package com.okta.android.security.keys.keystore;

import android.security.keystore.KeyGenParameterSpec;
import com.google.android.gms.stats.CodePackage;
import com.okta.android.security.keys.KeyUtils;
import com.okta.android.security.keys.exception.KeyNotFoundException;
import com.okta.android.security.keys.exception.KeystoreLockedException;
import com.okta.android.security.keys.exception.OktaKeystoreException;
import com.okta.android.security.keys.keystore.storage.DbHandler;
import com.okta.lib.android.common.utilities.Clock;
import com.okta.lib.android.common.utilities.CommonUtil;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.Objects;
import java.util.Set;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.inject.Inject;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.StringCompanionObject;

/* compiled from: SystemKeyManager23.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000R\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0000\n\u0002\u0010\"\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0007\u0018\u00002\u00020\u0001B-\b\u0007\u0012\b\u0010\u0002\u001a\u0004\u0018\u00010\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\b\u0010\u0006\u001a\u0004\u0018\u00010\u0007\u0012\b\u0010\b\u001a\u0004\u0018\u00010\t¢\u0006\u0002\u0010\nJ\u0012\u0010\u000b\u001a\u00020\f2\b\u0010\r\u001a\u0004\u0018\u00010\u000eH\u0016J.\u0010\u000f\u001a\u00020\u00102\u0006\u0010\r\u001a\u00020\u000e2\u0006\u0010\u0011\u001a\u00020\u00122\f\u0010\u0013\u001a\b\u0012\u0004\u0012\u00020\u00120\u00142\u0006\u0010\u0015\u001a\u00020\u000eH\u0016J\u0018\u0010\u0016\u001a\u00020\u00172\u0006\u0010\r\u001a\u00020\u000e2\u0006\u0010\u0018\u001a\u00020\u0019H\u0016J\u0018\u0010\u0016\u001a\u00020\u00172\u0006\u0010\r\u001a\u00020\u000e2\u0006\u0010\u001a\u001a\u00020\fH\u0016J\u0010\u0010\u001b\u001a\u00020\u00172\u0006\u0010\r\u001a\u00020\u000eH\u0016R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u001c"}, d2 = {"Lcom/okta/android/security/keys/keystore/SystemKeyManager23;", "Lcom/okta/android/security/keys/keystore/SystemKeyManager;", "keyUtils", "Lcom/okta/android/security/keys/KeyUtils;", "clock", "Lcom/okta/lib/android/common/utilities/Clock;", "commonUtil", "Lcom/okta/lib/android/common/utilities/CommonUtil;", "dbHandler", "Lcom/okta/android/security/keys/keystore/storage/DbHandler;", "(Lcom/okta/android/security/keys/KeyUtils;Lcom/okta/lib/android/common/utilities/Clock;Lcom/okta/lib/android/common/utilities/CommonUtil;Lcom/okta/android/security/keys/keystore/storage/DbHandler;)V", "containsAlias", "", "alias", "", "generateKeyPair", "Ljava/security/KeyPair;", "keySize", "", "usages", "", "keyType", "generateSecretKey", "Ljavax/crypto/SecretKey;", "keyGenParameterSpec", "Landroid/security/keystore/KeyGenParameterSpec;", "userVerificationEnabled", "getSecretKey", "security_release"}, k = 1, mv = {1, 4, 2})
/* loaded from: classes2.dex */
public final class SystemKeyManager23 extends SystemKeyManager {
    private final Clock clock;

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    @Inject
    public SystemKeyManager23(KeyUtils keyUtils, Clock clock, CommonUtil commonUtil, DbHandler dbHandler) {
        super(keyUtils, clock, commonUtil, dbHandler);
        Intrinsics.checkNotNullParameter(clock, "clock");
        this.clock = clock;
    }

    @Override // com.okta.android.security.keys.KeyManager
    public boolean containsAlias(String alias) throws KeyStoreException, OktaKeystoreException {
        return getKeyStore().containsAlias(alias);
    }

    @Override // com.okta.android.security.keys.keystore.SystemKeyManager, com.okta.android.security.keys.KeyManager
    public KeyPair generateKeyPair(String alias, int keySize, Set<Integer> usages, String keyType) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, NoSuchProviderException {
        Intrinsics.checkNotNullParameter(alias, "alias");
        Intrinsics.checkNotNullParameter(usages, "usages");
        Intrinsics.checkNotNullParameter(keyType, "keyType");
        Calendar calendar = Calendar.getInstance();
        calendar.add(10, -25);
        Date time = calendar.getTime();
        calendar.add(1, 10);
        Pair pair = new Pair(time, calendar.getTime());
        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(alias, 15);
        StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
        String format = String.format("CN=%s, O=Okta, ST=CA, C=US", Arrays.copyOf(new Object[]{alias}, 1));
        Intrinsics.checkNotNullExpressionValue(format, "java.lang.String.format(format, *args)");
        KeyGenParameterSpec build = builder.setCertificateSubject(new X500Principal(format)).setSignaturePaddings("PKCS1").setDigests("SHA-256", "SHA-384", "SHA-512").setEncryptionPaddings("PKCS1Padding").setUserAuthenticationRequired(false).setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(keySize, RSAKeyGenParameterSpec.F4)).setKeySize(keySize).setCertificateNotBefore((Date) pair.getFirst()).setKeyValidityStart((Date) pair.getFirst()).setKeyValidityForOriginationEnd((Date) pair.getSecond()).setCertificateNotAfter((Date) pair.getSecond()).setCertificateSerialNumber(BigInteger.valueOf(this.clock.currentTimeMillis())).build();
        Intrinsics.checkNotNullExpressionValue(build, "KeyGenParameterSpec.Buil…()))\n            .build()");
        KeyPair generateKeyPair = generateKeyPair(alias, keyType, build);
        Intrinsics.checkNotNullExpressionValue(generateKeyPair, "generateKeyPair(alias, keyType, spec)");
        return generateKeyPair;
    }

    @Override // com.okta.android.security.keys.KeyManager
    public SecretKey generateSecretKey(String alias, KeyGenParameterSpec keyGenParameterSpec) throws InvalidAlgorithmParameterException, NoSuchProviderException, NoSuchAlgorithmException {
        Intrinsics.checkNotNullParameter(alias, "alias");
        Intrinsics.checkNotNullParameter(keyGenParameterSpec, "keyGenParameterSpec");
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(keyGenParameterSpec);
        SecretKey generateKey = keyGenerator.generateKey();
        Intrinsics.checkNotNullExpressionValue(generateKey, "KeyGenerator.getInstance…eterSpec) }.generateKey()");
        return generateKey;
    }

    @Override // com.okta.android.security.keys.KeyManager
    public SecretKey generateSecretKey(String alias, boolean userVerificationEnabled) throws InvalidAlgorithmParameterException, NoSuchProviderException, NoSuchAlgorithmException {
        Intrinsics.checkNotNullParameter(alias, "alias");
        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(alias, 3);
        builder.setBlockModes(CodePackage.GCM);
        builder.setEncryptionPaddings("NoPadding");
        builder.setKeySize(256);
        KeyGenParameterSpec build = builder.setUserAuthenticationRequired(userVerificationEnabled).build();
        Intrinsics.checkNotNullExpressionValue(build, "with(KeyGenParameterSpec…nabled).build()\n        }");
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(build);
        SecretKey generateKey = keyGenerator.generateKey();
        Intrinsics.checkNotNullExpressionValue(generateKey, "KeyGenerator.getInstance…KeySpecs) }.generateKey()");
        return generateKey;
    }

    @Override // com.okta.android.security.keys.KeyManager
    public SecretKey getSecretKey(String alias) throws KeyStoreException, KeystoreLockedException, KeyNotFoundException, UnrecoverableKeyException, NoSuchAlgorithmException {
        Intrinsics.checkNotNullParameter(alias, "alias");
        Key key = getKeyStore().getKey(alias, null);
        if (key != null) {
            Objects.requireNonNull(key, "null cannot be cast to non-null type javax.crypto.SecretKey");
            SecretKey secretKey = (SecretKey) key;
            if (secretKey != null) {
                return secretKey;
            }
        }
        throw new KeyNotFoundException(new Exception("Secret key not found; might be new enrollment"));
    }
}
