package d.a.a.j;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import d.a.a.j.b;
import d.a.a.j.e;
import fi.bitwards.service.common.h;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.Enumeration;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public abstract class a implements d.a.a.j.b {

    /* renamed from: a, reason: collision with root package name */
    private Context f2736a;

    /* renamed from: b, reason: collision with root package name */
    private KeyStore f2737b;

    /* renamed from: d.a.a.j.a$a, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    class RunnableC0086a implements Runnable {

        /* renamed from: b, reason: collision with root package name */
        final /* synthetic */ b.a f2738b;

        RunnableC0086a(b.a aVar) {
            this.f2738b = aVar;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                h.a("BaseCrypto", "Generating device attestation...");
                a.this.b(this.f2738b);
            } catch (Exception e) {
                h.a("BaseCrypto", e.getMessage(), e);
                this.f2738b.a(null);
            }
        }
    }

    /* loaded from: classes.dex */
    class b implements Runnable {

        /* renamed from: b, reason: collision with root package name */
        final /* synthetic */ b.a f2740b;

        b(a aVar, b.a aVar2) {
            this.f2740b = aVar2;
        }

        @Override // java.lang.Runnable
        public void run() {
            this.f2740b.a(fi.bitwards.service.common.f.a().a("attestation"));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class c implements e.f {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ b.a f2741a;

        c(a aVar, b.a aVar2) {
            this.f2741a = aVar2;
        }

        @Override // d.a.a.j.e.f
        public void a(String str) {
            fi.bitwards.service.common.f.a().a("attestation", str);
            this.f2741a.a(str);
        }
    }

    public a(Context context) {
        this.f2736a = null;
        this.f2737b = null;
        try {
            this.f2736a = context;
            this.f2737b = KeyStore.getInstance("AndroidKeyStore");
        } catch (KeyStoreException e) {
            h.a("BaseCrypto", e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void b(b.a aVar) {
        X509Certificate x509Certificate = (X509Certificate) f().getCertificate("bitwards.user_cert");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        messageDigest.reset();
        messageDigest.update(x509Certificate.getEncoded());
        e.a(e(), messageDigest.digest(), new c(this, aVar));
    }

    @Override // d.a.a.j.b
    public void a() {
        try {
            KeyStore f = f();
            Enumeration<String> aliases = f.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                h.a("BaseCrypto", "Deleting '" + nextElement + "'");
                f.deleteEntry(nextElement);
            }
            fi.bitwards.service.common.f.a().a("attestation", (String) null);
            fi.bitwards.service.common.f.a().a("bitwards.user_key", (String) null);
        } catch (Exception e) {
            h.a("BaseCrypto", e.getMessage(), e);
            throw new d.a.a.j.c(e.getMessage());
        }
    }

    @Override // d.a.a.j.b
    public final synchronized void a(b.a aVar) {
        try {
            if (g()) {
                h.e("CryptoHandler").post(new b(this, aVar));
            } else {
                h.a("BaseCrypto", "Generating key pair...");
                Calendar calendar = Calendar.getInstance();
                Date time = calendar.getTime();
                calendar.add(1, 10);
                Date time2 = calendar.getTime();
                if (Build.VERSION.SDK_INT < 23) {
                    KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(e()).setAlias("bitwards.user_cert").setKeyType("RSA").setKeySize(2048).setSubject(new X500Principal("CN=Bitwards KeyApp")).setSerialNumber(BigInteger.ONE).setStartDate(time).setEndDate(time2).setEncryptionRequired().build();
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                    keyPairGenerator.initialize(build);
                    keyPairGenerator.generateKeyPair();
                } else if (Build.VERSION.SDK_INT == 23) {
                    KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                    keyPairGenerator2.initialize(new KeyGenParameterSpec.Builder("bitwards.user_cert", 3).setCertificateSerialNumber(BigInteger.ONE).setKeySize(2048).setCertificateNotBefore(time).setCertificateNotAfter(time2).setCertificateSerialNumber(BigInteger.ONE).setCertificateSubject(new X500Principal("CN=Bitwards KeyApp")).setRandomizedEncryptionRequired(true).setEncryptionPaddings("PKCS1Padding").setBlockModes("ECB").build());
                    keyPairGenerator2.generateKeyPair();
                } else if (Build.VERSION.SDK_INT >= 24) {
                    KeyPairGenerator keyPairGenerator3 = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                    keyPairGenerator3.initialize(new KeyGenParameterSpec.Builder("bitwards.user_cert", 3).setCertificateSerialNumber(BigInteger.ONE).setKeySize(2048).setCertificateNotBefore(time).setCertificateNotAfter(time2).setCertificateSerialNumber(BigInteger.ONE).setCertificateSubject(new X500Principal("CN=Bitwards KeyApp")).setRandomizedEncryptionRequired(true).setEncryptionPaddings("PKCS1Padding").setBlockModes("ECB").build());
                    keyPairGenerator3.generateKeyPair();
                }
                h.e("CryptoHandler").post(new RunnableC0086a(aVar));
            }
        } catch (Exception e) {
            h.a("BaseCrypto", e.getMessage(), e);
            throw new d.a.a.j.c("Keypair generation failed: " + e.getMessage());
        }
    }

    @Override // d.a.a.j.b
    public synchronized String b() {
        return fi.bitwards.service.common.f.a().a("attestation");
    }

    @Override // d.a.a.j.b
    public synchronized Certificate c() {
        try {
        } catch (Exception e) {
            throw new d.a.a.j.c("Certificate not available, call Crypto.init() first", e);
        }
        return f().getCertificate("bitwards.user_cert");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized byte[] c(byte[] bArr) {
        Cipher cipher;
        cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, f().getKey("bitwards.user_cert", null));
        return cipher.doFinal(bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecretKey d(byte[] bArr) {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(4, f().getKey("bitwards.user_cert", null));
        return (SecretKey) cipher.unwrap(bArr, "HmacSHA1", 3);
    }

    protected Context e() {
        return this.f2736a;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyStore f() {
        this.f2737b.load(null);
        return this.f2737b;
    }

    protected boolean g() {
        return f().containsAlias("bitwards.user_cert");
    }
}
