package com.veridiumid.sdk.security;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.NonNull;
import androidx.annotation.RequiresApi;
import com.google.android.gms.stats.CodePackage;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Arrays;
import java.util.GregorianCalendar;
import javax.crypto.KeyGenerator;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes8.dex */
public class MasterKeys {
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final int KEY_SIZE = 256;

    private MasterKeys() {
        throw new UnsupportedOperationException("Constructor is private");
    }

    @RequiresApi(api = 23)
    public static KeyGenParameterSpec createAESGCMSpec(@NonNull String str) {
        return new KeyGenParameterSpec.Builder(str, 3).setBlockModes(CodePackage.GCM).setEncryptionPaddings("NoPadding").setKeySize(256).build();
    }

    @RequiresApi(api = 18)
    public static KeyPairGeneratorSpec createRSAMasterKeySpec(Context context, @NonNull String str) {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.add(1, 30);
        return new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSerialNumber(BigInteger.ONE).setSubject(new X500Principal("CN=" + str)).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build();
    }

    @RequiresApi(api = 18)
    private static void generateKey(@NonNull KeyPairGeneratorSpec keyPairGeneratorSpec) throws InvalidAlgorithmParameterException, NoSuchProviderException, NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(keyPairGeneratorSpec);
        keyPairGenerator.generateKeyPair();
    }

    @RequiresApi(api = 23)
    private static void generateKey(@NonNull KeyGenParameterSpec keyGenParameterSpec) throws GeneralSecurityException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(keyGenParameterSpec);
        keyGenerator.generateKey();
    }

    @RequiresApi(api = 18)
    public static String getOrCreate(KeyPairGeneratorSpec keyPairGeneratorSpec) throws GeneralSecurityException, IOException {
        if (!keyExists(keyPairGeneratorSpec.getKeystoreAlias())) {
            generateKey(keyPairGeneratorSpec);
        }
        return keyPairGeneratorSpec.getKeystoreAlias();
    }

    @RequiresApi(api = 23)
    public static String getOrCreate(KeyGenParameterSpec keyGenParameterSpec) throws GeneralSecurityException, IOException {
        validate(keyGenParameterSpec);
        if (!keyExists(keyGenParameterSpec.getKeystoreAlias())) {
            generateKey(keyGenParameterSpec);
        }
        return keyGenParameterSpec.getKeystoreAlias();
    }

    private static boolean keyExists(@NonNull String str) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return keyStore.containsAlias(str);
    }

    @RequiresApi(api = 23)
    private static void validate(KeyGenParameterSpec keyGenParameterSpec) {
        if (keyGenParameterSpec.getKeySize() != 256) {
            throw new IllegalArgumentException("Invalid key size, expected=256 actual=" + keyGenParameterSpec.getKeySize());
        }
        if (!Arrays.equals(keyGenParameterSpec.getBlockModes(), new String[]{CodePackage.GCM})) {
            throw new IllegalArgumentException("Invalid block mode, expected=GCM actual=" + Arrays.toString(keyGenParameterSpec.getBlockModes()));
        }
        if (keyGenParameterSpec.getPurposes() != 3) {
            throw new IllegalArgumentException("Invalid purpose expected = (KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT) actual=" + keyGenParameterSpec.getPurposes());
        }
        if (Arrays.equals(keyGenParameterSpec.getEncryptionPaddings(), new String[]{"NoPadding"})) {
            if (keyGenParameterSpec.isUserAuthenticationRequired() && keyGenParameterSpec.getUserAuthenticationValidityDurationSeconds() < 1) {
                throw new IllegalArgumentException("Creating the key that always requires authentication is not possible (UserAuthenticationValidityDurationSeconds must be >0) or IsUserAuthenticationRequired=false");
            }
        } else {
            throw new IllegalArgumentException("Invalid padding mode expected=NoPadding actual=" + Arrays.toString(keyGenParameterSpec.getEncryptionPaddings()));
        }
    }
}
