package com.linecorp.fsecurity.internal.signature;

import android.annotation.TargetApi;
import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Base64;
import c.a.d.b.a.f;
import com.linecorp.fsecurity.KeyAttestationFailedException;
import com.linecorp.fsecurity.KeyNotFoundException;
import com.linecorp.fsecurity.SignatureFailedException;
import com.linecorp.fsecurity.UserAuthChangedException;
import com.linecorp.fsecurity.internal.ExtensionsKt;
import com.linecorp.ltsm.LTSM;
import java.nio.charset.Charset;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.ECGenParameterSpec;
import kotlin.Lazy;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.Metadata;
import kotlin.TypeCastException;
import n0.a.m;
import n0.h.c.c0;
import n0.h.c.i0;
import n0.m.a;
import n0.m.w;

@Metadata(bv = {1, 0, 3}, d1 = {"\u0000H\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\f\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\t\n\u0002\u0010\b\n\u0002\b\u0007\b\u0001\u0018\u0000 42\u00020\u0001:\u00014B\u001f\u0012\u0006\u00101\u001a\u00020\f\u0012\u0006\u0010*\u001a\u00020\f\u0012\u0006\u0010,\u001a\u00020\u0002¢\u0006\u0004\b2\u00103J\u000f\u0010\u0003\u001a\u00020\u0002H\u0002¢\u0006\u0004\b\u0003\u0010\u0004J\u001f\u0010\b\u001a\u00060\u0005j\u0002`\u00062\n\u0010\u0007\u001a\u00060\u0005j\u0002`\u0006H\u0002¢\u0006\u0004\b\b\u0010\tJ\u001b\u0010\n\u001a\u00020\u00022\n\u0010\u0007\u001a\u00060\u0005j\u0002`\u0006H\u0002¢\u0006\u0004\b\n\u0010\u000bJ\u0017\u0010\u000e\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\fH\u0016¢\u0006\u0004\b\u000e\u0010\u000fJ#\u0010\u0013\u001a\u00020\f2\n\u0010\u0012\u001a\u00060\u0010j\u0002`\u00112\u0006\u0010\r\u001a\u00020\fH\u0016¢\u0006\u0004\b\u0013\u0010\u0014J\u000f\u0010\u0015\u001a\u00020\fH\u0016¢\u0006\u0004\b\u0015\u0010\u0016J\u001f\u0010\u0018\u001a\u00020\u00022\u0006\u0010\r\u001a\u00020\f2\u0006\u0010\u0017\u001a\u00020\fH\u0016¢\u0006\u0004\b\u0018\u0010\u0019J\u000f\u0010\u001a\u001a\u0004\u0018\u00010\f¢\u0006\u0004\b\u001a\u0010\u0016J\r\u0010\u001b\u001a\u00020\u0010¢\u0006\u0004\b\u001b\u0010\u001cJ\r\u0010\u001d\u001a\u00020\u0002¢\u0006\u0004\b\u001d\u0010\u0004J\u001d\u0010!\u001a\u00020\f2\u0006\u0010\u001f\u001a\u00020\u001e2\u0006\u0010 \u001a\u00020\f¢\u0006\u0004\b!\u0010\"J\r\u0010#\u001a\u00020\u0002¢\u0006\u0004\b#\u0010\u0004R\u001d\u0010)\u001a\u00020$8B@\u0002X\u0082\u0084\u0002¢\u0006\f\n\u0004\b%\u0010&\u001a\u0004\b'\u0010(R\u0016\u0010*\u001a\u00020\f8\u0002@\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b*\u0010+R\u0016\u0010,\u001a\u00020\u00028\u0002@\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b,\u0010-R\u0016\u0010/\u001a\u00020.8\u0002@\u0002X\u0082D¢\u0006\u0006\n\u0004\b/\u00100R\u0016\u00101\u001a\u00020\f8\u0002@\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b1\u0010+¨\u00065"}, d2 = {"Lcom/linecorp/fsecurity/internal/signature/NativeSigner;", "Lcom/linecorp/fsecurity/internal/signature/BaseSigner;", "", "isKeyPairCreated", "()Z", "Ljava/lang/Exception;", "Lkotlin/Exception;", "e", "getException", "(Ljava/lang/Exception;)Ljava/lang/Exception;", "isUserAuthChangedException", "(Ljava/lang/Exception;)Z", "", "data", "createSignature", "(Ljava/lang/String;)Ljava/lang/String;", "Ljava/security/Signature;", "Lcom/linecorp/fsecurity/internal/SignatureCrypto;", "signatureCrypto", "updateSignature", "(Ljava/security/Signature;Ljava/lang/String;)Ljava/lang/String;", "getKeyType", "()Ljava/lang/String;", "signature", "verify", "(Ljava/lang/String;Ljava/lang/String;)Z", "getPublicKey", "getSignature", "()Ljava/security/Signature;", "deleteKeyPair", "Landroid/content/Context;", "context", "nonce", "createKeyPairWithAttestation", "(Landroid/content/Context;Ljava/lang/String;)Ljava/lang/String;", "createKeyPair", "Ljava/security/KeyStore;", "keyStore$delegate", "Lkotlin/Lazy;", "getKeyStore", "()Ljava/security/KeyStore;", "keyStore", f.QUERY_KEY_MYCODE_TYPE, "Ljava/lang/String;", "isUserAuthRequired", "Z", "", "base64Flag", "I", "keyAlias", "<init>", "(Ljava/lang/String;Ljava/lang/String;Z)V", "Companion", "fsecurity_release"}, k = 1, mv = {1, 4, 0})
@TargetApi(23)
/* loaded from: classes2.dex */
public final class NativeSigner implements BaseSigner {
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String ECDSA_SHA256 = "SHA256withECDSA";
    private static final String EC_CURVE_TYPE = "secp256r1";
    private static final String TAG = "NativeSigner";
    private final boolean isUserAuthRequired;
    private final String keyAlias;
    private final String type;
    public static final /* synthetic */ m[] $$delegatedProperties = {i0.c(new c0(i0.a(NativeSigner.class), "keyStore", "getKeyStore()Ljava/security/KeyStore;"))};

    /* renamed from: keyStore$delegate, reason: from kotlin metadata */
    private final Lazy keyStore = LazyKt__LazyJVMKt.lazy(NativeSigner$keyStore$2.INSTANCE);
    private final int base64Flag = 11;

    public NativeSigner(String str, String str2, boolean z) {
        this.keyAlias = str;
        this.type = str2;
        this.isUserAuthRequired = z;
    }

    private final Exception getException(Exception e) {
        return isUserAuthChangedException(e) ? new UserAuthChangedException(null, 1, null) : e instanceof KeyNotFoundException ? e : new SignatureFailedException(this.keyAlias, e.getMessage());
    }

    private final KeyStore getKeyStore() {
        Lazy lazy = this.keyStore;
        m mVar = $$delegatedProperties[0];
        return (KeyStore) lazy.getValue();
    }

    private final boolean isKeyPairCreated() {
        return getKeyStore().containsAlias(this.keyAlias);
    }

    private final boolean isUserAuthChangedException(Exception e) {
        String message;
        if (e instanceof KeyPermanentlyInvalidatedException) {
            return true;
        }
        if (!(e instanceof SignatureException) || (message = e.getMessage()) == null) {
            return false;
        }
        return w.H(message, "Key user not authenticated", false, 2);
    }

    public final synchronized boolean createKeyPair() {
        boolean z;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", ANDROID_KEY_STORE);
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(this.keyAlias, 12).setAlgorithmParameterSpec(new ECGenParameterSpec(EC_CURVE_TYPE)).setDigests("SHA-256").setUserAuthenticationRequired(this.isUserAuthRequired).build());
            keyPairGenerator.generateKeyPair();
            z = true;
        } catch (Exception e) {
            e.getMessage();
            z = false;
        }
        return z;
    }

    public final synchronized String createKeyPairWithAttestation(Context context, String nonce) throws KeyAttestationFailedException {
        NativeSigner$createKeyPairWithAttestation$1 nativeSigner$createKeyPairWithAttestation$1;
        LTSM ltsm;
        String str;
        String normalize;
        Charset charset;
        nativeSigner$createKeyPairWithAttestation$1 = new NativeSigner$createKeyPairWithAttestation$1(this);
        try {
            ltsm = LTSM.getInstance(context);
            str = this.keyAlias;
            normalize = ExtensionsKt.normalize(nonce);
            charset = a.a;
            if (normalize == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
            }
        } catch (Exception e) {
            e.getMessage();
            throw new KeyAttestationFailedException(e.getMessage());
        }
        return Base64.encodeToString(ltsm.generateCustomAttestedECDSAKey(str, normalize.getBytes(charset), nativeSigner$createKeyPairWithAttestation$1.invoke2()), this.base64Flag);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.linecorp.fsecurity.internal.signature.BaseSigner
    public String createSignature(String data) throws UserAuthChangedException, SignatureFailedException, KeyNotFoundException {
        try {
            String str = null;
            Object[] objArr = 0;
            KeyStore.Entry entry = getKeyStore().getEntry(this.keyAlias, null);
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                entry = null;
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            if (privateKeyEntry == null) {
                throw new KeyNotFoundException(this.keyAlias, str, 2, objArr == true ? 1 : 0);
            }
            Signature signature = Signature.getInstance(ECDSA_SHA256);
            signature.initSign(privateKeyEntry.getPrivateKey());
            String normalize = ExtensionsKt.normalize(data);
            Charset charset = a.a;
            if (normalize == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
            }
            signature.update(normalize.getBytes(charset));
            return Base64.encodeToString(signature.sign(), this.base64Flag);
        } catch (Exception e) {
            e.getMessage();
            throw getException(e);
        }
    }

    public final synchronized boolean deleteKeyPair() {
        boolean z;
        try {
            getKeyStore().deleteEntry(this.keyAlias);
            z = true;
        } catch (Exception e) {
            e.getMessage();
            z = false;
        }
        return z;
    }

    @Override // com.linecorp.fsecurity.internal.signature.BaseSigner
    /* renamed from: getKeyType, reason: from getter */
    public String getType() {
        return this.type;
    }

    public final String getPublicKey() {
        try {
            PublicKey publicKey = getKeyStore().getCertificate(this.keyAlias).getPublicKey();
            return Base64.encodeToString(publicKey != null ? publicKey.getEncoded() : null, this.base64Flag);
        } catch (Exception e) {
            e.getMessage();
            return null;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public final Signature getSignature() throws UserAuthChangedException, SignatureFailedException, KeyNotFoundException {
        try {
            String str = null;
            Object[] objArr = 0;
            KeyStore.Entry entry = getKeyStore().getEntry(this.keyAlias, null);
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                entry = null;
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            if (privateKeyEntry == null) {
                throw new KeyNotFoundException(this.keyAlias, str, 2, objArr == true ? 1 : 0);
            }
            Signature signature = Signature.getInstance(ECDSA_SHA256);
            signature.initSign(privateKeyEntry.getPrivateKey());
            return signature;
        } catch (Exception e) {
            e.getMessage();
            throw getException(e);
        }
    }

    @Override // com.linecorp.fsecurity.internal.signature.BaseSigner
    public String updateSignature(Signature signatureCrypto, String data) throws UserAuthChangedException, SignatureFailedException {
        try {
            String normalize = ExtensionsKt.normalize(data);
            Charset charset = a.a;
            if (normalize == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
            }
            signatureCrypto.update(normalize.getBytes(charset));
            return Base64.encodeToString(signatureCrypto.sign(), this.base64Flag);
        } catch (Exception e) {
            e.getMessage();
            throw getException(e);
        }
    }

    @Override // com.linecorp.fsecurity.internal.signature.BaseSigner
    public boolean verify(String data, String signature) {
        KeyStore.Entry entry = getKeyStore().getEntry(this.keyAlias, null);
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) (entry instanceof KeyStore.PrivateKeyEntry ? entry : null);
        if (privateKeyEntry == null) {
            return false;
        }
        Signature signature2 = Signature.getInstance(ECDSA_SHA256);
        signature2.initVerify(privateKeyEntry.getCertificate());
        String normalize = ExtensionsKt.normalize(data);
        Charset charset = a.a;
        if (normalize == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        signature2.update(normalize.getBytes(charset));
        return signature2.verify(Base64.decode(signature, this.base64Flag));
    }
}
