package com.kscc.fido.fidouafasm.crypto;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Log;
import com.kscc.fido.commonhelper.msgs.ConstUAFCommon;
import com.kscc.fido.fidohelper.encoder.Base64url;
import com.kscc.fido.fidohelper.enums.ConstVal;
import com.kscc.fido.fidouafasm.devman.DeviceManager;
import com.kscc.fido.uafhelper.msgs.enums.ASMProcessingException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;

/* loaded from: classes3.dex */
public class FidoKekKeystoreAndroid implements FidoKekKeystore {
    private static final int KEY_TIMEOUT_SECS = 10;
    private static final String PERMANENT = "_perm";
    private static final String PRIVATE_KEY_ERR_MESSAGE = "Not an instance of a PrivateKeyEntry";
    public static final String TAG = "FidoKekKeystoreAndroid";
    private Context ctx;

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    FidoKekKeystoreAndroid(Context context, String str, boolean z) {
        this.ctx = context;
        initializeEngine(str, z);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static FidoKekKeystoreAndroid createKeyStore(Context context, String str, boolean z) {
        return new FidoKekKeystoreAndroid(context, str, z);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void genKey(String str, boolean z, boolean z2) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, ASMProcessingException {
        boolean isFingerprintAuthUnAvailable = isFingerprintAuthUnAvailable();
        KeyGenParameterSpec.Builder keyBuilder = isFingerprintAuthUnAvailable ? KeyCodec.getKeyBuilder(str, z) : KeyCodec.getKeyBuilder(str, false);
        if (keyBuilder == null) {
            throw new ASMProcessingException((short) 1);
        }
        if (isFingerprintAuthUnAvailable && z) {
            keyBuilder.setUserAuthenticationValidityDurationSeconds(10);
        }
        if (Build.VERSION.SDK_INT >= 24) {
            keyBuilder.setAttestationChallenge(SHA.sha(Base64url.generateRandomHexString().getBytes(), SHA.SHA_256));
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ConstVal.ASM_ANDROID_KEYSTORE);
        if (Build.VERSION.SDK_INT >= 28 && z2) {
            keyBuilder.setIsStrongBoxBacked(true);
        }
        keyGenerator.init(keyBuilder.build());
        keyGenerator.generateKey();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void genPermanentKey(String str, boolean z, boolean z2) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, ASMProcessingException {
        KeyGenParameterSpec.Builder keyBuilder = isFingerprintAuthUnAvailable() ? KeyCodec.getKeyBuilder(str, z) : KeyCodec.getKeyBuilder(str, false);
        if (keyBuilder == null) {
            throw new ASMProcessingException((short) 1);
        }
        if (Build.VERSION.SDK_INT >= 24) {
            keyBuilder.setInvalidatedByBiometricEnrollment(z);
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ConstVal.ASM_ANDROID_KEYSTORE);
        if (Build.VERSION.SDK_INT >= 28 && z2) {
            keyBuilder.setIsStrongBoxBacked(true);
        }
        keyGenerator.init(keyBuilder.build());
        keyGenerator.generateKey();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void generateKekKey(String str, boolean z) throws ASMProcessingException {
        try {
            String keyId = getKeyId(str, z);
            String permanentKeyId = getPermanentKeyId(str, z);
            if (hasKekKey(keyId) && hasKekKey(permanentKeyId)) {
                return;
            }
            boolean isStrongBoxSupport = isStrongBoxSupport();
            genKey(keyId, z, isStrongBoxSupport);
            genPermanentKey(permanentKeyId, z, isStrongBoxSupport);
        } catch (GeneralSecurityException e) {
            Log.e(TAG, String.format("Exception thrown in Key Generation NotSupported Algorithm: %s", e.getMessage()));
            throw new ASMProcessingException((short) 1);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private KeyStore getAndroidKeyStore() throws ASMProcessingException {
        try {
            KeyStore keyStore = KeyStore.getInstance(ConstVal.ASM_ANDROID_KEYSTORE);
            keyStore.load(null);
            return keyStore;
        } catch (IOException | GeneralSecurityException e) {
            Log.e(TAG, String.format("Exception thrown in getAndroidKeyStore : %s", e.getMessage()));
            throw new ASMProcessingException((short) 1);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private String getKeyId(String str, boolean z) {
        return String.format("%s%s_%b", ConstUAFCommon.STR_KEYSTORE_KEY_ID_POSTFIX, str, Boolean.valueOf(z));
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private String getPermanentKeyId(String str, boolean z) {
        return getKeyId(String.format("%s%s", str, PERMANENT), z);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private boolean hasKekKey(String str) throws ASMProcessingException {
        try {
            KeyStore.Entry entry = getAndroidKeyStore().getEntry(str, null);
            if (entry instanceof KeyStore.SecretKeyEntry) {
                return ((KeyStore.SecretKeyEntry) entry).getSecretKey() != null;
            }
            Log.w(TAG, "Not an instance of a SecretKeyEntry");
            return false;
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
            Log.e(TAG, String.format("Exception thrown in Get kek Key : %s", e.getMessage()));
            return false;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void initializeEngine(String str, boolean z) {
        try {
            generateKekKey(str, z);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private boolean isFingerprintAuthUnAvailable() {
        return DeviceManager.getInstance().isDeviceSupportFingerprintAuth(this.ctx);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private boolean isStrongBoxSupport() {
        return false;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void removeTestKey(String str) {
        try {
            KeyStore androidKeyStore = getAndroidKeyStore();
            if (androidKeyStore.getEntry(str, null) instanceof KeyStore.SecretKeyEntry) {
                androidKeyStore.deleteEntry(str);
            } else {
                Log.w(TAG, PRIVATE_KEY_ERR_MESSAGE);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.kscc.fido.fidouafasm.crypto.FidoKekKeystore
    public boolean doPreTesting(String str, boolean z) {
        try {
            KeyStore.Entry entry = getAndroidKeyStore().getEntry(getPermanentKeyId(str, z), null);
            if (!(entry instanceof KeyStore.SecretKeyEntry)) {
                Log.w(TAG, PRIVATE_KEY_ERR_MESSAGE);
                return false;
            }
            Cipher.getInstance(ConstUAFCommon.getCipherTemplate()).init(1, ((KeyStore.SecretKeyEntry) entry).getSecretKey());
            return true;
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.kscc.fido.fidouafasm.crypto.FidoKekKeystore
    public Cipher getCipher(String str, boolean z) throws ASMProcessingException {
        if (!doPreTesting(str, z)) {
            removeTestKey(getKeyId(str, z));
            removeTestKey(getPermanentKeyId(str, z));
            throw new ASMProcessingException((short) 9);
        }
        try {
            if (getAndroidKeyStore().getEntry(getKeyId(str, z), null) instanceof KeyStore.SecretKeyEntry) {
                return Cipher.getInstance(ConstUAFCommon.getCipherTemplate());
            }
            Log.w(TAG, PRIVATE_KEY_ERR_MESSAGE);
            throw new ASMProcessingException((short) 1);
        } catch (Exception e) {
            Log.e(TAG, String.format("Exception thrown in get Cipher: %s", e.getMessage()));
            removeTestKey(getKeyId(str, z));
            removeTestKey(getPermanentKeyId(str, z));
            throw new ASMProcessingException((short) 1);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.kscc.fido.fidouafasm.crypto.FidoKekKeystore
    public Cipher getPermCipher(String str, boolean z) throws ASMProcessingException {
        if (!doPreTesting(str, z)) {
            removeTestKey(getKeyId(str, z));
            removeTestKey(getPermanentKeyId(str, z));
            throw new ASMProcessingException((short) 9);
        }
        try {
            KeyStore.Entry entry = getAndroidKeyStore().getEntry(getPermanentKeyId(str, z), null);
            if (!(entry instanceof KeyStore.SecretKeyEntry)) {
                Log.w(TAG, PRIVATE_KEY_ERR_MESSAGE);
                throw new ASMProcessingException((short) 1);
            }
            Cipher cipher = Cipher.getInstance(ConstUAFCommon.getCipherTemplate());
            cipher.init(1, ((KeyStore.SecretKeyEntry) entry).getSecretKey());
            return cipher;
        } catch (Exception e) {
            Log.e(TAG, String.format("Exception thrown in get Cipher: %s", e.getMessage()));
            removeTestKey(getKeyId(str, z));
            removeTestKey(getPermanentKeyId(str, z));
            throw new ASMProcessingException((short) 1);
        }
    }
}
