package com.tosan.faceet.eid.utils.pki;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import com.reactlibrary.securekeystore.Constants;
import com.tosan.faceet.eid.business.exceptions.PKIException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.GregorianCalendar;
import java.util.Locale;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.util.encoders.Base64;

/* loaded from: classes3.dex */
public final class c {
    public static final String c = System.lineSeparator();

    /* renamed from: a, reason: collision with root package name */
    public KeyStore f280a;

    /* renamed from: b, reason: collision with root package name */
    public String f281b;

    public c(String str) throws PKIException {
        try {
            KeyStore keyStore = KeyStore.getInstance(Constants.KEYSTORE_PROVIDER_1);
            this.f280a = keyStore;
            keyStore.load(null);
            this.f281b = str;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new PKIException(e);
        }
    }

    public KeyPair a(Context context, String str, BigInteger bigInteger) throws PKIException {
        try {
            if (this.f280a.containsAlias(this.f281b)) {
                throw new PKIException(new IllegalStateException("Key already exists, call logout() first."));
            }
            Locale locale = Locale.getDefault();
            try {
                Locale.setDefault(Locale.ENGLISH);
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", Constants.KEYSTORE_PROVIDER_1);
                X500Principal x500Principal = new X500Principal(str);
                GregorianCalendar gregorianCalendar = new GregorianCalendar();
                GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
                gregorianCalendar2.add(1, 1);
                keyPairGenerator.initialize(Build.VERSION.SDK_INT >= 23 ? new KeyGenParameterSpec.Builder(this.f281b, 15).setDigests("SHA-256").setKeySize(2048).setSignaturePaddings("PKCS1").setEncryptionPaddings("PKCS1Padding").setCertificateSerialNumber(bigInteger).setCertificateNotBefore(gregorianCalendar.getTime()).setCertificateNotAfter(gregorianCalendar2.getTime()).setCertificateSubject(x500Principal).setKeyValidityStart(gregorianCalendar.getTime()).setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(30).setKeyValidityEnd(gregorianCalendar2.getTime()).build() : new KeyPairGeneratorSpec.Builder(context).setAlias(this.f281b).setSubject(x500Principal).setSerialNumber(bigInteger).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).setKeySize(2048).build());
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                Locale.setDefault(locale);
                return generateKeyPair;
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
                Locale.setDefault(locale);
                throw new PKIException(e);
            }
        } catch (KeyStoreException e2) {
            throw new PKIException(e2);
        }
    }

    public void a() throws PKIException {
        try {
            if (this.f280a.containsAlias(this.f281b)) {
                this.f280a.deleteEntry(this.f281b);
            }
        } catch (KeyStoreException e) {
            throw new PKIException(e);
        }
    }

    public void a(String str) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(str.replaceAll("-----BEGIN CERTIFICATE-----", "").replaceAll("-----END CERTIFICATE-----", "").replaceAll(c, ""))));
        this.f280a.setKeyEntry(this.f281b, this.f280a.getKey(this.f281b, null), null, new Certificate[]{x509Certificate});
    }

    public Certificate b() throws PKIException {
        try {
            return this.f280a.getCertificate(this.f281b);
        } catch (KeyStoreException e) {
            throw new PKIException(e);
        }
    }

    public Certificate[] c() throws PKIException {
        try {
            return this.f280a.getCertificateChain(this.f281b);
        } catch (KeyStoreException e) {
            throw new PKIException(e);
        }
    }

    public KeyPair d() throws PKIException {
        try {
            if (!this.f280a.containsAlias(this.f281b)) {
                throw new PKIException(new IllegalStateException("Key does not exist."));
            }
            try {
                return new KeyPair(this.f280a.getCertificate(this.f281b).getPublicKey(), ((KeyStore.PrivateKeyEntry) this.f280a.getEntry(this.f281b, null)).getPrivateKey());
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
                throw new PKIException(e);
            }
        } catch (KeyStoreException e2) {
            throw new PKIException(e2);
        }
    }
}
