package org.kp.mdk.kpconsumerauth.util.security;

import cb.e;
import cb.j;
import java.nio.charset.Charset;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Base64;
import javax.net.ssl.TrustManager;
import org.kp.mdk.kpconsumerauth.util.Constants;

/* compiled from: SecurityUtil.kt */
/* loaded from: classes2.dex */
public final class SecurityUtil implements Security {
    private static final int DEFAULT_CODE_VERIFIER_ENTROPY = 64;
    private final KpFullTrustManager fullTrustManager;
    private final KeyStoreFactory keyStoreFactory;
    private final KpTrustManager trustManager;
    public static final Companion Companion = new Companion(null);
    private static String codeVerifier = "";
    private static String codeChallenge = "";

    /* compiled from: SecurityUtil.kt */
    /* loaded from: classes2.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(e eVar) {
            this();
        }

        public final void generateRandomCodeVerifierAndChallenge$KPConsumerAuthLib_prodRelease() {
            String str;
            String str2;
            try {
                byte[] bArr = new byte[32];
                new SecureRandom().nextBytes(bArr);
                str = Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
                j.f(str, "{\n                val se…deVerifier)\n            }");
            } catch (Exception unused) {
                str = Constants.CODE_VERIFIER_VALUE;
            }
            SecurityUtil.codeVerifier = str;
            try {
                String str3 = SecurityUtil.codeVerifier;
                Charset forName = Charset.forName("US-ASCII");
                j.f(forName, "forName(charsetName)");
                byte[] bytes = str3.getBytes(forName);
                j.f(bytes, "this as java.lang.String).getBytes(charset)");
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                messageDigest.update(bytes, 0, bytes.length);
                str2 = Base64.getUrlEncoder().withoutPadding().encodeToString(messageDigest.digest());
                j.f(str2, "{\n                val by…ing(digest)\n            }");
            } catch (Exception unused2) {
                str2 = Constants.CODE_CHALLENGE_VALUE;
            }
            SecurityUtil.codeChallenge = str2;
        }

        public final String getCodeChallenge$KPConsumerAuthLib_prodRelease() {
            if (SecurityUtil.codeChallenge.length() == 0) {
                generateRandomCodeVerifierAndChallenge$KPConsumerAuthLib_prodRelease();
            }
            return SecurityUtil.codeChallenge;
        }

        public final String getCodeVerifier$KPConsumerAuthLib_prodRelease() {
            if (SecurityUtil.codeVerifier.length() == 0) {
                throw new IllegalAccessException("Attempt to get verifier w/o following proper code generation flow");
            }
            String str = SecurityUtil.codeVerifier;
            SecurityUtil.codeChallenge = "";
            SecurityUtil.codeVerifier = "";
            return str;
        }
    }

    public SecurityUtil(KeyStoreFactory keyStoreFactory, KpTrustManager kpTrustManager, KpFullTrustManager kpFullTrustManager) {
        j.g(keyStoreFactory, "keyStoreFactory");
        j.g(kpTrustManager, "trustManager");
        j.g(kpFullTrustManager, "fullTrustManager");
        this.keyStoreFactory = keyStoreFactory;
        this.trustManager = kpTrustManager;
        this.fullTrustManager = kpFullTrustManager;
    }

    @Override // org.kp.mdk.kpconsumerauth.util.security.Security
    public TrustManager getCertCheckingTrustManager() {
        KeyStore keyStore = this.keyStoreFactory.getKeyStore("AndroidCAStore");
        keyStore.load(null, null);
        this.trustManager.build(keyStore);
        return this.trustManager;
    }

    @Override // org.kp.mdk.kpconsumerauth.util.security.Security
    public CustomSSLSocketFactory getKPSSLSocketFactory(boolean z10) {
        TrustManager certCheckingTrustManager;
        KeyStore keyStore = null;
        if (z10) {
            KeyStore keyStore2 = this.keyStoreFactory.getKeyStore("BKS");
            keyStore2.load(null, null);
            keyStore = keyStore2;
            certCheckingTrustManager = this.fullTrustManager;
        } else {
            certCheckingTrustManager = getCertCheckingTrustManager();
        }
        return new CustomSSLSocketFactory(keyStore, certCheckingTrustManager);
    }
}
