package com.android.identity.android.securearea;

import android.security.keystore.KeyInfo;
import androidx.biometric.BiometricPrompt;
import com.android.identity.crypto.Algorithm;
import com.android.identity.securearea.KeyUnlockData;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.spec.InvalidKeySpecException;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: AndroidKeystoreKeyUnlockData.kt */
@Metadata(d1 = {"\u0000*\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0005\u0018\u00002\u00020\u0001B\u000f\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0004\b\u0004\u0010\u0005J\u0010\u0010\u0016\u001a\u0004\u0018\u00010\u00152\u0006\u0010\u000e\u001a\u00020\u000fR\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n\u0000\u001a\u0004\b\u0006\u0010\u0007R\u001c\u0010\b\u001a\u0004\u0018\u00010\tX\u0080\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\n\u0010\u000b\"\u0004\b\f\u0010\rR\u001c\u0010\u000e\u001a\u0004\u0018\u00010\u000fX\u0080\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u0010\u0010\u0011\"\u0004\b\u0012\u0010\u0013R\u0010\u0010\u0014\u001a\u0004\u0018\u00010\u0015X\u0082\u000e¢\u0006\u0002\n\u0000R\u0013\u0010\u0017\u001a\u0004\u0018\u00010\u00158F¢\u0006\u0006\u001a\u0004\b\u0018\u0010\u0019¨\u0006\u001a"}, d2 = {"Lcom/android/identity/android/securearea/AndroidKeystoreKeyUnlockData;", "Lcom/android/identity/securearea/KeyUnlockData;", "alias", "", "<init>", "(Ljava/lang/String;)V", "getAlias", "()Ljava/lang/String;", "signature", "Ljava/security/Signature;", "getSignature$identity_android_release", "()Ljava/security/Signature;", "setSignature$identity_android_release", "(Ljava/security/Signature;)V", "signatureAlgorithm", "Lcom/android/identity/crypto/Algorithm;", "getSignatureAlgorithm$identity_android_release", "()Lcom/android/identity/crypto/Algorithm;", "setSignatureAlgorithm$identity_android_release", "(Lcom/android/identity/crypto/Algorithm;)V", "cryptoObjectForSigning", "Landroidx/biometric/BiometricPrompt$CryptoObject;", "getCryptoObjectForSigning", "cryptoObjectForKeyAgreement", "getCryptoObjectForKeyAgreement", "()Landroidx/biometric/BiometricPrompt$CryptoObject;", "identity-android_release"}, k = 1, mv = {2, 0, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class AndroidKeystoreKeyUnlockData implements KeyUnlockData {
    private final String alias;
    private BiometricPrompt.CryptoObject cryptoObjectForSigning;
    private Signature signature;
    private Algorithm signatureAlgorithm;

    public AndroidKeystoreKeyUnlockData(String alias) {
        Intrinsics.checkNotNullParameter(alias, "alias");
        this.alias = alias;
    }

    public final String getAlias() {
        return this.alias;
    }

    public final BiometricPrompt.CryptoObject getCryptoObjectForKeyAgreement() {
        BiometricPrompt.CryptoObject cryptoObject = this.cryptoObjectForSigning;
        if (cryptoObject != null) {
            return cryptoObject;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(this.alias, null);
            if (entry == null) {
                throw new IllegalArgumentException("No entry for alias");
            }
            PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
            try {
                if (((KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(privateKey, KeyInfo.class)).getUserAuthenticationValidityDurationSeconds() > 0) {
                    return null;
                }
                throw new IllegalStateException("ECDH for keys with timeout 0 is not currently supported");
            } catch (InvalidKeySpecException e) {
                throw new IllegalStateException("Given key is not an Android Keystore key", e);
            }
        } catch (Exception e2) {
            throw new IllegalStateException(e2);
        }
    }

    public final BiometricPrompt.CryptoObject getCryptoObjectForSigning(Algorithm signatureAlgorithm) {
        Intrinsics.checkNotNullParameter(signatureAlgorithm, "signatureAlgorithm");
        BiometricPrompt.CryptoObject cryptoObject = this.cryptoObjectForSigning;
        if (cryptoObject != null) {
            return cryptoObject;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(this.alias, null);
            if (entry == null) {
                throw new IllegalArgumentException("No entry for alias");
            }
            PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
            try {
                if (((KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(privateKey, KeyInfo.class)).getUserAuthenticationValidityDurationSeconds() > 0) {
                    return null;
                }
                Signature signature = Signature.getInstance(AndroidKeystoreSecureArea.INSTANCE.getSignatureAlgorithmName$identity_android_release(signatureAlgorithm));
                this.signature = signature;
                Intrinsics.checkNotNull(signature);
                signature.initSign(privateKey);
                Signature signature2 = this.signature;
                Intrinsics.checkNotNull(signature2);
                BiometricPrompt.CryptoObject cryptoObject2 = new BiometricPrompt.CryptoObject(signature2);
                this.cryptoObjectForSigning = cryptoObject2;
                this.signatureAlgorithm = signatureAlgorithm;
                return cryptoObject2;
            } catch (InvalidKeySpecException e) {
                throw new IllegalStateException("Given key is not an Android Keystore key", e);
            }
        } catch (Exception e2) {
            throw new IllegalStateException(e2);
        }
    }

    /* renamed from: getSignature$identity_android_release, reason: from getter */
    public final Signature getSignature() {
        return this.signature;
    }

    /* renamed from: getSignatureAlgorithm$identity_android_release, reason: from getter */
    public final Algorithm getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    public final void setSignature$identity_android_release(Signature signature) {
        this.signature = signature;
    }

    public final void setSignatureAlgorithm$identity_android_release(Algorithm algorithm) {
        this.signatureAlgorithm = algorithm;
    }
}
