package zb;

import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.security.auth.x500.X500Principal;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;

/* loaded from: classes.dex */
public final class g extends qh.g implements Function0<SecretKey> {

    /* renamed from: b, reason: collision with root package name */
    public final /* synthetic */ i f22717b;

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public g(i iVar) {
        super(0);
        this.f22717b = iVar;
    }

    @Override // kotlin.jvm.functions.Function0
    public final SecretKey invoke() {
        PrivateKey privateKey;
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder userAuthenticationRequired;
        KeyGenParameterSpec.Builder userAuthenticationValidityDurationSeconds;
        KeyGenParameterSpec build;
        Certificate certificate;
        i iVar = this.f22717b;
        ac.f fVar = (ac.f) iVar.f22724e.getValue();
        String alias = iVar.f22723d;
        Intrinsics.checkNotNullExpressionValue(alias, "alias");
        fVar.getClass();
        fh.d dVar = fVar.f174d;
        Intrinsics.checkNotNullParameter(alias, "alias");
        try {
            privateKey = (PrivateKey) ((KeyStore) dVar.getValue()).getKey(alias, null);
        } catch (KeyStoreException | UnrecoverableKeyException unused) {
            privateKey = null;
        } catch (NoSuchAlgorithmException e10) {
            throw e10;
        }
        PublicKey publicKey = (privateKey == null || (certificate = ((KeyStore) dVar.getValue()).getCertificate(alias)) == null) ? null : certificate.getPublicKey();
        KeyPair keyPair = (privateKey == null || publicKey == null) ? null : new KeyPair(publicKey, privateKey);
        SharedPreferences sharedPreferences = iVar.f22722c;
        String wrappedKeyData = sharedPreferences.getString("secret_key_encrypted", null);
        fh.d dVar2 = iVar.f22726g;
        if (wrappedKeyData != null && keyPair != null) {
            ac.a aVar = (ac.a) dVar2.getValue();
            PrivateKey keyToUnWrapWith = keyPair.getPrivate();
            Intrinsics.checkNotNullExpressionValue(keyToUnWrapWith, "keyPair.private");
            aVar.getClass();
            Intrinsics.checkNotNullParameter(wrappedKeyData, "wrappedKeyData");
            Intrinsics.checkNotNullParameter("AES", "wrappedKeyAlgorithm");
            Intrinsics.checkNotNullParameter(keyToUnWrapWith, "keyToUnWrapWith");
            Cipher cipher = Cipher.getInstance(aVar.f167a);
            cipher.init(4, keyToUnWrapWith);
            Key unwrap = cipher.unwrap(Base64.decode(wrappedKeyData, 8), "AES", 3);
            Intrinsics.checkNotNullExpressionValue(unwrap, "cipher.unwrap(base64deco…lgorithm, wrappedKeyType)");
            Intrinsics.c(unwrap, "null cannot be cast to non-null type javax.crypto.SecretKey");
            return (SecretKey) unwrap;
        }
        fh.d dVar3 = iVar.f22724e;
        ac.f fVar2 = (ac.f) dVar3.getValue();
        Intrinsics.checkNotNullExpressionValue(alias, "alias");
        fVar2.getClass();
        Intrinsics.checkNotNullParameter(alias, "alias");
        KeyPairGenerator generator = KeyPairGenerator.getInstance(com.zentity.nedbank.roa.ws.model.auth.secure.a.f13690d, "AndroidKeyStore");
        if (ac.f.f170e) {
            Intrinsics.checkNotNullExpressionValue(generator, "generator");
            a1.b.l();
            blockModes = a1.c.i(alias).setBlockModes("ECB");
            encryptionPaddings = blockModes.setEncryptionPaddings("PKCS1Padding");
            userAuthenticationRequired = encryptionPaddings.setUserAuthenticationRequired(false);
            userAuthenticationValidityDurationSeconds = userAuthenticationRequired.setUserAuthenticationValidityDurationSeconds(-1);
            Intrinsics.checkNotNullExpressionValue(userAuthenticationValidityDurationSeconds, "Builder(\n            ali…nValidityDurationSeconds)");
            if (Build.VERSION.SDK_INT >= 24) {
                userAuthenticationValidityDurationSeconds.setInvalidatedByBiometricEnrollment(false);
                userAuthenticationValidityDurationSeconds.setUserAuthenticationValidWhileOnBody(false);
            }
            build = userAuthenticationValidityDurationSeconds.build();
            generator.initialize(build);
        } else {
            Intrinsics.checkNotNullExpressionValue(generator, "generator");
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 30);
            KeyPairGeneratorSpec.Builder endDate = new KeyPairGeneratorSpec.Builder(fVar2.f171a).setAlias(alias).setSerialNumber(BigInteger.ONE).setSubject(new X500Principal(androidx.activity.e.n("CN=", alias, " CA Certificate"))).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime());
            Intrinsics.checkNotNullExpressionValue(endDate, "Builder(context)\n       ….setEndDate(endDate.time)");
            generator.initialize(endDate.build());
        }
        KeyPair generateKeyPair = generator.generateKeyPair();
        Intrinsics.checkNotNullExpressionValue(generateKeyPair, "generator.generateKeyPair()");
        ((ac.f) dVar3.getValue()).getClass();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256);
        SecretKey generateKey = keyGenerator.generateKey();
        Intrinsics.checkNotNullExpressionValue(generateKey, "getInstance(SYMMETRIC_KE…SIZE)\n    }.generateKey()");
        ac.a aVar2 = (ac.a) dVar2.getValue();
        SecretKey keyToBeWrapped = generateKey;
        PublicKey keyToWrapWith = generateKeyPair.getPublic();
        Intrinsics.checkNotNullExpressionValue(keyToWrapWith, "keyPair.public");
        aVar2.getClass();
        Intrinsics.checkNotNullParameter(keyToBeWrapped, "keyToBeWrapped");
        Intrinsics.checkNotNullParameter(keyToWrapWith, "keyToWrapWith");
        Cipher cipher2 = Cipher.getInstance(aVar2.f167a);
        cipher2.init(3, keyToWrapWith);
        byte[] wrap = cipher2.wrap(keyToBeWrapped);
        Intrinsics.checkNotNullExpressionValue(wrap, "cipher.wrap(keyToBeWrapped)");
        String encodeToString = Base64.encodeToString(wrap, 11);
        Intrinsics.checkNotNullExpressionValue(encodeToString, "base64encode(cipher.wrap(keyToBeWrapped))");
        sharedPreferences.edit().putString("secret_key_encrypted", encodeToString).apply();
        return generateKey;
    }
}
