package com.oath.mobile.platform.phoenix.core;

import android.content.Context;
import android.content.SharedPreferences;
import android.util.Base64;
import androidx.annotation.RequiresApi;
import com.google.android.gms.cast.MediaTrack;
import com.google.gson.JsonObject;
import com.yahoo.canvass.stream.utils.Analytics;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECField;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.EllipticCurve;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Objects;
import javax.crypto.Cipher;
import kotlin.Metadata;
import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.generators.KDF2BytesGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.IESParameterSpec;

/* compiled from: Yahoo */
@RequiresApi(api = 23)
@Metadata(bv = {1, 0, 3}, d1 = {"\u00008\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0004\bÇ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0018\u0010\b\u001a\u00020\u00042\u0006\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\u0004H\u0007J\u0018\u0010\f\u001a\u00020\u00042\u0006\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\u0004H\u0007J\u0018\u0010\r\u001a\u00020\u00042\u0006\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\u0004H\u0007J\u0010\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\t\u001a\u00020\nH\u0007J\u0010\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u000fH\u0007J\u0012\u0010\u0013\u001a\u0004\u0018\u00010\u00142\u0006\u0010\t\u001a\u00020\nH\u0007J\u0010\u0010\u0015\u001a\u00020\u00162\u0006\u0010\t\u001a\u00020\nH\u0007J\u0010\u0010\u0017\u001a\u00020\u00162\u0006\u0010\t\u001a\u00020\nH\u0007J\u0018\u0010\u0018\u001a\u00020\u00042\u0006\u0010\t\u001a\u00020\n2\u0006\u0010\u0019\u001a\u00020\u0004H\u0007R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000¨\u0006\u001a"}, d2 = {"Lcom/oath/mobile/platform/phoenix/core/KeyStoreUtils;", "", "()V", "ELLIPTIC_CURVE_PARAMETER_SPEC", "", "KEY_NAME", "KEY_PRIVATE_NAME", "KEY_PUBLIC_NAME", "decrypt", Analytics.ParameterName.CONTEXT, "Landroid/content/Context;", "data", "decryptWithECIESEncryptionCofactorVariableIVX963SHA256AESGCM", "encrypt", "generateDCRKeyPair", "Ljava/security/PublicKey;", "generateJwkFromPublicKey", "Lcom/google/gson/JsonObject;", "publicKey", "getDcrKeyPair", "Ljava/security/KeyPair;", "isBouncyCastleDcrKeyPairAvailable", "", "isDcrKeyPairAvailable", MediaTrack.ROLE_SIGN, Analytics.Identifier.INPUT, "dynamic-client-reg_release"}, k = 1, mv = {1, 4, 2})
/* loaded from: classes4.dex */
public final class KeyStoreUtils {
    private static final String ELLIPTIC_CURVE_PARAMETER_SPEC = "secp256r1";
    public static final KeyStoreUtils INSTANCE = new KeyStoreUtils();
    private static final String KEY_NAME = "dcrKey";
    private static final String KEY_PRIVATE_NAME = "dcrPrivateKey";
    private static final String KEY_PUBLIC_NAME = "dcrPublicKey";

    static {
        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
        Security.insertProviderAt(new BouncyCastleProvider(), 0);
    }

    private KeyStoreUtils() {
    }

    public static final String decrypt(Context context, String data) {
        kotlin.reflect.full.a.F0(context, Analytics.ParameterName.CONTEXT);
        kotlin.reflect.full.a.F0(data, "data");
        if (!isDcrKeyPairAvailable(context)) {
            return data;
        }
        KeyPair dcrKeyPair = getDcrKeyPair(context);
        if (dcrKeyPair == null) {
            return "";
        }
        PrivateKey privateKey = dcrKeyPair.getPrivate();
        kotlin.reflect.full.a.E0(privateKey, "keyPair.private");
        Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
        cipher.init(2, privateKey);
        byte[] doFinal = cipher.doFinal(Base64.decode(data, 0));
        kotlin.reflect.full.a.E0(doFinal, "decodedData");
        Charset charset = StandardCharsets.UTF_8;
        kotlin.reflect.full.a.E0(charset, "StandardCharsets.UTF_8");
        return new String(doFinal, charset);
    }

    public static final String decryptWithECIESEncryptionCofactorVariableIVX963SHA256AESGCM(Context context, String data) {
        kotlin.reflect.full.a.F0(context, Analytics.ParameterName.CONTEXT);
        kotlin.reflect.full.a.F0(data, "data");
        if (!isBouncyCastleDcrKeyPairAvailable(context)) {
            return data;
        }
        KeyPair dcrKeyPair = getDcrKeyPair(context);
        if (dcrKeyPair == null) {
            return "";
        }
        PrivateKey privateKey = dcrKeyPair.getPrivate();
        kotlin.reflect.full.a.E0(privateKey, "keyPair.private");
        byte[] decode = Base64.decode(data, 8);
        kotlin.reflect.full.a.E0(decode, "Base64.decode(data, Base64.URL_SAFE)");
        IESParameterSpec iESParameterSpec = new IESParameterSpec(null, null, 128, 128, null);
        p4 p4Var = new p4(new q4(new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA256Digest()), new a()));
        p4Var.engineInit(2, privateKey, iESParameterSpec, new SecureRandom());
        byte[] engineDoFinal = p4Var.engineDoFinal(decode, 0, decode.length);
        kotlin.reflect.full.a.E0(engineDoFinal, "cipher.engineDoFinal(enc…, 0, encryptedBytes.size)");
        return new String(engineDoFinal, kotlin.text.a.f22078a);
    }

    public static final String encrypt(Context context, String data) {
        kotlin.reflect.full.a.F0(context, Analytics.ParameterName.CONTEXT);
        kotlin.reflect.full.a.F0(data, "data");
        if (!isDcrKeyPairAvailable(context)) {
            return data;
        }
        KeyPair dcrKeyPair = getDcrKeyPair(context);
        if (dcrKeyPair == null) {
            return "";
        }
        PublicKey publicKey = dcrKeyPair.getPublic();
        kotlin.reflect.full.a.E0(publicKey, "keyPair.public");
        Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
        cipher.init(1, publicKey);
        byte[] bytes = data.getBytes(kotlin.text.a.f22078a);
        kotlin.reflect.full.a.E0(bytes, "(this as java.lang.String).getBytes(charset)");
        String encodeToString = Base64.encodeToString(cipher.doFinal(bytes), 0);
        kotlin.reflect.full.a.E0(encodeToString, "Base64.encodeToString(bytes, Base64.DEFAULT)");
        return encodeToString;
    }

    public static final PublicKey generateDCRKeyPair(Context context) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException {
        kotlin.reflect.full.a.F0(context, Analytics.ParameterName.CONTEXT);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
        keyPairGenerator.initialize(new ECGenParameterSpec(ELLIPTIC_CURVE_PARAMETER_SPEC));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        kotlin.reflect.full.a.E0(generateKeyPair, "keyPair");
        PublicKey publicKey = generateKeyPair.getPublic();
        kotlin.reflect.full.a.E0(publicKey, "keyPair.public");
        byte[] encode = Base64.encode(publicKey.getEncoded(), 8);
        kotlin.reflect.full.a.E0(encode, "Base64.encode(keyPair.pu…encoded, Base64.URL_SAFE)");
        Charset charset = kotlin.text.a.f22078a;
        String str = new String(encode, charset);
        PrivateKey privateKey = generateKeyPair.getPrivate();
        kotlin.reflect.full.a.E0(privateKey, "keyPair.private");
        byte[] encode2 = Base64.encode(privateKey.getEncoded(), 8);
        kotlin.reflect.full.a.E0(encode2, "Base64.encode(keyPair.pr…encoded, Base64.URL_SAFE)");
        String str2 = new String(encode2, charset);
        SharedPreferences.Editor edit = v3.b(context).edit();
        edit.putString(KEY_PUBLIC_NAME, str);
        edit.putString(KEY_PRIVATE_NAME, str2);
        edit.apply();
        Signature.getInstance("SHA256withECDSA").initSign(generateKeyPair.getPrivate());
        PublicKey publicKey2 = generateKeyPair.getPublic();
        kotlin.reflect.full.a.E0(publicKey2, "keyPair.public");
        return publicKey2;
    }

    public static final JsonObject generateJwkFromPublicKey(PublicKey publicKey) {
        kotlin.reflect.full.a.F0(publicKey, "publicKey");
        JsonObject jsonObject = new JsonObject();
        jsonObject.addProperty("kty", publicKey.getAlgorithm());
        jsonObject.addProperty("use", "sig");
        ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
        StringBuilder c = android.support.v4.media.f.c("P-");
        ECParameterSpec params = eCPublicKey.getParams();
        kotlin.reflect.full.a.E0(params, "ecPublicKey.params");
        EllipticCurve curve = params.getCurve();
        kotlin.reflect.full.a.E0(curve, "ecPublicKey.params.curve");
        ECField field = curve.getField();
        kotlin.reflect.full.a.E0(field, "ecPublicKey.params.curve.field");
        c.append(field.getFieldSize());
        jsonObject.addProperty("crv", c.toString());
        ECPoint w6 = eCPublicKey.getW();
        kotlin.reflect.full.a.E0(w6, "ecPublicKey.w");
        String encodeToString = Base64.encodeToString(w6.getAffineX().toByteArray(), 8);
        kotlin.reflect.full.a.E0(encodeToString, "Base64.encodeToString(ec…Array(), Base64.URL_SAFE)");
        jsonObject.addProperty("x", kotlin.text.n.x0(encodeToString).toString());
        ECPoint w10 = eCPublicKey.getW();
        kotlin.reflect.full.a.E0(w10, "ecPublicKey.w");
        String encodeToString2 = Base64.encodeToString(w10.getAffineY().toByteArray(), 8);
        kotlin.reflect.full.a.E0(encodeToString2, "Base64.encodeToString(ec…Array(), Base64.URL_SAFE)");
        jsonObject.addProperty("y", kotlin.text.n.x0(encodeToString2).toString());
        return jsonObject;
    }

    public static final KeyPair getDcrKeyPair(Context context) {
        kotlin.reflect.full.a.F0(context, Analytics.ParameterName.CONTEXT);
        SharedPreferences b8 = v3.b(context);
        String string = b8.getString(KEY_PUBLIC_NAME, null);
        String string2 = b8.getString(KEY_PRIVATE_NAME, null);
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (!(string == null || kotlin.text.l.S(string))) {
            if (!(string2 == null || kotlin.text.l.S(string2))) {
                KeyFactory keyFactory = KeyFactory.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
                PublicKey generatePublic = keyFactory.generatePublic(new X509EncodedKeySpec(Base64.decode(string, 8)));
                kotlin.reflect.full.a.E0(generatePublic, "keyFactory.generatePublic(x509ks)");
                PrivateKey generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(string2, 8)));
                kotlin.reflect.full.a.E0(generatePrivate, "keyFactory.generatePrivate(p8ks)");
                return new KeyPair(generatePublic, generatePrivate);
            }
        }
        if (!keyStore.isKeyEntry(KEY_NAME)) {
            return null;
        }
        Key key = keyStore.getKey(KEY_NAME, null);
        Objects.requireNonNull(key, "null cannot be cast to non-null type java.security.PrivateKey");
        Certificate certificate = keyStore.getCertificate(KEY_NAME);
        kotlin.reflect.full.a.E0(certificate, "keyStore.getCertificate(KEY_NAME)");
        PublicKey publicKey = certificate.getPublicKey();
        kotlin.reflect.full.a.E0(publicKey, "keyStore.getCertificate(KEY_NAME).publicKey");
        return new KeyPair(publicKey, (PrivateKey) key);
    }

    public static final boolean isBouncyCastleDcrKeyPairAvailable(Context context) {
        kotlin.reflect.full.a.F0(context, Analytics.ParameterName.CONTEXT);
        SharedPreferences b8 = v3.b(context);
        return (b8.getString(KEY_PUBLIC_NAME, null) == null || b8.getString(KEY_PRIVATE_NAME, null) == null) ? false : true;
    }

    public static final boolean isDcrKeyPairAvailable(Context context) {
        kotlin.reflect.full.a.F0(context, Analytics.ParameterName.CONTEXT);
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return isBouncyCastleDcrKeyPairAvailable(context) || keyStore.isKeyEntry(KEY_NAME);
    }

    public static final String sign(Context context, String input) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, SignatureException, InvalidKeyException {
        KeyPair dcrKeyPair;
        kotlin.reflect.full.a.F0(context, Analytics.ParameterName.CONTEXT);
        kotlin.reflect.full.a.F0(input, Analytics.Identifier.INPUT);
        if (!isDcrKeyPairAvailable(context) || (dcrKeyPair = getDcrKeyPair(context)) == null) {
            return "";
        }
        PrivateKey privateKey = dcrKeyPair.getPrivate();
        kotlin.reflect.full.a.E0(privateKey, "keyPair.private");
        Charset forName = Charset.forName("UTF8");
        kotlin.reflect.full.a.E0(forName, "Charset.forName(charsetName)");
        byte[] bytes = input.getBytes(forName);
        kotlin.reflect.full.a.E0(bytes, "(this as java.lang.String).getBytes(charset)");
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(privateKey);
        signature.update(bytes);
        byte[] sign = signature.sign();
        kotlin.reflect.full.a.E0(sign, "signature.sign()");
        String encodeToString = Base64.encodeToString(sign, 8);
        kotlin.reflect.full.a.E0(encodeToString, "Base64.encodeToString(si…reBytes, Base64.URL_SAFE)");
        return kotlin.text.n.x0(encodeToString).toString();
    }
}
