package foundation.merci.external.data.local;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.security.crypto.EncryptedFile;
import androidx.security.crypto.MasterKey;
import foundation.merci.external.data.local.KeyStoreWrapper;
import foundation.merci.external.util.MerciLogger;
import foundation.merci.external.util.exts.ViewExtensionsKt;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.CompletableEmitter;
import io.reactivex.rxjava3.core.CompletableOnSubscribe;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.io.CloseableKt;
import kotlin.io.TextStreamsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;

/* compiled from: KeyStoreWrapper.kt */
@Metadata(d1 = {"\u0000N\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0000\u0018\u0000  2\u00020\u0001:\u0001 B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0018\u0010\u0007\u001a\u00020\u00062\u0006\u0010\u0002\u001a\u00020\u00032\u0006\u0010\b\u001a\u00020\tH\u0002J\u0018\u0010\n\u001a\u0004\u0018\u00010\t2\u0006\u0010\u000b\u001a\u00020\t2\u0006\u0010\f\u001a\u00020\tJ\u0018\u0010\r\u001a\u0004\u0018\u00010\t2\u0006\u0010\u000e\u001a\u00020\u00032\u0006\u0010\u000f\u001a\u00020\tJ\u0010\u0010\u0010\u001a\u0004\u0018\u00010\u00112\u0006\u0010\u0012\u001a\u00020\tJ\u001e\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u000e\u001a\u00020\u00032\u0006\u0010\u000f\u001a\u00020\t2\u0006\u0010\u0012\u001a\u00020\tJ\u001a\u0010\u0015\u001a\u0004\u0018\u00010\u00062\u0006\u0010\u0016\u001a\u00020\u00172\u0006\u0010\b\u001a\u00020\tH\u0002J\"\u0010\u0018\u001a\u0004\u0018\u00010\u00192\u0006\u0010\u000e\u001a\u00020\u00032\u0006\u0010\u000f\u001a\u00020\t2\u0006\u0010\u001a\u001a\u00020\u001bH\u0002J\u0018\u0010\u001c\u001a\u00020\u00142\u0006\u0010\u001d\u001a\u00020\u001e2\u0006\u0010\b\u001a\u00020\tH\u0003J \u0010\u001f\u001a\u00020\u00142\u0006\u0010\u0002\u001a\u00020\u00032\u0006\u0010\u001d\u001a\u00020\u001e2\u0006\u0010\b\u001a\u00020\tH\u0002R\u0010\u0010\u0005\u001a\u0004\u0018\u00010\u0006X\u0082\u000e¢\u0006\u0002\n\u0000¨\u0006!"}, d2 = {"Lfoundation/merci/external/data/local/KeyStoreWrapper;", "", "context", "Landroid/content/Context;", "(Landroid/content/Context;)V", "keyPair", "Ljava/security/KeyPair;", "createAndroidKeyStoreAsymmetricKey", "alias", "", "decrypt", "encryptedKeyStr", "encryptedDataStr", "decryptWithJetpackSecurity", "applicationContext", "filename", "encrypt", "Lfoundation/merci/external/data/local/EncryptedData;", "data", "encryptWithJetpackSecurity", "", "getAndroidKeyStoreAsymmetricKeyPair", "keyStore", "Ljava/security/KeyStore;", "getEncryptedFile", "Landroidx/security/crypto/EncryptedFile;", "mode", "", "initGeneratorWithKeyGenParameterSpec", "generator", "Ljava/security/KeyPairGenerator;", "initGeneratorWithKeyPairGeneratorSpec", "Companion", "mci-foundation_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class KeyStoreWrapper {
    private static final String CRYPT_ALG = "RSA/ECB/PKCS1Padding";

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);
    private static final String KEY_ALIAS = "merciKey";
    private static final int MODE_READ = 1;
    private static final int MODE_WRITE = 2;
    private static KeyStoreWrapper instance;
    private KeyPair keyPair;

    /* compiled from: KeyStoreWrapper.kt */
    @Metadata(d1 = {"\u00000\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u000e\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u0011R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0007X\u0082T¢\u0006\u0002\n\u0000R\"\u0010\u000b\u001a\u0004\u0018\u00010\n2\b\u0010\t\u001a\u0004\u0018\u00010\n@BX\u0080\u000e¢\u0006\b\n\u0000\u001a\u0004\b\f\u0010\r¨\u0006\u0012"}, d2 = {"Lfoundation/merci/external/data/local/KeyStoreWrapper$Companion;", "", "()V", "CRYPT_ALG", "", "KEY_ALIAS", "MODE_READ", "", "MODE_WRITE", "<set-?>", "Lfoundation/merci/external/data/local/KeyStoreWrapper;", "instance", "getInstance$mci_foundation_release", "()Lfoundation/merci/external/data/local/KeyStoreWrapper;", "instantiate", "Lio/reactivex/rxjava3/core/Completable;", "context", "Landroid/content/Context;", "mci-foundation_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
    /* loaded from: classes3.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* renamed from: instantiate$lambda-0, reason: not valid java name */
        public static final void m145instantiate$lambda0(Context context, CompletableEmitter completableEmitter) {
            Intrinsics.checkNotNullParameter(context, "$context");
            Companion companion = KeyStoreWrapper.INSTANCE;
            KeyStoreWrapper.instance = new KeyStoreWrapper(context);
            completableEmitter.onComplete();
        }

        public final KeyStoreWrapper getInstance$mci_foundation_release() {
            return KeyStoreWrapper.instance;
        }

        public final Completable instantiate(final Context context) {
            Intrinsics.checkNotNullParameter(context, "context");
            if (getInstance$mci_foundation_release() == null) {
                Completable create = Completable.create(new CompletableOnSubscribe() { // from class: foundation.merci.external.data.local.-$$Lambda$KeyStoreWrapper$Companion$EdknGL12AsZCiRQeOgv9XyvqxP0
                    @Override // io.reactivex.rxjava3.core.CompletableOnSubscribe
                    public final void subscribe(CompletableEmitter completableEmitter) {
                        KeyStoreWrapper.Companion.m145instantiate$lambda0(context, completableEmitter);
                    }
                });
                Intrinsics.checkNotNullExpressionValue(create, "{\n                Comple…          }\n            }");
                return create;
            }
            Completable complete = Completable.complete();
            Intrinsics.checkNotNullExpressionValue(complete, "{\n                Comple….complete()\n            }");
            return complete;
        }
    }

    public KeyStoreWrapper(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        Intrinsics.checkNotNullExpressionValue(keyStore, "keyStore");
        KeyPair androidKeyStoreAsymmetricKeyPair = getAndroidKeyStoreAsymmetricKeyPair(keyStore, KEY_ALIAS);
        this.keyPair = androidKeyStoreAsymmetricKeyPair == null ? createAndroidKeyStoreAsymmetricKey(context, KEY_ALIAS) : androidKeyStoreAsymmetricKeyPair;
    }

    private final KeyPair createAndroidKeyStoreAsymmetricKey(Context context, String alias) {
        ViewExtensionsKt.marshmallowOrGreater();
        KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        if (ViewExtensionsKt.marshmallowOrGreater()) {
            Intrinsics.checkNotNullExpressionValue(generator, "generator");
            initGeneratorWithKeyGenParameterSpec(generator, alias);
        } else {
            Intrinsics.checkNotNullExpressionValue(generator, "generator");
            initGeneratorWithKeyPairGeneratorSpec(context, generator, alias);
        }
        KeyPair generateKeyPair = generator.generateKeyPair();
        Intrinsics.checkNotNullExpressionValue(generateKeyPair, "generator.generateKeyPair()");
        return generateKeyPair;
    }

    private final KeyPair getAndroidKeyStoreAsymmetricKeyPair(KeyStore keyStore, String alias) {
        try {
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, null);
            Certificate certificate = keyStore.getCertificate(alias);
            PublicKey publicKey = certificate == null ? null : certificate.getPublicKey();
            return (privateKey == null || publicKey == null) ? (KeyPair) null : new KeyPair(publicKey, privateKey);
        } catch (Exception e) {
            MerciLogger.debug$default(MerciLogger.INSTANCE, (String) null, e, 1, (Object) null);
            return null;
        }
    }

    private final EncryptedFile getEncryptedFile(Context applicationContext, String filename, int mode) {
        File fileStreamPath = applicationContext.getFileStreamPath(filename);
        if (mode == 1 && !fileStreamPath.exists()) {
            return null;
        }
        if (mode == 2 && fileStreamPath.exists()) {
            fileStreamPath.delete();
        }
        MasterKey build = new MasterKey.Builder(applicationContext).setKeyScheme(MasterKey.KeyScheme.AES256_GCM).build();
        Intrinsics.checkNotNullExpressionValue(build, "Builder(applicationConte…GCM)\n            .build()");
        return new EncryptedFile.Builder(applicationContext, fileStreamPath, build, EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB).build();
    }

    private final void initGeneratorWithKeyGenParameterSpec(KeyPairGenerator generator, String alias) {
        KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder(alias, 3).setBlockModes("ECB").setEncryptionPaddings("PKCS1Padding");
        Intrinsics.checkNotNullExpressionValue(encryptionPaddings, "Builder(alias, KeyProper…YPTION_PADDING_RSA_PKCS1)");
        generator.initialize(encryptionPaddings.build());
    }

    private final void initGeneratorWithKeyPairGeneratorSpec(Context context, KeyPairGenerator generator, String alias) {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 20);
        KeyPairGeneratorSpec.Builder endDate = new KeyPairGeneratorSpec.Builder(context).setAlias(alias).setSerialNumber(BigInteger.ONE).setSubject(new X500Principal("CN=" + alias + " CA Certificate")).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime());
        Intrinsics.checkNotNullExpressionValue(endDate, "Builder(context)\n       ….setEndDate(endDate.time)");
        generator.initialize(endDate.build());
    }

    public final String decrypt(String encryptedKeyStr, String encryptedDataStr) {
        Intrinsics.checkNotNullParameter(encryptedKeyStr, "encryptedKeyStr");
        Intrinsics.checkNotNullParameter(encryptedDataStr, "encryptedDataStr");
        KeyPair keyPair = this.keyPair;
        if (keyPair == null) {
            MerciLogger.debug$default(MerciLogger.INSTANCE, (String) null, new Function0<Object>() { // from class: foundation.merci.external.data.local.KeyStoreWrapper$decrypt$keyPair$1$1
                @Override // kotlin.jvm.functions.Function0
                public final Object invoke() {
                    return "PANIC: [Decrypt] keyPair not initialized";
                }
            }, 1, (Object) null);
            return null;
        }
        Cipher cipher = Cipher.getInstance(CRYPT_ALG);
        Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(CRYPT_ALG)");
        cipher.init(2, keyPair.getPrivate());
        byte[] doFinal = cipher.doFinal(Base64.decode(encryptedKeyStr, 0));
        SecretKeySpec secretKeySpec = new SecretKeySpec(doFinal, 0, doFinal.length, "AES");
        Cipher cipher2 = Cipher.getInstance("AES");
        cipher2.init(2, secretKeySpec);
        byte[] bytePlainText = cipher2.doFinal(Base64.decode(encryptedDataStr, 0));
        Intrinsics.checkNotNullExpressionValue(bytePlainText, "bytePlainText");
        return new String(bytePlainText, Charsets.UTF_8);
    }

    public final String decryptWithJetpackSecurity(Context applicationContext, String filename) {
        Intrinsics.checkNotNullParameter(applicationContext, "applicationContext");
        Intrinsics.checkNotNullParameter(filename, "filename");
        try {
            EncryptedFile encryptedFile = getEncryptedFile(applicationContext, filename, 1);
            if (encryptedFile == null) {
                return null;
            }
            FileInputStream openFileInput = encryptedFile.openFileInput();
            Intrinsics.checkNotNullExpressionValue(openFileInput, "encryptedFile.openFileInput()");
            Reader inputStreamReader = new InputStreamReader(openFileInput, Charsets.UTF_8);
            BufferedReader bufferedReader = inputStreamReader instanceof BufferedReader ? (BufferedReader) inputStreamReader : new BufferedReader(inputStreamReader, 8192);
            try {
                String readText = TextStreamsKt.readText(bufferedReader);
                CloseableKt.closeFinally(bufferedReader, null);
                return readText;
            } finally {
            }
        } catch (Exception e) {
            MerciLogger.debug$default(MerciLogger.INSTANCE, (String) null, new Function0<Object>() { // from class: foundation.merci.external.data.local.KeyStoreWrapper$decryptWithJetpackSecurity$2
                @Override // kotlin.jvm.functions.Function0
                public final Object invoke() {
                    return "PANIC: decryptWithSecurityCrypto failed";
                }
            }, 1, (Object) null);
            MerciLogger.debug$default(MerciLogger.INSTANCE, (String) null, e, 1, (Object) null);
            return null;
        }
    }

    public final EncryptedData encrypt(String data) {
        Intrinsics.checkNotNullParameter(data, "data");
        KeyPair keyPair = this.keyPair;
        if (keyPair == null) {
            MerciLogger.debug$default(MerciLogger.INSTANCE, (String) null, new Function0<Object>() { // from class: foundation.merci.external.data.local.KeyStoreWrapper$encrypt$keyPair$1$1
                @Override // kotlin.jvm.functions.Function0
                public final Object invoke() {
                    return "PANIC: [Encrypt] keyPair not initialized";
                }
            }, 1, (Object) null);
            return null;
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(128);
        SecretKey generateKey = keyGenerator.generateKey();
        Cipher cipher = Cipher.getInstance("AES");
        cipher.init(1, generateKey);
        byte[] bytes = data.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        byte[] doFinal = cipher.doFinal(bytes);
        Cipher cipher2 = Cipher.getInstance(CRYPT_ALG);
        Intrinsics.checkNotNullExpressionValue(cipher2, "getInstance(CRYPT_ALG)");
        cipher2.init(1, keyPair.getPublic());
        byte[] doFinal2 = cipher2.doFinal(generateKey.getEncoded());
        EncryptedData encryptedData = new EncryptedData();
        String encodeToString = Base64.encodeToString(doFinal2, 0);
        Intrinsics.checkNotNullExpressionValue(encodeToString, "encodeToString(bytes, Base64.DEFAULT)");
        encryptedData.setEncryptedKey(encodeToString);
        String encodeToString2 = Base64.encodeToString(doFinal, 0);
        Intrinsics.checkNotNullExpressionValue(encodeToString2, "encodeToString(byteCipherText, Base64.DEFAULT)");
        encryptedData.setEncryptedData(encodeToString2);
        return encryptedData;
    }

    public final void encryptWithJetpackSecurity(Context applicationContext, String filename, String data) {
        Intrinsics.checkNotNullParameter(applicationContext, "applicationContext");
        Intrinsics.checkNotNullParameter(filename, "filename");
        Intrinsics.checkNotNullParameter(data, "data");
        try {
            EncryptedFile encryptedFile = getEncryptedFile(applicationContext, filename, 2);
            if (encryptedFile == null) {
                return;
            }
            FileOutputStream openFileOutput = encryptedFile.openFileOutput();
            try {
                byte[] bytes = data.getBytes(Charsets.UTF_8);
                Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
                openFileOutput.write(bytes);
                Unit unit = Unit.INSTANCE;
                CloseableKt.closeFinally(openFileOutput, null);
            } finally {
            }
        } catch (Exception e) {
            MerciLogger.debug$default(MerciLogger.INSTANCE, (String) null, e, 1, (Object) null);
        }
    }
}
