package X;

import android.security.keystore.KeyGenParameterSpec;
import com.whatsapp.util.Log;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.Calendar;
import javax.security.auth.x500.X500Principal;

/* renamed from: X.5tP, reason: invalid class name */
/* loaded from: classes4.dex */
public class C5tP {
    public final C37441ox A00 = C5Wl.A0K("Secp256r1KeyStoreHelper", "infra");
    public final KeyStore A01;

    public C5tP(KeyStore keyStore) {
        this.A01 = keyStore;
    }

    public KeyPair A00() {
        try {
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("alias-payments-br-trusted-device-key", 4).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setKeySize(256).setDigests("SHA-256").build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            this.A00.A0A("", e);
            return null;
        }
    }

    public KeyPair A01(String str) {
        boolean z;
        try {
            KeyStore keyStore = this.A01;
            Certificate certificate = keyStore.getCertificate(str);
            if (certificate != null) {
                if (certificate instanceof X509Certificate) {
                    try {
                        ((X509Certificate) certificate).checkValidity();
                        z = true;
                    } catch (CertificateExpiredException | CertificateNotYetValidException unused) {
                        z = false;
                    }
                    if (!z) {
                        try {
                            if (keyStore.containsAlias(str)) {
                                keyStore.deleteEntry(str);
                                return null;
                            }
                        } catch (KeyStoreException unused2) {
                            Log.e("PAY: Secp256r1KeyStoreHelper/deleteKeyPair failed");
                            return null;
                        }
                    }
                }
                return new KeyPair(certificate.getPublicKey(), (PrivateKey) keyStore.getKey(str, null));
            }
        } catch (Exception unused3) {
            Log.e("PAY: Secp256r1KeyStoreHelper/retrieveKeyPair failed");
        }
        return null;
    }

    public KeyPair A02(Calendar calendar, Calendar calendar2) {
        try {
            KeyGenParameterSpec.Builder digests = new KeyGenParameterSpec.Builder("alias-signing-key.data-fetch", 12).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setKeySize(256).setDigests("SHA-256");
            StringBuilder A0n = AnonymousClass000.A0n();
            A0n.append("CN=");
            KeyGenParameterSpec build = digests.setCertificateSubject(new X500Principal(AnonymousClass000.A0g("alias-signing-key.data-fetch", A0n))).setCertificateSerialNumber(BigInteger.TEN).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).setKeyValidityStart(calendar.getTime()).setKeyValidityEnd(calendar2.getTime()).build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            this.A00.A0A("", e);
            return null;
        }
    }
}
