package com.kfc.data.utils;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.preference.PreferenceManager;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import com.google.android.gms.stats.CodePackage;
import com.yydcdut.markdown.syntax.SyntaxKey;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidParameterSpecException;
import java.util.Date;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.text.Typography;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes3.dex */
public class OldSecureStore {
    private static final String ALIAS_PROPERTY = "keychainService";
    private static final String KEYSTORE_PROVIDER = "AndroidKeyStore";
    private static final String SCHEME_PROPERTY = "scheme";
    private static final String TAG = "ExpoSecureStore";
    private Context context;
    private String environment;
    private AESEncrypter mAESEncrypter;
    private HybridAESEncrypter mHybridAESEncrypter;
    private KeyStore mKeyStore;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static class AESEncrypter implements KeyBasedEncrypter<KeyStore.SecretKeyEntry> {
        private static final String AES_CIPHER = "AES/GCM/NoPadding";
        private static final int AES_KEY_SIZE_BITS = 256;
        private static final String CIPHERTEXT_PROPERTY = "ct";
        private static final String DEFAULT_ALIAS = "key_v1";
        private static final String GCM_AUTHENTICATION_TAG_LENGTH_PROPERTY = "tlen";
        private static final String IV_PROPERTY = "iv";
        public static final String NAME = "aes";

        AESEncrypter() {
        }

        @Override // com.kfc.data.utils.OldSecureStore.KeyBasedEncrypter
        public JSONObject createEncryptedItem(String str, KeyStore keyStore, KeyStore.SecretKeyEntry secretKeyEntry) throws GeneralSecurityException, JSONException {
            SecretKey secretKey = secretKeyEntry.getSecretKey();
            Cipher cipher = Cipher.getInstance(AES_CIPHER);
            cipher.init(1, secretKey);
            return createEncryptedItem(str, cipher, (GCMParameterSpec) cipher.getParameters().getParameterSpec(GCMParameterSpec.class));
        }

        JSONObject createEncryptedItem(String str, Cipher cipher, GCMParameterSpec gCMParameterSpec) throws GeneralSecurityException, JSONException {
            String encodeToString = Base64.encodeToString(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)), 2);
            String encodeToString2 = Base64.encodeToString(gCMParameterSpec.getIV(), 2);
            return new JSONObject().put(CIPHERTEXT_PROPERTY, encodeToString).put(IV_PROPERTY, encodeToString2).put(GCM_AUTHENTICATION_TAG_LENGTH_PROPERTY, gCMParameterSpec.getTLen());
        }

        @Override // com.kfc.data.utils.OldSecureStore.KeyBasedEncrypter
        public String decryptItem(JSONObject jSONObject, KeyStore.SecretKeyEntry secretKeyEntry) throws GeneralSecurityException, JSONException {
            String string = jSONObject.getString(CIPHERTEXT_PROPERTY);
            String string2 = jSONObject.getString(IV_PROPERTY);
            int i = jSONObject.getInt(GCM_AUTHENTICATION_TAG_LENGTH_PROPERTY);
            byte[] decode = Base64.decode(string, 0);
            GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(i, Base64.decode(string2, 0));
            Cipher cipher = Cipher.getInstance(AES_CIPHER);
            cipher.init(2, secretKeyEntry.getSecretKey(), gCMParameterSpec);
            return new String(cipher.doFinal(decode), StandardCharsets.UTF_8);
        }

        @Override // com.kfc.data.utils.OldSecureStore.KeyBasedEncrypter
        public String getKeyStoreAlias() {
            return "AES/GCM/NoPadding:" + DEFAULT_ALIAS;
        }

        @Override // com.kfc.data.utils.OldSecureStore.KeyBasedEncrypter
        public KeyStore.SecretKeyEntry initializeKeyStoreEntry(KeyStore keyStore) throws GeneralSecurityException {
            String keyStoreAlias = getKeyStoreAlias();
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(keyStoreAlias, 3).setKeySize(256).setBlockModes(CodePackage.GCM).setEncryptionPaddings("NoPadding").build();
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", keyStore.getProvider());
            keyGenerator.init(build);
            keyGenerator.generateKey();
            KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore.getEntry(keyStoreAlias, null);
            if (secretKeyEntry != null) {
                return secretKeyEntry;
            }
            throw new UnrecoverableEntryException("Could not retrieve the newly generated secret key entry");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes3.dex */
    public static class HybridAESEncrypter implements KeyBasedEncrypter<KeyStore.PrivateKeyEntry> {
        private static final String DEFAULT_ALIAS = "key_v1";
        private static final String ENCRYPTED_SECRET_KEY_PROPERTY = "esk";
        private static final int GCM_AUTHENTICATION_TAG_LENGTH_BITS = 128;
        private static final int GCM_IV_LENGTH_BYTES = 12;
        public static final String NAME = "hybrid";
        private static final String RSA_CIPHER = "RSA/None/PKCS1Padding";
        private static final String RSA_CIPHER_LEGACY_PROVIDER = "AndroidOpenSSL";
        private static final int X509_SERIAL_NUMBER_LENGTH_BITS = 160;
        private AESEncrypter mAESEncrypter;
        protected Context mContext;
        private SecureRandom mSecureRandom = new SecureRandom();

        HybridAESEncrypter(Context context, AESEncrypter aESEncrypter) {
            this.mContext = context;
            this.mAESEncrypter = aESEncrypter;
        }

        private Cipher getRSACipher() throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException {
            return Build.VERSION.SDK_INT < 23 ? Cipher.getInstance(RSA_CIPHER, RSA_CIPHER_LEGACY_PROVIDER) : Cipher.getInstance(RSA_CIPHER);
        }

        @Override // com.kfc.data.utils.OldSecureStore.KeyBasedEncrypter
        public JSONObject createEncryptedItem(String str, KeyStore keyStore, KeyStore.PrivateKeyEntry privateKeyEntry) throws GeneralSecurityException, JSONException {
            byte[] bArr = new byte[12];
            this.mSecureRandom.nextBytes(bArr);
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            SecretKey generateKey = keyGenerator.generateKey();
            GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, bArr);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, generateKey, gCMParameterSpec);
            try {
                gCMParameterSpec = (GCMParameterSpec) cipher.getParameters().getParameterSpec(GCMParameterSpec.class);
            } catch (InvalidParameterSpecException unused) {
                if (!CodePackage.GCM.equals(cipher.getParameters().getAlgorithm())) {
                    throw new InvalidAlgorithmParameterException("Algorithm chosen by the cipher (" + cipher.getParameters().getAlgorithm() + ") doesn't match requested (GCM).");
                }
            }
            JSONObject createEncryptedItem = this.mAESEncrypter.createEncryptedItem(str, cipher, gCMParameterSpec);
            String string = createEncryptedItem.getString("iv");
            String encodeToString = Base64.encodeToString(bArr, 2);
            if (!string.equals(encodeToString)) {
                Log.e(OldSecureStore.TAG, String.format("HybridAESEncrypter generated two different IVs: %s and %s", encodeToString, string));
                throw new IllegalStateException("HybridAESEncrypter must store the same IV as the one used to parameterize the secret key");
            }
            byte[] encoded = generateKey.getEncoded();
            Cipher rSACipher = getRSACipher();
            rSACipher.init(1, privateKeyEntry.getCertificate());
            return createEncryptedItem.put(ENCRYPTED_SECRET_KEY_PROPERTY, Base64.encodeToString(rSACipher.doFinal(encoded), 2));
        }

        @Override // com.kfc.data.utils.OldSecureStore.KeyBasedEncrypter
        public String decryptItem(JSONObject jSONObject, KeyStore.PrivateKeyEntry privateKeyEntry) throws GeneralSecurityException, JSONException {
            byte[] decode = Base64.decode(jSONObject.getString(ENCRYPTED_SECRET_KEY_PROPERTY), 0);
            Cipher rSACipher = getRSACipher();
            rSACipher.init(2, privateKeyEntry.getPrivateKey());
            return this.mAESEncrypter.decryptItem(jSONObject, new KeyStore.SecretKeyEntry(new SecretKeySpec(rSACipher.doFinal(decode), "AES")));
        }

        @Override // com.kfc.data.utils.OldSecureStore.KeyBasedEncrypter
        public String getKeyStoreAlias() {
            return "RSA/None/PKCS1Padding:" + DEFAULT_ALIAS;
        }

        @Override // com.kfc.data.utils.OldSecureStore.KeyBasedEncrypter
        public KeyStore.PrivateKeyEntry initializeKeyStoreEntry(KeyStore keyStore) throws GeneralSecurityException {
            String keyStoreAlias = getKeyStoreAlias();
            String str = Typography.quote + keyStoreAlias.replace(SyntaxKey.KEY_BACKSLASH, "\\\\").replace("\"", "\\\"") + Typography.quote;
            KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.mContext).setAlias(keyStoreAlias).setSubject(new X500Principal("CN=" + str + ", OU=SecureStore")).setSerialNumber(new BigInteger(X509_SERIAL_NUMBER_LENGTH_BITS, this.mSecureRandom)).setStartDate(new Date(0L)).setEndDate(new Date(Long.MAX_VALUE)).build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", keyStore.getProvider());
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(keyStoreAlias, null);
            if (privateKeyEntry != null) {
                return privateKeyEntry;
            }
            throw new UnrecoverableEntryException("Could not retrieve the newly generated private key entry");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public interface KeyBasedEncrypter<E extends KeyStore.Entry> {
        JSONObject createEncryptedItem(String str, KeyStore keyStore, E e) throws GeneralSecurityException, JSONException;

        String decryptItem(JSONObject jSONObject, E e) throws GeneralSecurityException, JSONException;

        String getKeyStoreAlias();

        E initializeKeyStoreEntry(KeyStore keyStore) throws GeneralSecurityException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static class LegacySDK20Encrypter {
        private static final String DEFAULT_ALIAS = "MY_APP";
        private static final String RSA_CIPHER = "RSA/ECB/PKCS1Padding";

        private LegacySDK20Encrypter() {
        }

        String decryptItem(String str, KeyStore.PrivateKeyEntry privateKeyEntry) throws GeneralSecurityException {
            byte[] decode = Base64.decode(str, 0);
            Cipher cipher = Cipher.getInstance(RSA_CIPHER);
            cipher.init(2, privateKeyEntry.getPrivateKey());
            return new String(cipher.doFinal(decode), StandardCharsets.UTF_8);
        }

        String getKeyStoreAlias() {
            return DEFAULT_ALIAS;
        }
    }

    public OldSecureStore(Context context, String str) {
        this.context = context;
        this.environment = str;
        AESEncrypter aESEncrypter = new AESEncrypter();
        this.mAESEncrypter = aESEncrypter;
        this.mHybridAESEncrypter = new HybridAESEncrypter(context, aESEncrypter);
    }

    private String getItemImpl(String str) {
        SharedPreferences sharedPreferences = getSharedPreferences();
        return sharedPreferences.contains(str) ? readJSONEncodedItem(str, sharedPreferences) : readLegacySDK20Item(str);
    }

    private <E extends KeyStore.Entry> E getKeyEntry(Class<E> cls, KeyBasedEncrypter<E> keyBasedEncrypter) throws IOException, GeneralSecurityException {
        KeyStore keyStore = getKeyStore();
        String keyStoreAlias = keyBasedEncrypter.getKeyStoreAlias();
        if (!keyStore.containsAlias(keyStoreAlias)) {
            return keyBasedEncrypter.initializeKeyStoreEntry(keyStore);
        }
        KeyStore.Entry entry = keyStore.getEntry(keyStoreAlias, null);
        if (cls.isInstance(entry)) {
            return cls.cast(entry);
        }
        throw new KeyStoreException(String.format("The entry for the keystore alias \"%s\" is not a %s", keyStoreAlias, cls.getSimpleName()));
    }

    private KeyStore getKeyStore() throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        if (this.mKeyStore == null) {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_PROVIDER);
            keyStore.load(null);
            this.mKeyStore = keyStore;
        }
        return this.mKeyStore;
    }

    private SharedPreferences getSharedPreferences() {
        String str;
        if (this.environment.equals("main")) {
            str = "%40russia-kfc-digital%2Fkfc-mobile-" + this.environment + "-SecureStore";
        } else if (this.environment.equals("staging")) {
            str = "%40checkmobile%2Fkfc-mobile-rn-" + this.environment + "-SecureStore";
        } else {
            str = "%40anonymous%2Fkfc-mobile-rn-" + this.environment + "-fd0ca6f1-2dc2-4bab-866f-bde449bd8286-SecureStore";
        }
        return this.context.getSharedPreferences(str, 0);
    }

    /* JADX WARN: Code restructure failed: missing block: B:17:0x004c, code lost:
    
        if (r11 == 1) goto L24;
     */
    /* JADX WARN: Code restructure failed: missing block: B:18:0x004e, code lost:
    
        android.util.Log.e(com.kfc.data.utils.OldSecureStore.TAG, java.lang.String.format("The item for key \"%s\" in SecureStore has an unknown encoding scheme (%s)", r10, r6));
     */
    /* JADX WARN: Code restructure failed: missing block: B:19:0x005d, code lost:
    
        return null;
     */
    /* JADX WARN: Code restructure failed: missing block: B:21:?, code lost:
    
        return r9.mHybridAESEncrypter.decryptItem2(r5, (java.security.KeyStore.PrivateKeyEntry) getKeyEntry(java.security.KeyStore.PrivateKeyEntry.class, r9.mHybridAESEncrypter));
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String readJSONEncodedItem(java.lang.String r10, android.content.SharedPreferences r11) {
        /*
            r9 = this;
            java.lang.String r0 = "ExpoSecureStore"
            r1 = 0
            java.lang.String r11 = r11.getString(r10, r1)
            r2 = 2
            r3 = 0
            r4 = 1
            org.json.JSONObject r5 = new org.json.JSONObject     // Catch: org.json.JSONException -> L8f
            r5.<init>(r11)     // Catch: org.json.JSONException -> L8f
            java.lang.String r6 = "scheme"
            java.lang.String r6 = r5.optString(r6)
            if (r6 != 0) goto L27
            java.lang.Object[] r2 = new java.lang.Object[r2]
            r2[r3] = r10
            r2[r4] = r11
            java.lang.String r10 = "Stored JSON object is missing a scheme (key = %s, value = %s)"
            java.lang.String r10 = java.lang.String.format(r10, r2)
            android.util.Log.e(r0, r10)
            return r1
        L27:
            r11 = -1
            int r7 = r6.hashCode()     // Catch: org.json.JSONException -> L80 java.security.GeneralSecurityException -> L85 java.io.IOException -> L8a
            r8 = -1202757124(0xffffffffb84f61fc, float:-4.94439E-5)
            if (r7 == r8) goto L41
            r8 = 96463(0x178cf, float:1.35173E-40)
            if (r7 == r8) goto L37
            goto L4a
        L37:
            java.lang.String r7 = "aes"
            boolean r7 = r6.equals(r7)     // Catch: org.json.JSONException -> L80 java.security.GeneralSecurityException -> L85 java.io.IOException -> L8a
            if (r7 == 0) goto L4a
            r11 = 0
            goto L4a
        L41:
            java.lang.String r7 = "hybrid"
            boolean r7 = r6.equals(r7)     // Catch: org.json.JSONException -> L80 java.security.GeneralSecurityException -> L85 java.io.IOException -> L8a
            if (r7 == 0) goto L4a
            r11 = 1
        L4a:
            if (r11 == 0) goto L6f
            if (r11 == r4) goto L5e
            java.lang.String r11 = "The item for key \"%s\" in SecureStore has an unknown encoding scheme (%s)"
            java.lang.Object[] r2 = new java.lang.Object[r2]     // Catch: org.json.JSONException -> L80 java.security.GeneralSecurityException -> L85 java.io.IOException -> L8a
            r2[r3] = r10     // Catch: org.json.JSONException -> L80 java.security.GeneralSecurityException -> L85 java.io.IOException -> L8a
            r2[r4] = r6     // Catch: org.json.JSONException -> L80 java.security.GeneralSecurityException -> L85 java.io.IOException -> L8a
            java.lang.String r10 = java.lang.String.format(r11, r2)     // Catch: org.json.JSONException -> L80 java.security.GeneralSecurityException -> L85 java.io.IOException -> L8a
            android.util.Log.e(r0, r10)     // Catch: org.json.JSONException -> L80 java.security.GeneralSecurityException -> L85 java.io.IOException -> L8a
            return r1
        L5e:
            java.lang.Class<java.security.KeyStore$PrivateKeyEntry> r10 = java.security.KeyStore.PrivateKeyEntry.class
            com.kfc.data.utils.OldSecureStore$HybridAESEncrypter r11 = r9.mHybridAESEncrypter     // Catch: org.json.JSONException -> L80 java.security.GeneralSecurityException -> L85 java.io.IOException -> L8a
            java.security.KeyStore$Entry r10 = r9.getKeyEntry(r10, r11)     // Catch: org.json.JSONException -> L80 java.security.GeneralSecurityException -> L85 java.io.IOException -> L8a
            java.security.KeyStore$PrivateKeyEntry r10 = (java.security.KeyStore.PrivateKeyEntry) r10     // Catch: org.json.JSONException -> L80 java.security.GeneralSecurityException -> L85 java.io.IOException -> L8a
            com.kfc.data.utils.OldSecureStore$HybridAESEncrypter r11 = r9.mHybridAESEncrypter     // Catch: org.json.JSONException -> L80 java.security.GeneralSecurityException -> L85 java.io.IOException -> L8a
            java.lang.String r10 = r11.decryptItem(r5, r10)     // Catch: org.json.JSONException -> L80 java.security.GeneralSecurityException -> L85 java.io.IOException -> L8a
            goto L7f
        L6f:
            java.lang.Class<java.security.KeyStore$SecretKeyEntry> r10 = java.security.KeyStore.SecretKeyEntry.class
            com.kfc.data.utils.OldSecureStore$AESEncrypter r11 = r9.mAESEncrypter     // Catch: org.json.JSONException -> L80 java.security.GeneralSecurityException -> L85 java.io.IOException -> L8a
            java.security.KeyStore$Entry r10 = r9.getKeyEntry(r10, r11)     // Catch: org.json.JSONException -> L80 java.security.GeneralSecurityException -> L85 java.io.IOException -> L8a
            java.security.KeyStore$SecretKeyEntry r10 = (java.security.KeyStore.SecretKeyEntry) r10     // Catch: org.json.JSONException -> L80 java.security.GeneralSecurityException -> L85 java.io.IOException -> L8a
            com.kfc.data.utils.OldSecureStore$AESEncrypter r11 = r9.mAESEncrypter     // Catch: org.json.JSONException -> L80 java.security.GeneralSecurityException -> L85 java.io.IOException -> L8a
            java.lang.String r10 = r11.decryptItem(r5, r10)     // Catch: org.json.JSONException -> L80 java.security.GeneralSecurityException -> L85 java.io.IOException -> L8a
        L7f:
            return r10
        L80:
            r10 = move-exception
            android.util.Log.w(r0, r10)
            return r1
        L85:
            r10 = move-exception
            android.util.Log.w(r0, r10)
            return r1
        L8a:
            r10 = move-exception
            android.util.Log.w(r0, r10)
            return r1
        L8f:
            r5 = move-exception
            java.lang.Object[] r2 = new java.lang.Object[r2]
            r2[r3] = r10
            r2[r4] = r11
            java.lang.String r10 = "Could not parse stored value as JSON (key = %s, value = %s)"
            java.lang.String r10 = java.lang.String.format(r10, r2)
            android.util.Log.e(r0, r10, r5)
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: com.kfc.data.utils.OldSecureStore.readJSONEncodedItem(java.lang.String, android.content.SharedPreferences):java.lang.String");
    }

    private String readLegacySDK20Item(String str) {
        String string = PreferenceManager.getDefaultSharedPreferences(this.context).getString(str, null);
        if (TextUtils.isEmpty(string)) {
            return null;
        }
        LegacySDK20Encrypter legacySDK20Encrypter = new LegacySDK20Encrypter();
        try {
            KeyStore keyStore = getKeyStore();
            String keyStoreAlias = legacySDK20Encrypter.getKeyStoreAlias();
            if (!keyStore.containsAlias(keyStoreAlias)) {
                return null;
            }
            KeyStore.Entry entry = keyStore.getEntry(keyStoreAlias, null);
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                return legacySDK20Encrypter.decryptItem(string, (KeyStore.PrivateKeyEntry) entry);
            }
            return null;
        } catch (IOException e) {
            Log.w(TAG, e);
            return null;
        } catch (GeneralSecurityException e2) {
            Log.w(TAG, e2);
            return null;
        }
    }

    public String getName() {
        return TAG;
    }

    public String getValueWithKey(String str) {
        try {
            return getItemImpl(str);
        } catch (Exception e) {
            Log.e(TAG, "Caught unexpected exception when reading from SecureStore", e);
            return null;
        }
    }
}
