package com.paypal.android.foundation.core.security;

import android.annotation.TargetApi;
import android.security.keystore.KeyGenParameterSpec;
import android.support.annotation.NonNull;
import android.util.Base64;
import com.paypal.android.foundation.core.CommonContracts;
import com.paypal.android.foundation.core.log.DebugLogger;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;

/* loaded from: classes.dex */
public abstract class BaseSecureKeyWrapper implements SecureKeyWrapper {
    public static final String ANDROID_KEYSTORE = "AndroidKeyStore";
    private static final DebugLogger L = DebugLogger.getLogger(BaseSecureKeyWrapper.class);
    public static final String PKI_ALGORITHM = "SHA256withRSA/PSS";
    public static final String RSA_ALGORITHM = "RSA";

    @Override // com.paypal.android.foundation.core.security.SecureKeyWrapper
    public String base64AndUrlSafeEncodedStringFromBytes(@NonNull byte[] bArr) {
        String encodeToString = Base64.encodeToString(bArr, 9);
        L.debug("Base64+URL Safe String: " + encodeToString, new Object[0]);
        return encodeToString;
    }

    @NonNull
    @TargetApi(23)
    public PublicKey generatePublicKey(@NonNull String str) {
        CommonContracts.requireNonNull(str);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA_ALGORITHM, ANDROID_KEYSTORE);
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 12).setDigests("SHA-256", "SHA-512").setSignaturePaddings("PSS").setUserAuthenticationRequired(true).build());
            PublicKey publicKey = keyPairGenerator.generateKeyPair().getPublic();
            L.debug("publicKey: " + publicKey.toString(), new Object[0]);
            return publicKey;
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            L.error("Exception in generateAsymmetricKeyPairAndGetPublicKey", e);
            throw new RuntimeException(e);
        }
    }

    @Override // com.paypal.android.foundation.core.security.SecureKeyWrapper
    @NonNull
    public String signDataUsingPrivateKey(@NonNull String str, @NonNull String str2) {
        CommonContracts.requireNonEmptyString(str);
        CommonContracts.requireNonNull(str2);
        String base64AndUrlSafeEncodedStringFromBytes = base64AndUrlSafeEncodedStringFromBytes(signDataUsingPrivateKey(str, str2.getBytes()));
        L.debug("encoded Signature String: " + base64AndUrlSafeEncodedStringFromBytes, new Object[0]);
        return base64AndUrlSafeEncodedStringFromBytes;
    }

    @Override // com.paypal.android.foundation.core.security.SecureKeyWrapper
    @NonNull
    public byte[] signDataUsingPrivateKey(@NonNull String str, @NonNull byte[] bArr) {
        CommonContracts.requireNonEmptyString(str);
        CommonContracts.requireNonNull(bArr);
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                L.debug("Not an instance of a PrivateKeyEntry", new Object[0]);
                return null;
            }
            Signature signature = Signature.getInstance(PKI_ALGORITHM);
            signature.initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
            signature.update(bArr);
            return signature.sign();
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | SignatureException | UnrecoverableEntryException | CertificateException e) {
            L.error("signDataUsingPrivateKey : Exception in signDataUsingPrivateKey", e);
            throw new RuntimeException(e);
        }
    }

    @Override // com.paypal.android.foundation.core.security.SecureKeyWrapper
    @NonNull
    public boolean verifySignatureUsingPublicKey(@NonNull PublicKey publicKey, @NonNull byte[] bArr, @NonNull byte[] bArr2) {
        CommonContracts.requireNonNull(publicKey);
        CommonContracts.requireNonNull(bArr);
        CommonContracts.requireNonNull(bArr2);
        try {
            Signature signature = Signature.getInstance(PKI_ALGORITHM);
            L.debug("s.getProvider(): " + signature.getProvider(), new Object[0]);
            signature.initVerify(publicKey);
            signature.update(bArr);
            boolean verify = signature.verify(bArr2);
            L.debug("signature verification result: " + verify, new Object[0]);
            return verify;
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            L.error("verifySignatureUsingPublicKey : Exception in verifySignatureUsingPublicKey", e);
            throw new RuntimeException(e);
        }
    }
}
