package com.everykey.android.utils.securestorage;

import android.annotation.SuppressLint;
import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.preference.PreferenceManager;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyProtection;
import android.util.Base64;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.Calendar;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class a {
    private static final String a = "a";
    private static a b;
    private KeyStore c = KeyStore.getInstance("AndroidKeyStore");
    private SecretKey d;

    private a() {
        this.c.load(null);
    }

    private a(Context context) {
        this.c.load(null);
        if (Build.VERSION.SDK_INT >= 23) {
            d(context);
        } else {
            c(context);
        }
    }

    public static a a(Context context) {
        if (b == null) {
            try {
                b = b(context);
            } catch (Exception e) {
                com.everykey.android.b.a.b(a, "Cannot initialize keystore: ", e);
                throw new RuntimeException(e);
            }
        }
        return b;
    }

    @TargetApi(23)
    private void a() {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder("/everykey/secureData/aes", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(128).setRandomizedEncryptionRequired(false).build());
        keyGenerator.generateKey();
    }

    @SuppressLint({"ApplySharedPref"})
    private void a(Context context, byte[] bArr) {
        PreferenceManager.getDefaultSharedPreferences(context).edit().putString("PRE_23_PREFS_AES", Base64.encodeToString(bArr, 0)).commit();
    }

    private byte[] a(byte[] bArr) {
        PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) this.c.getEntry("/everykey/secureData/rsa", null)).getPrivateKey();
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidKeyStoreBCWorkaround");
        cipher.init(2, privateKey);
        return cipher.doFinal(bArr);
    }

    private static a b(Context context) {
        try {
            return new a(context);
        } catch (IOException e) {
            com.everykey.android.b.a.b(a, "Could not load keystore.", e);
            throw new d(e);
        } catch (InvalidAlgorithmParameterException e2) {
            e = e2;
            com.everykey.android.b.a.b(a, "Keystore not supported.", e);
            throw new e(e);
        } catch (InvalidKeyException e3) {
            e = e3;
            com.everykey.android.b.a.b(a, "Could not perform crypto with keystore data.", e);
            throw new b(e);
        } catch (KeyStoreException e4) {
            e = e4;
            com.everykey.android.b.a.b(a, "Keystore not supported.", e);
            throw new e(e);
        } catch (NoSuchAlgorithmException e5) {
            e = e5;
            com.everykey.android.b.a.b(a, "Keystore not supported.", e);
            throw new e(e);
        } catch (NoSuchProviderException e6) {
            e = e6;
            com.everykey.android.b.a.b(a, "Keystore not supported.", e);
            throw new e(e);
        } catch (UnrecoverableEntryException e7) {
            e = e7;
            com.everykey.android.b.a.b(a, "Could not perform crypto with keystore data.", e);
            throw new b(e);
        } catch (CertificateException e8) {
            e = e8;
            com.everykey.android.b.a.b(a, "Could not perform crypto with keystore data.", e);
            throw new b(e);
        } catch (BadPaddingException e9) {
            e = e9;
            com.everykey.android.b.a.b(a, "Could not perform crypto with keystore data.", e);
            throw new b(e);
        } catch (IllegalBlockSizeException e10) {
            e = e10;
            com.everykey.android.b.a.b(a, "Could not perform crypto with keystore data.", e);
            throw new b(e);
        } catch (NoSuchPaddingException e11) {
            e = e11;
            com.everykey.android.b.a.b(a, "Keystore not supported.", e);
            throw new e(e);
        }
    }

    @TargetApi(21)
    private Cipher b(int i, byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
            cipher.init(i, this.d, new GCMParameterSpec(bArr.length * 8, bArr));
            return cipher;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    private SecretKey b() {
        return (SecretKey) this.c.getKey("/everykey/secureData/aes", null);
    }

    private byte[] b(byte[] bArr) {
        PublicKey publicKey = ((KeyStore.PrivateKeyEntry) this.c.getEntry("/everykey/secureData/rsa", null)).getCertificate().getPublicKey();
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(1, publicKey);
        return cipher.doFinal(bArr);
    }

    private Cipher c(int i, byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "AndroidKeyStoreBCWorkaround");
            cipher.init(i, this.d, new GCMParameterSpec(bArr.length * 8, bArr));
            return cipher;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    private void c(Context context) {
        if (!this.c.containsAlias("/everykey/secureData/rsa")) {
            f(context);
            a(context, b(c()));
        }
        this.d = g(context);
    }

    private byte[] c() {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(128);
        return keyGenerator.generateKey().getEncoded();
    }

    @TargetApi(23)
    private void d(Context context) {
        if (h(context) != null) {
            e(context);
        }
        if (!this.c.containsAlias("/everykey/secureData/aes")) {
            a();
        }
        this.d = b();
    }

    @TargetApi(23)
    private void e(Context context) {
        this.c.setEntry("/everykey/secureData/aes", new KeyStore.SecretKeyEntry(new SecretKeySpec(a(h(context)), "AES")), new KeyProtection.Builder(3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build());
        this.c.deleteEntry("/everykey/secureData/rsa");
        PreferenceManager.getDefaultSharedPreferences(context).edit().remove("PRE_23_PREFS_AES").apply();
    }

    private void f(Context context) {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 100);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias("/everykey/secureData/rsa").setSubject(new X500Principal("CN=/everykey/secureData/rsa")).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
    }

    private SecretKey g(Context context) {
        byte[] h = h(context);
        if (h != null) {
            return new SecretKeySpec(a(h), "AES/GCM/NoPadding");
        }
        throw new b("No AES key stored in preferences.");
    }

    private byte[] h(Context context) {
        String string = PreferenceManager.getDefaultSharedPreferences(context).getString("PRE_23_PREFS_AES", null);
        if (string == null) {
            return null;
        }
        return Base64.decode(string, 0);
    }

    public Cipher a(int i, byte[] bArr) {
        return Build.VERSION.SDK_INT >= 23 ? c(i, bArr) : b(i, bArr);
    }
}
