package com.smithmicro.crypt;

import android.content.Context;
import android.util.Base64;
import com.smithmicro.mnd.SMSIMNDApplication;
import com.smithmicro.nwd.log.MNDLog;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Calendar;
import java.util.Date;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.cert.X509v3CertificateBuilder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.crypto.InvalidCipherTextException;
import org.spongycastle.crypto.digests.SHA512Digest;
import org.spongycastle.crypto.encodings.OAEPEncoding;
import org.spongycastle.operator.ContentSigner;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes.dex */
class KeyStoreManager {
    protected static final String ENCODING_CHARSET = "UTF-8";
    private static final String ISSUER_RFC1779_FORMAT = "OU=%s";
    private static final String LOGTAG = "MNDLOG_JAVA_KeyStoreManager";
    private static final String RFC1779_DN_COUNTRY = "US";
    private static final String RFC1779_DN_LOCALITY = "McCandless Township";
    private static final String RFC1779_DN_ORGANIZATION = "SmithMicro Software Inc";
    private static final String RFC1779_DN_STATE = "PA";
    private static final int RSA_MODULUS_SIZE = 2048;
    private static final String SIGNATURE_ALGORITHM = "SHA1withRSA";
    private static final String SUBJECT_RFC1779_FORMAT = "CN=%s,L=%s,ST=%s,O=%s,C=%s";
    protected Context m_Context;
    protected AlgorithmParameterSpec m_KeyParameterSpec = null;
    protected KeyPairGenerator m_KeyPairGenerator = null;
    protected KeyStore m_KeyStore = null;
    protected int m_SerialNumber = 1;
    private Certificate[] m_CertificateChain = null;
    protected KeyStore.ProtectionParameter m_ProtectionParameter = null;

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyStoreManager() {
        this.m_Context = null;
        MNDLog.v(LOGTAG, "Instantiating KeyStoreManager()");
        this.m_Context = SMSIMNDApplication.getContext();
    }

    private boolean generateCertificate(String str, KeyPair keyPair) {
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        calendar.add(1, 1);
        X500Name x500Name = new X500Name(getIssuerStringForCertificate());
        int i = this.m_SerialNumber + 1;
        this.m_SerialNumber = i;
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, BigInteger.valueOf(i), time, calendar.getTime(), new X500Name(getSubjectStringForCertificate(str)), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        try {
            if (this.m_CertificateChain == null) {
                this.m_CertificateChain = new Certificate[1];
            }
            ContentSigner build = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).build(keyPair.getPrivate());
            if (this.m_CertificateChain == null) {
                return false;
            }
            this.m_CertificateChain[0] = new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(build));
            return true;
        } catch (CertificateException e) {
            handleException(LOGTAG, "generateCertificate()", e);
            return false;
        } catch (OperatorCreationException e2) {
            handleException(LOGTAG, "generateCertificate()", e2);
            return false;
        }
    }

    private String getIssuerStringForCertificate() {
        return String.format(ISSUER_RFC1779_FORMAT, this.m_Context.getPackageName());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void abolish(KeyStoreManager keyStoreManager) {
        moveKeys(keyStoreManager);
        if (this.m_KeyStore != null) {
            try {
                this.m_KeyStore.deleteEntry(Constants.KEY_ALIAS_UID);
                this.m_KeyStore.deleteEntry(Constants.KEY_ALIAS_PID);
            } catch (KeyStoreException e) {
                handleException(LOGTAG, "abolish()", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String decryptValue(String str, String str2) {
        if (str == null || str.isEmpty()) {
            if (str == null) {
                MNDLog.e(LOGTAG, "_decryptValue(), pValueToDecrypt is invalid! . pValueToDecrypt == null");
            }
            if (str.isEmpty()) {
                MNDLog.e(LOGTAG, "_decryptValue(), pValueToDecrypt is invalid! . pValueToDecrypt is Empty");
            }
            MNDLog.e(LOGTAG, "_decryptValue(), returns null");
            return null;
        }
        KeyStore.Entry entryFromKeyStore = getEntryFromKeyStore(str2);
        if (entryFromKeyStore != null) {
            OAEPEncoding oAEPEncoding = new OAEPEncoding(new RSAEncryptionEngine(entryFromKeyStore, false), new SHA512Digest(), new SHA512Digest(), null);
            oAEPEncoding.init(false, null);
            byte[] decode = Base64.decode(str, 2);
            try {
                return new String(oAEPEncoding.processBlock(decode, 0, decode.length), "UTF-8");
            } catch (UnsupportedEncodingException e) {
                handleException(LOGTAG, "_decryptValue()", e);
            } catch (InvalidCipherTextException e2) {
                handleException(LOGTAG, "_decryptValue()", e2);
            }
        }
        MNDLog.e(LOGTAG, "_decryptValue(), returns null. getEntryFromKeyStore(pKeyAlias) is null or exception encountered");
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String encryptValue(String str, String str2) {
        if (str == null || str.isEmpty()) {
            if (str == null) {
                MNDLog.e(LOGTAG, "encryptValue(), pValueToEncrypt is invalid! . pValueToEncrypt == null");
            }
            if (str.isEmpty()) {
                MNDLog.e(LOGTAG, "encryptValue(), pValueToEncrypt is invalid! . pValueToEncrypt is Empty");
            }
            MNDLog.w(LOGTAG, "encryptValue() return null");
            return null;
        }
        generateAndStoreKeys(str2);
        KeyStore.Entry entryFromKeyStore = getEntryFromKeyStore(str2);
        if (entryFromKeyStore == null) {
            MNDLog.w(LOGTAG, "encryptValue() return null .getEntryFromKeyStore(pKeyAlias) is null");
            return null;
        }
        OAEPEncoding oAEPEncoding = new OAEPEncoding(new RSAEncryptionEngine(entryFromKeyStore, false), new SHA512Digest(), new SHA512Digest(), null);
        oAEPEncoding.init(true, null);
        byte[] bArr = null;
        try {
            byte[] bytes = str.getBytes("UTF-8");
            bArr = oAEPEncoding.processBlock(bytes, 0, bytes.length);
        } catch (UnsupportedEncodingException e) {
            handleException(LOGTAG, "_encryptValue()", e);
        } catch (InvalidCipherTextException e2) {
            handleException(LOGTAG, "_encryptValue()", e2);
        }
        return Base64.encodeToString(bArr, 2);
    }

    protected boolean generateAndStoreKeys(String str) {
        if (this.m_KeyPairGenerator == null) {
            try {
                this.m_KeyPairGenerator = KeyPairGenerator.getInstance("RSA");
            } catch (NoSuchAlgorithmException e) {
                handleException(LOGTAG, "generateAndStoreKeys()", e);
                return false;
            }
        }
        KeyPair generateKeyPair = generateKeyPair(str);
        if (generateKeyPair == null || !generateCertificate(str, generateKeyPair)) {
            return false;
        }
        storeKeyPair(str, generateKeyPair.getPrivate(), this.m_CertificateChain);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyPair generateKeyPair(String str) {
        getKeySpec(str);
        if (this.m_KeyParameterSpec == null) {
            MNDLog.e(LOGTAG, "generateKeyPair(), return nullm_KeyParameterSpec is null!");
            return null;
        }
        try {
            if (this.m_KeyPairGenerator != null) {
                this.m_KeyPairGenerator.initialize(this.m_KeyParameterSpec);
                return this.m_KeyPairGenerator.generateKeyPair();
            }
        } catch (IllegalStateException e) {
            MNDLog.d(LOGTAG, "generateKeyPair(), Illegal State as Key pair does not have credentials yet.");
        } catch (InvalidAlgorithmParameterException e2) {
            handleException(LOGTAG, "generateKeyPair()", e2);
        }
        MNDLog.w(LOGTAG, "generateKeyPair(), returns null");
        return null;
    }

    protected KeyStore.Entry getEntryFromKeyStore(String str) {
        KeyStore.Entry entry = null;
        if (this.m_KeyStore == null) {
            MNDLog.e(LOGTAG, "getEntryFromKeyStore(), m_KeyStore is null!");
        } else {
            try {
                entry = this.m_KeyStore.getEntry(str, this.m_ProtectionParameter);
                if (entry == null) {
                    MNDLog.d(LOGTAG, "KeyStore does not have an entry for alias " + str);
                }
            } catch (KeyStoreException e) {
                handleException(LOGTAG, "getEntryFromKeyStore()", e);
            } catch (NoSuchAlgorithmException e2) {
                handleException(LOGTAG, "getEntryFromKeyStore()", e2);
            } catch (UnrecoverableEntryException e3) {
                handleException(LOGTAG, "getEntryFromKeyStore()", e3);
            }
        }
        if (entry == null) {
            MNDLog.w(LOGTAG, "getEntryFromKeyStore(), returns null");
        }
        return entry;
    }

    protected void getKeySpec(String str) {
        if (this.m_KeyParameterSpec == null) {
            this.m_KeyParameterSpec = new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getSubjectStringForCertificate(String str) {
        return String.format(SUBJECT_RFC1779_FORMAT, str, RFC1779_DN_LOCALITY, RFC1779_DN_STATE, RFC1779_DN_ORGANIZATION, RFC1779_DN_COUNTRY);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleException(String str, String str2, Exception exc) {
        MNDLog.e(str, str2 + ": " + exc.toString());
        exc.printStackTrace();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isUnlocked() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void moveKeys(KeyStoreManager keyStoreManager) {
        if (keyStoreManager == null) {
            MNDLog.e(LOGTAG, "moveKeys(), pDestinationKeyStore is null!");
            return;
        }
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) getEntryFromKeyStore(Constants.KEY_ALIAS_UID);
        if (privateKeyEntry != null) {
            keyStoreManager.storeKeyPair(Constants.KEY_ALIAS_UID, privateKeyEntry.getPrivateKey(), privateKeyEntry.getCertificateChain());
        }
        KeyStore.PrivateKeyEntry privateKeyEntry2 = (KeyStore.PrivateKeyEntry) getEntryFromKeyStore(Constants.KEY_ALIAS_PID);
        if (privateKeyEntry2 != null) {
            keyStoreManager.storeKeyPair(Constants.KEY_ALIAS_PID, privateKeyEntry2.getPrivateKey(), privateKeyEntry2.getCertificateChain());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeKeyPair(String str, PrivateKey privateKey, Certificate[] certificateArr) {
        if (this.m_KeyStore == null) {
            MNDLog.e(LOGTAG, "storeKeyPair() Skipping as m_KeyStore is null");
            return;
        }
        try {
            this.m_KeyStore.setEntry(str, new KeyStore.PrivateKeyEntry(privateKey, certificateArr), this.m_ProtectionParameter);
        } catch (KeyStoreException e) {
            handleException(LOGTAG, "storeKeyPair()", e);
        }
    }
}
