package com.pagopa.ioreactnativecrypto;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.util.Base64;
import com.facebook.react.bridge.BaseJavaModule;
import com.facebook.react.bridge.NativeMap;
import com.facebook.react.bridge.Promise;
import com.facebook.react.bridge.ReactApplicationContext;
import com.facebook.react.bridge.ReactContextBaseJavaModule;
import com.facebook.react.bridge.ReactMethod;
import com.facebook.react.bridge.WritableNativeMap;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.RSAKeyGenParameterSpec;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.Unit;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;

/* compiled from: IoReactNativeCryptoModule.kt */
@Metadata(d1 = {"\u0000f\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0005\u0018\u0000 02\u00020\u0001:\u00010B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u001c\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u00142\n\b\u0002\u0010\u0015\u001a\u0004\u0018\u00010\u0016H\u0003J\u0018\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u0016H\u0007J\u0010\u0010\u0019\u001a\u00020\u00182\u0006\u0010\u0013\u001a\u00020\u0014H\u0003J(\u0010\u001a\u001a\u00020\u00182\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u0016H\u0003J\u0018\u0010\u001a\u001a\u00020\u00182\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u0016H\u0007J\u0012\u0010\u001e\u001a\u0004\u0018\u00010\u001f2\u0006\u0010\u0013\u001a\u00020\u0014H\u0003J\b\u0010 \u001a\u00020\u0014H\u0016J\u0018\u0010!\u001a\u00020\u00182\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u0016H\u0007J\u0010\u0010\"\u001a\u00020\u00142\u0006\u0010#\u001a\u00020$H\u0003J\u0010\u0010%\u001a\u00020\u00122\u0006\u0010&\u001a\u00020$H\u0003J\u0010\u0010'\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u0014H\u0003J\u0012\u0010(\u001a\u0004\u0018\u00010)2\u0006\u0010&\u001a\u00020*H\u0003J \u0010+\u001a\u00020,2\u0006\u0010-\u001a\u00020,2\u0006\u0010#\u001a\u00020$2\u0006\u0010.\u001a\u00020\u0014H\u0003J \u0010/\u001a\u00020\u00182\u0006\u0010-\u001a\u00020\u00142\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u0016H\u0007R\u001d\u0010\u0005\u001a\u0004\u0018\u00010\u00068BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\t\u0010\n\u001a\u0004\b\u0007\u0010\bR\u001c\u0010\u000b\u001a\u0004\u0018\u00010\fX\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\r\u0010\u000e\"\u0004\b\u000f\u0010\u0010¨\u00061"}, d2 = {"Lcom/pagopa/ioreactnativecrypto/IoReactNativeCryptoModule;", "Lcom/facebook/react/bridge/ReactContextBaseJavaModule;", "reactContext", "Lcom/facebook/react/bridge/ReactApplicationContext;", "(Lcom/facebook/react/bridge/ReactApplicationContext;)V", "keyStore", "Ljava/security/KeyStore;", "getKeyStore", "()Ljava/security/KeyStore;", "keyStore$delegate", "Lkotlin/Lazy;", "threadHandle", "Ljava/lang/Thread;", "getThreadHandle", "()Ljava/lang/Thread;", "setThreadHandle", "(Ljava/lang/Thread;)V", "deleteKey", "", "keyTag", "", BaseJavaModule.METHOD_TYPE_PROMISE, "Lcom/facebook/react/bridge/Promise;", "deletePublicKey", "", "ensureKeyHardwareBacked", "generate", "keyConfig", "Lcom/pagopa/ioreactnativecrypto/IoReactNativeCryptoModule$Companion$KeyConfig;", "strongBox", "getKeyPair", "Ljava/security/KeyPair;", "getName", "getPublicKey", "getSignAlgorithm", "privateKey", "Ljava/security/PrivateKey;", "isKeyHardwareBacked", "key", "keyExists", "publicKeyToJwk", "Lcom/facebook/react/bridge/NativeMap;", "Ljava/security/PublicKey;", "signData", "", "message", "signAlgorithm", "signUTF8Text", "Companion", "pagopa_io-react-native-crypto_release"}, k = 1, mv = {1, 7, 1}, xi = 48)
/* loaded from: classes2.dex */
public final class IoReactNativeCryptoModule extends ReactContextBaseJavaModule {
    public static final String ERROR_USER_INFO_KEY = "error";
    public static final String KEYSTORE_PROVIDER = "AndroidKeyStore";
    public static final String NAME = "IoReactNativeCrypto";

    /* renamed from: keyStore$delegate, reason: from kotlin metadata */
    private final Lazy keyStore;
    private Thread threadHandle;

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public IoReactNativeCryptoModule(ReactApplicationContext reactContext) {
        super(reactContext);
        Intrinsics.checkNotNullParameter(reactContext, "reactContext");
        this.keyStore = LazyKt.lazy(new Function0<KeyStore>() { // from class: com.pagopa.ioreactnativecrypto.IoReactNativeCryptoModule$keyStore$2
            @Override // kotlin.jvm.functions.Function0
            public final KeyStore invoke() {
                try {
                    KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                    keyStore.load(null);
                    return keyStore;
                } catch (Exception unused) {
                    return null;
                }
            }
        });
    }

    private final boolean deleteKey(String keyTag, Promise promise) {
        if (getKeyPair(keyTag) != null) {
            try {
                if (getKeyStore() != null) {
                    KeyStore keyStore = getKeyStore();
                    Intrinsics.checkNotNull(keyStore);
                    keyStore.deleteEntry(keyTag);
                    Unit unit = Unit.INSTANCE;
                } else if (promise != null) {
                    Companion.ModuleException.KEYSTORE_LOAD_FAILED.reject(promise, new Pair[0]);
                    Unit unit2 = Unit.INSTANCE;
                }
            } catch (Exception e) {
                Companion.ModuleException moduleException = Companion.ModuleException.UNKNOWN_EXCEPTION;
                if (e instanceof KeyStoreException) {
                    moduleException = Companion.ModuleException.PUBLIC_KEY_DELETION_ERROR;
                }
                if (promise != null) {
                    Pair<String, String>[] pairArr = new Pair[1];
                    String name = e.getClass().getName();
                    String message = e.getMessage();
                    if (message == null) {
                        message = "";
                    }
                    pairArr[0] = new Pair<>(name, message);
                    moduleException.reject(promise, pairArr);
                }
                return false;
            }
        }
        if (promise != null) {
            promise.resolve(true);
        }
        return true;
    }

    static /* synthetic */ boolean deleteKey$default(IoReactNativeCryptoModule ioReactNativeCryptoModule, String str, Promise promise, int i, Object obj) {
        if ((i & 2) != 0) {
            promise = null;
        }
        return ioReactNativeCryptoModule.deleteKey(str, promise);
    }

    private final void ensureKeyHardwareBacked(String keyTag) throws KeyNotHardwareBacked {
        PrivateKey privateKey;
        try {
            KeyPair keyPair = getKeyPair(keyTag);
            if (keyPair != null && (privateKey = keyPair.getPrivate()) != null) {
                if (isKeyHardwareBacked(privateKey)) {
                    return;
                }
            }
            throw new KeyNotHardwareBacked("");
        } catch (Exception e) {
            throw new KeyNotHardwareBacked(e.getMessage());
        }
    }

    private final void generate(Companion.KeyConfig keyConfig, boolean strongBox, String keyTag, Promise promise) {
        try {
            if (keyExists(keyTag)) {
                Companion.ModuleException.KEY_ALREADY_EXISTS.reject(promise, new Pair<>("keyTag", keyTag));
                return;
            }
            KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(keyTag, 4);
            String algorithmParam = keyConfig.getAlgorithmParam();
            if (algorithmParam != null) {
                if (Build.VERSION.SDK_INT >= 28) {
                    builder.setIsStrongBoxBacked(strongBox);
                }
                if (keyConfig == Companion.KeyConfig.EC_P_256) {
                    builder.setAlgorithmParameterSpec(new ECGenParameterSpec(algorithmParam));
                } else {
                    builder.setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(Integer.parseInt(algorithmParam), RSAKeyGenParameterSpec.F4));
                }
            }
            builder.setDigests("SHA-256");
            if (keyConfig == Companion.KeyConfig.RSA) {
                builder.setSignaturePaddings("PSS");
            }
            KeyGenParameterSpec build = builder.build();
            Intrinsics.checkNotNullExpressionValue(build, "keySpecGenerator.build()");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyConfig.getAlgorithm(), "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            ensureKeyHardwareBacked(keyTag);
            PublicKey publicKey = generateKeyPair.getPublic();
            Intrinsics.checkNotNullExpressionValue(publicKey, "publicKey");
            NativeMap publicKeyToJwk = publicKeyToJwk(publicKey);
            if (publicKeyToJwk != null) {
                promise.resolve(publicKeyToJwk);
            } else {
                Companion.ModuleException.WRONG_KEY_CONFIGURATION.reject(promise, new Pair[0]);
            }
        } catch (Exception e) {
            deleteKey$default(this, keyTag, null, 2, null);
            boolean z = Build.VERSION.SDK_INT >= 28;
            if (keyConfig == Companion.KeyConfig.EC_P_256 && strongBox) {
                generate(keyConfig, false, keyTag, promise);
                return;
            }
            if (keyConfig == Companion.KeyConfig.EC_P_256) {
                generate(Companion.KeyConfig.RSA, z, keyTag, promise);
                return;
            }
            if (keyConfig == Companion.KeyConfig.RSA && strongBox) {
                generate(Companion.KeyConfig.RSA, false, keyTag, promise);
                return;
            }
            Companion.ModuleException moduleException = Companion.ModuleException.UNKNOWN_EXCEPTION;
            if (e instanceof NoSuchAlgorithmException) {
                moduleException = Companion.ModuleException.WRONG_KEY_CONFIGURATION;
            } else if (e instanceof InvalidAlgorithmParameterException) {
                moduleException = Companion.ModuleException.WRONG_KEY_CONFIGURATION;
            } else if (e instanceof NoSuchProviderException) {
                moduleException = Companion.ModuleException.UNSUPPORTED_DEVICE;
            }
            Pair<String, String>[] pairArr = new Pair[1];
            String message = e.getMessage();
            if (message == null) {
                message = "";
            }
            pairArr[0] = new Pair<>("error", message);
            moduleException.reject(promise, pairArr);
        } finally {
            this.threadHandle = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: generate$lambda-0, reason: not valid java name */
    public static final void m285generate$lambda0(IoReactNativeCryptoModule this$0, String keyTag, Promise promise) {
        Intrinsics.checkNotNullParameter(this$0, "this$0");
        Intrinsics.checkNotNullParameter(keyTag, "$keyTag");
        Intrinsics.checkNotNullParameter(promise, "$promise");
        this$0.generate(Companion.KeyConfig.EC_P_256, true, keyTag, promise);
    }

    private final KeyPair getKeyPair(String keyTag) {
        try {
            KeyStore keyStore = getKeyStore();
            if (keyStore != null) {
                Key key = keyStore.getKey(keyTag, null);
                PrivateKey privateKey = key instanceof PrivateKey ? (PrivateKey) key : null;
                if (privateKey != null) {
                    if (isKeyHardwareBacked(privateKey)) {
                        return new KeyPair(keyStore.getCertificate(keyTag).getPublicKey(), privateKey);
                    }
                    return null;
                }
            }
        } catch (Exception unused) {
        }
        return null;
    }

    private final KeyStore getKeyStore() {
        return (KeyStore) this.keyStore.getValue();
    }

    private final String getSignAlgorithm(PrivateKey privateKey) throws NoSuchAlgorithmException {
        String algorithm = privateKey.getAlgorithm();
        if (Intrinsics.areEqual(algorithm, "EC")) {
            return Companion.KeyConfig.EC_P_256.getSignature();
        }
        if (Intrinsics.areEqual(algorithm, "RSA")) {
            return Companion.KeyConfig.RSA.getSignature();
        }
        throw new NoSuchAlgorithmException();
    }

    private final boolean isKeyHardwareBacked(PrivateKey key) {
        try {
            KeyInfo keyInfo = (KeyInfo) KeyFactory.getInstance(key.getAlgorithm(), "AndroidKeyStore").getKeySpec(key, KeyInfo.class);
            return Build.VERSION.SDK_INT >= 31 ? keyInfo.getSecurityLevel() == 1 || keyInfo.getSecurityLevel() == 2 || keyInfo.getSecurityLevel() == -1 : keyInfo.isInsideSecureHardware();
        } catch (Exception unused) {
            return false;
        }
    }

    private final boolean keyExists(String keyTag) {
        return getKeyPair(keyTag) != null;
    }

    private final NativeMap publicKeyToJwk(PublicKey key) {
        WritableNativeMap writableNativeMap = new WritableNativeMap();
        if (key instanceof ECPublicKey) {
            ECPoint w = ((ECPublicKey) key).getW();
            writableNativeMap.putString(Companion.JwkFields.KTY.getKey(), Companion.KeyConfig.EC_P_256.getJwkKty());
            writableNativeMap.putString(Companion.JwkFields.CRV.getKey(), Companion.KeyConfig.EC_P_256.getJwkCrv());
            String key2 = Companion.JwkFields.X.getKey();
            byte[] byteArray = w.getAffineX().toByteArray();
            Intrinsics.checkNotNullExpressionValue(byteArray, "ecKey.affineX.toByteArray()");
            writableNativeMap.putString(key2, IoReactNativeCryptoModuleKt.base64NoWrap(byteArray));
            String key3 = Companion.JwkFields.Y.getKey();
            byte[] byteArray2 = w.getAffineY().toByteArray();
            Intrinsics.checkNotNullExpressionValue(byteArray2, "ecKey.affineY.toByteArray()");
            writableNativeMap.putString(key3, IoReactNativeCryptoModuleKt.base64NoWrap(byteArray2));
            return writableNativeMap;
        }
        if (!(key instanceof RSAPublicKey)) {
            return null;
        }
        writableNativeMap.putString(Companion.JwkFields.KTY.getKey(), Companion.KeyConfig.RSA.getJwkKty());
        writableNativeMap.putString(Companion.JwkFields.ALG.getKey(), Companion.KeyConfig.RSA.getJwkAlg());
        String key4 = Companion.JwkFields.N.getKey();
        RSAPublicKey rSAPublicKey = (RSAPublicKey) key;
        byte[] byteArray3 = rSAPublicKey.getModulus().toByteArray();
        Intrinsics.checkNotNullExpressionValue(byteArray3, "key.modulus.toByteArray()");
        writableNativeMap.putString(key4, IoReactNativeCryptoModuleKt.base64NoWrap(byteArray3));
        String key5 = Companion.JwkFields.E.getKey();
        byte[] byteArray4 = rSAPublicKey.getPublicExponent().toByteArray();
        Intrinsics.checkNotNullExpressionValue(byteArray4, "key.publicExponent.toByteArray()");
        writableNativeMap.putString(key5, IoReactNativeCryptoModuleKt.base64NoWrap(byteArray4));
        return writableNativeMap;
    }

    private final byte[] signData(byte[] message, PrivateKey privateKey, String signAlgorithm) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        Signature signature = Signature.getInstance(signAlgorithm);
        signature.initSign(privateKey);
        signature.update(message);
        byte[] sign = signature.sign();
        Intrinsics.checkNotNullExpressionValue(sign, "signatureEngine.sign()");
        return sign;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: signUTF8Text$lambda-11, reason: not valid java name */
    public static final void m286signUTF8Text$lambda11(IoReactNativeCryptoModule this$0, String keyTag, Promise promise, String message) {
        PrivateKey privateKey;
        String str = "";
        Intrinsics.checkNotNullParameter(this$0, "this$0");
        Intrinsics.checkNotNullParameter(keyTag, "$keyTag");
        Intrinsics.checkNotNullParameter(promise, "$promise");
        Intrinsics.checkNotNullParameter(message, "$message");
        try {
            KeyPair keyPair = this$0.getKeyPair(keyTag);
            if (keyPair == null || (privateKey = keyPair.getPrivate()) == null) {
                Companion.ModuleException.PUBLIC_KEY_NOT_FOUND.reject(promise, new Pair[0]);
                return;
            }
            byte[] bytes = message.getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
            promise.resolve(Base64.encodeToString(this$0.signData(bytes, privateKey, this$0.getSignAlgorithm(privateKey)), 2));
        } catch (AssertionError e) {
            Companion.ModuleException moduleException = Companion.ModuleException.INVALID_UTF8_ENCODING;
            Pair<String, String>[] pairArr = new Pair[1];
            String message2 = e.getMessage();
            if (message2 != null) {
                str = message2;
            }
            pairArr[0] = new Pair<>("error", str);
            moduleException.reject(promise, pairArr);
        } catch (Exception e2) {
            Companion.ModuleException moduleException2 = Companion.ModuleException.UNKNOWN_EXCEPTION;
            if (e2 instanceof NoSuchAlgorithmException) {
                moduleException2 = Companion.ModuleException.INVALID_SIGN_ALGORITHM;
            } else if (e2 instanceof InvalidKeyException) {
                moduleException2 = Companion.ModuleException.WRONG_KEY_CONFIGURATION;
            } else if (e2 instanceof SignatureException) {
                moduleException2 = Companion.ModuleException.UNABLE_TO_SIGN;
            }
            Pair<String, String>[] pairArr2 = new Pair[1];
            String message3 = e2.getMessage();
            if (message3 != null) {
                str = message3;
            }
            pairArr2[0] = new Pair<>("error", str);
            moduleException2.reject(promise, pairArr2);
        } finally {
            this$0.threadHandle = null;
        }
    }

    @ReactMethod
    public final void deletePublicKey(String keyTag, Promise promise) {
        Intrinsics.checkNotNullParameter(keyTag, "keyTag");
        Intrinsics.checkNotNullParameter(promise, "promise");
        if (Build.VERSION.SDK_INT >= 23) {
            deleteKey(keyTag, promise);
        } else {
            Companion.ModuleException.API_LEVEL_NOT_SUPPORTED.reject(promise, new Pair[0]);
        }
    }

    @ReactMethod
    public final void generate(final String keyTag, final Promise promise) {
        Intrinsics.checkNotNullParameter(keyTag, "keyTag");
        Intrinsics.checkNotNullParameter(promise, "promise");
        if (Build.VERSION.SDK_INT < 23) {
            Companion.ModuleException.API_LEVEL_NOT_SUPPORTED.reject(promise, new Pair[0]);
            return;
        }
        Thread thread = new Thread(new Runnable() { // from class: com.pagopa.ioreactnativecrypto.IoReactNativeCryptoModule$$ExternalSyntheticLambda0
            @Override // java.lang.Runnable
            public final void run() {
                IoReactNativeCryptoModule.m285generate$lambda0(IoReactNativeCryptoModule.this, keyTag, promise);
            }
        });
        this.threadHandle = thread;
        thread.start();
    }

    @Override // com.facebook.react.bridge.NativeModule
    public String getName() {
        return NAME;
    }

    @ReactMethod
    public final void getPublicKey(String keyTag, Promise promise) {
        Intrinsics.checkNotNullParameter(keyTag, "keyTag");
        Intrinsics.checkNotNullParameter(promise, "promise");
        if (Build.VERSION.SDK_INT < 23) {
            Companion.ModuleException.API_LEVEL_NOT_SUPPORTED.reject(promise, new Pair[0]);
            return;
        }
        KeyPair keyPair = getKeyPair(keyTag);
        if (keyPair == null) {
            Companion.ModuleException.PUBLIC_KEY_NOT_FOUND.reject(promise, new Pair<>("keyTag", keyTag));
            return;
        }
        PublicKey publicKey = keyPair.getPublic();
        Intrinsics.checkNotNullExpressionValue(publicKey, "it.public");
        promise.resolve(publicKeyToJwk(publicKey));
    }

    public final Thread getThreadHandle() {
        return this.threadHandle;
    }

    public final void setThreadHandle(Thread thread) {
        this.threadHandle = thread;
    }

    @ReactMethod
    public final void signUTF8Text(final String message, final String keyTag, final Promise promise) {
        Intrinsics.checkNotNullParameter(message, "message");
        Intrinsics.checkNotNullParameter(keyTag, "keyTag");
        Intrinsics.checkNotNullParameter(promise, "promise");
        if (Build.VERSION.SDK_INT < 23) {
            Companion.ModuleException.API_LEVEL_NOT_SUPPORTED.reject(promise, new Pair[0]);
            return;
        }
        Thread thread = new Thread(new Runnable() { // from class: com.pagopa.ioreactnativecrypto.IoReactNativeCryptoModule$$ExternalSyntheticLambda1
            @Override // java.lang.Runnable
            public final void run() {
                IoReactNativeCryptoModule.m286signUTF8Text$lambda11(IoReactNativeCryptoModule.this, keyTag, promise, message);
            }
        });
        this.threadHandle = thread;
        thread.start();
    }
}
