package com.healthtap.androidsdk.api.util;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.util.Arrays;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.Unit;
import kotlin.io.ByteStreamsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.StringCompanionObject;
import kotlin.text.Charsets;
import org.jetbrains.annotations.NotNull;

/* compiled from: CryptoUtils.kt */
/* loaded from: classes2.dex */
public final class CryptoUtils {

    @NotNull
    private static final String AES_MODE_LESS_THAN_M = "AES/ECB/PKCS7Padding";

    @NotNull
    private static final String AES_MODE_M_OR_GREATER = "AES/GCM/NoPadding";

    @NotNull
    private static final String ANDROID_KEY_STORE_NAME = "AndroidKeyStore";

    @NotNull
    private static final String CIPHER_PROVIDER_NAME_ENCRYPTION_DECRYPTION_RSA = "AndroidOpenSSL";

    @NotNull
    private static final String ENCRYPTED_KEY_NAME = "crypto_key";

    @NotNull
    private static final String LOG_TAG = "CryptoUtils";

    @NotNull
    private static final String RSA_ALGORITHM_NAME = "RSA";

    @NotNull
    private static final String RSA_MODE = "RSA/ECB/PKCS1Padding";

    @NotNull
    private static final String RSA_MODE_LESS_THAN_M = "RSA/ECB/NoPadding";

    @NotNull
    private static final String SHARED_PREFERENCE_NAME = "HTPreferences";

    @NotNull
    private static final byte[] FIXED_IV = {65, 64, 63, 62, 61, 60, 59, 58, 57, 56, 55, 54};

    @NotNull
    private static final Object s_keyInitLock = new Object();

    @NotNull
    public static final String decrypt(@NotNull String str, @NotNull Context context, @NotNull String aliasKey) throws Exception {
        Intrinsics.checkNotNullParameter(str, "<this>");
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(aliasKey, "aliasKey");
        byte[] decode = Base64.decode(str, 0);
        initKeys(context, aliasKey);
        try {
            Cipher cipher = Cipher.getInstance(AES_MODE_M_OR_GREATER);
            Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(...)");
            cipher.init(2, getSecretKeyAPIMorGreater(aliasKey), new GCMParameterSpec(128, FIXED_IV));
            byte[] doFinal = cipher.doFinal(decode);
            Intrinsics.checkNotNull(doFinal);
            return new String(doFinal, Charsets.UTF_8);
        } catch (IOException e) {
            removeKey(context, aliasKey);
            throw e;
        } catch (InvalidKeyException e2) {
            removeKey(context, aliasKey);
            throw e2;
        }
    }

    @NotNull
    public static final String encrypt(@NotNull String str, @NotNull Context context, @NotNull String aliasKey) throws Exception {
        Intrinsics.checkNotNullParameter(str, "<this>");
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(aliasKey, "aliasKey");
        initKeys(context, aliasKey);
        Cipher cipher = Cipher.getInstance(AES_MODE_M_OR_GREATER);
        Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(...)");
        cipher.init(1, getSecretKeyAPIMorGreater(aliasKey), new GCMParameterSpec(128, FIXED_IV));
        byte[] bytes = str.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
        String encodeToString = Base64.encodeToString(cipher.doFinal(bytes), 0);
        Intrinsics.checkNotNullExpressionValue(encodeToString, "encodeToString(...)");
        return encodeToString;
    }

    private static final void generateKeysForAPILessThanM(Context context, String str) throws Exception {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 30);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSubject(new X500Principal("CN=" + str)).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA_ALGORITHM_NAME, ANDROID_KEY_STORE_NAME);
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
        saveEncryptedKey(context, str);
    }

    private static final void generateKeysForAPIMOrGreater(String str) throws Exception {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEY_STORE_NAME);
        Intrinsics.checkNotNullExpressionValue(keyGenerator, "getInstance(...)");
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build());
        keyGenerator.generateKey();
    }

    private static final Key getSecretKeyAPILessThanM(Context context, String str) throws Exception {
        String secretKeyFromSharedPreferences = getSecretKeyFromSharedPreferences(context, str);
        if (TextUtils.isEmpty(secretKeyFromSharedPreferences)) {
            throw new InvalidKeyException("Saved key missing from shared preferences");
        }
        byte[] decode = Base64.decode(secretKeyFromSharedPreferences, 0);
        Intrinsics.checkNotNull(decode);
        return new SecretKeySpec(rsaDecryptKey(str, decode), "AES");
    }

    private static final Key getSecretKeyAPIMorGreater(String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_NAME);
        keyStore.load(null);
        Key key = keyStore.getKey(str, null);
        Intrinsics.checkNotNullExpressionValue(key, "getKey(...)");
        return key;
    }

    private static final String getSecretKeyFromSharedPreferences(Context context, String str) {
        return context.getSharedPreferences(SHARED_PREFERENCE_NAME, 0).getString("crypto_key_" + str, null);
    }

    private static final void initKeys(Context context, String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_NAME);
        keyStore.load(null);
        if (!keyStore.containsAlias(str)) {
            initValidKeys(context, str);
            return;
        }
        try {
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            r2 = entry instanceof KeyStore.SecretKeyEntry;
            boolean z = entry instanceof KeyStore.PrivateKeyEntry;
        } catch (NullPointerException | UnrecoverableKeyException unused) {
        }
        if (r2) {
            return;
        }
        synchronized (s_keyInitLock) {
            Intrinsics.checkNotNull(keyStore);
            removeKeys(context, keyStore, str);
            initValidKeys(context, str);
            Unit unit = Unit.INSTANCE;
        }
    }

    private static final void initValidKeys(Context context, String str) throws Exception {
        synchronized (s_keyInitLock) {
            generateKeysForAPIMOrGreater(str);
            Unit unit = Unit.INSTANCE;
        }
    }

    private static final void removeKey(Context context, String str) throws Exception {
        synchronized (s_keyInitLock) {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_NAME);
            keyStore.load(null);
            Intrinsics.checkNotNull(keyStore);
            removeKeys(context, keyStore, str);
            Unit unit = Unit.INSTANCE;
        }
    }

    private static final void removeKeys(Context context, KeyStore keyStore, String str) throws KeyStoreException {
        if (keyStore.containsAlias(str)) {
            keyStore.deleteEntry(str);
        }
    }

    private static final void removeSavedSharedPreferences(Context context) {
        boolean commit = context.getSharedPreferences(SHARED_PREFERENCE_NAME, 0).edit().clear().commit();
        StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
        Intrinsics.checkNotNullExpressionValue(String.format("Cleared secret key shared preferences `%s`", Arrays.copyOf(new Object[]{Boolean.valueOf(commit)}, 1)), "format(...)");
    }

    private static final byte[] rsaDecryptKey(String str, byte[] bArr) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_NAME);
        keyStore.load(null);
        KeyStore.Entry entry = keyStore.getEntry(str, null);
        Intrinsics.checkNotNull(entry, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
        Cipher cipher = Cipher.getInstance(RSA_MODE, CIPHER_PROVIDER_NAME_ENCRYPTION_DECRYPTION_RSA);
        cipher.init(2, ((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        byte[] readBytes = ByteStreamsKt.readBytes(cipherInputStream);
        cipherInputStream.close();
        return readBytes;
    }

    private static final byte[] rsaEncryptKey(String str, byte[] bArr) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_NAME);
        keyStore.load(null);
        KeyStore.Entry entry = keyStore.getEntry(str, null);
        Intrinsics.checkNotNull(entry, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
        Cipher cipher = Cipher.getInstance(RSA_MODE, CIPHER_PROVIDER_NAME_ENCRYPTION_DECRYPTION_RSA);
        cipher.init(1, ((KeyStore.PrivateKeyEntry) entry).getCertificate().getPublicKey());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(bArr);
        cipherOutputStream.close();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        Intrinsics.checkNotNullExpressionValue(byteArray, "toByteArray(...)");
        return byteArray;
    }

    private static final void saveEncryptedKey(Context context, String str) throws Exception {
        SharedPreferences sharedPreferences = context.getSharedPreferences(SHARED_PREFERENCE_NAME, 0);
        if (sharedPreferences.getString("crypto_key_" + str, null) == null) {
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            String encodeToString = Base64.encodeToString(rsaEncryptKey(str, bArr), 0);
            SharedPreferences.Editor edit = sharedPreferences.edit();
            edit.putString("crypto_key_" + str, encodeToString);
            if (!edit.commit()) {
                throw new IOException("Could not save keys");
            }
        }
    }
}
