package r10.one.auth.internal;

import android.app.KeyguardManager;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.KeyProtection;
import android.security.keystore.UserNotAuthenticatedException;
import com.google.android.gms.stats.CodePackage;
import com.google.firebase.messaging.Constants;
import com.inn.webservicesdk.secutiry.SecurityConstant;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.collections.ArraysKt___ArraysJvmKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.functions.Function3;
import kotlin.jvm.functions.Function6;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.StringCompanionObject;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import r10.one.auth.UserPresenceRequiredError;
import r10.one.auth.internal.base64.Base64Kt;

@Metadata(d1 = {"\u0000p\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\b\n\u0002\u0010\u000b\n\u0002\u0018\u0002\n\u0002\u0010\u0012\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\b\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0010\u0002\n\u0002\b\u0003\bÀ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J,\u0010#\u001a\u0004\u0018\u00010\u000b2\u0006\u0010$\u001a\u00020\u00072\u0006\u0010%\u001a\u00020\u00042\u0006\u0010&\u001a\u00020\u00042\b\b\u0002\u0010'\u001a\u00020\tH\u0002J\u0010\u0010(\u001a\u00020)2\u0006\u0010$\u001a\u00020\u0007H\u0016J\u0018\u0010*\u001a\u00020+2\u0006\u0010$\u001a\u00020\u00072\u0006\u0010,\u001a\u00020\u0004H\u0002J\u0010\u0010-\u001a\u00020\u000b2\u0006\u0010$\u001a\u00020\u0007H\u0002J\u001a\u0010.\u001a\u0004\u0018\u00010)2\u0006\u0010/\u001a\u00020\u00042\u0006\u0010$\u001a\u00020\u0007H\u0016J\u0010\u00100\u001a\u00020\u00102\u0006\u0010$\u001a\u00020\u0007H\u0016J\u0018\u00101\u001a\u0002022\u0006\u0010$\u001a\u00020\u00072\u0006\u0010/\u001a\u00020\u0004H\u0016J\u0010\u00103\u001a\u0002022\u0006\u0010$\u001a\u00020\u0007H\u0016J\u0010\u00104\u001a\u00020\t2\u0006\u0010$\u001a\u00020\u0007H\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R;\u0010\u0005\u001a,\u0012\u0004\u0012\u00020\u0007\u0012\u0004\u0012\u00020\b\u0012\u0004\u0012\u00020\t\u0012\u0004\u0012\u00020\u0004\u0012\u0004\u0012\u00020\u0004\u0012\u0004\u0012\u00020\n\u0012\u0004\u0012\u00020\u000b0\u0006¢\u0006\b\n\u0000\u001a\u0004\b\f\u0010\rR(\u0010\u000e\u001a\u001c\u0012\u0004\u0012\u00020\b\u0012\u0004\u0012\u00020\u0010\u0012\f\u0012\n \u0012*\u0004\u0018\u00010\u00110\u00110\u000fX\u0082\u0004¢\u0006\u0002\n\u0000R(\u0010\u0013\u001a\u001c\u0012\u0004\u0012\u00020\b\u0012\u0004\u0012\u00020\u0010\u0012\f\u0012\n \u0012*\u0004\u0018\u00010\u00110\u00110\u000fX\u0082\u0004¢\u0006\u0002\n\u0000R\u0016\u0010\u0014\u001a\n \u0012*\u0004\u0018\u00010\u00150\u0015X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0016\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R,\u0010\u0017\u001a\u001a\u0012\u0004\u0012\u00020\u0007\u0012\u0004\u0012\u00020\b\u0012\u0004\u0012\u00020\t\u0012\u0004\u0012\u00020\n0\u0018X\u0096\u0004¢\u0006\b\n\u0000\u001a\u0004\b\u0019\u0010\u001aR\u000e\u0010\u001b\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u001c\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u001d\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\"\u0010\u001e\u001a\u0010\u0012\u0004\u0012\u00020\u0007\u0012\u0006\u0012\u0004\u0018\u00010 0\u001fX\u0096\u0004¢\u0006\b\n\u0000\u001a\u0004\b!\u0010\"¨\u00065"}, d2 = {"Lr10/one/auth/internal/AndroidKeystore;", "Lr10/one/auth/internal/SDKKeyStore;", "()V", "MasterKeyStoreEntryKey", "", "createKey", "Lkotlin/Function6;", "Landroid/content/Context;", "", "", "Lr10/one/auth/internal/SecretKey;", "", "getCreateKey", "()Lkotlin/jvm/functions/Function6;", "ecb", "Lkotlin/Function2;", "Ljava/security/Key;", "Ljavax/crypto/Cipher;", "kotlin.jvm.PlatformType", Constants.MessageTypes.MESSAGE, "keyStore", "Ljava/security/KeyStore;", "masterCryptoKey", "masterKey", "Lkotlin/Function3;", "getMasterKey", "()Lkotlin/jvm/functions/Function3;", "metadataAlias", "metadataCryptoKey", "preferenceFileName", "publicKey", "Lkotlin/Function1;", "Lr10/one/auth/internal/PublicKey;", "getPublicKey", "()Lkotlin/jvm/functions/Function1;", "byteArrayKey", "context", "keystoreEntryKey", "cryptoKey", "authenticationRequired", "createEd25519KeyPair", "Lr10/one/auth/internal/Ed25519KeyPair;", "createKeyPairGeneratorSpec", "Landroid/security/KeyPairGeneratorSpec;", AndroidKeystore.MasterKeyStoreEntryKey, "createMetadataKey", "getEphemeralKey", "kid", "getMetadataKey", "invalidateEphemeralKey", "", "invalidateKeys", "isDeviceSecured", "core_release"}, k = 1, mv = {1, 7, 1}, xi = 48)
/* loaded from: classes2.dex */
public final class AndroidKeystore implements SDKKeyStore {

    @NotNull
    private static final String MasterKeyStoreEntryKey = "alias";

    @NotNull
    private static final String masterCryptoKey = "key";

    @NotNull
    private static final String metadataAlias = "metadata_alias";

    @NotNull
    private static final String metadataCryptoKey = "metadata_key";

    @NotNull
    private static final String preferenceFileName = "r10.one.auth.master_key";

    @NotNull
    public static final AndroidKeystore INSTANCE = new AndroidKeystore();
    private static final KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");

    @NotNull
    private static final Function2<Integer, Key, Cipher> gcm = new Function2<Integer, Key, Cipher>() { // from class: r10.one.auth.internal.AndroidKeystore$gcm$1
        @Override // kotlin.jvm.functions.Function2
        public /* bridge */ /* synthetic */ Cipher invoke(Integer num, Key key) {
            return invoke(num.intValue(), key);
        }

        public final Cipher invoke(int i, @NotNull Key key) {
            Intrinsics.checkNotNullParameter(key, "key");
            byte[] bArr = new byte[12];
            ArraysKt___ArraysJvmKt.fill$default(bArr, (byte) 9, 0, 0, 6, (Object) null);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(i, key, new GCMParameterSpec(128, bArr));
            return cipher;
        }
    };

    @NotNull
    private static final Function2<Integer, Key, Cipher> ecb = new Function2<Integer, Key, Cipher>() { // from class: r10.one.auth.internal.AndroidKeystore$ecb$1
        @Override // kotlin.jvm.functions.Function2
        public /* bridge */ /* synthetic */ Cipher invoke(Integer num, Key key) {
            return invoke(num.intValue(), key);
        }

        public final Cipher invoke(int i, @NotNull Key key) {
            Intrinsics.checkNotNullParameter(key, "key");
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(i, key);
            return cipher;
        }
    };

    @NotNull
    private static final Function6<Context, Integer, Boolean, String, String, SecretKey, byte[]> createKey = new Function6<Context, Integer, Boolean, String, String, SecretKey, byte[]>() { // from class: r10.one.auth.internal.AndroidKeystore$createKey$1
        @Override // kotlin.jvm.functions.Function6
        public /* bridge */ /* synthetic */ byte[] invoke(Context context, Integer num, Boolean bool, String str, String str2, SecretKey secretKey) {
            return invoke(context, num.intValue(), bool.booleanValue(), str, str2, secretKey);
        }

        @NotNull
        public final byte[] invoke(@NotNull Context context, int i, boolean z, @NotNull String keystoreEntryKey, @NotNull String cryptoKey, @NotNull SecretKey secretKey) {
            Function2 function2;
            KeyStore keyStore2;
            Intrinsics.checkNotNullParameter(context, "context");
            Intrinsics.checkNotNullParameter(keystoreEntryKey, "keystoreEntryKey");
            Intrinsics.checkNotNullParameter(cryptoKey, "cryptoKey");
            Intrinsics.checkNotNullParameter(secretKey, "secretKey");
            SharedPreferences sharedPreferences = context.getSharedPreferences("r10.one.auth.master_key", 0);
            byte[] bytes = secretKey.getBytes();
            String base64UrlSafe = Base64Kt.base64UrlSafe(secretKey.getPk().getBytes());
            KeyGenerator keyGenerator = KeyGenerator.getInstance(SecurityConstant.SECRET_KEY_ALGORITHM);
            keyGenerator.init(256);
            javax.crypto.SecretKey vaultKey = keyGenerator.generateKey();
            function2 = AndroidKeystore.gcm;
            Intrinsics.checkNotNullExpressionValue(vaultKey, "vaultKey");
            byte[] encryptedKey = ((Cipher) function2.invoke(1, vaultKey)).doFinal(bytes);
            KeyProtection.Builder encryptionPaddings = new KeyProtection.Builder(3).setBlockModes(CodePackage.GCM).setEncryptionPaddings("NoPadding");
            Intrinsics.checkNotNullExpressionValue(encryptionPaddings, "Builder(KeyProperties.PU….ENCRYPTION_PADDING_NONE)");
            Object systemService = context.getSystemService("keyguard");
            KeyguardManager keyguardManager = systemService instanceof KeyguardManager ? (KeyguardManager) systemService : null;
            if (keyguardManager != null) {
                if (keyguardManager.isDeviceSecure()) {
                    encryptionPaddings.setUserAuthenticationRequired(z);
                    if (Build.VERSION.SDK_INT > 29) {
                        encryptionPaddings.setUserAuthenticationParameters(i, 3);
                    } else {
                        encryptionPaddings.setUserAuthenticationValidityDurationSeconds(i);
                    }
                }
                keyStore2 = AndroidKeystore.keyStore;
                keyStore2.load(null);
                keyStore2.setEntry(base64UrlSafe, new KeyStore.SecretKeyEntry(vaultKey), encryptionPaddings.build());
                SharedPreferences.Editor edit = sharedPreferences.edit();
                edit.putString(keystoreEntryKey, base64UrlSafe);
                Intrinsics.checkNotNullExpressionValue(encryptedKey, "encryptedKey");
                edit.putString(cryptoKey, Base64Kt.base64UrlSafe(encryptedKey));
                edit.putBoolean(cryptoKey + "_require_auth", z);
                edit.apply();
            }
            return bytes;
        }
    };

    @NotNull
    private static final Function3<Context, Integer, Boolean, SecretKey> masterKey = new Function3<Context, Integer, Boolean, SecretKey>() { // from class: r10.one.auth.internal.AndroidKeystore$masterKey$1
        @Override // kotlin.jvm.functions.Function3
        public /* bridge */ /* synthetic */ SecretKey invoke(Context context, Integer num, Boolean bool) {
            return invoke(context, num.intValue(), bool.booleanValue());
        }

        @NotNull
        public final SecretKey invoke(@NotNull Context context, int i, boolean z) {
            boolean isDeviceSecured;
            byte[] byteArrayKey;
            Intrinsics.checkNotNullParameter(context, "context");
            AndroidKeystore androidKeystore = AndroidKeystore.INSTANCE;
            isDeviceSecured = androidKeystore.isDeviceSecured(context);
            boolean z2 = isDeviceSecured && !z;
            SecretKey secretKey = new SecretKey();
            byteArrayKey = androidKeystore.byteArrayKey(context, "alias", "key", z2);
            if (byteArrayKey == null) {
                byteArrayKey = androidKeystore.getCreateKey().invoke(context, Integer.valueOf(i), Boolean.valueOf(z2), "alias", "key", secretKey);
            }
            return new SecretKey(byteArrayKey);
        }
    };

    @NotNull
    private static final Function1<Context, PublicKey> publicKey = new Function1<Context, PublicKey>() { // from class: r10.one.auth.internal.AndroidKeystore$publicKey$1
        @Override // kotlin.jvm.functions.Function1
        @Nullable
        public final PublicKey invoke(@NotNull Context context) {
            Intrinsics.checkNotNullParameter(context, "context");
            String string = context.getSharedPreferences("r10.one.auth.master_key", 0).getString("alias", null);
            if (string != null) {
                return new PublicKey(Base64Kt.decodeBase64UrlSafe(string));
            }
            return null;
        }
    };

    private AndroidKeystore() {
    }

    public static /* synthetic */ byte[] a(AndroidKeystore androidKeystore, Context context, String str, String str2, boolean z, int i, Object obj) {
        if ((i & 8) != 0) {
            z = false;
        }
        return androidKeystore.byteArrayKey(context, str, str2, z);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final byte[] byteArrayKey(Context context, String keystoreEntryKey, String cryptoKey, boolean authenticationRequired) {
        String it;
        SharedPreferences sharedPreferences = context.getSharedPreferences(preferenceFileName, 0);
        if (sharedPreferences.contains(cryptoKey + "_require_auth")) {
            if (sharedPreferences.getBoolean(cryptoKey + "_require_auth", false) != authenticationRequired) {
                invalidateKeys(context);
                return null;
            }
        }
        try {
            String string = sharedPreferences.getString(keystoreEntryKey, null);
            if (string == null) {
                return null;
            }
            KeyStore keyStore2 = keyStore;
            keyStore2.load(null);
            Key key = keyStore2.getKey(string, null);
            if (key == null || (it = sharedPreferences.getString(cryptoKey, null)) == null) {
                return null;
            }
            Intrinsics.checkNotNullExpressionValue(it, "it");
            return gcm.invoke(2, key).doFinal(Base64Kt.decodeBase64UrlSafe(it));
        } catch (KeyPermanentlyInvalidatedException unused) {
            return null;
        } catch (UserNotAuthenticatedException e) {
            throw new UserPresenceRequiredError(e);
        }
    }

    private final KeyPairGeneratorSpec createKeyPairGeneratorSpec(Context context, String alias) {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 100);
        KeyPairGeneratorSpec.Builder alias2 = new KeyPairGeneratorSpec.Builder(context).setAlias(alias);
        StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
        String format = String.format("CN=%s", Arrays.copyOf(new Object[]{alias}, 1));
        Intrinsics.checkNotNullExpressionValue(format, "format(format, *args)");
        KeyPairGeneratorSpec build = alias2.setSubject(new X500Principal(format)).setSerialNumber(BigInteger.valueOf(1000000L)).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        Intrinsics.checkNotNullExpressionValue(build, "Builder(context)\n      .…(end.time)\n      .build()");
        return build;
    }

    private final byte[] createMetadataKey(Context context) {
        byte[] random = CryptographyKt.random(new byte[32]);
        createKey.invoke(context, 0, Boolean.FALSE, metadataAlias, metadataCryptoKey, new SecretKey(random));
        return random;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final boolean isDeviceSecured(Context context) {
        KeyguardManager keyguardManager = (KeyguardManager) context.getSystemService("keyguard");
        return keyguardManager != null && keyguardManager.isDeviceSecure();
    }

    @Override // r10.one.auth.internal.SDKKeyStore
    @NotNull
    public Ed25519KeyPair createEd25519KeyPair(@NotNull Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        byte[] random = CryptographyKt.random(new byte[32]);
        Ed25519KeyPair generate = Ed25519KeyPair.INSTANCE.generate(random);
        createKey.invoke(context, 0, Boolean.FALSE, "alias_ephemeral_" + generate.getKid(), "key_ephemeral_" + generate.getKid(), new SecretKey(random));
        return generate;
    }

    @NotNull
    public final Function6<Context, Integer, Boolean, String, String, SecretKey, byte[]> getCreateKey() {
        return createKey;
    }

    @Override // r10.one.auth.internal.SDKKeyStore
    @Nullable
    public Ed25519KeyPair getEphemeralKey(@NotNull String kid, @NotNull Context context) {
        Intrinsics.checkNotNullParameter(kid, "kid");
        Intrinsics.checkNotNullParameter(context, "context");
        byte[] a2 = a(this, context, "alias_ephemeral_" + kid, "key_ephemeral_" + kid, false, 8, null);
        if (a2 != null) {
            return Ed25519KeyPair.INSTANCE.generate(a2);
        }
        return null;
    }

    @Override // r10.one.auth.internal.SDKKeyStore
    @NotNull
    public Function3<Context, Integer, Boolean, SecretKey> getMasterKey() {
        return masterKey;
    }

    @Override // r10.one.auth.internal.SDKKeyStore
    @NotNull
    public Key getMetadataKey(@NotNull Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        byte[] a2 = a(this, context, metadataAlias, metadataCryptoKey, false, 8, null);
        if (a2 == null) {
            a2 = createMetadataKey(context);
        }
        return new SecretKeySpec(a2, SecurityConstant.SECRET_KEY_ALGORITHM);
    }

    @Override // r10.one.auth.internal.SDKKeyStore
    @NotNull
    public Function1<Context, PublicKey> getPublicKey() {
        return publicKey;
    }

    @Override // r10.one.auth.internal.SDKKeyStore
    public void invalidateEphemeralKey(@NotNull Context context, @NotNull String kid) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(kid, "kid");
        SharedPreferences.Editor edit = context.getSharedPreferences(preferenceFileName, 0).edit();
        edit.remove("alias_ephemeral_" + kid);
        edit.remove("key_ephemeral_" + kid).apply();
    }

    @Override // r10.one.auth.internal.SDKKeyStore
    public void invalidateKeys(@NotNull Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        SharedPreferences.Editor edit = context.getSharedPreferences(preferenceFileName, 0).edit();
        edit.remove(MasterKeyStoreEntryKey);
        edit.remove("key").apply();
    }
}
