package com.symantec.internal.keystore;

import android.content.Context;
import android.content.SharedPreferences;
import android.content.res.Configuration;
import android.content.res.Resources;
import android.os.AsyncTask;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.symantec.symlog.SymLog;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
class KeyStoreHelper {
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String PREF_NAME = "KeyStoreHelper";
    private static final String TAG = "KeyStoreHelper";
    private final KeyStore mAndroidKeyStore = loadKeyStore();
    private final SymmetricCipherConfig mConfig;
    private final Context mContext;
    private final SharedPreferences mSp;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class RsaKeyGenerator extends AsyncTask<Void, Void, KeyPair> {
        static final String ALGORITHM = "RSA";
        static final String BLOCK_MODE = "NONE";
        static final String PADDING = "PKCS1Padding";
        private static List<RsaKeyGenerator> sRsaKeyGenerators = new ArrayList();
        private final String mAlias;
        private Callback mCallback;
        private final Context mContext;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: classes2.dex */
        public interface Callback {
            void onGenerateResponse(String str, KeyPair keyPair);
        }

        private RsaKeyGenerator(Context context, String str) {
            this.mContext = context;
            this.mAlias = str;
        }

        private KeyPair generateKeyPair() {
            try {
                GregorianCalendar gregorianCalendar = new GregorianCalendar();
                GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
                gregorianCalendar2.add(1, 50);
                KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.mContext).setAlias(this.mAlias).setSubject(new X500Principal("CN=" + this.mAlias)).setSerialNumber(BigInteger.valueOf(Math.abs(this.mAlias.hashCode()))).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build();
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM, KeyStoreHelper.ANDROID_KEY_STORE);
                keyPairGenerator.initialize(build);
                return keyPairGenerator.generateKeyPair();
            } catch (IllegalStateException | NullPointerException | GeneralSecurityException e) {
                SymLog.e("KeyStoreHelper", "An exception occurs when generating RSA key pair.", e);
                return null;
            }
        }

        static RsaKeyGenerator get(Context context, String str) {
            RsaKeyGenerator rsaKeyGenerator;
            int i = 0;
            while (true) {
                if (i >= sRsaKeyGenerators.size()) {
                    rsaKeyGenerator = null;
                    break;
                }
                if (sRsaKeyGenerators.get(i).getAlias().equals(str)) {
                    rsaKeyGenerator = sRsaKeyGenerators.get(i);
                    break;
                }
                i++;
            }
            if (rsaKeyGenerator != null) {
                return rsaKeyGenerator;
            }
            RsaKeyGenerator rsaKeyGenerator2 = new RsaKeyGenerator(context, str);
            sRsaKeyGenerators.add(rsaKeyGenerator2);
            return rsaKeyGenerator2;
        }

        static boolean release(String str, boolean z) {
            Iterator<RsaKeyGenerator> it = sRsaKeyGenerators.iterator();
            while (it.hasNext()) {
                RsaKeyGenerator next = it.next();
                if (next.getAlias().equals(str)) {
                    if (z) {
                        next.cancel(true);
                    }
                    it.remove();
                    return true;
                }
            }
            return false;
        }

        private void setDefaultLocale(Locale locale) {
            Locale.setDefault(locale);
            Resources resources = this.mContext.getResources();
            Configuration configuration = resources.getConfiguration();
            configuration.locale = locale;
            resources.updateConfiguration(configuration, resources.getDisplayMetrics());
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        public KeyPair doInBackground(Void... voidArr) {
            SymLog.d("KeyStoreHelper", "doInBackground: alias=" + this.mAlias);
            try {
                return generateKeyPair();
            } catch (IllegalArgumentException unused) {
                Locale locale = Locale.getDefault();
                setDefaultLocale(Locale.ENGLISH);
                KeyPair generateKeyPair = generateKeyPair();
                setDefaultLocale(locale);
                return generateKeyPair;
            }
        }

        void generate(Callback callback) {
            this.mCallback = callback;
            executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR, new Void[0]);
        }

        String getAlias() {
            return this.mAlias;
        }

        @Override // android.os.AsyncTask
        protected void onCancelled() {
            SymLog.d("KeyStoreHelper", "onCancelled: alias=" + this.mAlias);
            super.onCancelled();
            release(this.mAlias, false);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        public void onPostExecute(KeyPair keyPair) {
            SymLog.d("KeyStoreHelper", "onPostExecute: alias=" + this.mAlias);
            release(this.mAlias, false);
            this.mCallback.onGenerateResponse(this.mAlias, keyPair);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStoreHelper(Context context, SymmetricCipherConfig symmetricCipherConfig) throws GeneralSecurityException, IOException {
        this.mContext = context;
        this.mConfig = symmetricCipherConfig;
        this.mSp = context.getSharedPreferences("KeyStoreHelper", 0);
    }

    private byte[] getEncryptedKey(String str) {
        return Base64.decode(this.mSp.getString(getEncryptedPrefKey(str), null), 2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getEncryptedPrefKey(String str) {
        return "EncryptedSecretKey-" + str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] getPlaintextKey(String str) {
        return Base64.decode(this.mSp.getString(getPlaintextPrefKey(str), null), 2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getPlaintextPrefKey(String str) {
        return "PlaintextSecretKey-" + str;
    }

    private Key getSecretKeyJBMR2(String str) throws GeneralSecurityException {
        SecretKey generateKey;
        if (this.mSp.contains(getEncryptedPrefKey(str))) {
            KeyStore.Entry entry = this.mAndroidKeyStore.getEntry(str, null);
            if (entry != null && (entry instanceof KeyStore.PrivateKeyEntry)) {
                byte[] doFinal = new CipherBuilder().setAlgorithm("RSA").setBlockMode("NONE").setPadding("PKCS1Padding").setKey(((KeyStore.PrivateKeyEntry) entry).getPrivateKey()).toDecrypt().doFinal(getEncryptedKey(str));
                return new SecretKeySpec(doFinal, 0, doFinal.length, this.mConfig.getAlgorithm());
            }
            SymLog.e("KeyStoreHelper", "getSecretKeyJBMR2: keyEntry is null for " + str);
            return null;
        }
        if (this.mSp.contains(getPlaintextPrefKey(str))) {
            byte[] plaintextKey = getPlaintextKey(str);
            generateKey = new SecretKeySpec(plaintextKey, 0, plaintextKey.length, this.mConfig.getAlgorithm());
        } else {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(this.mConfig.getAlgorithm());
            keyGenerator.init(this.mConfig.getKeySize());
            generateKey = keyGenerator.generateKey();
            this.mSp.edit().putString(getPlaintextPrefKey(str), Base64.encodeToString(generateKey.getEncoded(), 2)).apply();
        }
        RsaKeyGenerator rsaKeyGenerator = RsaKeyGenerator.get(this.mContext, str);
        if (rsaKeyGenerator.getStatus() == AsyncTask.Status.PENDING) {
            rsaKeyGenerator.generate(new RsaKeyGenerator.Callback() { // from class: com.symantec.internal.keystore.KeyStoreHelper.1
                @Override // com.symantec.internal.keystore.KeyStoreHelper.RsaKeyGenerator.Callback
                public void onGenerateResponse(String str2, KeyPair keyPair) {
                    if (keyPair == null) {
                        SymLog.d("KeyStoreHelper", "onGenerateResponse: keyPair is null for " + str2);
                        return;
                    }
                    if (!KeyStoreHelper.this.mSp.contains(KeyStoreHelper.this.getPlaintextPrefKey(str2))) {
                        SymLog.d("KeyStoreHelper", "onGenerateResponse: skipping " + str2);
                        return;
                    }
                    try {
                        KeyStoreHelper.this.mSp.edit().remove(KeyStoreHelper.this.getPlaintextPrefKey(str2)).putString(KeyStoreHelper.this.getEncryptedPrefKey(str2), Base64.encodeToString(new CipherBuilder().setAlgorithm("RSA").setBlockMode("NONE").setPadding("PKCS1Padding").setKey(keyPair.getPublic()).toEncrypt().doFinal(KeyStoreHelper.this.getPlaintextKey(str2)), 2)).apply();
                        SymLog.d("KeyStoreHelper", "onPostExecute: encrypted key saved for " + str2);
                    } catch (GeneralSecurityException e) {
                        SymLog.w("KeyStoreHelper", "onPostExecute: " + e);
                    }
                }
            });
            SymLog.d("KeyStoreHelper", "getSecretKeyJBMR2: getStatus=" + rsaKeyGenerator.getStatus());
        }
        return generateKey;
    }

    private Key getSecretKeyM(String str) throws GeneralSecurityException {
        if (this.mAndroidKeyStore.containsAlias(str)) {
            return this.mAndroidKeyStore.getKey(str, null);
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance(this.mConfig.getAlgorithm(), ANDROID_KEY_STORE);
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes(this.mConfig.getBlockMode()).setEncryptionPaddings(this.mConfig.getPadding()).setRandomizedEncryptionRequired(false).setKeySize(this.mConfig.getKeySize()).build());
        return keyGenerator.generateKey();
    }

    private KeyStore loadKeyStore() throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
        keyStore.load(null);
        return keyStore;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deleteAlias(String str) throws GeneralSecurityException {
        KeyStore keyStore = this.mAndroidKeyStore;
        if (keyStore != null) {
            keyStore.deleteEntry(str);
        }
        this.mSp.edit().remove(getEncryptedPrefKey(str)).remove(getPlaintextPrefKey(str)).apply();
        RsaKeyGenerator.release(str, true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Key getSecretKey(String str) throws GeneralSecurityException {
        if (this.mAndroidKeyStore == null) {
            return null;
        }
        return isAndroidMorLater() ? getSecretKeyM(str) : getSecretKeyJBMR2(str);
    }

    boolean isAndroidMorLater() {
        return Build.VERSION.SDK_INT >= 23;
    }
}
