package com.google.android.gms.tapandpay.keyguard;

import android.annotation.TargetApi;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Pair;
import com.google.android.gms.common.util.br;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;

@TargetApi(23)
/* loaded from: classes2.dex */
public final class a {
    public static SecretKey a(String str, boolean z, int i2) {
        SecretKey secretKey;
        if (!br.a(23)) {
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            try {
                secretKey = (SecretKey) keyStore.getKey(str, null);
            } catch (UnrecoverableKeyException e2) {
                secretKey = null;
            }
            if (secretKey == null) {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder(str, 1).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding");
                if (z) {
                    encryptionPaddings.setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(i2);
                }
                keyGenerator.init(encryptionPaddings.build());
                secretKey = keyGenerator.generateKey();
            }
            if (((KeyInfo) SecretKeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(secretKey, KeyInfo.class)).isInsideSecureHardware()) {
                return secretKey;
            }
            com.google.android.gms.tapandpay.j.a.a("KeyStoreKeyguardUtil", "KeyStore key exists but is not inside secure hardware");
            return null;
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException | InvalidKeySpecException e3) {
            com.google.android.gms.tapandpay.j.a.a("KeyStoreKeyguardUtil", "Unable to create key", e3);
            return null;
        }
    }

    public static boolean a() {
        try {
            b();
            return false;
        } catch (e e2) {
            return false;
        } catch (f e3) {
            return true;
        }
    }

    public static boolean b() {
        if (!br.a(23)) {
            return true;
        }
        try {
            Pair c2 = c();
            SecretKey secretKey = (SecretKey) c2.first;
            KeyInfo keyInfo = (KeyInfo) c2.second;
            if (secretKey == null || keyInfo == null) {
                throw new InvalidKeyException();
            }
            if (keyInfo.isInsideSecureHardware()) {
                Cipher.getInstance("AES/CBC/PKCS7Padding").init(1, secretKey);
                return true;
            }
            com.google.android.gms.tapandpay.j.a.a("KeyStoreKeyguardUtil", "KeyStore key security checked and not hardware backed");
            return false;
        } catch (KeyPermanentlyInvalidatedException e2) {
            throw new f();
        } catch (UserNotAuthenticatedException e3) {
            return false;
        } catch (InvalidKeyException e4) {
            throw new e();
        } catch (NoSuchAlgorithmException e5) {
            e = e5;
            com.google.android.gms.tapandpay.j.a.a("KeyStoreKeyguardUtil", "Error checking keyguard security on TEE", e);
            return false;
        } catch (NoSuchPaddingException e6) {
            e = e6;
            com.google.android.gms.tapandpay.j.a.a("KeyStoreKeyguardUtil", "Error checking keyguard security on TEE", e);
            return false;
        }
    }

    private static Pair c() {
        Pair pair;
        if (!br.a(23)) {
            return new Pair(null, null);
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            SecretKey secretKey = (SecretKey) keyStore.getKey("android_pay_keyguard_key", null);
            if (secretKey == null) {
                pair = new Pair(null, null);
            } else {
                KeyInfo keyInfo = (KeyInfo) SecretKeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(secretKey, KeyInfo.class);
                if (keyInfo.isInsideSecureHardware()) {
                    pair = new Pair(secretKey, keyInfo);
                } else {
                    com.google.android.gms.tapandpay.j.a.a("KeyStoreKeyguardUtil", "KeyStore key security checked and not hardware backed");
                    pair = new Pair(null, null);
                }
            }
            return pair;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableKeyException | CertificateException | InvalidKeySpecException e2) {
            com.google.android.gms.tapandpay.j.a.a("KeyStoreKeyguardUtil", "Unable to get keyguard key", e2);
            return new Pair(null, null);
        }
    }
}
