package com.navercorp.nid.sign.domain.usecase;

import android.util.Base64;
import com.navercorp.nid.NidAppContext;
import com.navercorp.nid.ext.ByteArrayExtKt;
import com.navercorp.nid.log.NidLog;
import com.navercorp.nid.log.SafetyStackTracer;
import com.navercorp.nid.nelo.NidNeloManager;
import com.navercorp.nid.sc.openssl.jcajce.JceOpenSSLPKCS8EncryptorBuilder;
import com.navercorp.nid.security.NidSecureString;
import com.navercorp.nid.sign.legacy.te.NidEncryptedPreferenceManager;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import kotlin.Result;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.s0;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.openssl.PKCS8Generator;
import org.spongycastle.openssl.jcajce.JcaPKCS8Generator;
import org.spongycastle.operator.OutputEncryptor;

/* loaded from: classes5.dex */
public final class m {
    @hq.h
    public static com.navercorp.nid.sign.nte.csr.a a(@hq.g com.navercorp.nid.sign.method.npin.a pinCode, @hq.g byte[] salt2) {
        Object m287constructorimpl;
        byte[] ut;
        kotlin.jvm.internal.e0.p(pinCode, "pinCode");
        kotlin.jvm.internal.e0.p(salt2, "salt2");
        NidEncryptedPreferenceManager.save("NTE_PRIVATE_KEY", (String) null);
        NidEncryptedPreferenceManager.save("NTE_PUBLIC_KEY", (String) null);
        NidEncryptedPreferenceManager.save("NTE_SECRET_KEY_ALIAS", (String) null);
        NidEncryptedPreferenceManager.save("BIOMETRIC_ENCRYPTED_PRIVATE_KEY", (String) null);
        NidEncryptedPreferenceManager.save("BIOMETRIC_PUBLIC_KEY", (String) null);
        NidEncryptedPreferenceManager.save("BIOMETRIC_SECRET_KEY_ALIAS", (String) null);
        NidEncryptedPreferenceManager.save("IS_DEFAULT_AUTH_BIOMETRIC", false);
        com.navercorp.nid.sign.method.npin.ui.a.f59587a.getClass();
        NidLog.d("NaverSignLog | NpinKeyStore", "called generateKeyPair()");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidOpenSSL");
        keyPairGenerator.initialize(new ECGenParameterSpec("secp256r1"));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        if (generateKeyPair == null) {
            return null;
        }
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        try {
            Result.Companion companion = Result.INSTANCE;
            m287constructorimpl = Result.m287constructorimpl(b(pinCode.c(), bArr));
        } catch (Throwable th2) {
            Result.Companion companion2 = Result.INSTANCE;
            m287constructorimpl = Result.m287constructorimpl(s0.a(th2));
        }
        Throwable m290exceptionOrNullimpl = Result.m290exceptionOrNullimpl(m287constructorimpl);
        if (m290exceptionOrNullimpl != null) {
            SafetyStackTracer.print("NaverSignLog | GenerateSignatureGenInfoUseCase", m290exceptionOrNullimpl);
            NidNeloManager.request(NidAppContext.INSTANCE.getCtx(), "GenerateSignatureGenInfoUseCase::PBKDF2() | derivedKey1 is failed.", new Exception(m290exceptionOrNullimpl));
        }
        if (Result.m292isFailureimpl(m287constructorimpl)) {
            m287constructorimpl = null;
        }
        OutputEncryptor outputEncryptor = (OutputEncryptor) m287constructorimpl;
        if (outputEncryptor == null) {
            return null;
        }
        PrivateKey privateKey = generateKeyPair.getPrivate();
        kotlin.jvm.internal.e0.o(privateKey, "privateKey");
        byte[] content = new JcaPKCS8Generator(KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(privateKey.getEncoded())), outputEncryptor).generate().getContent();
        kotlin.jvm.internal.e0.o(content, "pem.content");
        SecretKey generateSecret = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256", new BouncyCastleProvider()).generateSecret(new PBEKeySpec(pinCode.c().toCharArray(), salt2, 2048, 256));
        kotlin.jvm.internal.e0.o(generateSecret, "keyFactory.generateSecret(keySpec)");
        NidLog.d("NaverSignLog | GenerateSignatureGenInfoUseCase", "called encryptBySecretKey(plain, secretKey)");
        byte[] encoded = generateSecret.getEncoded();
        kotlin.jvm.internal.e0.o(encoded, "secretKey.encoded");
        ut = ArraysKt___ArraysKt.ut(encoded, new kotlin.ranges.k(0, 15));
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        cipher.init(1, generateSecret, new IvParameterSpec(ut));
        byte[] doFinal = cipher.doFinal(content);
        kotlin.jvm.internal.e0.o(doFinal, "c.doFinal(this)");
        com.navercorp.nid.sign.method.npin.ui.a.f59587a.getClass();
        com.navercorp.nid.sign.method.npin.ui.a.d();
        SecretKey d = com.navercorp.nid.sign.method.npin.ui.a.d();
        Cipher cipher2 = Cipher.getInstance("AES/CBC/PKCS7Padding");
        cipher2.init(1, d);
        byte[] result = cipher2.doFinal(doFinal);
        NidEncryptedPreferenceManager.save("NTE_INIT_VECTOR", Base64.encodeToString(cipher2.getIV(), 0));
        kotlin.jvm.internal.e0.o(result, "result");
        NidEncryptedPreferenceManager.save("NTE_PRIVATE_KEY", Base64.encodeToString(result, 11));
        NidEncryptedPreferenceManager.save("NTE_PUBLIC_KEY", Base64.encodeToString(generateKeyPair.getPublic().getEncoded(), 11));
        pinCode.b();
        ByteArrayExtKt.clear(bArr);
        ByteArrayExtKt.clear(salt2);
        ByteArrayExtKt.clear(content);
        ByteArrayExtKt.clear(doFinal);
        ByteArrayExtKt.clear(result);
        return new com.navercorp.nid.sign.nte.csr.a(com.navercorp.nid.sign.method.npin.ui.a.c(), generateKeyPair);
    }

    private static OutputEncryptor b(NidSecureString nidSecureString, byte[] bArr) {
        JceOpenSSLPKCS8EncryptorBuilder jceOpenSSLPKCS8EncryptorBuilder = new JceOpenSSLPKCS8EncryptorBuilder(PKCS8Generator.AES_256_CBC);
        jceOpenSSLPKCS8EncryptorBuilder.setProvider(new BouncyCastleProvider());
        jceOpenSSLPKCS8EncryptorBuilder.setIterationCount(2048);
        jceOpenSSLPKCS8EncryptorBuilder.setRandom(new SecureRandom());
        jceOpenSSLPKCS8EncryptorBuilder.setSalt(bArr);
        jceOpenSSLPKCS8EncryptorBuilder.setPRF(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA256));
        jceOpenSSLPKCS8EncryptorBuilder.setPasssword(nidSecureString.toCharArray());
        OutputEncryptor build = jceOpenSSLPKCS8EncryptorBuilder.build();
        kotlin.jvm.internal.e0.o(build, "encryptorBuilder.build()");
        return build;
    }
}
