package com.paypal.android.foundation.core.security;

import android.annotation.TargetApi;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.UserNotAuthenticatedException;
import android.support.annotation.NonNull;
import android.util.Base64;
import com.paypal.android.foundation.core.CommonContracts;
import com.paypal.android.foundation.core.log.DebugLogger;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.X509EncodedKeySpec;

/* loaded from: classes.dex */
public abstract class BaseSecureKeyWrapper implements SecureKeyWrapper {
    public static final String ALGORITHM = "EC";
    public static final String ANDROID_KEYSTORE = "AndroidKeyStore";
    public static final String EC_CURVE = "secp256r1";
    private static final DebugLogger L = DebugLogger.getLogger(BaseSecureKeyWrapper.class);
    public static final String PKI_ALGORITHM = "SHA256withECDSA";

    @NonNull
    private PublicKey getPublicKey(@NonNull String str) {
        CommonContracts.requireNonEmptyString(str);
        try {
            return KeyFactory.getInstance(ALGORITHM).generatePublic(new X509EncodedKeySpec(Base64.decode(str, 9)));
        } catch (Exception e) {
            e.printStackTrace();
            L.debug("exception in generating public key " + e.getMessage(), new Object[0]);
            return null;
        }
    }

    @NonNull
    @TargetApi(23)
    private byte[] signDataUsingSignatureObject(@NonNull Signature signature, @NonNull byte[] bArr) {
        CommonContracts.requireNonNull(signature);
        CommonContracts.requireNonNull(bArr);
        try {
            signature.update(bArr);
            return signature.sign();
        } catch (SignatureException e) {
            e.printStackTrace();
            L.error("signDataUsingSignatureObject : Exception in signDataUsingSignatureObject", e);
            throw new RuntimeException(e);
        }
    }

    @Override // com.paypal.android.foundation.core.security.SecureKeyWrapper
    public String base64AndUrlSafeEncodedStringFromBytes(@NonNull byte[] bArr) {
        String str = new String(Base64.encode(bArr, 11));
        L.debug("Base64+URL Safe String: " + str, new Object[0]);
        return str;
    }

    @NonNull
    @TargetApi(23)
    public PublicKey generatePublicKey(@NonNull String str, boolean z) {
        CommonContracts.requireNonNull(str);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM, ANDROID_KEYSTORE);
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 4).setAlgorithmParameterSpec(new ECGenParameterSpec(EC_CURVE)).setDigests("SHA-256").setUserAuthenticationRequired(z).build());
            return keyPairGenerator.generateKeyPair().getPublic();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            L.error("Exception in generateAsymmetricKeyPairAndGetPublicKey", e);
            throw new RuntimeException(e);
        }
    }

    @Override // com.paypal.android.foundation.core.security.SecureKeyWrapper
    @NonNull
    @TargetApi(23)
    public Signature generateSignature(@NonNull String str) {
        Signature signature;
        UserNotAuthenticatedException userNotAuthenticatedException;
        CommonContracts.requireNonEmptyString(str);
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
                keyStore.load(null);
                PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, null);
                Signature signature2 = Signature.getInstance(PKI_ALGORITHM);
                try {
                    signature2.initSign(privateKey);
                    return signature2;
                } catch (UserNotAuthenticatedException e) {
                    signature = signature2;
                    userNotAuthenticatedException = e;
                    L.debug("generateSignature : UserNotAuthenticatedException in generateSignature", userNotAuthenticatedException);
                    return signature;
                }
            } catch (UserNotAuthenticatedException e2) {
                signature = null;
                userNotAuthenticatedException = e2;
            }
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e3) {
            L.error("generateSignature : Exception in generateSignature", e3);
            throw new RuntimeException(e3);
        }
    }

    @Override // com.paypal.android.foundation.core.security.SecureKeyWrapper
    @NonNull
    public String signDataUsingSignatureObjectAndBase64Encode(@NonNull Signature signature, @NonNull String str) {
        CommonContracts.requireNonNull(signature);
        CommonContracts.requireNonNull(str);
        String base64AndUrlSafeEncodedStringFromBytes = base64AndUrlSafeEncodedStringFromBytes(signDataUsingSignatureObject(signature, str.getBytes()));
        L.debug("encoded Signature String: " + base64AndUrlSafeEncodedStringFromBytes, new Object[0]);
        return base64AndUrlSafeEncodedStringFromBytes;
    }

    @Override // com.paypal.android.foundation.core.security.SecureKeyWrapper
    @NonNull
    public boolean verifySignatureUsingPublicKey(@NonNull String str, @NonNull byte[] bArr, @NonNull String str2) {
        CommonContracts.requireNonNull(str);
        CommonContracts.requireNonNull(bArr);
        CommonContracts.requireNonNull(str2);
        try {
            Signature signature = Signature.getInstance(PKI_ALGORITHM);
            L.debug("s.getProvider(): " + signature.getProvider(), new Object[0]);
            signature.initVerify(getPublicKey(str));
            signature.update(bArr);
            boolean verify = signature.verify(Base64.decode(str2, 11));
            L.debug("isVerified: " + verify, new Object[0]);
            L.debug("signature verification result: " + verify, new Object[0]);
            return verify;
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            L.error("verifySignatureUsingPublicKey : Exception in verifySignatureUsingPublicKey", e);
            return false;
        }
    }
}
