package X;

import android.security.KeyPairGeneratorSpec;
import android.text.TextUtils;
import android.util.Base64;
import androidx.core.view.inputmethod.EditorInfoCompat;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.json.JSONException;
import org.json.JSONObject;

/* renamed from: X.71v, reason: invalid class name and case insensitive filesystem */
/* loaded from: classes5.dex */
public class C1398071v {
    public KeyStore A00;
    public JSONObject A01;
    public boolean A02;
    public final C15070pz A03;
    public final C18370w0 A04;
    public final C40831v3 A05 = C132196eC.A0P("PaymentTrustedDeviceManager", "infra");
    public final C0x0 A06;

    public C1398071v(C15070pz c15070pz, C18370w0 c18370w0, C0x0 c0x0) {
        this.A03 = c15070pz;
        this.A04 = c18370w0;
        this.A06 = c0x0;
    }

    public PrivateKey A00(int i) {
        byte[] A03;
        byte[] A05;
        A01();
        String optString = this.A01.optString(String.valueOf(i), null);
        byte[] decode = TextUtils.isEmpty(optString) ? null : Base64.decode(optString, 3);
        if (decode == null) {
            A01();
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
                keyPairGenerator.initialize(EditorInfoCompat.MEMORY_EFFICIENT_TEXT_LENGTH);
                PrivateKey privateKey = keyPairGenerator.genKeyPair().getPrivate();
                byte[] A04 = A04(privateKey.getEncoded());
                if (A04 != null) {
                    A02(A04, i);
                    C18370w0 c18370w0 = this.A04;
                    if (!c18370w0.A02().getBoolean("payment_trusted_device_credential_use_keystore", false)) {
                        C11570jN.A0v(C132196eC.A06(c18370w0), "payment_trusted_device_credential_use_keystore", true);
                    }
                    Arrays.fill(A04, (byte) 0);
                    return privateKey;
                }
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                this.A05.A05(AnonymousClass000.A0b(e.toString(), AnonymousClass000.A0k("generate RSA key fails: ")));
            }
            return null;
        }
        try {
            C18370w0 c18370w02 = this.A04;
            if (c18370w02.A02().getBoolean("payment_trusted_device_credential_use_keystore", false)) {
                try {
                    String string = c18370w02.A02().getString("payment_trusted_device_credential_encrypted_aes", null);
                    if (TextUtils.isEmpty(string) || (A03 = Base64.decode(string, 3)) == null) {
                        A03 = A03();
                    }
                    if (A03 != null && (A05 = A05(A03)) != null) {
                        byte[] bArr = new byte[16];
                        System.arraycopy(decode, 0, bArr, 0, 16);
                        int length = decode.length - 16;
                        byte[] bArr2 = new byte[length];
                        System.arraycopy(decode, 16, bArr2, 0, length);
                        SecretKeySpec secretKeySpec = new SecretKeySpec(A05, "AES");
                        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                        cipher.init(2, secretKeySpec, new IvParameterSpec(bArr));
                        decode = cipher.doFinal(bArr2);
                    }
                } catch (Exception e2) {
                    this.A05.A05(AnonymousClass000.A0b(e2.toString(), AnonymousClass000.A0k("decrypt key fails: ")));
                }
                decode = null;
            } else {
                byte[] A042 = A04(decode);
                if (A042 != null) {
                    A02(decode, i);
                    C11570jN.A0v(C132196eC.A06(c18370w02), "payment_trusted_device_credential_use_keystore", true);
                    Arrays.fill(A042, (byte) 0);
                }
            }
            if (decode == null) {
                return null;
            }
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(decode);
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            Arrays.fill(decode, (byte) 0);
            return keyFactory.generatePrivate(pKCS8EncodedKeySpec);
        } catch (Exception e3) {
            this.A05.A05(AnonymousClass000.A0b(e3.toString(), AnonymousClass000.A0k("loadRSAKey fails, ")));
            return null;
        }
    }

    public final synchronized void A01() {
        byte[] decode;
        if (!this.A02) {
            if (this.A01 == null) {
                try {
                    String string = this.A04.A02().getString("payments_trusted_device_credential_network_map", null);
                    this.A01 = string != null ? C3DM.A0s(string) : C3DL.A0r();
                } catch (JSONException e) {
                    this.A05.A05(AnonymousClass000.A0b(e.getMessage(), AnonymousClass000.A0k("JSONObject instantiation ")));
                    this.A01 = C3DL.A0r();
                }
            }
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                this.A00 = keyStore;
                keyStore.load(null);
                C18370w0 c18370w0 = this.A04;
                if (!c18370w0.A02().getBoolean("payment_trusted_device_credential_use_keystore", false) && !c18370w0.A02().getBoolean("payment_trusted_device_credential_use_keystore", false)) {
                    try {
                        Calendar calendar = Calendar.getInstance();
                        Calendar calendar2 = Calendar.getInstance();
                        calendar2.add(1, 50);
                        KeyPairGeneratorSpec A07 = C132196eC.A07(new KeyPairGeneratorSpec.Builder(this.A03.A00).setAlias("payment_trusted_device_key_alias"), "CN=payment_trusted_device_key_alias", calendar, calendar2);
                        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                        keyPairGenerator.initialize(A07);
                        keyPairGenerator.generateKeyPair();
                    } catch (Exception e2) {
                        this.A05.A05(AnonymousClass000.A0b(e2.toString(), AnonymousClass000.A0k("generate RSA key pairs fails: ")));
                    }
                    A03();
                }
                this.A02 = true;
            } catch (Exception e3) {
                C40831v3 c40831v3 = this.A05;
                StringBuilder A0h = AnonymousClass000.A0h();
                A0h.append("keystore init fails: ");
                c40831v3.A05(AnonymousClass000.A0b(e3.toString(), A0h));
            }
            String string2 = this.A04.A02().getString("payment_trusted_device_credential", null);
            if (!TextUtils.isEmpty(string2) && (decode = Base64.decode(string2, 3)) != null) {
                A02(decode, 1);
            }
        }
    }

    public synchronized void A02(byte[] bArr, int i) {
        try {
            this.A01.put(String.valueOf(i), Base64.encodeToString(bArr, 3));
            C18370w0 c18370w0 = this.A04;
            C3DJ.A0o(C132196eC.A06(c18370w0), "payments_trusted_device_credential_network_map", this.A01.toString());
        } catch (JSONException unused) {
            this.A05.A05("setNetworkCredential failed");
        }
    }

    public final byte[] A03() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        byte[] bArr2 = null;
        try {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.A00.getEntry("payment_trusted_device_key_alias", null);
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, privateKeyEntry.getCertificate().getPublicKey());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            cipherOutputStream.write(bArr);
            cipherOutputStream.close();
            bArr2 = byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            this.A05.A05(AnonymousClass000.A0b(e.toString(), AnonymousClass000.A0k("RSA encrypt fails: ")));
        }
        if (bArr2 != null) {
            C18370w0 c18370w0 = this.A04;
            C3DJ.A0o(C132196eC.A06(c18370w0), "payment_trusted_device_credential_encrypted_aes", Base64.encodeToString(bArr2, 3));
        }
        Arrays.fill(bArr, (byte) 0);
        return bArr2;
    }

    public final byte[] A04(byte[] bArr) {
        byte[] A03;
        byte[] A05;
        try {
            String string = this.A04.A02().getString("payment_trusted_device_credential_encrypted_aes", null);
            if (TextUtils.isEmpty(string) || (A03 = Base64.decode(string, 3)) == null) {
                A03 = A03();
            }
            if (A03 == null || (A05 = A05(A03)) == null) {
                return null;
            }
            byte[] bArr2 = new byte[16];
            new SecureRandom().nextBytes(bArr2);
            SecretKeySpec secretKeySpec = new SecretKeySpec(A05, "AES");
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, secretKeySpec, new IvParameterSpec(bArr2));
            byte[] doFinal = cipher.doFinal(bArr);
            int length = doFinal.length;
            byte[] bArr3 = new byte[length + 16];
            System.arraycopy(bArr2, 0, bArr3, 0, 16);
            System.arraycopy(doFinal, 0, bArr3, 16, length);
            return bArr3;
        } catch (Exception e) {
            this.A05.A05(AnonymousClass000.A0b(e.toString(), AnonymousClass000.A0k("encrypt key fails: ")));
            return null;
        }
    }

    public final byte[] A05(byte[] bArr) {
        try {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.A00.getEntry("payment_trusted_device_key_alias", null);
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(2, privateKeyEntry.getPrivateKey());
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                CipherInputStream cipherInputStream = new CipherInputStream(byteArrayInputStream, cipher);
                try {
                    ArrayList A0n = AnonymousClass000.A0n();
                    while (true) {
                        int read = cipherInputStream.read();
                        if (read == -1) {
                            break;
                        }
                        A0n.add(Byte.valueOf((byte) read));
                    }
                    int size = A0n.size();
                    byte[] bArr2 = new byte[size];
                    for (int i = 0; i < size; i++) {
                        bArr2[i] = ((Byte) A0n.get(i)).byteValue();
                    }
                    cipherInputStream.close();
                    byteArrayInputStream.close();
                    return bArr2;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            this.A05.A05(AnonymousClass000.A0b(e.toString(), AnonymousClass000.A0k("RSA decrypt fails: ")));
            return null;
        }
    }
}
