package com.antoniocappiello.commonutils.security;

import android.content.Context;
import android.hardware.fingerprint.FingerprintManager;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.support.annotation.RequiresApi;
import android.text.TextUtils;
import android.util.Base64;
import com.antoniocappiello.commonutils.PhoneUtils;
import com.antoniocappiello.commonutils.logger.Logger;
import com.google.android.gms.stats.CodePackage;
import com.pixplicity.easyprefs.library.Prefs;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.HashMap;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.apache.poi.ss.formula.ptg.RefNPtg;

/* loaded from: classes.dex */
public class EncryptionService {
    private static final String AES_MODE_BELOW_M = "AES/ECB/PKCS7Padding";
    private static final String AES_MODE_M = "AES/GCM/NoPadding";
    private static final String ANDROID_KEYSTORE = "AndroidKeyStore";
    private static final int DEFAULT_AES_BYTES_SIZE = 16;
    public static final String DEFAULT_KEY_ALIAS = "default_key";
    private static final String ENCRYPTED_KEY = "ENCRYPTED_KEY";
    private static final byte[] FIXED_IV = {55, 54, 53, 52, 51, 50, 49, 48, 47, 46, 45, RefNPtg.sid};
    private static final String RSA_MODE = "RSA/ECB/PKCS1Padding";
    private static final String TAG = "EncryptionService";
    private Cipher defaultCipher;
    private HashMap<String, Boolean> keyMapManagedByKeystore;
    private final KeyStore keyStore;

    public EncryptionService() {
        Logger.i(TAG, "EncryptionService constructor - START");
        try {
            this.keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
            try {
                this.keyStore.load(null);
                getDefaultCipher();
                this.keyMapManagedByKeystore = new HashMap<>();
                Logger.i(TAG, "EncryptionService constructor - END");
            } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
                throw new RuntimeException("Failed to load KeyStore", e);
            }
        } catch (KeyStoreException e2) {
            throw new RuntimeException("Failed to get an instance of KeyStore", e2);
        }
    }

    @RequiresApi(api = 23)
    private void createAESKeyInKeystore(String str, int i) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        Logger.i(TAG, "createAESKeyInKeystore " + str);
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(str, 3).setBlockModes(CodePackage.GCM).setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEYSTORE);
        keyGenerator.init(build);
        keyGenerator.generateKey();
        Logger.i(TAG, "AES KEY GENERATED");
    }

    private void createAESKeyInSharedPrefs(String str, int i) {
        Logger.i(TAG, "createAESKeyInSharedPrefs " + str);
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        Prefs.putString(getSharedPrefKey(str), Base64.encodeToString(rsaEncrypt(bArr, str), 0));
        Logger.i(TAG, "AES KEY GENERATED AND ENCRYPTED (" + getSharedPrefKey(str) + " - " + str + " - " + i + ")");
    }

    @RequiresApi(api = 23)
    private void createRSAKeyInKeystore(String str) throws InvalidAlgorithmParameterException, NoSuchProviderException, NoSuchAlgorithmException {
        Logger.i(TAG, "createRSAKeyInKeystore " + str);
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(str, 3).setBlockModes(CodePackage.GCM).setEncryptionPaddings("PKCS1Padding").setRandomizedEncryptionRequired(false).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEYSTORE);
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
        Logger.i(TAG, "RSA KEYS GENERATED AND MANAGED BY KEYSTORE");
    }

    private void createRSAKeyInKeystorePreMarshmallow(Context context, String str) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        Logger.d(TAG, "createRSAKeyInKeystorePreMarshmallow " + str);
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 30);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSubject(new X500Principal("CN=" + str)).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEYSTORE);
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
        Logger.i(TAG, "RSA KEYS GENERATED");
    }

    private String getSharedPrefKey(String str) {
        return ENCRYPTED_KEY + str;
    }

    private String getSharedPrefKeyValue(String str) {
        return Prefs.getString(getSharedPrefKey(str), null);
    }

    private byte[] rsaDecrypt(byte[] bArr, String str) throws Exception {
        Logger.d(TAG, "rsaDecrypt()");
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.keyStore.getEntry(str, null);
        Cipher cipher = this.keyMapManagedByKeystore.get(str).booleanValue() ? Cipher.getInstance(RSA_MODE, "AndroidOpenSSL") : Cipher.getInstance(RSA_MODE);
        cipher.init(2, privateKeyEntry.getPrivateKey());
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        byte[] bArr2 = new byte[arrayList.size()];
        for (int i = 0; i < bArr2.length; i++) {
            bArr2[i] = ((Byte) arrayList.get(i)).byteValue();
        }
        return bArr2;
    }

    private byte[] rsaEncrypt(byte[] bArr, String str) {
        Logger.d(TAG, "rsaEncrypt() with keyAlias " + str);
        try {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.keyStore.getEntry(str, null);
            Cipher cipher = Cipher.getInstance(RSA_MODE, "AndroidOpenSSL");
            cipher.init(1, privateKeyEntry.getCertificate().getPublicKey());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            cipherOutputStream.write(bArr);
            cipherOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableEntryException | NoSuchPaddingException e) {
            throw new RuntimeException("Error in rsaEncrypt()", e);
        }
    }

    public void createAESEncryptedKey(Context context, String str) {
        createAESEncryptedKey(context, str, 16, true);
    }

    public void createAESEncryptedKey(Context context, String str, int i, boolean z) {
        Logger.d(TAG, "createAESEncryptedKey " + str + " len " + i + " managedByKeystore " + z);
        try {
            if (this.keyStore.containsAlias(str) && (z || getSharedPrefKeyValue(str) != null)) {
                Logger.w(TAG, "Keystore already contains key: " + str);
                Logger.d(TAG, "store " + str + " in keyMapManagedByKeystore");
                this.keyMapManagedByKeystore.put(str, Boolean.valueOf(z));
            }
            if (!PhoneUtils.isAtLeastMarshmallow()) {
                createRSAKeyInKeystorePreMarshmallow(context, str);
                createAESKeyInSharedPrefs(str, i);
            } else if (z) {
                createAESKeyInKeystore(str, i);
            } else {
                createRSAKeyInKeystore(str);
                createAESKeyInSharedPrefs(str, i);
            }
            Logger.d(TAG, "store " + str + " in keyMapManagedByKeystore");
            this.keyMapManagedByKeystore.put(str, Boolean.valueOf(z));
        } catch (InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new RuntimeException(e);
        }
    }

    public FingerprintManager.CryptoObject createCryptoObject() {
        Logger.d(TAG, "createCryptoObject()");
        if (Build.VERSION.SDK_INT >= 23) {
            return new FingerprintManager.CryptoObject(this.defaultCipher);
        }
        return null;
    }

    public String decodeBase64AndDecrypt(String str, String str2) throws Exception {
        return new String(decrypt(Base64.decode(str, 0), str2), StandardCharsets.UTF_8);
    }

    public byte[] decrypt(byte[] bArr, String str) throws Exception {
        if (PhoneUtils.isAtLeastMarshmallow()) {
            Cipher cipher = Cipher.getInstance(AES_MODE_M);
            cipher.init(2, getAESKey(str), new GCMParameterSpec(128, FIXED_IV));
            return cipher.doFinal(bArr);
        }
        Cipher cipher2 = Cipher.getInstance(AES_MODE_BELOW_M, "BC");
        cipher2.init(2, getAESKey(str));
        return cipher2.doFinal(bArr);
    }

    public void delete(String... strArr) {
        for (String str : strArr) {
            try {
                this.keyStore.deleteEntry(str);
                this.keyMapManagedByKeystore.remove(str);
                Logger.d(TAG, str + " key deleted form keystore");
                String sharedPrefKey = getSharedPrefKey(str);
                if (!TextUtils.isEmpty(sharedPrefKey) && Prefs.contains(sharedPrefKey)) {
                    Prefs.remove(sharedPrefKey);
                    Logger.d(TAG, str + " key deleted form sp");
                }
            } catch (KeyStoreException e) {
                Logger.e(TAG, "Cannot delete encryption key " + str, (Exception) e);
            }
        }
    }

    public byte[] encrypt(byte[] bArr, String str) throws Exception {
        if (PhoneUtils.isAtLeastMarshmallow()) {
            Cipher cipher = Cipher.getInstance(AES_MODE_M);
            cipher.init(1, getAESKey(str), new GCMParameterSpec(128, FIXED_IV));
            return cipher.doFinal(bArr);
        }
        Cipher cipher2 = Cipher.getInstance(AES_MODE_BELOW_M, "BC");
        cipher2.init(1, getAESKey(str));
        return cipher2.doFinal(bArr);
    }

    public String encryptAndEncodeBase64(String str, String str2) throws Exception {
        return Base64.encodeToString(encrypt(str.getBytes(StandardCharsets.UTF_8), str2), 0);
    }

    public Key getAESKey(String str) throws Exception {
        if (!this.keyMapManagedByKeystore.containsKey(str)) {
            throw new IllegalStateException(str + " key not generated yet");
        }
        if (PhoneUtils.isAtLeastMarshmallow() && this.keyMapManagedByKeystore.get(str).booleanValue()) {
            return this.keyStore.getKey(str, null);
        }
        String sharedPrefKeyValue = getSharedPrefKeyValue(str);
        if (!TextUtils.isEmpty(sharedPrefKeyValue)) {
            return new SecretKeySpec(rsaDecrypt(Base64.decode(sharedPrefKeyValue, 0), str), "AES");
        }
        Logger.e(TAG, "Didn't find any encrypted key in shared prefs. Prefs may have been reset.");
        return null;
    }

    public Cipher getDefaultCipher() {
        try {
            if (this.defaultCipher == null) {
                if (PhoneUtils.isAtLeastMarshmallow()) {
                    this.defaultCipher = Cipher.getInstance(AES_MODE_M);
                } else {
                    this.defaultCipher = Cipher.getInstance(AES_MODE_BELOW_M, "BC");
                }
            }
            Logger.d(TAG, "created default cypher");
            return this.defaultCipher;
        } catch (NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException e) {
            throw new RuntimeException("Failed to get cipher instance", e);
        }
    }

    public boolean initCipher(String str) {
        Logger.d(TAG, "initCipher()");
        try {
            getDefaultCipher().init(1, getAESKey(str));
            return true;
        } catch (Exception e) {
            if (!PhoneUtils.isAtLeastMarshmallow() || !(e instanceof KeyPermanentlyInvalidatedException)) {
                throw new RuntimeException("Failed to init Cipher", e);
            }
            Logger.e(TAG, "KeyPermanentlyInvalidatedException", e);
            return false;
        }
    }

    public boolean isInitialized() {
        HashMap<String, Boolean> hashMap = this.keyMapManagedByKeystore;
        return (hashMap == null || hashMap.isEmpty()) ? false : true;
    }
}
