package com.modirumid.modirumid_sdk;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.modirumid.modirumid_sdk.ModirumIDException;
import com.modirumid.modirumid_sdk.common.AuthMethod;
import com.modirumid.modirumid_sdk.common.ErrorMessages;
import com.modirumid.modirumid_sdk.common.Logger;
import com.modirumid.modirumid_sdk.common.Util;
import com.modirumid.modirumid_sdk.registration.MDIssuer;
import com.modirumid.modirumid_sdk.repository.IssuerCacheRepository;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Calendar;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: classes2.dex */
public class KeyStoreUtilityCore implements KeyStoreUtility {
    private IssuerCacheRepository issuerCacheRepository;
    private final Logger log = Logger.getLogger(KeyStoreUtilityCore.class);
    private final String AndroidKeyStore = "AndroidKeyStore";
    private final String SHARED_PREFERENCE_NAME = "ModirumID";
    private final String RSA_MODE = "RSA/ECB/PKCS1Padding";
    private Map<String, Boolean> existingKeys = new HashMap();

    public KeyStoreUtilityCore(@NonNull Context context, @NonNull IssuerCacheRepository issuerCacheRepository) {
        this.issuerCacheRepository = issuerCacheRepository;
        List<MDIssuer> issuers = issuerCacheRepository.getIssuers();
        for (MDIssuer mDIssuer : issuers) {
            byte[] iVBytes = getIVBytes(context, getIVKey(mDIssuer.getUid(), AuthMethod.PIN));
            this.existingKeys.put(mDIssuer.getUid(), Boolean.valueOf(iVBytes == null || iVBytes.length == 0));
        }
        this.log.debug("issuers: " + issuers.toString());
    }

    private byte[] decryptSecretKey(byte[] bArr, String str) throws Exception {
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) getKeyStore().getEntry(str, null);
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, privateKeyEntry.getPrivateKey());
        return cipher.doFinal(bArr);
    }

    private byte[] encryptSecretKey(byte[] bArr, String str) throws Exception {
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) getKeyStore().getEntry(getKeyPairAlias(str), null);
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(1, privateKeyEntry.getCertificate().getPublicKey());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(bArr);
        cipherOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    private KeyPair generateRSAKeyPair(Context context, String str) throws Exception {
        KeyStore.Entry entry = getKeyStore().getEntry(str, null);
        if (entry != null) {
            return new KeyPair(getKeyStore().getCertificate(str).getPublicKey(), ((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
        }
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 100);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias(str).setKeyType("RSA").setKeySize(2048).setSubject(new X500Principal("CN=" + str)).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(build);
        return keyPairGenerator.generateKeyPair();
    }

    private byte[] getEncryptedSecretKey(Context context, String str) {
        return Base64.decode(context.getSharedPreferences("ModirumID", 0).getString(str, null), 0);
    }

    private byte[] getIVBytes(Context context, String str) {
        String string = context.getSharedPreferences("ModirumID", 0).getString(str, null);
        if (string == null) {
            return null;
        }
        return Base64.decode(string, 0);
    }

    private String getIVKey(String str, AuthMethod authMethod) {
        return str + "-" + authMethod.name() + "-iv-key";
    }

    private String getKeyPairAlias(String str) {
        return "issuer-key-" + str;
    }

    private byte[] getSecretKey(@NonNull Context context, @NonNull String str, @NonNull AuthMethod authMethod) throws Exception {
        return decryptSecretKey(getEncryptedSecretKey(context, getSecretKeyAlias(str, authMethod)), getKeyPairAlias(str));
    }

    private String getSecretKeyAlias(String str, AuthMethod authMethod) {
        return str + "-" + authMethod.name();
    }

    private byte[] getStoredIVBytesOrRandom(Context context, String str, AuthMethod authMethod) {
        String iVKey = getIVKey(str, authMethod);
        byte[] iVBytes = getIVBytes(context, iVKey);
        if (iVBytes != null) {
            return iVBytes;
        }
        if (this.existingKeys.containsKey(str) && this.existingKeys.get(str).booleanValue()) {
            return new byte[16];
        }
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        setIVBytes(context, iVKey, bArr);
        return bArr;
    }

    private void requirePinAuthMethod(@NonNull AuthMethod authMethod) {
        if (authMethod != AuthMethod.PIN) {
            throw new IllegalArgumentException("Only PIN auth methods are allowed");
        }
    }

    private void requirePinLength(String str) {
        if (str.length() < 1 || str.length() > 32) {
            throw new IllegalArgumentException("PIN should be 1-32 characters long");
        }
    }

    private void setIVBytes(Context context, String str, byte[] bArr) {
        SharedPreferences sharedPreferences = context.getSharedPreferences("ModirumID", 0);
        String encodeToString = Base64.encodeToString(bArr, 0);
        SharedPreferences.Editor edit = sharedPreferences.edit();
        edit.putString(str, encodeToString);
        edit.apply();
    }

    private void storeSecretKey(Context context, String str, byte[] bArr) {
        SharedPreferences sharedPreferences = context.getSharedPreferences("ModirumID", 0);
        String encodeToString = Base64.encodeToString(bArr, 0);
        SharedPreferences.Editor edit = sharedPreferences.edit();
        edit.putString(str, encodeToString);
        edit.apply();
    }

    @Override // com.modirumid.modirumid_sdk.KeyStoreUtility
    public Certificate create(String str) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (keyStore.containsAlias(str)) {
            return keyStore.getCertificate(str);
        }
        throw new GeneralSecurityException("No such alias " + str);
    }

    @Override // com.modirumid.modirumid_sdk.KeyStoreUtility
    public String createMessageKeyPair(Context context, String str) throws ModirumIDException {
        try {
            KeyPair generateRSAKeyPair = generateRSAKeyPair(context, "msg_" + str);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            PemWriter pemWriter = new PemWriter(new OutputStreamWriter(byteArrayOutputStream));
            pemWriter.writeObject(new PemObject(PEMParser.TYPE_PUBLIC_KEY, generateRSAKeyPair.getPublic().getEncoded()));
            pemWriter.close();
            return new String(byteArrayOutputStream.toByteArray());
        } catch (Exception e10) {
            throw new ModirumIDException.CryptographyException(e10.getMessage());
        }
    }

    @Override // com.modirumid.modirumid_sdk.KeyStoreUtility
    public void deleteKeyStore(String str) throws Exception {
        KeyStore keyStore = getKeyStore();
        keyStore.load(null);
        if (keyStore.containsAlias(str)) {
            keyStore.deleteEntry(str);
        }
    }

    @Override // com.modirumid.modirumid_sdk.KeyStoreUtility
    public void deleteSecretKey(@NonNull Context context, @NonNull String str) {
        SharedPreferences sharedPreferences = context.getSharedPreferences("ModirumID", 0);
        SharedPreferences.Editor edit = sharedPreferences.edit();
        for (AuthMethod authMethod : AuthMethod.values()) {
            String secretKeyAlias = getSecretKeyAlias(str, authMethod);
            if (sharedPreferences.contains(secretKeyAlias)) {
                edit.remove(secretKeyAlias);
            }
        }
        edit.commit();
    }

    @Override // com.modirumid.modirumid_sdk.KeyStoreUtility
    public byte[] generateKeyPairAndCSR(Context context, String str) throws Exception {
        KeyPair generateRSAKeyPair = generateRSAKeyPair(context, "tls_" + str);
        X500Principal x500Principal = new X500Principal("CN=" + str);
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return new JcaPKCS10CertificationRequestBuilder(x500Principal, generateRSAKeyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256withRSA").build(((KeyStore.PrivateKeyEntry) keyStore.getEntry("tls_" + str, null)).getPrivateKey())).getEncoded();
    }

    @Override // com.modirumid.modirumid_sdk.KeyStoreUtility
    public String generateOTP(@NonNull Context context, @Nullable String str, @NonNull String str2, @NonNull AuthMethod authMethod, @Nullable Object obj) throws Exception {
        AuthMethod authMethod2 = AuthMethod.PIN;
        byte[] pinEncryptedSecretKey = authMethod == authMethod2 ? getPinEncryptedSecretKey(context, str2, str, authMethod2) : getSecretKey(context, str2, authMethod);
        if (authMethod != AuthMethod.OCRA) {
            return new OATHtotpImpl().generateTOTP(pinEncryptedSecretKey, System.currentTimeMillis(), 8, HashAlgorithm.SHA1);
        }
        String str3 = (String) obj;
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        StringBuilder sb2 = new StringBuilder(Long.toHexString(currentTimeMillis / 30).toUpperCase());
        while (sb2.length() < 16) {
            sb2.insert(0, ErrorMessages.DEFAULT_SUB_CODE);
        }
        this.log.debug("OCRA key: challenge: " + str3 + " time orig " + currentTimeMillis + " time: " + ((Object) sb2));
        String generateOCRA = new OCRAImpl().generateOCRA("OCRA-1:HOTP-SHA1-8:QH04-T30S", pinEncryptedSecretKey, null, Long.toHexString(Long.parseLong(str3)).toUpperCase(), null, null, sb2.toString());
        Logger logger = this.log;
        StringBuilder sb3 = new StringBuilder();
        sb3.append("otp: ");
        sb3.append(generateOCRA);
        logger.debug(sb3.toString());
        return generateOCRA;
    }

    @Override // com.modirumid.modirumid_sdk.KeyStoreUtility
    public String generateSecretKey(@NonNull Context context, @NonNull String str, @NonNull AuthMethod authMethod) throws Exception {
        generateRSAKeyPair(context, getKeyPairAlias(str));
        byte[] generateKey = OATHtotpImpl.generateKey();
        storeSecretKey(context, getSecretKeyAlias(str, authMethod), encryptSecretKey(generateKey, str));
        return Util.bytes2Hex(generateKey);
    }

    @Override // com.modirumid.modirumid_sdk.KeyStoreUtility
    public String generateSecretKey(@NonNull Context context, @NonNull String str, @NonNull AuthMethod authMethod, @NonNull String str2) throws Exception {
        requirePinLength(str2);
        requirePinAuthMethod(authMethod);
        generateRSAKeyPair(context, getKeyPairAlias(str));
        storeSecretKey(context, getSecretKeyAlias(str, authMethod), encryptSecretKey(OATHtotpImpl.generateKey(), str));
        return Util.bytes2Hex(getPinEncryptedSecretKey(context, str, str2, authMethod));
    }

    @Override // com.modirumid.modirumid_sdk.KeyStoreUtility
    public KeyStore getKeyStore() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return keyStore;
    }

    @Override // com.modirumid.modirumid_sdk.KeyStoreUtility
    public byte[] getPinEncryptedSecretKey(@NonNull Context context, @NonNull String str, @NonNull String str2, @NonNull AuthMethod authMethod) throws Exception {
        requirePinAuthMethod(authMethod);
        return AES.newInstance(str2.getBytes(StandardCharsets.UTF_8), true).encrypt(decryptSecretKey(getEncryptedSecretKey(context, getSecretKeyAlias(str, authMethod)), getKeyPairAlias(str)), getStoredIVBytesOrRandom(context, str, authMethod));
    }

    @Override // com.modirumid.modirumid_sdk.KeyStoreUtility
    public void importPinEncryptedSecretKey(@NonNull Context context, @NonNull String str, @NonNull String str2, @NonNull String str3, @NonNull AuthMethod authMethod) throws Exception {
        requirePinAuthMethod(authMethod);
        generateRSAKeyPair(context, getKeyPairAlias(str));
        storeSecretKey(context, getSecretKeyAlias(str, authMethod), encryptSecretKey(AES.newInstance(str3.getBytes(StandardCharsets.UTF_8), true).decrypt(Util.hexStr2Bytes(str2), getStoredIVBytesOrRandom(context, str, authMethod)), str));
    }

    @Override // com.modirumid.modirumid_sdk.KeyStoreUtility
    public void importSecretKey(@NonNull Context context, @NonNull String str, @NonNull String str2, @NonNull AuthMethod authMethod) {
        storeSecretKey(context, getSecretKeyAlias(str, authMethod), Util.hexStr2Bytes(str2));
    }

    @Override // com.modirumid.modirumid_sdk.KeyStoreUtility
    public void storeCertificate(String str, String str2) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        keyStore.setCertificateEntry("tls_trusted_" + str, CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(org.bouncycastle.util.encoders.Base64.decode(str2))));
    }
}
