package defpackage;

import android.accounts.Account;
import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Base64;
import android.util.Log;
import com.google.android.gms.wallet.shared.ApplicationParameters;
import com.google.android.gms.wallet.shared.BuyFlowConfig;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.util.UUID;

/* compiled from: :com.google.android.gms@240615000@24.06.15 (020300-607434073) */
/* loaded from: classes5.dex */
public final class btwo {
    private static final Charset a = StandardCharsets.UTF_8;
    private final Context b;
    private final int c;
    private final Account d;

    public btwo(Context context, int i, Account account) {
        this.b = context;
        this.d = account;
        this.c = i;
    }

    public static btwo a(Context context, BuyFlowConfig buyFlowConfig) {
        ApplicationParameters applicationParameters = buyFlowConfig.b;
        return b(context, applicationParameters != null ? applicationParameters.a : -1, applicationParameters != null ? applicationParameters.b : null);
    }

    public static btwo b(Context context, int i, Account account) {
        return new btwo(context.getApplicationContext(), i, account);
    }

    static final ECPublicKey d(String str, int i) {
        if (Build.VERSION.SDK_INT < 23) {
            throw new IllegalStateException("Cannot be called in versions prior to M!");
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 4).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setDigests("SHA-256").setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(i).build());
            return (ECPublicKey) keyPairGenerator.generateKeyPair().getPublic();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new RuntimeException(e);
        }
    }

    static final KeyStore e() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return keyStore;
    }

    private final void k(Throwable th) {
        if (acru.a()) {
            Log.e("KeyStoreUtils", "UncaughtException", th);
        } else {
            bunj.a(this.b, th);
        }
    }

    private final Signature l(KeyStore keyStore, int i) {
        if (!keyStore.containsAlias(g(i))) {
            return null;
        }
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(g(i), null);
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(privateKey);
        return signature;
    }

    public final byte[] c(byte[] bArr, Signature signature) {
        try {
            signature.update(bArr);
            return signature.sign();
        } catch (SignatureException e) {
            bunj.a(this.b, e);
            return null;
        }
    }

    public final cots f(int i) {
        int i2;
        if (Build.VERSION.SDK_INT < 23) {
            throw new IllegalStateException("Cannot be called in versions prior to M!");
        }
        String uuid = UUID.randomUUID().toString();
        int i3 = i - 1;
        switch (i3) {
            case 1:
                i2 = -1;
                break;
            case 2:
                i2 = (int) dsrb.a.a().a();
                break;
            default:
                throw new AssertionError("Unsupported authenticator");
        }
        ECPublicKey d = d(g(i), i2);
        dghk dI = cots.g.dI();
        if (!dI.b.dZ()) {
            dI.T();
        }
        dghr dghrVar = dI.b;
        cots cotsVar = (cots) dghrVar;
        cotsVar.e = i3;
        cotsVar.a |= 8;
        if (!dghrVar.dZ()) {
            dI.T();
        }
        dghr dghrVar2 = dI.b;
        cots cotsVar2 = (cots) dghrVar2;
        uuid.getClass();
        cotsVar2.a |= 4;
        cotsVar2.d = uuid;
        if (!dghrVar2.dZ()) {
            dI.T();
        }
        cots cotsVar3 = (cots) dI.b;
        cotsVar3.c = 1;
        cotsVar3.a |= 2;
        String encodeToString = Base64.encodeToString(btwj.b(d.getW()), 2);
        if (!dI.b.dZ()) {
            dI.T();
        }
        cots cotsVar4 = (cots) dI.b;
        encodeToString.getClass();
        cotsVar4.a = 1 | cotsVar4.a;
        cotsVar4.b = encodeToString;
        try {
            Certificate[] certificateChain = e().getCertificateChain(g(i));
            if (certificateChain != null) {
                dghk dI2 = cotl.b.dI();
                for (Certificate certificate : certificateChain) {
                    dggd A = dggd.A(certificate.getEncoded());
                    if (!dI2.b.dZ()) {
                        dI2.T();
                    }
                    cotl cotlVar = (cotl) dI2.b;
                    dgij dgijVar = cotlVar.a;
                    if (!dgijVar.c()) {
                        cotlVar.a = dghr.dR(dgijVar);
                    }
                    cotlVar.a.add(A);
                }
                if (!dI.b.dZ()) {
                    dI.T();
                }
                cots cotsVar5 = (cots) dI.b;
                cotl cotlVar2 = (cotl) dI2.P();
                cotlVar2.getClass();
                cotsVar5.f = cotlVar2;
                cotsVar5.a |= 16;
            }
            return (cots) dI.P();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    final String g(int i) {
        btxe btxeVar = new btxe();
        btxeVar.b(this.c);
        btxeVar.c(this.d.name);
        if (i != 2) {
            cpnh.p(i == 3, "Unsupported authenticator");
            btxeVar.c("LOCKSCREEN");
        }
        return acqg.b("com.google.android.gms.wallet.keys:".concat(btxeVar.a()).getBytes(a));
    }

    public final Signature h(int i) {
        if (Build.VERSION.SDK_INT < 23) {
            return null;
        }
        try {
            return l(e(), i);
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            k(e);
            return null;
        }
    }

    public final void i(int i) {
        try {
            KeyStore e = e();
            if (e.containsAlias(g(i))) {
                e.deleteEntry(g(i));
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            bunj.a(this.b, e2);
        }
    }

    public final boolean j(int i) {
        Signature l;
        if (Build.VERSION.SDK_INT < 23) {
            return false;
        }
        try {
            try {
                KeyStore e = e();
                if (i != 3) {
                    l = l(e, i);
                } else {
                    if (!dsrb.a.a().b()) {
                        return e.containsAlias(g(3));
                    }
                    try {
                        l = l(e, 3);
                    } catch (InvalidKeyException e2) {
                        if (e2 instanceof UserNotAuthenticatedException) {
                            return true;
                        }
                        if (e2 instanceof KeyPermanentlyInvalidatedException) {
                            return false;
                        }
                        throw e2;
                    }
                }
                return l != null;
            } catch (InvalidKeyException e3) {
                e = e3;
                k(e);
                return false;
            }
        } catch (IOException e4) {
            e = e4;
            k(e);
            return false;
        } catch (KeyStoreException e5) {
            e = e5;
            k(e);
            return false;
        } catch (NoSuchAlgorithmException e6) {
            e = e6;
            k(e);
            return false;
        } catch (UnrecoverableKeyException e7) {
            e = e7;
            k(e);
            return false;
        } catch (CertificateException e8) {
            e = e8;
            k(e);
            return false;
        }
    }
}
