package com.squareup.mri;

import android.app.Application;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.util.ArrayList;
import java.util.List;
import javax.inject.Inject;
import kotlin.Metadata;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.text.Charsets;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: KeyStoreProvider.kt */
@Metadata
@SourceDebugExtension({"SMAP\nKeyStoreProvider.kt\nKotlin\n*S Kotlin\n*F\n+ 1 KeyStoreProvider.kt\ncom/squareup/mri/KeyStoreProvider\n+ 2 _Arrays.kt\nkotlin/collections/ArraysKt___ArraysKt\n*L\n1#1,107:1\n11165#2:108\n11500#2,3:109\n*S KotlinDebug\n*F\n+ 1 KeyStoreProvider.kt\ncom/squareup/mri/KeyStoreProvider\n*L\n95#1:108\n95#1:109,3\n*E\n"})
/* loaded from: classes6.dex */
public final class KeyStoreProvider {

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    public final Application context;
    public final boolean isIdAttestationAvailable;
    public final KeyStore keyStore;

    /* compiled from: KeyStoreProvider.kt */
    @Metadata
    /* loaded from: classes6.dex */
    public static final class Companion {
        public Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* compiled from: KeyStoreProvider.kt */
    @Metadata
    /* loaded from: classes6.dex */
    public static final class IdAttestationFailure extends RuntimeException {
        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public IdAttestationFailure(@NotNull ProviderException cause) {
            super(cause);
            Intrinsics.checkNotNullParameter(cause, "cause");
        }
    }

    @Inject
    public KeyStoreProvider(@NotNull Application context) {
        Intrinsics.checkNotNullParameter(context, "context");
        this.context = context;
        this.keyStore = KeyStore.getInstance("AndroidKeyStore");
        this.isIdAttestationAvailable = Build.VERSION.SDK_INT >= 33;
    }

    public final boolean containsAlias(@NotNull String alias) {
        Intrinsics.checkNotNullParameter(alias, "alias");
        return this.keyStore.containsAlias(alias);
    }

    public final void deleteEntry(@NotNull String alias) {
        Intrinsics.checkNotNullParameter(alias, "alias");
        this.keyStore.deleteEntry(alias);
    }

    public final void generateECKey(@NotNull AlgorithmParameterSpec spec) {
        int numericErrorCode;
        Intrinsics.checkNotNullParameter(spec, "spec");
        try {
            KeyPairGenerator keyPairGenerator = getKeyPairGenerator("EC");
            keyPairGenerator.initialize(spec);
            keyPairGenerator.generateKeyPair();
        } catch (ProviderException e) {
            Throwable cause = e.getCause();
            if (this.isIdAttestationAvailable && KeyStoreProvider$$ExternalSyntheticApiModelOutline1.m(cause)) {
                numericErrorCode = KeyStoreProvider$$ExternalSyntheticApiModelOutline2.m(cause).getNumericErrorCode();
                if (numericErrorCode == 8) {
                    throw new IdAttestationFailure(e);
                }
            }
            throw e;
        }
    }

    @Nullable
    public final List<X509Certificate> getCertificateChain(@NotNull String alias) {
        Intrinsics.checkNotNullParameter(alias, "alias");
        Certificate[] certificateChain = this.keyStore.getCertificateChain(alias);
        if (certificateChain == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList(certificateChain.length);
        for (Certificate certificate : certificateChain) {
            Intrinsics.checkNotNull(certificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
            arrayList.add((X509Certificate) certificate);
        }
        return arrayList;
    }

    @NotNull
    public final Signature getECSignature() {
        Signature signature = Signature.getInstance("SHA256withECDSA");
        Intrinsics.checkNotNullExpressionValue(signature, "getInstance(...)");
        return signature;
    }

    @Nullable
    public final PrivateKey getKey(@NotNull String alias) {
        Intrinsics.checkNotNullParameter(alias, "alias");
        Key key = this.keyStore.getKey(alias, null);
        if (key instanceof PrivateKey) {
            return (PrivateKey) key;
        }
        return null;
    }

    public final KeyPairGenerator getKeyPairGenerator(String str) {
        return KeyPairGenerator.getInstance(str, this.keyStore.getProvider().getName());
    }

    @NotNull
    public final AlgorithmParameterSpec getKeyParameterSpec(@NotNull String alias, boolean z) {
        Intrinsics.checkNotNullParameter(alias, "alias");
        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(alias, 4);
        builder.setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1"));
        builder.setDigests("SHA-256");
        byte[] bytes = ("attested_key_challenge_" + alias).getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
        builder.setAttestationChallenge(bytes);
        builder.setIsStrongBoxBacked(isStrongBoxAvailable());
        if (this.isIdAttestationAvailable && z) {
            builder.setDevicePropertiesAttestationIncluded(true);
        }
        KeyGenParameterSpec build = builder.build();
        Intrinsics.checkNotNullExpressionValue(build, "with(...)");
        return build;
    }

    public final boolean isStrongBoxAvailable() {
        return this.context.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore");
    }

    public final void load() {
        this.keyStore.load(null);
    }
}
