package com.medallia.auth;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.util.ArrayList;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import timber.log.Timber;

/* loaded from: classes2.dex */
public class MMKeyStoreManager {
    private static final String AES_MODE = "AES/CBC/PKCS5Padding";
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String AUTH_PREFERENCES = "authPreferences";
    private static final String AUTH_STATE_KEY = "authState";
    private static final String ENCRYPTED_KEY = "authKey";
    private static final String IV_DELIMITER = "::";
    private static final String KEY_ALIAS = "com.medallia.mobile.auth.key_alias2";
    private static final String LEGACY_IVX_KEY = "ivxKey";
    private static final String OAEP_RSA_DECRYPT = "RSA/ECB/OAEPWITHSHA-512ANDMGF1PADDING";
    private static final String OAEP_RSA_ENCRYPT = "RSA/None/OAEPWithSHA-512AndMGF1Padding";
    private static final String OLD_KEY_ALIAS = "com.medallia.mobile.auth.key_alias";
    private static final String RSA_MODE = "RSA/ECB/PKCS1Padding";
    private Context context;
    private KeyStore keyStore;
    private SharedPreferences pref;

    /* loaded from: classes2.dex */
    public static class Builder {
        private Context context;

        public Builder(Context context) {
            this.context = context;
        }

        public MMKeyStoreManager build() {
            return new MMKeyStoreManager(this.context);
        }
    }

    private MMKeyStoreManager(Context context) {
        this.context = context;
        this.pref = context.getSharedPreferences(AUTH_PREFERENCES, 0);
        prepareKeyStore();
    }

    private void checkAndUpgradeKey() {
        try {
            if (!this.keyStore.containsAlias(OLD_KEY_ALIAS) || Build.VERSION.SDK_INT < 23) {
                return;
            }
            Key oldSecretKey = getOldSecretKey(this.context);
            String string = this.pref.getString("authState", null);
            Cipher cipher = Cipher.getInstance(AES_MODE);
            cipher.init(2, oldSecretKey, getLegacyIVX());
            String str = new String(cipher.doFinal(Base64.decode(string, 0)), "utf-8");
            deleteAESKey();
            this.keyStore.deleteEntry(OLD_KEY_ALIAS);
            createNewKey();
            storeAESKey();
            this.pref.edit().putString("authState", encrypt(str)).commit();
        } catch (Exception e10) {
            Timber.e(e10, "Error migrating keys.", new Object[0]);
        }
    }

    private void createNewKey() {
        AlgorithmParameterSpec build;
        if (this.keyStore.containsAlias(KEY_ALIAS)) {
            return;
        }
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 30);
        int i10 = Build.VERSION.SDK_INT;
        if (i10 >= 23) {
            KeyGenParameterSpec.Builder digests = new KeyGenParameterSpec.Builder(KEY_ALIAS, 3).setCertificateSubject(new X500Principal("CN=com.medallia.mobile.auth.key_alias2")).setCertificateSerialNumber(BigInteger.TEN).setKeyValidityStart(calendar.getTime()).setKeyValidityEnd(calendar2.getTime()).setEncryptionPaddings("OAEPPadding").setBlockModes("ECB").setDigests("SHA-256");
            if (i10 >= 28) {
                digests.setIsStrongBoxBacked(this.context.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore"));
            }
            build = digests.build();
        } else {
            build = new KeyPairGeneratorSpec.Builder(this.context).setAlias(KEY_ALIAS).setSubject(new X500Principal("CN=com.medallia.mobile.auth.key_alias2")).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEY_STORE);
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
    }

    private void deleteAESKey() {
        SharedPreferences.Editor edit = this.pref.edit();
        edit.remove(ENCRYPTED_KEY);
        edit.commit();
    }

    private IvParameterSpec getLegacyIVX() {
        return new IvParameterSpec(this.pref.getString(LEGACY_IVX_KEY, "").getBytes(StandardCharsets.ISO_8859_1));
    }

    private Key getOldSecretKey(Context context) {
        return new SecretKeySpec(oldRSADecrypt(Base64.decode(this.pref.getString(ENCRYPTED_KEY, null), 0)), "AES");
    }

    private Key getSecretKey(Context context) {
        return new SecretKeySpec(rsaDecrypt(Base64.decode(this.pref.getString(ENCRYPTED_KEY, null), 0)), "AES");
    }

    private byte[] oldRSADecrypt(byte[] bArr) {
        Key key = this.keyStore.getKey(OLD_KEY_ALIAS, null);
        Cipher cipher = Cipher.getInstance(RSA_MODE);
        cipher.init(2, key);
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        int size = arrayList.size();
        byte[] bArr2 = new byte[size];
        for (int i10 = 0; i10 < size; i10++) {
            bArr2[i10] = ((Byte) arrayList.get(i10)).byteValue();
        }
        return bArr2;
    }

    private void prepareKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            this.keyStore = keyStore;
            keyStore.load(null);
            checkAndUpgradeKey();
            if (!this.keyStore.containsAlias(KEY_ALIAS)) {
                deleteAESKey();
            }
            createNewKey();
            storeAESKey();
        } catch (Exception e10) {
            Timber.e(e10, "Error during prepareKeyStore", new Object[0]);
        }
    }

    private byte[] rsaDecrypt(byte[] bArr) {
        Cipher cipher;
        Key key = this.keyStore.getKey(KEY_ALIAS, null);
        if (Build.VERSION.SDK_INT >= 23) {
            cipher = Cipher.getInstance(OAEP_RSA_DECRYPT);
            cipher.init(2, key, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
        } else {
            cipher = Cipher.getInstance(RSA_MODE);
            cipher.init(2, key);
        }
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        int size = arrayList.size();
        byte[] bArr2 = new byte[size];
        for (int i10 = 0; i10 < size; i10++) {
            bArr2[i10] = ((Byte) arrayList.get(i10)).byteValue();
        }
        return bArr2;
    }

    private byte[] rsaEncrypt(byte[] bArr) {
        Cipher cipher;
        PublicKey publicKey = this.keyStore.getCertificate(KEY_ALIAS).getPublicKey();
        if (Build.VERSION.SDK_INT >= 23) {
            cipher = Cipher.getInstance(OAEP_RSA_ENCRYPT);
            cipher.init(1, publicKey, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
        } else {
            cipher = Cipher.getInstance(RSA_MODE);
            cipher.init(1, publicKey);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(bArr);
        cipherOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    private void storeAESKey() {
        if (this.pref.getString(ENCRYPTED_KEY, null) == null) {
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            String encodeToString = Base64.encodeToString(rsaEncrypt(bArr), 0);
            SharedPreferences.Editor edit = this.pref.edit();
            edit.putString(ENCRYPTED_KEY, encodeToString);
            edit.commit();
        }
    }

    public void cleanIncompatibleKeys() {
        if (this.pref.getString(ENCRYPTED_KEY, null) == null || !this.keyStore.containsAlias(KEY_ALIAS)) {
            return;
        }
        try {
            getSecretKey(this.context);
        } catch (Exception e10) {
            Timber.e(e10, "Error decrypting with incompatible keys", new Object[0]);
            deleteAESKey();
            this.keyStore.deleteEntry(KEY_ALIAS);
        }
    }

    public String decrypt(String str) {
        String migrateOldEncryptedData;
        if (str == null || (migrateOldEncryptedData = migrateOldEncryptedData(str)) == null) {
            return null;
        }
        Cipher cipher = Cipher.getInstance(AES_MODE);
        String[] split = migrateOldEncryptedData.split(IV_DELIMITER);
        String str2 = split[0];
        String str3 = split[1];
        cipher.init(2, getSecretKey(this.context), new IvParameterSpec(Base64.decode(str2, 0)));
        return new String(cipher.doFinal(Base64.decode(str3, 0)), "utf-8");
    }

    public String encrypt(String str) {
        Cipher cipher = Cipher.getInstance(AES_MODE);
        cipher.init(1, getSecretKey(this.context));
        byte[] doFinal = cipher.doFinal(str.getBytes("utf-8"));
        return Base64.encodeToString(cipher.getIV(), 0) + IV_DELIMITER + Base64.encodeToString(doFinal, 0);
    }

    public String migrateOldEncryptedData(String str) {
        if (str == null) {
            return null;
        }
        if (str.split(IV_DELIMITER).length == 2) {
            return str;
        }
        Cipher cipher = Cipher.getInstance(AES_MODE);
        IvParameterSpec legacyIVX = getLegacyIVX();
        if (legacyIVX.getIV().length == 0) {
            return null;
        }
        cipher.init(2, getSecretKey(this.context), legacyIVX);
        return encrypt(new String(cipher.doFinal(Base64.decode(str, 0)), "utf-8"));
    }
}
