package defpackage;

import android.security.keystore.KeyGenParameterSpec;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import javax.security.auth.x500.X500Principal;

/* compiled from: :com.google.android.gms@242831000@24.28.31 (020300-652851592) */
/* loaded from: classes4.dex */
public final class bgyo {
    private dcwf c;
    private final SecureRandom b = new SecureRandom();
    private boolean d = false;
    public final bgyn a = new bgyn();

    static String a(String str) {
        return String.format("%s.%s", "nearby.connections", str);
    }

    static final Signature g() {
        return Signature.getInstance("SHA256withECDSA");
    }

    public static final boolean h(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        if (dzld.aE() && agdj.b()) {
            try {
                KeyFactory keyFactory = KeyFactory.getInstance("EC");
                X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(bArr);
                try {
                    PublicKey generatePublic = keyFactory.generatePublic(x509EncodedKeySpec);
                    try {
                        Signature g = g();
                        try {
                            g.initVerify(generatePublic);
                            try {
                                g.update(bArr2);
                                return g.verify(bArr3);
                            } catch (SignatureException e) {
                                bgxq.a.e().f(e).n("Failed to verify bytes with paired key.", new Object[0]);
                                return false;
                            }
                        } catch (InvalidKeyException e2) {
                            bgxq.a.e().f(e2).n("Failed to verify bytes with paired key.", new Object[0]);
                            return false;
                        }
                    } catch (NoSuchAlgorithmException e3) {
                        bgxq.a.e().f(e3).g("Failed to verify bytes with paired key: %s", "SHA256withECDSA");
                        return false;
                    }
                } catch (InvalidKeySpecException e4) {
                    bgxq.a.e().f(e4).g("Failed to verify bytes with paired key: %s", x509EncodedKeySpec.getFormat());
                    return false;
                }
            } catch (NoSuchAlgorithmException e5) {
                bgxq.a.e().f(e5).g("Failed to verify bytes with paired key: %s", "EC");
            }
        }
        return false;
    }

    private final dddy i() {
        if (!this.d && (!j() || !c())) {
            throw new GeneralSecurityException("Failed to do lazy initialization");
        }
        dcwf dcwfVar = this.c;
        if (dcwfVar == null) {
            throw new GeneralSecurityException("privateKeysetHandle is null");
        }
        try {
            return (dddy) dcwfVar.f().b().a;
        } catch (IllegalStateException | NullPointerException | GeneralSecurityException e) {
            throw new GeneralSecurityException(e);
        }
    }

    private final boolean j() {
        if (this.d) {
            return true;
        }
        if (!dzld.bf()) {
            return false;
        }
        try {
            dddz.a();
            this.d = true;
            return true;
        } catch (GeneralSecurityException e) {
            bgxq.a.e().f(e).n("Failed to register HybridConfig.", new Object[0]);
            return false;
        }
    }

    private final byte[] k() {
        byte[] bArr = new byte[72];
        this.b.nextBytes(bArr);
        return bArr;
    }

    public final void b(String str) {
        try {
            bgyn bgynVar = this.a;
            String a = a(str);
            KeyStore keyStore = bgynVar.a;
            if (keyStore == null) {
                throw new KeyStoreException("No AndroidKeyStore found on device.");
            }
            if (keyStore.containsAlias(a)) {
                bgynVar.a.deleteEntry(a);
            }
        } catch (KeyStoreException e) {
            bgxq.a.d().f(e).g("Failed to delete key store entry %s", str);
        }
    }

    public final boolean c() {
        if (j() && dzld.bf()) {
            try {
                dcwd dcwdVar = new dcwd();
                dcwb dcwbVar = new dcwb(dcwa.a("DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM").a());
                dcwbVar.b(1);
                dcwbVar.a();
                dcwdVar.c(dcwbVar);
                dcwf a = dcwdVar.a();
                this.c = a;
                return true;
            } catch (GeneralSecurityException e) {
                bgxq.a.e().f(e).n("Failed to generate a new HPKE key.", new Object[0]);
            }
        }
        return false;
    }

    public final byte[] d() {
        try {
            return i().b.c();
        } catch (IllegalStateException | NullPointerException | GeneralSecurityException e) {
            bgxq.a.e().f(e).n("Failed to get HPKE public key bytes.", new Object[0]);
            return null;
        }
    }

    public final byte[] e(String str) {
        KeyGenParameterSpec.Builder digests;
        KeyGenParameterSpec.Builder algorithmParameterSpec;
        KeyGenParameterSpec.Builder certificateSubject;
        KeyGenParameterSpec.Builder randomizedEncryptionRequired;
        KeyGenParameterSpec build;
        if (!dzld.aE() || !agdj.b()) {
            return null;
        }
        String a = a(str);
        try {
            Certificate a2 = this.a.a(a);
            if (a2 != null) {
                return a2.getPublicKey().getEncoded();
            }
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
                try {
                    digests = new KeyGenParameterSpec.Builder(a, 12).setDigests("SHA-256");
                    algorithmParameterSpec = digests.setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1"));
                    certificateSubject = algorithmParameterSpec.setCertificateSubject(new X500Principal("O=Google, OU=Android, C=US"));
                    randomizedEncryptionRequired = certificateSubject.setRandomizedEncryptionRequired(false);
                    build = randomizedEncryptionRequired.build();
                    keyPairGenerator.initialize(build);
                    try {
                        keyPairGenerator.generateKeyPair();
                        bgxq.a.d().n("Successfully create paired key.", new Object[0]);
                        try {
                            Certificate a3 = this.a.a(a);
                            if (a3 == null) {
                                return null;
                            }
                            return a3.getPublicKey().getEncoded();
                        } catch (KeyStoreException e) {
                            bgxq.a.e().f(e).n("Failed to create paired key.", new Object[0]);
                            return null;
                        }
                    } catch (ProviderException e2) {
                        bgxq.a.e().f(e2).n("Failed to create paired key.", new Object[0]);
                        return null;
                    }
                } catch (InvalidAlgorithmParameterException e3) {
                    bgxq.a.e().f(e3).n("Failed to create paired key.", new Object[0]);
                    return null;
                }
            } catch (NoSuchAlgorithmException | NoSuchProviderException e4) {
                bgxq.a.e().f(e4).n("Failed to create paired key.", new Object[0]);
                return null;
            }
        } catch (KeyStoreException e5) {
            bgxq.a.e().f(e5).n("Failed to create paired key.", new Object[0]);
            return null;
        }
    }

    public final byte[] f(String str, byte[] bArr) {
        if (dzld.aE() && agdj.b()) {
            try {
                String a = a(str);
                KeyStore keyStore = this.a.a;
                if (keyStore == null) {
                    throw new KeyStoreException("No AndroidKeyStore found on device.");
                }
                PrivateKey privateKey = (PrivateKey) keyStore.getKey(a, null);
                X509Certificate x509Certificate = (X509Certificate) this.a.a(a);
                if (privateKey == null) {
                    bgxq.a.e().n("No private key is available. Failed to sign with paired key.", new Object[0]);
                    return k();
                }
                if (x509Certificate != null && x509Certificate.getPublicKey() != null) {
                    bgxq.a.d().g("Current PublicKey for signing: %s", Arrays.toString(x509Certificate.getPublicKey().getEncoded()));
                }
                try {
                    Signature g = g();
                    try {
                        g.initSign(privateKey);
                        try {
                            g.update(bArr);
                            return g.sign();
                        } catch (SignatureException e) {
                            bgxq.a.e().f(e).n("Failed to sign with paired key.", new Object[0]);
                            return k();
                        }
                    } catch (InvalidKeyException e2) {
                        bgxq.a.e().f(e2).g("Failed to sign with paired key: %s", privateKey.getAlgorithm());
                        return k();
                    }
                } catch (NoSuchAlgorithmException e3) {
                    bgxq.a.e().f(e3).n("Failed to sign with paired key.", new Object[0]);
                    return k();
                }
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e4) {
                bgxq.a.e().f(e4).n("Failed to sign with paired key.", new Object[0]);
                return k();
            }
        }
        return k();
    }
}
