package com.newequityproductions.nep.utils;

import android.annotation.SuppressLint;
import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.GregorianCalendar;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.security.auth.x500.X500Principal;

@TargetApi(23)
/* loaded from: classes.dex */
public class EncryptionKeyStore {
    private static final String CIPHER;
    private static final String CIPHER_API_18 = "RSA/ECB/PKCS1Padding";
    private static final String CIPHER_API_23 = "AES/CBC/PKCS7Padding";
    private static final String KEYSTORE_PROVIDER_NAME = "AndroidKeyStore";
    private static final String KEY_ALIAS = "_alias_nep_realm_key";
    private static final String KEY_COMMON_NAME = "RealmEncryption";
    private static final ByteOrder ORDER_FOR_ENCRYPTED_DATA;
    private static final String STORAGE_PREF_KEY = "iv_and_encrypted_key";
    private static final String STORAGE_PREF_NAME = "db_tm.realm_key";
    private static final String TYPE_RSA = "RSA";
    private static EncryptionKeyStore sInstance;
    private final SecureRandom mSecureRandom = new SecureRandom();
    private final KeyStore mKeyStore = prepareKeyStore();

    static {
        CIPHER = isApi23() ? CIPHER_API_23 : CIPHER_API_18;
        ORDER_FOR_ENCRYPTED_DATA = ByteOrder.BIG_ENDIAN;
    }

    private EncryptionKeyStore() {
    }

    private byte[] decryptKeyForRealm(byte[] bArr) {
        Cipher prepareCipher = prepareCipher();
        KeyStore prepareKeyStore = prepareKeyStore();
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        wrap.order(ORDER_FOR_ENCRYPTED_DATA);
        int i = wrap.getInt();
        byte[] bArr2 = i > 0 ? new byte[i] : null;
        byte[] bArr3 = new byte[(bArr.length - 32) - i];
        if (bArr2 != null) {
            wrap.get(bArr2);
        }
        wrap.get(bArr3);
        try {
            Key key = prepareKeyStore.getKey(KEY_ALIAS, null);
            if (bArr2 != null) {
                prepareCipher.init(2, key, new IvParameterSpec(bArr2));
            } else {
                prepareCipher.init(2, key);
            }
            return prepareCipher.doFinal(bArr3);
        } catch (InvalidAlgorithmParameterException e) {
            e = e;
            throw new RuntimeException(e);
        } catch (InvalidKeyException unused) {
            throw new RuntimeException("key is invalid.");
        } catch (KeyStoreException e2) {
            e = e2;
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            throw new RuntimeException(e);
        } catch (UnrecoverableKeyException e4) {
            e = e4;
            throw new RuntimeException(e);
        } catch (BadPaddingException e5) {
            e = e5;
            throw new RuntimeException(e);
        } catch (IllegalBlockSizeException e6) {
            e = e6;
            throw new RuntimeException(e);
        }
    }

    private byte[] encryptAndSaveKeyForRealm(Context context, byte[] bArr) {
        Key publicKey;
        KeyStore prepareKeyStore = prepareKeyStore();
        Cipher prepareCipher = prepareCipher();
        try {
            if (isApi23()) {
                publicKey = prepareKeyStore.getKey(KEY_ALIAS, null);
            } else {
                try {
                    publicKey = ((KeyStore.PrivateKeyEntry) prepareKeyStore.getEntry(KEY_ALIAS, null)).getCertificate().getPublicKey();
                } catch (UnrecoverableEntryException e) {
                    throw new RuntimeException("key for encryption is invalid", e);
                }
            }
            prepareCipher.init(1, publicKey);
            byte[] doFinal = prepareCipher.doFinal(bArr);
            byte[] iv = prepareCipher.getIV();
            int length = iv != null ? iv.length : 0;
            byte[] bArr2 = new byte[length + 32 + doFinal.length];
            ByteBuffer wrap = ByteBuffer.wrap(bArr2);
            wrap.order(ORDER_FOR_ENCRYPTED_DATA);
            wrap.putInt(length);
            if (length > 0) {
                wrap.put(iv);
            }
            wrap.put(doFinal);
            saveEncryptedRealmKey(context, bArr2);
            return bArr2;
        } catch (InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | BadPaddingException | IllegalBlockSizeException e2) {
            throw new RuntimeException("key for encryption is invalid", e2);
        }
    }

    private static void ensureInstance() {
        if (sInstance == null) {
            sInstance = new EncryptionKeyStore();
        }
    }

    private byte[] generateKeyForRealm() {
        byte[] bArr = new byte[64];
        this.mSecureRandom.nextBytes(bArr);
        return bArr;
    }

    private void generateKeyInKeystore(Context context) {
        try {
            try {
                if (isApi23()) {
                    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", KEYSTORE_PROVIDER_NAME);
                    try {
                        keyGenerator.init(new KeyGenParameterSpec.Builder(KEY_ALIAS, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setUserAuthenticationRequired(false).build());
                        keyGenerator.generateKey();
                        return;
                    } catch (InvalidAlgorithmParameterException e) {
                        throw new RuntimeException(e);
                    }
                }
                GregorianCalendar gregorianCalendar = new GregorianCalendar();
                GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
                gregorianCalendar2.add(1, 25);
                KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias(KEY_ALIAS).setSubject(new X500Principal("CN=RealmEncryption")).setSerialNumber(BigInteger.valueOf(1337L)).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build();
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(TYPE_RSA, KEYSTORE_PROVIDER_NAME);
                keyPairGenerator.initialize(build);
                keyPairGenerator.generateKeyPair();
            } catch (InvalidAlgorithmParameterException e2) {
                e = e2;
                throw new RuntimeException(e);
            }
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            throw new RuntimeException(e);
        } catch (NoSuchProviderException e4) {
            e = e4;
            throw new RuntimeException(e);
        }
    }

    public static byte[] generateOrGetRealmEncryptionKey(Context context) {
        byte[] encryptAndSaveKeyForRealm;
        ensureInstance();
        Context applicationContext = context.getApplicationContext();
        byte[] loadEncryptedRealmKey = sInstance.loadEncryptedRealmKey(applicationContext);
        if (loadEncryptedRealmKey == null || !sInstance.keystoreContainsEncryptionKey()) {
            byte[] generateKeyForRealm = sInstance.generateKeyForRealm();
            sInstance.generateKeyInKeystore(context);
            encryptAndSaveKeyForRealm = sInstance.encryptAndSaveKeyForRealm(applicationContext, generateKeyForRealm);
            Arrays.fill(generateKeyForRealm, (byte) 0);
        } else {
            encryptAndSaveKeyForRealm = loadEncryptedRealmKey;
        }
        return sInstance.decryptKeyForRealm(encryptAndSaveKeyForRealm);
    }

    private SharedPreferences getPreference(Context context) {
        return context.getSharedPreferences(STORAGE_PREF_NAME, 0);
    }

    private static boolean isApi23() {
        return Build.VERSION.SDK_INT >= 23;
    }

    private boolean keystoreContainsEncryptionKey() {
        try {
            return this.mKeyStore.containsAlias(KEY_ALIAS);
        } catch (KeyStoreException e) {
            throw new RuntimeException(e);
        }
    }

    private byte[] loadEncryptedRealmKey(Context context) {
        String string = getPreference(context).getString(STORAGE_PREF_KEY, null);
        if (string == null) {
            return null;
        }
        return Base64.decode(string, 0);
    }

    private Cipher prepareCipher() {
        try {
            return Cipher.getInstance(CIPHER);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new RuntimeException(e);
        }
    }

    private KeyStore prepareKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_PROVIDER_NAME);
            keyStore.load(null);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    @SuppressLint({"CommitPrefEdits"})
    public static void reset(Context context) {
        ensureInstance();
        sInstance.getPreference(context).edit().clear().apply();
    }

    private void saveEncryptedRealmKey(Context context, byte[] bArr) {
        getPreference(context).edit().putString(STORAGE_PREF_KEY, Base64.encodeToString(bArr, 2)).apply();
    }
}
