package defpackage;

import android.security.keystore.KeyGenParameterSpec;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import javax.security.auth.x500.X500Principal;

/* compiled from: :com.google.android.gms@244933004@24.49.33 (040400-705592033) */
/* loaded from: classes5.dex */
public final class cajo {
    public egte b;
    public ehbz c;
    private egtq e;
    private egtf f;
    private egte g;
    private final SecureRandom d = new SecureRandom();
    private boolean h = false;
    public final cajn a = new cajn();

    static String a(String str) {
        return String.format("%s.%s", "nearby.connections", str);
    }

    static final Signature i() {
        return Signature.getInstance("SHA256withECDSA");
    }

    public static final boolean j(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        if (fhqj.t()) {
            try {
                KeyFactory keyFactory = KeyFactory.getInstance("EC");
                X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(bArr);
                try {
                    PublicKey generatePublic = keyFactory.generatePublic(x509EncodedKeySpec);
                    try {
                        Signature i = i();
                        try {
                            i.initVerify(generatePublic);
                            try {
                                i.update(bArr2);
                                return i.verify(bArr3);
                            } catch (SignatureException e) {
                                caih.a.e().f(e).o("Failed to verify bytes with paired key.", new Object[0]);
                                return false;
                            }
                        } catch (InvalidKeyException e2) {
                            caih.a.e().f(e2).o("Failed to verify bytes with paired key.", new Object[0]);
                            return false;
                        }
                    } catch (NoSuchAlgorithmException e3) {
                        caih.a.e().f(e3).h("Failed to verify bytes with paired key: %s", "SHA256withECDSA");
                        return false;
                    }
                } catch (InvalidKeySpecException e4) {
                    caih.a.e().f(e4).h("Failed to verify bytes with paired key: %s", x509EncodedKeySpec.getFormat());
                    return false;
                }
            } catch (NoSuchAlgorithmException e5) {
                caih.a.e().f(e5).h("Failed to verify bytes with paired key: %s", "EC");
            }
        }
        return false;
    }

    private final ehbz k() {
        if (!this.h && (!m() || !c())) {
            throw new GeneralSecurityException("Failed to do lazy initialization");
        }
        egtq egtqVar = this.e;
        if (egtqVar == null) {
            throw new GeneralSecurityException("privateKeysetHandle is null");
        }
        try {
            return (ehbz) egtqVar.f().b().a;
        } catch (IllegalStateException | NullPointerException | GeneralSecurityException e) {
            throw new GeneralSecurityException(e);
        }
    }

    private final void l(byte[] bArr) {
        if (bArr.length != 32) {
            throw new GeneralSecurityException("The input public key size is wrong.");
        }
        try {
            ehbz k = k();
            ehbz b = ehbz.b(k.a, ehwn.b(bArr), k.d);
            egto egtoVar = new egto();
            egtm a = egtq.a(b);
            a.b(1);
            a.a();
            egtoVar.c(a);
            this.f = (egtf) egtoVar.a().j(ehgs.a, egtf.class);
        } catch (GeneralSecurityException e) {
            throw new GeneralSecurityException(e);
        }
    }

    private final boolean m() {
        if (this.h) {
            return true;
        }
        if (!fhqj.V()) {
            return false;
        }
        try {
            ehca.a();
            this.h = true;
            return true;
        } catch (GeneralSecurityException e) {
            caih.a.e().f(e).o("Failed to register HybridConfig.", new Object[0]);
            return false;
        }
    }

    private final byte[] n() {
        byte[] bArr = new byte[72];
        this.d.nextBytes(bArr);
        return bArr;
    }

    public final void b(String str) {
        try {
            cajn cajnVar = this.a;
            String a = a(str);
            KeyStore keyStore = cajnVar.a;
            if (keyStore == null) {
                throw new KeyStoreException("No AndroidKeyStore found on device.");
            }
            if (keyStore.containsAlias(a)) {
                cajnVar.a.deleteEntry(a);
            }
        } catch (KeyStoreException e) {
            caih.a.d().f(e).h("Failed to delete key store entry %s", str);
        }
    }

    public final boolean c() {
        if (!m() || !fhqj.V()) {
            return false;
        }
        try {
            this.b = this.g;
            egtq egtqVar = this.e;
            this.c = egtqVar != null ? (ehbz) egtqVar.f().b().a : null;
            egto egtoVar = new egto();
            egtm egtmVar = new egtm(egtl.a("DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM").a());
            egtmVar.b(1);
            egtmVar.a();
            egtoVar.c(egtmVar);
            egtq a = egtoVar.a();
            this.e = a;
            this.g = (egte) a.j(ehgs.a, egte.class);
            return true;
        } catch (GeneralSecurityException e) {
            caih.a.e().f(e).o("Failed to generate a new HPKE key.", new Object[0]);
            return false;
        }
    }

    public final byte[] d(byte[] bArr) {
        egte egteVar = this.g;
        if (egteVar == null) {
            throw new GeneralSecurityException("Failed to get HPKE hybridDecrypt.");
        }
        try {
            return egteVar.a(bArr, "Nearby Connections".getBytes(StandardCharsets.UTF_8));
        } catch (GeneralSecurityException e) {
            egte egteVar2 = this.b;
            if (egteVar2 != null) {
                return egteVar2.a(bArr, "Nearby Connections".getBytes(StandardCharsets.UTF_8));
            }
            throw new GeneralSecurityException(e);
        }
    }

    public final byte[] e(byte[] bArr, byte[] bArr2) {
        try {
            l(bArr2);
            egtf egtfVar = this.f;
            if (egtfVar != null) {
                return egtfVar.a(bArr, "Nearby Connections".getBytes(StandardCharsets.UTF_8));
            }
            throw new GeneralSecurityException("Failed to encrypt because hybridEncryptWithImportedPublickey is null.");
        } catch (GeneralSecurityException e) {
            throw new GeneralSecurityException(e);
        }
    }

    public final byte[] f() {
        try {
            return k().b.c();
        } catch (IllegalStateException | NullPointerException | GeneralSecurityException e) {
            caih.a.e().f(e).o("Failed to get HPKE public key bytes.", new Object[0]);
            return null;
        }
    }

    public final byte[] g(String str) {
        if (fhqj.t()) {
            String a = a(str);
            try {
                Certificate a2 = this.a.a(a);
                if (a2 != null) {
                    return a2.getPublicKey().getEncoded();
                }
                try {
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
                    try {
                        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(a, 12).setDigests("SHA-256").setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setCertificateSubject(new X500Principal("O=Google, OU=Android, C=US")).setRandomizedEncryptionRequired(false).build());
                        try {
                            keyPairGenerator.generateKeyPair();
                            caih.a.d().o("Successfully create paired key.", new Object[0]);
                            try {
                                Certificate a3 = this.a.a(a);
                                if (a3 == null) {
                                    return null;
                                }
                                return a3.getPublicKey().getEncoded();
                            } catch (KeyStoreException e) {
                                caih.a.e().f(e).o("Failed to create paired key.", new Object[0]);
                                return null;
                            }
                        } catch (ProviderException e2) {
                            caih.a.e().f(e2).o("Failed to create paired key.", new Object[0]);
                            return null;
                        }
                    } catch (InvalidAlgorithmParameterException e3) {
                        caih.a.e().f(e3).o("Failed to create paired key.", new Object[0]);
                        return null;
                    }
                } catch (NoSuchAlgorithmException | NoSuchProviderException e4) {
                    caih.a.e().f(e4).o("Failed to create paired key.", new Object[0]);
                    return null;
                }
            } catch (KeyStoreException e5) {
                caih.a.e().f(e5).o("Failed to create paired key.", new Object[0]);
            }
        }
        return null;
    }

    public final byte[] h(String str, byte[] bArr) {
        if (!fhqj.t()) {
            return n();
        }
        try {
            String a = a(str);
            KeyStore keyStore = this.a.a;
            if (keyStore == null) {
                throw new KeyStoreException("No AndroidKeyStore found on device.");
            }
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(a, null);
            X509Certificate x509Certificate = (X509Certificate) this.a.a(a);
            if (privateKey == null) {
                caih.a.e().o("No private key is available. Failed to sign with paired key.", new Object[0]);
                return n();
            }
            if (x509Certificate != null && x509Certificate.getPublicKey() != null) {
                caih.a.d().h("Current PublicKey for signing: %s", Arrays.toString(x509Certificate.getPublicKey().getEncoded()));
            }
            try {
                Signature i = i();
                try {
                    i.initSign(privateKey);
                    try {
                        i.update(bArr);
                        return i.sign();
                    } catch (SignatureException e) {
                        caih.a.e().f(e).o("Failed to sign with paired key.", new Object[0]);
                        return n();
                    }
                } catch (InvalidKeyException e2) {
                    caih.a.e().f(e2).h("Failed to sign with paired key: %s", privateKey.getAlgorithm());
                    return n();
                }
            } catch (NoSuchAlgorithmException e3) {
                caih.a.e().f(e3).o("Failed to sign with paired key.", new Object[0]);
                return n();
            }
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e4) {
            caih.a.e().f(e4).o("Failed to sign with paired key.", new Object[0]);
            return n();
        }
    }
}
