package ru.softlab.mobile.plugins.widget;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import android.util.Log;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
final class EncryptionManager {
    private static final String AES_KEY_NAME = "AES";
    private static final String AES_MODE = "AES/CBC/PKCS7Padding";
    private static final String KEY_ALIAS = "RSHB_KEY_STORE";
    private static final String RSA_CN = "widget.rshb";
    private static final String RSA_MODE = "RSA/ECB/PKCS1Padding";
    private static EncryptionManager instance;
    private KeyPairGeneratorSpec.Builder KPGSB;
    private SharedPreferences sp;

    private EncryptionManager(Context context) throws Exception {
        this.sp = context.getSharedPreferences("widget_preferences", 0);
        this.KPGSB = new KeyPairGeneratorSpec.Builder(context);
    }

    private void checkAes() throws Exception {
        if (Build.VERSION.SDK_INT < 23 && !this.sp.contains(AES_KEY_NAME)) {
            generateAesKey();
        } else {
            if (getKeyStore().containsAlias(KEY_ALIAS)) {
                return;
            }
            generateAesKey();
        }
    }

    private byte[] doRsaDecrypt(byte[] bArr) throws Exception {
        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) ((KeyStore.PrivateKeyEntry) getKeyStore().getEntry(KEY_ALIAS, null)).getPrivateKey();
        Cipher cipher = Cipher.getInstance(RSA_MODE, "AndroidOpenSSL");
        cipher.init(2, rSAPrivateKey);
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        int size = arrayList.size();
        byte[] bArr2 = new byte[size];
        for (int i = 0; i < size; i++) {
            bArr2[i] = ((Byte) arrayList.get(i)).byteValue();
        }
        return bArr2;
    }

    private byte[] doRsaEncrypt(byte[] bArr) {
        try {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) ((KeyStore.PrivateKeyEntry) getKeyStore().getEntry(KEY_ALIAS, null)).getCertificate().getPublicKey();
            Cipher cipher = Cipher.getInstance(RSA_MODE, "AndroidOpenSSL");
            cipher.init(1, rSAPublicKey);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            cipherOutputStream.write(bArr);
            cipherOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            Log.e("EXCEPTION " + e.getMessage(), "in doRsaEncrypt");
            return null;
        }
    }

    private void generateAesKey() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException {
        if (Build.VERSION.SDK_INT >= 23) {
            generateSecretKeyPostM();
        } else {
            generateSecretKeyPreM();
        }
    }

    private void generateRsaKey() throws InvalidAlgorithmParameterException, NoSuchProviderException, NoSuchAlgorithmException {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 10);
        KeyPairGeneratorSpec build = this.KPGSB.setAlias(KEY_ALIAS).setSubject(new X500Principal("CN=widget.rshb, O=Android Authority")).setSerialNumber(new BigInteger(1024, new Random())).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).setEncryptionRequired().build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
    }

    private void generateSecretKeyPostM() throws InvalidAlgorithmParameterException, NoSuchProviderException, NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(AES_KEY_NAME, "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder(KEY_ALIAS, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").build());
        keyGenerator.generateKey();
    }

    private String generateSecretKeyPreM() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException {
        resetKeys();
        generateRsaKey();
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        String encodeToString = Base64.encodeToString(doRsaEncrypt(bArr), 0);
        SharedPreferences.Editor edit = this.sp.edit();
        edit.putString(AES_KEY_NAME, encodeToString);
        edit.apply();
        return encodeToString;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static EncryptionManager getInstance(Context context) throws Exception {
        if (instance == null) {
            instance = new EncryptionManager(context);
        }
        instance.checkAes();
        return instance;
    }

    private KeyStore getKeyStore() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return keyStore;
    }

    private SecretKey getSecretKeyPostM() throws Exception {
        KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) getKeyStore().getEntry(KEY_ALIAS, null);
        SecretKey secretKey = secretKeyEntry.getSecretKey();
        if (secretKey != null) {
            return secretKey;
        }
        generateSecretKeyPostM();
        return secretKeyEntry.getSecretKey();
    }

    private SecretKeySpec getSecretKeyPreM() throws Exception {
        KeyStore keyStore = getKeyStore();
        String string = this.sp.getString(AES_KEY_NAME, null);
        if (string == null || !keyStore.containsAlias(KEY_ALIAS)) {
            string = generateSecretKeyPreM();
        }
        return new SecretKeySpec(doRsaDecrypt(Base64.decode(string, 0)), AES_MODE);
    }

    private void removeAES() {
        this.sp.edit().remove(AES_KEY_NAME).apply();
    }

    private void removeRSA() {
        try {
            getKeyStore().deleteEntry(KEY_ALIAS);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String decrypt(String str) {
        try {
            ByteBuffer wrap = ByteBuffer.wrap(Base64.decode(str, 0));
            byte[] bArr = new byte[wrap.getInt()];
            wrap.get(bArr);
            byte[] bArr2 = new byte[wrap.remaining()];
            wrap.get(bArr2);
            Cipher cipher = Cipher.getInstance(AES_MODE);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
            if (Build.VERSION.SDK_INT >= 23) {
                cipher.init(2, getSecretKeyPostM(), ivParameterSpec);
            } else {
                cipher.init(2, getSecretKeyPreM(), ivParameterSpec);
            }
            return new String(cipher.doFinal(bArr2));
        } catch (Exception e) {
            Log.e("EXCEPTION " + e.getMessage(), "in decrypt");
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String encrypt(String str) {
        try {
            byte[] bytes = str.getBytes();
            Cipher cipher = Cipher.getInstance(AES_MODE);
            if (Build.VERSION.SDK_INT >= 23) {
                cipher.init(1, getSecretKeyPostM());
            } else {
                cipher.init(1, getSecretKeyPreM());
            }
            byte[] iv = cipher.getIV();
            byte[] doFinal = cipher.doFinal(bytes);
            ByteBuffer allocate = ByteBuffer.allocate(iv.length + 4 + doFinal.length);
            allocate.putInt(iv.length);
            allocate.put(iv);
            allocate.put(doFinal);
            return Base64.encodeToString(allocate.array(), 0);
        } catch (Exception e) {
            Log.e("EXCEPTION " + e.getMessage(), "in encrypt");
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void resetKeys() {
        removeAES();
        removeRSA();
    }
}
