package com.immediasemi.blink.utils.keystore;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import com.immediasemi.blink.analytics.AnalyticsLogger;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;
import timber.log.Timber;

/* loaded from: classes7.dex */
public class BlinkKeystoreManager {
    private static final String ALGORITHM = "RSA/ECB/PKCS1Padding";
    private static final String ALGORITHM_M = "RSA/None/PKCS1Padding";
    private static final String ALIAS = "com.immediasemi.android.blink";
    private static final String ALIAS_TEST = "com.immediasemi.android.blink.test";
    private static final String ALIAS_USES_SYMMETRIC_ENCRYPTION = "symmetric.token";
    private static final String IV_SEPARATOR = "]";
    private static final String KEYSTORE_NAME = "AndroidKeyStore";
    private static final String KEY_ALGORITHM_RSA = "RSA";
    private static final String PROVIDER = "AndroidOpenSSL";
    private static final String PROVIDER_M = "AndroidKeyStoreBCWorkaround";
    private static final String SYMMETRIC_TRANSFORMATION = "AES/CBC/PKCS7Padding";
    private AnalyticsLogger analyticsLogger;
    private KeyStore keyStore;

    public BlinkKeystoreManager(AnalyticsLogger analyticsLogger) {
        this.analyticsLogger = analyticsLogger;
    }

    private boolean canPerformAsymmetricEncryption(Context context) {
        try {
            try {
                deleteAlias(ALIAS_TEST);
                generateAsymmetricKeyPair(ALIAS_TEST, context);
                return TextUtils.equals("test_STRING123!%@", decryptTextAsymmetric(ALIAS_TEST, encryptTextAsymmetric(ALIAS_TEST, "test_STRING123!%@")));
            } catch (Exception e) {
                Timber.d(e);
                deleteAlias(ALIAS_TEST);
                return false;
            }
        } finally {
            deleteAlias(ALIAS_TEST);
        }
    }

    private boolean canPerformSymmetricEncryption() {
        try {
            try {
                deleteAlias(ALIAS_TEST);
                return TextUtils.equals("test_STRING123!%@", decryptTextSymmetric(ALIAS_TEST, encryptTextSymmetric(ALIAS_TEST, "test_STRING123!%@")));
            } catch (Exception e) {
                Timber.d(e);
                deleteAlias(ALIAS_TEST);
                return false;
            }
        } finally {
            deleteAlias(ALIAS_TEST);
        }
    }

    private void createAndroidKeyStoreSymmetricKey(String str) throws Exception {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", KEYSTORE_NAME);
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").build());
        keyGenerator.generateKey();
    }

    private String decryptTextAsymmetric(String str, String str2) throws Exception {
        PrivateKey privateKey = (PrivateKey) this.keyStore.getKey(str, null);
        Cipher cipher = Cipher.getInstance(ALGORITHM_M, PROVIDER_M);
        cipher.init(2, privateKey);
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(Base64.decode(str2, 0)), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        int size = arrayList.size();
        byte[] bArr = new byte[size];
        for (int i = 0; i < size; i++) {
            bArr[i] = ((Byte) arrayList.get(i)).byteValue();
        }
        return new String(bArr, 0, size, StandardCharsets.UTF_8);
    }

    private String decryptTextSymmetric(String str, String str2) throws Exception {
        String[] split = str2.split(IV_SEPARATOR);
        if (split.length != 2) {
            throw new IllegalArgumentException("Passed data is incorrect. There was no IV specified with it.");
        }
        String str3 = split[0];
        String str4 = split[1];
        IvParameterSpec ivParameterSpec = new IvParameterSpec(Base64.decode(str3, 0));
        Key androidKeyStoreSymmetricKey = getAndroidKeyStoreSymmetricKey(str);
        Cipher cipher = Cipher.getInstance(SYMMETRIC_TRANSFORMATION);
        cipher.init(2, androidKeyStoreSymmetricKey, ivParameterSpec);
        return new String(cipher.doFinal(Base64.decode(str4.getBytes(), 0)));
    }

    private void deleteAlias(String str) {
        try {
            this.keyStore.deleteEntry(str);
        } catch (KeyStoreException e) {
            Timber.d(e);
        }
    }

    private String encryptTextAsymmetric(String str, String str2) throws Exception {
        PublicKey publicKey = this.keyStore.getCertificate(str).getPublicKey();
        if (str2.isEmpty()) {
            throw new BlinkKeystoreManagerException("Error attempting to encrypt an empty String");
        }
        Cipher cipher = Cipher.getInstance(ALGORITHM_M, PROVIDER_M);
        cipher.init(1, publicKey);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(str2.getBytes(StandardCharsets.UTF_8));
        cipherOutputStream.close();
        return Base64.encodeToString(byteArrayOutputStream.toByteArray(), 0);
    }

    private String encryptTextSymmetric(String str, String str2) throws Exception {
        createAndroidKeyStoreSymmetricKey(str);
        Key androidKeyStoreSymmetricKey = getAndroidKeyStoreSymmetricKey(str);
        Cipher cipher = Cipher.getInstance(SYMMETRIC_TRANSFORMATION);
        cipher.init(1, androidKeyStoreSymmetricKey);
        return Base64.encodeToString(cipher.getIV(), 0) + IV_SEPARATOR + Base64.encodeToString(cipher.doFinal(str2.getBytes()), 0);
    }

    private void generateAsymmetricKeyPair(String str, Context context) throws InvalidAlgorithmParameterException, NoSuchProviderException, NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM_RSA, KEYSTORE_NAME);
        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 3).setDigests("SHA-256", "SHA-512").setEncryptionPaddings("PKCS1Padding").build());
        keyPairGenerator.generateKeyPair();
    }

    private Key getAndroidKeyStoreSymmetricKey(String str) throws Exception {
        return this.keyStore.getKey(str, null);
    }

    private void sendErrorLog(Exception exc) {
        this.analyticsLogger.logKeyStoreFailure();
    }

    private void setUsesAlternativeEncryption() {
        try {
            deleteAlias("com.immediasemi.android.blink");
            createAndroidKeyStoreSymmetricKey(ALIAS_USES_SYMMETRIC_ENCRYPTION);
        } catch (Exception e) {
            Timber.d(e);
        }
    }

    private boolean usesAlternativeEncryption() {
        try {
            return this.keyStore.containsAlias(ALIAS_USES_SYMMETRIC_ENCRYPTION);
        } catch (KeyStoreException e) {
            Timber.d(e);
            return false;
        }
    }

    public String decryptText(String str) throws BlinkKeystoreManagerException {
        if (TextUtils.isEmpty(str)) {
            return null;
        }
        try {
            return usesAlternativeEncryption() ? decryptTextSymmetric("com.immediasemi.android.blink", str) : decryptTextAsymmetric("com.immediasemi.android.blink", str);
        } catch (Exception e) {
            throw new BlinkKeystoreManagerException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String encryptText(String str) throws BlinkKeystoreManagerException {
        try {
            return usesAlternativeEncryption() ? encryptTextSymmetric("com.immediasemi.android.blink", str) : encryptTextAsymmetric("com.immediasemi.android.blink", str);
        } catch (Exception e) {
            throw new BlinkKeystoreManagerException("Exception " + e.getMessage() + " occurred");
        }
    }

    public void init(Context context) throws BlinkKeystoreManagerException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_NAME);
            this.keyStore = keyStore;
            if (keyStore == null) {
                throw new KeyStoreException("KeyStore is null");
            }
            keyStore.load(null);
            try {
                if (this.keyStore.containsAlias("com.immediasemi.android.blink")) {
                    return;
                }
                if (canPerformAsymmetricEncryption(context)) {
                    generateAsymmetricKeyPair("com.immediasemi.android.blink", context);
                } else {
                    if (!canPerformSymmetricEncryption()) {
                        throw new BlinkKeystoreManagerException("Cannot perform asymmetric or symmetric encryption");
                    }
                    setUsesAlternativeEncryption();
                }
            } catch (Exception e) {
                Timber.d(e);
                sendErrorLog(e);
                throw new BlinkKeystoreManagerException(e.getMessage());
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            throw new BlinkKeystoreManagerException(e2.getMessage());
        }
    }
}
