package com.github.leonardoxh.keystore;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import com.bumptech.glide.load.Key;
import com.github.leonardoxh.keystore.store.Storage;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.GregorianCalendar;
import java.util.Locale;
import javax.annotation.Nullable;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
final class CipherStorageSharedPreferencesKeystore extends BaseCipherStorage {
    private static final String AES_TAG_PREFIX = "aes!";
    private static final int ENCRYPTION_KEY_SIZE = 128;
    private static final String KEY_ALGORITHM_AES = "AES";
    private static final String KEY_ALGORITHM_RSA = "RSA";
    private static final String TRANSFORMATION = "RSA/ECB/PKCS1Padding";
    private static final Charset DEFAULT_CHARSET = Charset.forName(Key.STRING_CHARSET_NAME);
    private static final BigInteger KEY_SERIAL_NUMBER = BigInteger.valueOf(1338);

    /* JADX INFO: Access modifiers changed from: package-private */
    public CipherStorageSharedPreferencesKeystore(Context context, Storage storage) {
        super(context, storage);
    }

    private static byte[] cipherEncryption(String str, int i, java.security.Key key, byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance(str);
            cipher.init(i, key);
            return cipher.doFinal(bArr);
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new CryptoFailedException(String.format(Locale.US, "Unable to do cipher for transformation %s and mode %d", str, Integer.valueOf(i)), e);
        }
    }

    @Nullable
    private String decryptData(String str, PrivateKey privateKey) {
        byte[] keyBytes = this.storage.getKeyBytes(str);
        byte[] keyBytes2 = this.storage.getKeyBytes(makeAesTagForAlias(str));
        if (keyBytes == null || keyBytes2 == null) {
            return null;
        }
        byte[] cipherEncryption = cipherEncryption(TRANSFORMATION, 2, privateKey, keyBytes2);
        return new String(cipherEncryption(KEY_ALGORITHM_AES, 2, new SecretKeySpec(cipherEncryption, 0, cipherEncryption.length, KEY_ALGORITHM_AES), keyBytes), DEFAULT_CHARSET);
    }

    private byte[] encryptData(String str, String str2, PublicKey publicKey) {
        SecretKey generateKeyAes = generateKeyAes(str);
        this.storage.saveKeyBytes(makeAesTagForAlias(str), cipherEncryption(TRANSFORMATION, 1, publicKey, generateKeyAes.getEncoded()));
        return cipherEncryption(KEY_ALGORITHM_AES, 1, generateKeyAes, str2.getBytes(DEFAULT_CHARSET));
    }

    private SecretKey generateKeyAes(String str) {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(KEY_ALGORITHM_AES);
            keyGenerator.init(128);
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw new CryptoFailedException("Unable to generate key for alias " + str, e);
        }
    }

    private void generateKeyRsa(String str) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM_RSA, "AndroidKeyStore");
            keyPairGenerator.initialize(getParameterSpec(str));
            keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new KeyStoreAccessException("Unable to access keystore", e);
        }
    }

    @Nullable
    private KeyStore.Entry getKeyStoreEntry(boolean z, String str) {
        try {
            KeyStore keyStoreAndLoad = getKeyStoreAndLoad();
            KeyStore.Entry entry = keyStoreAndLoad.getEntry(str, null);
            if (entry != null || !z) {
                return entry;
            }
            generateKeyRsa(str);
            return keyStoreAndLoad.getEntry(str, null);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
            throw new KeyStoreAccessException("Unable to access keystore", e);
        }
    }

    private AlgorithmParameterSpec getParameterSpec(String str) {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.add(1, 5);
        return new KeyPairGeneratorSpec.Builder(this.context).setAlias(str).setSubject(new X500Principal("CN=" + str)).setSerialNumber(KEY_SERIAL_NUMBER).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build();
    }

    private static String makeAesTagForAlias(String str) {
        return AES_TAG_PREFIX + str;
    }

    @Override // com.github.leonardoxh.keystore.BaseCipherStorage, com.github.leonardoxh.keystore.CipherStorage
    public boolean containsAlias(String str) {
        return super.containsAlias(str) && this.storage.containsAlias(makeAesTagForAlias(str));
    }

    @Override // com.github.leonardoxh.keystore.CipherStorage
    @Nullable
    public String decrypt(String str) {
        KeyStore.Entry keyStoreEntry = getKeyStoreEntry(false, str);
        if (keyStoreEntry == null) {
            return null;
        }
        return decryptData(str, ((KeyStore.PrivateKeyEntry) keyStoreEntry).getPrivateKey());
    }

    @Override // com.github.leonardoxh.keystore.CipherStorage
    public void encrypt(String str, String str2) {
        KeyStore.Entry keyStoreEntry = getKeyStoreEntry(true, str);
        if (keyStoreEntry != null) {
            this.storage.saveKeyBytes(str, encryptData(str, str2, ((KeyStore.PrivateKeyEntry) keyStoreEntry).getCertificate().getPublicKey()));
        } else {
            throw new CryptoFailedException("Unable to generate key for alias " + str);
        }
    }

    @Override // com.github.leonardoxh.keystore.BaseCipherStorage, com.github.leonardoxh.keystore.CipherStorage
    public void removeKey(String str) {
        super.removeKey(str);
        this.storage.remove(makeAesTagForAlias(str));
    }
}
