package defpackage;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyExpiredException;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.UserNotAuthenticatedException;
import android.security.keystore.UserPresenceUnavailableException;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.ECGenParameterSpec;
import java.util.Locale;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: :com.google.android.gms@202414017@20.24.14 (040306-319035315) */
/* loaded from: classes2.dex */
public final class xdk implements xdq {
    private static final xmd a = xmd.SECP256R1;
    private final Context b;

    public xdk(Context context) {
        bowv.a(context);
        this.b = context;
    }

    private static final adfe a() {
        try {
            return new adfe();
        } catch (adfd | IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new xmf("Unable to access Android KeyStore.", e);
        }
    }

    private static boolean a(adfe adfeVar, String str, InvalidKeyException invalidKeyException) {
        int i = Build.VERSION.SDK_INT;
        if (invalidKeyException instanceof UserNotAuthenticatedException) {
            return true;
        }
        if (sts.e() && (invalidKeyException instanceof UserPresenceUnavailableException)) {
            return true;
        }
        if (!(invalidKeyException instanceof KeyPermanentlyInvalidatedException) && !(invalidKeyException instanceof KeyExpiredException)) {
            throw new xmf("Error looking up Android KeyStore key", invalidKeyException);
        }
        try {
            adfeVar.b(str);
            return false;
        } catch (adfd e) {
            return false;
        } catch (KeyStoreException e2) {
            return false;
        }
    }

    private static final KeyStore.Entry b(xkc xkcVar) {
        bowv.a(xkcVar);
        try {
            KeyStore.Entry c = a().c(xkcVar.b());
            if (c != null) {
                return c;
            }
            String valueOf = String.valueOf(xkcVar);
            StringBuilder sb = new StringBuilder(String.valueOf(valueOf).length() + 40);
            sb.append("Key does not exist in Android KeyStore: ");
            sb.append(valueOf);
            throw new xmf(sb.toString());
        } catch (adfd | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
            throw new xmf("Error retrieving Android KeyStore entry", e);
        }
    }

    @Override // defpackage.xdq
    public final xlz a(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        try {
            return xlz.a(cavn.b(bArr));
        } catch (cavg e) {
            throw new xmf("Unable to decode Cable credential data", e);
        }
    }

    @Override // defpackage.xdq
    public final void a(xkc xkcVar) {
        bowv.a(xkcVar);
        try {
            a().b(xkcVar.b());
        } catch (adfd | KeyStoreException e) {
            throw new xmf("Error deleting Android KeyStore key", e);
        }
    }

    @Override // defpackage.xdq
    public final boolean a(xkc xkcVar, byte[] bArr) {
        bowv.a(xkcVar);
        String b = xkcVar.b();
        adfe a2 = a();
        if (!cgfb.b()) {
            try {
                return a2.a(b);
            } catch (adfd | KeyStoreException e) {
                throw new xmf("Error looking up Android KeyStore key", e);
            }
        }
        try {
            KeyStore.Entry c = a2.c(b);
            if (c == null) {
                return false;
            }
            Signature.getInstance("SHA256withECDSA").initSign(((KeyStore.PrivateKeyEntry) c).getPrivateKey());
            return true;
        } catch (adfd e2) {
            e = e2;
            throw new xmf("Error looking up Android KeyStore key", e);
        } catch (InvalidKeyException e3) {
            return a(a2, b, e3);
        } catch (KeyStoreException e4) {
            e = e4;
            throw new xmf("Error looking up Android KeyStore key", e);
        } catch (NoSuchAlgorithmException e5) {
            e = e5;
            throw new xmf("Error looking up Android KeyStore key", e);
        } catch (UnrecoverableEntryException e6) {
            e = e6;
            throw new xmf("Error looking up Android KeyStore key", e);
        }
    }

    @Override // defpackage.xdq
    public final byte[] a(xkc xkcVar, boolean z) {
        KeyGenParameterSpec.Builder userAuthenticationValidityDurationSeconds;
        bowv.a(xkcVar);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            KeyGenParameterSpec.Builder algorithmParameterSpec = new KeyGenParameterSpec.Builder(xkcVar.b(), 4).setDigests("SHA-256").setAlgorithmParameterSpec(new ECGenParameterSpec(a.name().toLowerCase(Locale.US)));
            if (((xke) xkcVar).a.equals(xkf.STRONGBOX_KEY)) {
                bowv.a(sts.e());
                bowv.a(this.b.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore"));
                userAuthenticationValidityDurationSeconds = algorithmParameterSpec.setIsStrongBoxBacked(true).setUserPresenceRequired(true);
            } else {
                userAuthenticationValidityDurationSeconds = algorithmParameterSpec.setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(((Integer) xms.f.c()).intValue());
            }
            keyPairGenerator.initialize(userAuthenticationValidityDurationSeconds.build());
            keyPairGenerator.generateKeyPair();
            if (!z) {
                return null;
            }
            try {
                return xlz.a(new SecureRandom()).a().c();
            } catch (cavh e) {
                throw new xmf("Unable to encode Cable credential data", e);
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e2) {
            throw new xmf("Could not create Android KeyStore key pair", e2);
        }
    }

    @Override // defpackage.xdq
    public final PublicKey b(xkc xkcVar, byte[] bArr) {
        bowv.a(xkcVar);
        return ((KeyStore.PrivateKeyEntry) b(xkcVar)).getCertificate().getPublicKey();
    }

    @Override // defpackage.xdq
    public final Signature c(xkc xkcVar, byte[] bArr) {
        bowv.a(xkcVar);
        PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) b(xkcVar)).getPrivateKey();
        try {
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initSign(privateKey);
            return signature;
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new xmf("Unable to initialize signature", e);
        }
    }
}
