package com.psa.mmx.authentication.strongauth.fingerprint;

import android.annotation.TargetApi;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import com.google.android.gms.common.util.AndroidUtilsLight;
import io.fabric.sdk.android.services.common.CommonUtils;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes2.dex */
public class HelperSecurity {
    private static final String INVALID_CIPHER = "InvalidCipher";
    private static final String INVALID_KEY = "InvalidKey";
    private static final String KEYSTORE_NAME = "AndroidKeyStore";
    private static final String KEY_NAME = "strong_auth_biokey";
    private static Cipher cipher;
    private static KeyPairGenerator keyPairGenerator;
    private static KeyStore keyStore;

    private HelperSecurity() {
    }

    public static void generateEncryptionKeyPair() {
        try {
            keyStore = KeyStore.getInstance(KEYSTORE_NAME);
            keyStore.load(null);
            try {
                if (Build.VERSION.SDK_INT >= 23) {
                    keyPairGenerator = KeyPairGenerator.getInstance("RSA", KEYSTORE_NAME);
                }
                try {
                    if (Build.VERSION.SDK_INT >= 23) {
                        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(KEY_NAME, 3).setDigests(CommonUtils.SHA256_INSTANCE, AndroidUtilsLight.DIGEST_ALGORITHM_SHA512).setEncryptionPaddings("OAEPPadding").setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(-1).build());
                        keyPairGenerator.generateKeyPair();
                    }
                } catch (InvalidAlgorithmParameterException e) {
                    throw new IllegalArgumentException(e);
                }
            } catch (NoSuchAlgorithmException | NoSuchProviderException e2) {
                throw new IllegalArgumentException("Failed to get KeyGenerator instance", e2);
            }
        } catch (Exception e3) {
            throw new IllegalArgumentException("Failed to get KeyStore instance", e3);
        }
    }

    public static PrivateKey getEncryptionPrivateKey() {
        try {
            keyStore = KeyStore.getInstance(KEYSTORE_NAME);
            keyStore.load(null);
            return (PrivateKey) keyStore.getKey(KEY_NAME, null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            throw new IllegalArgumentException(INVALID_KEY, e);
        }
    }

    public static PublicKey getEncryptionPublicKey() {
        try {
            keyStore = KeyStore.getInstance(KEYSTORE_NAME);
            keyStore.load(null);
            return keyStore.getCertificate(KEY_NAME).getPublicKey();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new IllegalArgumentException(INVALID_KEY, e);
        }
    }

    @TargetApi(23)
    public static Cipher initCipher(int i) {
        try {
            if (Build.VERSION.SDK_INT >= 23) {
                cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
            }
            try {
                KeyStore.getInstance(KEYSTORE_NAME).load(null);
                if (i == 1) {
                    cipher.init(i, getEncryptionPublicKey(), cipher.getParameters());
                } else if (i == 2) {
                    cipher.init(i, getEncryptionPrivateKey(), cipher.getParameters());
                }
                return cipher;
            } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new IllegalArgumentException(INVALID_CIPHER, e);
            } catch (RuntimeException | InvalidKeyException e2) {
                throw new IllegalArgumentException(INVALID_KEY, e2);
            }
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e3) {
            throw new IllegalArgumentException(INVALID_CIPHER, e3);
        }
    }
}
