package f40;

import android.app.KeyguardManager;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.KeyProtection;
import android.security.keystore.UserNotAuthenticatedException;
import com.google.android.gms.internal.ads.r;
import java.security.Key;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.collections.ArraysKt___ArraysJvmKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.functions.Function3;
import kotlin.jvm.functions.Function6;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Lambda;
import r10.one.auth.UserPresenceRequiredError;
import r10.one.auth.internal.Ed25519KeyPair;

/* compiled from: AndroidKeystore.kt */
/* loaded from: classes2.dex */
public final class b implements h {

    /* renamed from: a, reason: collision with root package name */
    public static final b f30767a = new Object();

    /* renamed from: b, reason: collision with root package name */
    public static final KeyStore f30768b = KeyStore.getInstance("AndroidKeyStore");

    /* renamed from: c, reason: collision with root package name */
    public static final C0239b f30769c = C0239b.f30774a;

    /* renamed from: d, reason: collision with root package name */
    public static final a f30770d = a.f30773a;

    /* renamed from: e, reason: collision with root package name */
    public static final c f30771e = c.f30775a;

    /* renamed from: f, reason: collision with root package name */
    public static final d f30772f = d.f30776a;

    /* compiled from: AndroidKeystore.kt */
    /* loaded from: classes2.dex */
    public static final class a extends Lambda implements Function6<Context, Integer, Boolean, String, String, i, byte[]> {

        /* renamed from: a, reason: collision with root package name */
        public static final a f30773a = new Lambda(6);

        @Override // kotlin.jvm.functions.Function6
        public final byte[] invoke(Context context, Integer num, Boolean bool, String str, String str2, i iVar) {
            Context context2 = context;
            int intValue = num.intValue();
            boolean booleanValue = bool.booleanValue();
            String keystoreEntryKey = str;
            String cryptoKey = str2;
            i secretKey = iVar;
            Intrinsics.checkNotNullParameter(context2, "context");
            Intrinsics.checkNotNullParameter(keystoreEntryKey, "keystoreEntryKey");
            Intrinsics.checkNotNullParameter(cryptoKey, "cryptoKey");
            Intrinsics.checkNotNullParameter(secretKey, "secretKey");
            SharedPreferences sharedPreferences = context2.getSharedPreferences("r10.one.auth.master_key", 0);
            byte[] bArr = secretKey.f30785a;
            String a11 = r.a(secretKey.f30786b.f30782a);
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            SecretKey vaultKey = keyGenerator.generateKey();
            C0239b c0239b = b.f30769c;
            Intrinsics.checkNotNullExpressionValue(vaultKey, "vaultKey");
            byte[] encryptedKey = ((Cipher) c0239b.invoke(1, vaultKey)).doFinal(bArr);
            KeyProtection.Builder encryptionPaddings = new KeyProtection.Builder(3).setBlockModes("GCM").setEncryptionPaddings("NoPadding");
            Intrinsics.checkNotNullExpressionValue(encryptionPaddings, "Builder(KeyProperties.PU….ENCRYPTION_PADDING_NONE)");
            Object systemService = context2.getSystemService("keyguard");
            KeyguardManager keyguardManager = systemService instanceof KeyguardManager ? (KeyguardManager) systemService : null;
            if (keyguardManager != null) {
                if (keyguardManager.isDeviceSecure()) {
                    encryptionPaddings.setUserAuthenticationRequired(booleanValue);
                    if (Build.VERSION.SDK_INT > 29) {
                        encryptionPaddings.setUserAuthenticationParameters(intValue, 3);
                    } else {
                        encryptionPaddings.setUserAuthenticationValidityDurationSeconds(intValue);
                    }
                }
                KeyStore keyStore = b.f30768b;
                keyStore.load(null);
                keyStore.setEntry(a11, new KeyStore.SecretKeyEntry(vaultKey), encryptionPaddings.build());
                SharedPreferences.Editor edit = sharedPreferences.edit();
                edit.putString(keystoreEntryKey, a11);
                Intrinsics.checkNotNullExpressionValue(encryptedKey, "encryptedKey");
                edit.putString(cryptoKey, r.a(encryptedKey));
                edit.putBoolean(cryptoKey + "_require_auth", booleanValue);
                edit.apply();
            }
            return bArr;
        }
    }

    /* compiled from: AndroidKeystore.kt */
    /* renamed from: f40.b$b, reason: collision with other inner class name */
    /* loaded from: classes2.dex */
    public static final class C0239b extends Lambda implements Function2<Integer, Key, Cipher> {

        /* renamed from: a, reason: collision with root package name */
        public static final C0239b f30774a = new Lambda(2);

        @Override // kotlin.jvm.functions.Function2
        public final Cipher invoke(Integer num, Key key) {
            int intValue = num.intValue();
            Key key2 = key;
            Intrinsics.checkNotNullParameter(key2, "key");
            byte[] bArr = new byte[12];
            ArraysKt___ArraysJvmKt.fill$default(bArr, (byte) 9, 0, 0, 6, (Object) null);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(intValue, key2, new GCMParameterSpec(128, bArr));
            return cipher;
        }
    }

    /* compiled from: AndroidKeystore.kt */
    /* loaded from: classes2.dex */
    public static final class c extends Lambda implements Function3<Context, Integer, Boolean, i> {

        /* renamed from: a, reason: collision with root package name */
        public static final c f30775a = new Lambda(3);

        /* JADX WARN: Code restructure failed: missing block: B:5:0x0027, code lost:
        
            if (r9 == false) goto L9;
         */
        @Override // kotlin.jvm.functions.Function3
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public final f40.i invoke(android.content.Context r8, java.lang.Integer r9, java.lang.Boolean r10) {
            /*
                r7 = this;
                r1 = r8
                android.content.Context r1 = (android.content.Context) r1
                java.lang.Number r9 = (java.lang.Number) r9
                int r8 = r9.intValue()
                java.lang.Boolean r10 = (java.lang.Boolean) r10
                boolean r9 = r10.booleanValue()
                java.lang.String r10 = "context"
                kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r1, r10)
                f40.b r10 = f40.b.f30767a
                java.lang.String r10 = "keyguard"
                java.lang.Object r10 = r1.getSystemService(r10)
                android.app.KeyguardManager r10 = (android.app.KeyguardManager) r10
                if (r10 == 0) goto L2a
                boolean r10 = r10.isDeviceSecure()
                r0 = 1
                if (r10 != r0) goto L2a
                if (r9 != 0) goto L2a
                goto L2b
            L2a:
                r0 = 0
            L2b:
                f40.i r6 = new f40.i
                r6.<init>()
                f40.i r9 = new f40.i
                java.lang.String r10 = "alias"
                java.lang.String r2 = "key"
                byte[] r10 = f40.b.d(r1, r10, r2, r0)
                if (r10 != 0) goto L52
                f40.b$a r10 = f40.b.f30770d
                java.lang.Integer r2 = java.lang.Integer.valueOf(r8)
                java.lang.Boolean r3 = java.lang.Boolean.valueOf(r0)
                java.lang.String r4 = "alias"
                java.lang.String r5 = "key"
                r0 = r10
                java.lang.Object r8 = r0.invoke(r1, r2, r3, r4, r5, r6)
                r10 = r8
                byte[] r10 = (byte[]) r10
            L52:
                r9.<init>(r10)
                return r9
            */
            throw new UnsupportedOperationException("Method not decompiled: f40.b.c.invoke(java.lang.Object, java.lang.Object, java.lang.Object):java.lang.Object");
        }
    }

    /* compiled from: AndroidKeystore.kt */
    /* loaded from: classes2.dex */
    public static final class d extends Lambda implements Function1<Context, f> {

        /* renamed from: a, reason: collision with root package name */
        public static final d f30776a = new Lambda(1);

        @Override // kotlin.jvm.functions.Function1
        public final f invoke(Context context) {
            Context context2 = context;
            Intrinsics.checkNotNullParameter(context2, "context");
            String string = context2.getSharedPreferences("r10.one.auth.master_key", 0).getString("alias", null);
            if (string != null) {
                return new f(r.e(string));
            }
            return null;
        }
    }

    public static byte[] d(Context context, String str, String str2, boolean z11) {
        String it;
        SharedPreferences sharedPreferences = context.getSharedPreferences("r10.one.auth.master_key", 0);
        if (sharedPreferences.contains(str2 + "_require_auth")) {
            if (sharedPreferences.getBoolean(str2 + "_require_auth", false) != z11) {
                Intrinsics.checkNotNullParameter(context, "context");
                SharedPreferences.Editor edit = context.getSharedPreferences("r10.one.auth.master_key", 0).edit();
                edit.remove("alias");
                edit.remove("key").apply();
                return null;
            }
        }
        try {
            String string = sharedPreferences.getString(str, null);
            if (string == null) {
                return null;
            }
            KeyStore keyStore = f30768b;
            keyStore.load(null);
            Key key = keyStore.getKey(string, null);
            if (key == null || (it = sharedPreferences.getString(str2, null)) == null) {
                return null;
            }
            Intrinsics.checkNotNullExpressionValue(it, "it");
            return ((Cipher) f30769c.invoke(2, key)).doFinal(r.e(it));
        } catch (KeyPermanentlyInvalidatedException unused) {
            return null;
        } catch (UserNotAuthenticatedException e11) {
            throw new UserPresenceRequiredError(e11);
        }
    }

    @Override // f40.h
    public final d a() {
        return f30772f;
    }

    @Override // f40.h
    public final c b() {
        return f30771e;
    }

    @Override // f40.h
    public final void c(Context context, String kid) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(kid, "kid");
        SharedPreferences.Editor edit = context.getSharedPreferences("r10.one.auth.master_key", 0).edit();
        edit.remove("alias_ephemeral_" + kid);
        edit.remove("key_ephemeral_" + kid).apply();
    }

    public final Ed25519KeyPair e(Context context, String kid) {
        Intrinsics.checkNotNullParameter(kid, "kid");
        Intrinsics.checkNotNullParameter(context, "context");
        byte[] d11 = d(context, "alias_ephemeral_" + kid, "key_ephemeral_" + kid, false);
        if (d11 == null) {
            return null;
        }
        Ed25519KeyPair.INSTANCE.getClass();
        return Ed25519KeyPair.Companion.a(d11);
    }

    public final SecretKeySpec f(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        byte[] d11 = d(context, "metadata_alias", "metadata_key", false);
        if (d11 == null) {
            d11 = new byte[32];
            Intrinsics.checkNotNullParameter(d11, "<this>");
            new SecureRandom().nextBytes(d11);
            f30770d.invoke(context, 0, Boolean.FALSE, "metadata_alias", "metadata_key", new i(d11));
        }
        return new SecretKeySpec(d11, "AES");
    }
}
