package com.okta.devices.encrypt;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.StrongBoxUnavailableException;
import com.okta.devices.api.security.DeviceKeyStore;
import com.okta.devices.api.security.SignatureProvider;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import kotlin.Metadata;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import yg.AbstractC0625;
import yg.C0520;
import yg.C0530;
import yg.C0535;
import yg.C0543;
import yg.C0553;
import yg.C0587;
import yg.C0596;
import yg.C0601;
import yg.C0616;
import yg.C0632;
import yg.C0635;
import yg.C0646;
import yg.C0648;
import yg.C0671;
import yg.C0674;
import yg.C0691;
import yg.C0692;
import yg.C0697;

@Metadata(d1 = {"\u0000R\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0004\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u0012\n\u0002\b\u0002\u0018\u00002\u00020\u0001B#\u0012\b\b\u0002\u0010\u0002\u001a\u00020\u0003\u0012\b\b\u0002\u0010\u0004\u001a\u00020\u0005\u0012\b\b\u0002\u0010\u0006\u001a\u00020\u0007¢\u0006\u0002\u0010\bJ\b\u0010\r\u001a\u00020\fH\u0016J\"\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\f2\u0006\u0010\u0011\u001a\u00020\u00072\b\b\u0002\u0010\u0012\u001a\u00020\u0007H\u0002J\u0018\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0010\u001a\u00020\f2\u0006\u0010\u0011\u001a\u00020\u0007H\u0016J\u001c\u0010\u0015\u001a\u0004\u0018\u00010\u00162\u0006\u0010\u0010\u001a\u00020\f2\b\u0010\u0017\u001a\u0004\u0018\u00010\fH\u0016J\u0012\u0010\u0018\u001a\u0004\u0018\u00010\u00192\u0006\u0010\u0010\u001a\u00020\fH\u0016J\u0010\u0010\u001a\u001a\u00020\u001b2\u0006\u0010\u0010\u001a\u00020\fH\u0016J\b\u0010\u001c\u001a\u00020\u0007H\u0016J\b\u0010\u001d\u001a\u00020\fH\u0016J \u0010\u001e\u001a\u00020\u00072\u0006\u0010\u0010\u001a\u00020\f2\u0006\u0010\u001f\u001a\u00020 2\u0006\u0010!\u001a\u00020 H\u0016R\u0014\u0010\u0002\u001a\u00020\u0003X\u0096\u0004¢\u0006\b\n\u0000\u001a\u0004\b\t\u0010\nR\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u000b\u001a\u00020\fX\u0082D¢\u0006\u0002\n\u0000¨\u0006\""}, d2 = {"Lcom/okta/devices/encrypt/RsaSignature;", "Lcom/okta/devices/api/security/SignatureProvider;", "deviceKeyStore", "Lcom/okta/devices/api/security/DeviceKeyStore;", "keySize", "", "enableStrongBox", "", "(Lcom/okta/devices/api/security/DeviceKeyStore;IZ)V", "getDeviceKeyStore", "()Lcom/okta/devices/api/security/DeviceKeyStore;", "signatureAlgorithm", "", "algorithm", "createKeyPairSpec", "Landroid/security/keystore/KeyGenParameterSpec;", "alias", "userVerification", "strongBox", "generateAndStoreKeyPair", "", "getPrivateKey", "Ljava/security/PrivateKey;", "password", "getPublicKey", "Ljava/security/PublicKey;", "getSignature", "Ljava/security/Signature;", "isFipsCompliant", "jwsAlg", "verify", "message", "", "signature", "devices-core_debug"}, k = 1, mv = {1, 7, 1}, xi = 48)
/* loaded from: classes3.dex */
public final class RsaSignature implements SignatureProvider {

    @NotNull
    public final DeviceKeyStore deviceKeyStore;
    public final boolean enableStrongBox;
    public final int keySize;

    @NotNull
    public final String signatureAlgorithm;

    public RsaSignature() {
        this(null, 0, false, 7, null);
    }

    public RsaSignature(@NotNull DeviceKeyStore deviceKeyStore, int i, boolean z) {
        short m1350 = (short) (C0692.m1350() ^ 17908);
        short m13502 = (short) (C0692.m1350() ^ 14435);
        int[] iArr = new int["lQzas\ng\u0016B\u007f9(CL".length()];
        C0648 c0648 = new C0648("lQzas\ng\u0016B\u007f9(CL");
        int i2 = 0;
        while (c0648.m1212()) {
            int m1211 = c0648.m1211();
            AbstractC0625 m1151 = AbstractC0625.m1151(m1211);
            iArr[i2] = m1151.mo828(((i2 * m13502) ^ m1350) + m1151.mo831(m1211));
            i2++;
        }
        Intrinsics.checkNotNullParameter(deviceKeyStore, new String(iArr, 0, i2));
        this.deviceKeyStore = deviceKeyStore;
        this.keySize = i;
        this.enableStrongBox = z;
        this.signatureAlgorithm = C0646.m1188("Dl/H<j6@\u001cRIu~", (short) (C0692.m1350() ^ 21892), (short) (C0692.m1350() ^ 22951));
    }

    /* JADX WARN: Multi-variable type inference failed */
    public /* synthetic */ RsaSignature(DeviceKeyStore deviceKeyStore, int i, boolean z, int i2, DefaultConstructorMarker defaultConstructorMarker) {
        this((i2 & 1) != 0 ? new DeviceKeyStoreImpl(null, 1, 0 == true ? 1 : 0) : deviceKeyStore, (i2 & 2) != 0 ? 2048 : i, (i2 & 4) != 0 ? false : z);
    }

    private final KeyGenParameterSpec createKeyPairSpec(String alias, boolean userVerification, boolean strongBox) {
        KeyGenParameterSpec.Builder keySize = new KeyGenParameterSpec.Builder(alias, 4).setKeySize(this.keySize);
        short m903 = (short) (C0535.m903() ^ 8866);
        int[] iArr = new int["\u0007zr]acc".length()];
        C0648 c0648 = new C0648("\u0007zr]acc");
        int i = 0;
        while (c0648.m1212()) {
            int m1211 = c0648.m1211();
            AbstractC0625 m1151 = AbstractC0625.m1151(m1211);
            iArr[i] = m1151.mo828(m903 + m903 + m903 + i + m1151.mo831(m1211));
            i++;
        }
        KeyGenParameterSpec.Builder digests = keySize.setDigests(new String(iArr, 0, i), C0691.m1335("B29B\u0017Xc", (short) (C0697.m1364() ^ 12917), (short) (C0697.m1364() ^ 11743)), C0646.m1197("XNH5>;=", (short) (C0520.m825() ^ (-9160)), (short) (C0520.m825() ^ (-229))));
        short m1364 = (short) (C0697.m1364() ^ 34);
        short m13642 = (short) (C0697.m1364() ^ 15294);
        int[] iArr2 = new int["71(7\u0014".length()];
        C0648 c06482 = new C0648("71(7\u0014");
        int i2 = 0;
        while (c06482.m1212()) {
            int m12112 = c06482.m1211();
            AbstractC0625 m11512 = AbstractC0625.m1151(m12112);
            iArr2[i2] = m11512.mo828(m1364 + i2 + m11512.mo831(m12112) + m13642);
            i2++;
        }
        KeyGenParameterSpec.Builder signaturePaddings = digests.setSignaturePaddings(new String(iArr2, 0, i2));
        Intrinsics.checkNotNullExpressionValue(signaturePaddings, C0616.m1125("&ZOSLN\\\u0013MYWPc\u001d\u0012>YnFigi_m垲K?SUSGbTFJKQWQj^`On`\\UfE>", (short) (C0535.m903() ^ 22915)));
        if (userVerification) {
            signaturePaddings.setUserAuthenticationRequired(true);
            if (Build.VERSION.SDK_INT >= 30) {
                signaturePaddings.setUserAuthenticationParameters(0, 2);
            } else {
                signaturePaddings.setUserAuthenticationValidityDurationSeconds(-1);
            }
            signaturePaddings.setInvalidatedByBiometricEnrollment(true);
        }
        signaturePaddings.setIsStrongBoxBacked(strongBox);
        KeyGenParameterSpec build = signaturePaddings.build();
        short m825 = (short) (C0520.m825() ^ (-15552));
        int[] iArr3 = new int["7I@B55E\u007f?QHJ=\u007f\u0004".length()];
        C0648 c06483 = new C0648("7I@B55E\u007f?QHJ=\u007f\u0004");
        int i3 = 0;
        while (c06483.m1212()) {
            int m12113 = c06483.m1211();
            AbstractC0625 m11513 = AbstractC0625.m1151(m12113);
            iArr3[i3] = m11513.mo828(m11513.mo831(m12113) - (m825 ^ i3));
            i3++;
        }
        Intrinsics.checkNotNullExpressionValue(build, new String(iArr3, 0, i3));
        return build;
    }

    public static /* synthetic */ KeyGenParameterSpec createKeyPairSpec$default(RsaSignature rsaSignature, String str, boolean z, boolean z2, int i, Object obj) {
        if ((i & 4) != 0) {
            z2 = rsaSignature.enableStrongBox;
        }
        return rsaSignature.createKeyPairSpec(str, z, z2);
    }

    @Override // com.okta.devices.api.security.SignatureProvider
    @NotNull
    public String algorithm() {
        short m1072 = (short) (C0596.m1072() ^ (-20260));
        int[] iArr = new int["\u0005\u0007u".length()];
        C0648 c0648 = new C0648("\u0005\u0007u");
        int i = 0;
        while (c0648.m1212()) {
            int m1211 = c0648.m1211();
            AbstractC0625 m1151 = AbstractC0625.m1151(m1211);
            iArr[i] = m1151.mo828(m1151.mo831(m1211) - ((m1072 + m1072) + i));
            i++;
        }
        return new String(iArr, 0, i);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r5v1, types: [yg.Ꭰ] */
    /* JADX WARN: Type inference failed for: r5v3, types: [boolean] */
    @Override // com.okta.devices.api.security.SignatureProvider
    public void generateAndStoreKeyPair(@NotNull String alias, boolean userVerification) {
        short m1364 = (short) (C0697.m1364() ^ 14021);
        short m13642 = (short) (C0697.m1364() ^ 5482);
        int[] iArr = new int["XC:".length()];
        C0648 c0648 = new C0648("XC:");
        int i = 0;
        while (c0648.m1212()) {
            int m1211 = c0648.m1211();
            AbstractC0625 m1151 = AbstractC0625.m1151(m1211);
            int mo831 = m1151.mo831(m1211);
            short[] sArr = C0674.f504;
            iArr[i] = m1151.mo828(mo831 - (sArr[i % sArr.length] ^ ((i * m13642) + m1364)));
            i++;
        }
        String str = new String(iArr, 0, i);
        short m903 = (short) (C0535.m903() ^ 19694);
        short m9032 = (short) (C0535.m903() ^ 12207);
        int[] iArr2 = new int["comfy".length()];
        boolean c06482 = new C0648("comfy");
        int i2 = 0;
        while (c06482.m1212()) {
            int m12112 = c06482.m1211();
            AbstractC0625 m11512 = AbstractC0625.m1151(m12112);
            iArr2[i2] = m11512.mo828((m11512.mo831(m12112) - (m903 + i2)) + m9032);
            i2++;
        }
        Intrinsics.checkNotNullParameter(alias, new String(iArr2, 0, i2));
        try {
            c06482 = userVerification;
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, getDeviceKeyStore().getKeyStore().getType());
            keyPairGenerator.initialize(createKeyPairSpec$default(this, alias, c06482, false, 4, null));
            keyPairGenerator.generateKeyPair();
        } catch (ProviderException e) {
            if (!(e instanceof StrongBoxUnavailableException)) {
                throw e;
            }
            KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance(str, getDeviceKeyStore().getKeyStore().getType());
            keyPairGenerator2.initialize(createKeyPairSpec(alias, c06482, false));
            keyPairGenerator2.generateKeyPair();
        }
    }

    @Override // com.okta.devices.api.security.SignatureProvider
    @NotNull
    public DeviceKeyStore getDeviceKeyStore() {
        return this.deviceKeyStore;
    }

    @Override // com.okta.devices.api.security.SignatureProvider
    @Nullable
    public PrivateKey getPrivateKey(@NotNull String alias, @Nullable String password) {
        Intrinsics.checkNotNullParameter(alias, C0587.m1047("0\u000e\u0019<^", (short) (C0596.m1072() ^ (-8231))));
        Key keyEntry$default = DeviceKeyStore.DefaultImpls.getKeyEntry$default(getDeviceKeyStore(), alias, null, 2, null);
        if (keyEntry$default == null) {
            return null;
        }
        if (keyEntry$default instanceof PrivateKey) {
            return (PrivateKey) keyEntry$default;
        }
        throw new KeyStoreException(C0635.m1169("K7<q%t9 h1QBm\u0001\u0018\u0001&$v\u0007\u0002\u001e\u0003\u0004\u0001", (short) (C0520.m825() ^ (-2003))) + alias);
    }

    @Override // com.okta.devices.api.security.SignatureProvider
    @Nullable
    public PublicKey getPublicKey(@NotNull String alias) {
        Intrinsics.checkNotNullParameter(alias, C0691.m1329("{\b\u0006~\u0012", (short) (C0632.m1157() ^ (-4272))));
        Certificate certificate = getDeviceKeyStore().getKeyStore().getCertificate(alias);
        if (certificate != null) {
            return certificate.getPublicKey();
        }
        return null;
    }

    @Override // com.okta.devices.api.security.SignatureProvider
    @NotNull
    public Signature getSignature(@NotNull String alias) {
        short m825 = (short) (C0520.m825() ^ (-10908));
        int[] iArr = new int["Xb^Uf".length()];
        C0648 c0648 = new C0648("Xb^Uf");
        int i = 0;
        while (c0648.m1212()) {
            int m1211 = c0648.m1211();
            AbstractC0625 m1151 = AbstractC0625.m1151(m1211);
            iArr[i] = m1151.mo828(m825 + m825 + i + m1151.mo831(m1211));
            i++;
        }
        Intrinsics.checkNotNullParameter(alias, new String(iArr, 0, i));
        PrivateKey privateKey$default = SignatureProvider.DefaultImpls.getPrivateKey$default(this, alias, null, 2, null);
        if (privateKey$default == null) {
            throw new UnrecoverableKeyException(C0530.m875("G`s\u0019^fh\u0015h[[d\u0010PZVM^\n`IZT\fX\u0003HPUMB", (short) (C0601.m1083() ^ 13373), (short) (C0601.m1083() ^ 31792)));
        }
        Signature signature = Signature.getInstance(this.signatureAlgorithm);
        signature.initSign(privateKey$default);
        Intrinsics.checkNotNullExpressionValue(signature, C0553.m937("30>\u00126::&2&'h3(%+\u001d//+\u001dw\"\u001c\uaa37[_\u0012 \u001f\u001a&K&I\u0012\u0016\u0010\u001aw\r\n\u0010H\u000b\u0004\u0017E;\u0018", (short) (C0543.m921() ^ (-27779))));
        return signature;
    }

    @Override // com.okta.devices.api.security.SignatureProvider
    public boolean isFipsCompliant() {
        return false;
    }

    @Override // com.okta.devices.api.security.SignatureProvider
    @NotNull
    public String jwsAlg() {
        return C0530.m888("\u0007\u0007hjn", (short) (C0697.m1364() ^ 32669));
    }

    @Override // com.okta.devices.api.security.SignatureProvider
    public boolean verify(@NotNull String alias, @NotNull byte[] message, @NotNull byte[] signature) {
        Intrinsics.checkNotNullParameter(alias, C0671.m1283("\u001di\u0018I\u001d", (short) (C0596.m1072() ^ (-6444)), (short) (C0596.m1072() ^ (-26153))));
        Intrinsics.checkNotNullParameter(message, C0646.m1188("AajFE$\u001c", (short) (C0601.m1083() ^ 30198), (short) (C0601.m1083() ^ 11486)));
        short m921 = (short) (C0543.m921() ^ (-24669));
        int[] iArr = new int["\u000e\u0003\u007f\u0006w\n\n\u0006w".length()];
        C0648 c0648 = new C0648("\u000e\u0003\u007f\u0006w\n\n\u0006w");
        int i = 0;
        while (c0648.m1212()) {
            int m1211 = c0648.m1211();
            AbstractC0625 m1151 = AbstractC0625.m1151(m1211);
            iArr[i] = m1151.mo828(m921 + m921 + m921 + i + m1151.mo831(m1211));
            i++;
        }
        Intrinsics.checkNotNullParameter(signature, new String(iArr, 0, i));
        PublicKey publicKey = getPublicKey(alias);
        if (publicKey != null) {
            Signature signature2 = Signature.getInstance(this.signatureAlgorithm);
            signature2.initVerify(publicKey);
            signature2.update(message);
            return signature2.verify(signature);
        }
        short m1350 = (short) (C0692.m1350() ^ 11921);
        short m13502 = (short) (C0692.m1350() ^ 8048);
        int[] iArr2 = new int["1+~V\\v9\u0018kp1lX+u$\u001c=+2]~;#q,4|4Ls".length()];
        C0648 c06482 = new C0648("1+~V\\v9\u0018kp1lX+u$\u001c=+2]~;#q,4|4Ls");
        int i2 = 0;
        while (c06482.m1212()) {
            int m12112 = c06482.m1211();
            AbstractC0625 m11512 = AbstractC0625.m1151(m12112);
            iArr2[i2] = m11512.mo828(m11512.mo831(m12112) - ((i2 * m13502) ^ m1350));
            i2++;
        }
        throw new UnrecoverableKeyException(new String(iArr2, 0, i2));
    }
}
