package X;

import android.security.KeyPairGeneratorSpec;
import android.text.TextUtils;
import android.util.Base64;
import androidx.core.view.inputmethod.EditorInfoCompat;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.json.JSONException;
import org.json.JSONObject;

/* renamed from: X.70M, reason: invalid class name */
/* loaded from: classes4.dex */
public class C70M {
    public KeyStore A00;
    public JSONObject A01;
    public boolean A02;
    public final C12N A03;
    public final C25041Ks A04;
    public final C25051Kt A05 = C25051Kt.A00("PaymentTrustedDeviceManager", "infra", "COMMON");
    public final InterfaceC19080wo A06;

    public C70M(C12N c12n, C25041Ks c25041Ks, InterfaceC19080wo interfaceC19080wo) {
        this.A03 = c12n;
        this.A04 = c25041Ks;
        this.A06 = interfaceC19080wo;
    }

    private synchronized void A00() {
        byte[] decode;
        if (!this.A02) {
            A06();
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                this.A00 = keyStore;
                keyStore.load(null);
                C25041Ks c25041Ks = this.A04;
                if (!AbstractC18800wF.A1V(c25041Ks.A03(), "payment_trusted_device_credential_use_keystore") && !AbstractC18800wF.A1V(c25041Ks.A03(), "payment_trusted_device_credential_use_keystore")) {
                    try {
                        Calendar calendar = Calendar.getInstance();
                        Calendar calendar2 = Calendar.getInstance();
                        calendar2.add(1, 50);
                        KeyPairGeneratorSpec build = C5T3.A0O(new KeyPairGeneratorSpec.Builder(this.A03.A00).setAlias("payment_trusted_device_key_alias").setSubject(new X500Principal("CN=payment_trusted_device_key_alias")), BigInteger.TEN, calendar, calendar2).build();
                        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                        keyPairGenerator.initialize(build);
                        keyPairGenerator.generateKeyPair();
                    } catch (Exception e) {
                        A01(this.A05, e, "generate RSA key pairs fails: ", AnonymousClass000.A14());
                    }
                    A02();
                }
                this.A02 = true;
            } catch (Exception e2) {
                A01(this.A05, e2, "keystore init fails: ", AnonymousClass000.A14());
            }
            String A0m = AbstractC18800wF.A0m(this.A04.A03(), "payment_trusted_device_credential");
            if (!TextUtils.isEmpty(A0m) && (decode = Base64.decode(A0m, 3)) != null) {
                A07(decode, 1);
            }
        }
    }

    public static void A01(C25051Kt c25051Kt, Object obj, String str, StringBuilder sb) {
        sb.append(str);
        sb.append(obj.toString());
        c25051Kt.A05(sb.toString());
    }

    private byte[] A02() {
        byte[] A1X = C5T1.A1X(16);
        byte[] bArr = null;
        try {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.A00.getEntry("payment_trusted_device_key_alias", null);
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, privateKeyEntry.getCertificate().getPublicKey());
            ByteArrayOutputStream A0z = AbstractC108785Sy.A0z();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(A0z, cipher);
            cipherOutputStream.write(A1X);
            cipherOutputStream.close();
            bArr = A0z.toByteArray();
        } catch (Exception e) {
            A01(this.A05, e, "RSA encrypt fails: ", AnonymousClass000.A14());
        }
        if (bArr != null) {
            C25041Ks c25041Ks = this.A04;
            AbstractC18800wF.A1B(c25041Ks.A03().edit(), "payment_trusted_device_credential_encrypted_aes", Base64.encodeToString(bArr, 3));
        }
        Arrays.fill(A1X, (byte) 0);
        return bArr;
    }

    private byte[] A03(byte[] bArr) {
        byte[] A02;
        byte[] A04;
        try {
            String string = this.A04.A03().getString("payment_trusted_device_credential_encrypted_aes", null);
            if (TextUtils.isEmpty(string) || (A02 = Base64.decode(string, 3)) == null) {
                A02 = A02();
            }
            if (A02 == null || (A04 = A04(A02)) == null) {
                return null;
            }
            byte[] A1X = C5T1.A1X(16);
            SecretKeySpec secretKeySpec = new SecretKeySpec(A04, "AES");
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, secretKeySpec, new IvParameterSpec(A1X));
            byte[] doFinal = cipher.doFinal(bArr);
            int length = doFinal.length;
            byte[] bArr2 = new byte[16 + length];
            System.arraycopy(A1X, 0, bArr2, 0, 16);
            System.arraycopy(doFinal, 0, bArr2, 16, length);
            return bArr2;
        } catch (Exception e) {
            A01(this.A05, e, "encrypt key fails: ", AnonymousClass000.A14());
            return null;
        }
    }

    private byte[] A04(byte[] bArr) {
        try {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.A00.getEntry("payment_trusted_device_key_alias", null);
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(2, privateKeyEntry.getPrivateKey());
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                CipherInputStream cipherInputStream = new CipherInputStream(byteArrayInputStream, cipher);
                try {
                    ArrayList A17 = AnonymousClass000.A17();
                    while (true) {
                        int read = cipherInputStream.read();
                        if (read == -1) {
                            break;
                        }
                        A17.add(Byte.valueOf((byte) read));
                    }
                    int size = A17.size();
                    byte[] bArr2 = new byte[size];
                    for (int i = 0; i < size; i++) {
                        bArr2[i] = ((Byte) A17.get(i)).byteValue();
                    }
                    cipherInputStream.close();
                    byteArrayInputStream.close();
                    return bArr2;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            A01(this.A05, e, "RSA decrypt fails: ", AnonymousClass000.A14());
            return null;
        }
    }

    public PrivateKey A05(int i) {
        byte[] A02;
        byte[] A04;
        A00();
        A06();
        String optString = this.A01.optString(String.valueOf(i), null);
        byte[] decode = TextUtils.isEmpty(optString) ? null : Base64.decode(optString, 3);
        if (decode == null) {
            A00();
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
                keyPairGenerator.initialize(EditorInfoCompat.MEMORY_EFFICIENT_TEXT_LENGTH);
                PrivateKey privateKey = keyPairGenerator.genKeyPair().getPrivate();
                this.A06.get();
                byte[] A03 = A03(privateKey.getEncoded());
                if (A03 != null) {
                    A07(A03, i);
                    C25041Ks c25041Ks = this.A04;
                    if (!AbstractC18800wF.A1V(c25041Ks.A03(), "payment_trusted_device_credential_use_keystore")) {
                        AbstractC18800wF.A1C(c25041Ks.A03().edit(), "payment_trusted_device_credential_use_keystore", true);
                    }
                    Arrays.fill(A03, (byte) 0);
                    return privateKey;
                }
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                A01(this.A05, e, "generate RSA key fails: ", AnonymousClass000.A14());
            }
            return null;
        }
        try {
            C25041Ks c25041Ks2 = this.A04;
            if (AbstractC18800wF.A1V(c25041Ks2.A03(), "payment_trusted_device_credential_use_keystore")) {
                try {
                    String string = c25041Ks2.A03().getString("payment_trusted_device_credential_encrypted_aes", null);
                    if (TextUtils.isEmpty(string) || (A02 = Base64.decode(string, 3)) == null) {
                        A02 = A02();
                    }
                    if (A02 == null || (A04 = A04(A02)) == null) {
                        decode = null;
                    } else {
                        byte[] bArr = new byte[16];
                        System.arraycopy(decode, 0, bArr, 0, 16);
                        int length = decode.length - 16;
                        byte[] bArr2 = new byte[length];
                        System.arraycopy(decode, 16, bArr2, 0, length);
                        SecretKeySpec secretKeySpec = new SecretKeySpec(A04, "AES");
                        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                        cipher.init(2, secretKeySpec, new IvParameterSpec(bArr));
                        decode = cipher.doFinal(bArr2);
                    }
                } catch (Exception e2) {
                    A01(this.A05, e2, "decrypt key fails: ", AnonymousClass000.A14());
                    decode = null;
                }
            } else {
                byte[] A032 = A03(decode);
                if (A032 != null) {
                    A07(decode, i);
                    AbstractC18800wF.A1C(c25041Ks2.A03().edit(), "payment_trusted_device_credential_use_keystore", true);
                    Arrays.fill(A032, (byte) 0);
                }
            }
            if (decode == null) {
                return null;
            }
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(decode);
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            Arrays.fill(decode, (byte) 0);
            return keyFactory.generatePrivate(pKCS8EncodedKeySpec);
        } catch (Exception e3) {
            A01(this.A05, e3, "loadRSAKey fails, ", AnonymousClass000.A14());
            return null;
        }
    }

    public void A06() {
        try {
            String A0m = AbstractC18800wF.A0m(this.A04.A03(), "payments_trusted_device_credential_network_map");
            this.A01 = A0m != null ? AbstractC108785Sy.A1L(A0m) : AbstractC18800wF.A13();
        } catch (JSONException e) {
            this.A05.A05(AbstractC18810wG.A0V("JSONObject instantiation ", AnonymousClass000.A14(), e));
            this.A01 = AbstractC18800wF.A13();
        }
    }

    public synchronized void A07(byte[] bArr, int i) {
        try {
            this.A01.put(String.valueOf(i), Base64.encodeToString(bArr, 3));
            C25041Ks c25041Ks = this.A04;
            AbstractC18800wF.A1B(c25041Ks.A03().edit(), "payments_trusted_device_credential_network_map", this.A01.toString());
        } catch (JSONException unused) {
            this.A05.A05("setNetworkCredential failed");
        }
    }
}
