package defpackage;

import android.security.keystore.KeyExpiredException;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.UserNotAuthenticatedException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.spec.ECGenParameterSpec;

/* compiled from: :com.google.android.gms@245034117@24.50.34 (080706-713002902) */
/* loaded from: classes2.dex */
public final class srn {
    private static srn a;
    private final ajhs b;

    private srn(ajhs ajhsVar) {
        this.b = ajhsVar;
    }

    public static srn a() {
        if (!abgb.a()) {
            throw tha.a();
        }
        if (a == null) {
            a = new srn(ajhs.a());
        }
        return a;
    }

    public static final KeyPair c(svq svqVar, boolean z, cort cortVar) {
        aamw.c((z && cortVar == null) ? false : true, "clientDataHash must be provided if requesting keystore attestation");
        KeyGenParameterSpec.Builder userAuthenticationRequired = new KeyGenParameterSpec.Builder(svqVar.toString(), 4).setDigests("SHA-256").setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setUserAuthenticationRequired(true);
        KeyGenParameterSpec.Builder userAuthenticationParameters = abgb.g() ? userAuthenticationRequired.setUserAuthenticationParameters((int) cspf.b(), 3) : userAuthenticationRequired.setUserAuthenticationValidityDurationSeconds((int) cspf.b());
        if (z) {
            userAuthenticationParameters.setAttestationChallenge(cortVar.M());
        }
        ajhq a2 = ajhq.a();
        a2.c(userAuthenticationParameters.build());
        return a2.b();
    }

    public final cbdi b(String str) {
        if (this.b.c(str)) {
            KeyStore.Entry d = this.b.d(str);
            if (d instanceof KeyStore.PrivateKeyEntry) {
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) d;
                PrivateKey privateKey = privateKeyEntry.getPrivateKey();
                try {
                    Signature.getInstance("SHA256withECDSA").initSign(privateKey);
                } catch (InvalidKeyException e) {
                    if (!(e instanceof UserNotAuthenticatedException) && (!abgb.e() || !afd$$ExternalSyntheticApiModelOutline0.m126m((Object) e))) {
                        if (!(e instanceof KeyPermanentlyInvalidatedException) && !(e instanceof KeyExpiredException)) {
                            throw e;
                        }
                        try {
                            this.b.b(str);
                        } catch (ajhr | KeyStoreException unused) {
                        }
                    }
                }
                return cbdi.j(new srm(privateKeyEntry, (KeyInfo) KeyFactory.getInstance("EC", "AndroidKeyStore").getKeySpec(privateKey, KeyInfo.class)));
            }
        }
        return cbbn.a;
    }
}
