package com.veridiumid.sdk.security;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import com.android.tools.r8.GeneratedOutlineSupport;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Arrays;
import java.util.GregorianCalendar;
import javax.crypto.KeyGenerator;
import javax.security.auth.x500.X500Principal;
import org.jivesoftware.smackx.omemo.util.OmemoConstants;

/* loaded from: classes6.dex */
public class MasterKeys {
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final int KEY_SIZE = 256;

    private MasterKeys() {
        throw new UnsupportedOperationException("Constructor is private");
    }

    public static KeyGenParameterSpec createAESGCMSpec(String str) {
        return new KeyGenParameterSpec.Builder(str, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).build();
    }

    public static KeyPairGeneratorSpec createRSAMasterKeySpec(Context context, String str) {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.add(1, 30);
        return new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSerialNumber(BigInteger.ONE).setSubject(new X500Principal(GeneratedOutlineSupport.outline52("CN=", str))).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build();
    }

    private static void generateKey(KeyPairGeneratorSpec keyPairGeneratorSpec) throws InvalidAlgorithmParameterException, NoSuchProviderException, NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEY_STORE);
        keyPairGenerator.initialize(keyPairGeneratorSpec);
        keyPairGenerator.generateKeyPair();
    }

    private static void generateKey(KeyGenParameterSpec keyGenParameterSpec) throws GeneralSecurityException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(OmemoConstants.Crypto.KEYTYPE, ANDROID_KEY_STORE);
        keyGenerator.init(keyGenParameterSpec);
        keyGenerator.generateKey();
    }

    public static String getOrCreate(KeyPairGeneratorSpec keyPairGeneratorSpec) throws GeneralSecurityException, IOException {
        if (!keyExists(keyPairGeneratorSpec.getKeystoreAlias())) {
            generateKey(keyPairGeneratorSpec);
        }
        return keyPairGeneratorSpec.getKeystoreAlias();
    }

    public static String getOrCreate(KeyGenParameterSpec keyGenParameterSpec) throws GeneralSecurityException, IOException {
        validate(keyGenParameterSpec);
        if (!keyExists(keyGenParameterSpec.getKeystoreAlias())) {
            generateKey(keyGenParameterSpec);
        }
        return keyGenParameterSpec.getKeystoreAlias();
    }

    private static boolean keyExists(String str) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
        keyStore.load(null);
        return keyStore.containsAlias(str);
    }

    private static void validate(KeyGenParameterSpec keyGenParameterSpec) {
        if (keyGenParameterSpec.getKeySize() != 256) {
            StringBuilder outline82 = GeneratedOutlineSupport.outline82("Invalid key size, expected=256 actual=");
            outline82.append(keyGenParameterSpec.getKeySize());
            throw new IllegalArgumentException(outline82.toString());
        }
        if (!Arrays.equals(keyGenParameterSpec.getBlockModes(), new String[]{"GCM"})) {
            StringBuilder outline822 = GeneratedOutlineSupport.outline82("Invalid block mode, expected=GCM actual=");
            outline822.append(Arrays.toString(keyGenParameterSpec.getBlockModes()));
            throw new IllegalArgumentException(outline822.toString());
        }
        if (keyGenParameterSpec.getPurposes() != 3) {
            StringBuilder outline823 = GeneratedOutlineSupport.outline82("Invalid purpose expected = (KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT) actual=");
            outline823.append(keyGenParameterSpec.getPurposes());
            throw new IllegalArgumentException(outline823.toString());
        }
        if (!Arrays.equals(keyGenParameterSpec.getEncryptionPaddings(), new String[]{"NoPadding"})) {
            StringBuilder outline824 = GeneratedOutlineSupport.outline82("Invalid padding mode expected=NoPadding actual=");
            outline824.append(Arrays.toString(keyGenParameterSpec.getEncryptionPaddings()));
            throw new IllegalArgumentException(outline824.toString());
        }
        if (keyGenParameterSpec.isUserAuthenticationRequired() && keyGenParameterSpec.getUserAuthenticationValidityDurationSeconds() < 1) {
            throw new IllegalArgumentException("Creating the key that always requires authentication is not possible (UserAuthenticationValidityDurationSeconds must be >0) or IsUserAuthenticationRequired=false");
        }
    }
}
