package jp.co.rakuten.sdtd.user.internal;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.VisibleForTesting;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.util.Arrays;
import java.util.Calendar;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
public final class EncryptedDataStore {
    private final Context context;
    private final String name;
    private final SharedPreferences prefs;
    private static final Logger LOGGER = new Logger("EncryptedDataStore");
    private static int BASE64_FLAGS = 11;
    private static final SecretKeySpec FIXED_KEY = new SecretKeySpec(new byte[]{108, -43, 110, 13, -88, -42, -74, -31, -103, 106, -97, -12, 72, -21, 6, -64, -32, 20, -73, 66, -23, 88, -4, -80, 9, 111, 116, -58, -12, 94, -28, 68}, "AES");
    private static CryptoProvider CRYPTO_PROVIDER = new DefaultProvider();

    /* loaded from: classes2.dex */
    public interface CryptoProvider {
        Cipher getCipherForDecrypting(@NonNull String str, @NonNull byte[] bArr) throws GeneralSecurityException;

        Cipher getCipherForEncrypting(@NonNull String str) throws GeneralSecurityException;

        String getName();

        Mac getSharedMac() throws GeneralSecurityException;

        Signature getSignature() throws GeneralSecurityException;
    }

    @TargetApi(23)
    /* loaded from: classes2.dex */
    public static class DefaultProvider implements CryptoProvider {
        private static final String ALGORITHM = "AES/CBC/PKCS7Padding";
        private static final String PROVIDER = "AndroidKeyStore";

        private synchronized SecretKey getKey(@NonNull String str, @NonNull KeyGenParameterSpec keyGenParameterSpec) throws GeneralSecurityException {
            SecretKey generateKey;
            String keystoreAlias = keyGenParameterSpec.getKeystoreAlias();
            KeyStore.SecretKeyEntry secretKeyEntry = getSecretKeyEntry(keystoreAlias);
            if (secretKeyEntry != null) {
                generateKey = secretKeyEntry.getSecretKey();
                if (generateKey == null) {
                    throw new GeneralSecurityException("Key [" + keystoreAlias + "] disappeared into oblivion");
                }
            } else {
                KeyGenerator keyGenerator = KeyGenerator.getInstance(str, PROVIDER);
                keyGenerator.init(keyGenParameterSpec);
                generateKey = keyGenerator.generateKey();
                if (generateKey == null) {
                    throw new GeneralSecurityException("Generator returned null for key [" + keystoreAlias + "]");
                }
            }
            return generateKey;
        }

        private SecretKey getSecretKey(@NonNull String str) throws GeneralSecurityException {
            return getKey("AES", new KeyGenParameterSpec.Builder(str, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setUserAuthenticationRequired(false).build());
        }

        static KeyStore.SecretKeyEntry getSecretKeyEntry(@NonNull String str) throws GeneralSecurityException {
            try {
                KeyStore keyStore = KeyStore.getInstance(PROVIDER);
                try {
                    keyStore.load(null);
                    if (keyStore.containsAlias(str)) {
                        return (KeyStore.SecretKeyEntry) keyStore.getEntry(str, null);
                    }
                    return null;
                } catch (IOException e10) {
                    throw new KeyStoreException("Can't load keystore", e10);
                }
            } catch (Throwable th) {
                throw new GeneralSecurityException("Failed to access the keystore", th);
            }
        }

        @Override // jp.co.rakuten.sdtd.user.internal.EncryptedDataStore.CryptoProvider
        public Cipher getCipherForDecrypting(@NonNull String str, @NonNull byte[] bArr) throws GeneralSecurityException {
            Cipher cipher = Cipher.getInstance(ALGORITHM);
            cipher.init(2, getSecretKey(str), new IvParameterSpec(bArr));
            return cipher;
        }

        @Override // jp.co.rakuten.sdtd.user.internal.EncryptedDataStore.CryptoProvider
        public Cipher getCipherForEncrypting(@NonNull String str) throws GeneralSecurityException {
            Cipher cipher = Cipher.getInstance(ALGORITHM);
            cipher.init(1, getSecretKey(str));
            return cipher;
        }

        @Override // jp.co.rakuten.sdtd.user.internal.EncryptedDataStore.CryptoProvider
        public String getName() {
            return "default";
        }

        @Override // jp.co.rakuten.sdtd.user.internal.EncryptedDataStore.CryptoProvider
        public Mac getSharedMac() throws GeneralSecurityException {
            SecretKey key = getKey("HmacSHA256", new KeyGenParameterSpec.Builder("default-mac", 4).build());
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(key);
            return mac;
        }

        @Override // jp.co.rakuten.sdtd.user.internal.EncryptedDataStore.CryptoProvider
        public Signature getSignature() {
            return null;
        }
    }

    @TargetApi(21)
    /* loaded from: classes2.dex */
    public static class RSAProvider implements CryptoProvider {
        private static final String ALGORITHM = "RSA/ECB/PKCS1Padding";
        public static final String KEY_ALIAS = "alias_rsa_keypair";
        private static final String PROVIDER = "AndroidKeyStore";
        private Context context;

        RSAProvider(Context context) {
            this.context = context;
        }

        private Cipher ecb(int i10, Key key) throws GeneralSecurityException {
            Cipher cipher = Cipher.getInstance(ALGORITHM);
            cipher.init(i10, key);
            return cipher;
        }

        private synchronized KeyStore.PrivateKeyEntry getKeyEntry(KeyPairGeneratorSpec keyPairGeneratorSpec) throws GeneralSecurityException {
            String keystoreAlias = keyPairGeneratorSpec.getKeystoreAlias();
            KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(keystoreAlias);
            if (privateKeyEntry != null) {
                return privateKeyEntry;
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", PROVIDER);
            keyPairGenerator.initialize(keyPairGeneratorSpec);
            keyPairGenerator.generateKeyPair();
            return getPrivateKeyEntry(keystoreAlias);
        }

        private KeyPairGeneratorSpec getKeyPairSpec(Context context, String str) {
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 30);
            return new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSubject(new X500Principal("CN=" + str)).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        }

        private PrivateKey getPrivateKey(Context context, String str) throws GeneralSecurityException {
            return getKeyEntry(getKeyPairSpec(context, str)).getPrivateKey();
        }

        static KeyStore.PrivateKeyEntry getPrivateKeyEntry(@NonNull String str) throws GeneralSecurityException {
            try {
                KeyStore keyStore = KeyStore.getInstance(PROVIDER);
                try {
                    keyStore.load(null);
                    if (keyStore.containsAlias(str)) {
                        KeyStore.Entry entry = keyStore.getEntry(str, null);
                        if (entry instanceof KeyStore.PrivateKeyEntry) {
                            return (KeyStore.PrivateKeyEntry) entry;
                        }
                    }
                    return null;
                } catch (IOException e10) {
                    throw new KeyStoreException("Can't load keystore", e10);
                }
            } catch (Throwable th) {
                throw new GeneralSecurityException("Failed to access the keystore", th);
            }
        }

        private PublicKey getPublicKey(Context context, String str) throws GeneralSecurityException {
            return getKeyEntry(getKeyPairSpec(context, str)).getCertificate().getPublicKey();
        }

        private byte[] getSecretKey(@NonNull String str) throws GeneralSecurityException {
            SharedPreferences sharedPreferences = this.context.getSharedPreferences("master_key", 0);
            String string = sharedPreferences.getString(str + "_rsa_key", null);
            if (string != null) {
                return ecb(2, getPrivateKey(this.context, str)).doFinal(Base64.decode(string, EncryptedDataStore.BASE64_FLAGS));
            }
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            byte[] doFinal = ecb(1, getPublicKey(this.context, str)).doFinal(bArr);
            sharedPreferences.edit().putString(str + "_rsa_key", Base64.encodeToString(doFinal, EncryptedDataStore.BASE64_FLAGS)).apply();
            return bArr;
        }

        @Override // jp.co.rakuten.sdtd.user.internal.EncryptedDataStore.CryptoProvider
        public Cipher getCipherForDecrypting(@NonNull String str, @NonNull byte[] bArr) throws GeneralSecurityException {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            cipher.init(2, new SecretKeySpec(getSecretKey(str), "AES"), new IvParameterSpec(bArr));
            return cipher;
        }

        @Override // jp.co.rakuten.sdtd.user.internal.EncryptedDataStore.CryptoProvider
        public Cipher getCipherForEncrypting(@NonNull String str) throws GeneralSecurityException {
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            cipher.init(1, new SecretKeySpec(getSecretKey(str), "AES"), new IvParameterSpec(bArr));
            return cipher;
        }

        @Override // jp.co.rakuten.sdtd.user.internal.EncryptedDataStore.CryptoProvider
        public String getName() {
            return "RSA";
        }

        @Override // jp.co.rakuten.sdtd.user.internal.EncryptedDataStore.CryptoProvider
        public Mac getSharedMac() throws GeneralSecurityException {
            return null;
        }

        @Override // jp.co.rakuten.sdtd.user.internal.EncryptedDataStore.CryptoProvider
        public Signature getSignature() throws GeneralSecurityException {
            try {
                Signature signature = Signature.getInstance("SHA512withRSA");
                signature.initSign(getPrivateKey(this.context, KEY_ALIAS));
                return signature;
            } catch (NoSuchAlgorithmException unused) {
                throw new GeneralSecurityException("RSA algorithm is not supported");
            }
        }
    }

    public EncryptedDataStore(@NonNull Context context) {
        this(context, "user_vault");
    }

    public EncryptedDataStore(@NonNull Context context, @NonNull String str) {
        this.name = str;
        this.prefs = context.getSharedPreferences(str + "_legacy", 0);
        this.context = context;
    }

    @VisibleForTesting
    public static void setProvider(@NonNull CryptoProvider cryptoProvider) {
        CRYPTO_PROVIDER = cryptoProvider;
    }

    public void clear() {
        this.prefs.edit().clear().apply();
    }

    @VisibleForTesting
    String decrypt(@NonNull String str) throws GeneralSecurityException {
        String[] split = str.split("/", -1);
        byte[] decode = Base64.decode(split[0], BASE64_FLAGS);
        byte[] decode2 = Base64.decode(split[1], BASE64_FLAGS);
        byte[] decode3 = Base64.decode(split[2], BASE64_FLAGS);
        try {
            if (verify(decode2, decode, decode3)) {
                return new String(CRYPTO_PROVIDER.getCipherForDecrypting(this.name, decode).doFinal(decode2), Charset.forName("UTF-8"));
            }
            throw new GeneralSecurityException("Signature does not match");
        } catch (GeneralSecurityException unused) {
            if (!verifyWithLegacyKey(decode2, decode, decode3)) {
                throw new GeneralSecurityException("Signature does not match");
            }
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, FIXED_KEY, new IvParameterSpec(decode));
            return new String(cipher.doFinal(decode2), Charset.forName("UTF-8"));
        }
    }

    @VisibleForTesting
    String encrypt(@NonNull String str) throws GeneralSecurityException {
        Cipher cipherForEncrypting = CRYPTO_PROVIDER.getCipherForEncrypting(this.name);
        byte[] doFinal = cipherForEncrypting.doFinal(str.getBytes(Charset.forName("UTF-8")));
        byte[] iv = cipherForEncrypting.getIV();
        return Base64.encodeToString(iv, BASE64_FLAGS) + "/" + Base64.encodeToString(doFinal, BASE64_FLAGS) + "/" + Base64.encodeToString(sign(doFinal, iv), BASE64_FLAGS);
    }

    @Nullable
    public String get(@NonNull String str, @Nullable String str2) {
        try {
            String string = this.prefs.getString(hashKey(str), null);
            if (string != null) {
                return decrypt(string.split("//", -1)[1]);
            }
        } catch (GeneralSecurityException e10) {
            LOGGER.error("Could not retrieve value for key =", str, e10);
            Analytics.trackSadParrot(this.context, "store.get()", null, e10);
        }
        return str2;
    }

    public Set<String> getAllKeys() {
        HashSet hashSet = new HashSet();
        Iterator<?> it = this.prefs.getAll().values().iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            try {
                hashSet.add(decrypt(str.split("//", -1)[0]));
            } catch (GeneralSecurityException e10) {
                LOGGER.error("Could not decrypt key for tuple =", str, e10);
                Analytics.trackSadParrot(this.context, "store.getAll()", null, e10);
            }
        }
        return hashSet;
    }

    @VisibleForTesting
    String hashKey(@NonNull String str) {
        try {
            return String.format("%064x", new BigInteger(1, MessageDigest.getInstance("SHA-256").digest(str.getBytes(Charset.forName("UTF-8")))));
        } catch (NoSuchAlgorithmException e10) {
            throw new UnsupportedOperationException("Could not hash key", e10);
        }
    }

    public boolean put(@NonNull String str, @Nullable String str2) {
        try {
            String hashKey = hashKey(str);
            if (str2 == null) {
                this.prefs.edit().remove(hashKey).apply();
            } else {
                this.prefs.edit().putString(hashKey, encrypt(str) + "//" + encrypt(str2)).apply();
            }
            return true;
        } catch (GeneralSecurityException e10) {
            LOGGER.error("Could not store value for key =", str, e10);
            Analytics.trackSadParrot(this.context, "store.put()", null, e10);
            return false;
        }
    }

    byte[] sign(@NonNull byte[] bArr, @NonNull byte[] bArr2) throws GeneralSecurityException {
        CryptoProvider cryptoProvider = CRYPTO_PROVIDER;
        Signature signature = cryptoProvider instanceof RSAProvider ? cryptoProvider.getSignature() : null;
        if (signature != null) {
            signature.update(bArr);
            return signature.sign();
        }
        Mac sharedMac = CRYPTO_PROVIDER.getSharedMac();
        sharedMac.update(bArr2);
        return sharedMac.doFinal(bArr);
    }

    byte[] signWithLegacyKey(@NonNull byte[] bArr, @NonNull byte[] bArr2) throws GeneralSecurityException {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(FIXED_KEY.getEncoded(), "HmacSHA256"));
        mac.update(bArr2);
        return mac.doFinal(bArr);
    }

    boolean verify(@NonNull byte[] bArr, @NonNull byte[] bArr2, @NonNull byte[] bArr3) throws GeneralSecurityException {
        return Arrays.equals(sign(bArr, bArr2), bArr3);
    }

    boolean verifyWithLegacyKey(@NonNull byte[] bArr, @NonNull byte[] bArr2, @NonNull byte[] bArr3) throws GeneralSecurityException {
        return Arrays.equals(signWithLegacyKey(bArr, bArr2), bArr3);
    }
}
