package in.gov.digilocker.preferences;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import android.util.Log;
import com.google.firebase.messaging.Constants;
import in.gov.digilocker.common.Jni;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: PostLollipopCryptography.kt */
@Metadata(d1 = {"\u0000H\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\r\u0018\u00002\u00020\u0001B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0010\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u000eH\u0002J\u0010\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0002\u001a\u00020\u0003H\u0002J\b\u0010\u0011\u001a\u00020\u000eH\u0002J\b\u0010\u0012\u001a\u00020\u0013H\u0002J\b\u0010\u0014\u001a\u00020\u0013H\u0002J\b\u0010\u0015\u001a\u00020\u0013H\u0002J\b\u0010\u0016\u001a\u00020\u0013H\u0002J\u0010\u0010\u0017\u001a\u0004\u0018\u00010\u00182\u0006\u0010\u0019\u001a\u00020\u0003J\u0018\u0010\u001a\u001a\u00020\f2\u0006\u0010\u0002\u001a\u00020\u00032\u0006\u0010\u001b\u001a\u00020\fH\u0002J\u0018\u0010\u001c\u001a\u00020\f2\u0006\u0010\u0002\u001a\u00020\u00032\u0006\u0010\r\u001a\u00020\u000eH\u0002J\b\u0010\u001d\u001a\u00020\u0013H\u0002J\b\u0010\u001e\u001a\u00020\u0013H\u0002J\b\u0010\u001f\u001a\u00020\u0013H\u0002J\b\u0010 \u001a\u00020\u0006H\u0002J\u0018\u0010!\u001a\u00020\u00102\u0006\u0010\u0002\u001a\u00020\u00032\u0006\u0010\r\u001a\u00020\fH\u0002J\u0018\u0010\"\u001a\u00020\u00102\u0006\u0010#\u001a\u00020\u00132\u0006\u0010$\u001a\u00020\u0013H\u0002R\u0010\u0010\u0005\u001a\u0004\u0018\u00010\u0006X\u0082\u000e¢\u0006\u0002\n\u0000R\u0010\u0010\u0007\u001a\u0004\u0018\u00010\bX\u0082\u000e¢\u0006\u0002\n\u0000R\u0010\u0010\t\u001a\u0004\u0018\u00010\nX\u0082\u000e¢\u0006\u0002\n\u0000¨\u0006%"}, d2 = {"Lin/gov/digilocker/preferences/PostLollipopCryptography;", "Lin/gov/digilocker/preferences/Cryptography;", "context", "Landroid/content/Context;", "(Landroid/content/Context;)V", "keyStore", "Ljava/security/KeyStore;", "mRSAPrivateKey", "Ljava/security/PrivateKey;", "mRSAPublicKey", "Ljava/security/PublicKey;", "generateEncryptedKey", "", "key", "Ljava/security/Key;", "generateRSAKeyPair", "", "getAESKey", "getAliasKey", "", "getAndroidKeystoreKey", "getCryptoPrefKey", "getDataCryptAlgoKey", "getDecryptedAESKey", "Ljavax/crypto/spec/SecretKeySpec;", "mContext", "getDecryptedKey", "encryptedKey", "getEncryptedAESKey", "getKeyForAES", "getKeyStorePwd", "getRSAModeKey", "loadOrCreateCAKeyStore", "setEncryptedAESToPref", "setRSAPublicPrivateKey", "strAlias", "pwd", "app_productionRelease"}, k = 1, mv = {1, 8, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class PostLollipopCryptography extends Cryptography {
    private KeyStore keyStore;
    private PrivateKey mRSAPrivateKey;
    private PublicKey mRSAPublicKey;

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public PostLollipopCryptography(Context context) {
        super(context);
        Intrinsics.checkNotNullParameter(context, "context");
        setKey(getDecryptedAESKey(context));
    }

    private final byte[] generateEncryptedKey(Key key) {
        byte[] bArr;
        try {
            Cipher cipher = Cipher.getInstance(getRSAModeKey());
            cipher.init(1, this.mRSAPublicKey);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            cipherOutputStream.write(key.getEncoded());
            cipherOutputStream.close();
            bArr = byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            Log.e("PostLollipopCryptography", Constants.IPC_BUNDLE_KEY_SEND_ERROR, e);
            bArr = null;
        }
        Intrinsics.checkNotNull(bArr, "null cannot be cast to non-null type kotlin.ByteArray");
        return bArr;
    }

    private final void generateRSAKeyPair(Context context) {
        try {
            this.keyStore = loadOrCreateCAKeyStore();
            String aliasKey = getAliasKey();
            String keyStorePwd = getKeyStorePwd();
            KeyStore keyStore = this.keyStore;
            Intrinsics.checkNotNull(keyStore);
            if (keyStore.containsAlias(aliasKey)) {
                setRSAPublicPrivateKey(aliasKey, keyStorePwd);
            } else {
                Calendar calendar = Calendar.getInstance();
                Calendar calendar2 = Calendar.getInstance();
                calendar2.add(1, 30);
                KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias(getAliasKey()).setSubject(new X500Principal("CN=" + getAESKey())).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
                Intrinsics.checkNotNullExpressionValue(build, "Builder(context)\n       …                 .build()");
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", getAndroidKeystoreKey());
                Intrinsics.checkNotNullExpressionValue(keyPairGenerator, "getInstance(KeyPropertie… getAndroidKeystoreKey())");
                keyPairGenerator.initialize(build);
                keyPairGenerator.generateKeyPair();
                setRSAPublicPrivateKey(aliasKey, keyStorePwd);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private final Key getAESKey() {
        SecretKey secretKey;
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(getDataCryptAlgoKey());
            keyGenerator.init(256, new SecureRandom());
            secretKey = keyGenerator.generateKey();
        } catch (Exception e) {
            e.printStackTrace();
            secretKey = null;
        }
        Intrinsics.checkNotNull(secretKey, "null cannot be cast to non-null type java.security.Key");
        return secretKey;
    }

    private final String getAliasKey() {
        String aliasKey = new Jni().getAliasKey();
        AES aes = AES.INSTANCE;
        Intrinsics.checkNotNullExpressionValue(aliasKey, "aliasKey");
        return aes.decrypt(aliasKey);
    }

    private final String getAndroidKeystoreKey() {
        String keystoreKey = new Jni().getAndroidKeystoreKey();
        AES aes = AES.INSTANCE;
        Intrinsics.checkNotNullExpressionValue(keystoreKey, "keystoreKey");
        return aes.decrypt(keystoreKey);
    }

    private final String getCryptoPrefKey() {
        String cryptoPrefKey = new Jni().getCryptoPrefKey();
        AES aes = AES.INSTANCE;
        Intrinsics.checkNotNullExpressionValue(cryptoPrefKey, "cryptoPrefKey");
        return aes.decrypt(cryptoPrefKey);
    }

    private final String getDataCryptAlgoKey() {
        String dataCryptAlgoKey = new Jni().getDataCryptAlgoKey();
        AES aes = AES.INSTANCE;
        Intrinsics.checkNotNullExpressionValue(dataCryptAlgoKey, "dataCryptAlgoKey");
        return aes.decrypt(dataCryptAlgoKey);
    }

    private final byte[] getDecryptedKey(Context context, byte[] encryptedKey) {
        byte[] bArr;
        try {
            if (this.mRSAPrivateKey == null) {
                generateRSAKeyPair(context);
            }
            Cipher cipher = Cipher.getInstance(getRSAModeKey());
            cipher.init(2, this.mRSAPrivateKey);
            CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(encryptedKey), cipher);
            ArrayList arrayList = new ArrayList();
            while (true) {
                int read = cipherInputStream.read();
                if (read == -1) {
                    break;
                }
                arrayList.add(Byte.valueOf((byte) read));
            }
            int size = arrayList.size();
            bArr = new byte[size];
            for (int i = 0; i < size; i++) {
                Object obj = arrayList.get(i);
                Intrinsics.checkNotNullExpressionValue(obj, "values[i]");
                bArr[i] = ((Number) obj).byteValue();
            }
        } catch (Exception e) {
            Log.e("PostLollipopCryptography", Constants.IPC_BUNDLE_KEY_SEND_ERROR, e);
            bArr = null;
        }
        Intrinsics.checkNotNull(bArr);
        return bArr;
    }

    private final byte[] getEncryptedAESKey(Context context, Key key) {
        byte[] bArr;
        try {
            if (this.mRSAPublicKey == null) {
                generateRSAKeyPair(context);
                bArr = generateEncryptedKey(key);
            } else {
                bArr = generateEncryptedKey(key);
            }
        } catch (Exception e) {
            Log.e("PostLollipopCryptography", Constants.IPC_BUNDLE_KEY_SEND_ERROR, e);
            bArr = null;
        }
        Intrinsics.checkNotNull(bArr, "null cannot be cast to non-null type kotlin.ByteArray");
        return bArr;
    }

    private final String getKeyForAES() {
        String keyForAES = new Jni().getKeyForAES();
        AES aes = AES.INSTANCE;
        Intrinsics.checkNotNullExpressionValue(keyForAES, "keyForAES");
        return aes.decrypt(keyForAES);
    }

    private final String getKeyStorePwd() {
        String keyStorePwd = new Jni().getKeyStorePwd();
        AES aes = AES.INSTANCE;
        Intrinsics.checkNotNullExpressionValue(keyStorePwd, "keyStorePwd");
        return aes.decrypt(keyStorePwd);
    }

    private final String getRSAModeKey() {
        String rsaModeKey = new Jni().getRSAModeKey();
        AES aes = AES.INSTANCE;
        Intrinsics.checkNotNullExpressionValue(rsaModeKey, "rsaModeKey");
        return aes.decrypt(rsaModeKey);
    }

    private final KeyStore loadOrCreateCAKeyStore() {
        KeyStore keyStore;
        Exception e;
        try {
            keyStore = KeyStore.getInstance(getAndroidKeystoreKey());
        } catch (Exception e2) {
            keyStore = null;
            e = e2;
        }
        try {
            keyStore.load(null);
        } catch (Exception e3) {
            e = e3;
            e.printStackTrace();
            Intrinsics.checkNotNull(keyStore, "null cannot be cast to non-null type java.security.KeyStore");
            return keyStore;
        }
        Intrinsics.checkNotNull(keyStore, "null cannot be cast to non-null type java.security.KeyStore");
        return keyStore;
    }

    private final void setEncryptedAESToPref(Context context, byte[] key) {
        String encodeToString = Base64.encodeToString(key, 0);
        SharedPreferences.Editor edit = context.getSharedPreferences(getCryptoPrefKey(), 0).edit();
        edit.putString(getKeyForAES(), encodeToString);
        edit.apply();
    }

    private final void setRSAPublicPrivateKey(String strAlias, String pwd) {
        KeyStore.Entry entry;
        try {
            try {
                KeyStore keyStore = this.keyStore;
                Intrinsics.checkNotNull(keyStore);
                char[] charArray = pwd.toCharArray();
                Intrinsics.checkNotNullExpressionValue(charArray, "this as java.lang.String).toCharArray()");
                entry = keyStore.getEntry(strAlias, new KeyStore.PasswordProtection(charArray));
            } catch (Exception e) {
                Log.i("PostLollipopCryptography", "Unable to load private key with alias " + strAlias + " from KeyStore. Verify the KeyStore password is correct.", e);
                entry = null;
            }
            if (entry == null) {
                Log.e("PostLollipopCryptography", "Unable to find entry in keystore with alias: " + strAlias);
            }
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                Log.e("PostLollipopCryptography", "Entry in KeyStore with alias " + strAlias + " did not contain a private key entry " + strAlias);
            }
            Intrinsics.checkNotNull(entry, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            this.mRSAPrivateKey = privateKeyEntry.getPrivateKey();
            if (!(privateKeyEntry.getCertificate() instanceof X509Certificate)) {
                Log.e("PostLollipopCryptography", "Certificate for private key in KeyStore was not an X509Certificate. Private key alias: " + strAlias + ". Certificate type: " + (privateKeyEntry.getCertificate() != null ? privateKeyEntry.getCertificate().getClass().getName() : null));
            }
            Certificate certificate = privateKeyEntry.getCertificate();
            Intrinsics.checkNotNull(certificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
            this.mRSAPublicKey = ((X509Certificate) certificate).getPublicKey();
        } catch (Exception e2) {
            e2.printStackTrace();
        }
    }

    public final SecretKeySpec getDecryptedAESKey(Context mContext) {
        Intrinsics.checkNotNullParameter(mContext, "mContext");
        try {
            SharedPreferences sharedPreferences = mContext.getSharedPreferences(getCryptoPrefKey(), 0);
            Intrinsics.checkNotNullExpressionValue(sharedPreferences, "context.getSharedPrefere…(), Context.MODE_PRIVATE)");
            String string = sharedPreferences.getString(getKeyForAES(), null);
            if (string != null && !Intrinsics.areEqual(string, "")) {
                byte[] encryptedKey = Base64.decode(string, 0);
                Intrinsics.checkNotNullExpressionValue(encryptedKey, "encryptedKey");
                return new SecretKeySpec(getDecryptedKey(mContext, encryptedKey), 0, getDecryptedKey(mContext, encryptedKey).length, getDataCryptAlgoKey());
            }
            byte[] encryptedAESKey = getEncryptedAESKey(mContext, getAESKey());
            setEncryptedAESToPref(mContext, encryptedAESKey);
            return new SecretKeySpec(getDecryptedKey(mContext, encryptedAESKey), 0, getDecryptedKey(mContext, encryptedAESKey).length, getDataCryptAlgoKey());
        } catch (Exception e) {
            Log.e("PostLollipopCryptography", Constants.IPC_BUNDLE_KEY_SEND_ERROR, e);
            return null;
        }
    }
}
