package com.f5.edge.client.ssl;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Build;
import android.security.KeyChain;
import android.security.KeyChainException;
import android.util.Log;
import com.f5.edge.Logger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAKey;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes.dex */
public class AndroidKeyChainImpl extends KeystoreImpl {
    private static final String KEYSTORE_NAME = "AndroidKeyChain";
    private final Context mContext;

    public AndroidKeyChainImpl(Context context) {
        super("AndroidKeyChain");
        this.mContext = context;
    }

    @SuppressLint({"TrulyRandom"})
    private byte[] encryptRSA(byte[] bArr, PrivateKey privateKey) {
        if (!privateKey.getAlgorithm().equalsIgnoreCase("RSA")) {
            Log.e(Logger.TAG, "Unsupported private key algorithm: " + privateKey.getAlgorithm());
            return null;
        }
        try {
            Cipher cipher = Build.VERSION.SDK_INT < 23 ? Cipher.getInstance("RSA/ECB/NoPadding", "AndroidOpenSSL") : Cipher.getInstance("RSA/ECB/NoPadding");
            cipher.init(1, privateKey);
            return cipher.doFinal(bArr);
        } catch (InvalidKeyException e) {
            Log.e(Logger.TAG, "Invalid private key: ", e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            Log.e(Logger.TAG, "No such algorithm: RSA/ECB/NoPadding", e2);
            return null;
        } catch (NoSuchProviderException e3) {
            Log.e(Logger.TAG, "No such crypto provider: AndroidOpenSSL", e3);
            return null;
        } catch (BadPaddingException e4) {
            Log.e(Logger.TAG, "Bad padding: ", e4);
            return null;
        } catch (IllegalBlockSizeException e5) {
            Log.e(Logger.TAG, "Invalid block size: ", e5);
            return null;
        } catch (NoSuchPaddingException e6) {
            Log.e(Logger.TAG, "No such padding: ", e6);
            return null;
        } catch (Exception e7) {
            Log.e(Logger.TAG, "Unexpected exception", e7);
            return null;
        }
    }

    @Override // com.f5.edge.client.ssl.KeystoreImpl
    public X509Certificate[] getCertificateChain(String str) {
        try {
            return KeyChain.getCertificateChain(this.mContext, str);
        } catch (KeyChainException e) {
            Log.e(Logger.TAG, "Failed to get certificate chain for alias: " + str, e);
            return null;
        } catch (InterruptedException e2) {
            Log.e(Logger.TAG, "Failed to get certificate chain for alias: " + str, e2);
            return null;
        }
    }

    @Override // com.f5.edge.client.ssl.KeystoreImpl
    public byte[] getEncodedPrivateKey(String str) {
        PrivateKey privateKey;
        if (Build.VERSION.SDK_INT < 16 && (privateKey = getPrivateKey(str)) != null) {
            return privateKey.getEncoded();
        }
        return null;
    }

    @Override // com.f5.edge.client.ssl.KeystoreImpl
    public int getFIPSMode() {
        return 0;
    }

    @Override // com.f5.edge.client.ssl.KeystoreImpl
    public PrivateKey getPrivateKey(String str) {
        try {
            return KeyChain.getPrivateKey(this.mContext, str);
        } catch (KeyChainException e) {
            Log.e(Logger.TAG, "Failed to get private key for alias: " + str, e);
            return null;
        } catch (InterruptedException e2) {
            Log.e(Logger.TAG, "Failed to get private key for alias: " + str, e2);
            return null;
        }
    }

    @Override // com.f5.edge.client.ssl.KeystoreImpl
    public byte[] getPublicKey(String str) {
        try {
            X509Certificate[] certificateChain = KeyChain.getCertificateChain(this.mContext, str);
            if (certificateChain == null) {
                Log.e(Logger.TAG, "Failed to get certificate chain for alias:" + str);
                return null;
            }
            if (certificateChain.length < 1) {
                Log.e(Logger.TAG, "Empty certificate chain for alias:" + str);
                return null;
            }
            PublicKey publicKey = certificateChain[0].getPublicKey();
            Log.d(Logger.TAG, "Public Key found: " + publicKey);
            return publicKey.getEncoded();
        } catch (KeyChainException e) {
            Log.e(Logger.TAG, "Failed to get certificate chain for alias: " + str, e);
            return null;
        } catch (InterruptedException e2) {
            Log.e(Logger.TAG, "Failed to get certificate chain for alias: " + str, e2);
            return null;
        }
    }

    @Override // com.f5.edge.client.ssl.KeystoreImpl
    public byte[] sign(String str, byte[] bArr) {
        PrivateKey privateKey = getPrivateKey(str);
        if (privateKey == null) {
            return null;
        }
        if (privateKey instanceof RSAKey) {
            return encryptRSA(bArr, privateKey);
        }
        Log.e(Logger.TAG, "Unsupported private key algorithm: " + privateKey.getAlgorithm());
        return null;
    }
}
