package org.chromium.components.payments.browser_binding;

import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.StrongBoxUnavailableException;
import android.util.Base64;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.List;
import org.chromium.base.Log;
import org.chromium.blink.mojom.PublicKeyCredentialParameters;
import org.chromium.build.annotations.NullMarked;
import org.jni_zero.JNINamespace;

@NullMarked
@JNINamespace
/* loaded from: classes5.dex */
public final class BrowserBoundKeyStore {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    public static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    public static final String KEYSTORE_ALIAS_PREFIX = "spcbbk_sha256ecdsa_";
    private static final String TAG = "SpcBbKeyStore";

    private BrowserBoundKeyStore() {
    }

    private boolean containsEs256(List<PublicKeyCredentialParameters> list) {
        for (PublicKeyCredentialParameters publicKeyCredentialParameters : list) {
            if (publicKeyCredentialParameters.type == 0 && publicKeyCredentialParameters.algorithmIdentifier == -7) {
                return true;
            }
        }
        return false;
    }

    private BrowserBoundKey createBrowserBoundKey(String str) {
        KeyPairGenerator androidKeyPairGenerator = getAndroidKeyPairGenerator();
        if (androidKeyPairGenerator == null) {
            return null;
        }
        try {
            try {
                androidKeyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 4).setDigests("SHA-256").setIsStrongBoxBacked(true).build());
                return new BrowserBoundKey(androidKeyPairGenerator.generateKeyPair());
            } catch (InvalidAlgorithmParameterException e) {
                Log.e(TAG, "Could not initialize key pair generation for browser bound key support.", (Throwable) e);
                return null;
            }
        } catch (StrongBoxUnavailableException unused) {
            Log.e(TAG, "StrongBox is not available while creating a browser bound key.");
            return null;
        }
    }

    public static List<PublicKeyCredentialParameters> createListOfCredentialParameters(int[] iArr, int[] iArr2) {
        ArrayList arrayList = new ArrayList(iArr.length);
        for (int i = 0; i < iArr.length; i++) {
            PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters();
            publicKeyCredentialParameters.type = iArr[i];
            publicKeyCredentialParameters.algorithmIdentifier = iArr2[i];
            arrayList.add(publicKeyCredentialParameters);
        }
        return arrayList;
    }

    private static KeyPairGenerator getAndroidKeyPairGenerator() {
        try {
            return KeyPairGenerator.getInstance("EC", ANDROID_KEY_STORE);
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            Log.e(TAG, "Could not create key pair generation for browser bound key support.", e);
            return null;
        }
    }

    private BrowserBoundKey getBrowserBoundKey(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore.load(null);
            if (!keyStore.containsAlias(str)) {
                return null;
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null);
            return new BrowserBoundKey(new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey()));
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException unused) {
            Log.e(TAG, "Could not load the browser bound key from the key store.");
            return null;
        } catch (UnrecoverableEntryException unused2) {
            return null;
        }
    }

    public static BrowserBoundKeyStore getInstance() {
        return new BrowserBoundKeyStore();
    }

    public BrowserBoundKey getOrCreateBrowserBoundKeyForCredentialId(byte[] bArr, List<PublicKeyCredentialParameters> list) {
        if (!containsEs256(list)) {
            return null;
        }
        String str = KEYSTORE_ALIAS_PREFIX + Base64.encodeToString(bArr, 8);
        BrowserBoundKey browserBoundKey = getBrowserBoundKey(str);
        return browserBoundKey == null ? createBrowserBoundKey(str) : browserBoundKey;
    }
}
