CREDENTIALS_KEY", 12).setUserAuthenticationRequired(false).setDigests("SHA-256").setRandomizedEncryptionRequired(false).setKeySize(256).setAlgorithmParameterSpec(new ECGenParameterSpec(EccKeyPair.CURVE));
            Context appContext = KastleManager.getInstance().getAppContext();
            if (appContext != null ? appContext.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore") : false) {
                algorithmParameterSpec.setIsStrongBoxBacked(true);
            }
            keyPairGenerator.initialize(algorithmParameterSpec.build());
            if (keyPairGenerator.generateKeyPair() != null) {
                KSAppPreference.setPKOCKeySyncingPending(true);
                KSLogger.i(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", "PKOC Key created successfully.");
                synchronized (this) {
                    this.mPublicKeyBytes = null;
                    this.mPrivateKey = null;
                    this.mIsKeysLoaded = false;
                    z2 = true;
                }
            }
        } finally {
        }
        return z2;
    }

    public synchronized boolean generateKeyPairIfNotExists() throws NoSuchProviderException, InvalidAlgorithmParameterException, KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        return isKeyExists() ? false : generateKeyPair();
    }

    public KSDigitalSignatureDetails getDigitalSignature() throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException, InvalidKeyException, SignatureException, CertificateException, IOException {
        if (!this.mIsInitialized) {
            initialize();
        }
        KeyStore keyStore = this.mKeyStore;
        if (keyStore == null) {
            KSLogger.e(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", "Key Store is null.");
            return null;
        }
        if (!keyStore.containsAlias("KS_PKOC_READER_CREDENTIALS_KEY")) {
            KSLogger.i(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", "PKOC Key does not exists.");
            return null;
        }
        KeyStore.Entry entry = this.mKeyStore.getEntry("KS_PKOC_READER_CREDENTIALS_KEY", null);
        String l2 = new Long((Calendar.getInstance(TimeZone.getTimeZone("UTC")).getTimeInMillis() * 10000) + 621355968000000000L).toString();
        byte[] digest = MessageDigest.getInstance("SHA-256").digest(l2.getBytes("UTF-8"));
        Signature signature = Signature.getInstance(AlEcc.ECDSA_256_SIG);
        signature.initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
        signature.update(digest);
        byte[] removeASNHeaderFromSignature = removeASNHeaderFromSignature(signature.sign());
        KSDigitalSignatureDetails kSDigitalSignatureDetails = new KSDigitalSignatureDetails();
        kSDigitalSignatureDetails.setNonce(l2);
        kSDigitalSignatureDetails.setDigitalSignature(convertByteArrayToHexString(removeASNHeaderFromSignature));
        return kSDigitalSignatureDetails;
    }

    public byte[] getDigitalSignatureBytes(byte[] bArr) {
        byte[] bArr2 = null;
        if (loadKeysIfRequired()) {
            try {
                Signature signature = Signature.getInstance(AlEcc.ECDSA_256_SIG);
                signature.initSign(this.mPrivateKey);
                signature.update(bArr);
                bArr2 = signature.sign();
            } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e2) {
                KSLogger.exception(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", e2);
            }
        }
        return (bArr2 == null || bArr2.length <= 0) ? bArr2 : removeASNHeaderFromSignature(bArr2);
    }

    public byte[] getEncryptedPublicKeyBytes(SecretKey secretKey) {
        if (!loadKeysIfRequired()) {
            return null;
        }
        try {
            IvParameterSpec ivParameterSpec = new IvParameterSpec(new byte[16]);
            Cipher cipher = Cipher.getInstance(JceEncryptionConstants.SYMMETRIC_CIPHER_METHOD);
            cipher.init(1, secretKey, ivParameterSpec);
            byte[] removeASNHeaderFromPublicKey = removeASNHeaderFromPublicKey(this.mPublicKeyBytes);
            this.mPublicKeyBytes = removeASNHeaderFromPublicKey;
            return cipher.doFinal(removeASNHeaderFromPublicKey);
        } catch (Exception e2) {
            KSLogger.exception(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", e2);
            return null;
        }
    }

    public byte[] getObfuscatedPublicKeyBytes(byte[] bArr) {
        if (!loadKeysIfRequired()) {
            KSLogger.e(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", "Public or Private Key were not loaded successfully.");
            return null;
        }
        byte[] removeASNHeaderFromPublicKey = removeASNHeaderFromPublicKey(this.mPublicKeyBytes);
        if (bArr == null || removeASNHeaderFromPublicKey == null || bArr.length <= 0 || removeASNHeaderFromPublicKey.length <= 0 || bArr.length != removeASNHeaderFromPublicKey.length) {
            return null;
        }
        int length = bArr.length;
        byte[] bArr2 = new byte[length];
        for (int i2 = 0; i2 < length; i2++) {
            bArr2[i2] = (byte) (bArr[i2] ^ removeASNHeaderFromPublicKey[i2]);
        }
        return bArr2;
    }

    public synchronized byte[] getPublicKeyBytes() {
        return loadKeysIfRequired() ? this.mPublicKeyBytes : null;
    }

    public synchronized String getPublicKeyHexString() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        String str;
        if (!this.mIsInitialized) {
            initialize();
        }
        KeyStore keyStore = this.mKeyStore;
        str = null;
        if (keyStore == null) {
            KSLogger.e(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", "Key Store is null.");
        } else if (keyStore.containsAlias("KS_PKOC_READER_CREDENTIALS_KEY")) {
            KSLogger.i(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", "PKOC Key exists.");
            str = convertByteArrayToHexString(removeASNHeaderFromPublicKey(this.mKeyStore.getCertificate("KS_PKOC_READER_CREDENTIALS_KEY").getPublicKey().getEncoded()));
        } else {
            KSLogger.i(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", "PKOC Key does not exists.");
        }
        return str;
    }

    public byte[] getUncompressedPublicKeyBytes() {
        if (loadKeysIfRequired()) {
            return removeASNHeaderFromPublicKey(this.mPublicKeyBytes);
        }
        KSLogger.e(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", "Public or Private Key were not loaded successfully.");
        return null;
    }

    public final void initialize() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance(Config.Keystore.ANDROID_KEY_STORE);
        this.mKeyStore = keyStore;
        keyStore.load(null);
        this.mIsInitialized = true;
    }

    public synchronized boolean isKeyExists() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        boolean z2;
        z2 = false;
        if (!this.mIsInitialized) {
            initialize();
        }
        KeyStore keyStore = this.mKeyStore;
        if (keyStore == null) {
            KSLogger.e(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", "Key Store is null.");
        } else if (keyStore.containsAlias("KS_PKOC_READER_CREDENTIALS_KEY")) {
            KSLogger.i(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", "PKOC Key exists.");
            z2 = true;
        } else {
            KSLogger.i(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", "PKOC Key does not exists.");
        }
        return z2;
    }

    public final synchronized boolean loadKeysIfRequired() {
        boolean z2;
        z2 = false;
        boolean z3 = this.mIsInitialized;
        if (z3 && this.mIsKeysLoaded) {
            z2 = true;
        } else if (!z3 || !this.mIsKeysLoaded) {
            if (!z3) {
                try {
                    initialize();
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e2) {
                    KSLogger.exception(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", e2);
                }
            }
            if (this.mIsInitialized && !this.mIsKeysLoaded) {
                this.mPrivateKey = ((KeyStore.PrivateKeyEntry) this.mKeyStore.getEntry("KS_PKOC_READER_CREDENTIALS_KEY", null)).getPrivateKey();
                byte[] encoded = this.mKeyStore.getCertificate("KS_PKOC_READER_CREDENTIALS_KEY").getPublicKey().getEncoded();
                this.mPublicKeyBytes = encoded;
                if (this.mPrivateKey != null && encoded != null) {
                    this.mIsKeysLoaded = true;
                    z2 = true;
                }
            }
            KSLogger.e(null, "com.kastle.kastlesdk.ble.pkoc.KSPKOCCredentialsManager", "Keystore Loaded - " + this.mIsInitialized + ", Key Initialized - " + this.mIsKeysLoaded);
        }
        return z2;
    }

    public byte[] removeASNHeaderFromPublicKey(byte[] bArr) {
        if (bArr.length <= 65) {
            return bArr;
        }
        byte[] bArr2 = new byte[65];
        System.arraycopy(bArr, 26, bArr2, 0, 65);
        return bArr2;
    }
}
