package de.payback.core.encryption;

import _COROUTINE.a;
import android.content.Context;
import android.content.SharedPreferences;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import androidx.compose.foundation.b;
import de.payback.core.encryption.api.Encryption;
import de.payback.core.encryption.errors.EncryptionNotInitializedException;
import de.payback.core.encryption.errors.KeyInvalidatedException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.Calendar;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt__StringsKt;
import org.jetbrains.annotations.NotNull;
import timber.log.Timber;

@Metadata(d1 = {"\u0000>\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0000\u0018\u0000 \u001c2\u00020\u0001:\u0001\u001cB\u0017\u0012\u0006\u0010\u0017\u001a\u00020\u0006\u0012\u0006\u0010\u0019\u001a\u00020\u0018¢\u0006\u0004\b\u001a\u0010\u001bJ\u0015\u0010\u0004\u001a\b\u0012\u0004\u0012\u00020\u00030\u0002H\u0016¢\u0006\u0004\b\u0004\u0010\u0005J\u001d\u0010\b\u001a\b\u0012\u0004\u0012\u00020\u00060\u00022\u0006\u0010\u0007\u001a\u00020\u0006H\u0016¢\u0006\u0004\b\b\u0010\tJ\u001d\u0010\n\u001a\b\u0012\u0004\u0012\u00020\u00060\u00022\u0006\u0010\u0007\u001a\u00020\u0006H\u0016¢\u0006\u0004\b\n\u0010\tJ#\u0010\u000f\u001a\b\u0012\u0004\u0012\u00020\u000e0\u00022\f\u0010\r\u001a\b\u0012\u0004\u0012\u00020\f0\u000bH\u0016¢\u0006\u0004\b\u000f\u0010\u0010J\u001d\u0010\u0011\u001a\b\u0012\u0004\u0012\u00020\u000e0\u00022\u0006\u0010\u0007\u001a\u00020\u000eH\u0016¢\u0006\u0004\b\u0011\u0010\u0012J\u0015\u0010\u0014\u001a\b\u0012\u0004\u0012\u00020\u00130\u0002H\u0016¢\u0006\u0004\b\u0014\u0010\u0005J\u0015\u0010\u0015\u001a\b\u0012\u0004\u0012\u00020\u00130\u0002H\u0016¢\u0006\u0004\b\u0015\u0010\u0005J\u0015\u0010\u0016\u001a\b\u0012\u0004\u0012\u00020\u00030\u0002H\u0016¢\u0006\u0004\b\u0016\u0010\u0005¨\u0006\u001d"}, d2 = {"Lde/payback/core/encryption/PaybackEncryptionCompat;", "Lde/payback/core/encryption/api/Encryption;", "Lde/payback/core/encryption/api/Encryption$Result;", "", "initialize", "()Lde/payback/core/encryption/api/Encryption$Result;", "", "value", "encrypt", "(Ljava/lang/String;)Lde/payback/core/encryption/api/Encryption$Result;", "decrypt", "", "Lde/payback/core/encryption/api/Encryption$SignItem;", "values", "", "sign", "(Ljava/util/List;)Lde/payback/core/encryption/api/Encryption$Result;", "verify", "([B)Lde/payback/core/encryption/api/Encryption$Result;", "Ljava/security/Key;", "getPrivateKey", "getPublicKey", "removeKey", "key", "Landroid/content/Context;", "context", "<init>", "(Ljava/lang/String;Landroid/content/Context;)V", "Companion", "core-encryption_release"}, k = 1, mv = {1, 9, 0})
/* loaded from: classes20.dex */
public final class PaybackEncryptionCompat implements Encryption {

    /* renamed from: a, reason: collision with root package name */
    public final Context f22471a;
    public SecretKey b;
    public KeyStore c;
    public KeyPair d;
    public final String e;
    public final SharedPreferences f;
    public final Cipher g;
    public final Cipher h;

    public PaybackEncryptionCompat(@NotNull String key, @NotNull Context context) {
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(context, "context");
        this.f22471a = context;
        String m = a.m("CORE_ENCRYPTION_", key);
        this.e = m;
        SharedPreferences sharedPreferences = context.getSharedPreferences(m, 0);
        Intrinsics.checkNotNullExpressionValue(sharedPreferences, "getSharedPreferences(...)");
        this.f = sharedPreferences;
        CipherPool cipherPool = CipherPool.INSTANCE;
        this.g = cipherPool.getCipher$core_encryption_release("AES/GCM/NOPADDING");
        this.h = cipherPool.getCipher$core_encryption_release("RSA/ECB/PKCS1Padding");
    }

    public final SecretKey a() {
        Key key;
        String str;
        if (this.f.contains(this.e)) {
            String string = this.f.getString(this.e, null);
            if (string == null) {
                throw new IllegalStateException("Required value was null.".toString());
            }
            Intrinsics.checkNotNullExpressionValue(string, "checkNotNull(...)");
            KeyPair keyPair = this.d;
            final PrivateKey privateKey = keyPair != null ? keyPair.getPrivate() : null;
            Cipher cipherRsa = this.h;
            Intrinsics.checkNotNullExpressionValue(cipherRsa, "cipherRsa");
            synchronized (cipherRsa) {
                try {
                    final byte[] decode = Base64.decode(string, 0);
                    Object retry = EncryptionFactoryKt.retry(5, new Function0<Key>() { // from class: de.payback.core.encryption.PaybackEncryptionCompat$unwrapAesKey$1$1
                        public final /* synthetic */ String d = "AES";
                        public final /* synthetic */ int e = 3;

                        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                        {
                            super(0);
                        }

                        @Override // kotlin.jvm.functions.Function0
                        public final Key invoke() {
                            Cipher cipher;
                            Cipher cipher2;
                            SharedPreferences sharedPreferences;
                            String str2 = this.d;
                            byte[] bArr = decode;
                            PaybackEncryptionCompat paybackEncryptionCompat = this;
                            Key key2 = privateKey;
                            if (key2 == null) {
                                sharedPreferences = paybackEncryptionCompat.f;
                                if (sharedPreferences.getBoolean("FALLBACK_WITHOUT_KEYSTORE_FLAG", false)) {
                                    return new SecretKeySpec(bArr, str2);
                                }
                            }
                            cipher = paybackEncryptionCompat.h;
                            cipher.init(4, key2);
                            cipher2 = paybackEncryptionCompat.h;
                            return cipher2.unwrap(bArr, str2, this.e);
                        }
                    });
                    Intrinsics.checkNotNull(retry);
                    key = (Key) retry;
                } catch (Throwable th) {
                    d();
                    throw new KeyInvalidatedException(th);
                }
            }
            Intrinsics.checkNotNull(key, "null cannot be cast to non-null type javax.crypto.SecretKey");
            return (SecretKey) key;
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256);
        final SecretKey generateKey = keyGenerator.generateKey();
        Intrinsics.checkNotNullExpressionValue(generateKey, "generateKey(...)");
        KeyPair keyPair2 = this.d;
        final PublicKey publicKey = keyPair2 != null ? keyPair2.getPublic() : null;
        SharedPreferences.Editor edit = this.f.edit();
        String str2 = this.e;
        Cipher cipherRsa2 = this.h;
        Intrinsics.checkNotNullExpressionValue(cipherRsa2, "cipherRsa");
        synchronized (cipherRsa2) {
            try {
                Object retry2 = EncryptionFactoryKt.retry(5, new Function0<String>() { // from class: de.payback.core.encryption.PaybackEncryptionCompat$wrapAesKey$1$1
                    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                    {
                        super(0);
                    }

                    @Override // kotlin.jvm.functions.Function0
                    public final String invoke() {
                        Cipher cipher;
                        Cipher cipher2;
                        byte[] wrap;
                        SharedPreferences sharedPreferences;
                        Key key2 = generateKey;
                        PaybackEncryptionCompat paybackEncryptionCompat = this;
                        Key key3 = publicKey;
                        if (key3 == null) {
                            sharedPreferences = paybackEncryptionCompat.f;
                            if (sharedPreferences.getBoolean("FALLBACK_WITHOUT_KEYSTORE_FLAG", false)) {
                                wrap = key2.getEncoded();
                                Intrinsics.checkNotNull(wrap);
                                return Base64.encodeToString(wrap, 0);
                            }
                        }
                        cipher = paybackEncryptionCompat.h;
                        cipher.init(3, key3);
                        cipher2 = paybackEncryptionCompat.h;
                        wrap = cipher2.wrap(key2);
                        Intrinsics.checkNotNull(wrap);
                        return Base64.encodeToString(wrap, 0);
                    }
                });
                Intrinsics.checkNotNull(retry2);
                str = (String) retry2;
            } catch (Throwable th2) {
                d();
                throw new KeyInvalidatedException(th2);
            }
        }
        edit.putString(str2, str).apply();
        return generateKey;
    }

    public final KeyPair b() {
        String str = this.e;
        try {
            KeyStore keyStore = this.c;
            if (keyStore == null) {
                return null;
            }
            if (!keyStore.containsAlias(str)) {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                Intrinsics.checkNotNull(keyPairGenerator);
                c(keyPairGenerator);
                return keyPairGenerator.generateKeyPair();
            }
            KeyStore keyStore2 = this.c;
            if (keyStore2 == null) {
                return null;
            }
            PrivateKey privateKey = (PrivateKey) keyStore2.getKey(str, null);
            Certificate certificate = keyStore2.getCertificate(str);
            PublicKey publicKey = certificate != null ? certificate.getPublicKey() : null;
            PublicKey generatePublic = publicKey != null ? KeyFactory.getInstance(publicKey.getAlgorithm()).generatePublic(new X509EncodedKeySpec(publicKey.getEncoded())) : null;
            if (privateKey == null || generatePublic == null) {
                return null;
            }
            return new KeyPair(generatePublic, privateKey);
        } catch (Throwable th) {
            this.f.edit().putBoolean("FALLBACK_WITHOUT_KEYSTORE_FLAG", true).commit();
            Timber.INSTANCE.e(th, "Could not use keystore and generate keys properly, falling back to old mechanism", new Object[0]);
            d();
            return null;
        }
    }

    public final void c(KeyPairGenerator keyPairGenerator) {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 50);
        KeyPairGeneratorSpec.Builder builder = new KeyPairGeneratorSpec.Builder(this.f22471a);
        String str = this.e;
        builder.setAlias(str);
        builder.setSerialNumber(BigInteger.ONE);
        builder.setSubject(new X500Principal(a.n("CN=", str, " CA Certificate")));
        builder.setStartDate(calendar.getTime());
        builder.setEndDate(calendar2.getTime());
        keyPairGenerator.initialize(builder.build());
    }

    public final void d() {
        SharedPreferences sharedPreferences = this.f;
        KeyStore keyStore = this.c;
        if (keyStore != null) {
            try {
                keyStore.deleteEntry(this.e);
            } catch (Throwable th) {
                if ((th instanceof NoSuchMethodError) || (th instanceof NoSuchMethodException) || (th instanceof DestroyFailedException)) {
                    new Encryption.Result.Success(Unit.INSTANCE);
                    return;
                } else {
                    new Encryption.Result.Error(th);
                    return;
                }
            }
        }
        sharedPreferences.edit().clear().putBoolean("FALLBACK_WITHOUT_KEYSTORE_FLAG", sharedPreferences.getBoolean("FALLBACK_WITHOUT_KEYSTORE_FLAG", false)).commit();
        SecretKey secretKey = this.b;
        if (secretKey != null) {
            secretKey.destroy();
        }
        initialize();
    }

    @Override // de.payback.core.encryption.api.Encryption
    @NotNull
    public Encryption.Result<String> decrypt(@NotNull String value) {
        Encryption.Result<String> error;
        final Cipher cipher;
        final Charset forName;
        List split$default;
        Intrinsics.checkNotNullParameter(value, "value");
        Cipher cipherAes = this.g;
        Intrinsics.checkNotNullExpressionValue(cipherAes, "cipherAes");
        synchronized (cipherAes) {
            final SecretKey secretKey = this.b;
            if (secretKey == null) {
                return new Encryption.Result.Error(new EncryptionNotInitializedException());
            }
            try {
                cipher = Cipher.getInstance("AES/GCM/NOPADDING");
                Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(...)");
                forName = Charset.forName(StandardCharsets.UTF_8.name());
                split$default = StringsKt__StringsKt.split$default(value, new String[]{";"}, false, 0, 6, (Object) null);
            } catch (Throwable th) {
                d();
                error = new Encryption.Result.Error(new KeyInvalidatedException(th));
            }
            if (split$default.size() == 2) {
                final String str = (String) split$default.get(0);
                final IvParameterSpec ivParameterSpec = new IvParameterSpec(Base64.decode((String) split$default.get(1), 2));
                error = (Encryption.Result) EncryptionFactoryKt.retry(5, new Function0<Encryption.Result.Success<String>>() { // from class: de.payback.core.encryption.PaybackEncryptionCompat$decrypt$1$1
                    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                    {
                        super(0);
                    }

                    @Override // kotlin.jvm.functions.Function0
                    public final Encryption.Result.Success<String> invoke() {
                        Cipher cipher2 = cipher;
                        cipher2.init(2, secretKey, ivParameterSpec);
                        byte[] doFinal = cipher2.doFinal(Base64.decode(str, 2));
                        Intrinsics.checkNotNull(doFinal);
                        Charset charSet = forName;
                        Intrinsics.checkNotNullExpressionValue(charSet, "$charSet");
                        return new Encryption.Result.Success<>(new String(doFinal, charSet));
                    }
                });
                return error;
            }
            return new Encryption.Result.Error(new IllegalArgumentException("Passed data is incorrect. Missing ;  in " + value + "."));
        }
    }

    @Override // de.payback.core.encryption.api.Encryption
    @NotNull
    public Encryption.Result<String> encrypt(@NotNull final String value) {
        Encryption.Result<String> error;
        Intrinsics.checkNotNullParameter(value, "value");
        Cipher cipherAes = this.g;
        Intrinsics.checkNotNullExpressionValue(cipherAes, "cipherAes");
        synchronized (cipherAes) {
            final SecretKey secretKey = this.b;
            if (secretKey == null) {
                return new Encryption.Result.Error(new EncryptionNotInitializedException());
            }
            try {
                final byte[] bArr = new byte[12];
                new SecureRandom().nextBytes(bArr);
                final IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
                error = (Encryption.Result) EncryptionFactoryKt.retry(5, new Function0<Encryption.Result.Success<String>>() { // from class: de.payback.core.encryption.PaybackEncryptionCompat$encrypt$1$1
                    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                    {
                        super(0);
                    }

                    @Override // kotlin.jvm.functions.Function0
                    public final Encryption.Result.Success<String> invoke() {
                        Cipher cipher;
                        Cipher cipher2;
                        PaybackEncryptionCompat paybackEncryptionCompat = PaybackEncryptionCompat.this;
                        cipher = paybackEncryptionCompat.g;
                        cipher.init(1, secretKey, ivParameterSpec);
                        Charset forName = Charset.forName(StandardCharsets.UTF_8.name());
                        String encodeToString = Base64.encodeToString(bArr, 2);
                        cipher2 = paybackEncryptionCompat.g;
                        Intrinsics.checkNotNull(forName);
                        byte[] bytes = value.getBytes(forName);
                        Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
                        return new Encryption.Result.Success<>(b.n(Base64.encodeToString(cipher2.doFinal(bytes), 2), ";", encodeToString));
                    }
                });
            } catch (Throwable th) {
                d();
                error = new Encryption.Result.Error(new KeyInvalidatedException(th));
            }
            return error;
        }
    }

    @Override // de.payback.core.encryption.api.Encryption
    @NotNull
    public KeyStore getAndroidKeyStore() {
        return Encryption.DefaultImpls.getAndroidKeyStore(this);
    }

    @Override // de.payback.core.encryption.api.Encryption
    @NotNull
    public Encryption.Result<Key> getPrivateKey() {
        KeyStore keyStore = this.c;
        SecretKey secretKey = this.b;
        return (keyStore == null || secretKey == null) ? new Encryption.Result.Error(new EncryptionNotInitializedException()) : new Encryption.Result.Success(secretKey);
    }

    @Override // de.payback.core.encryption.api.Encryption
    @NotNull
    public Encryption.Result<Key> getPublicKey() {
        KeyStore keyStore = this.c;
        SecretKey secretKey = this.b;
        return (keyStore == null || secretKey == null) ? new Encryption.Result.Error(new EncryptionNotInitializedException()) : new Encryption.Result.Success(secretKey);
    }

    @Override // de.payback.core.encryption.api.Encryption
    @NotNull
    public Encryption.Result<Unit> initialize() {
        try {
            if (!this.f.getBoolean("FALLBACK_WITHOUT_KEYSTORE_FLAG", false)) {
                this.c = getAndroidKeyStore();
                this.d = b();
            }
            this.b = a();
            return new Encryption.Result.Success(Unit.INSTANCE);
        } catch (Throwable th) {
            return new Encryption.Result.Error(th);
        }
    }

    @Override // de.payback.core.encryption.api.Encryption
    @NotNull
    public Encryption.Result<Unit> removeKey() {
        getAndroidKeyStore().deleteEntry(this.e);
        try {
            SecretKey secretKey = this.b;
            if (secretKey != null) {
                secretKey.destroy();
            }
        } catch (Throwable th) {
            Timber.INSTANCE.i(th, "NoOp for key destroy, key did not implement the method", new Object[0]);
        }
        return new Encryption.Result.Success(Unit.INSTANCE);
    }

    @Override // de.payback.core.encryption.api.Encryption
    @NotNull
    public Encryption.Result<byte[]> sign(@NotNull List<? extends Encryption.SignItem> values) {
        Intrinsics.checkNotNullParameter(values, "values");
        return new Encryption.Result.UnsupportedOperation("Using AES/GCM/NOPADDING, it already has authenticated encryption incorporated");
    }

    @Override // de.payback.core.encryption.api.Encryption
    @NotNull
    public Encryption.Result<byte[]> verify(@NotNull byte[] value) {
        Intrinsics.checkNotNullParameter(value, "value");
        return new Encryption.Result.UnsupportedOperation("Using AES/GCM/NOPADDING, it already has authenticated encryption incorporated");
    }
}
