package com.fitbit.coin.kit.internal.ui.fingerprint;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.support.annotation.RequiresApi;
import android.util.Base64;
import com.fitbit.coin.kit.internal.device.Cdo;
import com.fitbit.coin.kit.internal.device.PaymentDeviceId;
import com.fitbit.coin.kit.internal.store.Path;
import com.fitbit.coin.kit.internal.store.x;
import io.reactivex.ae;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.concurrent.Callable;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

@SuppressLint({"NewApi"})
/* loaded from: classes2.dex */
public class a {

    /* renamed from: a, reason: collision with root package name */
    public static final String f9187a = "fitbit_pay_pin";

    /* renamed from: b, reason: collision with root package name */
    public static final String f9188b = "AndroidKeyStore";

    /* renamed from: c, reason: collision with root package name */
    private static final String f9189c = "RSA";

    /* renamed from: d, reason: collision with root package name */
    private static final String f9190d = "AES";
    private static final String e = "RSA/ECB/PKCS1Padding";
    private static final String f = "AES/ECB/PKCS7Padding";
    private static final String g = "AndroidOpenSSL";
    private static final String h = "BC";
    private final Context i;
    private final x j;

    @javax.a.a
    public a(Context context, @javax.a.b(a = "ckData") x xVar) {
        this.i = context;
        this.j = xVar;
    }

    static com.fitbit.coin.kit.internal.store.i<String> a(PaymentDeviceId paymentDeviceId) {
        return com.fitbit.coin.kit.internal.store.i.a(String.class, new Path(Cdo.k(paymentDeviceId), "encryption_key_2.58"));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final /* synthetic */ Cipher a(SecretKey secretKey) throws Exception {
        Cipher cipher = Cipher.getInstance(f, h);
        cipher.init(2, secretKey);
        return cipher;
    }

    private byte[] a(byte[] bArr) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(f9188b);
        keyStore.load(null);
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(f9187a, null);
        Cipher cipher = d() ? Cipher.getInstance(e, g) : Cipher.getInstance(e);
        cipher.init(1, privateKeyEntry.getCertificate().getPublicKey());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(bArr);
        cipherOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final /* synthetic */ Cipher b(SecretKey secretKey) throws Exception {
        Cipher cipher = Cipher.getInstance(f, h);
        cipher.init(1, secretKey);
        return cipher;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final /* synthetic */ void b() throws Exception {
        KeyStore keyStore = KeyStore.getInstance(f9188b);
        keyStore.load(null);
        if (keyStore.containsAlias(f9187a)) {
            keyStore.deleteEntry(f9187a);
            if (keyStore.containsAlias(f9187a)) {
                throw new Exception("Failed to remove fitbit_pay_pin");
            }
        }
    }

    private byte[] b(byte[] bArr) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(f9188b);
        keyStore.load(null);
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(f9187a, null);
        Cipher cipher = d() ? Cipher.getInstance(e, g) : Cipher.getInstance(e);
        cipher.init(2, privateKeyEntry.getPrivateKey());
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        byte[] bArr2 = new byte[arrayList.size()];
        for (int i = 0; i < bArr2.length; i++) {
            bArr2[i] = ((Byte) arrayList.get(i)).byteValue();
        }
        return bArr2;
    }

    private ae<SecretKey> d(PaymentDeviceId paymentDeviceId) {
        return this.j.a((com.fitbit.coin.kit.internal.store.i) a(paymentDeviceId), (ae) e()).h(new io.reactivex.c.h(this) { // from class: com.fitbit.coin.kit.internal.ui.fingerprint.d

            /* renamed from: a, reason: collision with root package name */
            private final a f9193a;

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                this.f9193a = this;
            }

            @Override // io.reactivex.c.h
            public Object apply(Object obj) {
                return this.f9193a.a((String) obj);
            }
        });
    }

    private boolean d() {
        return Build.VERSION.SDK_INT < 23;
    }

    private ae<String> e() {
        return ae.c(new Callable(this) { // from class: com.fitbit.coin.kit.internal.ui.fingerprint.e

            /* renamed from: a, reason: collision with root package name */
            private final a f9194a;

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                this.f9194a = this;
            }

            @Override // java.util.concurrent.Callable
            public Object call() {
                return this.f9194a.c();
            }
        });
    }

    @RequiresApi(api = 23)
    private void f() throws GeneralSecurityException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(f9189c, f9188b);
        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(f9187a, 3).setBlockModes("ECB").setEncryptionPaddings("PKCS1Padding").build());
        keyPairGenerator.generateKeyPair();
    }

    private void g() throws GeneralSecurityException, IOException {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 30);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.i).setAlias(f9187a).setSubject(new X500Principal("CN=fitbit_pay_pin")).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(f9189c, f9188b);
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
    }

    public io.reactivex.a a() {
        return io.reactivex.a.a(f.f9195a);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final /* synthetic */ SecretKey a(String str) throws Exception {
        return new SecretKeySpec(b(Base64.decode(str, 0)), "AES");
    }

    public ae<Cipher> b(PaymentDeviceId paymentDeviceId) {
        return d(paymentDeviceId).h(b.f9191a);
    }

    public ae<Cipher> c(PaymentDeviceId paymentDeviceId) {
        return d(paymentDeviceId).h(c.f9192a);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final /* synthetic */ String c() throws Exception {
        KeyStore keyStore = KeyStore.getInstance(f9188b);
        keyStore.load(null);
        if (!keyStore.containsAlias(f9187a)) {
            if (d()) {
                g();
            } else {
                f();
            }
        }
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return Base64.encodeToString(a(bArr), 0);
    }
}
