package com.sonicwall.mobileconnect.util;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.preference.PreferenceManager;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.sonicwall.mobileconnect.logging.Logger;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.GregorianCalendar;
import javax.crypto.Cipher;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class KeyStoreHelper {
    private static final String FINGERPRINT_KEY_NAME = "fingerprintKey";
    private static final String KEY_NAME = "pwdKey";
    private static final String PKEY = "pKey";
    private static final String PUBKEY = "pubKey";
    public static final String TAG = "KeyStoreHelper";
    private static KeyStoreHelper mInstance;
    private final Logger mLogger = Logger.getInstance();
    private KeyPair mKeyPair = null;

    private KeyStoreHelper() {
    }

    public static synchronized KeyStoreHelper getInstance() {
        KeyStoreHelper keyStoreHelper;
        synchronized (KeyStoreHelper.class) {
            if (mInstance == null) {
                mInstance = new KeyStoreHelper();
            }
            keyStoreHelper = mInstance;
        }
        return keyStoreHelper;
    }

    private KeyStore.PrivateKeyEntry getPrivateKeyEntry(String str) throws KeyStoreException, UnrecoverableEntryException, NoSuchAlgorithmException, IOException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(SecurityConstants.KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
        keyStore.load(null);
        KeyStore.Entry entry = keyStore.getEntry(str, null);
        if (entry != null) {
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                return (KeyStore.PrivateKeyEntry) entry;
            }
            this.mLogger.logWarn(TAG, "Not an instance of a PrivateKeyEntry");
            this.mLogger.logWarn(TAG, "Exiting getPrivateKeyEntry()...");
            return null;
        }
        this.mLogger.logWarn(TAG, "No key found under alias: " + str);
        this.mLogger.logWarn(TAG, "Exiting getPrivateKeyEntry()...");
        return null;
    }

    public void createFingerprintKeys(Context context) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        Util.deleteBiometricCreds(context);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", SecurityConstants.KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(FINGERPRINT_KEY_NAME, 3).setBlockModes("ECB").setUserAuthenticationRequired(true).setEncryptionPaddings("PKCS1Padding").build());
        keyPairGenerator.generateKeyPair();
    }

    public void createKeys(Context context) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        try {
            if (getPrivateKeyEntry(KEY_NAME) != null) {
                this.mLogger.logDebug(TAG, "Loaded PrivateKeyEntry from Android Key Store");
                return;
            }
        } catch (Exception e) {
            this.mLogger.logError(TAG, "Failed to load PrivateKeyEntry from Android Key Store", e);
        }
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.add(1, 1);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias(KEY_NAME).setSubject(new X500Principal("CN=pwdKey")).setSerialNumber(BigInteger.valueOf(1337L)).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", SecurityConstants.KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
    }

    public void createKeysICS(Context context) throws Exception {
        SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
        String string = defaultSharedPreferences.getString(PUBKEY, null);
        String string2 = defaultSharedPreferences.getString(PKEY, null);
        if (string != null && string2 != null) {
            try {
                KeyFactory keyFactory = KeyFactory.getInstance("RSA");
                this.mKeyPair = new KeyPair(keyFactory.generatePublic(new X509EncodedKeySpec(Base64.decode(string, 0))), keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(string2, 0))));
                this.mLogger.logDebug(TAG, "Created KeyPair from provided encoded keys");
                return;
            } catch (Exception e) {
                this.mLogger.logError(TAG, "Failed to create KeyPair from provided encoded keys", e);
            }
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        this.mKeyPair = keyPairGenerator.generateKeyPair();
        SharedPreferences.Editor edit = defaultSharedPreferences.edit();
        edit.putString(PUBKEY, Base64.encodeToString(this.mKeyPair.getPublic().getEncoded(), 0));
        edit.putString(PKEY, Base64.encodeToString(this.mKeyPair.getPrivate().getEncoded(), 0));
        edit.commit();
    }

    public String decrypt(String str) throws Exception {
        PrivateKey privateKey;
        if (str == null || str.length() == 0) {
            return null;
        }
        if (Build.VERSION.SDK_INT < 18) {
            privateKey = this.mKeyPair.getPrivate();
        } else {
            KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(KEY_NAME);
            if (privateKeyEntry == null) {
                this.mLogger.logWarn(TAG, "No key found under alias: pwdKey");
                this.mLogger.logWarn(TAG, "Exiting decrypt()...");
                return null;
            }
            privateKey = privateKeyEntry.getPrivateKey();
        }
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
        cipher.init(2, privateKey);
        return new String(cipher.doFinal(Base64.decode(str, 0)));
    }

    public String encrypt(String str) throws Exception {
        PublicKey publicKey;
        if (str == null || str.length() == 0) {
            return null;
        }
        if (Build.VERSION.SDK_INT < 18) {
            publicKey = this.mKeyPair.getPublic();
        } else {
            KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(KEY_NAME);
            if (privateKeyEntry == null) {
                this.mLogger.logWarn(TAG, "No key found under alias: pwdKey");
                this.mLogger.logWarn(TAG, "Exiting encrypt()...");
                return null;
            }
            publicKey = privateKeyEntry.getCertificate().getPublicKey();
        }
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
        cipher.init(1, publicKey);
        return Base64.encodeToString(cipher.doFinal(str.getBytes()), 0);
    }

    public String fingerprintDecrypt(String str, Cipher cipher) throws Exception {
        if (str == null || str.length() == 0 || cipher == null) {
            return null;
        }
        return new String(cipher.doFinal(Base64.decode(str, 0)));
    }

    public String fingerprintEncrypt(String str) throws Exception {
        if (str == null || str.length() == 0) {
            return null;
        }
        KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(FINGERPRINT_KEY_NAME);
        if (privateKeyEntry == null) {
            this.mLogger.logWarn(TAG, "No key found under alias: fingerprintKey");
            this.mLogger.logWarn(TAG, "Exiting encrypt()...");
            return null;
        }
        PublicKey publicKey = privateKeyEntry.getCertificate().getPublicKey();
        PublicKey generatePublic = KeyFactory.getInstance(publicKey.getAlgorithm()).generatePublic(new X509EncodedKeySpec(publicKey.getEncoded()));
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
        cipher.init(1, generatePublic);
        return Base64.encodeToString(cipher.doFinal(str.getBytes()), 0);
    }

    public Cipher initFingerprintCipher() {
        try {
            KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(FINGERPRINT_KEY_NAME);
            if (privateKeyEntry == null) {
                return null;
            }
            this.mLogger.logDebug(TAG, "Loaded PrivateKeyEntry from Android Key Store");
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
            cipher.init(2, privateKeyEntry.getPrivateKey());
            return cipher;
        } catch (InvalidKeyException e) {
            this.mLogger.logError(TAG, e);
            return null;
        } catch (Exception e2) {
            this.mLogger.logError(TAG, "Failed to load PrivateKeyEntry from Android Key Store", e2);
            return null;
        }
    }

    public void initKeys(Context context) throws Exception {
        if (Build.VERSION.SDK_INT < 18) {
            createKeysICS(context);
            return;
        }
        createKeys(context);
        if (Util.isFingerprintAvailable() && initFingerprintCipher() == null) {
            createFingerprintKeys(context);
        }
    }

    public String signData(String str) throws KeyStoreException, UnrecoverableEntryException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException, CertificateException {
        byte[] bytes = str.getBytes();
        KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(KEY_NAME);
        if (privateKeyEntry == null) {
            this.mLogger.logWarn(TAG, "No key found under alias: pwdKey");
            this.mLogger.logWarn(TAG, "Exiting signData()...");
            return null;
        }
        Signature signature = Signature.getInstance(SecurityConstants.SIGNATURE_SHA256withRSA);
        signature.initSign(privateKeyEntry.getPrivateKey());
        signature.update(bytes);
        return Base64.encodeToString(signature.sign(), 0);
    }

    public boolean verifyData(String str, String str2) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, UnrecoverableEntryException, InvalidKeyException, SignatureException {
        byte[] bytes = str.getBytes();
        if (str2 == null) {
            this.mLogger.logWarn(TAG, "Invalid signature.");
            this.mLogger.logWarn(TAG, "Exiting verifyData()...");
            return false;
        }
        try {
            byte[] decode = Base64.decode(str2, 0);
            KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(KEY_NAME);
            if (privateKeyEntry == null) {
                this.mLogger.logWarn(TAG, "No key found under alias: pwdKey");
                this.mLogger.logWarn(TAG, "Exiting verifyData()...");
                return false;
            }
            Signature signature = Signature.getInstance(SecurityConstants.SIGNATURE_SHA256withRSA);
            signature.initVerify(privateKeyEntry.getCertificate());
            signature.update(bytes);
            return signature.verify(decode);
        } catch (IllegalArgumentException unused) {
            return false;
        }
    }
}
