package X;

import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.text.TextUtils;
import android.util.Base64;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.json.JSONException;
import org.json.JSONObject;

/* renamed from: X.5z6, reason: invalid class name and case insensitive filesystem */
/* loaded from: classes4.dex */
public class C130225z6 {
    public KeyStore A00;
    public JSONObject A01;
    public boolean A02;
    public final C16530pI A03;
    public final C18540si A04;
    public final C30871Zj A05 = C117435Zz.A0V("PaymentTrustedDeviceManager", "infra");
    public final C22060yY A06;

    public C130225z6(C16530pI c16530pI, C18540si c18540si, C22060yY c22060yY) {
        this.A03 = c16530pI;
        this.A04 = c18540si;
        this.A06 = c22060yY;
    }

    public PrivateKey A00(int i2) {
        byte[] A04;
        byte[] A06;
        PrivateKey privateKey;
        A02();
        String optString = this.A01.optString(String.valueOf(i2), null);
        byte[] decode = TextUtils.isEmpty(optString) ? null : Base64.decode(optString, 3);
        if (decode == null) {
            A02();
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
                keyPairGenerator.initialize(2048);
                privateKey = keyPairGenerator.genKeyPair().getPrivate();
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
                this.A05.A05(C12940it.A0d(e2.toString(), C12940it.A0k("generate RSA key fails: ")));
            }
            if (Build.VERSION.SDK_INT < 18) {
                A03(privateKey.getEncoded(), i2);
                return privateKey;
            }
            byte[] A05 = A05(privateKey.getEncoded());
            if (A05 != null) {
                A03(A05, i2);
                C18540si c18540si = this.A04;
                if (!c18540si.A01().getBoolean("payment_trusted_device_credential_use_keystore", false)) {
                    C12940it.A0t(C117425Zy.A05(c18540si), "payment_trusted_device_credential_use_keystore", true);
                }
                Arrays.fill(A05, (byte) 0);
                return privateKey;
            }
            return null;
        }
        try {
            if (Build.VERSION.SDK_INT >= 18) {
                C18540si c18540si2 = this.A04;
                if (c18540si2.A01().getBoolean("payment_trusted_device_credential_use_keystore", false)) {
                    try {
                        String string = c18540si2.A01().getString("payment_trusted_device_credential_encrypted_aes", null);
                        if (TextUtils.isEmpty(string) || (A04 = Base64.decode(string, 3)) == null) {
                            A04 = A04();
                        }
                        if (A04 != null && (A06 = A06(A04)) != null) {
                            byte[] bArr = new byte[16];
                            System.arraycopy(decode, 0, bArr, 0, 16);
                            int length = decode.length - 16;
                            byte[] bArr2 = new byte[length];
                            System.arraycopy(decode, 16, bArr2, 0, length);
                            SecretKeySpec secretKeySpec = new SecretKeySpec(A06, "AES");
                            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                            cipher.init(2, secretKeySpec, new IvParameterSpec(bArr));
                            decode = cipher.doFinal(bArr2);
                        }
                    } catch (Exception e3) {
                        this.A05.A05(C12940it.A0d(e3.toString(), C12940it.A0k("decrypt key fails: ")));
                    }
                    decode = null;
                } else {
                    byte[] A052 = A05(decode);
                    if (A052 != null) {
                        A03(decode, i2);
                        C12940it.A0t(C117425Zy.A05(c18540si2), "payment_trusted_device_credential_use_keystore", true);
                        Arrays.fill(A052, (byte) 0);
                    }
                }
            }
            if (decode == null) {
                return null;
            }
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(decode);
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            Arrays.fill(decode, (byte) 0);
            return keyFactory.generatePrivate(pKCS8EncodedKeySpec);
        } catch (Exception e4) {
            this.A05.A05(C12940it.A0d(e4.toString(), C12940it.A0k("loadRSAKey fails, ")));
            return null;
        }
    }

    public final void A01() {
        if (C12960iv.A1V(this.A04.A01(), "payment_trusted_device_credential_use_keystore")) {
            return;
        }
        try {
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 50);
            KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.A03.A00).setAlias("payment_trusted_device_key_alias").setSubject(new X500Principal("CN=payment_trusted_device_key_alias")).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
        } catch (Exception e2) {
            this.A05.A05(C12940it.A0d(e2.toString(), C12940it.A0k("generate RSA key pairs fails: ")));
        }
        A04();
    }

    public final synchronized void A02() {
        byte[] decode;
        if (!this.A02) {
            if (this.A01 == null) {
                try {
                    String A0q = C12960iv.A0q(this.A04.A01(), "payments_trusted_device_credential_network_map");
                    this.A01 = A0q != null ? C12980ix.A05(A0q) : C117425Zy.A0a();
                } catch (JSONException e2) {
                    this.A05.A05(C12940it.A0d(e2.getMessage(), C12940it.A0k("JSONObject instantiation ")));
                    this.A01 = C117425Zy.A0a();
                }
            }
            if (Build.VERSION.SDK_INT >= 18) {
                try {
                    KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                    this.A00 = keyStore;
                    keyStore.load(null);
                    if (!C12960iv.A1V(this.A04.A01(), "payment_trusted_device_credential_use_keystore")) {
                        A01();
                    }
                    this.A02 = true;
                } catch (Exception e3) {
                    C30871Zj c30871Zj = this.A05;
                    StringBuilder A0h = C12940it.A0h();
                    A0h.append("keystore init fails: ");
                    c30871Zj.A05(C12940it.A0d(e3.toString(), A0h));
                }
            } else {
                this.A02 = true;
            }
            String A0q2 = C12960iv.A0q(this.A04.A01(), "payment_trusted_device_credential");
            if (!TextUtils.isEmpty(A0q2) && (decode = Base64.decode(A0q2, 3)) != null) {
                A03(decode, 1);
            }
        }
    }

    public synchronized void A03(byte[] bArr, int i2) {
        try {
            this.A01.put(String.valueOf(i2), Base64.encodeToString(bArr, 3));
            C18540si c18540si = this.A04;
            C12950iu.A1D(C117425Zy.A05(c18540si), "payments_trusted_device_credential_network_map", this.A01.toString());
        } catch (JSONException unused) {
            this.A05.A05("setNetworkCredential failed");
        }
    }

    public final byte[] A04() {
        byte[] A1a = C117435Zz.A1a(16);
        byte[] bArr = null;
        try {
            bArr = C117425Zy.A0P("RSA/ECB/PKCS1Padding", (KeyStore.PrivateKeyEntry) this.A00.getEntry("payment_trusted_device_key_alias", null), A1a).toByteArray();
        } catch (Exception e2) {
            this.A05.A05(C12940it.A0d(e2.toString(), C12940it.A0k("RSA encrypt fails: ")));
        }
        if (bArr != null) {
            C18540si c18540si = this.A04;
            C12950iu.A1D(C117425Zy.A05(c18540si), "payment_trusted_device_credential_encrypted_aes", Base64.encodeToString(bArr, 3));
        }
        Arrays.fill(A1a, (byte) 0);
        return bArr;
    }

    public final byte[] A05(byte[] bArr) {
        byte[] A04;
        byte[] A06;
        try {
            String string = this.A04.A01().getString("payment_trusted_device_credential_encrypted_aes", null);
            if (TextUtils.isEmpty(string) || (A04 = Base64.decode(string, 3)) == null) {
                A04 = A04();
            }
            if (A04 == null || (A06 = A06(A04)) == null) {
                return null;
            }
            byte[] A1a = C117435Zz.A1a(16);
            SecretKeySpec secretKeySpec = new SecretKeySpec(A06, "AES");
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, secretKeySpec, new IvParameterSpec(A1a));
            byte[] doFinal = cipher.doFinal(bArr);
            int length = doFinal.length;
            byte[] bArr2 = new byte[16 + length];
            System.arraycopy(A1a, 0, bArr2, 0, 16);
            System.arraycopy(doFinal, 0, bArr2, 16, length);
            return bArr2;
        } catch (Exception e2) {
            this.A05.A05(C12940it.A0d(e2.toString(), C12940it.A0k("encrypt key fails: ")));
            return null;
        }
    }

    public final byte[] A06(byte[] bArr) {
        try {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.A00.getEntry("payment_trusted_device_key_alias", null);
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(2, privateKeyEntry.getPrivateKey());
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                CipherInputStream cipherInputStream = new CipherInputStream(byteArrayInputStream, cipher);
                try {
                    ArrayList A0l = C12940it.A0l();
                    while (true) {
                        int read = cipherInputStream.read();
                        if (read == -1) {
                            break;
                        }
                        A0l.add(Byte.valueOf((byte) read));
                    }
                    int size = A0l.size();
                    byte[] bArr2 = new byte[size];
                    for (int i2 = 0; i2 < size; i2++) {
                        bArr2[i2] = ((Byte) A0l.get(i2)).byteValue();
                    }
                    cipherInputStream.close();
                    byteArrayInputStream.close();
                    return bArr2;
                } catch (Throwable th) {
                    try {
                        cipherInputStream.close();
                    } catch (Throwable unused) {
                    }
                    throw th;
                }
            } catch (Throwable th2) {
                try {
                    byteArrayInputStream.close();
                } catch (Throwable unused2) {
                }
                throw th2;
            }
        } catch (Exception e2) {
            this.A05.A05(C12940it.A0d(e2.toString(), C12940it.A0k("RSA decrypt fails: ")));
            return null;
        }
    }
}
