package com.medallia.auth;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.util.ArrayList;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import timber.log.Timber;

/* compiled from: MMKeyStoreManager.java */
/* loaded from: classes.dex */
public class d {

    /* renamed from: a, reason: collision with root package name */
    private KeyStore f3271a;

    /* renamed from: b, reason: collision with root package name */
    private Context f3272b;
    private SharedPreferences c;

    /* compiled from: MMKeyStoreManager.java */
    /* loaded from: classes.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        private Context f3273a;

        public a(Context context) {
            this.f3273a = context;
        }

        public d a() {
            return new d(this.f3273a);
        }
    }

    private d(Context context) {
        this.f3272b = context;
        this.c = context.getSharedPreferences("authPreferences", 0);
        b();
    }

    private Key a(Context context) {
        return new SecretKeySpec(c(Base64.decode(this.c.getString("authKey", null), 0)), "AES");
    }

    private byte[] a(byte[] bArr) {
        Cipher cipher;
        PublicKey publicKey = this.f3271a.getCertificate("com.medallia.mobile.auth.key_alias2").getPublicKey();
        if (Build.VERSION.SDK_INT >= 23) {
            cipher = Cipher.getInstance("RSA/None/OAEPWithSHA-512AndMGF1Padding");
            cipher.init(1, publicKey, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
        } else {
            cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, publicKey);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(bArr);
        cipherOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    private Key b(Context context) {
        return new SecretKeySpec(b(Base64.decode(this.c.getString("authKey", null), 0)), "AES");
    }

    private void b() {
        try {
            this.f3271a = KeyStore.getInstance("AndroidKeyStore");
            this.f3271a.load(null);
            g();
            if (!this.f3271a.containsAlias("com.medallia.mobile.auth.key_alias2")) {
                c();
            }
            d();
            e();
        } catch (Exception e) {
            Timber.e(e, "Error during prepareKeyStore", new Object[0]);
        }
    }

    private byte[] b(byte[] bArr) {
        Cipher cipher;
        Key key = this.f3271a.getKey("com.medallia.mobile.auth.key_alias2", null);
        if (Build.VERSION.SDK_INT >= 23) {
            cipher = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-512ANDMGF1PADDING");
            cipher.init(2, key, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
        } else {
            cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(2, key);
        }
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        byte[] bArr2 = new byte[arrayList.size()];
        for (int i = 0; i < bArr2.length; i++) {
            bArr2[i] = ((Byte) arrayList.get(i)).byteValue();
        }
        return bArr2;
    }

    private void c() {
        SharedPreferences.Editor edit = this.c.edit();
        edit.remove("authKey");
        edit.commit();
    }

    private byte[] c(byte[] bArr) {
        Key key = this.f3271a.getKey("com.medallia.mobile.auth.key_alias", null);
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, key);
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        byte[] bArr2 = new byte[arrayList.size()];
        for (int i = 0; i < bArr2.length; i++) {
            bArr2[i] = ((Byte) arrayList.get(i)).byteValue();
        }
        return bArr2;
    }

    private void d() {
        AlgorithmParameterSpec build;
        if (this.f3271a.containsAlias("com.medallia.mobile.auth.key_alias2")) {
            return;
        }
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 30);
        if (Build.VERSION.SDK_INT >= 23) {
            KeyGenParameterSpec.Builder digests = new KeyGenParameterSpec.Builder("com.medallia.mobile.auth.key_alias2", 3).setCertificateSubject(new X500Principal("CN=com.medallia.mobile.auth.key_alias2")).setCertificateSerialNumber(BigInteger.TEN).setKeyValidityStart(calendar.getTime()).setKeyValidityEnd(calendar2.getTime()).setEncryptionPaddings("OAEPPadding").setBlockModes("ECB").setDigests("SHA-256");
            if (Build.VERSION.SDK_INT >= 28) {
                digests.setIsStrongBoxBacked(this.f3272b.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore"));
            }
            build = digests.build();
        } else {
            build = new KeyPairGeneratorSpec.Builder(this.f3272b).setAlias("com.medallia.mobile.auth.key_alias2").setSubject(new X500Principal("CN=com.medallia.mobile.auth.key_alias2")).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
    }

    private void d(byte[] bArr) {
        String str = new String(bArr, StandardCharsets.ISO_8859_1);
        SharedPreferences.Editor edit = this.c.edit();
        edit.putString("ivxKey", str);
        edit.commit();
    }

    private void e() {
        if (this.c.getString("authKey", null) == null) {
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            String encodeToString = Base64.encodeToString(a(bArr), 0);
            SharedPreferences.Editor edit = this.c.edit();
            edit.putString("authKey", encodeToString);
            edit.commit();
        }
    }

    private IvParameterSpec f() {
        return new IvParameterSpec(this.c.getString("ivxKey", "").getBytes(StandardCharsets.ISO_8859_1));
    }

    private void g() {
        try {
            if (!this.f3271a.containsAlias("com.medallia.mobile.auth.key_alias") || Build.VERSION.SDK_INT < 23) {
                return;
            }
            Key a2 = a(this.f3272b);
            String string = this.c.getString("authState", null);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, a2, f());
            String str = new String(cipher.doFinal(Base64.decode(string, 0)), "utf-8");
            c();
            this.f3271a.deleteEntry("com.medallia.mobile.auth.key_alias");
            d();
            e();
            this.c.edit().putString("authState", a(str)).commit();
        } catch (Exception e) {
            Timber.e(e, "Error migrating keys.", new Object[0]);
        }
    }

    public String a(String str) {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(1, b(this.f3272b));
        d(cipher.getIV());
        return Base64.encodeToString(cipher.doFinal(str.getBytes("utf-8")), 0);
    }

    public void a() {
        if (this.c.getString("authKey", null) == null || !this.f3271a.containsAlias("com.medallia.mobile.auth.key_alias2")) {
            return;
        }
        try {
            b(this.f3272b);
        } catch (Exception e) {
            Timber.e(e, "Error decrypting with incompatible keys", new Object[0]);
            c();
            this.f3271a.deleteEntry("com.medallia.mobile.auth.key_alias2");
        }
    }

    public String b(String str) {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(2, b(this.f3272b), f());
        return new String(cipher.doFinal(Base64.decode(str, 0)), "utf-8");
    }
}
