package org.forgerock.android.auth;

import android.content.Context;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Date;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.cert.X509v1CertificateBuilder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.crypto.util.PrivateKeyFactory;
import org.spongycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.spongycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.spongycastle.operator.bc.BcRSAContentSignerBuilder;

/* compiled from: AppPinAuthenticator.kt */
@Metadata(d1 = {"\u0000R\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0019\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0000\u0018\u00002\u00020\u0001B\u0017\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\b\b\u0002\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u000e\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\fJ\u0018\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\bH\u0002J\u0016\u0010\u0012\u001a\u00020\u00102\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\u0013\u001a\u00020\u0014J\u0006\u0010\u0015\u001a\u00020\bJ\u0018\u0010\u0016\u001a\u00020\u00172\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\u0013\u001a\u00020\u0014H\u0002J\u0018\u0010\u0018\u001a\u0004\u0018\u00010\u00192\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\u0013\u001a\u00020\u0014J \u0010\u001a\u001a\u00020\u001b2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0013\u001a\u00020\u0014H\u0002R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\bX\u0082D¢\u0006\u0002\n\u0000¨\u0006\u001c"}, d2 = {"Lorg/forgerock/android/auth/AppPinAuthenticator;", "", "cryptoKey", "Lorg/forgerock/android/auth/CryptoKey;", "keyStoreRepository", "Lorg/forgerock/android/auth/KeyStoreRepository;", "(Lorg/forgerock/android/auth/CryptoKey;Lorg/forgerock/android/auth/KeyStoreRepository;)V", "keyStoreType", "", "exists", "", "context", "Landroid/content/Context;", "generateCertificate", "Ljava/security/cert/X509Certificate;", "keyPair", "Ljava/security/KeyPair;", "subject", "generateKeys", "pin", "", "getKeyAlias", "getKeyStore", "Ljava/security/KeyStore;", "getPrivateKey", "Ljava/security/PrivateKey;", "persist", "", "forgerock-core_release"}, k = 1, mv = {1, 8, 0}, xi = 48)
/* loaded from: classes4.dex */
public final class AppPinAuthenticator {
    private final CryptoKey cryptoKey;
    private final KeyStoreRepository keyStoreRepository;
    private final String keyStoreType;

    public AppPinAuthenticator(CryptoKey cryptoKey, KeyStoreRepository keyStoreRepository) {
        Intrinsics.checkNotNullParameter(cryptoKey, "cryptoKey");
        Intrinsics.checkNotNullParameter(keyStoreRepository, "keyStoreRepository");
        this.cryptoKey = cryptoKey;
        this.keyStoreRepository = keyStoreRepository;
        this.keyStoreType = "PKCS12";
    }

    /* JADX WARN: Multi-variable type inference failed */
    public /* synthetic */ AppPinAuthenticator(CryptoKey cryptoKey, EncryptedFileKeyStore encryptedFileKeyStore, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this(cryptoKey, (i & 2) != 0 ? new EncryptedFileKeyStore(cryptoKey.getKeyAlias(), null, 2, 0 == true ? 1 : 0) : encryptedFileKeyStore);
    }

    private final X509Certificate generateCertificate(KeyPair keyPair, String subject) {
        Date date = new Date();
        X500Name x500Name = new X500Name("cn=" + subject);
        AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSA");
        Intrinsics.checkNotNullExpressionValue(find, "DefaultSignatureAlgorith…r().find(\"SHA256WithRSA\")");
        AlgorithmIdentifier find2 = new DefaultDigestAlgorithmIdentifierFinder().find(find);
        Intrinsics.checkNotNullExpressionValue(find2, "DefaultDigestAlgorithmId…erFinder().find(sigAlgId)");
        AsymmetricKeyParameter createKey = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
        Intrinsics.checkNotNullExpressionValue(createKey, "createKey(keyPair.private.encoded)");
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(new X509v1CertificateBuilder(x500Name, BigInteger.valueOf(System.currentTimeMillis()), date, date, x500Name, SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())).build(new BcRSAContentSignerBuilder(find, find2).build(createKey)));
        Intrinsics.checkNotNullExpressionValue(certificate, "JcaX509CertificateConver…te(builder.build(sigGen))");
        return certificate;
    }

    private final KeyStore getKeyStore(Context context, char[] pin) {
        KeyStore keystore = KeyStore.getInstance(this.keyStoreType);
        InputStream inputStream = this.keyStoreRepository.getInputStream(context);
        try {
            keystore.load(inputStream, pin);
            Unit unit = Unit.INSTANCE;
            CloseableKt.closeFinally(inputStream, null);
            Intrinsics.checkNotNullExpressionValue(keystore, "keystore");
            return keystore;
        } finally {
        }
    }

    private final void persist(Context context, KeyPair keyPair, char[] pin) {
        KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
        keyStore.load(null);
        keyStore.setEntry(getKeyAlias(), new KeyStore.PrivateKeyEntry(keyPair.getPrivate(), new X509Certificate[]{generateCertificate(keyPair, this.cryptoKey.getKeyAlias())}), new KeyStore.PasswordProtection(pin));
        OutputStream outputStream = this.keyStoreRepository.getOutputStream(context);
        try {
            OutputStream outputStream2 = outputStream;
            outputStream2.flush();
            keyStore.store(outputStream2, pin);
            Unit unit = Unit.INSTANCE;
            CloseableKt.closeFinally(outputStream, null);
        } finally {
        }
    }

    public final boolean exists(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        return this.keyStoreRepository.exist(context);
    }

    public final KeyPair generateKeys(Context context, char[] pin) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(pin, "pin");
        KeyPair createKeyPair = this.cryptoKey.createKeyPair(new RSAKeyGenParameterSpec(this.cryptoKey.getKeySize(), RSAKeyGenParameterSpec.F4), false);
        persist(context, createKeyPair, pin);
        return createKeyPair;
    }

    public final String getKeyAlias() {
        return this.cryptoKey.getKeyAlias();
    }

    public final PrivateKey getPrivateKey(Context context, char[] pin) throws IOException, UnrecoverableKeyException {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(pin, "pin");
        KeyStore keyStore = getKeyStore(context, pin);
        if (!keyStore.isKeyEntry(this.cryptoKey.getKeyAlias())) {
            keyStore = null;
        }
        KeyStore.Entry entry = keyStore != null ? keyStore.getEntry(this.cryptoKey.getKeyAlias(), new KeyStore.PasswordProtection(pin)) : null;
        KeyStore.PrivateKeyEntry privateKeyEntry = entry instanceof KeyStore.PrivateKeyEntry ? (KeyStore.PrivateKeyEntry) entry : null;
        if (privateKeyEntry != null) {
            return privateKeyEntry.getPrivateKey();
        }
        return null;
    }
}
