package com.navercorp.nid.sign.domain.usecase;

import android.util.Base64;
import com.navercorp.nid.ext.ByteArrayExtKt;
import com.navercorp.nid.log.NidLog;
import com.navercorp.nid.log.SafetyStackTracer;
import com.navercorp.nid.sign.legacy.te.NidEncryptedPreferenceManager;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import kotlin.Result;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.s0;
import org.spongycastle.asn1.pkcs.PrivateKeyInfo;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.spongycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder;

/* loaded from: classes5.dex */
public final class a {
    @hq.h
    public static PrivateKey a(@hq.g com.navercorp.nid.sign.method.npin.a pinCode, @hq.h byte[] bArr) {
        Object m287constructorimpl;
        kotlin.jvm.internal.e0.p(pinCode, "pinCode");
        try {
            Result.Companion companion = Result.INSTANCE;
        } catch (Throwable th2) {
            Result.Companion companion2 = Result.INSTANCE;
            m287constructorimpl = Result.m287constructorimpl(s0.a(th2));
        }
        if (bArr == null) {
            return null;
        }
        NidLog.i("NaverSignLog | GetSignatureGenInfoUseCase", "패스워드 기반 암호화된 개인키 획득");
        String load = NidEncryptedPreferenceManager.load("NTE_PRIVATE_KEY", (String) null);
        if (load == null) {
            return null;
        }
        byte[] encryptedPrivateKey3 = Base64.decode(load, 11);
        NidLog.i("NaverSignLog | GetSignatureGenInfoUseCase", "3차 복호화 : decrypt(패스워드 기반 암호화된 개인키) by SecretKey in TEE (without user authenticate)");
        NidLog.i("NaverSignLog | GetSignatureGenInfoUseCase", "2차 암호화된 개인키 획득");
        kotlin.jvm.internal.e0.o(encryptedPrivateKey3, "encryptedPrivateKey3");
        byte[] b = b(encryptedPrivateKey3);
        NidLog.i("NaverSignLog | GetSignatureGenInfoUseCase", "2차 복호화키 유도");
        char[] charArray = pinCode.c().toCharArray();
        NidLog.d("NaverSignLog | GetSignatureGenInfoUseCase", "called PBKDF2(password, salt, iterationCount, keyLength)");
        SecretKey generateSecret = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256", new BouncyCastleProvider()).generateSecret(new PBEKeySpec(charArray, bArr, 2048, 256));
        kotlin.jvm.internal.e0.o(generateSecret, "keyFactory.generateSecret(keySpec)");
        NidLog.i("NaverSignLog | GetSignatureGenInfoUseCase", "decrypt(EncryptedPrivateKey) by 2차 암호화 키");
        NidLog.i("NaverSignLog | GetSignatureGenInfoUseCase", "1차 암호화된 개인키 획득");
        byte[] c10 = c(b, generateSecret);
        NidLog.i("NaverSignLog | GetSignatureGenInfoUseCase", "(PKCS8) EncryptedPrivateKey의 정보를 바탕으로 PrivateKeyInfo 유도");
        char[] charArray2 = pinCode.c().toCharArray();
        NidLog.d("NaverSignLog | GetSignatureGenInfoUseCase", "called decryptPrivateKeyInfo(password)");
        PKCS8EncryptedPrivateKeyInfo pKCS8EncryptedPrivateKeyInfo = new PKCS8EncryptedPrivateKeyInfo(c10);
        JcePKCSPBEInputDecryptorProviderBuilder jcePKCSPBEInputDecryptorProviderBuilder = new JcePKCSPBEInputDecryptorProviderBuilder();
        jcePKCSPBEInputDecryptorProviderBuilder.setProvider(new BouncyCastleProvider());
        PrivateKeyInfo decryptPrivateKeyInfo = pKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(jcePKCSPBEInputDecryptorProviderBuilder.build(charArray2));
        kotlin.jvm.internal.e0.o(decryptPrivateKeyInfo, "encryptedPrivateKeyInfo.…PrivateKeyInfo(pkcs8Prov)");
        NidLog.i("NaverSignLog | GetSignatureGenInfoUseCase", "전자서명 생성 정보 추출");
        NidLog.d("NaverSignLog | GetSignatureGenInfoUseCase", "called parseECPrivateKey()");
        PrivateKey generatePrivate = KeyFactory.getInstance("EC", "AndroidOpenSSL").generatePrivate(new PKCS8EncodedKeySpec(decryptPrivateKeyInfo.getEncoded()));
        kotlin.jvm.internal.e0.o(generatePrivate, "keyFactory.generatePrivate(keySpec)");
        pinCode.b();
        ByteArrayExtKt.clear(bArr);
        ByteArrayExtKt.clear(encryptedPrivateKey3);
        ByteArrayExtKt.clear(b);
        ByteArrayExtKt.clear(c10);
        m287constructorimpl = Result.m287constructorimpl(generatePrivate);
        Throwable m290exceptionOrNullimpl = Result.m290exceptionOrNullimpl(m287constructorimpl);
        if (m290exceptionOrNullimpl != null) {
            SafetyStackTracer.print("NaverSignLog | GetSignatureGenInfoUseCase", m290exceptionOrNullimpl);
        }
        return (PrivateKey) (Result.m292isFailureimpl(m287constructorimpl) ? null : m287constructorimpl);
    }

    private static byte[] b(byte[] bArr) {
        SecretKey secretKey;
        NidLog.d("NaverSignLog | GetSignatureGenInfoUseCase", "called decryptByTEE()");
        com.navercorp.nid.sign.method.npin.ui.a.f59587a.getClass();
        String load = NidEncryptedPreferenceManager.load("NTE_SECRET_KEY_ALIAS", (String) null);
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (keyStore.containsAlias(load)) {
            Key key = keyStore.getKey(load, null);
            if (key == null) {
                throw new NullPointerException("null cannot be cast to non-null type javax.crypto.SecretKey");
            }
            secretKey = (SecretKey) key;
        } else {
            secretKey = null;
        }
        byte[] decode = Base64.decode(NidEncryptedPreferenceManager.load("NTE_INIT_VECTOR", (String) null), 0);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        cipher.init(2, secretKey, new IvParameterSpec(decode));
        byte[] doFinal = cipher.doFinal(bArr);
        kotlin.jvm.internal.e0.o(doFinal, "c.doFinal(this)");
        return doFinal;
    }

    private static byte[] c(byte[] bArr, SecretKey secretKey) {
        byte[] ut;
        NidLog.d("NaverSignLog | GetSignatureGenInfoUseCase", "called decryptBy(secretKey)");
        byte[] encoded = secretKey.getEncoded();
        kotlin.jvm.internal.e0.o(encoded, "secretKey.encoded");
        ut = ArraysKt___ArraysKt.ut(encoded, new kotlin.ranges.k(0, 15));
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        cipher.init(2, secretKey, new IvParameterSpec(ut));
        byte[] doFinal = cipher.doFinal(bArr);
        kotlin.jvm.internal.e0.o(doFinal, "c.doFinal(this)");
        return doFinal;
    }
}
