package defpackage;

import android.accounts.Account;
import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Base64;
import android.util.Log;
import com.google.android.gms.wallet.shared.ApplicationParameters;
import com.google.android.gms.wallet.shared.BuyFlowConfig;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.util.UUID;

/* compiled from: :com.google.android.gms@210214047@21.02.14 (150406-352619232) */
/* loaded from: classes4.dex */
public final class ayfq {
    private static final Charset a = Charset.forName("UTF-8");
    private final BuyFlowConfig b;
    private final Context c;

    public ayfq(Context context, BuyFlowConfig buyFlowConfig) {
        this.b = buyFlowConfig;
        this.c = context;
    }

    public static ayfq a(Context context, BuyFlowConfig buyFlowConfig) {
        return new ayfq(context.getApplicationContext(), buyFlowConfig);
    }

    static final ECPublicKey c(String str, int i, String str2) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            KeyGenParameterSpec.Builder userAuthenticationValidityDurationSeconds = new KeyGenParameterSpec.Builder(str, 4).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setDigests("SHA-256").setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(i);
            userAuthenticationValidityDurationSeconds.setAttestationChallenge(str2.getBytes(a));
            keyPairGenerator.initialize(userAuthenticationValidityDurationSeconds.build());
            return (ECPublicKey) keyPairGenerator.generateKeyPair().getPublic();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new RuntimeException(e);
        }
    }

    static final KeyStore d() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return keyStore;
    }

    private final void j(Throwable th) {
        if (rsg.a()) {
            Log.e("KeyStoreUtils", "UncaughtException", th);
        } else {
            ayyq.b(this.c, th);
        }
    }

    private final Signature k(KeyStore keyStore, int i) {
        if (!keyStore.containsAlias(i(i))) {
            return null;
        }
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(i(i), null);
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(privateKey);
        return signature;
    }

    public final byte[] b(byte[] bArr, Signature signature) {
        try {
            signature.update(bArr);
            return signature.sign();
        } catch (SignatureException e) {
            ayyq.b(this.c, e);
            return null;
        }
    }

    public final boolean e(int i) {
        try {
            try {
                KeyStore d = d();
                if (i != 3) {
                    return k(d, i) != null;
                }
                if (!cmnk.a.a().a()) {
                    return d.containsAlias(i(3));
                }
                try {
                    return k(d, 3) != null;
                } catch (InvalidKeyException e) {
                    if (e instanceof UserNotAuthenticatedException) {
                        return true;
                    }
                    if (e instanceof KeyPermanentlyInvalidatedException) {
                        return false;
                    }
                    throw e;
                }
            } catch (InvalidKeyException e2) {
                e = e2;
                j(e);
                return false;
            }
        } catch (IOException e3) {
            e = e3;
            j(e);
            return false;
        } catch (KeyStoreException e4) {
            e = e4;
            j(e);
            return false;
        } catch (NoSuchAlgorithmException e5) {
            e = e5;
            j(e);
            return false;
        } catch (UnrecoverableKeyException e6) {
            e = e6;
            j(e);
            return false;
        } catch (CertificateException e7) {
            e = e7;
            j(e);
            return false;
        }
    }

    public final Signature f(int i) {
        try {
            return k(d(), i);
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            j(e);
            return null;
        }
    }

    public final bpdm g(int i) {
        int i2;
        String uuid = UUID.randomUUID().toString();
        int i3 = i - 1;
        if (i3 == 1) {
            i2 = -1;
        } else {
            if (i3 != 2) {
                throw new AssertionError("Unsupported authenticator");
            }
            i2 = (int) cmnk.a.a().b();
        }
        String i4 = i(i);
        String valueOf = String.valueOf(uuid);
        ECPublicKey c = c(i4, i2, valueOf.length() != 0 ? "GooglePaymentsUserAuthKey:".concat(valueOf) : new String("GooglePaymentsUserAuthKey:"));
        ccbc s = bpdm.g.s();
        if (s.c) {
            s.w();
            s.c = false;
        }
        bpdm bpdmVar = (bpdm) s.b;
        bpdmVar.e = i3;
        int i5 = bpdmVar.a | 8;
        bpdmVar.a = i5;
        uuid.getClass();
        int i6 = i5 | 4;
        bpdmVar.a = i6;
        bpdmVar.d = uuid;
        bpdmVar.c = 1;
        bpdmVar.a = i6 | 2;
        String encodeToString = Base64.encodeToString(ayfm.a(c.getW()), 2);
        if (s.c) {
            s.w();
            s.c = false;
        }
        bpdm bpdmVar2 = (bpdm) s.b;
        encodeToString.getClass();
        bpdmVar2.a |= 1;
        bpdmVar2.b = encodeToString;
        try {
            Certificate[] certificateChain = d().getCertificateChain(i(i));
            if (certificateChain != null) {
                ccbc s2 = bpdf.b.s();
                for (Certificate certificate : certificateChain) {
                    cbzw x = cbzw.x(certificate.getEncoded());
                    if (s2.c) {
                        s2.w();
                        s2.c = false;
                    }
                    bpdf bpdfVar = (bpdf) s2.b;
                    cccb cccbVar = bpdfVar.a;
                    if (!cccbVar.a()) {
                        bpdfVar.a = ccbj.I(cccbVar);
                    }
                    bpdfVar.a.add(x);
                }
                if (s.c) {
                    s.w();
                    s.c = false;
                }
                bpdm bpdmVar3 = (bpdm) s.b;
                bpdf bpdfVar2 = (bpdf) s2.C();
                bpdfVar2.getClass();
                bpdmVar3.f = bpdfVar2;
                bpdmVar3.a |= 16;
            }
            return (bpdm) s.C();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    public final void h(int i) {
        try {
            KeyStore d = d();
            if (d.containsAlias(i(i))) {
                d.deleteEntry(i(i));
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            ayyq.b(this.c, e);
        }
    }

    final String i(int i) {
        ApplicationParameters applicationParameters = this.b.b;
        int i2 = applicationParameters.a;
        Account account = applicationParameters.b;
        aygg ayggVar = new aygg();
        ayggVar.b(i2);
        ayggVar.c(account.name);
        if (i != 2) {
            bpza.l(i == 3, "Unsupported authenticator");
            ayggVar.c("LOCKSCREEN");
        }
        String valueOf = String.valueOf(ayggVar.a());
        return rqo.a((valueOf.length() != 0 ? "com.google.android.gms.wallet.keys:".concat(valueOf) : new String("com.google.android.gms.wallet.keys:")).getBytes(a));
    }
}
