package defpackage;

import android.content.Context;
import android.content.pm.PackageManager;
import android.security.keystore.KeyExpiredException;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.KeyProperties;
import android.security.keystore.UserNotAuthenticatedException;
import android.security.keystore.UserPresenceUnavailableException;
import android.security.keystore2.AndroidKeyStoreSpi;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.ECGenParameterSpec;
import java.util.Locale;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes11.dex */
public final class avlv implements avmt {
    private static final avyf a = avyf.SECP256R1;
    private final Context b;

    public avlv(Context context) {
        etbk.A(context);
        this.b = context;
    }

    private static boolean g(bgbi bgbiVar, String str, InvalidKeyException invalidKeyException) {
        if ((invalidKeyException instanceof UserNotAuthenticatedException) || (invalidKeyException instanceof UserPresenceUnavailableException)) {
            return true;
        }
        if (!(invalidKeyException instanceof KeyPermanentlyInvalidatedException) && !(invalidKeyException instanceof KeyExpiredException)) {
            throw new avyh("Error looking up Android KeyStore key", invalidKeyException);
        }
        try {
            bgbiVar.b(str);
            return false;
        } catch (KeyStoreException | bgbh unused) {
            return false;
        }
    }

    private static final bgbi h() {
        try {
            return bgbi.a();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException | bgbh e) {
            throw new avyh("Unable to access Android KeyStore.", e);
        }
    }

    private static final KeyStore.Entry i(avvv avvvVar) {
        try {
            KeyStore.Entry d = h().d(avvvVar.b());
            if (d != null) {
                return d;
            }
            throw new avyh(a.h(avvvVar, "Key does not exist in Android KeyStore: "));
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | bgbh e) {
            throw new avyh("Error retrieving Android KeyStore entry", e);
        }
    }

    @Override // defpackage.avmt
    public final PublicKey a(avvv avvvVar, byte[] bArr) {
        return ((KeyStore.PrivateKeyEntry) i(avvvVar)).getCertificate().getPublicKey();
    }

    @Override // defpackage.avmt
    public final Signature b(avvv avvvVar, byte[] bArr) {
        PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) i(avvvVar)).getPrivateKey();
        try {
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initSign(privateKey);
            return signature;
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new avyh("Unable to initialize signature", e);
        }
    }

    @Override // defpackage.avmt
    public final void c(avvv avvvVar) {
        etbk.A(avvvVar);
        try {
            h().b(avvvVar.b());
        } catch (KeyStoreException | bgbh e) {
            throw new avyh("Error deleting Android KeyStore key", e);
        }
    }

    @Override // defpackage.avmt
    public final boolean d(avvv avvvVar, byte[] bArr) {
        String b = avvvVar.b();
        bgbi h = h();
        if (!gavp.c()) {
            try {
                return h.c(b);
            } catch (KeyStoreException | bgbh e) {
                throw new avyh("Error looking up Android KeyStore key", e);
            }
        }
        try {
            KeyStore.Entry d = h.d(b);
            if (d == null) {
                return false;
            }
            Signature.getInstance("SHA256withECDSA").initSign(((KeyStore.PrivateKeyEntry) d).getPrivateKey());
            return true;
        } catch (InvalidKeyException e2) {
            return g(h, b, e2);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | bgbh e3) {
            throw new avyh("Error looking up Android KeyStore key", e3);
        }
    }

    @Override // defpackage.avmt
    public final byte[] e(avvv avvvVar, boolean z) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_EC, AndroidKeyStoreSpi.NAME);
            KeyGenParameterSpec.Builder algorithmParameterSpec = new KeyGenParameterSpec.Builder(avvvVar.b(), 4).setDigests("SHA-256").setAlgorithmParameterSpec(new ECGenParameterSpec(a.name().toLowerCase(Locale.US)));
            if (((avvx) avvvVar).a.equals(avvy.STRONGBOX_KEY)) {
                etbk.a(true);
                etbk.a(this.b.getPackageManager().hasSystemFeature(PackageManager.FEATURE_STRONGBOX_KEYSTORE));
                algorithmParameterSpec = algorithmParameterSpec.setIsStrongBoxBacked(true).setUserPresenceRequired(true);
            } else if (!gawb.a.b().a()) {
                algorithmParameterSpec = algorithmParameterSpec.setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds((int) gawe.c());
            }
            keyPairGenerator.initialize(algorithmParameterSpec.build());
            keyPairGenerator.generateKeyPair();
            if (!z) {
                return null;
            }
            try {
                return avyb.b(new SecureRandom()).c().s();
            } catch (frdy e) {
                throw new avyh("Unable to encode Cable credential data", e);
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e2) {
            throw new avyh("Could not create Android KeyStore key pair", e2);
        }
    }

    @Override // defpackage.avmt
    public final avyb f(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        try {
            return avyb.a(free.q(bArr));
        } catch (frdx e) {
            throw new avyh("Unable to decode Cable credential data", e);
        }
    }
}
