package com.app.sng.base.service.auth;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import com.google.firebase.auth.internal.zzay$$ExternalSyntheticOutline0;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.util.ArrayList;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes6.dex */
class KeyStoreVault {
    private static final String AES_MODE_M = "AES/GCM/NoPadding";
    private static final String AES_MODE_PRE_M = "AES/CBC/PKCS5Padding";
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String KEY_ALIAS = "Sams_Club_SnG";
    private static final String KEY_ENCRYPTED_AES = "KEY_ENCRYPTED_AES";
    private static final String KEY_GENERATED_IV = "KEY_GENERATED_IV";
    private static final String PROVIDER_ANDROID_OPEN_SSL = "AndroidOpenSSL";
    private static final String RSA_MODE = "RSA/ECB/PKCS1Padding";
    private static final Charset UTF_8 = Charset.forName("UTF-8");
    private final KeyStore mKeyStore;
    private final Delegate mKeystoreDelegate;

    /* loaded from: classes6.dex */
    public static abstract class BaseKeystoreDelegate implements Delegate {
        private BaseKeystoreDelegate() {
        }

        private void generateAESKey(SharedPreferences sharedPreferences, KeyStore keyStore) throws Exception {
            if (sharedPreferences.getString(KeyStoreVault.KEY_ENCRYPTED_AES, null) == null) {
                byte[] bArr = new byte[16];
                new SecureRandom().nextBytes(bArr);
                zzay$$ExternalSyntheticOutline0.m(sharedPreferences, KeyStoreVault.KEY_ENCRYPTED_AES, Base64.encodeToString(rsaEncrypt(keyStore, bArr), 0));
            }
        }

        private byte[] rsaDecrypt(KeyStore keyStore, byte[] bArr) throws Exception {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(KeyStoreVault.KEY_ALIAS, null);
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", KeyStoreVault.PROVIDER_ANDROID_OPEN_SSL);
            cipher.init(2, privateKeyEntry.getPrivateKey());
            CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
            ArrayList arrayList = new ArrayList();
            while (true) {
                int read = cipherInputStream.read();
                if (read == -1) {
                    break;
                }
                arrayList.add(Byte.valueOf((byte) read));
            }
            int size = arrayList.size();
            byte[] bArr2 = new byte[size];
            for (int i = 0; i < size; i++) {
                bArr2[i] = ((Byte) arrayList.get(i)).byteValue();
            }
            return bArr2;
        }

        private byte[] rsaEncrypt(KeyStore keyStore, byte[] bArr) throws Exception {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(KeyStoreVault.KEY_ALIAS, null);
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", KeyStoreVault.PROVIDER_ANDROID_OPEN_SSL);
            cipher.init(1, privateKeyEntry.getCertificate().getPublicKey());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            cipherOutputStream.write(bArr);
            cipherOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        }

        @Override // com.samsclub.sng.base.service.auth.KeyStoreVault.Delegate
        public Cipher createDecryptCipher(SharedPreferences sharedPreferences, KeyStore keyStore, String str) throws Exception {
            Cipher cipher = Cipher.getInstance(KeyStoreVault.AES_MODE_PRE_M);
            cipher.init(2, getSecretKey(sharedPreferences, keyStore), new IvParameterSpec(Base64.decode(str, 0)));
            return cipher;
        }

        @Override // com.samsclub.sng.base.service.auth.KeyStoreVault.Delegate
        public Cipher createEncryptCipher(SharedPreferences sharedPreferences, KeyStore keyStore, String str) throws Exception {
            Cipher cipher = Cipher.getInstance(KeyStoreVault.AES_MODE_PRE_M);
            cipher.init(1, getSecretKey(sharedPreferences, keyStore), new IvParameterSpec(Base64.decode(str, 0)));
            return cipher;
        }

        @Override // com.samsclub.sng.base.service.auth.KeyStoreVault.Delegate
        public void destroyEncryptionKey(Context context, SharedPreferences sharedPreferences, KeyStore keyStore) throws Exception {
            keyStore.deleteEntry(KeyStoreVault.KEY_ALIAS);
            sharedPreferences.edit().remove(KeyStoreVault.KEY_GENERATED_IV).remove(KeyStoreVault.KEY_ENCRYPTED_AES).apply();
        }

        @Override // com.samsclub.sng.base.service.auth.KeyStoreVault.Delegate
        public void ensureWorkingEncryptionKey(SharedPreferences sharedPreferences, KeyStore keyStore) throws Exception {
            try {
                getSecretKey(sharedPreferences, keyStore);
            } catch (UnrecoverableKeyException e) {
                throw new KeyStoreVaultUnrecoverableException(e);
            }
        }

        @Override // com.samsclub.sng.base.service.auth.KeyStoreVault.Delegate
        public void generateEncryptionKey(Context context, SharedPreferences sharedPreferences) throws Exception {
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(0, 1);
            KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias(KeyStoreVault.KEY_ALIAS).setSubject(new X500Principal("CN=Sams_Club_SnG")).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", KeyStoreVault.ANDROID_KEY_STORE);
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
        }

        public Key getSecretKey(SharedPreferences sharedPreferences, KeyStore keyStore) throws Exception {
            return new SecretKeySpec(rsaDecrypt(keyStore, Base64.decode(sharedPreferences.getString(KeyStoreVault.KEY_ENCRYPTED_AES, null), 0)), "AES");
        }

        @Override // com.samsclub.sng.base.service.auth.KeyStoreVault.Delegate
        public void initAesKey(SharedPreferences sharedPreferences, KeyStore keyStore) throws Exception {
            generateAESKey(sharedPreferences, keyStore);
        }

        @Override // com.samsclub.sng.base.service.auth.KeyStoreVault.Delegate
        public int supportedIVLength() {
            return 16;
        }
    }

    /* loaded from: classes6.dex */
    public interface Delegate {
        Cipher createDecryptCipher(SharedPreferences sharedPreferences, KeyStore keyStore, String str) throws Exception;

        Cipher createEncryptCipher(SharedPreferences sharedPreferences, KeyStore keyStore, String str) throws Exception;

        void destroyEncryptionKey(Context context, SharedPreferences sharedPreferences, KeyStore keyStore) throws Exception;

        void ensureWorkingEncryptionKey(SharedPreferences sharedPreferences, KeyStore keyStore) throws Exception;

        void generateEncryptionKey(Context context, SharedPreferences sharedPreferences) throws Exception;

        void initAesKey(SharedPreferences sharedPreferences, KeyStore keyStore) throws Exception;

        int supportedIVLength();
    }

    /* loaded from: classes6.dex */
    public static class KeyStoreVaultUnrecoverableException extends Exception {
        public KeyStoreVaultUnrecoverableException(Throwable th) {
            super(th);
        }
    }

    @TargetApi(23)
    /* loaded from: classes6.dex */
    public static class KeystoreDelegate23 implements Delegate {
        private KeystoreDelegate23() {
        }

        private SecretKey getAESKeyFromKS(KeyStore keyStore) throws Exception {
            return (SecretKey) keyStore.getKey(KeyStoreVault.KEY_ALIAS, null);
        }

        @Override // com.samsclub.sng.base.service.auth.KeyStoreVault.Delegate
        public Cipher createDecryptCipher(SharedPreferences sharedPreferences, KeyStore keyStore, String str) throws Exception {
            Cipher cipher = Cipher.getInstance(KeyStoreVault.AES_MODE_M);
            cipher.init(2, getAESKeyFromKS(keyStore), new GCMParameterSpec(128, Base64.decode(str, 0)));
            return cipher;
        }

        @Override // com.samsclub.sng.base.service.auth.KeyStoreVault.Delegate
        public Cipher createEncryptCipher(SharedPreferences sharedPreferences, KeyStore keyStore, String str) throws Exception {
            Cipher cipher = Cipher.getInstance(KeyStoreVault.AES_MODE_M);
            cipher.init(1, getAESKeyFromKS(keyStore), new GCMParameterSpec(128, Base64.decode(str, 0)));
            return cipher;
        }

        @Override // com.samsclub.sng.base.service.auth.KeyStoreVault.Delegate
        public void destroyEncryptionKey(Context context, SharedPreferences sharedPreferences, KeyStore keyStore) throws Exception {
            keyStore.deleteEntry(KeyStoreVault.KEY_ALIAS);
        }

        @Override // com.samsclub.sng.base.service.auth.KeyStoreVault.Delegate
        public void ensureWorkingEncryptionKey(SharedPreferences sharedPreferences, KeyStore keyStore) throws Exception {
            try {
                getAESKeyFromKS(keyStore);
            } catch (UnrecoverableKeyException e) {
                throw new KeyStoreVaultUnrecoverableException(e);
            }
        }

        @Override // com.samsclub.sng.base.service.auth.KeyStoreVault.Delegate
        public void generateEncryptionKey(Context context, SharedPreferences sharedPreferences) throws Exception {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", KeyStoreVault.ANDROID_KEY_STORE);
            keyGenerator.init(new KeyGenParameterSpec.Builder(KeyStoreVault.KEY_ALIAS, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build());
            keyGenerator.generateKey();
        }

        @Override // com.samsclub.sng.base.service.auth.KeyStoreVault.Delegate
        public void initAesKey(SharedPreferences sharedPreferences, KeyStore keyStore) {
        }

        @Override // com.samsclub.sng.base.service.auth.KeyStoreVault.Delegate
        public int supportedIVLength() {
            return 12;
        }
    }

    /* loaded from: classes6.dex */
    public static class KeystoreKeystoreDelegate21 extends BaseKeystoreDelegate {
        private KeystoreKeystoreDelegate21() {
            super();
        }

        @Override // com.samsclub.sng.base.service.auth.KeyStoreVault.BaseKeystoreDelegate, com.samsclub.sng.base.service.auth.KeyStoreVault.Delegate
        public Cipher createDecryptCipher(SharedPreferences sharedPreferences, KeyStore keyStore, String str) throws Exception {
            Cipher cipher = Cipher.getInstance(KeyStoreVault.AES_MODE_M);
            cipher.init(2, getSecretKey(sharedPreferences, keyStore), new GCMParameterSpec(128, Base64.decode(str, 0)));
            return cipher;
        }

        @Override // com.samsclub.sng.base.service.auth.KeyStoreVault.BaseKeystoreDelegate, com.samsclub.sng.base.service.auth.KeyStoreVault.Delegate
        public Cipher createEncryptCipher(SharedPreferences sharedPreferences, KeyStore keyStore, String str) throws Exception {
            Cipher cipher = Cipher.getInstance(KeyStoreVault.AES_MODE_M);
            cipher.init(1, getSecretKey(sharedPreferences, keyStore), new GCMParameterSpec(128, Base64.decode(str, 0)));
            return cipher;
        }

        @Override // com.samsclub.sng.base.service.auth.KeyStoreVault.BaseKeystoreDelegate, com.samsclub.sng.base.service.auth.KeyStoreVault.Delegate
        public int supportedIVLength() {
            return 12;
        }
    }

    public KeyStoreVault(Context context, SharedPreferences sharedPreferences, int i) throws Exception {
        Delegate createDelegate = createDelegate(i);
        this.mKeystoreDelegate = createDelegate;
        KeyStore obtainKeyStore = obtainKeyStore();
        this.mKeyStore = obtainKeyStore;
        generateEncryptionKey(context, sharedPreferences, obtainKeyStore);
        generateRandomIV(sharedPreferences);
        createDelegate.initAesKey(sharedPreferences, obtainKeyStore);
    }

    private Delegate createDelegate(int i) {
        return i >= 23 ? new KeystoreDelegate23() : new KeystoreKeystoreDelegate21();
    }

    private KeyStore generateEncryptionKey(Context context, SharedPreferences sharedPreferences, KeyStore keyStore) throws Exception {
        if (!keyStore.containsAlias(KEY_ALIAS)) {
            this.mKeystoreDelegate.generateEncryptionKey(context, sharedPreferences);
        }
        return keyStore;
    }

    private void generateRandomIV(SharedPreferences sharedPreferences) {
        if (TextUtils.isEmpty(sharedPreferences.getString(KEY_GENERATED_IV, null))) {
            zzay$$ExternalSyntheticOutline0.m(sharedPreferences, KEY_GENERATED_IV, Base64.encodeToString(new SecureRandom().generateSeed(this.mKeystoreDelegate.supportedIVLength()), 0));
        }
    }

    private KeyStore obtainKeyStore() throws Exception {
        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
        keyStore.load(null);
        return keyStore;
    }

    public String decrypt(SharedPreferences sharedPreferences, String str) throws Exception {
        return new String(this.mKeystoreDelegate.createDecryptCipher(sharedPreferences, this.mKeyStore, sharedPreferences.getString(KEY_GENERATED_IV, null)).doFinal(Base64.decode(str.getBytes(UTF_8), 0)));
    }

    public String encrypt(SharedPreferences sharedPreferences, String str) throws Exception {
        return Base64.encodeToString(this.mKeystoreDelegate.createEncryptCipher(sharedPreferences, this.mKeyStore, sharedPreferences.getString(KEY_GENERATED_IV, null)).doFinal(str.getBytes(UTF_8)), 0);
    }

    public void resetVault(Context context, SharedPreferences sharedPreferences) throws Exception {
        this.mKeystoreDelegate.destroyEncryptionKey(context, sharedPreferences, this.mKeyStore);
        generateEncryptionKey(context, sharedPreferences, this.mKeyStore);
        generateRandomIV(sharedPreferences);
        this.mKeystoreDelegate.initAesKey(sharedPreferences, this.mKeyStore);
    }

    public void validateKeyStoreIntegrity(SharedPreferences sharedPreferences) throws Exception {
        this.mKeystoreDelegate.ensureWorkingEncryptionKey(sharedPreferences, this.mKeyStore);
    }
}
