package com.fanatics.android_fanatics_sdk3.security.crypto;

import android.security.KeyPairGeneratorSpec;
import android.support.annotation.NonNull;
import android.util.Base64;
import com.fanatics.android_fanatics_sdk3.managers.FanaticsContextManager;
import com.fanatics.android_fanatics_sdk3.security.FanaticsStorageVault;
import com.fanatics.android_fanatics_sdk3.security.crypto.FanaticsKeyGenerator;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class PreMarshmallowKeyGen extends FanaticsKeyGenerator {
    private static final String CIPHER_TRANSFORMATION_RSA = "RSA/ECB/PKCS1Padding";
    private static final String ENCRYPTED_KEY_NAME = "FanaticsRSAEncryptedKey";
    private static final String KEYSTORE_ALGORITHM_RSA = "RSA";
    private static final String KEY_GENERATOR_ALGORITHM_AES = "AES";
    private static final String SSL_PROVIDER = "AndroidOpenSSL";
    private static final String SUBJECT = "CN=FanaticsKeyStoreKey";

    /* JADX INFO: Access modifiers changed from: package-private */
    public PreMarshmallowKeyGen(FanaticsStorageVault fanaticsStorageVault) {
        super(fanaticsStorageVault);
    }

    private byte[] generateAESKey() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private void generateAndSaveAESKeyToVaultUsingKeyPair() {
        putAESKey(getInitializedRSACipher(1, getKeyStoreEntry().getCertificate().getPublicKey()), generateAESKey());
    }

    private void generateKeyPairForKeyStore() {
        KeyPairGeneratorSpec keyPairGeneratorSpec = getKeyPairGeneratorSpec();
        KeyPairGenerator keyPairGeneratorInstance = getKeyPairGeneratorInstance();
        initializeKeyPairGenerator(keyPairGeneratorSpec, keyPairGeneratorInstance);
        keyPairGeneratorInstance.generateKeyPair();
    }

    private Cipher getInitializedRSACipher(int i, Key key) {
        Cipher rSACipherInstance = getRSACipherInstance();
        initializeCipher(i, key, rSACipherInstance);
        return rSACipherInstance;
    }

    private KeyPairGenerator getKeyPairGeneratorInstance() {
        try {
            return KeyPairGenerator.getInstance(KEYSTORE_ALGORITHM_RSA, "AndroidKeyStore");
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new FanaticsKeyGenerator.FanaticsSecurityException("Failed to generate key", e);
        }
    }

    @NonNull
    private KeyPairGeneratorSpec getKeyPairGeneratorSpec() {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 1);
        return new KeyPairGeneratorSpec.Builder(FanaticsContextManager.getApplicationContext()).setAlias("FanaticsKeyStoreKey").setSubject(new X500Principal(SUBJECT)).setSerialNumber(new BigInteger(128, new SecureRandom())).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
    }

    private KeyStore.PrivateKeyEntry getKeyStoreEntry() {
        try {
            return (KeyStore.PrivateKeyEntry) this.keyStore.getEntry("FanaticsKeyStoreKey", null);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
            throw new FanaticsKeyGenerator.FanaticsSecurityException("Unable to get PrivateKeyEntry from KeyStore", e);
        }
    }

    private Cipher getRSACipherInstance() {
        try {
            return Cipher.getInstance(CIPHER_TRANSFORMATION_RSA, SSL_PROVIDER);
        } catch (NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException e) {
            throw new FanaticsKeyGenerator.FanaticsSecurityException("Unable to get instance of RSA cipher", e);
        }
    }

    private void initializeCipher(int i, Key key, Cipher cipher) {
        try {
            cipher.init(i, key);
        } catch (InvalidKeyException e) {
            throw new FanaticsKeyGenerator.FanaticsSecurityException("Unable to initialize RSA cipher", e);
        }
    }

    private void initializeKeyPairGenerator(KeyPairGeneratorSpec keyPairGeneratorSpec, KeyPairGenerator keyPairGenerator) {
        try {
            keyPairGenerator.initialize(keyPairGeneratorSpec);
        } catch (InvalidAlgorithmParameterException e) {
            throw new FanaticsKeyGenerator.FanaticsSecurityException("Failed to generate key", e);
        }
    }

    private void putAESKey(Cipher cipher, byte[] bArr) {
        if (!this.storageVault.encryptAndPutData(ENCRYPTED_KEY_NAME, cipher, Base64.encodeToString(bArr, 0))) {
            throw new FanaticsKeyGenerator.FanaticsSecurityException("Unable to save encrypted key");
        }
    }

    private boolean shouldInitializeForKeyStore() {
        try {
            return !this.keyStore.containsAlias("FanaticsKeyStoreKey");
        } catch (KeyStoreException e) {
            throw new FanaticsKeyGenerator.FanaticsSecurityException("Unable to locate key in Keystore", e);
        }
    }

    @Override // com.fanatics.android_fanatics_sdk3.security.crypto.FanaticsKeyGenerator
    public SecretKey getSecretKey() {
        return new SecretKeySpec(Base64.decode(this.storageVault.getAndDecryptData(ENCRYPTED_KEY_NAME, getInitializedRSACipher(2, getKeyStoreEntry().getPrivateKey())), 0), KEY_GENERATOR_ALGORITHM_AES);
    }

    @Override // com.fanatics.android_fanatics_sdk3.security.crypto.FanaticsKeyGenerator
    void initializeKey() {
        if (shouldInitializeForKeyStore()) {
            generateKeyPairForKeyStore();
        }
        generateAndSaveAESKeyToVaultUsingKeyPair();
    }

    @Override // com.fanatics.android_fanatics_sdk3.security.crypto.FanaticsKeyGenerator
    boolean shouldInitializeKey() {
        return shouldInitializeForKeyStore() || (this.storageVault.containsKey(ENCRYPTED_KEY_NAME) ^ true);
    }
}
