package com.ts.common.internal.core.encryption;

import android.content.Context;
import android.os.AsyncTask;
import android.os.Handler;
import android.util.Base64;
import androidx.annotation.MainThread;
import androidx.annotation.NonNull;
import com.ts.common.api.core.common.PreferencesStorage;
import com.ts.common.api.core.encryption.CryptographyProvider;
import com.ts.common.api.core.encryption.Encryptor;
import com.ts.common.api.core.encryption.MasterKeyException;
import com.ts.common.api.core.encryption.PrivateKeyNotFoundException;
import com.ts.common.internal.core.ErrorHandlerImpl;
import com.ts.common.internal.core.logger.Log;
import com.ts.org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.UUID;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: classes.dex */
public abstract class CommonStoreEncryptor extends PreferencesStorage implements Encryptor, CryptographyProvider {
    private static final String AES_ALGORITHM = "AES";
    protected static final String AES_CIPHER_ALGORITHM = "AES/CBC/PKCS7Padding";
    protected static final String AES_NO_INTEG_CIPHER_ALGORITHM = "AES/CBC/NoPadding";
    private static final String DELIMITER = "]";
    protected static final String MASTER_KEY_ALIAS_PREF_NAME = ".master_key.alias";
    protected static final String MASTER_KEY_GENERATION_TS_PREF_NAME = ".master_key.generated";
    protected static final int MASTER_KEY_SIZE = 256;
    private static final String MASTER_KEY_WRAPPED_PREF_NAME = ".master_key.wrapped";
    private static final String PREFS_ENCRYPTOR_FILE_NAME = "encryptor";
    protected static final String RSA_CIPHER_ALGORITHM = "RSA/ECB/OAEPPadding";
    protected static final int RSA_KEY_SIZE = 2048;
    protected static final String RSA_WRAP_CIPHER_ALGORITHM = "RSA/ECB/PKCS1Padding";
    private static final String TAG = Log.getLogTag(CommonStoreEncryptor.class);

    /* loaded from: classes.dex */
    private class GenerateKeysAsyncTask extends AsyncTask<Void, Void, KeyPair> {
        private ErrorHandlerImpl mError;
        private boolean mIsForEncryption;
        private KeyPairGenerator mKPG;
        private String mKeyID;
        private Encryptor.GenerateKeysListener mListener;
        private boolean mUserAuthenticationRequired;

        public GenerateKeysAsyncTask(@NonNull String str, @NonNull Encryptor.GenerateKeysListener generateKeysListener, boolean z, boolean z2) {
            this.mUserAuthenticationRequired = false;
            this.mIsForEncryption = false;
            this.mKeyID = str;
            this.mListener = generateKeysListener;
            this.mUserAuthenticationRequired = z;
            this.mIsForEncryption = z2;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        public KeyPair doInBackground(Void... voidArr) {
            try {
                return this.mIsForEncryption ? CommonStoreEncryptor.this.generateKeyPairForEncryption(this.mKPG, this.mKeyID) : CommonStoreEncryptor.this.generateKeyPair(this.mKPG, this.mKeyID);
            } catch (Exception e) {
                Log.e(CommonStoreEncryptor.TAG, "Failed to generate key pair", e);
                this.mError = new ErrorHandlerImpl(9, "Failed to generate key pair", e);
                return null;
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        public void onPostExecute(KeyPair keyPair) {
            if (keyPair == null) {
                this.mListener.onKeyGenerationFailure(this.mError);
            } else {
                this.mListener.onKeyGenerated(new Encryptor.PublicKeyData(Base64.encodeToString(keyPair.getPublic().getEncoded(), 2), keyPair.getPublic().getAlgorithm()));
            }
        }

        @Override // android.os.AsyncTask
        protected void onPreExecute() {
            try {
                if (this.mIsForEncryption) {
                    this.mKPG = CommonStoreEncryptor.this.initializeKeyPairGeneratorForEncryption(this.mKeyID, this.mUserAuthenticationRequired);
                } else {
                    this.mKPG = CommonStoreEncryptor.this.initializeKeyPairGenerator(this.mKeyID, this.mUserAuthenticationRequired);
                }
            } catch (Exception e) {
                Log.e(CommonStoreEncryptor.TAG, "Failed to initialize encryption key pair generator", e);
                this.mError = new ErrorHandlerImpl(9, "Failed to initialize encryption key pair generator", e);
            }
        }
    }

    public CommonStoreEncryptor(Context context) {
        super(context, PREFS_ENCRYPTOR_FILE_NAME);
    }

    private Cipher getAESCipher(int i, SecretKey secretKey, IvParameterSpec ivParameterSpec, boolean z) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance(getAESCipherAlgorithm(z));
        cipher.init(i, secretKey, ivParameterSpec);
        return cipher;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void clearMasterKeyPrefs() {
        clearPref(MASTER_KEY_ALIAS_PREF_NAME);
        clearPref(MASTER_KEY_WRAPPED_PREF_NAME);
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    @NonNull
    public byte[] decryptAES(@NonNull String str, @NonNull SecretKey secretKey, boolean z) {
        try {
            String[] split = str.split(DELIMITER);
            if (split.length != 2) {
                throw new IllegalArgumentException("Invalid encypted text format");
            }
            byte[] decode = Base64.decode(split[0], 2);
            return getAESCipher(2, secretKey, new IvParameterSpec(decode), z).doFinal(Base64.decode(split[1], 2));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("Failed decrypting data with AES", e);
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    @NonNull
    public String decryptWithKey(@NonNull String str, @NonNull byte[] bArr) {
        return decryptRSA(getRSADecryptCipher(str), bArr);
    }

    @Override // com.ts.common.api.core.encryption.CryptographyProvider
    public void decryptWithKeyForTag(@NonNull String str, @NonNull byte[] bArr, @NonNull CryptographyProvider.CryptographyListener cryptographyListener) {
        try {
            cryptographyListener.cryptographySuccess(decryptWithKey(str, bArr));
        } catch (Exception e) {
            Log.e(TAG, "decryption failed: ", e);
            cryptographyListener.cryptographyError(new ErrorHandlerImpl(9, e.getMessage(), e));
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public byte[] decryptWithMasterKey(String str) {
        try {
            return decryptAES(str, getMasterKey(), false);
        } catch (Throwable th) {
            Log.e(TAG, "Could not decrypt with master key", th);
            throw new MasterKeyException("Could not decrypt with master key", th);
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    @NonNull
    public String encryptAES(@NonNull byte[] bArr, @NonNull SecretKey secretKey, boolean z) {
        try {
            Cipher aESCipher = getAESCipher(1, secretKey, null, z);
            return String.format("%s%s%s", Base64.encodeToString(aESCipher.getIV(), 2), DELIMITER, Base64.encodeToString(aESCipher.doFinal(bArr), 2));
        } catch (GeneralSecurityException e) {
            Log.e(TAG, "Failed encrypting data with AES", e);
            throw new RuntimeException("Failed encrypting data with AES", e);
        }
    }

    @Override // com.ts.common.api.core.encryption.CryptographyProvider
    public void encryptWithKeyForTag(@NonNull String str, @NonNull byte[] bArr, @NonNull CryptographyProvider.CryptographyListener cryptographyListener) {
        try {
            cryptographyListener.cryptographySuccess(encryptWithKey(str, bArr));
        } catch (Exception e) {
            Log.e(TAG, "encryption failed: ", e);
            cryptographyListener.cryptographyError(new ErrorHandlerImpl(9, e.getMessage(), e));
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String encryptWithMasterKey(String str) {
        try {
            return encryptAES(str.getBytes(Charset.forName("UTF-8")), getMasterKey(), false);
        } catch (IOException | GeneralSecurityException e) {
            Log.e(TAG, "Could not encrypt with master key", e);
            throw new MasterKeyException("Could not encrypt with master key", e);
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    @NonNull
    public String encryptWithReEncodedPublicKey(@NonNull String str, @NonNull byte[] bArr) {
        try {
            return encryptWithKey(KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(getPublicKey(str).getEncoded())), bArr);
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException("Could not encrypt.", e);
        }
    }

    protected abstract KeyPair generateKeyPair(@NonNull KeyPairGenerator keyPairGenerator, @NonNull String str);

    protected abstract KeyPair generateKeyPairForEncryption(@NonNull KeyPairGenerator keyPairGenerator, @NonNull String str);

    @Override // com.ts.common.api.core.encryption.Encryptor, com.ts.common.api.core.encryption.CryptographyProvider
    public final void generateKeys(@NonNull final String str, @NonNull final Encryptor.GenerateKeysListener generateKeysListener, final boolean z, final boolean z2) {
        new Handler(this.mContext.getMainLooper()).post(new Runnable() { // from class: com.ts.common.internal.core.encryption.CommonStoreEncryptor.1
            @Override // java.lang.Runnable
            public void run() {
                new GenerateKeysAsyncTask(str, generateKeysListener, z, z2).execute(new Void[0]);
            }
        });
    }

    protected void generateMasterKey(String str) throws GeneralSecurityException {
        Log.d(TAG, "Generating master secret key");
        KeyGenerator keyGenerator = KeyGenerator.getInstance(AES_ALGORITHM, BouncyCastleProvider.PROVIDER_NAME);
        keyGenerator.init(256);
        SecretKey generateKey = keyGenerator.generateKey();
        KeyPair generateKeyPair = generateKeyPair(initializeKeyPairGenerator(str, false), str);
        Cipher cipher = Cipher.getInstance(RSA_WRAP_CIPHER_ALGORITHM);
        cipher.init(3, generateKeyPair.getPublic());
        setStringPref(MASTER_KEY_WRAPPED_PREF_NAME, Base64.encodeToString(cipher.wrap(generateKey), 0));
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public void generateMasterKeyIfNeeded() {
        try {
            String stringPref = getStringPref(MASTER_KEY_ALIAS_PREF_NAME);
            if (stringPref == null || !hasKey(stringPref)) {
                if (stringPref == null) {
                    stringPref = UUID.randomUUID().toString();
                }
                generateMasterKey(stringPref);
                setStringPref(MASTER_KEY_ALIAS_PREF_NAME, stringPref);
                setStringPref(MASTER_KEY_GENERATION_TS_PREF_NAME, Long.toString(System.currentTimeMillis()));
            }
        } catch (IOException | GeneralSecurityException e) {
            Log.e(TAG, "Could not generate master key", e);
            throw new MasterKeyException("Could not generate master key", e);
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String getAESCipherAlgorithm(boolean z) {
        return z ? AES_NO_INTEG_CIPHER_ALGORITHM : AES_CIPHER_ALGORITHM;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecretKey getMasterKey() throws GeneralSecurityException, IOException {
        String stringPref = getStringPref(MASTER_KEY_ALIAS_PREF_NAME);
        if (stringPref == null) {
            throw new MasterKeyException("No stored master key alias");
        }
        try {
            PrivateKey privateKey = getPrivateKey(stringPref);
            Cipher cipher = Cipher.getInstance(RSA_WRAP_CIPHER_ALGORITHM);
            cipher.init(4, privateKey);
            String stringPref2 = getStringPref(MASTER_KEY_WRAPPED_PREF_NAME);
            if (stringPref2 != null) {
                return (SecretKey) cipher.unwrap(Base64.decode(stringPref2, 2), AES_ALGORITHM, 3);
            }
            throw new MasterKeyException("Wrapped key is not present in preferences");
        } catch (PrivateKeyNotFoundException e) {
            Log.e(TAG, "Master alias exists but private key not found");
            clearMasterKeyPrefs();
            throw new MasterKeyException("Master alias exists but private key not found", e);
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public Long getMasterKeyGenerationTime() {
        try {
            return Long.valueOf(Long.parseLong(getStringPref(MASTER_KEY_GENERATION_TS_PREF_NAME)));
        } catch (NumberFormatException unused) {
            Log.e(TAG, "Failed to format master key generation timestamp to long");
            return null;
        }
    }

    @NonNull
    protected abstract PrivateKey getPrivateKey(@NonNull String str) throws GeneralSecurityException, IOException;

    protected abstract boolean hasKey(String str) throws GeneralSecurityException, IOException;

    @MainThread
    protected abstract KeyPairGenerator initializeKeyPairGenerator(@NonNull String str, boolean z);

    @MainThread
    protected abstract KeyPairGenerator initializeKeyPairGeneratorForEncryption(@NonNull String str, boolean z);

    @Override // com.ts.common.api.core.encryption.Encryptor
    public boolean isSignatureInvalidated(@NonNull String str) {
        try {
            loadSignature(str);
            return false;
        } catch (Exception e) {
            return e.getCause() instanceof InvalidKeyException;
        }
    }

    @Override // com.ts.common.api.core.encryption.CryptographyProvider
    public void signWithKeyForTag(@NonNull String str, @NonNull byte[] bArr, @NonNull CryptographyProvider.CryptographyListener cryptographyListener) {
        try {
            cryptographyListener.cryptographySuccess(signWithKey(str, bArr));
        } catch (Exception e) {
            Log.e(TAG, "signing failed: ", e);
            cryptographyListener.cryptographyError(new ErrorHandlerImpl(9, e.getMessage(), e));
        }
    }
}
