package abi24_0_0.host.exp.exponent.modules.api;

import abi24_0_0.com.facebook.react.bridge.AssertionException;
import abi24_0_0.com.facebook.react.bridge.Promise;
import abi24_0_0.com.facebook.react.bridge.ReactApplicationContext;
import abi24_0_0.com.facebook.react.bridge.ReactContextBaseJavaModule;
import abi24_0_0.com.facebook.react.bridge.ReactMethod;
import abi24_0_0.com.facebook.react.bridge.ReadableMap;
import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.preference.PreferenceManager;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import com.facebook.common.time.Clock;
import host.exp.a.b;
import host.exp.exponent.g.h;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.util.Arrays;
import java.util.Date;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class SecureStoreModule extends ReactContextBaseJavaModule {
    private static final String ALIAS_PROPERTY = "keychainService";
    private static final String KEYSTORE_PROVIDER = "AndroidKeyStore";
    private static final String SCHEME_PROPERTY = "scheme";
    private static final String SHARED_PREFERENCES_NAME = "SecureStore";
    private static final String TAG = SecureStoreModule.class.getSimpleName();
    private AESEncrypter mAESEncrypter;
    private HybridAESEncrypter mHybridAESEncrypter;
    private KeyStore mKeyStore;
    private h mScopedContext;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class AESEncrypter implements KeyBasedEncrypter<KeyStore.SecretKeyEntry> {
        private static final String AES_CIPHER = "AES/GCM/NoPadding";
        private static final int AES_KEY_SIZE_BITS = 256;
        private static final String CIPHERTEXT_PROPERTY = "ct";
        private static final String DEFAULT_ALIAS = "key_v1";
        private static final String GCM_AUTHENTICATION_TAG_LENGTH_PROPERTY = "tlen";
        private static final String IV_PROPERTY = "iv";
        public static final String NAME = "aes";

        private AESEncrypter() {
        }

        @Override // abi24_0_0.host.exp.exponent.modules.api.SecureStoreModule.KeyBasedEncrypter
        public JSONObject createEncryptedItem(String str, KeyStore keyStore, KeyStore.SecretKeyEntry secretKeyEntry) {
            SecretKey secretKey = secretKeyEntry.getSecretKey();
            Cipher cipher = Cipher.getInstance(AES_CIPHER);
            cipher.init(1, secretKey);
            return createEncryptedItem(str, cipher);
        }

        JSONObject createEncryptedItem(String str, Cipher cipher) {
            String encodeToString = Base64.encodeToString(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)), 0);
            GCMParameterSpec gCMParameterSpec = (GCMParameterSpec) cipher.getParameters().getParameterSpec(GCMParameterSpec.class);
            String encodeToString2 = Base64.encodeToString(gCMParameterSpec.getIV(), 0);
            return new JSONObject().put(CIPHERTEXT_PROPERTY, encodeToString).put(IV_PROPERTY, encodeToString2).put(GCM_AUTHENTICATION_TAG_LENGTH_PROPERTY, gCMParameterSpec.getTLen());
        }

        @Override // abi24_0_0.host.exp.exponent.modules.api.SecureStoreModule.KeyBasedEncrypter
        public String decryptItem(JSONObject jSONObject, KeyStore.SecretKeyEntry secretKeyEntry) {
            String string = jSONObject.getString(CIPHERTEXT_PROPERTY);
            String string2 = jSONObject.getString(IV_PROPERTY);
            int i = jSONObject.getInt(GCM_AUTHENTICATION_TAG_LENGTH_PROPERTY);
            byte[] decode = Base64.decode(string, 0);
            GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(i, Base64.decode(string2, 0));
            Cipher cipher = Cipher.getInstance(AES_CIPHER);
            cipher.init(2, secretKeyEntry.getSecretKey(), gCMParameterSpec);
            return new String(cipher.doFinal(decode), StandardCharsets.UTF_8);
        }

        @Override // abi24_0_0.host.exp.exponent.modules.api.SecureStoreModule.KeyBasedEncrypter
        public String getKeyStoreAlias(ReadableMap readableMap) {
            return "AES/GCM/NoPadding:" + (readableMap.hasKey(SecureStoreModule.ALIAS_PROPERTY) ? readableMap.getString(SecureStoreModule.ALIAS_PROPERTY) : DEFAULT_ALIAS);
        }

        @Override // abi24_0_0.host.exp.exponent.modules.api.SecureStoreModule.KeyBasedEncrypter
        @TargetApi(23)
        public KeyStore.SecretKeyEntry initializeKeyStoreEntry(KeyStore keyStore, ReadableMap readableMap) {
            String keyStoreAlias = getKeyStoreAlias(readableMap);
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(keyStoreAlias, 3).setKeySize(AES_KEY_SIZE_BITS).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build();
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", keyStore.getProvider());
            keyGenerator.init(build);
            keyGenerator.generateKey();
            KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore.getEntry(keyStoreAlias, null);
            if (secretKeyEntry == null) {
                throw new UnrecoverableEntryException("Could not retrieve the newly generated secret key entry");
            }
            return secretKeyEntry;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class HybridAESEncrypter implements KeyBasedEncrypter<KeyStore.PrivateKeyEntry> {
        private static final String DEFAULT_ALIAS = "key_v1";
        private static final String ENCRYPTED_SECRET_KEY_PROPERTY = "esk";
        private static final int GCM_AUTHENTICATION_TAG_LENGTH_BITS = 128;
        private static final int GCM_IV_LENGTH_BYTES = 12;
        public static final String NAME = "hybrid";
        private static final String RSA_CIPHER = "RSA/None/PKCS1Padding";
        private static final String RSA_CIPHER_LEGACY_PROVIDER = "AndroidOpenSSL";
        private static final int X509_SERIAL_NUMBER_LENGTH_BITS = 160;
        private AESEncrypter mAESEncrypter;
        private Context mContext;
        private SecureRandom mSecureRandom = new SecureRandom();

        public HybridAESEncrypter(Context context, AESEncrypter aESEncrypter) {
            this.mContext = context;
            this.mAESEncrypter = aESEncrypter;
        }

        private Cipher getRSACipher() {
            return Build.VERSION.SDK_INT < 23 ? Cipher.getInstance(RSA_CIPHER, RSA_CIPHER_LEGACY_PROVIDER) : Cipher.getInstance(RSA_CIPHER);
        }

        @Override // abi24_0_0.host.exp.exponent.modules.api.SecureStoreModule.KeyBasedEncrypter
        public JSONObject createEncryptedItem(String str, KeyStore keyStore, KeyStore.PrivateKeyEntry privateKeyEntry) {
            byte[] bArr = new byte[12];
            this.mSecureRandom.nextBytes(bArr);
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            SecretKey generateKey = keyGenerator.generateKey();
            GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(GCM_AUTHENTICATION_TAG_LENGTH_BITS, bArr);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, generateKey, gCMParameterSpec);
            JSONObject createEncryptedItem = this.mAESEncrypter.createEncryptedItem(str, cipher);
            String string = createEncryptedItem.getString("iv");
            String encodeToString = Base64.encodeToString(bArr, 0);
            if (!string.equals(encodeToString)) {
                Log.e(SecureStoreModule.TAG, String.format("HybridAESEncrypter generated two different IVs: %s and %s", encodeToString, string));
                throw new AssertionException("HybridAESEncrypter must store the same IV as the one used to parameterize the secret key");
            }
            byte[] encoded = generateKey.getEncoded();
            Cipher rSACipher = getRSACipher();
            rSACipher.init(1, privateKeyEntry.getCertificate());
            return createEncryptedItem.put(ENCRYPTED_SECRET_KEY_PROPERTY, Base64.encodeToString(rSACipher.doFinal(encoded), 0));
        }

        @Override // abi24_0_0.host.exp.exponent.modules.api.SecureStoreModule.KeyBasedEncrypter
        public String decryptItem(JSONObject jSONObject, KeyStore.PrivateKeyEntry privateKeyEntry) {
            byte[] decode = Base64.decode(jSONObject.getString(ENCRYPTED_SECRET_KEY_PROPERTY), 0);
            Cipher rSACipher = getRSACipher();
            rSACipher.init(2, privateKeyEntry.getPrivateKey());
            return this.mAESEncrypter.decryptItem(jSONObject, new KeyStore.SecretKeyEntry(new SecretKeySpec(rSACipher.doFinal(decode), "AES")));
        }

        @Override // abi24_0_0.host.exp.exponent.modules.api.SecureStoreModule.KeyBasedEncrypter
        public String getKeyStoreAlias(ReadableMap readableMap) {
            return "RSA/None/PKCS1Padding:" + (readableMap.hasKey(SecureStoreModule.ALIAS_PROPERTY) ? readableMap.getString(SecureStoreModule.ALIAS_PROPERTY) : DEFAULT_ALIAS);
        }

        @Override // abi24_0_0.host.exp.exponent.modules.api.SecureStoreModule.KeyBasedEncrypter
        public KeyStore.PrivateKeyEntry initializeKeyStoreEntry(KeyStore keyStore, ReadableMap readableMap) {
            String keyStoreAlias = getKeyStoreAlias(readableMap);
            KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.mContext).setAlias(keyStoreAlias).setSubject(new X500Principal("CN=" + ('\"' + keyStoreAlias.replace("\\", "\\\\").replace("\"", "\\\"") + '\"') + ", OU=SecureStore")).setSerialNumber(new BigInteger(X509_SERIAL_NUMBER_LENGTH_BITS, this.mSecureRandom)).setStartDate(new Date(0L)).setEndDate(new Date(Clock.MAX_TIME)).build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", keyStore.getProvider());
            keyPairGenerator.initialize(build);
            Provider e = b.e();
            int indexOf = Arrays.asList(Security.getProviders()).indexOf(e) + 1;
            if (indexOf > 0) {
                Security.removeProvider(e.getName());
            }
            try {
                keyPairGenerator.generateKeyPair();
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(keyStoreAlias, null);
                if (privateKeyEntry == null) {
                    throw new UnrecoverableEntryException("Could not retrieve the newly generated private key entry");
                }
                return privateKeyEntry;
            } finally {
                if (indexOf > 0) {
                    Security.insertProviderAt(e, indexOf);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public interface KeyBasedEncrypter<E extends KeyStore.Entry> {
        JSONObject createEncryptedItem(String str, KeyStore keyStore, E e);

        String decryptItem(JSONObject jSONObject, E e);

        String getKeyStoreAlias(ReadableMap readableMap);

        E initializeKeyStoreEntry(KeyStore keyStore, ReadableMap readableMap);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class LegacySDK20Encrypter {
        private static final String DEFAULT_ALIAS = "MY_APP";
        private static final String RSA_CIPHER = "RSA/ECB/PKCS1Padding";

        private LegacySDK20Encrypter() {
        }

        public String decryptItem(String str, KeyStore.PrivateKeyEntry privateKeyEntry) {
            byte[] decode = Base64.decode(str, 0);
            Cipher cipher = Cipher.getInstance(RSA_CIPHER);
            cipher.init(2, privateKeyEntry.getPrivateKey());
            return new String(cipher.doFinal(decode), StandardCharsets.UTF_8);
        }

        public String getKeyStoreAlias(ReadableMap readableMap) {
            return readableMap.hasKey(SecureStoreModule.ALIAS_PROPERTY) ? readableMap.getString(SecureStoreModule.ALIAS_PROPERTY) : DEFAULT_ALIAS;
        }
    }

    public SecureStoreModule(ReactApplicationContext reactApplicationContext, h hVar) {
        super(reactApplicationContext);
        this.mScopedContext = hVar;
        this.mAESEncrypter = new AESEncrypter();
        this.mHybridAESEncrypter = new HybridAESEncrypter(this.mScopedContext, this.mAESEncrypter);
    }

    private void deleteItemImpl(String str, ReadableMap readableMap, Promise promise) {
        boolean z = true;
        SharedPreferences sharedPreferences = getSharedPreferences();
        boolean z2 = sharedPreferences.contains(str) ? sharedPreferences.edit().remove(str).commit() : true;
        SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(this.mScopedContext);
        if (!defaultSharedPreferences.contains(str)) {
            z = z2;
        } else if (!defaultSharedPreferences.edit().remove(str).commit() || !z2) {
            z = false;
        }
        if (z) {
            promise.resolve(null);
        } else {
            promise.reject("E_SECURESTORE_DELETE_ERROR", "Could not delete the item from SecureStore");
        }
    }

    private void getItemImpl(String str, ReadableMap readableMap, Promise promise) {
        SharedPreferences sharedPreferences = getSharedPreferences();
        if (sharedPreferences.contains(str)) {
            readJSONEncodedItem(str, sharedPreferences, readableMap, promise);
        } else {
            readLegacySDK20Item(str, readableMap, promise);
        }
    }

    private <E extends KeyStore.Entry> E getKeyEntry(Class<E> cls, KeyBasedEncrypter<E> keyBasedEncrypter, ReadableMap readableMap) {
        KeyStore keyStore = getKeyStore();
        String keyStoreAlias = keyBasedEncrypter.getKeyStoreAlias(readableMap);
        if (!keyStore.containsAlias(keyStoreAlias)) {
            return keyBasedEncrypter.initializeKeyStoreEntry(keyStore, readableMap);
        }
        KeyStore.Entry entry = keyStore.getEntry(keyStoreAlias, null);
        if (cls.isInstance(entry)) {
            return cls.cast(entry);
        }
        throw new KeyStoreException(String.format("The entry for the keystore alias \"%s\" is not a %s", keyStoreAlias, cls.getSimpleName()));
    }

    private KeyStore getKeyStore() {
        if (this.mKeyStore == null) {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_PROVIDER);
            keyStore.load(null);
            this.mKeyStore = keyStore;
        }
        return this.mKeyStore;
    }

    private SharedPreferences getSharedPreferences() {
        return this.mScopedContext.getSharedPreferences(SHARED_PREFERENCES_NAME, 0);
    }

    private void readJSONEncodedItem(String str, SharedPreferences sharedPreferences, ReadableMap readableMap, Promise promise) {
        String decryptItem;
        String string = sharedPreferences.getString(str, null);
        try {
            JSONObject jSONObject = new JSONObject(string);
            String optString = jSONObject.optString(SCHEME_PROPERTY);
            if (optString == null) {
                Log.e(TAG, String.format("Stored JSON object is missing a scheme (key = %s, value = %s)", str, string));
                promise.reject("E_SECURESTORE_DECODE_ERROR", "Could not find the encryption scheme used for SecureStore item");
                return;
            }
            char c = 65535;
            try {
                switch (optString.hashCode()) {
                    case -1202757124:
                        if (optString.equals("hybrid")) {
                            c = 1;
                            break;
                        }
                        break;
                    case 96463:
                        if (optString.equals("aes")) {
                            c = 0;
                            break;
                        }
                        break;
                }
                switch (c) {
                    case 0:
                        decryptItem = this.mAESEncrypter.decryptItem(jSONObject, (KeyStore.SecretKeyEntry) getKeyEntry(KeyStore.SecretKeyEntry.class, this.mAESEncrypter, readableMap));
                        break;
                    case 1:
                        decryptItem = this.mHybridAESEncrypter.decryptItem(jSONObject, (KeyStore.PrivateKeyEntry) getKeyEntry(KeyStore.PrivateKeyEntry.class, this.mHybridAESEncrypter, readableMap));
                        break;
                    default:
                        String format = String.format("The item for key \"%s\" in SecureStore has an unknown encoding scheme (%s)", str, optString);
                        Log.e(TAG, format);
                        promise.reject("E_SECURESTORE_DECODE_ERROR", format);
                        return;
                }
                promise.resolve(decryptItem);
            } catch (IOException e) {
                Log.w(TAG, e);
                promise.reject("E_SECURESTORE_IO_ERROR", "There was an I/O error loading the keystore for SecureStore", e);
            } catch (GeneralSecurityException e2) {
                Log.w(TAG, e2);
                promise.reject("E_SECURESTORE_DECRYPT_ERROR", "Could not decrypt the item in SecureStore", e2);
            } catch (JSONException e3) {
                Log.w(TAG, e3);
                promise.reject("E_SECURESTORE_DECODE_ERROR", "Could not decode the encrypted JSON item in SecureStore", e3);
            }
        } catch (JSONException e4) {
            Log.e(TAG, String.format("Could not parse stored value as JSON (key = %s, value = %s)", str, string), e4);
            promise.reject("E_SECURESTORE_JSON_ERROR", "Could not parse the encrypted JSON item in SecureStore");
        }
    }

    private void readLegacySDK20Item(String str, ReadableMap readableMap, Promise promise) {
        String string = PreferenceManager.getDefaultSharedPreferences(this.mScopedContext).getString(str, null);
        if (TextUtils.isEmpty(string)) {
            promise.resolve(null);
            return;
        }
        LegacySDK20Encrypter legacySDK20Encrypter = new LegacySDK20Encrypter();
        try {
            KeyStore keyStore = getKeyStore();
            String keyStoreAlias = legacySDK20Encrypter.getKeyStoreAlias(readableMap);
            if (keyStore.containsAlias(keyStoreAlias)) {
                KeyStore.Entry entry = keyStore.getEntry(keyStoreAlias, null);
                if (entry instanceof KeyStore.PrivateKeyEntry) {
                    promise.resolve(legacySDK20Encrypter.decryptItem(string, (KeyStore.PrivateKeyEntry) entry));
                } else {
                    promise.reject("E_SECURESTORE_DECRYPT_ERROR", "The keystore entry for the legacy item is not a private key entry");
                }
            } else {
                promise.reject("E_SECURESTORE_DECRYPT_ERROR", "Could not find the keystore entry to decrypt the legacy item in SecureStore");
            }
        } catch (IOException e) {
            Log.w(TAG, e);
            promise.reject("E_SECURESTORE_IO_ERROR", "There was an I/O error loading the keystore for SecureStore", e);
        } catch (GeneralSecurityException e2) {
            Log.w(TAG, e2);
            promise.reject("E_SECURESTORE_DECRYPT_ERROR", "Could not decrypt the item in SecureStore", e2);
        }
    }

    private void setItemImpl(String str, String str2, ReadableMap readableMap, Promise promise) {
        JSONObject createEncryptedItem;
        if (str == null) {
            promise.reject("E_SECURESTORE_NULL_KEY", "SecureStore keys must not be null");
            return;
        }
        SharedPreferences sharedPreferences = this.mScopedContext.getSharedPreferences(SHARED_PREFERENCES_NAME, 0);
        if (str2 == null) {
            if (sharedPreferences.edit().putString(str, null).commit()) {
                promise.resolve(null);
                return;
            } else {
                promise.reject("E_SECURESTORE_WRITE_ERROR", "Could not write a null value to SecureStore");
                return;
            }
        }
        try {
            KeyStore keyStore = getKeyStore();
            if (Build.VERSION.SDK_INT >= 23) {
                createEncryptedItem = this.mAESEncrypter.createEncryptedItem(str2, keyStore, (KeyStore.SecretKeyEntry) getKeyEntry(KeyStore.SecretKeyEntry.class, this.mAESEncrypter, readableMap));
                createEncryptedItem.put(SCHEME_PROPERTY, "aes");
            } else {
                createEncryptedItem = this.mHybridAESEncrypter.createEncryptedItem(str2, keyStore, (KeyStore.PrivateKeyEntry) getKeyEntry(KeyStore.PrivateKeyEntry.class, this.mHybridAESEncrypter, readableMap));
                createEncryptedItem.put(SCHEME_PROPERTY, "hybrid");
            }
            String jSONObject = createEncryptedItem.toString();
            if (jSONObject == null) {
                promise.reject("E_SECURESTORE_JSON_ERROR", "Could not JSON-encode the encrypted item for SecureStore");
            } else if (sharedPreferences.edit().putString(str, jSONObject).commit()) {
                promise.resolve(null);
            } else {
                promise.reject("E_SECURESTORE_WRITE_ERROR", "Could not write encrypted JSON to SecureStore");
            }
        } catch (IOException e) {
            Log.w(TAG, e);
            promise.reject("E_SECURESTORE_IO_ERROR", "There was an I/O error loading the keystore for SecureStore", e);
        } catch (GeneralSecurityException e2) {
            Log.w(TAG, e2);
            promise.reject("E_SECURESTORE_ENCRYPT_ERROR", "Could not encrypt the value for SecureStore", e2);
        } catch (JSONException e3) {
            Log.w(TAG, e3);
            promise.reject("E_SECURESTORE_ENCODE_ERROR", "Could not create an encrypted JSON item for SecureStore", e3);
        }
    }

    @ReactMethod
    public void deleteValueWithKeyAsync(String str, ReadableMap readableMap, Promise promise) {
        try {
            deleteItemImpl(str, readableMap, promise);
        } catch (Exception e) {
            Log.e(TAG, "Caught unexpected exception when deleting from SecureStore", e);
            promise.reject("E_SECURESTORE_DELETE_ERROR", "An unexpected error occurred when deleting item from SecureStore", e);
        }
    }

    @Override // abi24_0_0.com.facebook.react.bridge.NativeModule
    public String getName() {
        return "ExponentSecureStore";
    }

    @ReactMethod
    public void getValueWithKeyAsync(String str, ReadableMap readableMap, Promise promise) {
        try {
            getItemImpl(str, readableMap, promise);
        } catch (Exception e) {
            Log.e(TAG, "Caught unexpected exception when reading from SecureStore", e);
            promise.reject("E_SECURESTORE_READ_ERROR", "An unexpected error occurred when reading from SecureStore", e);
        }
    }

    @ReactMethod
    public void setValueWithKeyAsync(String str, String str2, ReadableMap readableMap, Promise promise) {
        try {
            setItemImpl(str2, str, readableMap, promise);
        } catch (Exception e) {
            Log.e(TAG, "Caught unexpected exception when writing to SecureStore", e);
            promise.reject("E_SECURESTORE_WRITE_ERROR", "An unexpected error occurred when writing to SecureStore", e);
        }
    }
}
