package com.government.service.kids.data.internal.crypto;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.spec.MGF1ParameterSpec;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.inject.Inject;
import javax.inject.Named;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.annotation.AnnotationRetention;
import kotlin.annotation.AnnotationTarget;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: CryptoManagerImpl.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000D\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010\u0019\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0003\n\u0002\u0010\u000e\n\u0002\b\b\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\u0018\u0000 \u001f2\u00020\u0001:\u0003\u001f !B\u0019\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\b\b\u0001\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u0010\u0010\u0007\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\nH\u0002J\u0010\u0010\u000b\u001a\u00020\n2\u0006\u0010\t\u001a\u00020\bH\u0002J\u0010\u0010\f\u001a\u00020\n2\u0006\u0010\r\u001a\u00020\u000eH\u0002J\u0010\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\r\u001a\u00020\u000eH\u0016J\u0010\u0010\u0010\u001a\u00020\u000e2\u0006\u0010\u0011\u001a\u00020\nH\u0002J\u0010\u0010\u0012\u001a\u00020\u000e2\u0006\u0010\t\u001a\u00020\nH\u0002J\u0010\u0010\u0013\u001a\u00020\u000e2\u0006\u0010\t\u001a\u00020\u000eH\u0016J\u0018\u0010\u0014\u001a\u00020\n2\u0006\u0010\u0015\u001a\u00020\u000e2\u0006\u0010\r\u001a\u00020\u000eH\u0002J\u0018\u0010\u0016\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u001a\u001a\u00020\u0005H\u0002J\b\u0010\u001b\u001a\u00020\u001cH\u0002J\b\u0010\u001d\u001a\u00020\u0005H\u0002J\b\u0010\u001e\u001a\u00020\u0005H\u0016R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\""}, d2 = {"Lcom/government/service/kids/data/internal/crypto/CryptoManagerImpl;", "Lcom/government/service/kids/data/internal/crypto/CryptoManager;", "mContext", "Landroid/content/Context;", "mBioAvailability", "", "(Landroid/content/Context;Z)V", "byteToChar", "", "data", "", "charToByte", "decodeBytes", "encodedData", "", "decryptString", "encodeBytes", "bytes", "encryptData", "encryptString", "getData", "cipher", "getKey", "Ljava/security/Key;", "keyType", "", "withKeyGeneration", "getKeyGenerator", "Ljava/security/KeyPairGenerator;", "hasKeys", "isBioAuthAvailable", "Companion", "KeyType", "NoKeysException", "kids-v1.0.2_prodRelease"}, k = 1, mv = {1, 1, 16})
/* loaded from: classes.dex */
public final class CryptoManagerImpl implements CryptoManager {
    private static final String ALIAS = "gu_kids";
    private static final String GENERATOR_PROVIDER = "AndroidKeyStore";
    private static final boolean PRE_M;
    private static final int PRIVATE_KEY_TYPE = 2;
    private static final String PROVIDER = "AndroidKeyStore";
    private static final int PUBLIC_KEY_TYPE = 1;
    private static final String RSA_ALGORITHM = "RSA";
    private static final String RSA_CIPHER;
    private static final String RSA_CIPHER_OLD = "RSA/ECB/PKCS1Padding";
    private final boolean mBioAvailability;
    private final Context mContext;

    /* compiled from: CryptoManagerImpl.kt */
    @Target({ElementType.PARAMETER})
    @Metadata(bv = {1, 0, 3}, d1 = {"\u0000\n\n\u0002\u0018\u0002\n\u0002\u0010\u001b\n\u0000\b\u0081\u0002\u0018\u00002\u00020\u0001B\u0000¨\u0006\u0002"}, d2 = {"Lcom/government/service/kids/data/internal/crypto/CryptoManagerImpl$KeyType;", "", "kids-v1.0.2_prodRelease"}, k = 1, mv = {1, 1, 16})
    @kotlin.annotation.Target(allowedTargets = {AnnotationTarget.VALUE_PARAMETER})
    @Retention(RetentionPolicy.SOURCE)
    @kotlin.annotation.Retention(AnnotationRetention.SOURCE)
    /* loaded from: classes.dex */
    public @interface KeyType {
    }

    /* compiled from: CryptoManagerImpl.kt */
    @Metadata(bv = {1, 0, 3}, d1 = {"\u0000\u0010\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018\u00002\u00060\u0001j\u0002`\u0002B\u0005¢\u0006\u0002\u0010\u0003¨\u0006\u0004"}, d2 = {"Lcom/government/service/kids/data/internal/crypto/CryptoManagerImpl$NoKeysException;", "Ljava/lang/Exception;", "Lkotlin/Exception;", "()V", "kids-v1.0.2_prodRelease"}, k = 1, mv = {1, 1, 16})
    /* loaded from: classes.dex */
    public static final class NoKeysException extends Exception {
    }

    static {
        boolean z = Build.VERSION.SDK_INT < 23;
        PRE_M = z;
        RSA_CIPHER = !z ? "RSA/ECB/OAEPwithSHA-256andMGF1Padding" : RSA_CIPHER_OLD;
    }

    @Inject
    public CryptoManagerImpl(Context mContext, @Named("bio_availability") boolean z) {
        Intrinsics.checkParameterIsNotNull(mContext, "mContext");
        this.mContext = mContext;
        this.mBioAvailability = z;
    }

    private final char[] byteToChar(byte[] data) {
        char[] cArr = new char[data.length];
        int length = data.length;
        for (int i = 0; i < length; i++) {
            cArr[i] = (char) data[i];
        }
        return cArr;
    }

    private final byte[] charToByte(char[] data) {
        byte[] bArr = new byte[data.length];
        int length = data.length;
        for (int i = 0; i < length; i++) {
            bArr[i] = (byte) data[i];
        }
        return bArr;
    }

    private final byte[] decodeBytes(String encodedData) {
        byte[] decode = Base64.decode(encodedData, 2);
        Intrinsics.checkExpressionValueIsNotNull(decode, "Base64.decode(encodedData, Base64.NO_WRAP)");
        return decode;
    }

    private final String encodeBytes(byte[] bytes) {
        String encodeToString = Base64.encodeToString(bytes, 2);
        Intrinsics.checkExpressionValueIsNotNull(encodeToString, "Base64.encodeToString(bytes, Base64.NO_WRAP)");
        return encodeToString;
    }

    private final String encryptData(byte[] data) throws Exception {
        Key key = getKey(1, true);
        if (key == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.security.PublicKey");
        }
        PublicKey publicKey = (PublicKey) key;
        Cipher cipher = Cipher.getInstance(RSA_CIPHER);
        if (Build.VERSION.SDK_INT == 21) {
            cipher.init(1, publicKey);
        } else {
            cipher.init(1, publicKey, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
        }
        byte[] encodedBytes = cipher.doFinal(data);
        Intrinsics.checkExpressionValueIsNotNull(encodedBytes, "encodedBytes");
        return encodeBytes(encodedBytes);
    }

    private final byte[] getData(String cipher, String encodedData) throws Exception {
        Key key = getKey(2, false);
        if (key == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.security.PrivateKey");
        }
        PrivateKey privateKey = (PrivateKey) key;
        byte[] decodeBytes = decodeBytes(encodedData);
        if (decodeBytes.length == 0) {
            return decodeBytes;
        }
        try {
            Cipher cipher2 = Cipher.getInstance(cipher);
            if (Build.VERSION.SDK_INT == 21) {
                cipher2.init(2, privateKey);
            } else {
                cipher2.init(2, privateKey, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
            }
            byte[] doFinal = cipher2.doFinal(decodeBytes);
            Intrinsics.checkExpressionValueIsNotNull(doFinal, "c.doFinal(dataBytes)");
            return doFinal;
        } catch (IllegalBlockSizeException unused) {
            return getData(RSA_CIPHER_OLD, encodedData);
        }
    }

    private final Key getKey(int keyType, boolean withKeyGeneration) throws Exception {
        if (!hasKeys()) {
            if (!withKeyGeneration) {
                throw new NoKeysException();
            }
            getKeyGenerator().generateKeyPair();
        }
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        KeyStore.Entry entry = keyStore.getEntry(ALIAS, null);
        if (entry == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
        }
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
        if (keyType == 1) {
            Certificate certificate = privateKeyEntry.getCertificate();
            Intrinsics.checkExpressionValueIsNotNull(certificate, "privateKeyEntry.certificate");
            PublicKey publicKey = certificate.getPublicKey();
            Intrinsics.checkExpressionValueIsNotNull(publicKey, "privateKeyEntry.certificate.publicKey");
            return publicKey;
        }
        if (keyType != 2) {
            throw new IllegalStateException("Key Type is unknown");
        }
        PrivateKey privateKey = privateKeyEntry.getPrivateKey();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "privateKeyEntry.privateKey");
        return privateKey;
    }

    private final KeyPairGenerator getKeyGenerator() throws Exception {
        KeyPairGenerator kpg = KeyPairGenerator.getInstance(RSA_ALGORITHM, "AndroidKeyStore");
        if (PRE_M) {
            Calendar start = Calendar.getInstance();
            Calendar end = Calendar.getInstance();
            end.add(1, 25);
            KeyPairGeneratorSpec.Builder serialNumber = new KeyPairGeneratorSpec.Builder(this.mContext).setAlias(ALIAS).setSubject(new X500Principal("CN=gu_kids, O=Android Authority")).setSerialNumber(BigInteger.ONE);
            Intrinsics.checkExpressionValueIsNotNull(start, "start");
            KeyPairGeneratorSpec.Builder startDate = serialNumber.setStartDate(start.getTime());
            Intrinsics.checkExpressionValueIsNotNull(end, "end");
            KeyPairGeneratorSpec build = startDate.setEndDate(end.getTime()).build();
            Intrinsics.checkExpressionValueIsNotNull(build, "KeyPairGeneratorSpec.Bui…\n                .build()");
            kpg.initialize(build);
        } else {
            kpg.initialize(new KeyGenParameterSpec.Builder(ALIAS, 2).setDigests("SHA-256", "SHA-512").setEncryptionPaddings("OAEPPadding").build());
        }
        Intrinsics.checkExpressionValueIsNotNull(kpg, "kpg");
        return kpg;
    }

    private final boolean hasKeys() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return keyStore.containsAlias(ALIAS);
    }

    @Override // com.government.service.kids.data.internal.crypto.CryptoManager
    public String decryptString(String encodedData) throws Exception {
        Intrinsics.checkParameterIsNotNull(encodedData, "encodedData");
        return new String(byteToChar(getData(RSA_CIPHER, encodedData)));
    }

    @Override // com.government.service.kids.data.internal.crypto.CryptoManager
    public String encryptString(String data) throws Exception {
        Intrinsics.checkParameterIsNotNull(data, "data");
        char[] charArray = data.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        return encryptData(charToByte(charArray));
    }

    @Override // com.government.service.kids.data.internal.crypto.CryptoManager
    /* renamed from: isBioAuthAvailable, reason: from getter */
    public boolean getMBioAvailability() {
        return this.mBioAvailability;
    }
}
