package j.a.a.c.g.f.c;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.google.android.gms.vision.barcode.Barcode;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.b0.d;
import kotlin.e;
import kotlin.g;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.i;
import kotlin.jvm.internal.j;
import kotlin.jvm.internal.u;

/* compiled from: SharedPrefsCipher.kt */
/* loaded from: classes.dex */
public final class b {
    private SecretKey a;
    private final e b;
    private final Context c;
    private final SharedPreferences d;

    /* compiled from: SharedPrefsCipher.kt */
    /* loaded from: classes2.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* compiled from: SharedPrefsCipher.kt */
    /* renamed from: j.a.a.c.g.f.c.b$b, reason: collision with other inner class name */
    /* loaded from: classes2.dex */
    static final class C0266b extends j implements kotlin.w.c.a<KeyStore> {
        public static final C0266b a = new C0266b();

        C0266b() {
            super(0);
        }

        @Override // kotlin.w.c.a
        public final KeyStore invoke() {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore;
        }
    }

    static {
        new a(null);
    }

    public b(Context context, SharedPreferences sharedPreferences) {
        e a2;
        i.b(context, "context");
        i.b(sharedPreferences, "sp");
        this.c = context;
        this.d = sharedPreferences;
        a2 = g.a(C0266b.a);
        this.b = a2;
        b();
    }

    private final String a(SecretKey secretKey) {
        try {
            PublicKey e2 = e("credentialCipherKey");
            if (e2 == null) {
                return null;
            }
            Cipher a2 = a(1, e2);
            return Base64.encodeToString(a2 != null ? a2.doFinal(secretKey.getEncoded()) : null, 2);
        } catch (Exception e3) {
            j.a.a.c.g.a.b("SharedPrefsCipher", "encryptAesKey() failed with an exception: ", e3);
            return null;
        }
    }

    private final X509Certificate a(KeyStore keyStore) {
        return (X509Certificate) keyStore.getCertificate("credentialCipherKey");
    }

    private final Cipher a(int i2, Key key) {
        try {
            Cipher c = c();
            c.init(i2, key);
            return c;
        } catch (Exception e2) {
            j.a.a.c.g.a.b("SharedPrefsCipher", "getRsaCipherInstance() failed with an exception: ", e2);
            return null;
        }
    }

    private final SecretKey a() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(Barcode.QR_CODE);
            return keyGenerator.generateKey();
        } catch (Exception e2) {
            j.a.a.c.g.a.b("SharedPrefsCipher", "createAesKey() failed with an exception: ", e2);
            return null;
        }
    }

    private final SecretKey a(boolean z) {
        SecretKey secretKey;
        synchronized (this) {
            secretKey = this.a;
            if (secretKey == null) {
                secretKey = b(z);
                if (secretKey != null) {
                    this.a = secretKey;
                } else {
                    secretKey = null;
                }
            }
        }
        return secretKey;
    }

    private final byte[] a(SecureRandom secureRandom, int i2) {
        byte[] bArr = new byte[i2];
        secureRandom.nextBytes(bArr);
        return bArr;
    }

    @SuppressLint({"ApplySharedPref"})
    private final SecretKey b(boolean z) {
        SecretKey a2;
        String a3;
        String string = this.d.getString("secret_key", null);
        if (string != null) {
            SecretKey c = c(string);
            if (c != null) {
                return c;
            }
            this.d.edit().remove("secret_key").commit();
        }
        if (!z || (a2 = a()) == null || (a3 = a(a2)) == null) {
            return null;
        }
        this.d.edit().putString("secret_key", a3).commit();
        return a2;
    }

    private final void b() {
        if (f("credentialCipherKey") && e()) {
            return;
        }
        Calendar calendar = Calendar.getInstance();
        i.a((Object) calendar, "calendar");
        Date time = calendar.getTime();
        calendar.add(1, 1);
        Date time2 = calendar.getTime();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        if (Build.VERSION.SDK_INT >= 23) {
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("credentialCipherKey", 3).setCertificateNotBefore(time).setCertificateNotAfter(time2).setCertificateSubject(new X500Principal("CN=credentialCipherKey")).setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(1024, RSAKeyGenParameterSpec.F4)).setBlockModes("CBC").setEncryptionPaddings("PKCS1Padding").setDigests("SHA-256", "SHA-384", "SHA-512").setUserAuthenticationRequired(false).build();
            i.a((Object) build, "KeyGenParameterSpec.Buil…                 .build()");
            keyPairGenerator.initialize(build);
        } else {
            KeyPairGeneratorSpec build2 = new KeyPairGeneratorSpec.Builder(this.c).setAlias("credentialCipherKey").setSubject(new X500Principal("CN=credentialCipherKey")).setSerialNumber(BigInteger.valueOf(1L)).setStartDate(time).setEndDate(time2).build();
            i.a((Object) build2, "KeyPairGeneratorSpec.Bui…                 .build()");
            keyPairGenerator.initialize(build2);
        }
        try {
            keyPairGenerator.generateKeyPair();
        } catch (RuntimeException e2) {
            j.a.a.c.g.a.d("SharedPrefsCipher", e2.getStackTrace().toString());
        }
    }

    private final Cipher c() throws NoSuchPaddingException, NoSuchAlgorithmException {
        u uVar = u.a;
        Object[] objArr = {"RSA", "NONE", "PKCS1Padding"};
        String format = String.format("%s/%s/%s", Arrays.copyOf(objArr, objArr.length));
        i.a((Object) format, "java.lang.String.format(format, *args)");
        Cipher cipher = Cipher.getInstance(format);
        i.a((Object) cipher, "Cipher.getInstance(\n    …RSA_CIPHER_PADDING_TYPE))");
        return cipher;
    }

    private final SecretKey c(String str) {
        try {
            Key d = d("credentialCipherKey");
            if (d == null) {
                return null;
            }
            Cipher a2 = a(2, d);
            return new SecretKeySpec(a2 != null ? a2.doFinal(Base64.decode(str, 2)) : null, "AES");
        } catch (Exception e2) {
            j.a.a.c.g.a.b("SharedPrefsCipher", "decryptAesKey() failed with an exception: ", e2);
            return null;
        }
    }

    private final Key d(String str) {
        try {
            Key key = d().getKey(str, null);
            if (key != null) {
                if (key instanceof PrivateKey) {
                    return key;
                }
                j.a.a.c.g.a.e("SharedPrefsCipher", "Not an instance of a PrivateKeyEntry");
                return null;
            }
            j.a.a.c.g.a.e("SharedPrefsCipher", "No key found under alias: " + str);
            return null;
        } catch (Exception e2) {
            j.a.a.c.g.a.a("SharedPrefsCipher", "getRsaPrivateKey failed", e2);
            return null;
        }
    }

    private final KeyStore d() {
        return (KeyStore) this.b.getValue();
    }

    private final PublicKey e(String str) {
        PublicKey publicKey;
        try {
            if (((PrivateKey) d().getKey(str, null)) != null) {
                Certificate certificate = d().getCertificate(str);
                i.a((Object) certificate, "rsaKeyStore.getCertificate(alias)");
                publicKey = certificate.getPublicKey();
            } else {
                publicKey = null;
            }
            if (publicKey != null) {
                return publicKey;
            }
            j.a.a.c.g.a.e("SharedPrefsCipher", "No publicKey found under alias: " + str);
            return null;
        } catch (Exception e2) {
            j.a.a.c.g.a.a("SharedPrefsCipher", "getRsaPublicKey failed", e2);
            return null;
        }
    }

    private final boolean e() {
        try {
            X509Certificate a2 = a(d());
            if (a2 != null) {
                a2.checkValidity();
            }
            return true;
        } catch (Exception e2) {
            j.a.a.c.g.a.b("SharedPrefsCipher", "isRsaKeyValid() failed with an exception: ", e2);
            d().deleteEntry("credentialCipherKey");
            return false;
        }
    }

    private final boolean f(String str) {
        try {
            return d().containsAlias(str);
        } catch (Exception e2) {
            j.a.a.c.g.a.a("SharedPrefsCipher", e2.getMessage(), e2);
            return false;
        }
    }

    public final String a(String str) {
        i.b(str, "encryptedBase64");
        SecretKey a2 = a(false);
        if (a2 == null) {
            j.a.a.c.g.a.e("SharedPrefsCipher", "decryptString(): can't get AES key, return null");
            return null;
        }
        try {
            byte[] decode = Base64.decode(str, 2);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            if (Build.VERSION.SDK_INT >= 21) {
                cipher.init(2, a2, new GCMParameterSpec(128, decode, 0, 12));
            } else {
                cipher.init(2, a2, new IvParameterSpec(decode, 0, 12));
            }
            byte[] doFinal = cipher.doFinal(decode, 12, decode.length - 12);
            i.a((Object) doFinal, "plainBytes");
            return new String(doFinal, d.a);
        } catch (Exception e2) {
            j.a.a.c.g.a.b("SharedPrefsCipher", "decryptString() failed with an exception: ", e2);
            return null;
        }
    }

    public final String b(String str) {
        byte[] a2;
        i.b(str, "plain");
        SecretKey a3 = a(true);
        if (a3 == null) {
            j.a.a.c.g.a.e("SharedPrefsCipher", "encryptString(): can't get AES key, return null");
            return null;
        }
        try {
            byte[] a4 = a(new SecureRandom(), 12);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            if (Build.VERSION.SDK_INT >= 21) {
                cipher.init(1, a3, new GCMParameterSpec(128, a4));
            } else {
                cipher.init(1, a3, new IvParameterSpec(a4));
            }
            byte[] bytes = str.getBytes(d.a);
            i.a((Object) bytes, "(this as java.lang.String).getBytes(charset)");
            byte[] doFinal = cipher.doFinal(bytes);
            i.a((Object) doFinal, "encrypted");
            a2 = kotlin.s.g.a(a4, doFinal);
            return Base64.encodeToString(a2, 2);
        } catch (Exception e2) {
            j.a.a.c.g.a.b("SharedPrefsCipher", "encryptString() failed with an exception: ", e2);
            return null;
        }
    }
}
