package atws.shared.auth.token;

import android.content.Context;
import android.os.Build;
import android.security.KeyChain;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.util.Base64;
import ao.ag;
import ao.ak;
import ao.al;
import atws.shared.h.j;
import atws.shared.ui.component.ac;
import com.connection.auth2.ae;
import com.connection.auth2.am;
import com.connection.d.h;
import com.connection.d.k;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.Enumeration;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class d implements h {

    /* renamed from: a, reason: collision with root package name */
    public static final al f8060a = new al("Android native Key Store API Failure simulation BZ99573/99580");

    /* renamed from: b, reason: collision with root package name */
    public static final al f8061b = new al("Android native Key Store API Failure simulation BZ99573/99580");

    /* renamed from: c, reason: collision with root package name */
    private final ag f8062c = new ag("KeyStoreAccessor:");

    /* renamed from: d, reason: collision with root package name */
    private volatile KeyStore f8063d = KeyStore.getInstance("AndroidKeyStore");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public enum a {
        FINGERPRINT_TST_KEY_STORE_ALIAS("TST"),
        PIN_TST_KEY_STORE_ALIAS("PIN_TST"),
        COMMON_NONE_EXPIRED_KEY_STORE_ALIAS("COMMON_NONE_EXPIRED_KEY");


        /* renamed from: d, reason: collision with root package name */
        private final String f8068d;

        a(String str) {
            this.f8068d = str;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String a() {
            return this.f8068d;
        }
    }

    public d() {
        this.f8063d.load(null);
        c("Key store init done!");
    }

    protected static long a(boolean z2, Calendar calendar) {
        boolean z3;
        long timeInMillis = calendar.getTimeInMillis();
        if (calendar.get(7) == 1) {
            a(calendar);
            z3 = z2 ? timeInMillis >= calendar.getTimeInMillis() : timeInMillis < calendar.getTimeInMillis();
            calendar.setTimeInMillis(timeInMillis);
        } else {
            z3 = true;
        }
        if (z3) {
            while (z3) {
                calendar.setTimeInMillis((z2 ? 86400000L : -86400000L) + calendar.getTimeInMillis());
                z3 = calendar.get(7) != 1;
            }
        }
        a(calendar);
        return calendar.getTimeInMillis();
    }

    private void a(am amVar, Context context) {
        try {
            if (a(amVar) == null) {
                a(amVar, 0L, false, context);
            }
        } catch (Throwable th) {
            ak.a(String.format("Failed generate key for %s", amVar), th);
        }
    }

    private static void a(Calendar calendar) {
        calendar.set(11, 1);
        calendar.set(12, 0);
        calendar.set(13, 0);
    }

    private byte[] a(am amVar, byte[] bArr) {
        return a(b(amVar), bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static long b(boolean z2) {
        return a(z2, Calendar.getInstance());
    }

    private static String b(am amVar) {
        if (amVar == am.NONE || amVar == am.K_IN_MEMORY || amVar == am.SOFT_TOKEN || amVar == am.PERM_TOKEN) {
            return a.COMMON_NONE_EXPIRED_KEY_STORE_ALIAS.a();
        }
        String a2 = amVar == am.TST_TOKEN ? a.FINGERPRINT_TST_KEY_STORE_ALIAS.a() : amVar == am.TST_PIN_TOKEN ? a.PIN_TST_KEY_STORE_ALIAS.a() : null;
        if (a2 != null) {
            return a2;
        }
        ak.f("Failed to provide keystore alias for token:" + amVar);
        return a2;
    }

    private KeyStore.PrivateKeyEntry b(String str) {
        return (KeyStore.PrivateKeyEntry) this.f8063d.getEntry(str, null);
    }

    private byte[] b(am amVar, byte[] bArr) {
        return b(b(amVar), bArr);
    }

    private static long c(am amVar) {
        if (amVar == am.TST_TOKEN) {
            return b(true);
        }
        return 0L;
    }

    private void c(String str) {
        ArrayList arrayList = new ArrayList();
        if (a()) {
            Enumeration<String> aliases = this.f8063d.aliases();
            while (aliases.hasMoreElements()) {
                arrayList.add(aliases.nextElement());
            }
        }
        this.f8062c.a(str + "\n" + arrayList.toString(), true);
    }

    @Override // com.connection.d.h
    public com.connection.auth2.al a(com.connection.auth2.al alVar, am amVar) {
        byte[] bArr;
        if (alVar.c()) {
            try {
                bArr = b(amVar, alVar.a());
            } catch (Exception e2) {
                ak.a(String.format("Failed to decrypt dataIn by key=%s", amVar), (Throwable) e2);
                bArr = null;
            }
        } else {
            try {
                bArr = Base64.decode(k.a(alVar.a(), ao.k.x().s().getBytes()).getBytes("UTF-8"), 0);
            } catch (Throwable th) {
                ak.f(String.format("KeyStoreAccessor:failed to fallback-decrypt data by key=%s", amVar));
                bArr = null;
            }
        }
        if (bArr != null) {
            return new com.connection.auth2.al(bArr, alVar.b());
        }
        return null;
    }

    @Override // com.connection.d.h
    public com.connection.auth2.al a(byte[] bArr, am amVar) {
        com.connection.auth2.al alVar;
        a(amVar, j.c().a().getApplicationContext());
        try {
            alVar = com.connection.auth2.al.a(a(amVar, bArr));
        } catch (Throwable th) {
            ak.a(String.format("KeyStoreAccessor:failed to encrypt data by key=%s", amVar), th);
            alVar = null;
        }
        if (alVar != null || !amVar.g()) {
            return alVar;
        }
        try {
            alVar = com.connection.auth2.al.b(k.a(new String(Base64.encode(bArr, 0), "UTF-8"), ao.k.x().s().getBytes()));
            ak.c(String.format("KeyStoreAccessor:%s encrypted by fallback case", amVar));
            return alVar;
        } catch (Throwable th2) {
            ak.a(String.format("KeyStoreAccessor:failed to fallback-encrypt data by key=%s", amVar), th2);
            return alVar;
        }
    }

    public KeyStore.PrivateKeyEntry a(am amVar) {
        return b(b(amVar));
    }

    public void a(Context context) {
        a(am.NONE, context);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void a(String str) {
        this.f8063d.deleteEntry(str);
        c("Key deleted!");
    }

    protected boolean a() {
        return com.connection.auth2.f.a();
    }

    public boolean a(am amVar, long j2, boolean z2, Context context) {
        return a(amVar, b(amVar), j2, z2, context);
    }

    public boolean a(am amVar, String str, long j2, boolean z2, Context context) {
        if (j2 == 0) {
            j2 = c(amVar);
        }
        try {
            if (this.f8063d.containsAlias(str)) {
                if (!z2) {
                    return true;
                }
                a(str);
            }
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 15);
            Date date = j2 > 0 ? new Date(j2) : calendar2.getTime();
            Date time = calendar.getTime();
            this.f8062c.a(String.format("KeyStoreAccessor.generateStoreKey for \"%s\" start date=\"%s\", end date=\"%s\"", amVar, ae.f11212a.format(time), ae.f11212a.format(date)), true);
            ac acVar = new ac();
            acVar.a();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(b() ? new KeyGenParameterSpec.Builder(str, 3).setDigests("SHA-256", "SHA-512").setEncryptionPaddings("PKCS1Padding").setCertificateSerialNumber(BigInteger.TEN).setCertificateNotBefore(time).setCertificateNotAfter(date).setKeySize(2048).build() : new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSubject(new X500Principal("CN=Interactive Brokers, O=IB")).setSerialNumber(BigInteger.TEN).setStartDate(time).setEndDate(date).setKeySize(2048).build());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            acVar.b();
            this.f8062c.a("Generated " + str + " New spec:" + b() + " " + acVar.d(), true);
            if (a()) {
                this.f8062c.a("\n prk=" + generateKeyPair.getPrivate() + "\n puk=" + generateKeyPair.getPublic(), true);
            }
            return true;
        } catch (Exception e2) {
            this.f8062c.a("Failed to generate key store key!", e2);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] a(String str, byte[] bArr) {
        if (f8060a.d()) {
            throw new KeyStoreException("Simulated Encryption exception (BZ99573/99580)");
        }
        PublicKey publicKey = b(str).getCertificate().getPublicKey();
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(1, publicKey);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(bArr);
        cipherOutputStream.close();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        this.f8062c.a("data encrypted", true);
        return byteArray;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean b() {
        return Build.VERSION.SDK_INT >= 23;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] b(String str, byte[] bArr) {
        if (f8061b.d()) {
            throw new KeyStoreException("Simulated Decryption Exception (BZ99573/99580)");
        }
        PrivateKey privateKey = b(str).getPrivateKey();
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, privateKey);
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        byte[] bArr2 = new byte[arrayList.size()];
        int i2 = 0;
        while (true) {
            int i3 = i2;
            if (i3 >= bArr2.length) {
                this.f8062c.a("data decrypted", true);
                return bArr2;
            }
            bArr2[i3] = ((Byte) arrayList.get(i3)).byteValue();
            i2 = i3 + 1;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean e() {
        if (!b()) {
            return KeyChain.isBoundKeyAlgorithm("RSA");
        }
        Enumeration<String> aliases = this.f8063d.aliases();
        if (aliases.hasMoreElements()) {
            try {
                PrivateKey privateKey = b(aliases.nextElement()).getPrivateKey();
                return ((KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(privateKey, KeyInfo.class)).isInsideSecureHardware();
            } catch (Exception e2) {
                ak.a("isHardwareBackedKeyStore error: " + e2, (Throwable) e2);
            }
        }
        return false;
    }
}
