package com.lufthansa.android.lufthansa.model.keychain.encryption;

import android.annotation.TargetApi;
import android.security.KeyPairGeneratorSpec;
import android.text.TextUtils;
import android.util.Base64;
import com.google.devtools.build.android.desugar.runtime.ThrowableExtension;
import com.lufthansa.android.lufthansa.LHApplication;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

@TargetApi(18)
/* loaded from: classes.dex */
public class AESEncryptionHelper extends EncryptionHelper {
    private static AESEncryptionHelper instance;
    private Cipher aesCipher;
    private Key aesKey;
    private String alias;
    private KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
    private Cipher rsaCipher;

    private AESEncryptionHelper() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        this.keyStore.load(null);
    }

    private byte[] decryptKey(byte[] bArr) {
        try {
            PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) this.keyStore.getEntry(this.alias, null)).getPrivateKey();
            if (this.rsaCipher == null) {
                this.rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            }
            this.rsaCipher.init(2, privateKey);
            CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), this.rsaCipher);
            ArrayList arrayList = new ArrayList();
            while (true) {
                int read = cipherInputStream.read();
                if (read == -1) {
                    break;
                }
                arrayList.add(Byte.valueOf((byte) read));
            }
            byte[] bArr2 = new byte[arrayList.size()];
            for (int i = 0; i < bArr2.length; i++) {
                bArr2[i] = ((Byte) arrayList.get(i)).byteValue();
            }
            return bArr2;
        } catch (Exception e) {
            ThrowableExtension.a(e);
            return null;
        }
    }

    private byte[] encryptKey(byte[] bArr) {
        try {
            PublicKey publicKey = ((KeyStore.PrivateKeyEntry) this.keyStore.getEntry(this.alias, null)).getCertificate().getPublicKey();
            if (this.rsaCipher == null) {
                this.rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            }
            this.rsaCipher.init(1, publicKey);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, this.rsaCipher);
            cipherOutputStream.write(bArr);
            cipherOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (Exception unused) {
            return null;
        }
    }

    private void generateAndStoreAESKey(String str) {
        byte[] bArr;
        byte[] encryptKey;
        if (getEncryptedKey() == null) {
            byte[] bArr2 = new byte[32];
            new SecureRandom().nextBytes(bArr2);
            try {
                bArr = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(str.toCharArray(), bArr2, 1000, 256)).getEncoded();
            } catch (Exception unused) {
                bArr = new byte[32];
                new SecureRandom().nextBytes(bArr);
            }
            if (bArr == null || (encryptKey = encryptKey(bArr)) == null) {
                return;
            }
            storeEncryptedKey(Base64.encodeToString(encryptKey, 0));
        }
    }

    private void generateKeyStoreKey(String str) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        if (this.keyStore.containsAlias(str)) {
            return;
        }
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 20);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(LHApplication.a()).setAlias(str).setSubject(new X500Principal(String.format("CN=%s, OU=%s", str, LHApplication.a().getPackageName()))).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
    }

    public static EncryptionHelper getInstance() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        if (instance == null) {
            instance = new AESEncryptionHelper();
        }
        return instance;
    }

    private Key getSecretKey() {
        byte[] decryptKey;
        if (this.aesKey != null) {
            return this.aesKey;
        }
        String encryptedKey = getEncryptedKey();
        if (TextUtils.isEmpty(encryptedKey) || (decryptKey = decryptKey(Base64.decode(encryptedKey, 0))) == null) {
            return null;
        }
        this.aesKey = new SecretKeySpec(decryptKey, "AES");
        return this.aesKey;
    }

    @Override // com.lufthansa.android.lufthansa.model.keychain.encryption.EncryptionHelper
    public String decrypt(String str) {
        if (!isInitialized() || TextUtils.isEmpty(str)) {
            return str;
        }
        try {
            return new String(decrypt(str.getBytes("UTF-8")));
        } catch (Exception unused) {
            return str;
        }
    }

    @Override // com.lufthansa.android.lufthansa.model.keychain.encryption.EncryptionHelper
    public synchronized byte[] decrypt(byte[] bArr) {
        if (isInitialized() && bArr != null && bArr.length > 0) {
            try {
                if (this.aesCipher == null) {
                    this.aesCipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC");
                }
                this.aesCipher.init(2, getSecretKey());
                bArr = this.aesCipher.doFinal(bArr);
            } catch (Exception unused) {
            }
        }
        return bArr;
    }

    @Override // com.lufthansa.android.lufthansa.model.keychain.encryption.EncryptionHelper
    public String encrypt(String str) {
        if (!isInitialized() || TextUtils.isEmpty(str)) {
            return str;
        }
        try {
            return Base64.encodeToString(encrypt(str.getBytes("UTF-8")), 0);
        } catch (Exception unused) {
            return str;
        }
    }

    @Override // com.lufthansa.android.lufthansa.model.keychain.encryption.EncryptionHelper
    public synchronized byte[] encrypt(byte[] bArr) {
        if (isInitialized() && bArr != null && bArr.length > 0) {
            try {
                if (this.aesCipher == null) {
                    this.aesCipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC");
                }
                this.aesCipher.init(1, getSecretKey());
                bArr = this.aesCipher.doFinal(bArr);
            } catch (Exception unused) {
            }
        }
        return bArr;
    }

    @Override // com.lufthansa.android.lufthansa.model.keychain.encryption.EncryptionHelper
    public synchronized InputStream getDecodingInputStream(InputStream inputStream) {
        try {
            if (this.aesCipher == null) {
                this.aesCipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC");
            }
            this.aesCipher.init(2, getSecretKey());
            inputStream = new CipherInputStream(inputStream, this.aesCipher);
        } catch (Exception e) {
            ThrowableExtension.a(e);
        }
        return inputStream;
    }

    @Override // com.lufthansa.android.lufthansa.model.keychain.encryption.EncryptionHelper
    public synchronized OutputStream getEncodingOutputStream(OutputStream outputStream) {
        try {
            if (this.aesCipher == null) {
                this.aesCipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC");
            }
            this.aesCipher.init(1, getSecretKey());
            outputStream = new CipherOutputStream(outputStream, this.aesCipher);
        } catch (Exception e) {
            ThrowableExtension.a(e);
        }
        return outputStream;
    }

    @Override // com.lufthansa.android.lufthansa.model.keychain.encryption.EncryptionHelper
    protected void initInternal(String str) throws InitializationException {
        this.alias = LHApplication.a().getPackageName();
        try {
            generateKeyStoreKey(this.alias);
            generateAndStoreAESKey(str);
        } catch (Exception unused) {
            throw new InitializationException();
        }
    }
}
