package com.ncsoft.fido.uaf.crypto;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import com.ncsoft.fido.client.LogUtil;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;

/* loaded from: classes.dex */
public class FidoKeystoreAndroidM {
    private static final String TAG = FidoKeystoreAndroidM.class.getSimpleName();

    private KeyStore getAndroidKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore;
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    private String getKeyId(String str) {
        return "com.ncsoft.fido.keystore.key_" + str;
    }

    public KeyPair generateKeyPair(String str) {
        LogUtil.INSTANCE.d(TAG, "generateKeyPair username : " + str);
        removeKey(str);
        try {
            String keyId = getKeyId(str);
            LogUtil.INSTANCE.d(TAG, "keyId = " + keyId);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            KeyGenParameterSpec.Builder userAuthenticationRequired = new KeyGenParameterSpec.Builder(keyId, 4).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setDigests("SHA-256", "SHA-384", "SHA-512").setUserAuthenticationRequired(true);
            if (Build.VERSION.SDK_INT >= 24) {
                userAuthenticationRequired = userAuthenticationRequired.setAttestationChallenge(new byte[16]).setInvalidatedByBiometricEnrollment(true);
            }
            keyPairGenerator.initialize(userAuthenticationRequired.build());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            LogUtil.INSTANCE.d(TAG, "Generated keypair : " + generateKeyPair);
            LogUtil.INSTANCE.d(TAG, "certificate: " + ((X509Certificate) getAndroidKeyStore().getCertificate(keyId)));
            return generateKeyPair;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public X509Certificate getCertificate(String str) {
        try {
            return (X509Certificate) getAndroidKeyStore().getCertificate(getKeyId(str));
        } catch (KeyStoreException e) {
            throw new RuntimeException(e);
        }
    }

    public KeyPair getKeyPair(String str) {
        try {
            return new KeyPair(getPublicKey(str), (PrivateKey) getAndroidKeyStore().getKey(getKeyId(str), null));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public PublicKey getPublicKey(String str) {
        return getCertificate(str).getPublicKey();
    }

    public FidoSigner getSigner(String str) {
        try {
            PrivateKey privateKey = (PrivateKey) getAndroidKeyStore().getKey(getKeyId(str), null);
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initSign(privateKey);
            return new FidoSignerAndroidM(signature);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public boolean hasKey(String str) {
        return getCertificate(str) != null;
    }

    public void removeKey(String str) {
        try {
            getAndroidKeyStore().deleteEntry(getKeyId(str));
        } catch (KeyStoreException e) {
            throw new RuntimeException(e);
        }
    }
}
