package com.secusmart.secuvoice.secusmart;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.KeyProtection;
import android.util.Base64;
import com.blackberry.secusuite.sse.R;
import com.google.android.gms.common.util.ArrayUtils;
import com.secusmart.secuvoice.SecuVOICE;
import com.secusmart.secuvoice.swig.common.SecretString;
import com.secusmart.secuvoice.swig.common.SecretStringList;
import com.secusmart.secuvoice.swig.core.BaseAndroidPlatformKeystoreConnector;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import java.util.Enumeration;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import o7.q0;
import org.spongycastle.asn1.x500.X500NameBuilder;
import org.spongycastle.asn1.x500.style.BCStyle;
import org.spongycastle.asn1.x509.Time;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.util.encoders.Hex;

/* loaded from: classes.dex */
public class a extends BaseAndroidPlatformKeystoreConnector {

    /* renamed from: d, reason: collision with root package name */
    public static final String[] f5417d = {"com.tsec.adapter.StorageKey", "de.telekom.sec.adapter.StorageKey", "SoMo_KMAC", "398b5cb95e713ebbe183"};

    /* renamed from: a, reason: collision with root package name */
    public Context f5418a;

    /* renamed from: b, reason: collision with root package name */
    public SecuVOICE f5419b;
    public q0 c;

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    public static String a(byte[] bArr) {
        return new String(Hex.encode(bArr)).replaceAll("(.{2})(?!$)", "$1");
    }

    public static void c(String str, boolean z10, boolean z11) {
        KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder(str, 3).setBlockModes("CBC").setRandomizedEncryptionRequired(true).setUserAuthenticationRequired(z10).setEncryptionPaddings("PKCS7Padding");
        encryptionPaddings.setInvalidatedByBiometricEnrollment(z11);
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(encryptionPaddings.build());
        keyGenerator.generateKey();
    }

    public static X509Certificate d(KeyPair keyPair) {
        try {
            Time time = new Time(new Date(), Locale.CANADA);
            X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
            x500NameBuilder.addRDN(BCStyle.OU, "OU=secusmart.local");
            x500NameBuilder.addRDN(BCStyle.O, "O=secusmart.local");
            x500NameBuilder.addRDN(BCStyle.CN, "CN=secusmart.local");
            return new JcaX509CertificateConverter().getCertificate(new JcaX509v3CertificateBuilder(x500NameBuilder.build(), BigInteger.valueOf(SecureRandom.getInstance("SHA1PRNG").nextLong()).abs(), time, time, x500NameBuilder.build(), keyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256withECDSA").build(keyPair.getPrivate())));
        } catch (Exception unused) {
            return null;
        }
    }

    public static KeyStore f() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return keyStore;
    }

    public final Cipher b(int i3, String str) {
        IvParameterSpec ivParameterSpec;
        byte[] iv;
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            if (i3 == 1 || !this.c.h(str)) {
                ivParameterSpec = null;
            } else {
                q0 q0Var = this.c;
                ivParameterSpec = new IvParameterSpec(Base64.decode(q0Var.f8451k.getValue(q0Var.f(Integer.valueOf(R.string.default_app_pin_biometric_key_iv)) + str).getBytes(), 2));
            }
            SecretKey secretKey = (SecretKey) f().getKey(str, null);
            if (secretKey == null) {
                return null;
            }
            cipher.init(i3, secretKey, ivParameterSpec);
            if (i3 == 1 && (iv = cipher.getIV()) != null && iv.length > 0) {
                this.c.h(str);
                q0 q0Var2 = this.c;
                q0Var2.f8451k.persistValue(q0Var2.f(Integer.valueOf(R.string.default_app_pin_biometric_key_iv)) + str, new String(Base64.encode(iv, 2)));
            }
            return cipher;
        } catch (Exception unused) {
            return null;
        }
    }

    @Override // com.secusmart.secuvoice.swig.core.BaseAndroidPlatformKeystoreConnector
    public final void deleteKeyStore() {
        try {
            KeyStore f10 = f();
            Enumeration<String> aliases = f10.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (!ArrayUtils.contains(f5417d, nextElement)) {
                    f10.deleteEntry(nextElement);
                }
            }
        } catch (Exception unused) {
        }
    }

    public final SecretKey e() {
        if (this.f5419b.f4823f.a()) {
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                keyGenerator.init(new KeyGenParameterSpec.Builder("SECUSMART_AES_SYMMETRIC_KEY", 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setRandomizedEncryptionRequired(true).setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(2592000).build());
                return keyGenerator.generateKey();
            } catch (Exception unused) {
            }
        }
        return null;
    }

    @Override // com.secusmart.secuvoice.swig.core.BaseAndroidPlatformKeystoreConnector
    public final SecretString getCertificate(SecretString secretString) {
        String a10 = a(secretString.getData());
        String str = new String(secretString.getData());
        SecretString secretString2 = new SecretString();
        try {
            KeyStore f10 = f();
            if (f10.containsAlias(a10) && f10.isCertificateEntry(a10)) {
                secretString2.setData(f10.getCertificate(a10).getEncoded());
            } else if (f10.containsAlias(str) && f10.isCertificateEntry(str)) {
                secretString2.setData(f10.getCertificate(str).getEncoded());
            }
        } catch (Exception unused) {
        }
        return secretString2;
    }

    @Override // com.secusmart.secuvoice.swig.core.BaseAndroidPlatformKeystoreConnector
    public final SecretStringList getCertificateAliases() {
        SecretStringList secretStringList = new SecretStringList();
        try {
            KeyStore f10 = f();
            Enumeration<String> aliases = f10.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (f10.isCertificateEntry(nextElement)) {
                    SecretString secretString = new SecretString();
                    secretString.setData(Hex.decode(nextElement));
                    secretStringList.add(secretString);
                }
            }
        } catch (Exception unused) {
        }
        return secretStringList;
    }

    @Override // com.secusmart.secuvoice.swig.core.BaseAndroidPlatformKeystoreConnector
    public final SecretString getPublicKey(SecretString secretString) {
        String a10 = a(secretString.getData());
        SecretString secretString2 = new SecretString();
        try {
            secretString2.setData(((KeyStore.PrivateKeyEntry) f().getEntry(a10, null)).getCertificate().getPublicKey().getEncoded());
        } catch (Exception unused) {
        }
        return secretString2;
    }

    @Override // com.secusmart.secuvoice.swig.core.BaseAndroidPlatformKeystoreConnector
    public final boolean isPlatformKeystoreSupported() {
        return this.f5419b.f4823f.a();
    }

    @Override // com.secusmart.secuvoice.swig.core.BaseAndroidPlatformKeystoreConnector
    public final boolean removeKey(SecretString secretString) {
        String a10 = a(secretString.getData());
        String str = new String(secretString.getData());
        try {
            KeyStore f10 = f();
            if (f10.containsAlias(a10)) {
                f10.deleteEntry(a10);
            } else if (f10.containsAlias(str)) {
                f10.deleteEntry(str);
            }
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    @Override // com.secusmart.secuvoice.swig.core.BaseAndroidPlatformKeystoreConnector
    public final SecretString seal(SecretString secretString) {
        SecretString secretString2 = new SecretString();
        if (this.f5419b.f4823f.a()) {
            try {
                KeyStore f10 = f();
                SecretKey e10 = !f10.containsAlias("SECUSMART_AES_SYMMETRIC_KEY") ? e() : (SecretKey) f10.getKey("SECUSMART_AES_SYMMETRIC_KEY", null);
                Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
                cipher.init(1, e10);
                byte[] iv = cipher.getIV();
                byte[] doFinal = cipher.doFinal(secretString.getData());
                byte[] bArr = new byte[iv.length + doFinal.length];
                System.arraycopy(iv, 0, bArr, 0, iv.length);
                System.arraycopy(doFinal, 0, bArr, iv.length, doFinal.length);
                secretString2.setData(doFinal);
                a(secretString.getData());
                a(secretString2.getData());
            } catch (Exception e11) {
                if (e11 instanceof KeyPermanentlyInvalidatedException) {
                    try {
                        f().deleteEntry("SECUSMART_AES_SYMMETRIC_KEY");
                    } catch (Exception unused) {
                    }
                }
            }
        }
        return secretString2;
    }

    @Override // com.secusmart.secuvoice.swig.core.BaseAndroidPlatformKeystoreConnector
    public final SecretString sign(SecretString secretString, SecretString secretString2) {
        String a10 = a(secretString.getData());
        a(secretString2.getData());
        a(secretString2.getData());
        SecretString secretString3 = new SecretString();
        try {
            KeyStore f10 = f();
            if (f10.containsAlias(a10)) {
                PrivateKey privateKey = (PrivateKey) f10.getKey(a10, null);
                Signature signature = Signature.getInstance("NONEwithECDSA");
                signature.initSign(privateKey);
                signature.update(secretString2.getData());
                byte[] sign = signature.sign();
                a(sign);
                secretString3.setData(sign);
            }
        } catch (Exception unused) {
        }
        return secretString3;
    }

    @Override // com.secusmart.secuvoice.swig.core.BaseAndroidPlatformKeystoreConnector
    public final boolean storeCertificate(SecretString secretString, SecretString secretString2) {
        String a10 = a(secretString.getData());
        a(secretString2.getData());
        a(secretString2.getData());
        try {
            f().setCertificateEntry(a10, CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(secretString2.getData())));
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    @Override // com.secusmart.secuvoice.swig.core.BaseAndroidPlatformKeystoreConnector
    public final boolean storeKeys(SecretString secretString, SecretString secretString2, SecretString secretString3) {
        String a10 = a(secretString.getData());
        a(secretString2.getData());
        a(secretString3.getData());
        a(secretString2.getData());
        a(secretString3.getData());
        try {
            Enumeration<String> aliases = f().aliases();
            while (aliases.hasMoreElements()) {
                a(aliases.nextElement().getBytes());
            }
            KeyFactory keyFactory = KeyFactory.getInstance("EC");
            KeyPair keyPair = new KeyPair(keyFactory.generatePublic(new X509EncodedKeySpec(secretString3.getData())), keyFactory.generatePrivate(new PKCS8EncodedKeySpec(secretString2.getData())));
            keyPair.getPublic().toString();
            keyPair.getPublic().getFormat();
            keyPair.getPrivate().toString();
            keyPair.getPrivate().getFormat();
            X509Certificate d10 = d(keyPair);
            if (d10 == null) {
                return false;
            }
            f().setEntry(a10, new KeyStore.PrivateKeyEntry(keyPair.getPrivate(), new Certificate[]{d10}), new KeyProtection.Builder(7).setDigests("SHA-256", "SHA-512", "NONE", "SHA-1").setRandomizedEncryptionRequired(true).setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(2592000).build());
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    @Override // com.secusmart.secuvoice.swig.core.BaseAndroidPlatformKeystoreConnector
    public final SecretString unseal(SecretString secretString) {
        SecretString secretString2 = new SecretString();
        if (this.f5419b.f4823f.a()) {
            try {
                KeyStore f10 = f();
                if (f10.containsAlias("SECUSMART_AES_SYMMETRIC_KEY")) {
                    SecretKey secretKey = (SecretKey) f10.getKey("SECUSMART_AES_SYMMETRIC_KEY", null);
                    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
                    int blockSize = cipher.getBlockSize();
                    byte[] bArr = new byte[blockSize];
                    int length = secretString.getData().length - blockSize;
                    byte[] bArr2 = new byte[length];
                    System.arraycopy(secretString.getData(), 0, bArr, 0, blockSize);
                    System.arraycopy(secretString.getData(), blockSize, bArr2, 0, length);
                    cipher.init(2, secretKey, new IvParameterSpec(bArr));
                    secretString2.setData(cipher.doFinal(bArr2));
                    a(secretString2.getData());
                    a(secretString.getData());
                }
            } catch (Exception e10) {
                if (e10 instanceof KeyPermanentlyInvalidatedException) {
                    try {
                        f().deleteEntry("SECUSMART_AES_SYMMETRIC_KEY");
                    } catch (Exception unused) {
                    }
                }
            }
        }
        return secretString2;
    }
}
