package com.okta.android.auth.security;

import android.text.TextUtils;
import com.okta.android.auth.data.Constants;
import com.okta.android.auth.data.IOUtils;
import com.okta.android.auth.data.KeyDataStorage;
import com.okta.android.auth.data.database.keystorage.KeystoreDataType;
import com.okta.lib.android.common.utilities.Log;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeSet;
import java.util.UUID;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.inject.Inject;

/* loaded from: classes2.dex */
public class KeyPairManager {
    private static final String TAG = "KeyPairManager";
    private final KeyPairHelperFallback fallbackKeypairHelper;
    private final KeyPairHelperHiddenAPI hiddenAPIKeypairHelper;
    private final KeyDataStorage keyDataStorage;
    private final KeyPairHelperPublicAPI publicAPIKeypairHelper;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.okta.android.auth.security.KeyPairManager$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$okta$android$auth$data$database$keystorage$KeystoreDataType;

        static {
            int[] iArr = new int[KeystoreDataType.values().length];
            $SwitchMap$com$okta$android$auth$data$database$keystorage$KeystoreDataType = iArr;
            try {
                iArr[KeystoreDataType.FALLBACK.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$okta$android$auth$data$database$keystorage$KeystoreDataType[KeystoreDataType.PRIVATE_API.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$okta$android$auth$data$database$keystorage$KeystoreDataType[KeystoreDataType.PUBLIC_API.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    @Inject
    public KeyPairManager(KeyPairHelperFallback keyPairHelperFallback, KeyPairHelperHiddenAPI keyPairHelperHiddenAPI, KeyPairHelperPublicAPI keyPairHelperPublicAPI, KeyDataStorage keyDataStorage) {
        this.fallbackKeypairHelper = keyPairHelperFallback;
        this.hiddenAPIKeypairHelper = keyPairHelperHiddenAPI;
        this.publicAPIKeypairHelper = keyPairHelperPublicAPI;
        this.keyDataStorage = keyDataStorage;
    }

    public static byte[] decrypt(byte[] bArr, SecretKey secretKey) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        int blockSize = cipher.getBlockSize();
        byte[] bArr2 = new byte[blockSize];
        System.arraycopy(bArr, 0, bArr2, 0, blockSize);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
        int length = bArr.length - blockSize;
        byte[] bArr3 = new byte[length];
        System.arraycopy(bArr, blockSize, bArr3, 0, length);
        return decrypt(bArr3, ivParameterSpec, cipher, secretKey);
    }

    public static byte[] decrypt(byte[] bArr, IvParameterSpec ivParameterSpec, Cipher cipher, SecretKey secretKey) throws GeneralSecurityException {
        cipher.init(2, secretKey, ivParameterSpec);
        return cipher.doFinal(bArr);
    }

    public static String decryptAsString(byte[] bArr, SecretKey secretKey) throws GeneralSecurityException {
        if (bArr == null || secretKey == null) {
            throw new IllegalArgumentException("Parameters cannot be null");
        }
        return IOUtils.encodeToDefaultCharset(decrypt(bArr, secretKey));
    }

    public static byte[] encrypt(byte[] bArr, SecretKey secretKey) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(1, secretKey);
        byte[] iv = cipher.getIV();
        byte[] doFinal = cipher.doFinal(bArr);
        byte[] bArr2 = new byte[iv.length + doFinal.length];
        System.arraycopy(iv, 0, bArr2, 0, iv.length);
        System.arraycopy(doFinal, 0, bArr2, iv.length, doFinal.length);
        return bArr2;
    }

    public static byte[] encryptString(String str, SecretKey secretKey) throws GeneralSecurityException {
        if (TextUtils.isEmpty(str) || secretKey == null) {
            throw new IllegalArgumentException("Parameters cannot be null");
        }
        return encrypt(IOUtils.decodeToDefaultCharset(str), secretKey);
    }

    public static String generateAlias() {
        return UUID.randomUUID().toString();
    }

    private Cipher getCipher(String str) throws GeneralSecurityException {
        if (TextUtils.isEmpty(str)) {
            throw new IllegalArgumentException("Need an alias to find the cipher");
        }
        return getKeypairHelper(str).getCipher();
    }

    private KeyPairHelper getKeypairHelper(String str) {
        if (str.equals(Constants.HW_KEYSTORE_KEY_ALIAS)) {
            return this.publicAPIKeypairHelper;
        }
        KeystoreDataType findKeystoreType = this.keyDataStorage.findKeystoreType(str);
        if (findKeystoreType == null) {
            Log.i(TAG, "No existing helper found. Using default helper");
            return this.fallbackKeypairHelper;
        }
        int i = AnonymousClass1.$SwitchMap$com$okta$android$auth$data$database$keystorage$KeystoreDataType[findKeystoreType.ordinal()];
        if (i == 1) {
            return this.fallbackKeypairHelper;
        }
        if (i == 2) {
            return this.hiddenAPIKeypairHelper;
        }
        if (i == 3) {
            return this.publicAPIKeypairHelper;
        }
        throw new RuntimeException("Unable to match keystore type to a known keystore helper");
    }

    public static void printAvailableCiphers() {
        TreeSet treeSet = new TreeSet();
        for (Provider provider : Security.getProviders()) {
            for (Map.Entry<Object, Object> entry : provider.entrySet()) {
                String str = entry.getKey().toString() + " -> " + entry.getValue().toString();
                if (str.startsWith("Alg.Alias.")) {
                    str = str.substring(10);
                }
                treeSet.add(str);
            }
        }
        Log.w(TAG, "Available cipher algorithms:\n");
        Iterator it = treeSet.iterator();
        while (it.hasNext()) {
            Log.w(TAG, ((String) it.next()) + "\n");
        }
    }

    public byte[] decrypt(byte[] bArr, String str) throws GeneralSecurityException {
        Cipher cipher = getCipher(str);
        PrivateKey userPrivateKey = getUserPrivateKey(str);
        if (cipher == null || userPrivateKey == null) {
            throw new GeneralSecurityException("Unable to find key when decrypting string for alias " + str.substring(0, 3));
        }
        cipher.init(2, userPrivateKey);
        return cipher.doFinal(bArr);
    }

    public int decryptAsInteger(byte[] bArr, String str) throws GeneralSecurityException {
        if (bArr == null || TextUtils.isEmpty(str)) {
            throw new IllegalArgumentException("Need something to decrypt and an alias for the key to decrypt it with");
        }
        return new BigInteger(decrypt(bArr, str)).intValue();
    }

    public String decryptAsString(byte[] bArr, String str) throws GeneralSecurityException {
        if (bArr == null || TextUtils.isEmpty(str)) {
            throw new IllegalArgumentException("Need something to decrypt and an alias for the key to decrypt it with");
        }
        return IOUtils.encodeToDefaultCharset(decrypt(bArr, str));
    }

    public boolean deleteKey(String str) {
        if (str.equals(Constants.HW_KEYSTORE_KEY_ALIAS)) {
            return false;
        }
        return this.keyDataStorage.deleteKeyEntry(str);
    }

    public byte[] encrypt(byte[] bArr, String str) throws GeneralSecurityException {
        Cipher cipher = getCipher(str);
        PublicKey userPublicKey = getUserPublicKey(str);
        if (cipher == null || userPublicKey == null) {
            throw new GeneralSecurityException("Unable to find key when encrypting for alias " + str.substring(0, 3));
        }
        cipher.init(1, userPublicKey);
        return cipher.doFinal(bArr);
    }

    public byte[] encryptInteger(int i, String str) throws GeneralSecurityException {
        if (TextUtils.isEmpty(str)) {
            throw new IllegalArgumentException("Need an alias for the key to encrypt with");
        }
        ByteBuffer allocate = ByteBuffer.allocate(4);
        allocate.putInt(i);
        return encrypt(allocate.array(), str);
    }

    public byte[] encryptString(String str, String str2) throws GeneralSecurityException {
        if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2)) {
            throw new IllegalArgumentException("Need something to encrypt and an alias for the key to encrypt it with");
        }
        return encrypt(str.getBytes(), str2);
    }

    public KeyPair generateKeyPair(String str) throws GeneralSecurityException {
        if (TextUtils.isEmpty(str)) {
            throw new IllegalArgumentException("Cannot have null alias for keypair");
        }
        KeyPair userKeypair = getUserKeypair(str);
        if (userKeypair != null) {
            Log.d(TAG, "found existing keypair for alias=" + str + ", not generating new one");
            return userKeypair;
        }
        String str2 = TAG;
        Log.d(str2, "About to generate keypair");
        KeyPairHelper keypairHelper = getKeypairHelper(str);
        KeyPair generateKeypair = keypairHelper.generateKeypair(str);
        keypairHelper.storeUserKeypair(str, generateKeypair);
        Log.d(str2, "Finished generating keypair");
        return generateKeypair;
    }

    public KeystoreDataType getKeystoreType(String str) {
        return this.keyDataStorage.findKeystoreType(str);
    }

    public KeyPair getUserKeypair(String str) throws GeneralSecurityException {
        if (str == null) {
            Log.e(TAG, "Cannot find keypair for a null alias");
            return null;
        }
        KeyPair keypair = getKeypairHelper(str).getKeypair(str);
        if (keypair == null) {
            Log.w(TAG, "No stored keypair found for " + str.substring(0, 3));
        }
        return keypair;
    }

    public PrivateKey getUserPrivateKey(String str) throws GeneralSecurityException {
        KeyPair userKeypair = getUserKeypair(str);
        if (userKeypair == null) {
            return null;
        }
        return userKeypair.getPrivate();
    }

    public PublicKey getUserPublicKey(String str) throws GeneralSecurityException {
        KeyPair userKeypair = getUserKeypair(str);
        if (userKeypair == null) {
            return null;
        }
        return userKeypair.getPublic();
    }
}
