package defpackage;

import android.accounts.Account;
import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Base64;
import android.util.Log;
import com.google.android.gms.wallet.shared.ApplicationParameters;
import com.google.android.gms.wallet.shared.BuyFlowConfig;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.util.UUID;

/* compiled from: :com.google.android.gms@220657019@22.06.57 (040400-434594141) */
/* loaded from: classes5.dex */
public final class bkcl {
    private static final Charset a = Charset.forName("UTF-8");
    private final BuyFlowConfig b;
    private final Context c;

    public bkcl(Context context, BuyFlowConfig buyFlowConfig) {
        this.b = buyFlowConfig;
        this.c = context;
    }

    public static bkcl a(Context context, BuyFlowConfig buyFlowConfig) {
        return new bkcl(context.getApplicationContext(), buyFlowConfig);
    }

    static final ECPublicKey c(String str, int i, String str2) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            KeyGenParameterSpec.Builder userAuthenticationValidityDurationSeconds = new KeyGenParameterSpec.Builder(str, 4).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setDigests("SHA-256").setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(i);
            if (Build.VERSION.SDK_INT >= 24) {
                userAuthenticationValidityDurationSeconds.setAttestationChallenge(str2.getBytes(a));
            }
            keyPairGenerator.initialize(userAuthenticationValidityDurationSeconds.build());
            return (ECPublicKey) keyPairGenerator.generateKeyPair().getPublic();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new RuntimeException(e);
        }
    }

    static final KeyStore d() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return keyStore;
    }

    private final void j(Throwable th) {
        if (yhc.a()) {
            Log.e("KeyStoreUtils", "UncaughtException", th);
        } else {
            bkur.a(this.c, th);
        }
    }

    private final Signature k(KeyStore keyStore, int i) {
        if (!keyStore.containsAlias(f(i))) {
            return null;
        }
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(f(i), null);
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(privateKey);
        return signature;
    }

    public final byte[] b(byte[] bArr, Signature signature) {
        try {
            signature.update(bArr);
            return signature.sign();
        } catch (SignatureException e) {
            bkur.a(this.c, e);
            return null;
        }
    }

    public final cdcz e(int i) {
        int i2;
        String uuid = UUID.randomUUID().toString();
        int i3 = i - 1;
        switch (i3) {
            case 1:
                i2 = -1;
                break;
            case 2:
                i2 = (int) dcpq.a.a().a();
                break;
            default:
                throw new AssertionError("Unsupported authenticator");
        }
        String f = f(i);
        String valueOf = String.valueOf(uuid);
        ECPublicKey c = c(f, i2, valueOf.length() != 0 ? "GooglePaymentsUserAuthKey:".concat(valueOf) : new String("GooglePaymentsUserAuthKey:"));
        crrv t = cdcz.g.t();
        if (t.c) {
            t.G();
            t.c = false;
        }
        cdcz cdczVar = (cdcz) t.b;
        cdczVar.e = i3;
        int i4 = cdczVar.a | 8;
        cdczVar.a = i4;
        uuid.getClass();
        cdczVar.a = i4 | 4;
        cdczVar.d = uuid;
        cdcz cdczVar2 = (cdcz) t.b;
        cdczVar2.c = 1;
        cdczVar2.a |= 2;
        String encodeToString = Base64.encodeToString(bkch.b(c.getW()), 2);
        if (t.c) {
            t.G();
            t.c = false;
        }
        cdcz cdczVar3 = (cdcz) t.b;
        encodeToString.getClass();
        cdczVar3.a = 1 | cdczVar3.a;
        cdczVar3.b = encodeToString;
        try {
            Certificate[] certificateChain = d().getCertificateChain(f(i));
            if (certificateChain != null) {
                crrv t2 = cdcs.b.t();
                for (Certificate certificate : certificateChain) {
                    crqo B = crqo.B(certificate.getEncoded());
                    if (t2.c) {
                        t2.G();
                        t2.c = false;
                    }
                    cdcs cdcsVar = (cdcs) t2.b;
                    crsu crsuVar = cdcsVar.a;
                    if (!crsuVar.c()) {
                        cdcsVar.a = crsc.P(crsuVar);
                    }
                    cdcsVar.a.add(B);
                }
                if (t.c) {
                    t.G();
                    t.c = false;
                }
                cdcz cdczVar4 = (cdcz) t.b;
                cdcs cdcsVar2 = (cdcs) t2.C();
                cdcsVar2.getClass();
                cdczVar4.f = cdcsVar2;
                cdczVar4.a |= 16;
            }
            return (cdcz) t.C();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    final String f(int i) {
        ApplicationParameters applicationParameters = this.b.b;
        int i2 = applicationParameters.a;
        Account account = applicationParameters.b;
        bkdc bkdcVar = new bkdc();
        bkdcVar.b(i2);
        bkdcVar.c(account.name);
        if (i != 2) {
            cdyx.q(i == 3, "Unsupported authenticator");
            bkdcVar.c("LOCKSCREEN");
        }
        String a2 = bkdcVar.a();
        return yfm.b((a2.length() != 0 ? "com.google.android.gms.wallet.keys:".concat(a2) : new String("com.google.android.gms.wallet.keys:")).getBytes(a));
    }

    public final Signature g(int i) {
        try {
            return k(d(), i);
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            j(e);
            return null;
        }
    }

    public final void h(int i) {
        try {
            KeyStore d = d();
            if (d.containsAlias(f(i))) {
                d.deleteEntry(f(i));
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            bkur.a(this.c, e);
        }
    }

    public final boolean i(int i) {
        try {
            try {
                KeyStore d = d();
                if (i != 3) {
                    return k(d, i) != null;
                }
                if (!dcpq.a.a().b()) {
                    return d.containsAlias(f(3));
                }
                try {
                    return k(d, 3) != null;
                } catch (InvalidKeyException e) {
                    if (e instanceof UserNotAuthenticatedException) {
                        return true;
                    }
                    if (e instanceof KeyPermanentlyInvalidatedException) {
                        return false;
                    }
                    throw e;
                }
            } catch (InvalidKeyException e2) {
                e = e2;
                j(e);
                return false;
            }
        } catch (IOException e3) {
            e = e3;
            j(e);
            return false;
        } catch (KeyStoreException e4) {
            e = e4;
            j(e);
            return false;
        } catch (NoSuchAlgorithmException e5) {
            e = e5;
            j(e);
            return false;
        } catch (UnrecoverableKeyException e6) {
            e = e6;
            j(e);
            return false;
        } catch (CertificateException e7) {
            e = e7;
            j(e);
            return false;
        }
    }
}
