package com.google.commerce.tapandpay.android.security.securekeyimport;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.support.v4.os.BuildCompat;
import android.text.TextUtils;
import com.google.android.libraries.performance.primes.NoPiiString;
import com.google.android.libraries.performance.primes.TimerEvent;
import com.google.commerce.tapandpay.android.clearcut.ClearcutEventLogger;
import com.google.commerce.tapandpay.android.infrastructure.async.QualifierAnnotations;
import com.google.commerce.tapandpay.android.logging.CLog;
import com.google.commerce.tapandpay.android.phenotype.api.QualifierAnnotations;
import com.google.commerce.tapandpay.android.primes.PrimesWrapper;
import com.google.commerce.tapandpay.android.security.securekeyimport.Importer;
import com.google.commerce.tapandpay.android.serverlog.SLog;
import com.google.common.base.Ascii;
import com.google.internal.tapandpay.v1.TransitProto$SecureKeyImportParameters;
import com.google.internal.tapandpay.v1.TransitProto$X509Certificate;
import com.google.logs.tapandpay.android.Tp2AppLogEventProto$SecureKeyImportEvent;
import com.google.logs.tapandpay.android.Tp2AppLogEventProto$Tp2AppLogEvent;
import com.google.protobuf.AbstractMessageLite;
import com.google.protobuf.GeneratedMessageLite;
import com.google.wallet.tapandpay.common.api.transit.CommonTransitProto$TransitAgency;
import java.io.StringWriter;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Locale;
import java.util.concurrent.ExecutorService;
import javax.inject.Inject;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;

/* loaded from: classes.dex */
public class SecureKeyImportManager {
    private final ClearcutEventLogger clearcutEventLogger;
    private final Importer importer;
    private final boolean transitStrongboxWrappingKeyEnabled;

    @Inject
    public SecureKeyImportManager(PrimesWrapper primesWrapper, Importer importer, @QualifierAnnotations.SingleThreadExecutorService ExecutorService executorService, @QualifierAnnotations.KeystoreSecureKeyImportPerformanceMeasurementEnabled boolean z, AndroidKeyStoreProvider androidKeyStoreProvider, SecureKeyWrappingServer secureKeyWrappingServer, ClearcutEventLogger clearcutEventLogger, @QualifierAnnotations.TransitStrongboxWrappingKeyEnabled boolean z2) {
        this.importer = importer;
        this.clearcutEventLogger = clearcutEventLogger;
        this.transitStrongboxWrappingKeyEnabled = z2;
    }

    public static final void deleteKeyFromAndroidKeystore$ar$ds(String str) {
        try {
            KeyStore loadAndroidKeyStore$ar$ds = AndroidKeyStoreProvider.loadAndroidKeyStore$ar$ds();
            if (loadAndroidKeyStore$ar$ds.containsAlias(str)) {
                loadAndroidKeyStore$ar$ds.deleteEntry(str);
            }
        } catch (Exception e) {
            SLog.logWithoutAccount("SecureKeyImportManager", "Unexpected exception happened when getting key from keystore", e);
        }
    }

    public static String getImportKeyAlias(long j) {
        return String.format(Locale.ENGLISH, "gpay_transit_secure_import_key_alias_%s", Long.toString(j));
    }

    public static String getImportKeyAlias(String str) {
        return String.format(Locale.ENGLISH, "gpay_transit_secure_import_key_alias_%s", str);
    }

    public static String getKeyAlias(long j) {
        return String.format(Locale.ENGLISH, "gpay_transit_secure_key_alias_%d", Long.valueOf(j));
    }

    public static final Key getKeyFromAndroidKeystore$ar$ds(String str) {
        try {
            return AndroidKeyStoreProvider.loadAndroidKeyStore$ar$ds().getKey(str, null);
        } catch (Exception e) {
            SLog.logWithoutAccount("SecureKeyImportManager", "Unexpected exception happened when getting key from keystore", e);
            return null;
        }
    }

    public static final TransitProto$SecureKeyImportParameters getSecureKeyImportParametersWithGeneratedKey$ar$ds(byte[] bArr, String str) {
        PublicKey publicKey;
        JcaPEMWriter jcaPEMWriter;
        try {
            KeyStore loadAndroidKeyStore$ar$ds = AndroidKeyStoreProvider.loadAndroidKeyStore$ar$ds();
            if (loadAndroidKeyStore$ar$ds.containsAlias(str)) {
                CLog.w("Importer", "Tried to generate an import key when one already exists. Reusing existing key...");
                publicKey = loadAndroidKeyStore$ar$ds.getCertificate(str).getPublicKey();
            } else {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 32).setDigests("SHA-512", "SHA-1").setEncryptionPaddings("OAEPPadding").setBlockModes("ECB").setAttestationChallenge(bArr).setIsStrongBoxBacked(true).build());
                publicKey = keyPairGenerator.generateKeyPair().getPublic();
            }
            Certificate[] certificateChain = AndroidKeyStoreProvider.loadAndroidKeyStore$ar$ds().getCertificateChain(str);
            ArrayList arrayList = new ArrayList();
            for (Certificate certificate : certificateChain) {
                TransitProto$X509Certificate.Builder createBuilder = TransitProto$X509Certificate.DEFAULT_INSTANCE.createBuilder();
                StringWriter stringWriter = new StringWriter();
                jcaPEMWriter = new JcaPEMWriter(stringWriter);
                try {
                    jcaPEMWriter.writeObject(certificate);
                    jcaPEMWriter.close();
                    String stringWriter2 = stringWriter.toString();
                    if (createBuilder.isBuilt) {
                        createBuilder.copyOnWriteInternal();
                        createBuilder.isBuilt = false;
                    }
                    TransitProto$X509Certificate transitProto$X509Certificate = (TransitProto$X509Certificate) createBuilder.instance;
                    stringWriter2.getClass();
                    transitProto$X509Certificate.certificate_ = stringWriter2;
                    arrayList.add(createBuilder.build());
                } finally {
                }
            }
            TransitProto$SecureKeyImportParameters.Builder createBuilder2 = TransitProto$SecureKeyImportParameters.DEFAULT_INSTANCE.createBuilder();
            StringWriter stringWriter3 = new StringWriter();
            jcaPEMWriter = new JcaPEMWriter(stringWriter3);
            try {
                jcaPEMWriter.writeObject(publicKey);
                jcaPEMWriter.close();
                String stringWriter4 = stringWriter3.toString();
                if (createBuilder2.isBuilt) {
                    createBuilder2.copyOnWriteInternal();
                    createBuilder2.isBuilt = false;
                }
                TransitProto$SecureKeyImportParameters transitProto$SecureKeyImportParameters = (TransitProto$SecureKeyImportParameters) createBuilder2.instance;
                stringWriter4.getClass();
                transitProto$SecureKeyImportParameters.wrappingPublicKey_ = stringWriter4;
                if (!transitProto$SecureKeyImportParameters.keystoreCertificates_.isModifiable()) {
                    transitProto$SecureKeyImportParameters.keystoreCertificates_ = GeneratedMessageLite.mutableCopy(transitProto$SecureKeyImportParameters.keystoreCertificates_);
                }
                AbstractMessageLite.Builder.addAll(arrayList, transitProto$SecureKeyImportParameters.keystoreCertificates_);
                return createBuilder2.build();
            } finally {
            }
        } catch (Exception e) {
            SLog.logWithoutAccount("SecureKeyImportManager", "Unexpected exception happened when generating Strongbox import keys", e);
            return null;
        }
    }

    public final void importSecretKey$ar$ds(byte[] bArr, String str, String str2, String str3, NoPiiString noPiiString) {
        try {
            TimerEvent startTimer$ar$ds$98cd3c3a_0 = PrimesWrapper.startTimer$ar$ds$98cd3c3a_0();
            Importer.importWrappedKey$ar$ds(bArr, str2, str3);
            PrimesWrapper.stopTimer$ar$ds$6dfa26f8_0(startTimer$ar$ds$98cd3c3a_0, noPiiString);
        } catch (Importer.SecureKeyImportException e) {
            Tp2AppLogEventProto$SecureKeyImportEvent.SecureKeyType secureKeyType = !str.equals("AES") ? Tp2AppLogEventProto$SecureKeyImportEvent.SecureKeyType.TRIPE_DES : Tp2AppLogEventProto$SecureKeyImportEvent.SecureKeyType.AES;
            Tp2AppLogEventProto$SecureKeyImportEvent.ImportEventStatus importEventStatus = Tp2AppLogEventProto$SecureKeyImportEvent.ImportEventStatus.FAIL_ON_IMPORT;
            StringBuilder sb = new StringBuilder(70);
            sb.append("Unexpected exception happened when importing; isStrongboxBacked: true");
            String sb2 = sb.toString();
            Tp2AppLogEventProto$SecureKeyImportEvent.Builder createBuilder = Tp2AppLogEventProto$SecureKeyImportEvent.DEFAULT_INSTANCE.createBuilder();
            if (createBuilder.isBuilt) {
                createBuilder.copyOnWriteInternal();
                createBuilder.isBuilt = false;
            }
            ((Tp2AppLogEventProto$SecureKeyImportEvent) createBuilder.instance).secureKeyType_ = secureKeyType.getNumber();
            Tp2AppLogEventProto$SecureKeyImportEvent.SecureStorageType secureStorageType = Tp2AppLogEventProto$SecureKeyImportEvent.SecureStorageType.STRONGBOX;
            if (createBuilder.isBuilt) {
                createBuilder.copyOnWriteInternal();
                createBuilder.isBuilt = false;
            }
            ((Tp2AppLogEventProto$SecureKeyImportEvent) createBuilder.instance).secureStorageType_ = secureStorageType.getNumber();
            if (createBuilder.isBuilt) {
                createBuilder.copyOnWriteInternal();
                createBuilder.isBuilt = false;
            }
            ((Tp2AppLogEventProto$SecureKeyImportEvent) createBuilder.instance).importEventStatus_ = importEventStatus.getNumber();
            Tp2AppLogEventProto$SecureKeyImportEvent build = createBuilder.build();
            ClearcutEventLogger clearcutEventLogger = this.clearcutEventLogger;
            Tp2AppLogEventProto$Tp2AppLogEvent.Builder createBuilder2 = Tp2AppLogEventProto$Tp2AppLogEvent.DEFAULT_INSTANCE.createBuilder();
            if (createBuilder2.isBuilt) {
                createBuilder2.copyOnWriteInternal();
                createBuilder2.isBuilt = false;
            }
            Tp2AppLogEventProto$Tp2AppLogEvent tp2AppLogEventProto$Tp2AppLogEvent = (Tp2AppLogEventProto$Tp2AppLogEvent) createBuilder2.instance;
            build.getClass();
            tp2AppLogEventProto$Tp2AppLogEvent.secureKeyImportEvent_ = build;
            clearcutEventLogger.logAsync(createBuilder2.build());
            if (!TextUtils.isEmpty(sb2)) {
                SLog.logWithoutAccount("SecureKeyImportManager", sb2, e);
            }
            throw e;
        }
    }

    public final boolean shouldDoSecureKeyImport(Context context, CommonTransitProto$TransitAgency.Name name) {
        return name.equals(CommonTransitProto$TransitAgency.Name.NAME_LAS_VEGAS_MONORAIL) && this.transitStrongboxWrappingKeyEnabled && BuildCompat.isAtLeastP() && context.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore");
    }

    public final boolean shouldDoSecureKeyImport(Context context, String str) {
        return !TextUtils.isEmpty(str) && Ascii.equalsIgnoreCase(str, "A00000039656434103F1216000000000") && shouldDoSecureKeyImport(context, CommonTransitProto$TransitAgency.Name.NAME_LAS_VEGAS_MONORAIL);
    }
}
