package X;

import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.text.TextUtils;
import android.util.Base64;
import com.whatsapp.util.Log;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* renamed from: X.32p, reason: invalid class name and case insensitive filesystem */
/* loaded from: classes.dex */
public class C666832p {
    public static volatile C666832p A03;
    public KeyStore A00;
    public final C00F A01;
    public final C018509o A02;

    public C666832p(C00F c00f, C018509o c018509o) {
        this.A01 = c00f;
        this.A02 = c018509o;
        if (Build.VERSION.SDK_INT >= 18) {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                this.A00 = keyStore;
                keyStore.load(null);
                if (this.A02.A01().getBoolean("payment_trusted_device_credential_use_keystore", false)) {
                    return;
                }
                A01();
            } catch (Exception e) {
                StringBuilder A0X = AnonymousClass007.A0X("PAY: PaymentTrustedDeviceManager keystore init fails: ");
                A0X.append(e.toString());
                Log.e(A0X.toString());
            }
        }
    }

    public PrivateKey A00() {
        String string = this.A02.A01().getString("payment_trusted_device_credential", null);
        byte[] decode = !TextUtils.isEmpty(string) ? Base64.decode(string, 3) : null;
        if (decode == null) {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
                keyPairGenerator.initialize(2048);
                PrivateKey privateKey = keyPairGenerator.genKeyPair().getPrivate();
                if (Build.VERSION.SDK_INT < 18) {
                    this.A02.A0A(privateKey.getEncoded());
                    return privateKey;
                }
                byte[] A032 = A03(privateKey.getEncoded());
                if (A032 == null) {
                    return null;
                }
                this.A02.A0A(A032);
                if (!this.A02.A01().getBoolean("payment_trusted_device_credential_use_keystore", false)) {
                    this.A02.A01().edit().putBoolean("payment_trusted_device_credential_use_keystore", true).apply();
                }
                Arrays.fill(A032, (byte) 0);
                return privateKey;
            } catch (NoSuchAlgorithmException e) {
                StringBuilder A0X = AnonymousClass007.A0X("PAY: PaymentTrustedDeviceManager generate RSA key fails: ");
                A0X.append(e.toString());
                Log.e(A0X.toString());
                return null;
            }
        }
        try {
            if (Build.VERSION.SDK_INT >= 18) {
                if (this.A02.A01().getBoolean("payment_trusted_device_credential_use_keystore", false)) {
                    try {
                        String string2 = this.A02.A01().getString("payment_trusted_device_credential_encrypted_aes", null);
                        byte[] decode2 = TextUtils.isEmpty(string2) ? null : Base64.decode(string2, 3);
                        if (decode2 == null) {
                            decode2 = A02();
                        }
                        if (decode2 == null) {
                            decode = null;
                        } else {
                            byte[] A04 = A04(decode2);
                            if (A04 == null) {
                                decode = null;
                            } else {
                                byte[] bArr = new byte[16];
                                System.arraycopy(decode, 0, bArr, 0, 16);
                                int length = decode.length - 16;
                                byte[] bArr2 = new byte[length];
                                System.arraycopy(decode, 16, bArr2, 0, length);
                                SecretKeySpec secretKeySpec = new SecretKeySpec(A04, "AES");
                                Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                                cipher.init(2, secretKeySpec, new IvParameterSpec(bArr));
                                decode = cipher.doFinal(bArr2);
                            }
                        }
                    } catch (Exception e2) {
                        StringBuilder A0X2 = AnonymousClass007.A0X("PAY: PaymentTrustedDeviceManager decrypt key fails: ");
                        A0X2.append(e2.toString());
                        Log.e(A0X2.toString());
                        decode = null;
                    }
                } else {
                    byte[] A033 = A03(decode);
                    if (A033 != null) {
                        this.A02.A0A(A033);
                        this.A02.A01().edit().putBoolean("payment_trusted_device_credential_use_keystore", true).apply();
                        Arrays.fill(A033, (byte) 0);
                    }
                }
            }
            if (decode == null) {
                return null;
            }
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(decode);
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            Arrays.fill(decode, (byte) 0);
            return keyFactory.generatePrivate(pKCS8EncodedKeySpec);
        } catch (Exception e3) {
            StringBuilder A0X3 = AnonymousClass007.A0X("PAY: PaymentTrustedDeviceManager loadRSAKey fails, ");
            A0X3.append(e3.toString());
            Log.e(A0X3.toString());
            return null;
        }
    }

    public final void A01() {
        if (this.A02.A01().getBoolean("payment_trusted_device_credential_use_keystore", false)) {
            return;
        }
        try {
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 50);
            KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.A01.A00).setAlias("payment_trusted_device_key_alias").setSubject(new X500Principal("CN=payment_trusted_device_key_alias")).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            StringBuilder A0X = AnonymousClass007.A0X("PAY: PaymentTrustedDeviceManager generate RSA key pairs fails: ");
            A0X.append(e.toString());
            Log.e(A0X.toString());
        }
        A02();
    }

    public final byte[] A02() {
        byte[] bArr;
        byte[] bArr2 = new byte[16];
        new SecureRandom().nextBytes(bArr2);
        try {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.A00.getEntry("payment_trusted_device_key_alias", null);
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, privateKeyEntry.getCertificate().getPublicKey());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            cipherOutputStream.write(bArr2);
            cipherOutputStream.close();
            bArr = byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            StringBuilder A0X = AnonymousClass007.A0X("PAY: PaymentTrustedDeviceManager RSA encrypt fails: ");
            A0X.append(e.toString());
            Log.e(A0X.toString());
            bArr = null;
        }
        if (bArr != null) {
            C018509o c018509o = this.A02;
            if (c018509o == null) {
                throw null;
            }
            c018509o.A01().edit().putString("payment_trusted_device_credential_encrypted_aes", Base64.encodeToString(bArr, 3)).apply();
        }
        Arrays.fill(bArr2, (byte) 0);
        return bArr;
    }

    public final byte[] A03(byte[] bArr) {
        byte[] A04;
        try {
            String string = this.A02.A01().getString("payment_trusted_device_credential_encrypted_aes", null);
            byte[] decode = TextUtils.isEmpty(string) ? null : Base64.decode(string, 3);
            if (decode == null) {
                decode = A02();
            }
            if (decode == null || (A04 = A04(decode)) == null) {
                return null;
            }
            byte[] bArr2 = new byte[16];
            new SecureRandom().nextBytes(bArr2);
            SecretKeySpec secretKeySpec = new SecretKeySpec(A04, "AES");
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, secretKeySpec, new IvParameterSpec(bArr2));
            byte[] doFinal = cipher.doFinal(bArr);
            int length = doFinal.length;
            byte[] bArr3 = new byte[length + 16];
            System.arraycopy(bArr2, 0, bArr3, 0, 16);
            System.arraycopy(doFinal, 0, bArr3, 16, length);
            return bArr3;
        } catch (Exception e) {
            StringBuilder A0X = AnonymousClass007.A0X("PAY: PaymentTrustedDeviceManager encrypt key fails: ");
            A0X.append(e.toString());
            Log.e(A0X.toString());
            return null;
        }
    }

    public final byte[] A04(byte[] bArr) {
        try {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.A00.getEntry("payment_trusted_device_key_alias", null);
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(2, privateKeyEntry.getPrivateKey());
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                CipherInputStream cipherInputStream = new CipherInputStream(byteArrayInputStream, cipher);
                try {
                    ArrayList arrayList = new ArrayList();
                    while (true) {
                        int read = cipherInputStream.read();
                        if (read == -1) {
                            break;
                        }
                        arrayList.add(Byte.valueOf((byte) read));
                    }
                    int size = arrayList.size();
                    byte[] bArr2 = new byte[size];
                    for (int i = 0; i < size; i++) {
                        bArr2[i] = ((Byte) arrayList.get(i)).byteValue();
                    }
                    cipherInputStream.close();
                    byteArrayInputStream.close();
                    return bArr2;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            StringBuilder A0X = AnonymousClass007.A0X("PAY: PaymentTrustedDeviceManager RSA decrypt fails: ");
            A0X.append(e.toString());
            Log.e(A0X.toString());
            return null;
        }
    }
}
