package com.linkedin.android.liauthlib.common;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.linkedin.android.liauthlib.LiAuth;
import com.linkedin.android.liauthlib.utils.LILog;
import com.linkedin.android.logger.Log;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.Calendar;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes3.dex */
public class EncryptionDecryptionHelper {
    private static final String TAG = "EncryptionDecryptionHelper";

    @Nullable
    private static EncryptionDecryptionHelper encryptionDecryptionHelper;

    @NonNull
    private final Context context;

    @Nullable
    private KeyStore.PrivateKeyEntry privateKeyEntry;

    private EncryptionDecryptionHelper(@NonNull Context context, @Nullable LiAuth.LiAuthLixCallback liAuthLixCallback) throws EncryptionDecryptionException {
        this.context = context.getApplicationContext();
        try {
            initializeKeyPairIfNeeded(false);
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableEntryException | CertificateException e) {
            throw new EncryptionDecryptionException("Error generating key store: ", e);
        }
    }

    @NonNull
    private Cipher getCipher() throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException {
        return Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidKeyStoreBCWorkaround");
    }

    @NonNull
    public static EncryptionDecryptionHelper getInstance(@NonNull Context context, @Nullable LiAuth.LiAuthLixCallback liAuthLixCallback) throws EncryptionDecryptionException {
        if (encryptionDecryptionHelper == null) {
            encryptionDecryptionHelper = new EncryptionDecryptionHelper(context, liAuthLixCallback);
        }
        return encryptionDecryptionHelper;
    }

    private void initKeyPair() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, NoSuchProviderException, InvalidAlgorithmParameterException, UnrecoverableEntryException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (!keyStore.containsAlias("com.linkedin.android.authlib")) {
            LILog.d(TAG, "No keypair found, generating it");
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 10);
            KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.context).setAlias("com.linkedin.android.authlib").setKeySize(2048).setSubject(new X500Principal("CN=Duke")).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
        }
        try {
            this.privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("com.linkedin.android.authlib", null);
        } catch (NullPointerException e) {
            Log.e(TAG, "Fail to get private key entry", e);
        }
    }

    private void initializeKeyPairIfNeeded(boolean z) throws InvalidAlgorithmParameterException, UnrecoverableEntryException, CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException, NoSuchProviderException {
        if (z) {
            return;
        }
        initKeyPair();
    }

    @Nullable
    public String decrypt(@NonNull String str) throws EncryptionDecryptionException {
        try {
            initializeKeyPairIfNeeded(true);
            if (!TextUtils.isEmpty(str) && this.privateKeyEntry != null) {
                Cipher cipher = getCipher();
                cipher.init(2, this.privateKeyEntry.getPrivateKey());
                return new String(cipher.doFinal(Base64.decode(str, 1)), StandardCharsets.UTF_8);
            }
            Log.w(TAG, "Unable to decrypt because of empty privateKeyEntry or encryptedString. Return null");
            return null;
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new EncryptionDecryptionException("Could not decrypt user id: ", e);
        }
    }

    @Nullable
    public String encrypt(@NonNull String str) throws EncryptionDecryptionException {
        try {
            initializeKeyPairIfNeeded(true);
            if (!TextUtils.isEmpty(str) && this.privateKeyEntry != null) {
                Cipher cipher = getCipher();
                cipher.init(1, this.privateKeyEntry.getCertificate().getPublicKey());
                return Base64.encodeToString(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)), 1);
            }
            Log.w(TAG, "Unable to encrypt because of empty privateKeyEntry or stringToEncrypt. Return null");
            return null;
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new EncryptionDecryptionException("Could not encrypt user id: ", e);
        }
    }
}
