package com.annaghmoreagencies.android.encryption;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.security.auth.x500.X500Principal;
import timber.log.Timber;

/* loaded from: classes.dex */
public class KeyStoreWrapper {
    private final Context context;
    private final SharedPreferences defaultKeyStorePreferences;
    private final KeyStore keyStore = createAndroidKeyStore();

    public KeyStoreWrapper(@NonNull Context context) {
        this.context = context;
        this.defaultKeyStorePreferences = context.getSharedPreferences("security", 0);
    }

    @Nullable
    private KeyStore createAndroidKeyStore() {
        KeyStore keyStore;
        KeyStore keyStore2 = null;
        try {
            keyStore = KeyStore.getInstance("AndroidKeyStore");
        } catch (IOException e) {
            e = e;
        } catch (KeyStoreException e2) {
            e = e2;
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
        } catch (CertificateException e4) {
            e = e4;
        }
        try {
            keyStore.load(null);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e5) {
            e = e5;
            keyStore2 = keyStore;
            Timber.e(e);
            return keyStore2;
        }
    }

    @TargetApi(23)
    private KeyPair createAndroidKeyStoreRsaKey(String str) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            if (hasMarshmallow().booleanValue()) {
                initGeneratorWithKeyGenParameterSpec(keyPairGenerator, str);
            } else {
                initGeneratorWithKeyPairGeneratorSpec(keyPairGenerator, str);
            }
            return keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            Timber.e(e);
            return null;
        }
    }

    private SecretKey generateAesKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            Timber.e(e);
            return null;
        }
    }

    @Nullable
    private KeyPair getAndroidKeyStoreRsaKeyPair(String str) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        PrivateKey privateKey = (PrivateKey) this.keyStore.getKey(str, null);
        Certificate certificate = this.keyStore.getCertificate(str);
        PublicKey publicKey = certificate != null ? certificate.getPublicKey() : null;
        if (privateKey == null || publicKey == null) {
            return null;
        }
        return new KeyPair(publicKey, privateKey);
    }

    private Boolean hasMarshmallow() {
        return Boolean.valueOf(Build.VERSION.SDK_INT >= 23);
    }

    @TargetApi(23)
    private void initGeneratorWithKeyGenParameterSpec(@Nullable KeyPairGenerator keyPairGenerator, @NonNull String str) throws InvalidAlgorithmParameterException {
        if (keyPairGenerator == null) {
            Timber.e("Unable to init KeyPairGenerator in initGeneratorWithKeyGenParameterSpec().", new Object[0]);
        } else {
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("ECB").setEncryptionPaddings("PKCS1Padding").build());
        }
    }

    private void initGeneratorWithKeyPairGeneratorSpec(@Nullable KeyPairGenerator keyPairGenerator, @NonNull String str) throws InvalidAlgorithmParameterException {
        if (keyPairGenerator == null) {
            Timber.e("Unable to init KeyPairGenerator in initGeneratorWithKeyPairGeneratorSpec().", new Object[0]);
            return;
        }
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 20);
        keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(this.context).setAlias(str).setSerialNumber(BigInteger.ONE).setSubject(new X500Principal("CN=${alias} CA Certificate")).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build());
    }

    private void removeAndroidKeyStoreKey(@NonNull String str) {
        try {
            if (this.keyStore != null) {
                this.keyStore.deleteEntry(str);
            }
        } catch (KeyStoreException e) {
            Timber.e(e);
        }
    }

    public SecretKey getAesKey() {
        try {
            String string = this.defaultKeyStorePreferences.getString("key", null);
            if (string != null && !string.isEmpty()) {
                KeyPair androidKeyStoreRsaKeyPair = getAndroidKeyStoreRsaKeyPair("wrapping-key");
                if (androidKeyStoreRsaKeyPair != null) {
                    Timber.d("Getting existed AES key.", new Object[0]);
                    return (SecretKey) CipherUtils.unWrapKey(Cipher.getInstance(CipherUtils.TRANSFORMATION_RSA), string, "AES", 3, androidKeyStoreRsaKeyPair.getPrivate());
                }
                Timber.d("Getting existed AES key, RSA Key data is not found.", new Object[0]);
                throw new KeyException();
            }
            Timber.d("Generating new AES and RSA keys.", new Object[0]);
            SecretKey generateAesKey = generateAesKey();
            this.defaultKeyStorePreferences.edit().putString("key", CipherUtils.wrapKey(Cipher.getInstance(CipherUtils.TRANSFORMATION_RSA), generateAesKey, createAndroidKeyStoreRsaKey("wrapping-key").getPublic())).apply();
            return generateAesKey;
        } catch (KeyException e) {
            Timber.w(e);
            reset();
            return getAesKey();
        } catch (KeyStoreException e2) {
            e = e2;
            Timber.e(e);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            Timber.e(e);
            return null;
        } catch (UnrecoverableKeyException e4) {
            e = e4;
            Timber.e(e);
            return null;
        } catch (IllegalBlockSizeException e5) {
            e = e5;
            Timber.e(e);
            return null;
        } catch (NoSuchPaddingException e6) {
            e = e6;
            Timber.e(e);
            return null;
        }
    }

    public String getAesKeyData() {
        try {
            return Base64.encodeToString(getAesKey().getEncoded(), 0);
        } catch (Exception unused) {
            return "";
        }
    }

    public Boolean isAesKeyValid() {
        try {
            getAesKey();
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    public void reset() {
        this.defaultKeyStorePreferences.edit().clear().apply();
        removeAndroidKeyStoreKey("wrapping-key");
    }
}
