package com.hsecure.xpass.lib.sdk.authenticator.common.auth.crypto;

import android.os.Build;
import com.hsecure.xpass.lib.sdk.authenticator.common.LogUtil;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.constant.AuthException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Date;
import java.util.GregorianCalendar;
import javax.crypto.Cipher;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.cert.CertIOException;
import org.spongycastle.cert.X509v3CertificateBuilder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes.dex */
public class AndroidKeyStore {
    static String Algorithm;
    private static final String TAG;

    static {
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
        Algorithm = "RSA";
        TAG = AndroidKeyStore.class.getSimpleName();
    }

    static X509Certificate createCertificate(PublicKey publicKey, PrivateKey privateKey, X500Name x500Name, X500Name x500Name2, boolean z) {
        try {
            BigInteger valueOf = BigInteger.valueOf(Math.abs(SecureRandom.getInstance("SHA1PRNG").nextInt()));
            Date date = new Date(System.currentTimeMillis());
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            gregorianCalendar.setTime(date);
            gregorianCalendar.add(1, 10);
            X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name2, valueOf, date, gregorianCalendar.getTime(), x500Name, new SubjectPublicKeyInfo(ASN1Sequence.getInstance(publicKey.getEncoded())));
            if (z) {
                try {
                    x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(0));
                } catch (CertIOException e) {
                    LogUtil.e(TAG, e.getMessage());
                }
            }
            try {
                return new JcaX509CertificateConverter().setProvider("SC").getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("SC").build(privateKey)));
            } catch (CertificateException e2) {
                LogUtil.e(TAG, "CertificateException : " + e2.getMessage());
                return null;
            } catch (OperatorCreationException e3) {
                LogUtil.e(TAG, "OperatorCreationException : " + e3.getMessage());
                return null;
            }
        } catch (NoSuchAlgorithmException unused) {
            return null;
        }
    }

    public static byte[] decryptEncryptedKeyData(KeyStore.PrivateKeyEntry privateKeyEntry, byte[] bArr) throws AuthException {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(2, privateKeyEntry.getPrivateKey());
            return cipher.doFinal(bArr);
        } catch (Exception unused) {
            throw new AuthException("전달된 Key Data를 복호화하는데 실패함");
        }
    }

    public static void deleteAuthKeyInAndroidKeystore(String str) throws AuthException {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry(str);
        } catch (Exception unused) {
            throw new AuthException("Android KeyStore에서 AuthKeyPair를 삭제하는데 실패함");
        }
    }

    public static byte[] encryptRawKey(RSAPublicKey rSAPublicKey, byte[] bArr) throws AuthException {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, rSAPublicKey);
            return cipher.doFinal(bArr);
        } catch (Exception unused) {
            throw new AuthException("전달된 Key Data를 암호화하는데 실패함");
        }
    }

    static KeyPair generateRSAKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "SC");
            keyPairGenerator.initialize(2048, SecureRandom.getInstance("SHA1PRNG"));
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            LogUtil.e(TAG, e.getMessage());
            return null;
        }
    }

    public static KeyStore.PrivateKeyEntry getAuthKeyfromAndroidKeyStore(String str) throws AuthException {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null);
        } catch (Exception unused) {
            throw new AuthException("Android KeyStore에서 AuthPrivateKey를 조회하는데 실패함");
        }
    }

    public static boolean isAndroidKeyStoreSupported() {
        return Build.VERSION.SDK_INT >= 18;
    }

    public static RSAPublicKey setAuthKeytoAndroidKeyStore(String str) throws AuthException {
        KeyPair generateRSAKeyPair = generateRSAKeyPair();
        if (generateRSAKeyPair == null) {
            throw new AuthException("RSA KeyPair 생성에 실패하였음");
        }
        X509Certificate createCertificate = createCertificate(generateRSAKeyPair.getPublic(), generateRSAKeyPair.getPrivate(), new X500Name("C=KR,O=ETRI,CN=FIDO_Auth"), new X500Name("C=KR,O=ETRI,CN=FIDO_Auth"), false);
        if (createCertificate == null) {
            throw new AuthException("Auth Key용 self-sign 인증서 생성에 실패함");
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.setKeyEntry(str, generateRSAKeyPair.getPrivate(), null, new Certificate[]{createCertificate});
            return (RSAPublicKey) generateRSAKeyPair.getPublic();
        } catch (Exception unused) {
            throw new AuthException("Android KeyStore에 AuthKeyPair를 저장하는데 실패함");
        }
    }
}
