package com.appunite.blocktrade.encryption;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.appunite.blocktrade.extensions.AndroidVersionExtensionsKt;
import com.appunite.blocktrade.extensions.LogExtensionsKt;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.inject.Inject;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: Secure.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000(\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\u0018\u0000 \u000e2\u00020\u0001:\u0002\u000e\u000fB\u0007\b\u0007¢\u0006\u0002\u0010\u0002J\u0012\u0010\u0003\u001a\u0004\u0018\u00010\u00042\b\u0010\u0005\u001a\u0004\u0018\u00010\u0004J\u0010\u0010\u0006\u001a\u00020\u00042\b\u0010\u0007\u001a\u0004\u0018\u00010\u0004J\u000e\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000bJ\b\u0010\f\u001a\u00020\rH\u0002¨\u0006\u0010"}, d2 = {"Lcom/appunite/blocktrade/encryption/Secure;", "", "()V", "decrypt", "", "value", "encrypt", "textToEncrypt", "generateKeyIfNeeded", "", "context", "Landroid/content/Context;", "getKeyStore", "Ljava/security/KeyStore;", "Companion", "NoPrivateKeyEntryGenerated", "app_clientReleaseProd"}, k = 1, mv = {1, 1, 16})
/* loaded from: classes.dex */
public final class Secure {
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String ENCRYPTION_KEY_ALIAS = "encryptionKeyAlias";
    private static final String PROVIDER_ANDROID_OPEN_SSL = "AndroidOpenSSL";
    private static final String TRANSFORMATION_NEW = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
    private static final String TRANSFORMATION_OLD = "RSA/ECB/PKCS1Padding";
    private static final Object LOCK = new Object();

    /* compiled from: Secure.kt */
    @Metadata(bv = {1, 0, 3}, d1 = {"\u0000\u0010\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\bÆ\u0002\u0018\u00002\u00060\u0001j\u0002`\u0002B\u0007\b\u0002¢\u0006\u0002\u0010\u0003¨\u0006\u0004"}, d2 = {"Lcom/appunite/blocktrade/encryption/Secure$NoPrivateKeyEntryGenerated;", "Ljava/lang/Exception;", "Lkotlin/Exception;", "()V", "app_clientReleaseProd"}, k = 1, mv = {1, 1, 16})
    /* loaded from: classes.dex */
    public static final class NoPrivateKeyEntryGenerated extends Exception {
        public static final NoPrivateKeyEntryGenerated INSTANCE = new NoPrivateKeyEntryGenerated();

        private NoPrivateKeyEntryGenerated() {
        }
    }

    @Inject
    public Secure() {
    }

    private final KeyStore getKeyStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore;
        synchronized (LOCK) {
            keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore.load(null);
            Intrinsics.checkExpressionValueIsNotNull(keyStore, "KeyStore.getInstance(AND…ORE).apply { load(null) }");
        }
        return keyStore;
    }

    @Nullable
    public final String decrypt(@Nullable String value) {
        byte[] decode;
        Cipher cipher;
        if (value != null && (decode = Base64.decode(value, 0)) != null) {
            try {
                KeyStore.Entry entry = getKeyStore().getEntry(ENCRYPTION_KEY_ALIAS, null);
                if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                    entry = null;
                }
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
                if (privateKeyEntry == null) {
                    throw NoPrivateKeyEntryGenerated.INSTANCE;
                }
                if (privateKeyEntry == null) {
                    Intrinsics.throwNpe();
                }
                PrivateKey privateKey = privateKeyEntry.getPrivateKey();
                if (AndroidVersionExtensionsKt.isAtLeastAndroidM()) {
                    cipher = Cipher.getInstance(TRANSFORMATION_NEW);
                    Intrinsics.checkExpressionValueIsNotNull(cipher, "Cipher.getInstance(TRANSFORMATION_NEW)");
                    cipher.init(2, privateKey, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
                } else {
                    cipher = Cipher.getInstance(TRANSFORMATION_OLD, PROVIDER_ANDROID_OPEN_SSL);
                    Intrinsics.checkExpressionValueIsNotNull(cipher, "Cipher.getInstance(TRANS…ROVIDER_ANDROID_OPEN_SSL)");
                    cipher.init(2, privateKey);
                }
                byte[] doFinal = cipher.doFinal(decode);
                Intrinsics.checkExpressionValueIsNotNull(doFinal, "cipher.doFinal(encryptedData)");
                return new String(doFinal, Charsets.UTF_8);
            } catch (Exception e) {
                LogExtensionsKt.logExceptionAndCrashlytics("Decryption exception: " + e + ' ' + e.getMessage());
            }
        }
        return null;
    }

    @NotNull
    public final String encrypt(@Nullable String textToEncrypt) {
        Cipher cipher;
        if (textToEncrypt == null) {
            String encodeToString = Base64.encodeToString(new byte[0], 0);
            Intrinsics.checkExpressionValueIsNotNull(encodeToString, "Base64.encodeToString(By…Array(0), Base64.DEFAULT)");
            return encodeToString;
        }
        try {
            KeyStore.Entry entry = null;
            KeyStore.Entry entry2 = getKeyStore().getEntry(ENCRYPTION_KEY_ALIAS, null);
            if (entry2 instanceof KeyStore.PrivateKeyEntry) {
                entry = entry2;
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            if (privateKeyEntry == null) {
                throw NoPrivateKeyEntryGenerated.INSTANCE;
            }
            if (privateKeyEntry == null) {
                Intrinsics.throwNpe();
            }
            Certificate certificate = privateKeyEntry.getCertificate();
            Intrinsics.checkExpressionValueIsNotNull(certificate, "privateKeyEntry!!.certificate");
            PublicKey publicKey = certificate.getPublicKey();
            if (AndroidVersionExtensionsKt.isAtLeastAndroidM()) {
                cipher = Cipher.getInstance(TRANSFORMATION_NEW);
                Intrinsics.checkExpressionValueIsNotNull(cipher, "Cipher.getInstance(TRANSFORMATION_NEW)");
                cipher.init(1, publicKey, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
            } else {
                cipher = Cipher.getInstance(TRANSFORMATION_OLD, PROVIDER_ANDROID_OPEN_SSL);
                Intrinsics.checkExpressionValueIsNotNull(cipher, "Cipher.getInstance(TRANS…ROVIDER_ANDROID_OPEN_SSL)");
                cipher.init(1, publicKey);
            }
            byte[] bytes = textToEncrypt.getBytes(Charsets.UTF_8);
            Intrinsics.checkExpressionValueIsNotNull(bytes, "(this as java.lang.String).getBytes(charset)");
            String encodeToString2 = Base64.encodeToString(cipher.doFinal(bytes), 0);
            Intrinsics.checkExpressionValueIsNotNull(encodeToString2, "Base64.encodeToString(ci…Array()), Base64.DEFAULT)");
            return encodeToString2;
        } catch (Exception e) {
            LogExtensionsKt.logExceptionAndCrashlytics("Encryption exception: " + e + ' ' + e.getMessage());
            String encodeToString3 = Base64.encodeToString(new byte[0], 0);
            Intrinsics.checkExpressionValueIsNotNull(encodeToString3, "Base64.encodeToString(By…Array(0), Base64.DEFAULT)");
            return encodeToString3;
        }
    }

    public final void generateKeyIfNeeded(@NotNull Context context) {
        AlgorithmParameterSpec build;
        Intrinsics.checkParameterIsNotNull(context, "context");
        try {
            if (getKeyStore().containsAlias(ENCRYPTION_KEY_ALIAS)) {
                return;
            }
            if (AndroidVersionExtensionsKt.isAtLeastAndroidM()) {
                build = new KeyGenParameterSpec.Builder(ENCRYPTION_KEY_ALIAS, 3).setDigests("SHA-256", "SHA-512").setEncryptionPaddings("OAEPPadding").build();
                Intrinsics.checkExpressionValueIsNotNull(build, "KeyGenParameterSpec.Buil…                 .build()");
            } else {
                Calendar start = Calendar.getInstance();
                Calendar end = Calendar.getInstance();
                end.add(1, 1);
                KeyPairGeneratorSpec.Builder serialNumber = new KeyPairGeneratorSpec.Builder(context).setAlias(ENCRYPTION_KEY_ALIAS).setSubject(new X500Principal("CN=Sample Name, O=Android Authority")).setSerialNumber(BigInteger.ONE);
                Intrinsics.checkExpressionValueIsNotNull(start, "start");
                KeyPairGeneratorSpec.Builder startDate = serialNumber.setStartDate(start.getTime());
                Intrinsics.checkExpressionValueIsNotNull(end, "end");
                build = startDate.setEndDate(end.getTime()).build();
                Intrinsics.checkExpressionValueIsNotNull(build, "KeyPairGeneratorSpec.Bui…                 .build()");
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEY_STORE);
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            if ((e instanceof NoSuchAlgorithmException) || (e instanceof NoSuchProviderException) || (e instanceof InvalidAlgorithmParameterException) || (e instanceof KeyStoreException) || (e instanceof CertificateException)) {
                return;
            }
            throw new RuntimeException("Not handled key generation exception: " + e + ' ' + e.getMessage());
        }
    }
}
