package me.aflak.libraries;

import android.hardware.fingerprint.FingerprintManager;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.spec.ECGenParameterSpec;

/* loaded from: classes3.dex */
public class SignatureHelper {
    private final String keyName;
    private KeyStore keyStore;
    private Signature signature;
    private KeyPair signatureKey;
    private KeyPairGenerator signatureKeyGenerator;
    private final String provider = "AndroidKeyStore";
    private boolean keyStoreLoaded = false;
    private boolean signatureKeyGenCreated = false;
    private boolean signatureCreated = false;

    public SignatureHelper(String str) {
        this.keyName = str;
    }

    private void createSignature() {
        if (this.signatureCreated) {
            return;
        }
        try {
            this.signature = Signature.getInstance("SHA256withECDSA");
            this.signatureCreated = true;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Failed to get an instance of Signature", e);
        }
    }

    private void createSignatureKeyGenerator() {
        if (this.signatureKeyGenCreated) {
            return;
        }
        try {
            this.signatureKeyGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            this.signatureKeyGenerator.initialize(new KeyGenParameterSpec.Builder(this.keyName, 4).setDigests("SHA-256").setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setUserAuthenticationRequired(true).build());
            this.signatureKeyGenCreated = true;
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new RuntimeException("Failed to create key generator", e);
        }
    }

    private boolean hasKey() {
        try {
            Certificate certificate = this.keyStore.getCertificate(this.keyName);
            if (certificate == null) {
                return false;
            }
            this.signatureKey = new KeyPair(certificate.getPublicKey(), (PrivateKey) this.keyStore.getKey(this.keyName, null));
            return true;
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new RuntimeException("Failed to get key", e);
        } catch (UnrecoverableKeyException e2) {
            return false;
        }
    }

    private boolean initSigningSignature() {
        try {
            this.signature.initSign(this.signatureKey.getPrivate());
            return true;
        } catch (KeyPermanentlyInvalidatedException e) {
            return false;
        } catch (InvalidKeyException e2) {
            throw new RuntimeException("Failed to init Signature", e2);
        }
    }

    private boolean initVerifyingSignature() {
        try {
            this.signature.initVerify(this.signatureKey.getPublic());
            return true;
        } catch (KeyPermanentlyInvalidatedException e) {
            return false;
        } catch (InvalidKeyException e2) {
            throw new RuntimeException("Failed to init Signature", e2);
        }
    }

    private void loadKeyStore() {
        if (this.keyStoreLoaded) {
            return;
        }
        reloadKeyStore();
    }

    private void reloadKeyStore() {
        try {
            this.keyStore = KeyStore.getInstance("AndroidKeyStore");
            this.keyStore.load(null);
            this.keyStoreLoaded = true;
        } catch (Exception e) {
            throw new RuntimeException("Failed to get keystore", e);
        }
    }

    public void generateNewKey() {
        createSignatureKeyGenerator();
        this.signatureKey = this.signatureKeyGenerator.generateKeyPair();
        reloadKeyStore();
    }

    public FingerprintManager.CryptoObject getSigningCryptoObject() {
        loadKeyStore();
        if (!hasKey()) {
            generateNewKey();
        }
        createSignature();
        if (initSigningSignature()) {
            return new FingerprintManager.CryptoObject(this.signature);
        }
        return null;
    }

    public FingerprintManager.CryptoObject getVerifyingCryptoObject() {
        loadKeyStore();
        if (!hasKey()) {
            generateNewKey();
        }
        createSignature();
        if (initVerifyingSignature()) {
            return new FingerprintManager.CryptoObject(this.signature);
        }
        return null;
    }
}
