package com.ts.common.internal.core.b.c;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Base64;
import com.haibison.android.lockpattern.util.SimpleWeakEncryption;
import com.haibison.android.lockpattern.widget.LockPatternUtils;
import com.rsa.crypto.AlgorithmStrings;
import com.ts.common.api.SDKBase;
import com.ts.common.api.core.encryption.MasterKeyException;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.util.ArrayList;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.security.auth.x500.X500Principal;

/* compiled from: Post23KeyStoreEncryptor.java */
@TargetApi(23)
/* loaded from: classes4.dex */
public class a extends com.ts.common.internal.core.b.b.a {

    /* renamed from: k, reason: collision with root package name */
    private static final String f12550k = com.ts.common.internal.core.c.a.a((Class<?>) a.class);

    public a(Context context, SDKBase.AuthenticatorsProperties authenticatorsProperties) {
        super(context, authenticatorsProperties);
    }

    private KeyPairGenerator a(String str, String str2, boolean z) {
        int i2;
        int i3;
        try {
            String w = w(str);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str2, "AndroidKeyStore");
            ArrayList arrayList = new ArrayList(1);
            if (str2.equals("RSA")) {
                i2 = 15;
                i3 = 2048;
                arrayList.add(LockPatternUtils.SHA1);
                arrayList.add(SimpleWeakEncryption.SHA256);
            } else {
                if (!str2.equals(AlgorithmStrings.EC)) {
                    throw new RuntimeException("Unsupported key algorithm: " + str2);
                }
                i2 = 4;
                i3 = 256;
                arrayList.add(SimpleWeakEncryption.SHA256);
            }
            KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(w, i2);
            builder.setDigests((String[]) arrayList.toArray(new String[0])).setKeySize(i3).setUserAuthenticationRequired(z);
            if (Build.VERSION.SDK_INT >= 24 && z) {
                builder.setInvalidatedByBiometricEnrollment(true);
            }
            if (str2.equals("RSA")) {
                builder.setBlockModes(AlgorithmStrings.ECB, AlgorithmStrings.CBC).setEncryptionPaddings("PKCS1Padding", "OAEPPadding").setSignaturePaddings(AlgorithmStrings.PKCS1).setCertificateSerialNumber(BigInteger.valueOf(1L)).setCertificateSubject(new X500Principal("CN=TransmitSecurity"));
            }
            keyPairGenerator.initialize(builder.build());
            return keyPairGenerator;
        } catch (Exception e2) {
            throw new RuntimeException("Could not initialize keys generator; " + k(), e2);
        }
    }

    private void a(KeyPair keyPair) {
        try {
            PrivateKey privateKey = keyPair.getPrivate();
            KeyInfo keyInfo = (KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(privateKey, KeyInfo.class);
            if (!AlgorithmStrings.EC.equals(privateKey.getAlgorithm()) || (keyInfo.getPurposes() & 4) == 0) {
                return;
            }
            a("hw_sec_chk_k_pref", keyInfo.isInsideSecureHardware());
            if (u("hw_sec_chk_k_alias")) {
                d("hw_sec_chk_k_alias");
            }
        } catch (Exception e2) {
            com.ts.common.internal.core.c.a.b(f12550k, "Failed to store HW security", e2);
        }
    }

    private KeyPairGenerator d(String str, boolean z) {
        return a(str, "RSA", z);
    }

    @Override // com.ts.common.internal.core.b.b.a, com.ts.common.api.core.encryption.b
    public Boolean a() {
        if (m("hw_sec_chk_k_pref")) {
            return Boolean.valueOf(n("hw_sec_chk_k_pref"));
        }
        try {
            if (!u("hw_sec_chk_k_alias")) {
                return null;
            }
            PrivateKey t = t("hw_sec_chk_k_alias");
            try {
                return Boolean.valueOf(((KeyInfo) KeyFactory.getInstance(t.getAlgorithm(), "AndroidKeyStore").getKeySpec(t, KeyInfo.class)).isInsideSecureHardware());
            } catch (Exception e2) {
                com.ts.common.internal.core.c.a.b(f12550k, "Failed to query HW security", e2);
                return null;
            }
        } catch (Exception e3) {
            com.ts.common.internal.core.c.a.b(f12550k, "failed to get device private key", e3);
            return null;
        }
    }

    @Override // com.ts.common.internal.core.b.b.a, com.ts.common.api.core.encryption.b
    public String a(Cipher cipher, byte[] bArr) {
        try {
            return Base64.encodeToString(cipher.doFinal(bArr), 2);
        } catch (Exception e2) {
            throw new RuntimeException("Could not decrypt.", e2);
        }
    }

    @Override // com.ts.common.internal.core.b.b.a, com.ts.common.internal.core.b.a
    protected KeyPair a(KeyPairGenerator keyPairGenerator, String str) {
        try {
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            a(generateKeyPair);
            return generateKeyPair;
        } catch (Exception e2) {
            throw new RuntimeException("Could not generate keys; " + k(), e2);
        }
    }

    @Override // com.ts.common.internal.core.b.b.a, com.ts.common.internal.core.b.a
    protected KeyPair b(KeyPairGenerator keyPairGenerator, String str) {
        return a(keyPairGenerator, str);
    }

    @Override // com.ts.common.internal.core.b.b.a, com.ts.common.internal.core.b.a
    protected KeyPairGenerator b(String str, boolean z) {
        return a(str, AlgorithmStrings.EC, z);
    }

    @Override // com.ts.common.internal.core.b.b.a, com.ts.common.api.core.encryption.b
    public Cipher b(String str) {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
            cipher.init(2, t(str));
            return cipher;
        } catch (IOException | GeneralSecurityException e2) {
            throw new RuntimeException("Failed loading cipher for decryption", e2);
        }
    }

    @Override // com.ts.common.internal.core.b.b.a, com.ts.common.internal.core.b.a
    protected KeyPairGenerator c(String str, boolean z) {
        return d(str, z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ts.common.internal.core.b.a
    public SecretKey i() throws GeneralSecurityException, IOException {
        String o2 = o(".master_key.alias");
        if (o2 == null) {
            throw new MasterKeyException("No stored master key alias");
        }
        KeyStore.Entry entry = l().getEntry(o2, null);
        if (entry == null) {
            h();
            throw new MasterKeyException("Stored master key alias is not present in key store");
        }
        if (entry instanceof KeyStore.SecretKeyEntry) {
            return ((KeyStore.SecretKeyEntry) entry).getSecretKey();
        }
        if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
            throw new MasterKeyException("Unexpected entry type");
        }
        com.ts.common.internal.core.c.a.a(f12550k, "Master key is using private key");
        return super.i();
    }

    @Override // com.ts.common.internal.core.b.a, com.ts.common.api.core.encryption.b
    public boolean i(String str) {
        try {
            h(str);
            return false;
        } catch (Exception e2) {
            return (e2.getCause() instanceof InvalidKeyException) || (e2.getCause() instanceof KeyPermanentlyInvalidatedException);
        }
    }

    @Override // com.ts.common.internal.core.b.a
    protected void s(String str) throws GeneralSecurityException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(AlgorithmStrings.AES, "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setKeySize(256).setBlockModes(AlgorithmStrings.CBC).setEncryptionPaddings("PKCS7Padding").build());
        keyGenerator.generateKey();
    }
}
