package android.security.keystore2;

import android.os.SystemProperties;
import android.security.KeyStore2;
import android.security.KeyStoreException;
import android.security.KeyStoreSecurityLevel;
import android.security.keymaster.KeymasterDefs;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.KeyProperties;
import android.security.keystore.KeyStoreCryptoOperation;
import android.system.keystore2.Authorization;
import android.system.keystore2.KeyDescriptor;
import android.system.keystore2.KeyEntryResponse;
import android.system.keystore2.KeyMetadata;
import com.android.SdkConstants;
import java.security.Key;
import java.security.KeyPair;
import java.security.Provider;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;

/* loaded from: input_file:android/security/keystore2/AndroidKeyStoreProvider.class */
public class AndroidKeyStoreProvider extends Provider {
    private static final String PROVIDER_NAME = "AndroidKeyStore";
    private static final String PACKAGE_NAME = "android.security.keystore2";
    private static final String DESEDE_SYSTEM_PROPERTY = "ro.hardware.keystore_desede";
    private static final String ED25519_OID = "1.3.101.112";
    private static final String X25519_ALIAS = "XDH";

    public AndroidKeyStoreProvider() {
        super("AndroidKeyStore", 1.0d, "Android KeyStore security provider");
        boolean equals = SdkConstants.VALUE_TRUE.equals(SystemProperties.get(DESEDE_SYSTEM_PROPERTY));
        put("KeyStore.AndroidKeyStore", "android.security.keystore2.AndroidKeyStoreSpi");
        put("KeyPairGenerator.EC", "android.security.keystore2.AndroidKeyStoreKeyPairGeneratorSpi$EC");
        put("KeyPairGenerator.RSA", "android.security.keystore2.AndroidKeyStoreKeyPairGeneratorSpi$RSA");
        put("KeyPairGenerator.XDH", "android.security.keystore2.AndroidKeyStoreKeyPairGeneratorSpi$XDH");
        putKeyFactoryImpl(KeyProperties.KEY_ALGORITHM_EC);
        putKeyFactoryImpl(KeyProperties.KEY_ALGORITHM_RSA);
        putKeyFactoryImpl("XDH");
        put("KeyGenerator.AES", "android.security.keystore2.AndroidKeyStoreKeyGeneratorSpi$AES");
        put("KeyGenerator.HmacSHA1", "android.security.keystore2.AndroidKeyStoreKeyGeneratorSpi$HmacSHA1");
        put("KeyGenerator.HmacSHA224", "android.security.keystore2.AndroidKeyStoreKeyGeneratorSpi$HmacSHA224");
        put("KeyGenerator.HmacSHA256", "android.security.keystore2.AndroidKeyStoreKeyGeneratorSpi$HmacSHA256");
        put("KeyGenerator.HmacSHA384", "android.security.keystore2.AndroidKeyStoreKeyGeneratorSpi$HmacSHA384");
        put("KeyGenerator.HmacSHA512", "android.security.keystore2.AndroidKeyStoreKeyGeneratorSpi$HmacSHA512");
        if (equals) {
            put("KeyGenerator.DESede", "android.security.keystore2.AndroidKeyStoreKeyGeneratorSpi$DESede");
        }
        put("KeyAgreement.ECDH", "android.security.keystore2.AndroidKeyStoreKeyAgreementSpi$ECDH");
        put("KeyAgreement.XDH", "android.security.keystore2.AndroidKeyStoreKeyAgreementSpi$XDH");
        putSecretKeyFactoryImpl(KeyProperties.KEY_ALGORITHM_AES);
        if (equals) {
            putSecretKeyFactoryImpl(KeyProperties.KEY_ALGORITHM_3DES);
        }
        putSecretKeyFactoryImpl(KeyProperties.KEY_ALGORITHM_HMAC_SHA1);
        putSecretKeyFactoryImpl(KeyProperties.KEY_ALGORITHM_HMAC_SHA224);
        putSecretKeyFactoryImpl(KeyProperties.KEY_ALGORITHM_HMAC_SHA256);
        putSecretKeyFactoryImpl(KeyProperties.KEY_ALGORITHM_HMAC_SHA384);
        putSecretKeyFactoryImpl(KeyProperties.KEY_ALGORITHM_HMAC_SHA512);
    }

    public static void install() {
        Provider[] providers = Security.getProviders();
        int i = -1;
        int i2 = 0;
        while (true) {
            if (i2 >= providers.length) {
                break;
            }
            if ("BC".equals(providers[i2].getName())) {
                i = i2;
                break;
            }
            i2++;
        }
        Security.addProvider(new AndroidKeyStoreProvider());
        AndroidKeyStoreBCWorkaroundProvider androidKeyStoreBCWorkaroundProvider = new AndroidKeyStoreBCWorkaroundProvider();
        if (i != -1) {
            Security.insertProviderAt(androidKeyStoreBCWorkaroundProvider, i + 1);
        } else {
            Security.addProvider(androidKeyStoreBCWorkaroundProvider);
        }
    }

    private void putSecretKeyFactoryImpl(String str) {
        put("SecretKeyFactory." + str, "android.security.keystore2.AndroidKeyStoreSecretKeyFactorySpi");
    }

    private void putKeyFactoryImpl(String str) {
        put("KeyFactory." + str, "android.security.keystore2.AndroidKeyStoreKeyFactorySpi");
    }

    public static long getKeyStoreOperationHandle(Object obj) {
        Object currentSpi;
        if (obj == null) {
            throw new NullPointerException();
        }
        if (obj instanceof Signature) {
            currentSpi = ((Signature) obj).getCurrentSpi();
        } else if (obj instanceof Mac) {
            currentSpi = ((Mac) obj).getCurrentSpi();
        } else {
            if (!(obj instanceof Cipher)) {
                throw new IllegalArgumentException("Unsupported crypto primitive: " + obj + ". Supported: Signature, Mac, Cipher");
            }
            currentSpi = ((Cipher) obj).getCurrentSpi();
        }
        if (currentSpi == null) {
            throw new IllegalStateException("Crypto primitive not initialized");
        }
        if (currentSpi instanceof KeyStoreCryptoOperation) {
            return ((KeyStoreCryptoOperation) currentSpi).getOperationHandle();
        }
        throw new IllegalArgumentException("Crypto primitive not backed by AndroidKeyStore provider: " + obj + ", spi: " + currentSpi);
    }

    static AndroidKeyStorePublicKey makeAndroidKeyStorePublicKeyFromKeyEntryResponse(KeyDescriptor keyDescriptor, KeyMetadata keyMetadata, KeyStoreSecurityLevel keyStoreSecurityLevel, int i) throws UnrecoverableKeyException {
        if (keyMetadata.certificate == null) {
            throw new UnrecoverableKeyException("Failed to obtain X.509 form of public key. Keystore has no public certificate stored.");
        }
        X509Certificate certificate = AndroidKeyStoreSpi.toCertificate(keyMetadata.certificate);
        if (certificate == null) {
            throw new UnrecoverableKeyException("Failed to parse the X.509 certificate containing the public key. This likely indicates a hardware problem.");
        }
        PublicKey publicKey = certificate.getPublicKey();
        String algorithm = publicKey.getAlgorithm();
        if (KeyProperties.KEY_ALGORITHM_EC.equalsIgnoreCase(algorithm)) {
            return new AndroidKeyStoreECPublicKey(keyDescriptor, keyMetadata, keyStoreSecurityLevel, (ECPublicKey) publicKey);
        }
        if (KeyProperties.KEY_ALGORITHM_RSA.equalsIgnoreCase(algorithm)) {
            return new AndroidKeyStoreRSAPublicKey(keyDescriptor, keyMetadata, keyStoreSecurityLevel, (RSAPublicKey) publicKey);
        }
        if (ED25519_OID.equalsIgnoreCase(algorithm)) {
            return new AndroidKeyStoreEdECPublicKey(keyDescriptor, keyMetadata, ED25519_OID, keyStoreSecurityLevel, publicKey.getEncoded());
        }
        if ("XDH".equalsIgnoreCase(algorithm)) {
            return new AndroidKeyStoreXDHPublicKey(keyDescriptor, keyMetadata, "XDH", keyStoreSecurityLevel, publicKey.getEncoded());
        }
        throw new ProviderException("Unsupported Android Keystore public key algorithm: " + algorithm);
    }

    public static AndroidKeyStorePublicKey loadAndroidKeyStorePublicKeyFromKeystore(KeyStore2 keyStore2, String str, int i) throws UnrecoverableKeyException, KeyPermanentlyInvalidatedException {
        AndroidKeyStoreKey loadAndroidKeyStoreKeyFromKeystore = loadAndroidKeyStoreKeyFromKeystore(keyStore2, str, i);
        if (loadAndroidKeyStoreKeyFromKeystore instanceof AndroidKeyStorePublicKey) {
            return (AndroidKeyStorePublicKey) loadAndroidKeyStoreKeyFromKeystore;
        }
        throw new UnrecoverableKeyException("No asymmetric key found by the given alias.");
    }

    public static KeyPair loadAndroidKeyStoreKeyPairFromKeystore(KeyStore2 keyStore2, KeyDescriptor keyDescriptor) throws UnrecoverableKeyException, KeyPermanentlyInvalidatedException {
        AndroidKeyStoreKey loadAndroidKeyStoreKeyFromKeystore = loadAndroidKeyStoreKeyFromKeystore(keyStore2, keyDescriptor);
        if (!(loadAndroidKeyStoreKeyFromKeystore instanceof AndroidKeyStorePublicKey)) {
            throw new UnrecoverableKeyException("No asymmetric key found by the given alias.");
        }
        AndroidKeyStorePublicKey androidKeyStorePublicKey = (AndroidKeyStorePublicKey) loadAndroidKeyStoreKeyFromKeystore;
        return new KeyPair(androidKeyStorePublicKey, androidKeyStorePublicKey.getPrivateKey());
    }

    public static AndroidKeyStorePrivateKey loadAndroidKeyStorePrivateKeyFromKeystore(KeyStore2 keyStore2, String str, int i) throws UnrecoverableKeyException, KeyPermanentlyInvalidatedException {
        AndroidKeyStoreKey loadAndroidKeyStoreKeyFromKeystore = loadAndroidKeyStoreKeyFromKeystore(keyStore2, str, i);
        if (loadAndroidKeyStoreKeyFromKeystore instanceof AndroidKeyStorePublicKey) {
            return ((AndroidKeyStorePublicKey) loadAndroidKeyStoreKeyFromKeystore).getPrivateKey();
        }
        throw new UnrecoverableKeyException("No asymmetric key found by the given alias.");
    }

    public static SecretKey loadAndroidKeyStoreSecretKeyFromKeystore(KeyStore2 keyStore2, KeyDescriptor keyDescriptor) throws UnrecoverableKeyException, KeyPermanentlyInvalidatedException {
        Key loadAndroidKeyStoreKeyFromKeystore = loadAndroidKeyStoreKeyFromKeystore(keyStore2, keyDescriptor);
        if (loadAndroidKeyStoreKeyFromKeystore instanceof SecretKey) {
            return (SecretKey) loadAndroidKeyStoreKeyFromKeystore;
        }
        throw new UnrecoverableKeyException("No secret key found by the given alias.");
    }

    private static AndroidKeyStoreSecretKey makeAndroidKeyStoreSecretKeyFromKeyEntryResponse(KeyDescriptor keyDescriptor, KeyEntryResponse keyEntryResponse, int i, int i2) throws UnrecoverableKeyException {
        try {
            return new AndroidKeyStoreSecretKey(keyDescriptor, keyEntryResponse.metadata, KeyProperties.KeyAlgorithm.fromKeymasterSecretKeyAlgorithm(i, i2), new KeyStoreSecurityLevel(keyEntryResponse.iSecurityLevel));
        } catch (IllegalArgumentException e) {
            throw ((UnrecoverableKeyException) new UnrecoverableKeyException("Unsupported secret key type").initCause(e));
        }
    }

    public static AndroidKeyStoreKey loadAndroidKeyStoreKeyFromKeystore(KeyStore2 keyStore2, String str, int i) throws UnrecoverableKeyException, KeyPermanentlyInvalidatedException {
        KeyDescriptor keyDescriptor = new KeyDescriptor();
        if (i == -1) {
            keyDescriptor.nspace = -1L;
            keyDescriptor.domain = 0;
        } else {
            keyDescriptor.nspace = i;
            keyDescriptor.domain = 2;
        }
        keyDescriptor.alias = str;
        keyDescriptor.blob = null;
        AndroidKeyStoreKey loadAndroidKeyStoreKeyFromKeystore = loadAndroidKeyStoreKeyFromKeystore(keyStore2, keyDescriptor);
        return loadAndroidKeyStoreKeyFromKeystore instanceof AndroidKeyStorePublicKey ? ((AndroidKeyStorePublicKey) loadAndroidKeyStoreKeyFromKeystore).getPrivateKey() : loadAndroidKeyStoreKeyFromKeystore;
    }

    private static AndroidKeyStoreKey loadAndroidKeyStoreKeyFromKeystore(KeyStore2 keyStore2, KeyDescriptor keyDescriptor) throws UnrecoverableKeyException, KeyPermanentlyInvalidatedException {
        try {
            KeyEntryResponse keyEntry = keyStore2.getKeyEntry(keyDescriptor);
            if (keyEntry.iSecurityLevel == null) {
                return null;
            }
            Integer num = null;
            int i = -1;
            for (Authorization authorization : keyEntry.metadata.authorizations) {
                switch (authorization.keyParameter.tag) {
                    case KeymasterDefs.KM_TAG_ALGORITHM /* 268435458 */:
                        num = Integer.valueOf(authorization.keyParameter.value.getAlgorithm());
                        break;
                    case KeymasterDefs.KM_TAG_DIGEST /* 536870917 */:
                        if (i == -1) {
                            i = authorization.keyParameter.value.getDigest();
                            break;
                        } else {
                            break;
                        }
                }
            }
            if (num == null) {
                throw new UnrecoverableKeyException("Key algorithm unknown");
            }
            if (num.intValue() == 128 || num.intValue() == 32 || num.intValue() == 33) {
                return makeAndroidKeyStoreSecretKeyFromKeyEntryResponse(keyDescriptor, keyEntry, num.intValue(), i);
            }
            if (num.intValue() == 1 || num.intValue() == 3) {
                return makeAndroidKeyStorePublicKeyFromKeyEntryResponse(keyDescriptor, keyEntry.metadata, new KeyStoreSecurityLevel(keyEntry.iSecurityLevel), num.intValue());
            }
            throw new UnrecoverableKeyException("Key algorithm unknown");
        } catch (KeyStoreException e) {
            switch (e.getErrorCode()) {
                case 7:
                    return null;
                case 17:
                    throw new KeyPermanentlyInvalidatedException("User changed or deleted their auth credentials", e);
                default:
                    throw ((UnrecoverableKeyException) new UnrecoverableKeyException("Failed to obtain information about key").initCause(e));
            }
        }
    }
}
