package com.transsion.security.aosp.hap.base.impl;

import ac.e;
import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyProtection;
import bv.c;
import com.transsion.kolun.data.DataSecurity;
import com.transsion.security.aosp.hap.base.auth.impl.TranHapKeyStoreLite;
import com.transsion.transvasdk.test.NLUUpstreamHttpForTest;
import dv.a0;
import dv.h;
import dv.l;
import dv.m;
import dv.v;
import dv.x;
import dv.y;
import gu.b1;
import gu.k;
import gu.n;
import gu.o0;
import gu.q;
import gu.v0;
import hn.b;
import hyperion.interstore.impl.TranStorePrefs;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Locale;
import java.util.Vector;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.RuntimeOperatorException;
import org.bouncycastle.util.f;

/* loaded from: classes6.dex */
public final class TranHapCryptoManagerV2Impl implements oq.a {

    /* renamed from: a, reason: collision with root package name */
    public final hn.a f15385a;

    /* renamed from: b, reason: collision with root package name */
    public final b f15386b;

    /* renamed from: c, reason: collision with root package name */
    public final com.transsion.security.aosp.hap.base.interstore.b f15387c;

    /* renamed from: d, reason: collision with root package name */
    public final com.transsion.security.aosp.hap.base.interstore.a f15388d;

    public TranHapCryptoManagerV2Impl(Context context, o9.a aVar, e eVar, TranStorePrefs tranStorePrefs, TranHapKeyStoreLite tranHapKeyStoreLite) {
        kotlin.jvm.internal.e.f(context, "context");
        this.f15385a = aVar;
        this.f15386b = eVar;
        this.f15387c = tranStorePrefs;
        this.f15388d = tranHapKeyStoreLite;
    }

    public static X509Certificate e(KeyPair keyPair) {
        String str;
        dv.a aVar;
        long currentTimeMillis = System.currentTimeMillis();
        Date date = new Date(currentTimeMillis);
        Date date2 = new Date(currentTimeMillis + 31536000000L);
        Locale locale = new Locale(NLUUpstreamHttpForTest.LANGUAGE, "GB");
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        c cVar = new c();
        v n10 = v.n(keyPair.getPublic().getEncoded());
        y yVar = new y(date, locale);
        y yVar2 = new y(date2, locale);
        a0 a0Var = new a0();
        a0Var.f18965b = new k(valueOf);
        a0Var.f18967d = cVar;
        a0Var.f18968e = yVar;
        a0Var.f18969f = yVar2;
        a0Var.f18970g = cVar;
        a0Var.f18971h = n10;
        Hashtable hashtable = new Hashtable();
        Vector vector = new Vector();
        String algorithm = keyPair.getPrivate().getAlgorithm();
        if (kotlin.jvm.internal.e.a(algorithm, "RSA")) {
            str = "SHA256withRSA";
        } else {
            if (!kotlin.jvm.internal.e.a(algorithm, "EC")) {
                throw new IllegalArgumentException(kotlin.jvm.internal.e.k(keyPair.getPrivate().getAlgorithm(), "Unsupported key algorithm: "));
            }
            str = "SHA256withECDSA";
        }
        PrivateKey privateKey = keyPair.getPrivate();
        jw.a aVar2 = new jw.a(new vv.b());
        String e10 = f.e(str);
        n nVar = (n) iw.c.f24663a.get(e10);
        if (nVar == null) {
            throw new IllegalArgumentException("Unknown signature type requested: ".concat(e10));
        }
        if (iw.c.f24664b.contains(nVar)) {
            aVar = new dv.a(nVar);
        } else {
            HashMap hashMap = iw.c.f24665c;
            aVar = hashMap.containsKey(e10) ? new dv.a(nVar, (gu.e) hashMap.get(e10)) : new dv.a(nVar, v0.f20723a);
        }
        try {
            Signature a10 = aVar2.a(aVar);
            a10.initSign(privateKey);
            ov.a aVar3 = new ov.a(a10);
            JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
            a0Var.f18966c = aVar;
            if (!vector.isEmpty()) {
                l[] lVarArr = new l[vector.size()];
                for (int i10 = 0; i10 != vector.size(); i10++) {
                    lVarArr[i10] = (l) hashtable.get(vector.elementAt(i10));
                }
                m mVar = new m(lVarArr);
                a0Var.f18972i = mVar;
                l n11 = mVar.n(l.f19022e);
                if (n11 != null && n11.f19038b) {
                    a0Var.f18973j = true;
                }
            }
            try {
                x a11 = a0Var.a();
                q.a(aVar3, "DER").k(a11);
                aVar3.close();
                try {
                    byte[] sign = a10.sign();
                    gu.f fVar = new gu.f();
                    fVar.a(a11);
                    fVar.a(aVar);
                    fVar.a(new o0(sign));
                    X509Certificate a12 = jcaX509CertificateConverter.a(new X509CertificateHolder(h.n(new b1(fVar))));
                    kotlin.jvm.internal.e.e(a12, "JcaX509CertificateConver…der.build(contentSigner))");
                    return a12;
                } catch (SignatureException e11) {
                    throw new RuntimeOperatorException("exception obtaining signature: " + e11.getMessage(), e11);
                }
            } catch (IOException unused) {
                throw new IllegalArgumentException("cannot produce certificate signature");
            }
        } catch (GeneralSecurityException e12) {
            throw new OperatorCreationException("cannot create signer: " + e12.getMessage(), e12);
        }
    }

    @Override // oq.a
    public final byte[] a(byte[] input) {
        com.transsion.security.aosp.hap.base.interstore.c b10;
        kotlin.jvm.internal.e.f(input, "input");
        this.f15385a.b();
        TranHapKeyStoreLite tranHapKeyStoreLite = (TranHapKeyStoreLite) this.f15388d;
        KeyStore.Entry a10 = tranHapKeyStoreLite.a("signatureAlias");
        if (a10 != null && (b10 = tranHapKeyStoreLite.b("signatureAlias")) != null) {
            String str = gn.c.a(b10.f15398a).f20581a;
            if (kotlin.jvm.internal.e.a(str, "HmacSHA256") ? true : kotlin.jvm.internal.e.a(str, "AES")) {
                if (a10 instanceof KeyStore.SecretKeyEntry) {
                    SecretKey secretKey = ((KeyStore.SecretKeyEntry) a10).getSecretKey();
                    kotlin.jvm.internal.e.e(secretKey, "keyEntry.secretKey");
                    Mac mac = Mac.getInstance("HmacSHA256");
                    mac.init(secretKey);
                    byte[] doFinal = mac.doFinal(input);
                    kotlin.jvm.internal.e.e(doFinal, "mac.doFinal(data)");
                    return doFinal;
                }
            } else if (kotlin.jvm.internal.e.a(str, "SHA256withECDSA") && (a10 instanceof KeyStore.PrivateKeyEntry)) {
                PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) a10).getPrivateKey();
                kotlin.jvm.internal.e.e(privateKey, "keyEntry.privateKey");
                Signature signature = Signature.getInstance("SHA256withECDSA");
                signature.initSign(privateKey);
                signature.update(input);
                byte[] sign = signature.sign();
                kotlin.jvm.internal.e.e(sign, "signature_.sign()");
                return sign;
            }
        }
        return null;
    }

    @Override // oq.a
    public final List<String> b() {
        this.f15385a.b();
        return (List) kotlinx.coroutines.f.c(new TranHapCryptoManagerV2Impl$aliases$1(this, null));
    }

    @Override // oq.a
    public final byte[] c() {
        this.f15385a.b();
        return (byte[]) kotlinx.coroutines.f.c(new TranHapCryptoManagerV2Impl$exportKey$1(this, "signatureAlias", null));
    }

    @Override // oq.a
    public final void d() {
        KeyStore.Entry privateKeyEntry;
        KeyProtection.Builder digests;
        KeyProtection build;
        KeyProtection.Builder encryptionPaddings;
        this.f15385a.b();
        this.f15386b.i();
        if (((Boolean) kotlinx.coroutines.f.c(new TranHapCryptoManagerV2Impl$generateKey$1(this, "signatureAlias", null))).booleanValue()) {
            return;
        }
        String str = gn.c.a(1061).f20581a;
        boolean a10 = kotlin.jvm.internal.e.a(str, "AES/CBC/PKCS7Padding");
        com.transsion.security.aosp.hap.base.interstore.a aVar = this.f15388d;
        if (a10) {
            Charset charset = gn.b.f20583a;
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidOpenSSL");
            kotlin.jvm.internal.e.e(new KeyGenParameterSpec.Builder("signatureAlias", 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setRandomizedEncryptionRequired(false).setKeySize(gn.c.a(1061).f20582b).build(), "Builder(alias,\n         …                 .build()");
            keyGenerator.init(gn.c.a(1061).f20582b);
            privateKeyEntry = new KeyStore.SecretKeyEntry(keyGenerator.generateKey());
            encryptionPaddings = new KeyProtection.Builder(3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding");
        } else {
            if (!kotlin.jvm.internal.e.a(str, "AES/GCM/NoPadding")) {
                if (kotlin.jvm.internal.e.a(str, "RSA/ECB/OAEPWithSHA-1AndMGF1Padding")) {
                    Charset charset2 = gn.b.f20583a;
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidOpenSSL");
                    keyPairGenerator.initialize(gn.c.a(1061).f20582b);
                    KeyPair genKeyPair = keyPairGenerator.genKeyPair();
                    privateKeyEntry = new KeyStore.PrivateKeyEntry(genKeyPair.getPrivate(), new X509Certificate[]{e(genKeyPair)});
                    digests = new KeyProtection.Builder((Build.VERSION.SDK_INT >= 28 ? 32 : 0) | 3).setEncryptionPaddings("OAEPPadding").setDigests("SHA-1");
                } else if (kotlin.jvm.internal.e.a(str, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding")) {
                    Charset charset3 = gn.b.f20583a;
                    KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", "AndroidOpenSSL");
                    keyPairGenerator2.initialize(gn.c.a(1061).f20582b);
                    KeyPair genKeyPair2 = keyPairGenerator2.genKeyPair();
                    privateKeyEntry = new KeyStore.PrivateKeyEntry(genKeyPair2.getPrivate(), new X509Certificate[]{e(genKeyPair2)});
                    digests = new KeyProtection.Builder((Build.VERSION.SDK_INT >= 28 ? 32 : 0) | 3).setBlockModes("ECB").setEncryptionPaddings("OAEPPadding").setDigests(DataSecurity.SHA256_TYPE);
                } else {
                    if (kotlin.jvm.internal.e.a(str, "HmacSHA256")) {
                        Charset charset4 = gn.b.f20583a;
                        KeyGenerator keyGenerator2 = KeyGenerator.getInstance("HmacSHA256", "AndroidOpenSSL");
                        keyGenerator2.init(gn.c.a(1061).f20582b);
                        privateKeyEntry = new KeyStore.SecretKeyEntry(keyGenerator2.generateKey());
                        build = new KeyProtection.Builder(4).build();
                        kotlin.jvm.internal.e.e(build, "Builder(KeyProperties.PU…                 .build()");
                        ((TranHapKeyStoreLite) aVar).c(privateKeyEntry, build);
                    }
                    if (!kotlin.jvm.internal.e.a(str, "SHA256withECDSA")) {
                        return;
                    }
                    Charset charset5 = gn.b.f20583a;
                    KeyPairGenerator keyPairGenerator3 = KeyPairGenerator.getInstance("EC", "AndroidOpenSSL");
                    keyPairGenerator3.initialize(new ECGenParameterSpec("secp256r1"));
                    KeyPair genKeyPair3 = keyPairGenerator3.genKeyPair();
                    privateKeyEntry = new KeyStore.PrivateKeyEntry(genKeyPair3.getPrivate(), new X509Certificate[]{e(genKeyPair3)});
                    digests = new KeyProtection.Builder(12).setDigests(DataSecurity.SHA256_TYPE);
                }
                build = digests.build();
                kotlin.jvm.internal.e.e(build, "Builder(\n               …                 .build()");
                ((TranHapKeyStoreLite) aVar).c(privateKeyEntry, build);
            }
            Charset charset6 = gn.b.f20583a;
            KeyGenerator keyGenerator3 = KeyGenerator.getInstance("AES", "AndroidOpenSSL");
            keyGenerator3.init(gn.c.a(1061).f20582b);
            privateKeyEntry = new KeyStore.SecretKeyEntry(keyGenerator3.generateKey());
            encryptionPaddings = new KeyProtection.Builder(3).setBlockModes("GCM").setEncryptionPaddings("NoPadding");
        }
        digests = encryptionPaddings.setRandomizedEncryptionRequired(false);
        build = digests.build();
        kotlin.jvm.internal.e.e(build, "Builder(\n               …                 .build()");
        ((TranHapKeyStoreLite) aVar).c(privateKeyEntry, build);
    }
}
