package com.oath.mobile.platform.phoenix.core;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.annotation.RequiresApi;
import com.verizondigitalmedia.mobile.client.android.nielsen.Constants;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECField;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.EllipticCurve;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;

/* compiled from: Yahoo */
@RequiresApi(api = 23)
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000,\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\u0007\bÇ\u0002\u0018\u0000B\t\b\u0002¢\u0006\u0004\b\u001b\u0010\u0019J\u0017\u0010\u0003\u001a\u00020\u00012\u0006\u0010\u0002\u001a\u00020\u0001H\u0007¢\u0006\u0004\b\u0003\u0010\u0004J\u0017\u0010\u0005\u001a\u00020\u00012\u0006\u0010\u0002\u001a\u00020\u0001H\u0007¢\u0006\u0004\b\u0005\u0010\u0004J\u000f\u0010\u0007\u001a\u00020\u0006H\u0007¢\u0006\u0004\b\u0007\u0010\bJ\u0017\u0010\u000b\u001a\u00020\n2\u0006\u0010\t\u001a\u00020\u0006H\u0007¢\u0006\u0004\b\u000b\u0010\fJ\u000f\u0010\u000e\u001a\u00020\rH\u0007¢\u0006\u0004\b\u000e\u0010\u000fJ\u0017\u0010\u0011\u001a\u00020\u00012\u0006\u0010\u0010\u001a\u00020\u0001H\u0007¢\u0006\u0004\b\u0011\u0010\u0004R\u0016\u0010\u0012\u001a\u00020\u00018\u0002@\u0002X\u0082T¢\u0006\u0006\n\u0004\b\u0012\u0010\u0013R\u0016\u0010\u0014\u001a\u00020\u00018\u0002@\u0002X\u0082T¢\u0006\u0006\n\u0004\b\u0014\u0010\u0013R\u001e\u0010\u001a\u001a\u0004\u0018\u00010\u00158F@\u0007X\u0087\u0004¢\u0006\f\u0012\u0004\b\u0018\u0010\u0019\u001a\u0004\b\u0016\u0010\u0017¨\u0006\u001c"}, d2 = {"Lcom/oath/mobile/platform/phoenix/core/KeyStoreUtils;", "", Constants.EVENT_KEY_DATA, "decrypt", "(Ljava/lang/String;)Ljava/lang/String;", "encrypt", "Ljava/security/PublicKey;", "generateDCRKeyPair", "()Ljava/security/PublicKey;", "publicKey", "Lcom/google/gson/JsonObject;", "generateJwkFromPublicKey", "(Ljava/security/PublicKey;)Lcom/google/gson/JsonObject;", "", "isDcrKeyPairAvailable", "()Z", "input", "sign", "KEY_ALIAS", "Ljava/lang/String;", "KEY_NAME", "Ljava/security/KeyPair;", "getDcrKeyPair", "()Ljava/security/KeyPair;", "dcrKeyPair$annotations", "()V", "dcrKeyPair", "<init>", "dynamic-client-reg_release"}, k = 1, mv = {1, 1, 15}, pn = "", xi = 0, xs = "")
/* loaded from: classes2.dex */
public final class KeyStoreUtils {
    public static final KeyStoreUtils INSTANCE = new KeyStoreUtils();
    private static final String KEY_ALIAS = "secp256r1";
    private static final String KEY_NAME = "dcrKey";

    private KeyStoreUtils() {
    }

    public static /* synthetic */ void dcrKeyPair$annotations() {
    }

    public static final String decrypt(String data) {
        kotlin.jvm.internal.l.g(data, "data");
        if (!isDcrKeyPairAvailable()) {
            return data;
        }
        KeyPair dcrKeyPair = getDcrKeyPair();
        if (dcrKeyPair == null) {
            kotlin.jvm.internal.l.n();
            throw null;
        }
        PrivateKey privateKey = dcrKeyPair.getPrivate();
        kotlin.jvm.internal.l.c(privateKey, "dcrKeyPair!!.private");
        Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
        cipher.init(2, privateKey);
        byte[] decodedData = cipher.doFinal(Base64.decode(data, 0));
        kotlin.jvm.internal.l.c(decodedData, "decodedData");
        Charset charset = StandardCharsets.UTF_8;
        kotlin.jvm.internal.l.c(charset, "StandardCharsets.UTF_8");
        return new String(decodedData, charset);
    }

    public static final String encrypt(String data) {
        kotlin.jvm.internal.l.g(data, "data");
        if (!isDcrKeyPairAvailable()) {
            return data;
        }
        KeyPair dcrKeyPair = getDcrKeyPair();
        if (dcrKeyPair == null) {
            kotlin.jvm.internal.l.n();
            throw null;
        }
        PublicKey publicKey = dcrKeyPair.getPublic();
        kotlin.jvm.internal.l.c(publicKey, "dcrKeyPair!!.public");
        Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
        cipher.init(1, publicKey);
        byte[] bytes = data.getBytes(kotlin.i0.e.a);
        kotlin.jvm.internal.l.c(bytes, "(this as java.lang.String).getBytes(charset)");
        String encodeToString = Base64.encodeToString(cipher.doFinal(bytes), 0);
        kotlin.jvm.internal.l.c(encodeToString, "Base64.encodeToString(bytes, Base64.DEFAULT)");
        return encodeToString;
    }

    public static final PublicKey generateDCRKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
        KeyGenParameterSpec.Builder digests = new KeyGenParameterSpec.Builder(KEY_NAME, 4).setAlgorithmParameterSpec(new ECGenParameterSpec(KEY_ALIAS)).setDigests("SHA-256");
        String format = String.format("CN=%s", Arrays.copyOf(new Object[]{KEY_ALIAS}, 1));
        kotlin.jvm.internal.l.c(format, "java.lang.String.format(format, *args)");
        keyPairGenerator.initialize(digests.setCertificateSubject(new X500Principal(format)).build());
        KeyPair keyPair = keyPairGenerator.genKeyPair();
        Signature signature = Signature.getInstance("SHA256withECDSA");
        kotlin.jvm.internal.l.c(keyPair, "keyPair");
        signature.initSign(keyPair.getPrivate());
        PublicKey publicKey = keyPair.getPublic();
        kotlin.jvm.internal.l.c(publicKey, "keyPair.public");
        return publicKey;
    }

    public static final g.f.g.u generateJwkFromPublicKey(PublicKey publicKey) {
        kotlin.jvm.internal.l.g(publicKey, "publicKey");
        g.f.g.u uVar = new g.f.g.u();
        uVar.D("kty", publicKey.getAlgorithm());
        uVar.D("use", "sig");
        ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
        StringBuilder r1 = g.b.c.a.a.r1("P-");
        ECParameterSpec params = eCPublicKey.getParams();
        kotlin.jvm.internal.l.c(params, "ecPublicKey.params");
        EllipticCurve curve = params.getCurve();
        kotlin.jvm.internal.l.c(curve, "ecPublicKey.params.curve");
        ECField field = curve.getField();
        kotlin.jvm.internal.l.c(field, "ecPublicKey.params.curve.field");
        r1.append(field.getFieldSize());
        uVar.D("crv", r1.toString());
        ECPoint w = eCPublicKey.getW();
        kotlin.jvm.internal.l.c(w, "ecPublicKey.w");
        String encodeToString = Base64.encodeToString(w.getAffineX().toByteArray(), 8);
        kotlin.jvm.internal.l.c(encodeToString, "Base64.encodeToString(ec…Array(), Base64.URL_SAFE)");
        uVar.D("x", kotlin.i0.c.k0(encodeToString).toString());
        ECPoint w2 = eCPublicKey.getW();
        kotlin.jvm.internal.l.c(w2, "ecPublicKey.w");
        String encodeToString2 = Base64.encodeToString(w2.getAffineY().toByteArray(), 8);
        kotlin.jvm.internal.l.c(encodeToString2, "Base64.encodeToString(ec…Array(), Base64.URL_SAFE)");
        uVar.D("y", kotlin.i0.c.k0(encodeToString2).toString());
        return uVar;
    }

    public static final KeyPair getDcrKeyPair() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, UnrecoverableKeyException {
        if (!isDcrKeyPairAvailable()) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        Key key = keyStore.getKey(KEY_NAME, null);
        if (key == null) {
            throw new kotlin.p("null cannot be cast to non-null type java.security.PrivateKey");
        }
        Certificate certificate = keyStore.getCertificate(KEY_NAME);
        kotlin.jvm.internal.l.c(certificate, "keyStore.getCertificate(KEY_NAME)");
        PublicKey publicKey = certificate.getPublicKey();
        kotlin.jvm.internal.l.c(publicKey, "keyStore.getCertificate(KEY_NAME).publicKey");
        return new KeyPair(publicKey, (PrivateKey) key);
    }

    public static final boolean isDcrKeyPairAvailable() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return keyStore.isKeyEntry(KEY_NAME);
    }

    public static final String sign(String input) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, SignatureException, InvalidKeyException {
        kotlin.jvm.internal.l.g(input, "input");
        if (!isDcrKeyPairAvailable()) {
            return "";
        }
        KeyPair dcrKeyPair = getDcrKeyPair();
        if (dcrKeyPair == null) {
            kotlin.jvm.internal.l.n();
            throw null;
        }
        PrivateKey privateKey = dcrKeyPair.getPrivate();
        kotlin.jvm.internal.l.c(privateKey, "dcrKeyPair!!.private");
        Charset forName = Charset.forName("UTF8");
        kotlin.jvm.internal.l.c(forName, "Charset.forName(charsetName)");
        byte[] bytes = input.getBytes(forName);
        kotlin.jvm.internal.l.c(bytes, "(this as java.lang.String).getBytes(charset)");
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(privateKey);
        signature.update(bytes);
        byte[] sign = signature.sign();
        kotlin.jvm.internal.l.c(sign, "signature.sign()");
        String encodeToString = Base64.encodeToString(sign, 8);
        kotlin.jvm.internal.l.c(encodeToString, "Base64.encodeToString(si…reBytes, Base64.URL_SAFE)");
        return kotlin.i0.c.k0(encodeToString).toString();
    }
}
