package com.navercorp.nid.sign.nte;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import com.navercorp.nelo2.android.Nelo2Constants;
import com.navercorp.nid.NidAppContext;
import com.navercorp.nid.log.NidLog;
import com.navercorp.nid.login.NLoginManager;
import com.navercorp.nid.nelo.NidNeloManager;
import com.navercorp.nid.sign.legacy.te.NidEncryptedPreferenceManager;
import com.navercorp.nid.utils.NidSystemInfo;
import hq.g;
import hq.h;
import java.security.Key;
import java.security.KeyStore;
import java.security.ProviderException;
import java.security.Security;
import java.util.UUID;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import kotlin.jvm.internal.e0;
import kotlin.text.StringsKt__StringsKt;
import kotlin.text.u;

@SuppressLint({"LongLogTag"})
/* loaded from: classes5.dex */
public final class a {
    private static String a() {
        NidLog.d("NTECertificateKeyStoreManager", "NaverSignLog | called generateSecretKeyAlias()");
        StringBuilder sb2 = new StringBuilder();
        sb2.append("com.navercorp.sign-");
        String load = NidEncryptedPreferenceManager.load("NTE_SECRET_UUID", (String) null);
        if (load == null || load.length() == 0) {
            String uuid = UUID.randomUUID().toString();
            e0.o(uuid, "randomUUID().toString()");
            load = u.k2(uuid, Nelo2Constants.NULL, "", false, 4, null);
            NidEncryptedPreferenceManager.save("NTE_SECRET_UUID", load);
        }
        sb2.append(load);
        sb2.append("-SECRET-");
        sb2.append(NLoginManager.getIdNo());
        sb2.append(Nelo2Constants.NULL);
        sb2.append(NidEncryptedPreferenceManager.load("NTE_SECRET_REGISTER_COUNT", 0));
        NidLog.d("NTECertificateKeyStoreManager", "NaverSignLog | generateSecretKeyAlias() | alias : " + ((Object) sb2));
        String sb3 = sb2.toString();
        e0.o(sb3, "alias.toString()");
        return sb3;
    }

    @g
    public static SecretKey b(@h Context context) {
        NidLog.d("NTECertificateKeyStoreManager", "NaverSignLog | called getOrCreateSecretKey()");
        String c10 = c();
        NidLog.d("NTECertificateKeyStoreManager", "NaverSignLog | getOrCreateSecretKey() | alias : " + c10);
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (keyStore.containsAlias(c10)) {
            NidLog.d("NTECertificateKeyStoreManager", "NaverSignLog | getOrCreateSecretKey() | SecretKey is exist, return SecretKey");
            Key key = keyStore.getKey(c10, null);
            if (key != null) {
                return (SecretKey) key;
            }
            throw new NullPointerException("null cannot be cast to non-null type javax.crypto.SecretKey");
        }
        NidLog.d("NTECertificateKeyStoreManager", "NaverSignLog | getOrCreateSecretKey() | SecretKey is not exist, generate and return SecretKey");
        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(c10, 3);
        builder.setBlockModes("CBC");
        builder.setEncryptionPaddings("PKCS7Padding");
        int i = 1;
        builder.setUserAuthenticationRequired(true);
        int i9 = Build.VERSION.SDK_INT;
        if (i9 >= 24) {
            builder.setInvalidatedByBiometricEnrollment(true);
        }
        if (i9 < 30) {
            NidLog.d("NTECertificateKeyStoreManager", "NaverSignLog | generateKeyPairAboveApi23() | duration set -1");
            if (NidSystemInfo.isBiometricEnrolled()) {
                NidLog.d("NTECertificateKeyStoreManager", "NaverSignLog | generateKeyPairAboveApi23() | Biometric");
                i = -1;
            } else {
                NidLog.d("NTECertificateKeyStoreManager", "NaverSignLog | generateKeyPairAboveApi23() | KeyGuard");
            }
            builder.setUserAuthenticationValidityDurationSeconds(i);
        } else if (NidSystemInfo.isBiometricEnrolled()) {
            NidLog.d("NTECertificateKeyStoreManager", "NaverSignLog | generateKeyPairAboveApi30() | Biometric");
            builder.setUserAuthenticationParameters(0, 2);
        } else {
            NidLog.d("NTECertificateKeyStoreManager", "NaverSignLog | generateKeyPairAboveApi30() | KeyGuard");
            builder.setUserAuthenticationParameters(0, 1);
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance(com.navercorp.nid.crypto.b.TAG, "AndroidKeyStore");
        keyGenerator.init(builder.build());
        try {
            SecretKey generateKey = keyGenerator.generateKey();
            e0.o(generateKey, "{\n                keyGen…nerateKey()\n            }");
            return generateKey;
        } catch (ProviderException e) {
            if (context == null) {
                context = NidAppContext.INSTANCE.getCtx();
            }
            NidNeloManager.request(context, "NTECertificateKeyStoreManager::getOrCreateSecretKey() | ProviderException", e);
            KeyStore keyStore2 = KeyStore.getInstance("AndroidKeyStore");
            keyStore2.load(null, null);
            Security.insertProviderAt(keyStore2.getProvider(), 0);
            SecretKey generateKey2 = keyGenerator.generateKey();
            e0.o(generateKey2, "{\n                NidNel…nerateKey()\n            }");
            return generateKey2;
        }
    }

    @g
    public static String c() {
        boolean S2;
        NidLog.d("NTECertificateKeyStoreManager", "NaverSignLog | called getOrCreateSecretKeyAlias()");
        String g9 = c.g();
        NidLog.d("NTECertificateKeyStoreManager", "NaverSignLog | getOrCreateSecretKeyAlias() | alias : " + g9);
        if (!(g9 == null || g9.length() == 0)) {
            S2 = StringsKt__StringsKt.S2(g9, "SECRET", true);
            if (S2) {
                return g9;
            }
        }
        d();
        String a7 = a();
        NidLog.d("NTECertificateKeyStoreManager", "NaverSignLog | getOrCreateSecretKeyAlias() | alias : " + a7);
        c.e(a7);
        return a7;
    }

    public static void d() {
        NidLog.d("NTECertificateKeyStoreManager", "NaverSignLog | called updateSecretRegisterCount()");
        int d = c.d();
        NidLog.d("NTECertificateKeyStoreManager", "NaverSignLog | updateSecretRegisterCount() | origin : " + d);
        c.b(d + 1);
    }
}
