package com.iproov.sdk.p011for;

import android.content.Context;
import android.os.Build;
import android.security.KeyChain;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import com.iproov.sdk.logging.IPLog;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Date;
import javax.security.auth.x500.X500Principal;

/* compiled from: KeyStoreManager.java */
/* renamed from: com.iproov.sdk.for.if, reason: invalid class name */
/* loaded from: classes3.dex */
public final class Cif {

    /* renamed from: new, reason: not valid java name */
    private static final String f369new = "🗝 if";

    /* renamed from: do, reason: not valid java name */
    private final Context f370do;

    /* renamed from: for, reason: not valid java name */
    private final KeyPair f371for;

    /* renamed from: if, reason: not valid java name */
    private final KeyStore f372if;

    public Cif(Context context) throws Cfor {
        this.f370do = context.getApplicationContext();
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            this.f372if = keyStore;
            keyStore.load(null);
            KeyPair m5413for = m5413for();
            this.f371for = m5413for;
            if (m5413for != null) {
            } else {
                throw new IllegalStateException("KeyPair cannot be null");
            }
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableEntryException | CertificateException e) {
            throw new Cfor(e);
        }
    }

    /* renamed from: case, reason: not valid java name */
    private boolean m5407case() {
        return KeyChain.isBoundKeyAlgorithm("EC");
    }

    /* renamed from: do, reason: not valid java name */
    public static Cdo m5408do(Cif cif) {
        return cif == null ? Cdo.UNSUPPORTED : cif.m5418try() ? Cdo.HARDWARE : Cdo.SOFTWARE;
    }

    /* renamed from: do, reason: not valid java name */
    private KeyPair m5409do(Context context) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        int i = Build.VERSION.SDK_INT;
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(i > 23 ? "EC" : "RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(i > 23 ? m5415if() : m5411do());
        return keyPairGenerator.generateKeyPair();
    }

    /* renamed from: do, reason: not valid java name */
    private KeyPair m5410do(KeyStore keyStore) throws KeyStoreException, UnrecoverableEntryException, NoSuchAlgorithmException, Cfor {
        try {
            KeyStore.Entry entry = keyStore.getEntry("com.iproov.sdk", null);
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new IllegalStateException("Unsupported Key type");
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
        } catch (NullPointerException e) {
            throw new Cfor(e);
        }
    }

    /* renamed from: do, reason: not valid java name */
    private AlgorithmParameterSpec m5411do() throws NoSuchAlgorithmException {
        return new KeyPairGeneratorSpec.Builder(this.f370do).setAlias("com.iproov.sdk").setSubject(new X500Principal("CN=com.iproov.sdk")).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setSerialNumber(new BigInteger(25, new SecureRandom())).setStartDate(new Date(0L)).setEndDate(new Date(2461449600000L)).setKeyType("EC").build();
    }

    /* renamed from: else, reason: not valid java name */
    private boolean m5412else() {
        PrivateKey privateKey = this.f371for.getPrivate();
        try {
            return ((KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(privateKey, KeyInfo.class)).isInsideSecureHardware();
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException unused) {
            IPLog.w(f369new, "Error retrieving key info");
            return false;
        }
    }

    /* renamed from: for, reason: not valid java name */
    private KeyPair m5413for() throws KeyStoreException, UnrecoverableEntryException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, Cfor {
        return this.f372if.containsAlias("com.iproov.sdk") ? Build.VERSION.SDK_INT >= 28 ? m5414if(this.f372if) : m5410do(this.f372if) : m5409do(this.f370do);
    }

    /* renamed from: if, reason: not valid java name */
    private KeyPair m5414if(KeyStore keyStore) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        Key key = keyStore.getKey("com.iproov.sdk", null);
        Certificate certificate = keyStore.getCertificate("com.iproov.sdk");
        if (!(key instanceof PrivateKey)) {
            throw new IllegalStateException("Unsupported Key type");
        }
        return new KeyPair(certificate.getPublicKey(), (PrivateKey) key);
    }

    /* renamed from: if, reason: not valid java name */
    private AlgorithmParameterSpec m5415if() {
        KeyGenParameterSpec.Builder digests = new KeyGenParameterSpec.Builder("com.iproov.sdk", 4).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setDigests("SHA-256");
        if (Build.VERSION.SDK_INT >= 28 && this.f370do.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore")) {
            digests.setIsStrongBoxBacked(true);
        }
        return digests.build();
    }

    /* renamed from: do, reason: not valid java name */
    public byte[] m5416do(byte[] bArr) throws Cfor {
        try {
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initSign(this.f371for.getPrivate());
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new Cfor(e);
        }
    }

    /* renamed from: new, reason: not valid java name */
    public PublicKey m5417new() {
        return this.f371for.getPublic();
    }

    /* renamed from: try, reason: not valid java name */
    public boolean m5418try() {
        return Build.VERSION.SDK_INT < 23 ? m5407case() : m5412else();
    }
}
