package com.yeelight.yeelight_fluid.matter;

import android.content.Context;
import chip.devicecontroller.KeypairDelegate;
import chip.platform.KeyValueStoreManager;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.util.GregorianCalendar;
import java.util.concurrent.ThreadLocalRandom;
import kotlin.ExperimentalUnsignedTypes;
import kotlin.UByte;
import kotlin.UByteArray;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.collections.CollectionsKt___CollectionsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt__StringsKt;
import kotlin.text.UStringsKt;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: classes3.dex */
public final class ControllerOperationalKeys implements KeypairDelegate {

    @NotNull
    private final Context context;

    @NotNull
    private final KeyValueStoreManager keyValueStoreManager;
    private PrivateKey privateKey;
    private PublicKey publicKey;

    public ControllerOperationalKeys(@NotNull Context context) {
        Certificate certificate;
        Object first;
        Intrinsics.checkNotNullParameter(context, "context");
        this.context = context;
        this.keyValueStoreManager = ChipClient.INSTANCE.getKeyValueStoreManager(context);
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        Certificate[] certificateChain = keyStore.getCertificateChain(privateKeyKeyName());
        if (certificateChain != null) {
            first = ArraysKt___ArraysKt.first(certificateChain);
            certificate = (Certificate) first;
        } else {
            certificate = null;
        }
        KeyStore.Entry entry = keyStore.getEntry(privateKeyKeyName(), null);
        KeyStore.PrivateKeyEntry privateKeyEntry = entry instanceof KeyStore.PrivateKeyEntry ? (KeyStore.PrivateKeyEntry) entry : null;
        PrivateKey privateKey = privateKeyEntry != null ? privateKeyEntry.getPrivateKey() : null;
        if (privateKey != null && certificate != null) {
            this.privateKey = privateKey;
            PublicKey publicKey = certificate.getPublicKey();
            Intrinsics.checkNotNullExpressionValue(publicKey, "selfSignedCertificate.publicKey");
            if (checkIfPrivateKayMatchPublicKey(privateKey, publicKey)) {
                PublicKey publicKey2 = certificate.getPublicKey();
                Intrinsics.checkNotNullExpressionValue(publicKey2, "selfSignedCertificate.publicKey");
                this.publicKey = publicKey2;
                return;
            }
        }
        generateKeyPair();
    }

    private final byte[] addPrefixToPublicKey(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length + 1];
        bArr2[0] = 4;
        System.arraycopy(bArr, 0, bArr2, 1, bArr.length);
        return bArr2;
    }

    private final boolean checkIfPrivateKayMatchPublicKey(PrivateKey privateKey, PublicKey publicKey) {
        byte[] bArr = new byte[10000];
        ThreadLocalRandom.current().nextBytes(bArr);
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(privateKey);
        signature.update(bArr);
        byte[] sign = signature.sign();
        signature.initVerify(publicKey);
        signature.update(bArr);
        return signature.verify(sign);
    }

    private final byte[] concatenate(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[64];
        System.arraycopy(bArr, bArr.length - 32, bArr3, 0, 32);
        System.arraycopy(bArr2, bArr2.length - 32, bArr3, 32, 32);
        return bArr3;
    }

    private final Certificate createSelfSignedCertificate(KeyPair keyPair) {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.add(1, 20);
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(new X509v3CertificateBuilder(new X500Name("CN=yeelight"), BigInteger.valueOf(System.currentTimeMillis()), gregorianCalendar.getTime(), gregorianCalendar2.getTime(), new X500Name("CN=yeelight"), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())).build(new JcaContentSignerBuilder("SHA256withECDSA").build(keyPair.getPrivate())));
        Intrinsics.checkNotNullExpressionValue(certificate, "JcaX509CertificateConver…te(builder.build(signer))");
        return certificate;
    }

    private final void generateKeyPair() {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
        Intrinsics.checkNotNullExpressionValue(algorithmParameters, "getInstance(KeyProperties.KEY_ALGORITHM_EC)");
        algorithmParameters.init(new ECGenParameterSpec("prime256v1"));
        AlgorithmParameterSpec parameterSpec = algorithmParameters.getParameterSpec(ECParameterSpec.class);
        Intrinsics.checkNotNullExpressionValue(parameterSpec, "parameters.getParameterS…arameterSpec::class.java)");
        keyPairGenerator.initialize((ECParameterSpec) parameterSpec);
        KeyPair keyPair = keyPairGenerator.generateKeyPair();
        PublicKey publicKey = keyPair.getPublic();
        Intrinsics.checkNotNull(publicKey, "null cannot be cast to non-null type java.security.interfaces.ECPublicKey");
        this.publicKey = (ECPublicKey) publicKey;
        PrivateKey privateKey = keyPair.getPrivate();
        Intrinsics.checkNotNull(privateKey, "null cannot be cast to non-null type java.security.interfaces.ECPrivateKey");
        this.privateKey = (ECPrivateKey) privateKey;
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        PrivateKey privateKey2 = this.privateKey;
        if (privateKey2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("privateKey");
            privateKey2 = null;
        }
        Intrinsics.checkNotNullExpressionValue(keyPair, "keyPair");
        keyStore.setEntry(privateKeyKeyName(), new KeyStore.PrivateKeyEntry(privateKey2, new Certificate[]{createSelfSignedCertificate(keyPair)}), null);
    }

    private final String getKeyWithPrefix(String str) {
        return str;
    }

    private final byte[] getPublicKeyAsByteArray(PublicKey publicKey) {
        ECPoint w = ((ECPublicKeySpec) KeyFactory.getInstance("EC").getKeySpec(publicKey, ECPublicKeySpec.class)).getW();
        BigInteger affineX = w.getAffineX();
        BigInteger affineY = w.getAffineY();
        byte[] byteArray = affineX.toByteArray();
        Intrinsics.checkNotNullExpressionValue(byteArray, "x.toByteArray()");
        byte[] byteArray2 = affineY.toByteArray();
        Intrinsics.checkNotNullExpressionValue(byteArray2, "y.toByteArray()");
        byte[] concatenate = concatenate(byteArray, byteArray2);
        if (concatenate != null) {
            return addPrefixToPublicKey(concatenate);
        }
        return null;
    }

    private final String privateKeyKeyName() {
        return getKeyWithPrefix("controller_private_key");
    }

    @Override // chip.devicecontroller.KeypairDelegate
    @NotNull
    public byte[] createCertificateSigningRequest() {
        return new byte[0];
    }

    @Override // chip.devicecontroller.KeypairDelegate
    @NotNull
    public byte[] ecdsaSignMessage(@Nullable byte[] bArr) {
        Signature signature = Signature.getInstance("SHA256withECDSA");
        PrivateKey privateKey = this.privateKey;
        if (privateKey == null) {
            Intrinsics.throwUninitializedPropertyAccessException("privateKey");
            privateKey = null;
        }
        signature.initSign(privateKey);
        signature.update(bArr);
        byte[] data = signature.sign();
        Intrinsics.checkNotNullExpressionValue(data, "data");
        return data;
    }

    @Override // chip.devicecontroller.KeypairDelegate
    public void generatePrivateKey() {
    }

    @NotNull
    public final Context getContext() {
        return this.context;
    }

    @Override // chip.devicecontroller.KeypairDelegate
    @NotNull
    public byte[] getPublicKey() {
        PublicKey publicKey = this.publicKey;
        if (publicKey == null) {
            Intrinsics.throwUninitializedPropertyAccessException("publicKey");
            publicKey = null;
        }
        byte[] publicKeyAsByteArray = getPublicKeyAsByteArray(publicKey);
        return publicKeyAsByteArray == null ? new byte[0] : publicKeyAsByteArray;
    }

    @ExperimentalUnsignedTypes
    @NotNull
    public final String toHexString(@NotNull byte[] bArr) {
        String joinToString$default;
        Intrinsics.checkNotNullParameter(bArr, "<this>");
        joinToString$default = CollectionsKt___CollectionsKt.joinToString$default(UByteArray.m140boximpl(UByteArray.m142constructorimpl(bArr)), "", null, null, 0, null, new Function1<UByte, CharSequence>() { // from class: com.yeelight.yeelight_fluid.matter.ControllerOperationalKeys$toHexString$1
            @Override // kotlin.jvm.functions.Function1
            public /* bridge */ /* synthetic */ CharSequence invoke(UByte uByte) {
                return m66invoke7apg3OU(uByte.m139unboximpl());
            }

            @NotNull
            /* renamed from: invoke-7apg3OU, reason: not valid java name */
            public final CharSequence m66invoke7apg3OU(byte b2) {
                String padStart;
                padStart = StringsKt__StringsKt.padStart(UStringsKt.m1395toStringLxnNnR4(b2, 16), 2, '0');
                return padStart;
            }
        }, 30, null);
        return joinToString$default;
    }
}
