package com.monect.utilities;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.preference.PreferenceManager;
import com.google.android.gms.stats.CodePackage;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.collections.ArraysKt;
import kotlin.jvm.internal.Intrinsics;
import org.apache.log4j.net.SyslogAppender;

@Metadata(d1 = {"\u0000:\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0004\b\u0007\u0018\u00002\u00020\u0001B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0010\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0002\u001a\u00020\u0003H\u0002J\u0018\u0010\u0012\u001a\u0004\u0018\u00010\n2\u0006\u0010\u0002\u001a\u00020\u00032\u0006\u0010\u0013\u001a\u00020\nJ\u0018\u0010\u0014\u001a\u0004\u0018\u00010\u00062\u0006\u0010\u0002\u001a\u00020\u00032\u0006\u0010\u0015\u001a\u00020\nJ\u0010\u0010\u0016\u001a\u00020\u00112\u0006\u0010\u0002\u001a\u00020\u0003H\u0002J\u0010\u0010\u0017\u001a\u0004\u0018\u00010\u00182\u0006\u0010\u0002\u001a\u00020\u0003J\u0010\u0010\u0019\u001a\u0004\u0018\u00010\n2\u0006\u0010\u0013\u001a\u00020\nJ\u0010\u0010\u001a\u001a\u0004\u0018\u00010\n2\u0006\u0010\u001b\u001a\u00020\nR\u000e\u0010\u0005\u001a\u00020\u0006X\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0006X\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0006X\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\nX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u000b\u001a\u00020\u0006X\u0082D¢\u0006\u0002\n\u0000R\u0010\u0010\f\u001a\u0004\u0018\u00010\rX\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\u000e\u001a\u00020\u0006X\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\u000f\u001a\u00020\u0006X\u0082D¢\u0006\u0002\n\u0000¨\u0006\u001c"}, d2 = {"Lcom/monect/utilities/KeystoreCipher;", "", "context", "Landroid/content/Context;", "(Landroid/content/Context;)V", "aesAlgorithm", "", "aesAlgorithmM", "androidKeyStore", "iv", "", "keyAlias", "keyStore", "Ljava/security/KeyStore;", "prefAesKeyName", "rsaAlgorithm", "checkRSAKeyPair", "", "decrypt", "encrypted", "encrypt", "input", "genAndStoreAESKey", "getSecretKey", "Ljava/security/Key;", "rsaDecrypt", "rsaEncrypt", "secret", "core_release"}, k = 1, mv = {1, 9, 0}, xi = SyslogAppender.LOG_LPR)
/* loaded from: classes3.dex */
public final class KeystoreCipher {
    public static final int $stable = 8;
    private final String aesAlgorithm;
    private final String aesAlgorithmM;
    private final String androidKeyStore;
    private final byte[] iv;
    private final String keyAlias;
    private KeyStore keyStore;
    private final String prefAesKeyName;
    private final String rsaAlgorithm;

    public KeystoreCipher(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        this.aesAlgorithm = "AES/ECB/PKCS7Padding";
        this.aesAlgorithmM = "AES/GCM/NoPadding";
        this.androidKeyStore = "AndroidKeyStore";
        this.keyAlias = "com.monect.rsakey";
        this.rsaAlgorithm = "RSA/ECB/PKCS1Padding";
        this.prefAesKeyName = "AES_ENCRYPTED_KEY";
        this.iv = new byte[]{11, -60, 1, -69, 103, -34, 51, -49, -52, 8, 15, -68};
        checkRSAKeyPair(context);
        if (Build.VERSION.SDK_INT < 23) {
            genAndStoreAESKey(context);
        }
    }

    private final void checkRSAKeyPair(Context context) {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder randomizedEncryptionRequired;
        KeyGenParameterSpec build;
        KeyStore keyStore = KeyStore.getInstance(this.androidKeyStore);
        keyStore.load(null);
        if (!keyStore.containsAlias(this.keyAlias)) {
            if (Build.VERSION.SDK_INT >= 23) {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", this.androidKeyStore);
                MFile$$ExternalSyntheticApiModelOutline0.m$1();
                blockModes = MFile$$ExternalSyntheticApiModelOutline0.m(this.keyAlias, 3).setBlockModes(CodePackage.GCM);
                encryptionPaddings = blockModes.setEncryptionPaddings("NoPadding");
                randomizedEncryptionRequired = encryptionPaddings.setRandomizedEncryptionRequired(false);
                build = randomizedEncryptionRequired.build();
                keyGenerator.init(build);
                keyGenerator.generateKey();
            } else {
                Calendar calendar = Calendar.getInstance();
                Calendar calendar2 = Calendar.getInstance();
                calendar2.add(1, 30);
                KeyPairGeneratorSpec build2 = new KeyPairGeneratorSpec.Builder(context).setAlias(this.keyAlias).setSubject(new X500Principal("CN=" + this.keyAlias)).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
                Intrinsics.checkNotNullExpressionValue(build2, "build(...)");
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", this.androidKeyStore);
                keyPairGenerator.initialize(build2);
                keyPairGenerator.generateKeyPair();
            }
        }
        this.keyStore = keyStore;
    }

    private final void genAndStoreAESKey(Context context) {
        SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
        if (defaultSharedPreferences.getString(this.prefAesKeyName, null) == null) {
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            String encodeToString = Base64.encodeToString(rsaEncrypt(bArr), 0);
            SharedPreferences.Editor edit = defaultSharedPreferences.edit();
            edit.putString(this.prefAesKeyName, encodeToString);
            edit.commit();
        }
    }

    public final byte[] decrypt(Context context, byte[] encrypted) throws Exception {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(encrypted, "encrypted");
        if (Build.VERSION.SDK_INT < 23) {
            if (getSecretKey(context) == null) {
                return null;
            }
            Cipher cipher = Cipher.getInstance(this.aesAlgorithm, "BC");
            cipher.init(2, getSecretKey(context));
            return cipher.doFinal(encrypted);
        }
        Key secretKey = getSecretKey(context);
        if (secretKey == null) {
            return null;
        }
        Cipher cipher2 = Cipher.getInstance(this.aesAlgorithmM);
        cipher2.init(2, secretKey, new GCMParameterSpec(128, this.iv));
        return cipher2.doFinal(encrypted);
    }

    public final String encrypt(Context context, byte[] input) throws Exception {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(input, "input");
        if (Build.VERSION.SDK_INT >= 23) {
            Key secretKey = getSecretKey(context);
            if (secretKey == null) {
                return null;
            }
            Cipher cipher = Cipher.getInstance(this.aesAlgorithmM);
            cipher.init(1, secretKey, new GCMParameterSpec(128, this.iv));
            return Base64.encodeToString(cipher.doFinal(input), 0);
        }
        Key secretKey2 = getSecretKey(context);
        if (secretKey2 == null) {
            return null;
        }
        Cipher cipher2 = Cipher.getInstance(this.aesAlgorithm, "BC");
        cipher2.init(1, secretKey2);
        return Base64.encodeToString(cipher2.doFinal(input), 0);
    }

    public final Key getSecretKey(Context context) throws Exception {
        Intrinsics.checkNotNullParameter(context, "context");
        if (Build.VERSION.SDK_INT >= 23) {
            KeyStore keyStore = this.keyStore;
            if (keyStore != null) {
                return keyStore.getKey(this.keyAlias, null);
            }
            return null;
        }
        byte[] decode = Base64.decode(PreferenceManager.getDefaultSharedPreferences(context).getString(this.prefAesKeyName, null), 0);
        Intrinsics.checkNotNull(decode);
        byte[] rsaDecrypt = rsaDecrypt(decode);
        return rsaDecrypt != null ? new SecretKeySpec(rsaDecrypt, "AES") : null;
    }

    public final byte[] rsaDecrypt(byte[] encrypted) throws Exception {
        Intrinsics.checkNotNullParameter(encrypted, "encrypted");
        KeyStore keyStore = this.keyStore;
        if (keyStore == null) {
            return null;
        }
        KeyStore.Entry entry = keyStore.getEntry(this.keyAlias, null);
        Intrinsics.checkNotNull(entry, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
        Cipher cipher = Cipher.getInstance(this.rsaAlgorithm, "AndroidOpenSSL");
        cipher.init(2, ((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(encrypted), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                return ArraysKt.toByteArray((Byte[]) arrayList.toArray(new Byte[0]));
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
    }

    public final byte[] rsaEncrypt(byte[] secret) throws Exception {
        Intrinsics.checkNotNullParameter(secret, "secret");
        KeyStore keyStore = this.keyStore;
        if (keyStore == null) {
            return null;
        }
        KeyStore.Entry entry = keyStore.getEntry(this.keyAlias, null);
        Intrinsics.checkNotNull(entry, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
        Cipher cipher = Cipher.getInstance(this.rsaAlgorithm, "AndroidOpenSSL");
        cipher.init(1, ((KeyStore.PrivateKeyEntry) entry).getCertificate().getPublicKey());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(secret);
        cipherOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }
}
