package com.ebay.mobile.connection.idsignin.pushtwofactor.util;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.VisibleForTesting;
import com.ebay.nautilus.domain.content.EbayPreferences;
import com.ebay.nautilus.domain.dagger.DomainComponent;
import com.ebay.nautilus.kernel.content.EbayContext;
import com.ebay.nautilus.kernel.crypto.EncryptUtil;
import com.ebay.nautilus.kernel.util.FwLog;
import io.fabric.sdk.android.services.common.CommonUtils;
import java.lang.ref.WeakReference;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.crypto.KeyGenerator;

/* loaded from: classes2.dex */
public class Push2faKeyStore implements KeyStoreSigner {
    private static final FwLog.LogInfo log = new FwLog.LogInfo("EbayPush2faOpParams", 3, "Push2faKeyStore");
    private byte[] attestationPrivateKey;
    private String keyId;
    private KeyPairGenerator keyPairGenerator;

    @VisibleForTesting
    EbayPreferences preferences;
    private String userKey;

    public Push2faKeyStore(@NonNull EbayContext ebayContext, String str) {
        this(ebayContext, str, false);
    }

    public Push2faKeyStore(@NonNull EbayContext ebayContext, String str, boolean z) {
        this.userKey = getUserKey(str);
        this.preferences = ((DomainComponent) ebayContext.as(DomainComponent.class)).getEbayPreferences();
        new WeakReference(ebayContext.getContext());
        this.keyId = this.preferences.getString(false, this.userKey, null);
        if (z && this.keyId == null) {
            this.keyId = generateUniqueKeyId();
            this.preferences.edit().putString(false, this.userKey, this.keyId).apply();
            generateKeyPair();
        }
    }

    private String generateUniqueKeyId() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256, SecureRandom.getInstance("SHA1PRNG"));
            return String.format("ebay-push2fa-keyid-%s", Base64.encodeToString(keyGenerator.generateKey().getEncoded(), 10));
        } catch (NoSuchAlgorithmException e) {
            FwLog.LogInfo logInfo = log;
            if (!logInfo.isLoggable) {
                return null;
            }
            logInfo.log("Error generating unique Key ID:", e);
            return null;
        }
    }

    private static String getUserKey(String str) {
        return "PREF_PUSH2FA_KEY_ID_PREFIX::" + EncryptUtil.oneWayHashSha256(str);
    }

    public static boolean hasKeyId(EbayContext ebayContext, String str) {
        return ((DomainComponent) ebayContext.as(DomainComponent.class)).getEbayPreferences().contains(false, getUserKey(str));
    }

    public void clear() {
        this.preferences.edit().remove(false, this.userKey).apply();
    }

    public void generateKeyPair() {
        try {
            this.keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            this.keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(this.keyId, 4).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setDigests(CommonUtils.SHA256_INSTANCE, "SHA-384", "SHA-512").build());
            this.keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException unused) {
        }
    }

    @Override // com.ebay.mobile.connection.idsignin.pushtwofactor.util.KeyStoreSigner
    public String getKeyId() {
        return this.keyId;
    }

    public byte[] getPrivateKey() {
        return new byte[0];
    }

    @Override // com.ebay.mobile.connection.idsignin.pushtwofactor.util.KeyStoreSigner
    public byte[] getPublicKey() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return keyStore.getCertificate(this.keyId).getPublicKey().getEncoded();
    }

    public byte[] getSignature(byte[] bArr, String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, null);
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(privateKey);
        signature.update(bArr);
        return signature.sign();
    }

    public void setAttestationPrivateKey(byte[] bArr) {
        this.attestationPrivateKey = bArr;
    }

    @Override // com.ebay.mobile.connection.idsignin.pushtwofactor.util.KeyStoreSigner
    public byte[] sign(byte[] bArr) throws Exception {
        return getSignature(bArr, getKeyId());
    }

    @Override // com.ebay.mobile.connection.idsignin.pushtwofactor.util.KeyStoreSigner
    public byte[] signWithAttestationKey(byte[] bArr) throws Exception {
        PrivateKey generatePrivate = KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(this.attestationPrivateKey));
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(generatePrivate);
        signature.update(bArr);
        return signature.sign();
    }
}
