package com.okta.authfoundation.credential;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.adjust.sdk.Constants;
import com.okta.authfoundation.InternalAuthFoundationApi;
import com.okta.authfoundation.client.OidcConfiguration;
import com.okta.authfoundation.credential.Credential;
import com.okta.authfoundation.credential.TokenEncryptionHandler;
import com.okta.authfoundation.util.AndroidKeystoreUtil;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.collections.MapsKt__MapsKt;
import kotlin.coroutines.Continuation;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;

@InternalAuthFoundationApi
@Metadata(d1 = {"\u0000d\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0012\n\u0000\n\u0002\u0010$\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0003\n\u0002\u0010\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0007\u0018\u0000 +2\u00020\u0001:\u0001+B\u001b\u0012\b\b\u0002\u0010\u0003\u001a\u00020\u0002\u0012\b\b\u0002\u0010\u0005\u001a\u00020\u0004¢\u0006\u0004\b\u0006\u0010\u0007J7\u0010\u0010\u001a\u00020\u000f2\u0006\u0010\t\u001a\u00020\b2\u0012\u0010\f\u001a\u000e\u0012\u0004\u0012\u00020\u000b\u0012\u0004\u0012\u00020\u000b0\n2\u0006\u0010\u000e\u001a\u00020\rH\u0082@ø\u0001\u0000¢\u0006\u0004\b\u0010\u0010\u0011JS\u0010\u0016\u001a\u00020\u000f2\u0006\u0010\t\u001a\u00020\b2\u0012\u0010\f\u001a\u000e\u0012\u0004\u0012\u00020\u000b\u0012\u0004\u0012\u00020\u000b0\n2\"\u0010\u0015\u001a\u001e\b\u0001\u0012\u0004\u0012\u00020\b\u0012\n\u0012\b\u0012\u0004\u0012\u00020\b0\u0013\u0012\u0006\u0012\u0004\u0018\u00010\u00140\u0012H\u0082@ø\u0001\u0000¢\u0006\u0004\b\u0016\u0010\u0017J\u0017\u0010\u0019\u001a\u00020\u00182\u0006\u0010\u000e\u001a\u00020\rH\u0016¢\u0006\u0004\b\u0019\u0010\u001aJ#\u0010\u001d\u001a\u00020\u001c2\u0006\u0010\u001b\u001a\u00020\u000f2\u0006\u0010\u000e\u001a\u00020\rH\u0096@ø\u0001\u0000¢\u0006\u0004\b\u001d\u0010\u001eJA\u0010!\u001a\u00020\u000f2\u0006\u0010\t\u001a\u00020\b2\u0012\u0010\f\u001a\u000e\u0012\u0004\u0012\u00020\u000b\u0012\u0004\u0012\u00020\u000b0\n2\u0006\u0010\u000e\u001a\u00020\r2\b\u0010 \u001a\u0004\u0018\u00010\u001fH\u0096@ø\u0001\u0000¢\u0006\u0004\b!\u0010\"R\u001a\u0010\u0003\u001a\u00020\u00028\u0000X\u0080\u0004¢\u0006\f\n\u0004\b\u0003\u0010#\u001a\u0004\b$\u0010%R\u0014\u0010\u0005\u001a\u00020\u00048\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0005\u0010&R\u001c\u0010)\u001a\n (*\u0004\u0018\u00010'0'8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b)\u0010*\u0082\u0002\u0004\n\u0002\b\u0019¨\u0006,"}, d2 = {"Lcom/okta/authfoundation/credential/DefaultTokenEncryptionHandler;", "Lcom/okta/authfoundation/credential/TokenEncryptionHandler;", "Ljava/security/KeyStore;", "keyStore", "Ljava/security/KeyPairGenerator;", "keyPairGenerator", "<init>", "(Ljava/security/KeyStore;Ljava/security/KeyPairGenerator;)V", "", "encryptedToken", "", "", "encryptionExtras", "Lcom/okta/authfoundation/credential/Credential$Security;", "security", "Lcom/okta/authfoundation/credential/Token;", "rsaDecrypt", "([BLjava/util/Map;Lcom/okta/authfoundation/credential/Credential$Security;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "Lkotlin/Function2;", "Lkotlin/coroutines/Continuation;", "", "rsaDecryptFunc", "internalDecrypt", "([BLjava/util/Map;Lkotlin/jvm/functions/Function2;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "", "generateKey", "(Lcom/okta/authfoundation/credential/Credential$Security;)V", "token", "Lcom/okta/authfoundation/credential/TokenEncryptionHandler$EncryptionResult;", "encrypt", "(Lcom/okta/authfoundation/credential/Token;Lcom/okta/authfoundation/credential/Credential$Security;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "Landroidx/biometric/BiometricPrompt$PromptInfo;", "promptInfo", "decrypt", "([BLjava/util/Map;Lcom/okta/authfoundation/credential/Credential$Security;Landroidx/biometric/BiometricPrompt$PromptInfo;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "Ljava/security/KeyStore;", "getKeyStore$auth_foundation_release", "()Ljava/security/KeyStore;", "Ljava/security/KeyPairGenerator;", "Ljavax/crypto/KeyGenerator;", "kotlin.jvm.PlatformType", "aesKeyGenerator", "Ljavax/crypto/KeyGenerator;", "Companion", "auth-foundation_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes5.dex */
public final class DefaultTokenEncryptionHandler implements TokenEncryptionHandler {
    public static final String BASE64_SEPARATOR = ",";
    public static final String BIO_TOKEN_NO_PROMPT_INFO_ERROR = "promptInfo is required for decrypting biometric tokens";

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);
    public static final String ENCRYPTED_AES_KEY_MATERIAL = "ENCRYPTED_AES_KEY_MATERIAL";
    private final KeyGenerator aesKeyGenerator;
    private final KeyPairGenerator keyPairGenerator;
    private final KeyStore keyStore;

    @Metadata(d1 = {"\u0000\u001c\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0080\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\b\u0010\u0007\u001a\u00020\bH\u0002J\r\u0010\t\u001a\u00020\bH\u0000¢\u0006\u0002\b\nR\u000e\u0010\u0003\u001a\u00020\u0004X\u0080T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0080T¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0004X\u0080T¢\u0006\u0002\n\u0000¨\u0006\u000b"}, d2 = {"Lcom/okta/authfoundation/credential/DefaultTokenEncryptionHandler$Companion;", "", "()V", "BASE64_SEPARATOR", "", "BIO_TOKEN_NO_PROMPT_INFO_ERROR", DefaultTokenEncryptionHandler.ENCRYPTED_AES_KEY_MATERIAL, "getAesCipher", "Ljavax/crypto/Cipher;", "getRsaCipher", "getRsaCipher$auth_foundation_release", "auth-foundation_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes5.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final Cipher getAesCipher() {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(...)");
            return cipher;
        }

        public final Cipher getRsaCipher$auth_foundation_release() {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
            Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(...)");
            return cipher;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public DefaultTokenEncryptionHandler() {
        this(null, 0 == true ? 1 : 0, 3, 0 == true ? 1 : 0);
    }

    public DefaultTokenEncryptionHandler(KeyStore keyStore, KeyPairGenerator keyPairGenerator) {
        Intrinsics.checkNotNullParameter(keyStore, "keyStore");
        Intrinsics.checkNotNullParameter(keyPairGenerator, "keyPairGenerator");
        this.keyStore = keyStore;
        this.keyPairGenerator = keyPairGenerator;
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256);
        this.aesKeyGenerator = keyGenerator;
    }

    public /* synthetic */ DefaultTokenEncryptionHandler(KeyStore keyStore, KeyPairGenerator keyPairGenerator, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this((i & 1) != 0 ? AndroidKeystoreUtil.INSTANCE.getKeyStore() : keyStore, (i & 2) != 0 ? AndroidKeystoreUtil.INSTANCE.getRsaKeyPairGenerator() : keyPairGenerator);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Removed duplicated region for block: B:15:0x0036  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0024  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.lang.Object internalDecrypt(byte[] r11, java.util.Map<java.lang.String, java.lang.String> r12, kotlin.jvm.functions.Function2<? super byte[], ? super kotlin.coroutines.Continuation<? super byte[]>, ? extends java.lang.Object> r13, kotlin.coroutines.Continuation<? super com.okta.authfoundation.credential.Token> r14) {
        /*
            r10 = this;
            boolean r0 = r14 instanceof com.okta.authfoundation.credential.DefaultTokenEncryptionHandler$internalDecrypt$1
            if (r0 == 0) goto L13
            r0 = r14
            com.okta.authfoundation.credential.DefaultTokenEncryptionHandler$internalDecrypt$1 r0 = (com.okta.authfoundation.credential.DefaultTokenEncryptionHandler$internalDecrypt$1) r0
            int r1 = r0.label
            r2 = -2147483648(0xffffffff80000000, float:-0.0)
            r3 = r1 & r2
            if (r3 == 0) goto L13
            int r1 = r1 - r2
            r0.label = r1
            goto L18
        L13:
            com.okta.authfoundation.credential.DefaultTokenEncryptionHandler$internalDecrypt$1 r0 = new com.okta.authfoundation.credential.DefaultTokenEncryptionHandler$internalDecrypt$1
            r0.<init>(r10, r14)
        L18:
            java.lang.Object r10 = r0.result
            java.lang.Object r14 = kotlin.coroutines.intrinsics.IntrinsicsKt__IntrinsicsKt.getCOROUTINE_SUSPENDED()
            int r1 = r0.label
            r2 = 1
            r3 = 2
            if (r1 == 0) goto L36
            if (r1 != r2) goto L2e
            java.lang.Object r11 = r0.L$0
            byte[] r11 = (byte[]) r11
            kotlin.ResultKt.throwOnFailure(r10)
            goto L53
        L2e:
            java.lang.IllegalStateException r10 = new java.lang.IllegalStateException
            java.lang.String r11 = "call to 'resume' before 'invoke' with coroutine"
            r10.<init>(r11)
            throw r10
        L36:
            kotlin.ResultKt.throwOnFailure(r10)
            java.lang.String r10 = "ENCRYPTED_AES_KEY_MATERIAL"
            java.lang.Object r10 = r12.get(r10)
            java.lang.String r10 = (java.lang.String) r10
            byte[] r10 = android.util.Base64.decode(r10, r3)
            kotlin.jvm.internal.Intrinsics.checkNotNull(r10)
            r0.L$0 = r11
            r0.label = r2
            java.lang.Object r10 = r13.invoke(r10, r0)
            if (r10 != r14) goto L53
            return r14
        L53:
            byte[] r10 = (byte[]) r10
            java.lang.String r4 = kotlin.text.StringsKt__StringsJVMKt.decodeToString(r10)
            java.lang.String r10 = ","
            java.lang.String[] r5 = new java.lang.String[]{r10}
            r8 = 2
            r9 = 0
            r6 = 0
            r7 = 2
            java.util.List r10 = kotlin.text.StringsKt__StringsKt.split$default(r4, r5, r6, r7, r8, r9)
            r12 = 0
            java.lang.Object r12 = r10.get(r12)
            java.lang.String r12 = (java.lang.String) r12
            byte[] r12 = android.util.Base64.decode(r12, r3)
            java.lang.Object r10 = r10.get(r2)
            java.lang.String r10 = (java.lang.String) r10
            byte[] r10 = android.util.Base64.decode(r10, r3)
            javax.crypto.spec.SecretKeySpec r13 = new javax.crypto.spec.SecretKeySpec
            java.lang.String r14 = "AES"
            r13.<init>(r12, r14)
            com.okta.authfoundation.credential.DefaultTokenEncryptionHandler$Companion r12 = com.okta.authfoundation.credential.DefaultTokenEncryptionHandler.INSTANCE
            javax.crypto.Cipher r12 = com.okta.authfoundation.credential.DefaultTokenEncryptionHandler.Companion.access$getAesCipher(r12)
            javax.crypto.spec.GCMParameterSpec r14 = new javax.crypto.spec.GCMParameterSpec
            r0 = 128(0x80, float:1.8E-43)
            r14.<init>(r0, r10)
            r12.init(r3, r13, r14)
            byte[] r10 = r12.doFinal(r11)
            kotlin.jvm.internal.Intrinsics.checkNotNull(r10)
            java.lang.String r10 = kotlin.text.StringsKt__StringsJVMKt.decodeToString(r10)
            com.okta.authfoundation.client.OidcConfiguration$Companion r11 = com.okta.authfoundation.client.OidcConfiguration.INSTANCE
            kotlinx.serialization.json.Json r11 = r11.defaultJson$auth_foundation_release()
            com.okta.authfoundation.credential.Token$Companion r12 = com.okta.authfoundation.credential.Token.INSTANCE
            kotlinx.serialization.KSerializer r12 = r12.serializer()
            kotlinx.serialization.DeserializationStrategy r12 = (kotlinx.serialization.DeserializationStrategy) r12
            java.lang.Object r10 = r11.decodeFromString(r12, r10)
            return r10
        */
        throw new UnsupportedOperationException("Method not decompiled: com.okta.authfoundation.credential.DefaultTokenEncryptionHandler.internalDecrypt(byte[], java.util.Map, kotlin.jvm.functions.Function2, kotlin.coroutines.Continuation):java.lang.Object");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Object rsaDecrypt(byte[] bArr, Map<String, String> map, Credential.Security security, Continuation<? super Token> continuation) {
        Key key = this.keyStore.getKey(security.getKeyAlias(), null);
        Cipher rsaCipher$auth_foundation_release = INSTANCE.getRsaCipher$auth_foundation_release();
        rsaCipher$auth_foundation_release.init(2, key);
        return internalDecrypt(bArr, map, new DefaultTokenEncryptionHandler$rsaDecrypt$2(rsaCipher$auth_foundation_release, null), continuation);
    }

    /* JADX WARN: Can't wrap try/catch for region: R(7:1|(2:3|(4:5|6|7|(1:(1:(1:(1:(1:(2:14|15)(2:17|18))(2:19|20))(3:21|22|(1:25)(1:24)))(2:26|27))(3:28|29|30))(3:31|(1:(2:34|(0)(1:36))(2:37|38))(2:39|(0)(1:41))|25)))|57|6|7|(0)(0)|(1:(0))) */
    /* JADX WARN: Code restructure failed: missing block: B:42:0x0077, code lost:
    
        r11 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:43:0x00f7, code lost:
    
        r10.keyStore.deleteEntry(r13.getKeyAlias());
     */
    /* JADX WARN: Code restructure failed: missing block: B:44:0x0100, code lost:
    
        throw r11;
     */
    /* JADX WARN: Code restructure failed: missing block: B:46:0x009e, code lost:
    
        if (com.okta.authfoundation.credential.TokenEncryptionHandler.INSTANCE.isSyncDecryptionContext() == false) goto L38;
     */
    /* JADX WARN: Code restructure failed: missing block: B:48:0x00a7, code lost:
    
        if (((com.okta.authfoundation.credential.Credential.BiometricSecurity) r13).getUserAuthenticationTimeout() == 0) goto L40;
     */
    /* JADX WARN: Code restructure failed: missing block: B:49:0x00a9, code lost:
    
        r15 = new com.okta.authfoundation.credential.DefaultTokenEncryptionHandler$decrypt$2(r10, r13, r14, null);
        r0.L$0 = null;
        r0.L$1 = null;
        r0.L$2 = null;
        r0.L$3 = null;
        r0.L$4 = null;
        r0.label = 2;
        r10 = internalDecrypt(r11, r12, r15, r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:50:0x00be, code lost:
    
        if (r10 == r1) goto L60;
     */
    /* JADX WARN: Code restructure failed: missing block: B:51:0x00c1, code lost:
    
        return r10;
     */
    /* JADX WARN: Code restructure failed: missing block: B:52:0x00c2, code lost:
    
        r15 = com.okta.authfoundation.BiometricDecryptionActivity.INSTANCE;
        r0.L$0 = r10;
        r0.L$1 = r11;
        r0.L$2 = r12;
        r0.L$3 = r13;
        r0.L$4 = null;
        r0.label = 3;
     */
    /* JADX WARN: Code restructure failed: missing block: B:53:0x00d4, code lost:
    
        if (r15.biometricUnlock$auth_foundation_release(r14, r0) != r1) goto L47;
     */
    /* JADX WARN: Code restructure failed: missing block: B:54:0x00d7, code lost:
    
        r13 = r10;
        r10 = r13;
        r12 = r11;
        r11 = r12;
     */
    /* JADX WARN: Code restructure failed: missing block: B:56:0x00f6, code lost:
    
        throw new com.okta.authfoundation.credential.BiometricInvocationException("Attempted fetching Biometric Token from sync context.");
     */
    /* JADX WARN: Removed duplicated region for block: B:31:0x007a  */
    /* JADX WARN: Removed duplicated region for block: B:9:0x0028  */
    @Override // com.okta.authfoundation.credential.TokenEncryptionHandler
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.Object decrypt(byte[] r11, java.util.Map<java.lang.String, java.lang.String> r12, com.okta.authfoundation.credential.Credential.Security r13, androidx.biometric.BiometricPrompt.PromptInfo r14, kotlin.coroutines.Continuation<? super com.okta.authfoundation.credential.Token> r15) {
        /*
            Method dump skipped, instructions count: 275
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.okta.authfoundation.credential.DefaultTokenEncryptionHandler.decrypt(byte[], java.util.Map, com.okta.authfoundation.credential.Credential$Security, androidx.biometric.BiometricPrompt$PromptInfo, kotlin.coroutines.Continuation):java.lang.Object");
    }

    @Override // com.okta.authfoundation.credential.TokenEncryptionHandler
    public Object encrypt(Token token, Credential.Security security, Continuation<? super TokenEncryptionHandler.EncryptionResult> continuation) {
        PublicKey publicKey = this.keyStore.getCertificate(security.getKeyAlias()).getPublicKey();
        PublicKey generatePublic = KeyFactory.getInstance(publicKey.getAlgorithm()).generatePublic(new X509EncodedKeySpec(publicKey.getEncoded()));
        SecretKey generateKey = this.aesKeyGenerator.generateKey();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        String encodeToString = OidcConfiguration.INSTANCE.defaultJson$auth_foundation_release().encodeToString(Token.INSTANCE.serializer(), token);
        Companion companion = INSTANCE;
        Cipher aesCipher = companion.getAesCipher();
        aesCipher.init(1, generateKey);
        Charset charset = Charsets.UTF_8;
        byte[] bytes = encodeToString.getBytes(charset);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        byte[] doFinal = aesCipher.doFinal(bytes);
        Cipher rsaCipher$auth_foundation_release = companion.getRsaCipher$auth_foundation_release();
        rsaCipher$auth_foundation_release.init(1, generatePublic);
        byte[] bytes2 = (Base64.encodeToString(generateKey.getEncoded(), 2) + BASE64_SEPARATOR + Base64.encodeToString(aesCipher.getIV(), 2)).getBytes(charset);
        Intrinsics.checkNotNullExpressionValue(bytes2, "this as java.lang.String).getBytes(charset)");
        String encodeToString2 = Base64.encodeToString(rsaCipher$auth_foundation_release.doFinal(bytes2), 2);
        Intrinsics.checkNotNullExpressionValue(encodeToString2, "encodeToString(...)");
        linkedHashMap.put(ENCRYPTED_AES_KEY_MATERIAL, encodeToString2);
        Intrinsics.checkNotNull(doFinal);
        return new TokenEncryptionHandler.EncryptionResult(doFinal, MapsKt__MapsKt.toMap(linkedHashMap));
    }

    @Override // com.okta.authfoundation.credential.TokenEncryptionHandler
    public void generateKey(Credential.Security security) {
        KeyGenParameterSpec build;
        Intrinsics.checkNotNullParameter(security, "security");
        if (this.keyStore.containsAlias(security.getKeyAlias())) {
            return;
        }
        KeyGenParameterSpec.Builder digests = new KeyGenParameterSpec.Builder(security.getKeyAlias(), 3).setBlockModes("ECB").setEncryptionPaddings("OAEPPadding").setKeySize(2048).setDigests("SHA-1", Constants.SHA256, "SHA-512");
        Intrinsics.checkNotNullExpressionValue(digests, "setDigests(...)");
        if (security instanceof Credential.Security.Default) {
            build = digests.setUserAuthenticationRequired(false).build();
        } else if (security instanceof Credential.Security.BiometricStrong) {
            digests.setUserAuthenticationRequired(true);
            if (Build.VERSION.SDK_INT > 30) {
                digests.setUserAuthenticationParameters(((Credential.Security.BiometricStrong) security).getUserAuthenticationTimeout(), 2);
            } else {
                digests.setUserAuthenticationValidityDurationSeconds(-1);
            }
            build = digests.build();
        } else {
            if (!(security instanceof Credential.Security.BiometricStrongOrDeviceCredential)) {
                throw new NoWhenBranchMatchedException();
            }
            digests.setUserAuthenticationRequired(true);
            if (Build.VERSION.SDK_INT > 30) {
                digests.setUserAuthenticationParameters(((Credential.Security.BiometricStrongOrDeviceCredential) security).getUserAuthenticationTimeout(), 3);
            } else {
                digests.setUserAuthenticationValidityDurationSeconds(((Credential.Security.BiometricStrongOrDeviceCredential) security).getUserAuthenticationTimeout());
            }
            build = digests.build();
        }
        Intrinsics.checkNotNull(build);
        this.keyPairGenerator.initialize(build);
        this.keyPairGenerator.generateKeyPair();
    }

    /* renamed from: getKeyStore$auth_foundation_release, reason: from getter */
    public final KeyStore getKeyStore() {
        return this.keyStore;
    }
}
