package hx;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.ECGenParameterSpec;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import no.entur.abt.android.token.keystore.KeyPairException;
import no.entur.abt.android.token.keystore.KeystoreLocalTimeoutException;
import no.entur.abt.android.token.keystore.TokenKeystoreException;
import no.entur.abt.android.token.keystore.TokenTrustChainException;
import no.entur.abt.android.token.keystore.UnableToSaveCertificateException;

/* compiled from: DefaultTokenKeyStore.java */
/* loaded from: classes3.dex */
public class d implements g {

    /* renamed from: a, reason: collision with root package name */
    protected final KeyStore f25536a;

    /* renamed from: b, reason: collision with root package name */
    protected final e f25537b;

    /* renamed from: c, reason: collision with root package name */
    protected final f f25538c;

    /* renamed from: d, reason: collision with root package name */
    protected final Lock f25539d;

    /* renamed from: e, reason: collision with root package name */
    protected final long f25540e;

    /* renamed from: f, reason: collision with root package name */
    private final ox.a f25541f;

    /* compiled from: DefaultTokenKeyStore.java */
    /* loaded from: classes3.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        private KeyStore f25542a;

        /* renamed from: b, reason: collision with root package name */
        private e f25543b;

        /* renamed from: c, reason: collision with root package name */
        private String f25544c;

        /* renamed from: d, reason: collision with root package name */
        private Lock f25545d;

        /* renamed from: e, reason: collision with root package name */
        private long f25546e = -1;

        /* renamed from: f, reason: collision with root package name */
        private ox.b f25547f;

        private static KeyStore b() {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                return keyStore;
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e10) {
                throw new TokenKeystoreException("Unable to load android keystore", e10);
            }
        }

        public d a() {
            if (this.f25542a == null) {
                this.f25542a = b();
            }
            if (this.f25545d == null) {
                this.f25545d = new ReentrantLock();
            }
            if (this.f25546e == -1) {
                this.f25546e = 10000L;
            }
            if (this.f25544c == null) {
                this.f25544c = "entur-tokens";
            }
            if (this.f25543b == null) {
                this.f25543b = new hx.a(this.f25544c);
            }
            ox.b bVar = this.f25547f;
            if (bVar != null) {
                return new d(this.f25542a, this.f25543b, this.f25545d, this.f25546e, bVar);
            }
            throw new IllegalStateException();
        }

        public a c(ox.b bVar) {
            this.f25547f = bVar;
            return this;
        }
    }

    protected d(KeyStore keyStore, e eVar, Lock lock, long j10, ox.b bVar) {
        this.f25536a = keyStore;
        this.f25537b = eVar;
        this.f25539d = lock;
        this.f25540e = j10;
        this.f25538c = new b(eVar, keyStore);
        ox.a a10 = bVar.a("DefaultTokenKeyStore");
        this.f25541f = a10;
        a10.d("Create token store with keystore provider " + keyStore.getProvider().getName());
    }

    private h m(dx.h hVar, String str, byte[] bArr) {
        if (Build.VERSION.SDK_INT < 24) {
            return new h(q(hVar, str));
        }
        try {
            KeyPair r10 = r(hVar, str, bArr);
            try {
                return new h(r10, v(hVar, str));
            } catch (TokenTrustChainException e10) {
                this.f25541f.b("Problem generating certificate chain", e10);
                return new h(r10);
            }
        } catch (ProviderException e11) {
            this.f25541f.b("Problem generating signature key pair", e11);
            if (!w(e11)) {
                throw e11;
            }
            this.f25541f.e("Falling back to generating signature key pair without nonce");
            return new h(q(hVar, str));
        }
    }

    private TokenKeystoreException n() {
        return new KeystoreLocalTimeoutException("Timeout waiting " + this.f25540e + " ms for keystore");
    }

    private Certificate s(String str) {
        return this.f25536a.getCertificate(str);
    }

    private boolean w(ProviderException providerException) {
        Throwable cause = providerException.getCause();
        return cause != null && cause.getClass().getName().equals("android.security.KeyStoreException") && cause.toString().contains("-10003");
    }

    public static a y() {
        return new a();
    }

    @Override // hx.g
    public h a(dx.h hVar, String str, byte[] bArr) {
        try {
            try {
                if (!this.f25539d.tryLock(this.f25540e, TimeUnit.MILLISECONDS)) {
                    throw n();
                }
                try {
                    return m(hVar, str, bArr);
                } catch (Exception e10) {
                    throw new KeyPairException(e10);
                }
            } finally {
                this.f25539d.unlock();
            }
        } catch (InterruptedException e11) {
            Thread.currentThread().interrupt();
            throw new KeystoreLocalTimeoutException(e11);
        }
    }

    @Override // hx.g
    public void b(dx.h hVar) {
        try {
            if (!this.f25539d.tryLock(this.f25540e, TimeUnit.MILLISECONDS)) {
                throw n();
            }
            try {
                try {
                    Iterator<String> it = this.f25538c.a(hVar.getId()).iterator();
                    while (it.hasNext()) {
                        this.f25536a.deleteEntry(it.next());
                    }
                } catch (KeyStoreException e10) {
                    throw new TokenKeystoreException("Error removing all keys from keystore for token context " + hVar.getId(), e10);
                }
            } finally {
                this.f25539d.unlock();
            }
        } catch (InterruptedException e11) {
            Thread.currentThread().interrupt();
            throw new KeystoreLocalTimeoutException(e11);
        }
    }

    @Override // hx.g
    public h c(dx.h hVar, String str, byte[] bArr) {
        try {
            try {
                if (!this.f25539d.tryLock(this.f25540e, TimeUnit.MILLISECONDS)) {
                    throw n();
                }
                try {
                    return l(hVar, str, bArr);
                } catch (Exception e10) {
                    throw new KeyPairException(e10);
                }
            } finally {
                this.f25539d.unlock();
            }
        } catch (InterruptedException e11) {
            Thread.currentThread().interrupt();
            throw new KeystoreLocalTimeoutException(e11);
        }
    }

    @Override // hx.g
    public h d(dx.h hVar, String str) {
        Certificate j10 = j(hVar, str);
        KeyPair keyPair = new KeyPair(j10.getPublicKey(), f(hVar, str));
        try {
            return new h(keyPair, u(hVar, str));
        } catch (TokenTrustChainException e10) {
            this.f25541f.b("Problem generating certificate chain", e10);
            return new h(keyPair);
        }
    }

    @Override // hx.g
    public void e(dx.h hVar, String str, PrivateKey privateKey, Certificate certificate) {
        try {
            if (!this.f25539d.tryLock(this.f25540e, TimeUnit.MILLISECONDS)) {
                throw n();
            }
            try {
                try {
                    String d10 = this.f25537b.d(hVar.getId(), str);
                    this.f25541f.d("Set signature certificate for " + str);
                    this.f25536a.setKeyEntry(d10, privateKey, null, new Certificate[]{certificate});
                } catch (Exception e10) {
                    throw new UnableToSaveCertificateException("Unable to set signature certificate for " + str, e10);
                }
            } finally {
                this.f25539d.unlock();
            }
        } catch (InterruptedException e11) {
            Thread.currentThread().interrupt();
            throw new KeystoreLocalTimeoutException(e11);
        }
    }

    @Override // hx.g
    public PrivateKey f(dx.h hVar, String str) {
        try {
            try {
                if (!this.f25539d.tryLock(this.f25540e, TimeUnit.MILLISECONDS)) {
                    throw n();
                }
                try {
                    return x(this.f25537b.c(hVar.getId(), str));
                } catch (Exception e10) {
                    throw new TokenKeystoreException(e10);
                }
            } finally {
                this.f25539d.unlock();
            }
        } catch (InterruptedException e11) {
            Thread.currentThread().interrupt();
            throw new KeystoreLocalTimeoutException(e11);
        }
    }

    @Override // hx.g
    public Certificate g(dx.h hVar, String str) {
        try {
            try {
                if (!this.f25539d.tryLock(this.f25540e, TimeUnit.MILLISECONDS)) {
                    throw n();
                }
                try {
                    return s(this.f25537b.d(hVar.getId(), str));
                } catch (Exception e10) {
                    throw new TokenKeystoreException(e10);
                }
            } finally {
                this.f25539d.unlock();
            }
        } catch (InterruptedException e11) {
            Thread.currentThread().interrupt();
            throw new KeystoreLocalTimeoutException(e11);
        }
    }

    @Override // hx.g
    public void h(dx.h hVar, String str) {
        try {
            if (!this.f25539d.tryLock(this.f25540e, TimeUnit.MILLISECONDS)) {
                throw n();
            }
            try {
                try {
                    Iterator<String> it = this.f25538c.b(hVar.getId(), str).iterator();
                    while (it.hasNext()) {
                        this.f25536a.deleteEntry(it.next());
                    }
                } catch (KeyStoreException e10) {
                    throw new TokenKeystoreException("Error removing keys for token " + str + " in token context " + hVar.getId() + " from keystore", e10);
                }
            } finally {
                this.f25539d.unlock();
            }
        } catch (InterruptedException e11) {
            Thread.currentThread().interrupt();
            throw new KeystoreLocalTimeoutException(e11);
        }
    }

    @Override // hx.g
    public PrivateKey i(dx.h hVar, String str) {
        try {
            try {
                if (!this.f25539d.tryLock(this.f25540e, TimeUnit.MILLISECONDS)) {
                    throw n();
                }
                try {
                    return x(this.f25537b.d(hVar.getId(), str));
                } catch (Exception e10) {
                    throw new TokenKeystoreException(e10);
                }
            } finally {
                this.f25539d.unlock();
            }
        } catch (InterruptedException e11) {
            Thread.currentThread().interrupt();
            throw new KeystoreLocalTimeoutException(e11);
        }
    }

    @Override // hx.g
    public Certificate j(dx.h hVar, String str) {
        try {
            try {
                if (!this.f25539d.tryLock(this.f25540e, TimeUnit.MILLISECONDS)) {
                    throw n();
                }
                try {
                    return s(this.f25537b.c(hVar.getId(), str));
                } catch (Exception e10) {
                    throw new TokenKeystoreException(e10);
                }
            } finally {
                this.f25539d.unlock();
            }
        } catch (InterruptedException e11) {
            Thread.currentThread().interrupt();
            throw new KeystoreLocalTimeoutException(e11);
        }
    }

    @Override // hx.g
    public h k(dx.h hVar, String str) {
        KeyPair keyPair = new KeyPair(g(hVar, str).getPublicKey(), i(hVar, str));
        try {
            return new h(keyPair, v(hVar, str));
        } catch (TokenTrustChainException e10) {
            this.f25541f.b("Problem generating certificate chain", e10);
            return new h(keyPair);
        }
    }

    protected h l(dx.h hVar, String str, byte[] bArr) {
        if (Build.VERSION.SDK_INT < 24) {
            return new h(o(hVar, str));
        }
        try {
            KeyPair p10 = p(hVar, str, bArr);
            try {
                return new h(p10, u(hVar, str));
            } catch (TokenTrustChainException e10) {
                this.f25541f.b("Problem generating certificate chain", e10);
                return new h(p10);
            }
        } catch (ProviderException e11) {
            this.f25541f.b("Problem generating signature key pair", e11);
            if (!w(e11)) {
                throw e11;
            }
            this.f25541f.e("Falling back to generating encryption key pair without nonce");
            return new h(o(hVar, str));
        }
    }

    @Deprecated
    protected KeyPair o(dx.h hVar, String str) {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", this.f25536a.getProvider());
        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(this.f25537b.c(hVar.getId(), str), 2).setEncryptionPaddings("PKCS1Padding").setKeySize(2048).build());
        return keyPairGenerator.generateKeyPair();
    }

    protected KeyPair p(dx.h hVar, String str, byte[] bArr) {
        String c10 = this.f25537b.c(hVar.getId(), str);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", this.f25536a.getProvider());
        KeyGenParameterSpec.Builder keySize = new KeyGenParameterSpec.Builder(c10, 2).setEncryptionPaddings("PKCS1Padding").setKeySize(2048);
        keySize.setAttestationChallenge(bArr);
        keyPairGenerator.initialize(keySize.build());
        return keyPairGenerator.generateKeyPair();
    }

    @Deprecated
    protected KeyPair q(dx.h hVar, String str) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", this.f25536a.getProvider());
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(this.f25537b.d(hVar.getId(), str), 4).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setDigests("SHA-256").build());
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e10) {
            throw new TokenKeystoreException("Failed to generate token keypair", e10);
        }
    }

    protected KeyPair r(dx.h hVar, String str, byte[] bArr) {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", this.f25536a.getProvider());
        KeyGenParameterSpec.Builder digests = new KeyGenParameterSpec.Builder(this.f25537b.d(hVar.getId(), str), 4).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setDigests("SHA-256");
        digests.setAttestationChallenge(bArr);
        keyPairGenerator.initialize(digests.build());
        return keyPairGenerator.generateKeyPair();
    }

    protected List<byte[]> t(String str) {
        try {
            ArrayList arrayList = new ArrayList();
            Certificate[] certificateChain = this.f25536a.getCertificateChain(str);
            if (certificateChain != null) {
                for (Certificate certificate : certificateChain) {
                    arrayList.add(certificate.getEncoded());
                }
            }
            return arrayList;
        } catch (Exception e10) {
            throw new TokenTrustChainException("Failed to read certificate chain for " + str, e10);
        }
    }

    protected List<byte[]> u(dx.h hVar, String str) {
        return t(this.f25537b.c(hVar.getId(), str));
    }

    protected List<byte[]> v(dx.h hVar, String str) {
        return t(this.f25537b.d(hVar.getId(), str));
    }

    protected PrivateKey x(String str) {
        PrivateKey privateKey = null;
        if (Build.VERSION.SDK_INT >= 28) {
            privateKey = (PrivateKey) this.f25536a.getKey(str, null);
        } else {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.f25536a.getEntry(str, null);
            if (privateKeyEntry != null) {
                privateKey = privateKeyEntry.getPrivateKey();
            }
        }
        if (privateKey == null) {
            this.f25541f.e("No private key for " + str);
        }
        return privateKey;
    }
}
