package com.alamos.security.keystore;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import android.util.Log;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Calendar;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class KeystoreUtil {
    private static final String ALIAS = "apager_rsa_alias";
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String PREF_ADDITIONAL = "additional";
    public static final String PREF_KEYSTORE_BROKEN = "pref_keystore_broken";
    private static final String RSA_PRIVATE = "RSA_PRIVATE";
    private static final String RSA_PUBLIC = "RSA_PUBLIC";
    private static final String TAG = KeystoreUtil.class.getName();
    private Context context;
    private KeyStore keyStore;
    private boolean keyStoreBroken;

    public KeystoreUtil(Context context, boolean z) throws Exception {
        this.context = context;
        this.keyStoreBroken = z;
        initKeyStore();
    }

    private KeyPair generateKeyPairInternalMarshmallow() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEY_STORE);
        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(ALIAS, 3).setKeySize(2048).setEncryptionPaddings("PKCS1Padding").build());
        return keyPairGenerator.generateKeyPair();
    }

    private KeyPair generateKeyPairInternalPreJellyBean() throws Exception {
        if (this.keyStoreBroken) {
            Log.i(TAG, "Generating KeyPair for Device with a broken KeyStore");
        } else {
            Log.i(TAG, "Generating KeyPair for Android <= 4.2 Device");
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        byte[] encoded = genKeyPair.getPublic().getEncoded();
        byte[] encoded2 = genKeyPair.getPrivate().getEncoded();
        SharedPreferences.Editor edit = this.context.getSharedPreferences(PREF_ADDITIONAL, 0).edit();
        edit.putString(RSA_PUBLIC, Base64.encodeToString(encoded, 2));
        edit.putString(RSA_PRIVATE, Base64.encodeToString(encoded2, 2));
        edit.apply();
        return genKeyPair;
    }

    private KeyPair generateKeyPairInternalPreMarshmallow() throws Exception {
        Log.i(TAG, "Generating KeyPair for Android >= 4.3 & < 6.0 Device");
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 40);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEY_STORE);
        keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(this.context).setAlias(ALIAS).setEndDate(calendar2.getTime()).setStartDate(calendar.getTime()).setSerialNumber(BigInteger.ONE).setSubject(new X500Principal("CN = aPager PRO, O = Alamos GmbH")).build());
        return keyPairGenerator.generateKeyPair();
    }

    private KeyPair getKeyPairInternal() throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        if (this.keyStore.containsAlias(ALIAS)) {
            PrivateKey privateKey = (PrivateKey) this.keyStore.getKey(ALIAS, null);
            PublicKey publicKey = this.keyStore.getCertificate(ALIAS).getPublicKey();
            if (privateKey != null && publicKey != null) {
                Log.i(TAG, "KeyPair found.");
                return new KeyPair(publicKey, privateKey);
            }
        }
        Log.w(TAG, "KeyPair NOT found.");
        return null;
    }

    private void initKeyStore() throws Exception {
        if (Build.VERSION.SDK_INT < 18 || this.keyStoreBroken) {
            return;
        }
        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
        this.keyStore = keyStore;
        keyStore.load(null);
    }

    public void generateKeyPair() throws Exception {
        if (isKeyPairAvailable()) {
            Log.i(TAG, "No need to create a new KeyPair, it already exists.");
            return;
        }
        PublicKey publicKey = (this.keyStoreBroken ? generateKeyPairInternalPreJellyBean() : Build.VERSION.SDK_INT >= 23 ? generateKeyPairInternalMarshmallow() : Build.VERSION.SDK_INT >= 18 ? generateKeyPairInternalPreMarshmallow() : generateKeyPairInternalPreJellyBean()).getPublic();
        Log.i(TAG, "KeyPair generated. Public key:\n" + Base64.encodeToString(publicKey.getEncoded(), 2));
    }

    public KeyPair getKeyPair() throws Exception {
        if (Build.VERSION.SDK_INT >= 18 && !this.keyStoreBroken) {
            Log.d(TAG, "getKeyPair() called - Using modern mode");
            return getKeyPairInternal();
        }
        Log.d(TAG, "getKeyPair() called - Using legacy mode");
        SharedPreferences sharedPreferences = this.context.getSharedPreferences(PREF_ADDITIONAL, 0);
        String string = sharedPreferences.getString(RSA_PUBLIC, "");
        String string2 = sharedPreferences.getString(RSA_PRIVATE, "");
        if (string.equals("") || string2.equals("")) {
            Log.w(TAG, "No KeyPair found, returning null");
            return null;
        }
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PublicKey generatePublic = keyFactory.generatePublic(new X509EncodedKeySpec(Base64.decode(string, 2)));
        PrivateKey generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(string2, 2)));
        Log.i(TAG, "Legacy KeyPair found.");
        return new KeyPair(generatePublic, generatePrivate);
    }

    public KeyPairBase64 getKeyPairBase64() throws Exception {
        KeyPair keyPair = getKeyPair();
        if (keyPair == null) {
            return null;
        }
        byte[] encoded = keyPair.getPublic().getEncoded();
        byte[] encoded2 = keyPair.getPrivate().getEncoded();
        if (encoded2 == null) {
            Log.i(TAG, "Private key is null - cannot be exported");
        }
        return new KeyPairBase64(Base64.encodeToString(encoded, 2), encoded2 != null ? Base64.encodeToString(encoded2, 2) : "");
    }

    public boolean isKeyPairAvailable() {
        if (Build.VERSION.SDK_INT >= 18 && !this.keyStoreBroken) {
            try {
                return getKeyPairInternal() != null;
            } catch (Exception e) {
                Log.w(TAG, "Error while loading entry from Android KeyStore", e);
                return false;
            }
        }
        SharedPreferences sharedPreferences = this.context.getSharedPreferences(PREF_ADDITIONAL, 0);
        String string = sharedPreferences.getString(RSA_PUBLIC, "");
        String string2 = sharedPreferences.getString(RSA_PRIVATE, "");
        if (string.equals("") || string2.equals("")) {
            Log.i(TAG, "No KeyPair found.");
            return false;
        }
        Log.i(TAG, "KeyPair found (legacy mode)");
        return true;
    }
}
