package org.commcare.utils;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.GregorianCalendar;
import javax.crypto.KeyGenerator;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes3.dex */
public class EncryptionKeyProvider {
    private static final String ALGORITHM = "AES";
    private static final String BLOCK_MODE = "CBC";
    private static final String KEYSTORE_NAME = "AndroidKeyStore";
    private static final String PADDING = "PKCS7Padding";
    private static final String SECRET_NAME = "secret";
    private static KeyStore keystoreSingleton;

    private static boolean doesKeystoreContainEncryptionKey() throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException {
        return getKeystore().containsAlias("secret");
    }

    private static EncryptionKeyAndTransform generateKeyInKeystore(Context context, boolean z) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec build;
        if (Build.VERSION.SDK_INT >= 23) {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(ALGORITHM, KEYSTORE_NAME);
            blockModes = new KeyGenParameterSpec.Builder("secret", 3).setBlockModes(BLOCK_MODE);
            encryptionPaddings = blockModes.setEncryptionPaddings(PADDING);
            build = encryptionPaddings.build();
            keyGenerator.init(build);
            return new EncryptionKeyAndTransform(keyGenerator.generateKey(), getTransformationString(false));
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", KEYSTORE_NAME);
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.add(1, 100);
        keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(context).setAlias("secret").setSubject(new X500Principal(String.format("CN=%s", "secret"))).setSerialNumber(BigInteger.valueOf(1337L)).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        return new EncryptionKeyAndTransform(z ? generateKeyPair.getPublic() : generateKeyPair.getPrivate(), getTransformationString(true));
    }

    private static EncryptionKeyAndTransform getKey(Context context, KeyStore keyStore, boolean z) throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, UnrecoverableEntryException, InvalidAlgorithmParameterException, NoSuchProviderException {
        if (!doesKeystoreContainEncryptionKey()) {
            return generateKeyInKeystore(context, z);
        }
        KeyStore.Entry entry = keyStore.getEntry("secret", null);
        if (entry instanceof KeyStore.SecretKeyEntry) {
            return new EncryptionKeyAndTransform(((KeyStore.SecretKeyEntry) entry).getSecretKey(), getTransformationString(false));
        }
        if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
            throw new RuntimeException("Unrecognized key type retrieved from KeyStore");
        }
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
        return new EncryptionKeyAndTransform(z ? privateKeyEntry.getCertificate().getPublicKey() : privateKeyEntry.getPrivateKey(), getTransformationString(true));
    }

    private static KeyStore getKeystore() throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        if (keystoreSingleton == null) {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_NAME);
            keystoreSingleton = keyStore;
            keyStore.load(null);
        }
        return keystoreSingleton;
    }

    @SuppressLint({"InlinedApi"})
    public static String getTransformationString(boolean z) {
        return z ? "RSA/ECB/PKCS1Padding" : String.format("%s/%s/%s", ALGORITHM, BLOCK_MODE, PADDING);
    }

    public EncryptionKeyAndTransform getKey(Context context, boolean z) throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, UnrecoverableEntryException, NoSuchProviderException {
        return getKey(context, getKeystore(), z);
    }
}
