package dk.shape.cryptokid.encryption.crypto;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import com.google.android.gms.stats.CodePackage;
import dk.shape.cryptokid.encryption.CipherDecrypter;
import dk.shape.cryptokid.encryption.CipherEncrypter;
import dk.shape.cryptokid.encryption.framework.Crypto;
import java.io.Serializable;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes19.dex */
public class KeystoreCrypto implements Crypto {
    private final Algorithm algorithm;
    private String aliasPostfix = "";
    private final Context context;
    private final String x500DistinguishedName;

    /* loaded from: classes19.dex */
    public enum Algorithm {
        RSA("RSA", "SECURE_ENCRYPTION_KEY_RSA_", "RSA/ECB/PKCS1Padding", false),
        AES("AES", "SECURE_ENCRYPTION_KEY_AES_", "AES/GCM/NoPadding", true);

        private final String algorithm;
        private final String aliasPrefix;
        private final boolean symmetric;
        private final String transformation;

        Algorithm(String str, String str2, String str3, boolean z) {
            this.algorithm = str;
            this.aliasPrefix = str2;
            this.transformation = str3;
            this.symmetric = z;
        }
    }

    /* loaded from: classes19.dex */
    public static class DistinguishedNameBuilder {
        private String commonName;
        private String organisationName = "Shape";
        private String organisationUnit = "CryptoStore";
        private String x500DistinguishedName;

        public String build() {
            if (this.x500DistinguishedName == null) {
                ArrayList arrayList = new ArrayList();
                if (this.commonName != null) {
                    arrayList.add("CN=" + this.commonName);
                }
                if (this.organisationUnit != null) {
                    arrayList.add("OU=" + this.organisationUnit);
                }
                if (this.organisationName != null) {
                    arrayList.add("O=" + this.organisationName);
                }
                if (this.organisationName == null && this.commonName == null) {
                    throw new IllegalArgumentException("At least one of the properties commonName and organisationName have to have a value");
                }
                this.x500DistinguishedName = TextUtils.join(", ", arrayList);
            }
            return this.x500DistinguishedName;
        }

        public DistinguishedNameBuilder overrideX500DistinguishedName(String str) {
            this.x500DistinguishedName = str;
            return this;
        }

        public DistinguishedNameBuilder setCommonName(String str) {
            this.commonName = str;
            return this;
        }

        public DistinguishedNameBuilder setOrganisationName(String str) {
            this.organisationName = str;
            return this;
        }
    }

    public KeystoreCrypto(Context context, Algorithm algorithm, String str) {
        this.x500DistinguishedName = str;
        this.algorithm = algorithm;
        this.context = context;
    }

    private byte[] generateIV() {
        byte[] bArr = new byte[12];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private SecretKey generateKey(String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(this.algorithm.algorithm, "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setCertificateSubject(new X500Principal(this.x500DistinguishedName)).setCertificateSerialNumber(BigInteger.ONE).setKeySize(256).setBlockModes(CodePackage.GCM).setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build());
        return keyGenerator.generateKey();
    }

    private KeyPair generateKeyPair(String str, Context context) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.algorithm.algorithm, "AndroidKeyStore");
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 25);
        keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSubject(new X500Principal(this.x500DistinguishedName)).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).setSerialNumber(BigInteger.ONE).build());
        return keyPairGenerator.generateKeyPair();
    }

    @Override // dk.shape.cryptokid.encryption.framework.Crypto
    public <T extends Serializable> CipherDecrypter<T> decrypter(byte[] bArr) throws Crypto.CryptoException {
        return new CipherDecrypter<>(getCipher(2, bArr));
    }

    @Override // dk.shape.cryptokid.encryption.framework.Crypto
    public <T extends Serializable> CipherEncrypter<T> encrypter() throws Crypto.CryptoException {
        return new CipherEncrypter<>(getCipher(1, generateIV()));
    }

    SecretKey generateSecret(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        try {
            return new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(str.toCharArray(), new byte[]{0, 1, 2, 3, 4, 5, 6}, 100, 256)).getEncoded(), "AES");
        } catch (Exception e) {
            e.printStackTrace();
            throw e;
        }
    }

    Cipher getCipher(int i, byte[] bArr) throws Crypto.CryptoException {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (!keyStore.containsAlias(this.algorithm.aliasPrefix + this.aliasPostfix)) {
                if (this.algorithm.symmetric) {
                    generateKey(this.algorithm.aliasPrefix + this.aliasPostfix);
                } else {
                    generateKeyPair(this.algorithm.aliasPrefix + this.aliasPostfix, this.context);
                }
            }
            Cipher cipher = Cipher.getInstance(this.algorithm.transformation);
            if (this.algorithm.symmetric) {
                cipher.init(i, ((KeyStore.SecretKeyEntry) keyStore.getEntry(this.algorithm.aliasPrefix + this.aliasPostfix, null)).getSecretKey(), new GCMParameterSpec(128, bArr));
            } else {
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(this.algorithm.aliasPrefix + this.aliasPostfix, null);
                cipher.init(i, i == 1 ? (RSAPublicKey) privateKeyEntry.getCertificate().getPublicKey() : privateKeyEntry.getPrivateKey());
            }
            return cipher;
        } catch (Exception e) {
            throw new Crypto.CryptoException(e);
        }
    }

    @Override // dk.shape.cryptokid.encryption.framework.Crypto
    public boolean isInitialized() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            StringBuilder sb = new StringBuilder();
            sb.append(this.algorithm.aliasPrefix);
            sb.append(this.aliasPostfix);
            return keyStore.containsAlias(sb.toString());
        } catch (Exception e) {
            return false;
        }
    }

    @Override // dk.shape.cryptokid.encryption.framework.Crypto
    public void setAliasPostfix(String str) {
        this.aliasPostfix = str;
    }
}
