package com.finance.userclient.utils.encryption;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.annotation.RequiresApi;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Calendar;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;

/* loaded from: classes.dex */
public class EncryptionManager {
    static final String DEFAULT_CHARSET = "UTF-8";
    SecretKey aesKey;
    boolean isCompatMode;
    KeyStore mStore;
    SecretKey macKey;
    RSAPrivateKey privateKey;
    RSAPublicKey publicKey;
    final int RSA_BIT_LENGTH = 2048;
    final int AES_BIT_LENGTH = 256;
    final int MAC_BIT_LENGTH = 256;
    final int GCM_TAG_LENGTH = 128;
    final String KEYSTORE_PROVIDER = "AndroidKeyStore";
    final String SSL_PROVIDER = "AndroidOpenSSL";
    final String BOUNCY_CASTLE_PROVIDER = "BC";
    final String RSA_KEY_ALIAS = "sps_rsa_key";
    final String AES_KEY_ALIAS = "sps_aes_key";
    final String MAC_KEY_ALIAS = "sps_mac_key";
    final String DELIMITER = "]";
    final String RSA_CIPHER = "RSA/ECB/PKCS1Padding";
    final String AES_CIPHER = "AES/GCM/NoPadding";
    final String AES_CIPHER_COMPAT = "AES/CBC/PKCS7Padding";
    final String MAC_CIPHER = "HmacSHA256";
    final String IS_COMPAT_MODE_KEY_ALIAS = "sps_data_in_compat";

    /* loaded from: classes.dex */
    public static class EncryptedData {
        byte[] IV;
        byte[] encryptedData;
        byte[] mac;

        public EncryptedData() {
            this.IV = null;
            this.encryptedData = null;
            this.mac = null;
        }

        public EncryptedData(byte[] bArr, byte[] bArr2, byte[] bArr3) {
            this.IV = bArr;
            this.encryptedData = bArr2;
            this.mac = bArr3;
        }

        byte[] getDataForMacComputation() {
            byte[] bArr = this.IV;
            byte[] bArr2 = new byte[bArr.length + this.encryptedData.length];
            System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
            byte[] bArr3 = this.encryptedData;
            System.arraycopy(bArr3, 0, bArr2, this.IV.length, bArr3.length);
            return bArr2;
        }

        public byte[] getEncryptedData() {
            return this.encryptedData;
        }

        public byte[] getIV() {
            return this.IV;
        }

        public byte[] getMac() {
            return this.mac;
        }

        public void setEncryptedData(byte[] bArr) {
            this.encryptedData = bArr;
        }

        public void setIV(byte[] bArr) {
            this.IV = bArr;
        }

        public void setMac(byte[] bArr) {
            this.mac = bArr;
        }
    }

    /* loaded from: classes.dex */
    public class InvalidMacException extends GeneralSecurityException {
        public InvalidMacException() {
            super("Invalid Mac, failed to verify integrity.");
        }
    }

    public EncryptionManager(Context context, SharedPreferences sharedPreferences) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, NoSuchProviderException, InvalidAlgorithmParameterException, UnrecoverableEntryException, InvalidKeyException, NoSuchPaddingException {
        this.isCompatMode = false;
        this.isCompatMode = sharedPreferences.getBoolean(getHashed("sps_data_in_compat"), Build.VERSION.SDK_INT < 23);
        loadKeyStore();
        generateKey(context, sharedPreferences);
        loadKey(sharedPreferences);
    }

    public static byte[] base64Decode(String str) {
        return Base64.decode(str, 2);
    }

    public static String base64Encode(byte[] bArr) {
        return Base64.encodeToString(bArr, 2);
    }

    public static byte[] decryptByPrivateKey(byte[] bArr, String str) throws Exception {
        PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(str.getBytes()));
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, generatePrivate);
        return cipher.doFinal(bArr);
    }

    public static String encryptByPrivateKey(String str, String str2) throws Exception {
        PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(str2.getBytes(), 0)));
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(1, generatePrivate);
        return Base64.encodeToString(cipher.doFinal(str.getBytes()), 2);
    }

    public static String encryptByPublicKey(String str, String str2) throws GeneralSecurityException {
        PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode(str2.getBytes(), 0)));
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(1, generatePublic);
        return Base64.encodeToString(cipher.doFinal(str.getBytes()), 0);
    }

    public static String getHashed(String str) throws NoSuchAlgorithmException, UnsupportedEncodingException {
        return toHex(MessageDigest.getInstance(MessageDigestAlgorithms.SHA_256).digest(str.getBytes("UTF-8")));
    }

    static String toHex(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            sb.append(String.format("%02X", Byte.valueOf(b)));
        }
        return sb.toString();
    }

    byte[] RSADecrypt(byte[] bArr) throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
        cipher.init(2, this.privateKey);
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        byte[] bArr2 = new byte[arrayList.size()];
        for (int i = 0; i < bArr2.length; i++) {
            bArr2[i] = ((Byte) arrayList.get(i)).byteValue();
        }
        cipherInputStream.close();
        return bArr2;
    }

    byte[] RSAEncrypt(byte[] bArr) throws KeyStoreException, UnrecoverableEntryException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IOException {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
        cipher.init(1, this.publicKey);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(bArr);
        cipherOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    byte[] computeMac(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(this.macKey);
        return mac.doFinal(bArr);
    }

    EncryptedData decodeEncryptedText(String str) {
        EncryptedData encryptedData = new EncryptedData();
        String[] split = str.split("]");
        encryptedData.IV = base64Decode(split[0]);
        encryptedData.encryptedData = base64Decode(split[1]);
        if (split.length > 2) {
            encryptedData.mac = base64Decode(split[2]);
        }
        return encryptedData;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String decrypt(String str) throws IOException, NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidMacException, NoSuchProviderException, InvalidAlgorithmParameterException {
        if (str == null || str.length() <= 0) {
            return null;
        }
        byte[] decrypt = decrypt(decodeEncryptedText(str));
        return new String(decrypt, 0, decrypt.length, "UTF-8");
    }

    public byte[] decrypt(EncryptedData encryptedData) throws IOException, NoSuchPaddingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidMacException, NoSuchProviderException, InvalidKeyException {
        if (encryptedData == null || encryptedData.encryptedData == null) {
            return null;
        }
        return this.isCompatMode ? decryptAESCompat(encryptedData) : decryptAES(encryptedData);
    }

    @TargetApi(19)
    byte[] decryptAES(EncryptedData encryptedData) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, UnsupportedEncodingException {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, this.aesKey, new GCMParameterSpec(128, encryptedData.IV));
        return cipher.doFinal(encryptedData.encryptedData);
    }

    byte[] decryptAESCompat(EncryptedData encryptedData) throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, NoSuchPaddingException, InvalidAlgorithmParameterException, BadPaddingException, IllegalBlockSizeException, InvalidMacException {
        if (!verifyMac(encryptedData.mac, encryptedData.getDataForMacComputation())) {
            throw new InvalidMacException();
        }
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
        cipher.init(2, this.aesKey, new IvParameterSpec(encryptedData.IV));
        return cipher.doFinal(encryptedData.encryptedData);
    }

    String encodeEncryptedData(EncryptedData encryptedData) {
        if (encryptedData.mac == null) {
            return base64Encode(encryptedData.IV) + "]" + base64Encode(encryptedData.encryptedData);
        }
        return base64Encode(encryptedData.IV) + "]" + base64Encode(encryptedData.encryptedData) + "]" + base64Encode(encryptedData.mac);
    }

    public EncryptedData encrypt(byte[] bArr) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IOException, BadPaddingException, NoSuchProviderException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
        if (bArr == null || bArr.length <= 0) {
            return null;
        }
        byte[] iv = getIV();
        return this.isCompatMode ? encryptAESCompat(bArr, iv) : encryptAES(bArr, iv);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String encrypt(String str) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IOException, IllegalBlockSizeException, InvalidAlgorithmParameterException, NoSuchProviderException, BadPaddingException {
        if (str == null || str.length() <= 0) {
            return null;
        }
        return encodeEncryptedData(encrypt(str.getBytes("UTF-8")));
    }

    @TargetApi(19)
    EncryptedData encryptAES(byte[] bArr, byte[] bArr2) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, UnsupportedEncodingException {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, this.aesKey, new GCMParameterSpec(128, bArr2));
        EncryptedData encryptedData = new EncryptedData();
        encryptedData.IV = cipher.getIV();
        encryptedData.encryptedData = cipher.doFinal(bArr);
        return encryptedData;
    }

    EncryptedData encryptAESCompat(byte[] bArr, byte[] bArr2) throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, UnsupportedEncodingException, InvalidAlgorithmParameterException {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
        cipher.init(1, this.aesKey, new IvParameterSpec(bArr2));
        EncryptedData encryptedData = new EncryptedData();
        encryptedData.IV = cipher.getIV();
        encryptedData.encryptedData = cipher.doFinal(bArr);
        encryptedData.mac = computeMac(encryptedData.getDataForMacComputation());
        return encryptedData;
    }

    @TargetApi(23)
    boolean generateAESKey() throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 25);
        if (this.mStore.containsAlias("sps_aes_key")) {
            return false;
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder("sps_aes_key", 3).setCertificateSubject(new X500Principal("CN = Secured Preference Store, O = Devliving Online")).setCertificateSerialNumber(BigInteger.ONE).setKeySize(256).setKeyValidityEnd(calendar2.getTime()).setKeyValidityStart(calendar.getTime()).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build());
        keyGenerator.generateKey();
        return true;
    }

    boolean generateFallbackAESKey(SharedPreferences sharedPreferences) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, KeyStoreException, NoSuchProviderException, UnrecoverableEntryException {
        String hashed = getHashed("sps_aes_key");
        if (sharedPreferences.contains(hashed)) {
            return false;
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256);
        boolean commit = sharedPreferences.edit().putString(hashed, Base64.encodeToString(RSAEncrypt(keyGenerator.generateKey().getEncoded()), 2)).commit();
        sharedPreferences.edit().putBoolean(getHashed("sps_data_in_compat"), true).apply();
        return commit;
    }

    void generateKey(Context context, SharedPreferences sharedPreferences) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, UnrecoverableEntryException, NoSuchPaddingException, InvalidKeyException, IOException {
        if (!this.isCompatMode) {
            generateAESKey();
            return;
        }
        generateRSAKeys(context);
        loadRSAKeys();
        generateFallbackAESKey(sharedPreferences);
        generateMacKey(sharedPreferences);
    }

    boolean generateMacKey(SharedPreferences sharedPreferences) throws NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, UnrecoverableEntryException, IOException {
        String hashed = getHashed("sps_mac_key");
        if (sharedPreferences.contains(hashed)) {
            return false;
        }
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return sharedPreferences.edit().putString(hashed, base64Encode(RSAEncrypt(bArr))).commit();
    }

    @RequiresApi(api = 18)
    void generateRSAKeys(Context context) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyStoreException {
        if (this.mStore.containsAlias("sps_rsa_key")) {
            return;
        }
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 25);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(Build.VERSION.SDK_INT >= 19 ? new KeyPairGeneratorSpec.Builder(context).setAlias("sps_rsa_key").setKeySize(2048).setKeyType("RSA").setEndDate(calendar2.getTime()).setStartDate(calendar.getTime()).setSerialNumber(BigInteger.ONE).setSubject(new X500Principal("CN = Secured Preference Store, O = Devliving Online")).build() : new KeyPairGeneratorSpec.Builder(context).setAlias("sps_rsa_key").setEndDate(calendar2.getTime()).setStartDate(calendar.getTime()).setSerialNumber(BigInteger.ONE).setSubject(new X500Principal("CN = Secured Preference Store, O = Devliving Online")).build());
        keyPairGenerator.generateKeyPair();
    }

    SecretKey getFallbackAESKey(SharedPreferences sharedPreferences) throws IOException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, NoSuchPaddingException {
        String string = sharedPreferences.getString(getHashed("sps_aes_key"), null);
        if (string != null) {
            return new SecretKeySpec(RSADecrypt(Base64.decode(string, 2)), "AES");
        }
        return null;
    }

    byte[] getIV() throws UnsupportedEncodingException {
        byte[] bArr = !this.isCompatMode ? new byte[12] : new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    SecretKey getMacKey(SharedPreferences sharedPreferences) throws IOException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, NoSuchPaddingException {
        String string = sharedPreferences.getString(getHashed("sps_mac_key"), null);
        if (string != null) {
            return new SecretKeySpec(RSADecrypt(base64Decode(string)), "HmacSHA256");
        }
        return null;
    }

    void loadKey(SharedPreferences sharedPreferences) throws KeyStoreException, UnrecoverableEntryException, NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException, InvalidKeyException, IOException {
        if (this.isCompatMode) {
            this.aesKey = getFallbackAESKey(sharedPreferences);
            this.macKey = getMacKey(sharedPreferences);
        } else if (this.mStore.containsAlias("sps_aes_key") && this.mStore.entryInstanceOf("sps_aes_key", KeyStore.SecretKeyEntry.class)) {
            this.aesKey = ((KeyStore.SecretKeyEntry) this.mStore.getEntry("sps_aes_key", null)).getSecretKey();
        }
    }

    void loadKeyStore() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        this.mStore = KeyStore.getInstance("AndroidKeyStore");
        this.mStore.load(null);
    }

    void loadRSAKeys() throws KeyStoreException, UnrecoverableEntryException, NoSuchAlgorithmException {
        if (this.mStore.containsAlias("sps_rsa_key") && this.mStore.entryInstanceOf("sps_rsa_key", KeyStore.PrivateKeyEntry.class)) {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.mStore.getEntry("sps_rsa_key", null);
            this.publicKey = (RSAPublicKey) privateKeyEntry.getCertificate().getPublicKey();
            this.privateKey = (RSAPrivateKey) privateKeyEntry.getPrivateKey();
        }
    }

    boolean verifyMac(byte[] bArr, byte[] bArr2) throws InvalidKeyException, NoSuchAlgorithmException {
        if (bArr == null || bArr2 == null) {
            return false;
        }
        byte[] computeMac = computeMac(bArr2);
        if (computeMac.length != bArr.length) {
            return false;
        }
        int i = 0;
        for (int i2 = 0; i2 < computeMac.length; i2++) {
            i |= computeMac[i2] ^ bArr[i2];
        }
        return i == 0;
    }
}
