package com.alipay.security.mobile.alipayauthenticatorservice.fingerprint.util;

import android.annotation.TargetApi;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.text.TextUtils;
import androidx.annotation.Keep;
import com.ali.user.mobile.rpc.safe.AES;
import com.alipay.security.mobile.auth.AuthenticatorLOG;
import defpackage.bf;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;

@Keep
/* loaded from: classes10.dex */
public class KeyMasterUtils {
    private static final String TAG = "KeyMasterUtils";
    private static KeyMasterUtils instance;

    private KeyMasterUtils() {
    }

    public static synchronized KeyMasterUtils getInstance() {
        KeyMasterUtils keyMasterUtils;
        synchronized (KeyMasterUtils.class) {
            if (instance == null) {
                instance = new KeyMasterUtils();
            }
            keyMasterUtils = instance;
        }
        return keyMasterUtils;
    }

    public boolean deleteKey(String str) {
        try {
            AuthenticatorLOG.debug(TAG, "deleteKey alias:" + str);
            KeyStore keyStore = KeyStore.getInstance(AES.ANDROID_KEYSTORE);
            keyStore.load(null);
            keyStore.deleteEntry(str);
            return true;
        } catch (Exception e) {
            StringBuilder a2 = bf.a("Could not delete key.");
            a2.append(e.getMessage());
            AuthenticatorLOG.error(TAG, a2.toString());
            return false;
        }
    }

    @TargetApi(23)
    public boolean generateKey(String str) {
        KeyPair keyPair;
        AuthenticatorLOG.debug(TAG, "generateKey alias:" + str);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", AES.ANDROID_KEYSTORE);
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 12).setDigests("SHA-256", "SHA-512").setAlgorithmParameterSpec(new ECGenParameterSpec("prime256v1")).setUserAuthenticationRequired(true).build());
            keyPair = keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            StringBuilder a2 = bf.a("exception:");
            a2.append(e.getMessage());
            AuthenticatorLOG.error(TAG, a2.toString());
            keyPair = null;
        }
        return keyPair != null;
    }

    @TargetApi(23)
    public boolean generateKey(String str, boolean z, byte[] bArr) {
        KeyPair keyPair;
        AuthenticatorLOG.debug(TAG, "generateKey alias:" + str);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", AES.ANDROID_KEYSTORE);
            KeyGenParameterSpec.Builder userAuthenticationRequired = new KeyGenParameterSpec.Builder(str, 12).setDigests("SHA-256", "SHA-512").setAlgorithmParameterSpec(new ECGenParameterSpec("prime256v1")).setUserAuthenticationRequired(z);
            if (Build.VERSION.SDK_INT >= 24 && bArr != null && bArr.length > 0) {
                userAuthenticationRequired.setAttestationChallenge(bArr);
            }
            keyPairGenerator.initialize(userAuthenticationRequired.build());
            keyPair = keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            StringBuilder a2 = bf.a("exception:");
            a2.append(e.getMessage());
            AuthenticatorLOG.error(TAG, a2.toString());
            keyPair = null;
        }
        return keyPair != null;
    }

    public List<String> getAliasList() {
        try {
            KeyStore keyStore = KeyStore.getInstance(AES.ANDROID_KEYSTORE);
            keyStore.load(null);
            Enumeration<String> aliases = keyStore.aliases();
            ArrayList arrayList = new ArrayList();
            while (aliases.hasMoreElements()) {
                arrayList.add(aliases.nextElement());
            }
            return arrayList;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public Certificate[] getCertificateChain(String str) {
        if (Build.VERSION.SDK_INT < 24) {
            return null;
        }
        try {
            if (!isKeyContains(str)) {
                return null;
            }
            KeyStore keyStore = KeyStore.getInstance(AES.ANDROID_KEYSTORE);
            keyStore.load(null);
            return keyStore.getCertificateChain(str);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    @TargetApi(23)
    public Signature initSignature(String str) {
        AuthenticatorLOG.debug(TAG, "initSign alias:" + str);
        try {
            KeyStore keyStore = KeyStore.getInstance(AES.ANDROID_KEYSTORE);
            keyStore.load(null);
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, null);
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initSign(privateKey);
            return signature;
        } catch (Exception e) {
            StringBuilder a2 = bf.a("Failed to init Signature.");
            a2.append(e.getMessage());
            AuthenticatorLOG.error(TAG, a2.toString());
            return null;
        }
    }

    @TargetApi(23)
    public boolean isInsideSecureHardware(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(AES.ANDROID_KEYSTORE);
            keyStore.load(null);
            PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null)).getPrivateKey();
            if (privateKey == null) {
                return false;
            }
            return ((KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), AES.ANDROID_KEYSTORE).getKeySpec(privateKey, KeyInfo.class)).isInsideSecureHardware();
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    public boolean isKeyContains(String str) {
        if (TextUtils.isEmpty(str)) {
            return false;
        }
        try {
            AuthenticatorLOG.debug(TAG, "isKeyContains alias:" + str);
            KeyStore keyStore = KeyStore.getInstance(AES.ANDROID_KEYSTORE);
            keyStore.load(null);
            return keyStore.containsAlias(str);
        } catch (Exception e) {
            StringBuilder a2 = bf.a("exception:");
            a2.append(e.getMessage());
            AuthenticatorLOG.error(TAG, a2.toString());
            return false;
        }
    }

    public PublicKey loadPublicKey(String str) {
        try {
            AuthenticatorLOG.debug(TAG, "loadPublicKey  alias:" + str);
            KeyStore keyStore = KeyStore.getInstance(AES.ANDROID_KEYSTORE);
            keyStore.load(null);
            return ((KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null)).getCertificate().getPublicKey();
        } catch (Exception e) {
            StringBuilder a2 = bf.a("Failed to load publickey.");
            a2.append(e.getMessage());
            AuthenticatorLOG.error(TAG, a2.toString());
            return null;
        }
    }
}
