package de.exaring.waipu.data.helper;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import de.exaring.waipu.data.preferences.SharedPreferencesHelper;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kk.g;
import kk.i;
import kotlin.Metadata;
import kotlin.jvm.internal.i0;
import kotlin.jvm.internal.n;
import org.joda.time.DateTime;
import timber.log.Timber;

@Metadata(bv = {}, d1 = {"\u0000<\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0010\u0012\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u000b\b\u0007\u0018\u0000 \u001d2\u00020\u0001:\u0003\u001d\u001e\u001fB\u0019\b\u0007\u0012\u0006\u0010\u0010\u001a\u00020\u000f\u0012\u0006\u0010\u0013\u001a\u00020\u0012¢\u0006\u0004\b\u001b\u0010\u001cJ\u0010\u0010\u0004\u001a\u00020\u00022\u0006\u0010\u0003\u001a\u00020\u0002H\u0002J\u0012\u0010\u0006\u001a\u0004\u0018\u00010\u00022\u0006\u0010\u0005\u001a\u00020\u0002H\u0002J\b\u0010\b\u001a\u00020\u0007H\u0002J\b\u0010\n\u001a\u00020\tH\u0007J\u0012\u0010\f\u001a\u0004\u0018\u00010\u000b2\u0006\u0010\u0003\u001a\u00020\u0002H\u0007J\u001a\u0010\u000e\u001a\u00020\u00022\b\u0010\u0005\u001a\u0004\u0018\u00010\u00022\u0006\u0010\r\u001a\u00020\u0002H\u0007R\u0014\u0010\u0010\u001a\u00020\u000f8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0010\u0010\u0011R\u0014\u0010\u0013\u001a\u00020\u00128\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0013\u0010\u0014R\u001b\u0010\u001a\u001a\u00020\u00158BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\u0016\u0010\u0017\u001a\u0004\b\u0018\u0010\u0019¨\u0006 "}, d2 = {"Lde/exaring/waipu/data/helper/KeyStoreHelper;", "", "", "clearText", "encrypt", "cipherTextBase64", "decrypt", "", "generateSymmetricKey", "", "generateKeys", "Lde/exaring/waipu/data/helper/KeyStoreHelper$EncryptionResult;", "encryptUsingSymmetricEncryption", "symmetricKey", "decryptUsingSymmetricEncryption", "Landroid/content/Context;", "context", "Landroid/content/Context;", "Lde/exaring/waipu/data/preferences/SharedPreferencesHelper;", "sharedPreferencesHelper", "Lde/exaring/waipu/data/preferences/SharedPreferencesHelper;", "Ljava/security/KeyStore;", "keyStore$delegate", "Lkk/g;", "getKeyStore", "()Ljava/security/KeyStore;", "keyStore", "<init>", "(Landroid/content/Context;Lde/exaring/waipu/data/preferences/SharedPreferencesHelper;)V", "Companion", "CorruptedKeyStoreMigration", "EncryptionResult", "app_clientGoogleProdRelease"}, k = 1, mv = {1, 6, 0})
/* loaded from: classes2.dex */
public final class KeyStoreHelper {
    private static final String ALIAS = "tvf_key";
    private static final String CIPHER = "RSA/ECB/PKCS1Padding";
    private static final String CIPHER_AES = "AES";
    private static final String ENCODING = "UTF-8";
    private static final String KEYSTORE = "AndroidKeyStore";
    private static final String KEY_ALGORITHM = "RSA";
    private static final String MODE_AES = "AES/ECB/PKCS7Padding";
    private final Context context;

    /* renamed from: keyStore$delegate, reason: from kotlin metadata */
    private final g keyStore;
    private final SharedPreferencesHelper sharedPreferencesHelper;
    public static final int $stable = 8;

    @Metadata(bv = {}, d1 = {"\u00000\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0005\b\u0007\u0018\u00002\u00020\u0001B\u001f\u0012\u0006\u0010\u0006\u001a\u00020\u0005\u0012\u0006\u0010\t\u001a\u00020\b\u0012\u0006\u0010\f\u001a\u00020\u000b¢\u0006\u0004\b\u0011\u0010\u0012J\u0006\u0010\u0003\u001a\u00020\u0002J\u0006\u0010\u0004\u001a\u00020\u0002R\u0014\u0010\u0006\u001a\u00020\u00058\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0006\u0010\u0007R\u0014\u0010\t\u001a\u00020\b8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\t\u0010\nR\u0014\u0010\f\u001a\u00020\u000b8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\f\u0010\rR\u0016\u0010\u000f\u001a\u00020\u000e8\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b\u000f\u0010\u0010¨\u0006\u0013"}, d2 = {"Lde/exaring/waipu/data/helper/KeyStoreHelper$CorruptedKeyStoreMigration;", "", "Lkk/v;", "migratePlainRefreshTokenIfNeeded", "deleteCorruptedKeyInKeyStore", "Lde/exaring/waipu/data/helper/KeyStoreHelper;", "keyStoreHelper", "Lde/exaring/waipu/data/helper/KeyStoreHelper;", "Lde/exaring/waipu/data/preferences/SharedPreferencesHelper;", "sharedPreferencesHelper", "Lde/exaring/waipu/data/preferences/SharedPreferencesHelper;", "Ljava/security/KeyStore;", "keyStore", "Ljava/security/KeyStore;", "", "migrationNeeded", "Z", "<init>", "(Lde/exaring/waipu/data/helper/KeyStoreHelper;Lde/exaring/waipu/data/preferences/SharedPreferencesHelper;Ljava/security/KeyStore;)V", "app_clientGoogleProdRelease"}, k = 1, mv = {1, 6, 0})
    /* loaded from: classes2.dex */
    public static final class CorruptedKeyStoreMigration {
        public static final int $stable = 8;
        private final KeyStore keyStore;
        private final KeyStoreHelper keyStoreHelper;
        private boolean migrationNeeded;
        private final SharedPreferencesHelper sharedPreferencesHelper;

        public CorruptedKeyStoreMigration(KeyStoreHelper keyStoreHelper, SharedPreferencesHelper sharedPreferencesHelper, KeyStore keyStore) {
            n.f(keyStoreHelper, "keyStoreHelper");
            n.f(sharedPreferencesHelper, "sharedPreferencesHelper");
            n.f(keyStore, "keyStore");
            this.keyStoreHelper = keyStoreHelper;
            this.sharedPreferencesHelper = sharedPreferencesHelper;
            this.keyStore = keyStore;
        }

        public final void deleteCorruptedKeyInKeyStore() {
            if (this.keyStore.containsAlias(KeyStoreHelper.ALIAS) && this.keyStore.getCertificate(KeyStoreHelper.ALIAS) == null) {
                Timber.Companion companion = Timber.INSTANCE;
                companion.w("CorruptedKeyStoreMigration: delete corrupted RSA key from keystore", new Object[0]);
                this.keyStore.deleteEntry(KeyStoreHelper.ALIAS);
                if (this.sharedPreferencesHelper.getBooleanPreference(SharedPreferencesHelper.REFRESH_TOKEN_PLAIN_ONLY_MODE)) {
                    companion.i("CorruptedKeyStoreMigration: try refresh token plain only mode migration in the next iteration", new Object[0]);
                    this.migrationNeeded = true;
                }
            }
        }

        public final void migratePlainRefreshTokenIfNeeded() {
            String stringPreference;
            if (this.migrationNeeded && this.sharedPreferencesHelper.getBooleanPreference(SharedPreferencesHelper.REFRESH_TOKEN_PLAIN_ONLY_MODE) && (stringPreference = this.sharedPreferencesHelper.getStringPreference(SharedPreferencesHelper.REFRESH_TOKEN_PLAIN)) != null) {
                EncryptionResult encryptUsingSymmetricEncryption = this.keyStoreHelper.encryptUsingSymmetricEncryption(stringPreference);
                if ((encryptUsingSymmetricEncryption == null ? null : encryptUsingSymmetricEncryption.getEncryptedBase64Encoded()) != null) {
                    this.sharedPreferencesHelper.storeStringPreference(SharedPreferencesHelper.REFRESH_TOKEN, encryptUsingSymmetricEncryption.getEncryptedBase64Encoded());
                    this.sharedPreferencesHelper.storeStringPreference(SharedPreferencesHelper.REFRESH_TOKEN_ENCRYPTION_KEY, encryptUsingSymmetricEncryption.getEncryptedSymmetricKey());
                    this.sharedPreferencesHelper.removePreference(SharedPreferencesHelper.REFRESH_TOKEN_PLAIN);
                    this.sharedPreferencesHelper.removePreference(SharedPreferencesHelper.REFRESH_TOKEN_PLAIN_ONLY_MODE);
                    Timber.INSTANCE.w("CorruptedKeyStoreMigration: successful", new Object[0]);
                    return;
                }
                this.sharedPreferencesHelper.storeBooleanPreference(SharedPreferencesHelper.REFRESH_TOKEN_PLAIN_ONLY_MODE, true);
                this.sharedPreferencesHelper.storeStringPreference(SharedPreferencesHelper.REFRESH_TOKEN_PLAIN, stringPreference);
                this.sharedPreferencesHelper.removePreference(SharedPreferencesHelper.REFRESH_TOKEN);
                this.sharedPreferencesHelper.removePreference(SharedPreferencesHelper.REFRESH_TOKEN_ENCRYPTION_KEY);
                Timber.INSTANCE.e("CorruptedKeyStoreMigration: failed", new Object[0]);
            }
        }
    }

    @Metadata(d1 = {"\u0000\"\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0010\u000e\n\u0002\b\t\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010\b\n\u0002\b\u0002\b\u0087\b\u0018\u00002\u00020\u0001B\u0017\u0012\b\u0010\u0002\u001a\u0004\u0018\u00010\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0003¢\u0006\u0002\u0010\u0005J\u000b\u0010\t\u001a\u0004\u0018\u00010\u0003HÆ\u0003J\t\u0010\n\u001a\u00020\u0003HÆ\u0003J\u001f\u0010\u000b\u001a\u00020\u00002\n\b\u0002\u0010\u0002\u001a\u0004\u0018\u00010\u00032\b\b\u0002\u0010\u0004\u001a\u00020\u0003HÆ\u0001J\u0013\u0010\f\u001a\u00020\r2\b\u0010\u000e\u001a\u0004\u0018\u00010\u0001HÖ\u0003J\t\u0010\u000f\u001a\u00020\u0010HÖ\u0001J\t\u0010\u0011\u001a\u00020\u0003HÖ\u0001R\u0013\u0010\u0002\u001a\u0004\u0018\u00010\u0003¢\u0006\b\n\u0000\u001a\u0004\b\u0006\u0010\u0007R\u0011\u0010\u0004\u001a\u00020\u0003¢\u0006\b\n\u0000\u001a\u0004\b\b\u0010\u0007¨\u0006\u0012"}, d2 = {"Lde/exaring/waipu/data/helper/KeyStoreHelper$EncryptionResult;", "", "encryptedBase64Encoded", "", "encryptedSymmetricKey", "(Ljava/lang/String;Ljava/lang/String;)V", "getEncryptedBase64Encoded", "()Ljava/lang/String;", "getEncryptedSymmetricKey", "component1", "component2", "copy", "equals", "", "other", "hashCode", "", "toString", "app_clientGoogleProdRelease"}, k = 1, mv = {1, 6, 0}, xi = 48)
    /* loaded from: classes2.dex */
    public static final /* data */ class EncryptionResult {
        public static final int $stable = 0;
        private final String encryptedBase64Encoded;
        private final String encryptedSymmetricKey;

        public EncryptionResult(String str, String encryptedSymmetricKey) {
            n.f(encryptedSymmetricKey, "encryptedSymmetricKey");
            this.encryptedBase64Encoded = str;
            this.encryptedSymmetricKey = encryptedSymmetricKey;
        }

        public static /* synthetic */ EncryptionResult copy$default(EncryptionResult encryptionResult, String str, String str2, int i10, Object obj) {
            if ((i10 & 1) != 0) {
                str = encryptionResult.encryptedBase64Encoded;
            }
            if ((i10 & 2) != 0) {
                str2 = encryptionResult.encryptedSymmetricKey;
            }
            return encryptionResult.copy(str, str2);
        }

        /* renamed from: component1, reason: from getter */
        public final String getEncryptedBase64Encoded() {
            return this.encryptedBase64Encoded;
        }

        /* renamed from: component2, reason: from getter */
        public final String getEncryptedSymmetricKey() {
            return this.encryptedSymmetricKey;
        }

        public final EncryptionResult copy(String encryptedBase64Encoded, String encryptedSymmetricKey) {
            n.f(encryptedSymmetricKey, "encryptedSymmetricKey");
            return new EncryptionResult(encryptedBase64Encoded, encryptedSymmetricKey);
        }

        public boolean equals(Object other) {
            if (this == other) {
                return true;
            }
            if (!(other instanceof EncryptionResult)) {
                return false;
            }
            EncryptionResult encryptionResult = (EncryptionResult) other;
            return n.b(this.encryptedBase64Encoded, encryptionResult.encryptedBase64Encoded) && n.b(this.encryptedSymmetricKey, encryptionResult.encryptedSymmetricKey);
        }

        public final String getEncryptedBase64Encoded() {
            return this.encryptedBase64Encoded;
        }

        public final String getEncryptedSymmetricKey() {
            return this.encryptedSymmetricKey;
        }

        public int hashCode() {
            String str = this.encryptedBase64Encoded;
            return ((str == null ? 0 : str.hashCode()) * 31) + this.encryptedSymmetricKey.hashCode();
        }

        public String toString() {
            return "EncryptionResult(encryptedBase64Encoded=" + ((Object) this.encryptedBase64Encoded) + ", encryptedSymmetricKey=" + this.encryptedSymmetricKey + ')';
        }
    }

    public KeyStoreHelper(Context context, SharedPreferencesHelper sharedPreferencesHelper) {
        g b10;
        n.f(context, "context");
        n.f(sharedPreferencesHelper, "sharedPreferencesHelper");
        this.context = context;
        this.sharedPreferencesHelper = sharedPreferencesHelper;
        b10 = i.b(KeyStoreHelper$keyStore$2.INSTANCE);
        this.keyStore = b10;
    }

    private final String decrypt(String cipherTextBase64) throws Exception {
        try {
            if (!getKeyStore().containsAlias(ALIAS)) {
                Timber.INSTANCE.e("Could not decrypt text: KeyStore alias doesn't exist.", new Object[0]);
                return null;
            }
            if (cipherTextBase64.length() == 0) {
                return "";
            }
            Key key = getKeyStore().getKey(ALIAS, null);
            if (key == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.PrivateKey");
            }
            Cipher cipher = Cipher.getInstance(CIPHER);
            cipher.init(2, (PrivateKey) key);
            byte[] bytes = cipher.doFinal(Base64.decode(cipherTextBase64, 0));
            n.e(bytes, "bytes");
            Charset forName = Charset.forName("UTF-8");
            n.e(forName, "forName(ENCODING)");
            return new String(bytes, forName);
        } catch (Exception e10) {
            Timber.INSTANCE.w(e10, "Could not decrypt text: Error while decrypting cipher text.", new Object[0]);
            throw e10;
        }
    }

    private final String encrypt(String clearText) throws Exception {
        String encodeToString;
        try {
            if (!getKeyStore().containsAlias(ALIAS)) {
                Timber.INSTANCE.e("Could not encrypt text: KeyStore alias doesn't exist.", new Object[0]);
                throw new KeyStoreException();
            }
            if (clearText.length() == 0) {
                encodeToString = "";
            } else {
                PublicKey publicKey = getKeyStore().getCertificate(ALIAS).getPublicKey();
                if (publicKey == null) {
                    throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.RSAPublicKey");
                }
                Cipher cipher = Cipher.getInstance(CIPHER);
                cipher.init(1, (RSAPublicKey) publicKey);
                Charset forName = Charset.forName("UTF-8");
                n.e(forName, "forName(charsetName)");
                byte[] bytes = clearText.getBytes(forName);
                n.e(bytes, "this as java.lang.String).getBytes(charset)");
                encodeToString = Base64.encodeToString(cipher.doFinal(bytes), 0);
            }
            n.e(encodeToString, "{\n            when {\n   …}\n            }\n        }");
            return encodeToString;
        } catch (Exception e10) {
            Timber.INSTANCE.e(e10, "Could not encrypt text: Error while encrypting clear text.", new Object[0]);
            throw e10;
        }
    }

    private final byte[] generateSymmetricKey() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private final KeyStore getKeyStore() {
        Object value = this.keyStore.getValue();
        n.e(value, "<get-keyStore>(...)");
        return (KeyStore) value;
    }

    @SuppressLint({"GetInstance"})
    public final String decryptUsingSymmetricEncryption(String cipherTextBase64, String symmetricKey) throws Exception {
        n.f(symmetricKey, "symmetricKey");
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(Base64.decode(decrypt(symmetricKey), 0), CIPHER_AES);
            Cipher cipher = Cipher.getInstance(MODE_AES);
            cipher.init(2, secretKeySpec);
            byte[] decryptedBytes = cipher.doFinal(Base64.decode(cipherTextBase64, 0));
            n.e(decryptedBytes, "decryptedBytes");
            Charset forName = Charset.forName("UTF-8");
            n.e(forName, "forName(ENCODING)");
            return new String(decryptedBytes, forName);
        } catch (Exception e10) {
            Timber.INSTANCE.w(e10, "Could not decrypt text using symmetric encryption: Error while decrypting cipher text.", new Object[0]);
            throw e10;
        }
    }

    @SuppressLint({"GetInstance"})
    public final EncryptionResult encryptUsingSymmetricEncryption(String clearText) {
        n.f(clearText, "clearText");
        try {
            byte[] generateSymmetricKey = generateSymmetricKey();
            SecretKeySpec secretKeySpec = new SecretKeySpec(generateSymmetricKey, CIPHER_AES);
            Cipher cipher = Cipher.getInstance(MODE_AES);
            cipher.init(1, secretKeySpec);
            Charset forName = Charset.forName("UTF-8");
            n.e(forName, "forName(charsetName)");
            byte[] bytes = clearText.getBytes(forName);
            n.e(bytes, "this as java.lang.String).getBytes(charset)");
            String encodeToString = Base64.encodeToString(cipher.doFinal(bytes), 0);
            String encodeToString2 = Base64.encodeToString(generateSymmetricKey, 0);
            n.e(encodeToString2, "encodeToString(symmetricKey, Base64.DEFAULT)");
            return new EncryptionResult(encodeToString, encrypt(encodeToString2));
        } catch (Exception e10) {
            Timber.INSTANCE.e(e10, "Could not encrypt text: Error while encrypting cipher text.", new Object[0]);
            return null;
        }
    }

    @SuppressLint({"NewApi"})
    public final boolean generateKeys() {
        KeyPairGenerator keyPairGenerator;
        try {
            CorruptedKeyStoreMigration corruptedKeyStoreMigration = new CorruptedKeyStoreMigration(this, this.sharedPreferencesHelper, getKeyStore());
            corruptedKeyStoreMigration.deleteCorruptedKeyInKeyStore();
            if (getKeyStore().containsAlias(ALIAS)) {
                return true;
            }
            if (Build.VERSION.SDK_INT >= 23) {
                keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM, KEYSTORE);
                keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(ALIAS, 3).setEncryptionPaddings("PKCS1Padding").build());
                n.e(keyPairGenerator, "{\n                    Ke…      }\n                }");
            } else {
                keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM, KEYSTORE);
                KeyPairGeneratorSpec.Builder alias = new KeyPairGeneratorSpec.Builder(this.context).setAlias(ALIAS);
                i0 i0Var = i0.f20178a;
                String format = String.format("CN=%s, OU=%s", Arrays.copyOf(new Object[]{ALIAS, this.context.getPackageName()}, 2));
                n.e(format, "format(format, *args)");
                keyPairGenerator.initialize(alias.setSubject(new X500Principal(format)).setSerialNumber(BigInteger.ONE).setStartDate(DateTime.now().toDate()).setEndDate(DateTime.now().plusYears(10).toDate()).build());
                n.e(keyPairGenerator, "{\n                    Ke…      }\n                }");
            }
            keyPairGenerator.generateKeyPair();
            corruptedKeyStoreMigration.migratePlainRefreshTokenIfNeeded();
            return true;
        } catch (Exception e10) {
            Timber.INSTANCE.e(e10, "Could not generate keys.", new Object[0]);
            return false;
        }
    }
}
