package com.kbstar.kbsign.android.store.inapp;

import android.content.Context;
import com.google.gson.Gson;
import com.kbstar.kbsign.android.store.AndroidKeyStoreCipher;
import com.kbstar.kbsign.android.store.KBCert;
import com.kbstar.kbsign.android.store.KBSignStore;
import com.kbstar.kbsign.android.store.KBSignStoreException;
import com.kbstar.kbsign.android.store.KBSignStoreFactory;
import com.kbstar.kbsign.util.CryptoUtil;
import com.kbstar.kbsign.util.KBsignLogger;
import com.wizvera.wcrypto.WBase64Url;
import com.wizvera.wcrypto.WCipher;
import com.wizvera.wcrypto.WCryptoException;
import com.wizvera.wcrypto.WKeyException;
import com.wizvera.wcrypto.WMessageDigest;
import com.wizvera.wcrypto.WSignature;
import com.wizvera.wcrypto.WSignatureException;
import com.wizvera.wcrypto.key.WAESKey;
import com.wizvera.wcrypto.key.WEcdsaPrivateKey;
import com.wizvera.wcrypto.key.WKeyGenerator;
import com.wizvera.wcrypto.key.WKeyPair;
import com.wizvera.wcrypto.key.WPublicKey;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;

/* loaded from: classes4.dex */
public class KBSignInAppStore implements KBSignStore {
    private final String LOG_TAG = "KBSignInAppStore";
    private final AndroidKeyStoreCipher androidKeyStoreCipher;
    private WKeyPair generateKeyPair;
    private KBSignInAppData inAppData;
    private final File storeFile;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public static class FileUtils {
        private FileUtils() {
        }

        public static byte[] readAllBytes(File file) throws IOException {
            if (!file.exists()) {
                return new byte[0];
            }
            byte[] bArr = new byte[(int) file.length()];
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                fileInputStream.read(bArr);
                return bArr;
            } finally {
                fileInputStream.close();
            }
        }

        static void writeByteArrayToFile(File file, byte[] bArr) throws IOException {
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            try {
                fileOutputStream.write(bArr);
            } finally {
                fileOutputStream.close();
            }
        }
    }

    public KBSignInAppStore(Context context, File file) throws KBSignStoreException {
        try {
            this.androidKeyStoreCipher = new AndroidKeyStoreCipher(context);
            this.storeFile = file;
            load();
        } catch (IOException e) {
            throw new KBSignStoreException(KBSignStoreException.E_IOException, e.getMessage(), e);
        } catch (GeneralSecurityException e2) {
            throw new KBSignStoreException(KBSignStoreException.E_GeneralSecurityException, e2.getMessage(), e2);
        }
    }

    private String convertAlias(String str) {
        return CryptoUtil.digestSHA256Base64Url(str);
    }

    private String decrypt(byte[] bArr, String str) throws KBSignStoreException {
        byte[] digest = WMessageDigest.sha256().digest(bArr);
        ByteBuffer wrap = ByteBuffer.wrap(WBase64Url.decode(str));
        byte[] bArr2 = new byte[16];
        wrap.get(bArr2);
        byte[] bArr3 = new byte[wrap.remaining()];
        wrap.get(bArr3);
        try {
            return new String(this.androidKeyStoreCipher.decrypt(WCipher.aes().modeCBC().iv(bArr2).secretKey(WAESKey.importRaw(digest)).decrypt(bArr3)), "UTF-8");
        } catch (WCryptoException | WKeyException | UnsupportedEncodingException | GeneralSecurityException e) {
            throw new KBSignStoreException(KBSignStoreException.E_GeneralSecurityException, e.getMessage(), e);
        }
    }

    private String encrypt(byte[] bArr, String str) throws KBSignStoreException {
        try {
            byte[] bArr2 = new byte[16];
            new SecureRandom().nextBytes(bArr2);
            byte[] encrypt = this.androidKeyStoreCipher.encrypt(str.getBytes("UTF-8"));
            WCipher iv = WCipher.aes().modeCBC().secretKey(WAESKey.importRaw(WMessageDigest.sha256().digest(bArr))).iv(bArr2);
            byte[] encrypt2 = iv.encrypt(encrypt);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(iv.iv());
            byteArrayOutputStream.write(encrypt2);
            return WBase64Url.encode(byteArrayOutputStream.toByteArray());
        } catch (WCryptoException | WKeyException | IOException | GeneralSecurityException e) {
            throw new KBSignStoreException(KBSignStoreException.E_GeneralException, e.getMessage(), e);
        }
    }

    private void load() {
        try {
            byte[] readAllBytes = FileUtils.readAllBytes(this.storeFile);
            if (readAllBytes != null && readAllBytes.length != 0) {
                this.inAppData = (KBSignInAppData) new Gson().fromJson(new String(this.androidKeyStoreCipher.decrypt(readAllBytes)), KBSignInAppData.class);
            }
        } catch (IOException | GeneralSecurityException unused) {
            this.inAppData = new KBSignInAppData();
        }
    }

    private void save() throws KBSignStoreException {
        try {
            if (this.storeFile.getParentFile() != null && !this.storeFile.getParentFile().exists()) {
                this.storeFile.getParentFile().mkdirs();
            }
            FileUtils.writeByteArrayToFile(this.storeFile, this.androidKeyStoreCipher.encrypt(new Gson().toJson(this.inAppData).getBytes("UTF-8")));
        } catch (IOException e) {
            throw new KBSignStoreException(KBSignStoreException.E_GeneralException, e.getMessage(), e);
        } catch (GeneralSecurityException e2) {
            throw new KBSignStoreException(KBSignStoreException.E_GeneralSecurityException, e2.getMessage(), e2);
        }
    }

    @Override // com.kbstar.kbsign.android.store.KBSignStore
    public void clear() throws KBSignStoreException {
        this.inAppData = null;
        save();
    }

    @Override // com.kbstar.kbsign.android.store.KBSignStore
    public void generateKeyPair() {
        this.generateKeyPair = WKeyGenerator.ecdsa256();
    }

    @Override // com.kbstar.kbsign.android.store.KBSignStore
    public WPublicKey getGeneratedPublicKey() {
        return this.generateKeyPair.publicKey();
    }

    @Override // com.kbstar.kbsign.android.store.KBSignStore
    public String getItem(String str) {
        load();
        KBSignInAppData kBSignInAppData = this.inAppData;
        if (kBSignInAppData != null) {
            return kBSignInAppData.itemMap.get(str);
        }
        return null;
    }

    @Override // com.kbstar.kbsign.android.store.KBSignStore
    public KBCert getKBCert() {
        load();
        if (this.inAppData != null) {
            try {
                new KBCert(this.inAppData.encodeKBCert).setStoreType(KBSignStoreFactory.StoreType.INAPP);
            } catch (KBSignStoreException unused) {
                KBsignLogger.e(this.LOG_TAG, "encodeKBCert data decoding failure");
            }
        }
        return null;
    }

    @Override // com.kbstar.kbsign.android.store.KBSignStore
    public KBSignStoreFactory.StoreType getStoreType() {
        return KBSignStoreFactory.StoreType.INAPP;
    }

    @Override // com.kbstar.kbsign.android.store.KBSignStore
    public String[] itemNames() {
        load();
        KBSignInAppData kBSignInAppData = this.inAppData;
        return kBSignInAppData != null ? (String[]) kBSignInAppData.itemMap.keySet().toArray(new String[0]) : new String[0];
    }

    @Override // com.kbstar.kbsign.android.store.KBSignStore
    public void removeItem(String str) throws KBSignStoreException {
        load();
        KBSignInAppData kBSignInAppData = this.inAppData;
        if (kBSignInAppData != null) {
            kBSignInAppData.itemMap.remove(str);
        }
        save();
    }

    @Override // com.kbstar.kbsign.android.store.KBSignStore
    public void removeKBCert() throws KBSignStoreException {
        this.inAppData = null;
        save();
    }

    @Override // com.kbstar.kbsign.android.store.KBSignStore
    public void setItem(String str, String str2) throws KBSignStoreException {
        load();
        KBSignInAppData kBSignInAppData = this.inAppData;
        if (kBSignInAppData != null) {
            kBSignInAppData.itemMap.put(str, str2);
        }
        save();
    }

    @Override // com.kbstar.kbsign.android.store.KBSignStore
    public void setKBCert(KBCert kBCert, byte[] bArr) throws KBSignStoreException {
        String exportJwk = this.generateKeyPair.privateKey().exportJwk();
        KBSignInAppData kBSignInAppData = new KBSignInAppData();
        this.inAppData = kBSignInAppData;
        kBSignInAppData.encodeKBCert = kBCert.getEncoded();
        this.inAppData.encryptedPrivateKey = encrypt(bArr, exportJwk);
        save();
    }

    @Override // com.kbstar.kbsign.android.store.KBSignStore
    public byte[] sign(byte[] bArr, byte[] bArr2) throws KBSignStoreException {
        KBSignInAppData kBSignInAppData = this.inAppData;
        if (kBSignInAppData == null) {
            throw new KBSignStoreException(KBSignStoreException.E_InvalidBerry, null, null);
        }
        try {
            return WSignature.ecdsa().sha256().privateKey(WEcdsaPrivateKey.importJwk(decrypt(bArr, kBSignInAppData.encryptedPrivateKey))).sign(bArr2);
        } catch (WCryptoException | WKeyException | WSignatureException | RuntimeException e) {
            throw new KBSignStoreException(KBSignStoreException.E_GeneralException, e.getMessage(), e);
        }
    }

    @Override // com.kbstar.kbsign.android.store.KBSignStore
    public byte[] signWithGeneratedPrivateKey(byte[] bArr) throws KBSignStoreException {
        try {
            return WSignature.ecdsa().sha256().privateKey(this.generateKeyPair.privateKey()).sign(bArr);
        } catch (Exception e) {
            throw new KBSignStoreException(KBSignStoreException.E_GeneralException, e.getMessage(), e);
        }
    }
}
