package defpackage;

import android.annotation.TargetApi;
import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import com.google.android.gms.org.conscrypt.EvpMdRef;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.ECGenParameterSpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: :com.google.android.gms@17455000@17.4.55 (000300-248795830) */
@TargetApi(24)
/* loaded from: classes3.dex */
public final class tmo implements tnc {
    private static final tsj a = tsj.SECP256R1;
    private static final int b = ((Integer) tsx.h.c()).intValue();
    private final Context c;

    /* JADX INFO: Access modifiers changed from: package-private */
    public tmo(Context context) {
        this.c = (Context) bfjo.a(context);
    }

    private static KeyStore a() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new tsi("Unable to access Android KeyStore.", e);
        }
    }

    private static KeyStore.Entry b(tqm tqmVar) {
        bfjo.a(tqmVar);
        try {
            KeyStore.Entry entry = a().getEntry(tqmVar.a(), null);
            if (entry != null) {
                return entry;
            }
            String valueOf = String.valueOf(tqmVar);
            StringBuilder sb = new StringBuilder(String.valueOf(valueOf).length() + 40);
            sb.append("Key does not exist in Android KeyStore: ");
            sb.append(valueOf);
            throw new tsi(sb.toString());
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
            throw new tsi("Error retrieving Android KeyStore entry", e);
        }
    }

    @Override // defpackage.tnc
    public final tsc a(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        try {
            return tsc.a(bpfr.b(bArr));
        } catch (bpfi e) {
            throw new tsi("Unable to decode Cable credential data", e);
        }
    }

    @Override // defpackage.tnc
    public final void a(tqm tqmVar) {
        bfjo.a(tqmVar);
        try {
            a().deleteEntry(tqmVar.a());
        } catch (KeyStoreException e) {
            throw new tsi("Error deleting Android KeyStore key", e);
        }
    }

    @Override // defpackage.tnc
    public final boolean a(tqm tqmVar, byte[] bArr) {
        bfjo.a(tqmVar);
        try {
            return a().containsAlias(tqmVar.a());
        } catch (KeyStoreException e) {
            throw new tsi("Error looking up Android KeyStore key", e);
        }
    }

    @Override // defpackage.tnc
    public final byte[] a(tqm tqmVar, boolean z) {
        KeyGenParameterSpec.Builder userPresenceRequired;
        bfjo.a(tqmVar);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            KeyGenParameterSpec.Builder algorithmParameterSpec = new KeyGenParameterSpec.Builder(tqmVar.a(), 4).setDigests(EvpMdRef.SHA256.JCA_NAME).setAlgorithmParameterSpec(new ECGenParameterSpec(a.name().toLowerCase()));
            if (tqmVar.a.equals(tqo.STRONGBOX_KEY)) {
                bfjo.a(ozm.l());
                bfjo.a(this.c.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore"));
                userPresenceRequired = algorithmParameterSpec.setIsStrongBoxBacked(true).setUserPresenceRequired(true);
            } else {
                userPresenceRequired = algorithmParameterSpec.setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(b);
            }
            keyPairGenerator.initialize(userPresenceRequired.build());
            keyPairGenerator.generateKeyPair();
            if (!z) {
                return null;
            }
            try {
                return tsc.a(new SecureRandom()).a().c();
            } catch (bpfl e) {
                throw new tsi("Unable to encode Cable credential data", e);
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e2) {
            throw new tsi("Could not create Android KeyStore key pair", e2);
        }
    }

    @Override // defpackage.tnc
    public final PublicKey b(tqm tqmVar, byte[] bArr) {
        bfjo.a(tqmVar);
        return ((KeyStore.PrivateKeyEntry) b(tqmVar)).getCertificate().getPublicKey();
    }

    @Override // defpackage.tnc
    public final Signature c(tqm tqmVar, byte[] bArr) {
        bfjo.a(tqmVar);
        PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) b(tqmVar)).getPrivateKey();
        try {
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initSign(privateKey);
            return signature;
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new tsi("Unable to initialize signature", e);
        }
    }
}
