package com.nets.bioauth.a;

import a5.e2;
import a5.s1;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.StrongBoxUnavailableException;
import android.util.Log;
import com.nets.bioauth.a.n;
import com.nets.bioauth.exception.BiometricKeyChangedError;
import com.nets.bioauth.exception.CipherError;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import kotlin.TypeCastException;
import org.conscrypt.EvpMdRef;
import ou.v;

/* loaded from: classes.dex */
public final class k implements j {

    /* renamed from: i, reason: collision with root package name */
    public static final /* synthetic */ tu.h[] f6957i;

    /* renamed from: a, reason: collision with root package name */
    public final String f6958a;

    /* renamed from: b, reason: collision with root package name */
    public final int f6959b;
    public final String c;

    /* renamed from: d, reason: collision with root package name */
    public final String f6960d;

    /* renamed from: e, reason: collision with root package name */
    public final String f6961e;

    /* renamed from: f, reason: collision with root package name */
    public final eu.c f6962f;

    /* renamed from: g, reason: collision with root package name */
    public final String f6963g;

    /* renamed from: h, reason: collision with root package name */
    public final String f6964h;

    /* loaded from: classes.dex */
    public static final class a extends ou.h implements nu.a<KeyStore> {
        public a() {
            super(0);
        }

        @Override // nu.a
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final KeyStore invoke() {
            return KeyStore.getInstance(k.this.c);
        }
    }

    static {
        ou.p pVar = new ou.p(v.a(k.class), "keyStore", "getKeyStore()Ljava/security/KeyStore;");
        Objects.requireNonNull(v.f16164a);
        f6957i = new tu.h[]{pVar};
    }

    public k(String str, String str2) {
        ib.f.n(str, "keyName");
        ib.f.n(str2, "ENCRYPTION_ALGORITHM");
        this.f6963g = str;
        this.f6964h = str2;
        this.f6958a = "CryptoManager";
        this.f6959b = 256;
        this.c = "AndroidKeyStore";
        this.f6960d = com.nets.nofsdk.o.b.MODE_CBC;
        this.f6961e = com.nets.nofsdk.o.b.PADDING_NO;
        this.f6962f = d6.e.Q(new a());
    }

    public /* synthetic */ k(String str, String str2, int i2) {
        this(str, (i2 & 2) != 0 ? "RSA" : str2);
    }

    @Override // com.nets.bioauth.a.j
    public i a(byte[] bArr, String str, Cipher cipher) {
        ib.f.n(cipher, "cipher");
        if (bArr == null) {
            if (str != null) {
                try {
                    Charset forName = Charset.forName("UTF-8");
                    ib.f.i(forName, "Charset.forName(\"UTF-8\")");
                    bArr = str.getBytes(forName);
                    ib.f.l(bArr, "(this as java.lang.String).getBytes(charset)");
                } catch (Exception e10) {
                    n.f6971b.a(this.f6958a, "encryptData Error");
                    e10.printStackTrace();
                    throw new CipherError(s1.f(e10, e2.A("Encryption Failed:")));
                }
            } else {
                bArr = null;
            }
        }
        if (bArr == null) {
            throw new IllegalStateException("Data not found".toString());
        }
        n.f6971b.a(this.f6958a, "Data size " + bArr.length + " Block size " + cipher.getBlockSize() + " Algo " + cipher.getAlgorithm());
        byte[] doFinal = cipher.doFinal(bArr);
        byte[] iv2 = cipher.getIV() == null ? new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} : cipher.getIV();
        ib.f.i(doFinal, "ciphertext");
        ib.f.i(iv2, "iv");
        return new i(doFinal, iv2);
    }

    @Override // com.nets.bioauth.a.j
    public Cipher a() {
        PublicKey generatePublic;
        try {
            Cipher d10 = d();
            n.a aVar = n.f6971b;
            aVar.a(this.f6958a, "getInitializedCipherForEncryption " + this.f6964h);
            if (ib.f.g(this.f6964h, "AES")) {
                SecretKey f10 = f();
                if (f10 == null) {
                    throw new CipherError("Not found secret Key");
                }
                d10.init(1, f10);
            } else if (ib.f.g(this.f6964h, "RSA")) {
                c();
                aVar.a(this.f6958a, "getInitializedCipherForEncryption created keypair");
                PublicKey h10 = h();
                if (h10 == null || (generatePublic = KeyFactory.getInstance(h10.getAlgorithm()).generatePublic(new X509EncodedKeySpec(h10.getEncoded()))) == null) {
                    throw new CipherError("not found public key");
                }
                OAEPParameterSpec oAEPParameterSpec = new OAEPParameterSpec("SHA-256", EvpMdRef.MGF1_ALGORITHM_NAME, new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT);
                aVar.a(this.f6958a, "getInitializedCipherForEncryption spec " + oAEPParameterSpec);
                d10.init(1, generatePublic, oAEPParameterSpec);
            }
            return d10;
        } catch (Exception e10) {
            n.a aVar2 = n.f6971b;
            String str = this.f6958a;
            StringBuilder A = e2.A("getInitializedCipherForEncryption Err:");
            A.append(e10.getMessage());
            aVar2.a(str, A.toString());
            e10.printStackTrace();
            throw new CipherError(s1.f(e10, e2.A("Encryption Failed:")));
        }
    }

    @Override // com.nets.bioauth.a.j
    public Cipher a(byte[] bArr) {
        try {
            Cipher d10 = d();
            if (ib.f.g(this.f6964h, "RSA")) {
                d10.init(2, g());
            } else if (ib.f.g(this.f6964h, "AES")) {
                d10.init(2, f(), new GCMParameterSpec(128, bArr));
            }
            return d10;
        } catch (Exception e10) {
            n.f6971b.a(this.f6958a, "getInitializedCipherForDecryption Error");
            if (e10 instanceof KeyPermanentlyInvalidatedException) {
                throw new BiometricKeyChangedError("Key Changed");
            }
            e10.printStackTrace();
            throw new CipherError(s1.f(e10, e2.A("Decryption Failed:")));
        }
    }

    @Override // com.nets.bioauth.a.j
    public byte[] a(byte[] bArr, Cipher cipher) {
        ib.f.n(bArr, "ciphertext");
        ib.f.n(cipher, "cipher");
        try {
            byte[] doFinal = cipher.doFinal(bArr);
            ib.f.i(doFinal, "cipher.doFinal(ciphertext)");
            return doFinal;
        } catch (Exception e10) {
            if ((e10 instanceof IllegalBlockSizeException) || (e10 instanceof KeyPermanentlyInvalidatedException)) {
                throw new BiometricKeyChangedError("Key Changed");
            }
            e10.printStackTrace();
            throw new CipherError(s1.f(e10, e2.A("Decryption Failed:")));
        }
    }

    @Override // com.nets.bioauth.a.j
    public boolean b() {
        KeyStore keyStore = KeyStore.getInstance(this.c);
        keyStore.load(null);
        if (keyStore.getKey(this.f6963g, null) == null) {
            return true;
        }
        keyStore.deleteEntry(this.f6963g);
        return true;
    }

    public final boolean c() {
        int i2;
        n.f6971b.a(this.f6958a, "createKeyPair");
        boolean z10 = false;
        while (true) {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                e().load(null);
                KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(this.f6963g, 2);
                builder.setDigests("SHA-256").setEncryptionPaddings("OAEPPadding").setUserAuthenticationRequired(true).setRandomizedEncryptionRequired(true);
                if (!z10 && (i2 = Build.VERSION.SDK_INT) > 28) {
                    n.f6971b.a(this.f6958a, "set strongbox if API > 28");
                    builder.setIsStrongBoxBacked(i2 > 28);
                }
                keyPairGenerator.initialize(builder.build());
                keyPairGenerator.generateKeyPair();
                n.f6971b.a(this.f6958a, "Keypair ready");
                return true;
            } catch (StrongBoxUnavailableException unused) {
                n.f6971b.a(this.f6958a, "StrongBoxUnavailableException");
                z10 = true;
            } catch (Exception e10) {
                e10.printStackTrace();
                throw new CipherError(s1.f(e10, e2.A("Keypair Failed:")));
            }
        }
    }

    public final Cipher d() {
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
        ib.f.i(cipher, "Cipher.getInstance(transformation)");
        return cipher;
    }

    public final KeyStore e() {
        eu.c cVar = this.f6962f;
        tu.h hVar = f6957i[0];
        return (KeyStore) cVar.getValue();
    }

    public final SecretKey f() {
        KeyStore keyStore = KeyStore.getInstance(this.c);
        keyStore.load(null);
        Key key = keyStore.getKey(this.f6963g, null);
        if (key != null) {
            return (SecretKey) key;
        }
        if (Build.VERSION.SDK_INT < 23) {
            return null;
        }
        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(this.f6963g, 3);
        builder.setBlockModes(this.f6960d);
        builder.setEncryptionPaddings(this.f6961e);
        builder.setKeySize(this.f6959b);
        builder.setUserAuthenticationRequired(true);
        KeyGenParameterSpec build = builder.build();
        ib.f.i(build, "paramsBuilder.build()");
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", this.c);
        keyGenerator.init(build);
        return keyGenerator.generateKey();
    }

    public final PrivateKey g() {
        try {
            e().load(null);
            Key key = e().getKey(this.f6963g, null);
            if (key != null) {
                return (PrivateKey) key;
            }
            throw new TypeCastException("null cannot be cast to non-null type java.security.PrivateKey");
        } catch (Exception e10) {
            n.f6971b.a(this.f6958a, "Error " + e10);
            throw new CipherError(s1.f(e10, e2.A("Private Key Failed:")));
        }
    }

    public final PublicKey h() {
        try {
            e().load(null);
            Certificate certificate = e().getCertificate(this.f6963g);
            ib.f.i(certificate, "keyStore.getCertificate(keyName)");
            return certificate.getPublicKey();
        } catch (Exception e10) {
            Log.d("getPublicKey", "Error " + e10);
            throw new CipherError(s1.f(e10, e2.A("Public Key Failed:")));
        }
    }
}
