package defpackage;

import android.accounts.Account;
import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Base64;
import android.util.Log;
import com.google.android.gms.wallet.shared.ApplicationParameters;
import com.google.android.gms.wallet.shared.BuyFlowConfig;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.util.UUID;

/* compiled from: :com.google.android.gms@202115012@20.21.15 (020408-313409149) */
/* loaded from: Classes5.dex */
public final class awgt {
    private static final Charset a = Charset.forName("UTF-8");
    private final BuyFlowConfig b;
    private final Context c;

    public awgt(Context context, BuyFlowConfig buyFlowConfig) {
        this.b = buyFlowConfig;
        this.c = context;
    }

    public static awgt a(Context context, BuyFlowConfig buyFlowConfig) {
        return new awgt(context.getApplicationContext(), buyFlowConfig);
    }

    static final KeyStore a() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return keyStore;
    }

    private final Signature a(KeyStore keyStore, int i) {
        if (!keyStore.containsAlias(e(i))) {
            return null;
        }
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(e(i), null);
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(privateKey);
        return signature;
    }

    static final ECPublicKey a(String str, String str2, String str3, int i) {
        if (Build.VERSION.SDK_INT < 23) {
            throw new IllegalStateException("Cannot be called in versions prior to M!");
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", str);
            KeyGenParameterSpec.Builder userAuthenticationValidityDurationSeconds = new KeyGenParameterSpec.Builder(str2, 4).setAlgorithmParameterSpec(new ECGenParameterSpec(str3)).setDigests("SHA-256").setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(i);
            int i2 = Build.VERSION.SDK_INT;
            keyPairGenerator.initialize(userAuthenticationValidityDurationSeconds.build());
            return (ECPublicKey) keyPairGenerator.generateKeyPair().getPublic();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new RuntimeException(e);
        }
    }

    private final void a(Throwable th) {
        if (sga.a()) {
            Log.e("KeyStoreUtils", "UncaughtException", th);
        } else {
            awzr.a(this.c, th);
        }
    }

    public final boolean a(int i) {
        if (Build.VERSION.SDK_INT < 23) {
            return false;
        }
        try {
            try {
                KeyStore a2 = a();
                if (i != 3) {
                    return a(a2, i) != null;
                }
                if (!chln.a.a().a()) {
                    return a2.containsAlias(e(3));
                }
                try {
                    return a(a2, 3) != null;
                } catch (InvalidKeyException e) {
                    if (e instanceof UserNotAuthenticatedException) {
                        return true;
                    }
                    if (e instanceof KeyPermanentlyInvalidatedException) {
                        return false;
                    }
                    throw e;
                }
            } catch (InvalidKeyException e2) {
                e = e2;
                a(e);
                return false;
            }
        } catch (IOException e3) {
            e = e3;
            a(e);
            return false;
        } catch (KeyStoreException e4) {
            e = e4;
            a(e);
            return false;
        } catch (NoSuchAlgorithmException e5) {
            e = e5;
            a(e);
            return false;
        } catch (UnrecoverableKeyException e6) {
            e = e6;
            a(e);
            return false;
        } catch (CertificateException e7) {
            e = e7;
            a(e);
            return false;
        }
    }

    public final byte[] a(byte[] bArr, Signature signature) {
        if (signature == null) {
            return null;
        }
        try {
            signature.update(bArr);
            return signature.sign();
        } catch (SignatureException e) {
            awzr.a(this.c, e);
            return null;
        }
    }

    public final Signature b(int i) {
        if (Build.VERSION.SDK_INT < 23) {
            return null;
        }
        try {
            return a(a(), i);
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            a(e);
            return null;
        }
    }

    public final bmgn c(int i) {
        int i2;
        if (Build.VERSION.SDK_INT < 23) {
            throw new IllegalStateException("Cannot be called in versions prior to M!");
        }
        String uuid = UUID.randomUUID().toString();
        int i3 = i - 1;
        if (i == 0) {
            throw null;
        }
        if (i3 == 1) {
            i2 = -1;
        } else {
            if (i3 != 2) {
                throw new AssertionError("Unsupported authenticator");
            }
            i2 = (int) chln.a.a().b();
        }
        String e = e(i);
        String valueOf = String.valueOf(uuid);
        if (valueOf.length() != 0) {
            "GooglePaymentsUserAuthKey:".concat(valueOf);
        } else {
            new String("GooglePaymentsUserAuthKey:");
        }
        ECPublicKey a2 = a("AndroidKeyStore", e, "secp256r1", i2);
        bxxg dh = bmgn.g.dh();
        if (dh.c) {
            dh.b();
            dh.c = false;
        }
        bmgn bmgnVar = (bmgn) dh.b;
        bmgnVar.e = i3;
        int i4 = bmgnVar.a | 8;
        bmgnVar.a = i4;
        uuid.getClass();
        int i5 = i4 | 4;
        bmgnVar.a = i5;
        bmgnVar.d = uuid;
        bmgnVar.c = 1;
        bmgnVar.a = i5 | 2;
        String encodeToString = Base64.encodeToString(awgp.a(a2.getW()), 2);
        if (dh.c) {
            dh.b();
            dh.c = false;
        }
        bmgn bmgnVar2 = (bmgn) dh.b;
        encodeToString.getClass();
        bmgnVar2.a |= 1;
        bmgnVar2.b = encodeToString;
        try {
            Certificate[] certificateChain = a().getCertificateChain(e(i));
            if (certificateChain != null) {
                bxxg dh2 = bmgg.b.dh();
                for (Certificate certificate : certificateChain) {
                    bxwa a3 = bxwa.a(certificate.getEncoded());
                    if (dh2.c) {
                        dh2.b();
                        dh2.c = false;
                    }
                    bmgg bmggVar = (bmgg) dh2.b;
                    a3.getClass();
                    bxyf bxyfVar = bmggVar.a;
                    if (!bxyfVar.a()) {
                        bmggVar.a = bxxn.a(bxyfVar);
                    }
                    bmggVar.a.add(a3);
                }
                if (dh.c) {
                    dh.b();
                    dh.c = false;
                }
                bmgn bmgnVar3 = (bmgn) dh.b;
                bmgg bmggVar2 = (bmgg) dh2.h();
                bmggVar2.getClass();
                bmgnVar3.f = bmggVar2;
                bmgnVar3.a |= 16;
            }
            return (bmgn) dh.h();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            throw new RuntimeException(e2);
        }
    }

    public final void d(int i) {
        try {
            KeyStore a2 = a();
            if (a2.containsAlias(e(i))) {
                a2.deleteEntry(e(i));
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            awzr.a(this.c, e);
        }
    }

    final String e(int i) {
        ApplicationParameters applicationParameters = this.b.b;
        int i2 = applicationParameters.a;
        Account account = applicationParameters.b;
        awhi awhiVar = new awhi();
        awhiVar.a(i2);
        awhiVar.a(account.name);
        if (i != 2) {
            bnbt.b(i == 3, "Unsupported authenticator");
            awhiVar.a("LOCKSCREEN");
        }
        String valueOf = String.valueOf(awhiVar.a());
        return sei.a((valueOf.length() != 0 ? "com.google.android.gms.wallet.keys:".concat(valueOf) : new String("com.google.android.gms.wallet.keys:")).getBytes(a));
    }
}
