package defpackage;

import android.security.keystore.KeyGenParameterSpec;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import javax.security.auth.x500.X500Principal;

/* compiled from: :com.google.android.gms@224516015@22.45.16 (040300-489045761) */
/* loaded from: classes4.dex */
public final class awvl {
    private final SecureRandom b = new SecureRandom();
    public final awvk a = new awvk();

    static String a(String str) {
        return String.format("%s.%s", "nearby.connections", str);
    }

    static final Signature e() {
        return Signature.getInstance("SHA256withECDSA");
    }

    public static final boolean f(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        if (!dluf.az()) {
            return false;
        }
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("EC");
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(bArr);
            try {
                PublicKey generatePublic = keyFactory.generatePublic(x509EncodedKeySpec);
                try {
                    Signature e = e();
                    try {
                        e.initVerify(generatePublic);
                        try {
                            e.update(bArr2);
                            return e.verify(bArr3);
                        } catch (SignatureException e2) {
                            ((cnmx) ((cnmx) ((cnmx) awvb.a.j()).s(e2)).ai((char) 5075)).y("Failed to verify bytes with paired key.");
                            return false;
                        }
                    } catch (InvalidKeyException e3) {
                        ((cnmx) ((cnmx) ((cnmx) awvb.a.j()).s(e3)).ai((char) 5076)).y("Failed to verify bytes with paired key.");
                        return false;
                    }
                } catch (NoSuchAlgorithmException e4) {
                    ((cnmx) ((cnmx) ((cnmx) awvb.a.j()).s(e4)).ai((char) 5077)).C("Failed to verify bytes with paired key: %s", "SHA256withECDSA");
                    return false;
                }
            } catch (InvalidKeySpecException e5) {
                ((cnmx) ((cnmx) ((cnmx) awvb.a.j()).s(e5)).ai((char) 5078)).C("Failed to verify bytes with paired key: %s", x509EncodedKeySpec.getFormat());
                return false;
            }
        } catch (NoSuchAlgorithmException e6) {
            ((cnmx) ((cnmx) ((cnmx) awvb.a.j()).s(e6)).ai((char) 5079)).C("Failed to verify bytes with paired key: %s", "EC");
            return false;
        }
    }

    private final byte[] g() {
        byte[] bArr = new byte[72];
        this.b.nextBytes(bArr);
        return bArr;
    }

    public final void b(String str) {
        try {
            awvk awvkVar = this.a;
            String a = a(str);
            KeyStore keyStore = awvkVar.a;
            if (keyStore == null) {
                throw new KeyStoreException("No AndroidKeyStore found on device.");
            }
            if (keyStore.containsAlias(a)) {
                awvkVar.a.deleteEntry(a);
            }
        } catch (KeyStoreException e) {
            abkj abkjVar = awvb.a;
        }
    }

    public final byte[] c(String str) {
        if (!dluf.az()) {
            return null;
        }
        String a = a(str);
        try {
            Certificate a2 = this.a.a(a);
            if (a2 != null) {
                return a2.getPublicKey().getEncoded();
            }
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
                try {
                    keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(a, 12).setDigests("SHA-256").setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setCertificateSubject(new X500Principal("O=Google, OU=Android, C=US")).setRandomizedEncryptionRequired(false).build());
                    try {
                        keyPairGenerator.generateKeyPair();
                        abkj abkjVar = awvb.a;
                        try {
                            Certificate a3 = this.a.a(a);
                            if (a3 == null) {
                                return null;
                            }
                            return a3.getPublicKey().getEncoded();
                        } catch (KeyStoreException e) {
                            ((cnmx) ((cnmx) ((cnmx) awvb.a.j()).s(e)).ai((char) 5082)).y("Failed to create paired key.");
                            return null;
                        }
                    } catch (ProviderException e2) {
                        ((cnmx) ((cnmx) ((cnmx) awvb.a.j()).s(e2)).ai((char) 5083)).y("Failed to create paired key.");
                        return null;
                    }
                } catch (InvalidAlgorithmParameterException e3) {
                    ((cnmx) ((cnmx) ((cnmx) awvb.a.j()).s(e3)).ai((char) 5084)).y("Failed to create paired key.");
                    return null;
                }
            } catch (NoSuchAlgorithmException | NoSuchProviderException e4) {
                ((cnmx) ((cnmx) ((cnmx) awvb.a.j()).s(e4)).ai((char) 5085)).y("Failed to create paired key.");
                return null;
            }
        } catch (KeyStoreException e5) {
            ((cnmx) ((cnmx) ((cnmx) awvb.a.j()).s(e5)).ai((char) 5080)).y("Failed to create paired key.");
            return null;
        }
    }

    public final byte[] d(String str, byte[] bArr) {
        if (!dluf.az()) {
            return g();
        }
        try {
            String a = a(str);
            KeyStore keyStore = this.a.a;
            if (keyStore == null) {
                throw new KeyStoreException("No AndroidKeyStore found on device.");
            }
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(a, null);
            X509Certificate x509Certificate = (X509Certificate) this.a.a(a);
            if (privateKey == null) {
                ((cnmx) ((cnmx) awvb.a.j()).ai((char) 5090)).y("No private key is available. Failed to sign with paired key.");
                return g();
            }
            if (x509Certificate != null && x509Certificate.getPublicKey() != null) {
                abkj abkjVar = awvb.a;
                Arrays.toString(x509Certificate.getPublicKey().getEncoded());
            }
            try {
                Signature e = e();
                try {
                    e.initSign(privateKey);
                    try {
                        e.update(bArr);
                        return e.sign();
                    } catch (SignatureException e2) {
                        ((cnmx) ((cnmx) ((cnmx) awvb.a.j()).s(e2)).ai((char) 5086)).y("Failed to sign with paired key.");
                        return g();
                    }
                } catch (InvalidKeyException e3) {
                    ((cnmx) ((cnmx) ((cnmx) awvb.a.j()).s(e3)).ai((char) 5087)).C("Failed to sign with paired key: %s", privateKey.getAlgorithm());
                    return g();
                }
            } catch (NoSuchAlgorithmException e4) {
                ((cnmx) ((cnmx) ((cnmx) awvb.a.j()).s(e4)).ai((char) 5088)).y("Failed to sign with paired key.");
                return g();
            }
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e5) {
            ((cnmx) ((cnmx) ((cnmx) awvb.a.j()).s(e5)).ai((char) 5091)).y("Failed to sign with paired key.");
            return g();
        }
    }
}
