package defpackage;

import android.accounts.Account;
import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.google.android.gms.org.conscrypt.EvpMdRef;
import com.google.android.gms.wallet.shared.BuyFlowConfig;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.util.UUID;

/* compiled from: :com.google.android.gms@17122019@17.1.22 (040400-245988633) */
@TargetApi(23)
/* loaded from: classes4.dex */
public final class avze {
    private final BuyFlowConfig a;
    private final Context b;

    private avze(Context context, BuyFlowConfig buyFlowConfig) {
        this.a = buyFlowConfig;
        this.b = context;
    }

    public static avze a(Context context, BuyFlowConfig buyFlowConfig) {
        return new avze(context.getApplicationContext(), buyFlowConfig);
    }

    private static final ECPublicKey a(String str, String str2, String str3, String str4) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", str);
            KeyGenParameterSpec.Builder userAuthenticationValidityDurationSeconds = new KeyGenParameterSpec.Builder(str2, 4).setAlgorithmParameterSpec(new ECGenParameterSpec(str3)).setDigests(EvpMdRef.SHA256.JCA_NAME).setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(-1);
            if (Build.VERSION.SDK_INT >= 24) {
                userAuthenticationValidityDurationSeconds.setAttestationChallenge(str4.getBytes(StandardCharsets.UTF_8));
            }
            keyPairGenerator.initialize(userAuthenticationValidityDurationSeconds.build());
            return (ECPublicKey) keyPairGenerator.generateKeyPair().getPublic();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new RuntimeException(e);
        }
    }

    private final String d() {
        awuo awuoVar = this.a.b;
        int i = awuoVar.a;
        Account account = awuoVar.b;
        String valueOf = String.valueOf("com.google.android.gms.wallet.keys:");
        avzu avzuVar = new avzu();
        avzuVar.a(i);
        avzuVar.a(account.name);
        String valueOf2 = String.valueOf(avzuVar.a());
        return sib.a((valueOf2.length() == 0 ? new String(valueOf) : valueOf.concat(valueOf2)).getBytes(StandardCharsets.UTF_8));
    }

    private static final KeyStore e() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return keyStore;
    }

    public final Signature a() {
        try {
            KeyStore e = e();
            if (!e.containsAlias(d())) {
                return null;
            }
            PrivateKey privateKey = (PrivateKey) e.getKey(d(), null);
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initSign(privateKey);
            return signature;
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e2) {
            awuu.a(this.b, e2);
            return null;
        }
    }

    public final byte[] a(byte[] bArr, Signature signature) {
        if (signature == null) {
            return null;
        }
        try {
            signature.update(bArr);
            return signature.sign();
        } catch (SignatureException e) {
            awuu.a(this.b, e);
            return null;
        }
    }

    public final bibg b() {
        String uuid = UUID.randomUUID().toString();
        String d = d();
        String valueOf = String.valueOf("GooglePaymentsUserAuthKey:");
        String valueOf2 = String.valueOf(uuid);
        ECPublicKey a = a("AndroidKeyStore", d, "secp256r1", valueOf2.length() == 0 ? new String(valueOf) : valueOf.concat(valueOf2));
        bsdp p = bibg.g.p();
        p.K();
        bibg bibgVar = (bibg) p.b;
        bibgVar.a |= 8;
        bibgVar.e = 1;
        p.K();
        bibg bibgVar2 = (bibg) p.b;
        if (uuid == null) {
            throw new NullPointerException();
        }
        bibgVar2.a |= 4;
        bibgVar2.d = uuid;
        p.K();
        bibg bibgVar3 = (bibg) p.b;
        bibgVar3.a |= 2;
        bibgVar3.c = 1;
        String encodeToString = Base64.encodeToString(avza.a(a.getW()), 2);
        p.K();
        bibg bibgVar4 = (bibg) p.b;
        if (encodeToString == null) {
            throw new NullPointerException();
        }
        bibgVar4.a |= 1;
        bibgVar4.b = encodeToString;
        try {
            Certificate[] certificateChain = e().getCertificateChain(d());
            if (certificateChain != null) {
                bsdp p2 = bibf.b.p();
                for (Certificate certificate : certificateChain) {
                    bsbt a2 = bsbt.a(certificate.getEncoded());
                    p2.K();
                    bibf bibfVar = (bibf) p2.b;
                    if (a2 == null) {
                        throw new NullPointerException();
                    }
                    if (!bibfVar.a.a()) {
                        bibfVar.a = bsdm.a(bibfVar.a);
                    }
                    bibfVar.a.add(a2);
                }
                p.K();
                bibg bibgVar5 = (bibg) p.b;
                bibgVar5.f = (bibf) ((bsdm) p2.O());
                bibgVar5.a |= 16;
            }
            return (bibg) ((bsdm) p.O());
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    public final void c() {
        try {
            KeyStore e = e();
            if (e.containsAlias(d())) {
                e.deleteEntry(d());
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            awuu.a(this.b, e2);
        }
    }
}
