package hi;

import android.app.KeyguardManager;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.KeyProtection;
import android.security.keystore.UserNotAuthenticatedException;
import androidx.activity.o;
import androidx.recyclerview.widget.RecyclerView;
import java.security.Key;
import java.security.KeyStore;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.collections.ArraysKt___ArraysJvmKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.functions.Function3;
import kotlin.jvm.functions.Function6;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Lambda;
import r10.one.auth.UserPresenceRequiredError;
import r10.one.auth.internal.Ed25519KeyPair;

/* compiled from: AndroidKeystore.kt */
/* loaded from: classes.dex */
public final class a implements i {

    /* renamed from: a, reason: collision with root package name */
    public static final a f10331a = new a();

    /* renamed from: b, reason: collision with root package name */
    public static final KeyStore f10332b = KeyStore.getInstance("AndroidKeyStore");

    /* renamed from: c, reason: collision with root package name */
    public static final Function2<Integer, Key, Cipher> f10333c = b.f10338a;

    /* renamed from: d, reason: collision with root package name */
    public static final Function6<Context, Integer, Boolean, String, String, j, byte[]> f10334d = C0158a.f10337a;

    /* renamed from: e, reason: collision with root package name */
    public static final Function3<Context, Integer, Boolean, j> f10335e = c.f10339a;

    /* renamed from: f, reason: collision with root package name */
    public static final Function1<Context, f> f10336f = d.f10340a;

    /* compiled from: AndroidKeystore.kt */
    /* renamed from: hi.a$a, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    public static final class C0158a extends Lambda implements Function6<Context, Integer, Boolean, String, String, j, byte[]> {

        /* renamed from: a, reason: collision with root package name */
        public static final C0158a f10337a = new C0158a();

        public C0158a() {
            super(6);
        }

        @Override // kotlin.jvm.functions.Function6
        public byte[] invoke(Context context, Integer num, Boolean bool, String str, String str2, j jVar) {
            Context context2 = context;
            int intValue = num.intValue();
            boolean booleanValue = bool.booleanValue();
            String keystoreEntryKey = str;
            String cryptoKey = str2;
            j secretKey = jVar;
            Intrinsics.checkNotNullParameter(context2, "context");
            Intrinsics.checkNotNullParameter(keystoreEntryKey, "keystoreEntryKey");
            Intrinsics.checkNotNullParameter(cryptoKey, "cryptoKey");
            Intrinsics.checkNotNullParameter(secretKey, "secretKey");
            SharedPreferences sharedPreferences = context2.getSharedPreferences("r10.one.auth.master_key", 0);
            byte[] bArr = secretKey.f10350a;
            String a10 = ih.f.a(secretKey.f10351b.f10346a);
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(RecyclerView.z.FLAG_TMP_DETACHED);
            SecretKey vaultKey = keyGenerator.generateKey();
            Function2<Integer, Key, Cipher> function2 = a.f10333c;
            Intrinsics.checkNotNullExpressionValue(vaultKey, "vaultKey");
            byte[] encryptedKey = ((Cipher) ((b) function2).invoke(1, vaultKey)).doFinal(bArr);
            KeyProtection.Builder encryptionPaddings = new KeyProtection.Builder(3).setBlockModes("GCM").setEncryptionPaddings("NoPadding");
            Intrinsics.checkNotNullExpressionValue(encryptionPaddings, "Builder(KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT)\n          .setBlockModes(KeyProperties.BLOCK_MODE_GCM)\n          .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)");
            Object systemService = context2.getSystemService("keyguard");
            KeyguardManager keyguardManager = systemService instanceof KeyguardManager ? (KeyguardManager) systemService : null;
            if (keyguardManager != null) {
                if (keyguardManager.isDeviceSecure()) {
                    encryptionPaddings.setUserAuthenticationRequired(booleanValue);
                    if (Build.VERSION.SDK_INT > 29) {
                        encryptionPaddings.setUserAuthenticationParameters(intValue, 3);
                    } else {
                        encryptionPaddings.setUserAuthenticationValidityDurationSeconds(intValue);
                    }
                }
                KeyStore keyStore = a.f10332b;
                keyStore.load(null);
                keyStore.setEntry(a10, new KeyStore.SecretKeyEntry(vaultKey), encryptionPaddings.build());
                SharedPreferences.Editor edit = sharedPreferences.edit();
                edit.putString(keystoreEntryKey, a10);
                Intrinsics.checkNotNullExpressionValue(encryptedKey, "encryptedKey");
                edit.putString(cryptoKey, ih.f.a(encryptedKey));
                edit.putBoolean(Intrinsics.stringPlus(cryptoKey, "_require_auth"), booleanValue);
                edit.apply();
            }
            return bArr;
        }
    }

    /* compiled from: AndroidKeystore.kt */
    /* loaded from: classes.dex */
    public static final class b extends Lambda implements Function2<Integer, Key, Cipher> {

        /* renamed from: a, reason: collision with root package name */
        public static final b f10338a = new b();

        public b() {
            super(2);
        }

        @Override // kotlin.jvm.functions.Function2
        public Cipher invoke(Integer num, Key key) {
            int intValue = num.intValue();
            Key key2 = key;
            Intrinsics.checkNotNullParameter(key2, "key");
            byte[] bArr = new byte[12];
            ArraysKt___ArraysJvmKt.fill$default(bArr, (byte) 9, 0, 0, 6, (Object) null);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(intValue, key2, new GCMParameterSpec(RecyclerView.z.FLAG_IGNORE, bArr));
            return cipher;
        }
    }

    /* compiled from: AndroidKeystore.kt */
    /* loaded from: classes.dex */
    public static final class c extends Lambda implements Function3<Context, Integer, Boolean, j> {

        /* renamed from: a, reason: collision with root package name */
        public static final c f10339a = new c();

        public c() {
            super(3);
        }

        @Override // kotlin.jvm.functions.Function3
        public j invoke(Context context, Integer num, Boolean bool) {
            Context context2 = context;
            int intValue = num.intValue();
            boolean booleanValue = bool.booleanValue();
            Intrinsics.checkNotNullParameter(context2, "context");
            a aVar = a.f10331a;
            KeyguardManager keyguardManager = (KeyguardManager) context2.getSystemService("keyguard");
            boolean z10 = (keyguardManager != null && keyguardManager.isDeviceSecure()) && !booleanValue;
            byte[] bArr = new byte[32];
            o.t(bArr);
            j jVar = new j(bArr);
            byte[] f10 = aVar.f(context2, "alias", "key", z10);
            if (f10 == null) {
                f10 = (byte[]) ((C0158a) a.f10334d).invoke(context2, Integer.valueOf(intValue), Boolean.valueOf(z10), "alias", "key", jVar);
            }
            return new j(f10);
        }
    }

    /* compiled from: AndroidKeystore.kt */
    /* loaded from: classes.dex */
    public static final class d extends Lambda implements Function1<Context, f> {

        /* renamed from: a, reason: collision with root package name */
        public static final d f10340a = new d();

        public d() {
            super(1);
        }

        @Override // kotlin.jvm.functions.Function1
        public f invoke(Context context) {
            Context context2 = context;
            Intrinsics.checkNotNullParameter(context2, "context");
            String string = context2.getSharedPreferences("r10.one.auth.master_key", 0).getString("alias", null);
            if (string == null) {
                return null;
            }
            return new f(ih.f.d(string));
        }
    }

    @Override // hi.i
    public Function1<Context, f> a() {
        return f10336f;
    }

    @Override // hi.i
    public Ed25519KeyPair b(String kid, Context context) {
        Intrinsics.checkNotNullParameter(kid, "kid");
        Intrinsics.checkNotNullParameter(context, "context");
        byte[] f10 = f(context, Intrinsics.stringPlus("alias_ephemeral_", kid), Intrinsics.stringPlus("key_ephemeral_", kid), false);
        if (f10 == null) {
            return null;
        }
        return Ed25519KeyPair.INSTANCE.a(f10);
    }

    @Override // hi.i
    public void c(Context context, String kid) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(kid, "kid");
        SharedPreferences.Editor edit = context.getSharedPreferences("r10.one.auth.master_key", 0).edit();
        edit.remove(Intrinsics.stringPlus("alias_ephemeral_", kid));
        edit.remove(Intrinsics.stringPlus("key_ephemeral_", kid)).apply();
    }

    @Override // hi.i
    public Function3<Context, Integer, Boolean, j> d() {
        return f10335e;
    }

    @Override // hi.i
    public Ed25519KeyPair e(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        byte[] bArr = new byte[32];
        o.t(bArr);
        Ed25519KeyPair a10 = Ed25519KeyPair.INSTANCE.a(bArr);
        ((C0158a) f10334d).invoke(context, 0, Boolean.FALSE, Intrinsics.stringPlus("alias_ephemeral_", a10.f14907f), Intrinsics.stringPlus("key_ephemeral_", a10.f14907f), new j(bArr));
        return a10;
    }

    public final byte[] f(Context context, String str, String str2, boolean z10) {
        String string;
        SharedPreferences sharedPreferences = context.getSharedPreferences("r10.one.auth.master_key", 0);
        if (sharedPreferences.contains(Intrinsics.stringPlus(str2, "_require_auth")) && sharedPreferences.getBoolean(Intrinsics.stringPlus(str2, "_require_auth"), false) != z10) {
            h(context);
            return null;
        }
        try {
            String string2 = sharedPreferences.getString(str, null);
            if (string2 == null) {
                return null;
            }
            KeyStore keyStore = f10332b;
            keyStore.load(null);
            Key key = keyStore.getKey(string2, null);
            if (key != null && (string = sharedPreferences.getString(str2, null)) != null) {
                return ((Cipher) ((b) f10333c).invoke(2, key)).doFinal(ih.f.d(string));
            }
            return null;
        } catch (KeyPermanentlyInvalidatedException unused) {
            return null;
        } catch (UserNotAuthenticatedException e10) {
            throw new UserPresenceRequiredError(e10);
        }
    }

    public Key g(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        byte[] f10 = f(context, "metadata_alias", "metadata_key", false);
        if (f10 == null) {
            f10 = new byte[32];
            o.t(f10);
            ((C0158a) f10334d).invoke(context, 0, Boolean.FALSE, "metadata_alias", "metadata_key", new j(f10));
        }
        return new SecretKeySpec(f10, "AES");
    }

    public void h(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        SharedPreferences.Editor edit = context.getSharedPreferences("r10.one.auth.master_key", 0).edit();
        edit.remove("alias");
        edit.remove("key").apply();
    }
}
