package com.amazon.rabbit.android.payments.kyc;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import com.amazon.client.metrics.thirdparty.internal.BasicMetricEvent;
import com.amazon.identity.auth.device.api.MAPAccountManager;
import com.amazon.rabbit.android.log.RLog;
import com.amazon.rabbit.android.log.metrics.mobileanalytics.RabbitMetric;
import com.amazon.rabbit.android.payments.delegator.MetricsDelegator;
import com.amazon.rabbit.android.payments.model.SendKeyDetailsRequest;
import com.amazon.rabbit.android.payments.network.KYCServiceStatusCode;
import com.amazon.rabbit.android.payments.network.KYCYatagarasu;
import com.amazon.rabbit.android.payments.utils.ActiveKeyDataProvider;
import com.amazon.rabbit.android.payments.utils.DeviceDataProvider;
import com.amazon.rabbit.android.payments.utils.MetricsHelper;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Calendar;
import javax.inject.Inject;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes5.dex */
public class KYCKeyHandler {
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String CN = "CN=";
    private static final String KEY_ALGORITHM_RSA = "RSA";
    private static final String KEY_DOES_NOT_EXIST_METRIC_TAG = "KYC_KEY_DOES_NOT_EXIST";
    private static final String KEY_EXPIRED_METRIC_TAG = "KYC_KEY_EXPIRED";
    private static final int KEY_EXPIRY = 30;
    private static final int KEY_EXPIRY_WINDOW = 5;
    private static final String KEY_IN_EXPIRY_WINDOW_METRIC_TAG = "KYC_KEY_IN_EXPIRY_WINDOW";
    private static final String PRIMARY_ALIAS = "kyc-key-details-1";
    private static final String SECONDARY_ALIAS = "kyc-key-details-2";
    public static final String TAG = "KYCKeyHandler";
    private String activeAlias;
    private String agentId;
    private String deviceId;
    private KeyStore keyStore;
    private String kycKeyDetailsPrimary;
    private String kycKeyDetailsSecondary;

    @Inject
    protected ActiveKeyDataProvider mActiveKeyDataProvider;

    @Inject
    Context mContext;

    @Inject
    protected DeviceDataProvider mDeviceDataProvider;

    @Inject
    KYCYatagarasu mKYCYatagarasu;
    private MAPAccountManager mMapAccountManager;

    @Inject
    protected MetricsDelegator mMetricsDelegator;

    @Inject
    protected MetricsHelper mMetricsHelper;
    private String newKeyAlias;

    private void deleteEntry(String str) throws KeyStoreException {
        this.keyStore.deleteEntry(str);
    }

    private KeyPair generateKey() throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException, NoSuchProviderException, InvalidAlgorithmParameterException {
        this.mActiveKeyDataProvider.setInActive();
        KeyPair keyPair = getKeyPair();
        return sendKeyDetails(keyPair) ? keyPair : loadKeyPair();
    }

    private KeyPair getKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, KeyStoreException {
        this.newKeyAlias = this.keyStore.containsAlias(this.kycKeyDetailsPrimary) ? this.kycKeyDetailsSecondary : this.kycKeyDetailsPrimary;
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(5, 30);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.mContext).setAlias(this.newKeyAlias).setSubject(new X500Principal(CN + this.newKeyAlias)).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM_RSA, "AndroidKeyStore");
        keyPairGenerator.initialize(build);
        return keyPairGenerator.generateKeyPair();
    }

    private void init() throws KeyStoreException, NoSuchAlgorithmException, IOException, CertificateException {
        this.keyStore = KeyStore.getInstance("AndroidKeyStore");
        this.keyStore.load(null);
        this.mMapAccountManager = new MAPAccountManager(this.mContext);
        this.agentId = this.mMapAccountManager.getAccount();
        this.deviceId = this.mDeviceDataProvider.getDeviceId();
        this.kycKeyDetailsPrimary = PRIMARY_ALIAS + this.agentId;
        this.kycKeyDetailsSecondary = SECONDARY_ALIAS + this.agentId;
        setActiveAlias();
    }

    private KeyPair loadKeyPair() throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        if (!this.keyStore.containsAlias(this.activeAlias) || !this.mActiveKeyDataProvider.isActive()) {
            return null;
        }
        return new KeyPair(this.keyStore.getCertificate(this.activeAlias).getPublicKey(), ((KeyStore.PrivateKeyEntry) this.keyStore.getEntry(this.activeAlias, null)).getPrivateKey());
    }

    private void logMetrics(String str) {
        RabbitMetric createWorkflowMetric = this.mMetricsHelper.createWorkflowMetric(str);
        createWorkflowMetric.addSuccessMetric();
        this.mMetricsDelegator.record(createWorkflowMetric);
    }

    private boolean sendKeyDetails(KeyPair keyPair) throws KeyStoreException {
        RSAPublicKey rSAPublicKey = (RSAPublicKey) keyPair.getPublic();
        if (!this.mKYCYatagarasu.sendKeyDetails(new SendKeyDetailsRequest(rSAPublicKey.getModulus().toString() + BasicMetricEvent.LIST_DELIMITER + rSAPublicKey.getPublicExponent().toString(), this.agentId, this.deviceId)).equals(KYCServiceStatusCode.SUCCESS)) {
            deleteEntry(this.newKeyAlias);
            this.mActiveKeyDataProvider.setActive();
            return false;
        }
        if (!this.activeAlias.equals(this.newKeyAlias)) {
            deleteEntry(this.activeAlias);
            this.activeAlias = this.newKeyAlias;
        }
        this.mActiveKeyDataProvider.setActive();
        return true;
    }

    private void setActiveAlias() throws KeyStoreException {
        if (this.keyStore.containsAlias(this.kycKeyDetailsPrimary) && this.keyStore.containsAlias(this.kycKeyDetailsSecondary)) {
            if (((X509Certificate) this.keyStore.getCertificate(this.kycKeyDetailsPrimary)).getNotAfter().after(((X509Certificate) this.keyStore.getCertificate(this.kycKeyDetailsSecondary)).getNotAfter())) {
                deleteEntry(this.kycKeyDetailsPrimary);
            } else {
                deleteEntry(this.kycKeyDetailsSecondary);
            }
        }
        this.activeAlias = this.keyStore.containsAlias(this.kycKeyDetailsSecondary) ? this.kycKeyDetailsSecondary : this.kycKeyDetailsPrimary;
    }

    private boolean validKeyExists() throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        if (!this.keyStore.containsAlias(this.activeAlias) || !this.mActiveKeyDataProvider.isActive()) {
            logMetrics(KEY_DOES_NOT_EXIST_METRIC_TAG);
            return false;
        }
        if (!(this.keyStore.getEntry(this.activeAlias, null) instanceof KeyStore.PrivateKeyEntry)) {
            logMetrics(KEY_EXPIRED_METRIC_TAG);
            return false;
        }
        X509Certificate x509Certificate = (X509Certificate) this.keyStore.getCertificate(this.activeAlias);
        Calendar calendar = Calendar.getInstance();
        if (calendar.getTime().after(x509Certificate.getNotAfter())) {
            logMetrics(KEY_EXPIRED_METRIC_TAG);
            return false;
        }
        calendar.add(5, 5);
        if (!calendar.getTime().after(x509Certificate.getNotAfter())) {
            return true;
        }
        logMetrics(KEY_IN_EXPIRY_WINDOW_METRIC_TAG);
        return false;
    }

    public KeyPair getOrGenerateValidKey() {
        try {
            init();
            return !validKeyExists() ? generateKey() : loadKeyPair();
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableEntryException | CertificateException e) {
            RLog.e(TAG, "key generation exception of type:" + e.getClass());
            RLog.e(TAG, e.toString());
            return null;
        }
    }
}
