package com.tado.android.security;

import android.content.SharedPreferences;
import android.security.KeyPairGeneratorSpec;
import android.support.annotation.RequiresApi;
import android.text.TextUtils;
import android.util.Base64;
import com.tado.android.app.TadoApplication;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

@RequiresApi(api = 18)
/* loaded from: classes.dex */
class LollipopLegacyKeyProvider extends KeyProvider {
    private static final String AES_MODE_LESS_THAN_M = "AES/ECB/PKCS7Padding";
    private static final String CIPHER_PROVIDER_NAME_ENCRYPTION_DECRYPTION_AES = "BC";
    private static final String CIPHER_PROVIDER_NAME_ENCRYPTION_DECRYPTION_RSA = "AndroidOpenSSL";
    private static final String ENCRYPTED_KEY_NAME = "EncryptedKeysKeyName";
    private static final String RSA_ALGORITHM_NAME = "RSA";
    private static final String RSA_MODE = "RSA/ECB/PKCS1Padding";
    private static final String SHARED_PREFERENCE_NAME = "KeysSharedPreferences";

    private SharedPreferences getSharedPreferences() {
        return TadoApplication.getTadoAppContext().getSharedPreferences(SHARED_PREFERENCE_NAME, 0);
    }

    private String getStoredKey() {
        return getSharedPreferences().getString(ENCRYPTED_KEY_NAME, null);
    }

    private boolean isKeyStored() {
        return !TextUtils.isEmpty(getStoredKey());
    }

    private void removeSavedSharedPreferences() {
        getSharedPreferences().edit().clear().apply();
    }

    private byte[] rsaDecryptKey(byte[] bArr) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, UnrecoverableEntryException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException {
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) TadoSecurity.getKeyStore().getEntry("keyAlias", null);
        Cipher cipher = Cipher.getInstance(RSA_MODE, CIPHER_PROVIDER_NAME_ENCRYPTION_DECRYPTION_RSA);
        cipher.init(2, privateKeyEntry.getPrivateKey());
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        byte[] bArr2 = new byte[arrayList.size()];
        for (int i = 0; i < bArr2.length; i++) {
            bArr2[i] = ((Byte) arrayList.get(i)).byteValue();
        }
        return bArr2;
    }

    private byte[] rsaEncryptKey(byte[] bArr) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, NoSuchProviderException, NoSuchPaddingException, UnrecoverableEntryException, InvalidKeyException {
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) TadoSecurity.getKeyStore().getEntry("keyAlias", null);
        Cipher cipher = Cipher.getInstance(RSA_MODE, CIPHER_PROVIDER_NAME_ENCRYPTION_DECRYPTION_RSA);
        cipher.init(1, privateKeyEntry.getCertificate().getPublicKey());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(bArr);
        cipherOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    private void saveEncryptedKey() throws CertificateException, NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, UnrecoverableEntryException, IOException {
        SharedPreferences sharedPreferences = getSharedPreferences();
        if (getStoredKey() == null) {
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            String encodeToString = Base64.encodeToString(rsaEncryptKey(bArr), 0);
            SharedPreferences.Editor edit = sharedPreferences.edit();
            edit.putString(ENCRYPTED_KEY_NAME, encodeToString);
            edit.apply();
        }
    }

    @Override // com.tado.android.security.KeyProvider
    public void generateKey() throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, CertificateException, UnrecoverableEntryException, NoSuchPaddingException, KeyStoreException, InvalidKeyException, IOException, IllegalStateException {
        removeSavedSharedPreferences();
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 30);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(TadoApplication.getTadoAppContext()).setAlias("keyAlias").setSubject(new X500Principal("CN=keyAlias")).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA_ALGORITHM_NAME, "AndroidKeyStore");
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
        saveEncryptedKey();
    }

    @Override // com.tado.android.security.KeyProvider
    Cipher getCipher() throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException {
        return Cipher.getInstance(AES_MODE_LESS_THAN_M, CIPHER_PROVIDER_NAME_ENCRYPTION_DECRYPTION_AES);
    }

    @Override // com.tado.android.security.KeyProvider
    public Key getSecretKey() throws CertificateException, NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, UnrecoverableEntryException, IOException {
        if (isKeyStored()) {
            return new SecretKeySpec(rsaDecryptKey(Base64.decode(getStoredKey(), 0)), "AES");
        }
        try {
            generateKey();
            return getSecretKey();
        } catch (Exception unused) {
            return null;
        }
    }

    @Override // com.tado.android.security.KeyProvider
    void initCipher(Cipher cipher, int i, Key key) throws InvalidKeyException {
        cipher.init(i, key);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.tado.android.security.KeyProvider
    public boolean isValidKey(KeyStore.Entry entry) {
        return (entry instanceof KeyStore.PrivateKeyEntry) && isKeyStored();
    }
}
