package com.expressvpn.sharedandroid.utils;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.util.Calendar;
import java.util.List;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;
import javax.security.auth.x500.X500Principal;

/* compiled from: KeystoreCrypt.kt */
/* loaded from: classes.dex */
public class o {
    private final Context a;

    /* compiled from: KeystoreCrypt.kt */
    /* loaded from: classes.dex */
    public static final class a {
        public static final a a = new a();

        private a() {
        }

        private final KeyStore.PrivateKeyEntry c(Context context) {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            kotlin.e0.d.k.d(keyStore, "KeyStore.getInstance(PRO… load(null)\n            }");
            if (!keyStore.containsAlias("keystore_crypt_key")) {
                Calendar calendar = Calendar.getInstance();
                Calendar calendar2 = Calendar.getInstance();
                calendar2.add(1, 100);
                KeyPairGeneratorSpec.Builder subject = new KeyPairGeneratorSpec.Builder(context).setAlias("keystore_crypt_key").setSubject(new X500Principal("CN=keystore_crypt_key"));
                kotlin.e0.d.k.d(calendar, "start");
                KeyPairGeneratorSpec.Builder startDate = subject.setStartDate(calendar.getTime());
                kotlin.e0.d.k.d(calendar2, "end");
                KeyPairGeneratorSpec build = startDate.setEndDate(calendar2.getTime()).setSerialNumber(BigInteger.TEN).build();
                kotlin.e0.d.k.d(build, "KeyPairGeneratorSpec.Bui…                 .build()");
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                kotlin.e0.d.k.d(keyPairGenerator, "KeyPairGenerator.getInstance(\"RSA\", PROVIDER)");
                keyPairGenerator.initialize(build);
                keyPairGenerator.generateKeyPair();
            }
            KeyStore.Entry entry = keyStore.getEntry("keystore_crypt_key", null);
            Objects.requireNonNull(entry, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
            return (KeyStore.PrivateKeyEntry) entry;
        }

        public final String a(Context context, String str) {
            kotlin.e0.d.k.e(context, "context");
            kotlin.e0.d.k.e(str, "data");
            byte[] decode = Base64.decode(str, 2);
            PrivateKey privateKey = c(context).getPrivateKey();
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(2, privateKey);
            byte[] doFinal = cipher.doFinal(decode);
            kotlin.e0.d.k.d(doFinal, "cipher.doFinal(dataBytes)");
            Charset forName = Charset.forName("UTF-8");
            kotlin.e0.d.k.d(forName, "Charset.forName(charsetName)");
            return new String(doFinal, forName);
        }

        public final String b(Context context, String str) {
            kotlin.e0.d.k.e(context, "context");
            kotlin.e0.d.k.e(str, "data");
            KeyStore.PrivateKeyEntry c = c(context);
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            Certificate certificate = c.getCertificate();
            kotlin.e0.d.k.d(certificate, "key.certificate");
            cipher.init(1, certificate.getPublicKey());
            Charset forName = Charset.forName("UTF-8");
            kotlin.e0.d.k.d(forName, "Charset.forName(charsetName)");
            byte[] bytes = str.getBytes(forName);
            kotlin.e0.d.k.d(bytes, "(this as java.lang.String).getBytes(charset)");
            String encodeToString = Base64.encodeToString(cipher.doFinal(bytes), 2);
            kotlin.e0.d.k.d(encodeToString, "Base64.encodeToString(cipherText, Base64.NO_WRAP)");
            return encodeToString;
        }
    }

    /* compiled from: KeystoreCrypt.kt */
    /* loaded from: classes.dex */
    public static final class b {
        public static final b a = new b();

        private b() {
        }

        private final Key c() {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            kotlin.e0.d.k.d(keyStore, "KeyStore.getInstance(PRO… load(null)\n            }");
            Key key = keyStore.getKey("keystore_crypt_key", null);
            if (key == null) {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder("keystore_crypt_key", 3);
                builder.setEncryptionPaddings("PKCS7Padding");
                builder.setBlockModes("CBC");
                KeyGenParameterSpec build = builder.build();
                kotlin.e0.d.k.d(build, "KeyGenParameterSpec.Buil…build()\n                }");
                keyGenerator.init(build);
                key = keyGenerator.generateKey();
            }
            kotlin.e0.d.k.d(key, "key");
            return key;
        }

        public final String a(String str) {
            List<Byte> P;
            byte[] r0;
            List<Byte> Q;
            byte[] r02;
            kotlin.e0.d.k.e(str, "data");
            byte[] decode = Base64.decode(str, 2);
            kotlin.e0.d.k.d(decode, "Base64.decode(data, Base64.NO_WRAP)");
            P = kotlin.a0.k.P(decode, decode.length - 16);
            r0 = kotlin.a0.w.r0(P);
            Q = kotlin.a0.k.Q(decode, 16);
            r02 = kotlin.a0.w.r0(Q);
            Key c = c();
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            cipher.init(2, c, new IvParameterSpec(r02));
            byte[] doFinal = cipher.doFinal(r0);
            kotlin.e0.d.k.d(doFinal, "cipher.doFinal(dataBytes)");
            Charset forName = Charset.forName("UTF-8");
            kotlin.e0.d.k.d(forName, "Charset.forName(charsetName)");
            return new String(doFinal, forName);
        }

        public final String b(String str) {
            byte[] m;
            kotlin.e0.d.k.e(str, "data");
            Key c = c();
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            cipher.init(1, c);
            Charset forName = Charset.forName("UTF-8");
            kotlin.e0.d.k.d(forName, "Charset.forName(charsetName)");
            byte[] bytes = str.getBytes(forName);
            kotlin.e0.d.k.d(bytes, "(this as java.lang.String).getBytes(charset)");
            byte[] doFinal = cipher.doFinal(bytes);
            kotlin.e0.d.k.d(doFinal, "cipher.doFinal(data.toByteArray(charset(CHARSET)))");
            kotlin.e0.d.k.d(cipher, "cipher");
            byte[] iv = cipher.getIV();
            kotlin.e0.d.k.d(iv, "cipher.iv");
            m = kotlin.a0.j.m(doFinal, iv);
            String encodeToString = Base64.encodeToString(m, 2);
            kotlin.e0.d.k.d(encodeToString, "Base64.encodeToString(cipherText, Base64.NO_WRAP)");
            return encodeToString;
        }
    }

    public o(Context context) {
        kotlin.e0.d.k.e(context, "context");
        this.a = context;
    }

    public String a(String str) {
        kotlin.e0.d.k.e(str, "data");
        return Build.VERSION.SDK_INT >= 23 ? b.a.a(str) : a.a.a(this.a, str);
    }

    public String b(String str) {
        kotlin.e0.d.k.e(str, "data");
        return Build.VERSION.SDK_INT >= 23 ? b.a.b(str) : a.a.b(this.a, str);
    }
}
