package com.alibaba.auth.core.crypto;

import android.hardware.fingerprint.FingerprintManager;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Log;
import com.alibaba.auth.core.AppGlobal;
import com.alibaba.auth.core.util.SharePrefHelper;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;

/* loaded from: classes.dex */
public class AuthKeyStoreM extends AuthKeyStore {
    public static final String KEY_PRE = "com.alibaba.auth.client.keystore.key_";
    public static final int KEY_TIMEOUT_SECS = 60;
    public static final String TAG = "AuthKeyStoreM";
    public FingerprintManager fingerprintManager;

    public AuthKeyStoreM(FingerprintManager fingerprintManager) {
        this.fingerprintManager = fingerprintManager;
    }

    private KeyStore getAndroidKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore;
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.alibaba.auth.core.crypto.AuthKeyStore
    public KeyPair generateKeyPair(String str) {
        Log.d(TAG, "generateKeyPair");
        try {
            SharePrefHelper.putString(AppGlobal.getContext(), SharePrefHelper.PREF_USERNAME, str);
            String keyId = KeySpec.getKeyId(str);
            Log.d(TAG, "keyId = " + keyId);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            KeyGenParameterSpec.Builder userAuthenticationRequired = new KeyGenParameterSpec.Builder(keyId, 4).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setDigests("SHA-256", "SHA-384", "SHA-512").setUserAuthenticationRequired(true);
            if (!isFingerprintAuthAvailable()) {
                userAuthenticationRequired = userAuthenticationRequired.setUserAuthenticationValidityDurationSeconds(60);
            }
            if (Build.VERSION.SDK_INT >= 24) {
                userAuthenticationRequired = userAuthenticationRequired.setAttestationChallenge(new byte[16]).setInvalidatedByBiometricEnrollment(false);
            }
            keyPairGenerator.initialize(userAuthenticationRequired.build());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Log.d(TAG, "Generated keypair : " + generateKeyPair);
            X509Certificate x509Certificate = (X509Certificate) getAndroidKeyStore().getCertificate(keyId);
            Log.d(TAG, "certificate: " + x509Certificate);
            return generateKeyPair;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.alibaba.auth.core.crypto.AuthKeyStore
    public X509Certificate getCertificate(String str) {
        try {
            return (X509Certificate) getAndroidKeyStore().getCertificate(KeySpec.getKeyId(str));
        } catch (KeyStoreException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.alibaba.auth.core.crypto.AuthKeyStore
    public KeyPair getKeyPair(String str) {
        try {
            return new KeyPair(getPublicKey(str), (PrivateKey) getAndroidKeyStore().getKey(KeySpec.getKeyId(str), null));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.alibaba.auth.core.crypto.AuthKeyStore
    public PublicKey getPublicKey(String str) {
        return getCertificate(str).getPublicKey();
    }

    public boolean isFingerprintAuthAvailable() {
        return this.fingerprintManager.isHardwareDetected() && this.fingerprintManager.hasEnrolledFingerprints();
    }
}
