package be.appmire.flutterkeychain;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;

/* compiled from: FlutterKeychainPlugin.kt */
@Metadata(d1 = {"\u0000>\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\u0018\u00002\u00020\u0001B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\b\u0010\t\u001a\u00020\nH\u0003J\b\u0010\u000b\u001a\u00020\nH\u0002J\u000e\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\rJ\u000e\u0010\u000f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\rJ\b\u0010\u0010\u001a\u00020\u0011H\u0002J\b\u0010\u0012\u001a\u00020\u0013H\u0002J\u0018\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\r2\u0006\u0010\u0017\u001a\u00020\u0006H\u0016J\u0010\u0010\u0018\u001a\u00020\r2\u0006\u0010\u0019\u001a\u00020\u0015H\u0016R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0006X\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0006X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u001a"}, d2 = {"Lbe/appmire/flutterkeychain/RsaKeyStoreKeyWrapper;", "Lbe/appmire/flutterkeychain/KeyWrapper;", "context", "Landroid/content/Context;", "(Landroid/content/Context;)V", "KEYSTORE_PROVIDER_ANDROID", "", "TYPE_RSA", "keyAlias", "createKeys", "", "createRSAKeysIfNeeded", "decrypt", "", "input", "encrypt", "getKeyStore", "Ljava/security/KeyStore;", "getRSACipher", "Ljavax/crypto/Cipher;", "unwrap", "Ljava/security/Key;", "wrappedKey", "algorithm", "wrap", "key", "flutter_keychain_release"}, k = 1, mv = {1, 8, 0}, xi = 48)
/* loaded from: classes.dex */
public final class RsaKeyStoreKeyWrapper implements KeyWrapper {
    private final String KEYSTORE_PROVIDER_ANDROID;
    private final String TYPE_RSA;
    private final Context context;
    private final String keyAlias;

    public RsaKeyStoreKeyWrapper(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        this.TYPE_RSA = "RSA";
        this.KEYSTORE_PROVIDER_ANDROID = "AndroidKeyStore";
        this.keyAlias = context.getPackageName() + ".FlutterKeychain";
        this.context = context;
        createRSAKeysIfNeeded();
    }

    private final void createKeys() throws Exception {
        KeyGenParameterSpec keyGenParameterSpec;
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 25);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.TYPE_RSA, this.KEYSTORE_PROVIDER_ANDROID);
        if (Build.VERSION.SDK_INT < 23) {
            KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.context).setAlias(this.keyAlias).setSubject(new X500Principal("CN=" + this.keyAlias)).setSerialNumber(BigInteger.valueOf(1L)).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
            Intrinsics.checkNotNullExpressionValue(build, "Builder(context)\n       …\n                .build()");
            keyGenParameterSpec = build;
        } else {
            KeyGenParameterSpec build2 = new KeyGenParameterSpec.Builder(this.keyAlias, 3).setCertificateSubject(new X500Principal("CN=" + this.keyAlias)).setDigests(MessageDigestAlgorithms.SHA_256).setEncryptionPaddings("PKCS1Padding").setUserAuthenticationRequired(false).setCertificateSerialNumber(BigInteger.valueOf(1L)).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).build();
            Intrinsics.checkNotNullExpressionValue(build2, "Builder(\n               …\n                .build()");
            keyGenParameterSpec = build2;
        }
        keyPairGenerator.initialize(keyGenParameterSpec);
        keyPairGenerator.generateKeyPair();
    }

    private final void createRSAKeysIfNeeded() throws Exception {
        PublicKey publicKey;
        PrivateKey privateKey;
        KeyStore keyStore = KeyStore.getInstance(this.KEYSTORE_PROVIDER_ANDROID);
        keyStore.load(null);
        int i = 1;
        PrivateKey privateKey2 = null;
        while (true) {
            if (i >= 6) {
                publicKey = null;
                break;
            }
            try {
                Key key = keyStore.getKey(this.keyAlias, null);
                Intrinsics.checkNotNull(key, "null cannot be cast to non-null type java.security.PrivateKey");
                PrivateKey privateKey3 = (PrivateKey) key;
                try {
                    publicKey = keyStore.getCertificate(this.keyAlias).getPublicKey();
                    privateKey2 = privateKey3;
                    break;
                } catch (Exception unused) {
                    privateKey2 = privateKey3;
                }
            } catch (Exception unused2) {
            }
            i++;
        }
        if (privateKey2 == null || publicKey == null) {
            createKeys();
            try {
                Key key2 = keyStore.getKey(this.keyAlias, null);
                Intrinsics.checkNotNull(key2, "null cannot be cast to non-null type java.security.PrivateKey");
                privateKey = (PrivateKey) key2;
            } catch (Exception unused3) {
            }
            try {
                publicKey = keyStore.getCertificate(this.keyAlias).getPublicKey();
            } catch (Exception unused4) {
                privateKey2 = privateKey;
                keyStore.deleteEntry(this.keyAlias);
                privateKey = privateKey2;
                if (privateKey != null) {
                }
                createKeys();
            }
            if (privateKey != null || publicKey == null) {
                createKeys();
            }
        }
    }

    private final KeyStore getKeyStore() throws Exception {
        KeyStore ks = KeyStore.getInstance(this.KEYSTORE_PROVIDER_ANDROID);
        ks.load(null);
        Intrinsics.checkNotNullExpressionValue(ks, "ks");
        return ks;
    }

    private final Cipher getRSACipher() throws Exception {
        if (Build.VERSION.SDK_INT < 23) {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
            Intrinsics.checkNotNullExpressionValue(cipher, "{\n            Cipher.get…e or public key\n        }");
            return cipher;
        }
        Cipher cipher2 = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidKeyStoreBCWorkaround");
        Intrinsics.checkNotNullExpressionValue(cipher2, "{\n            Cipher.get…oreBCWorkaround\n        }");
        return cipher2;
    }

    public final byte[] decrypt(byte[] input) throws Exception {
        Intrinsics.checkNotNullParameter(input, "input");
        Key key = getKeyStore().getKey(this.keyAlias, null);
        Cipher rSACipher = getRSACipher();
        rSACipher.init(2, key);
        byte[] doFinal = rSACipher.doFinal(input);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(input)");
        return doFinal;
    }

    public final byte[] encrypt(byte[] input) throws Exception {
        Intrinsics.checkNotNullParameter(input, "input");
        PublicKey publicKey = getKeyStore().getCertificate(this.keyAlias).getPublicKey();
        Cipher rSACipher = getRSACipher();
        rSACipher.init(1, publicKey);
        byte[] doFinal = rSACipher.doFinal(input);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(input)");
        return doFinal;
    }

    @Override // be.appmire.flutterkeychain.KeyWrapper
    public Key unwrap(byte[] wrappedKey, String algorithm) throws Exception {
        Intrinsics.checkNotNullParameter(wrappedKey, "wrappedKey");
        Intrinsics.checkNotNullParameter(algorithm, "algorithm");
        Key key = getKeyStore().getKey(this.keyAlias, null);
        Cipher rSACipher = getRSACipher();
        rSACipher.init(4, key);
        Key unwrap = rSACipher.unwrap(wrappedKey, algorithm, 3);
        Intrinsics.checkNotNullExpressionValue(unwrap, "cipher.unwrap(wrappedKey…rithm, Cipher.SECRET_KEY)");
        return unwrap;
    }

    @Override // be.appmire.flutterkeychain.KeyWrapper
    public byte[] wrap(Key key) throws Exception {
        Intrinsics.checkNotNullParameter(key, "key");
        Certificate certificate = getKeyStore().getCertificate(this.keyAlias);
        PublicKey publicKey = certificate != null ? certificate.getPublicKey() : null;
        Cipher rSACipher = getRSACipher();
        rSACipher.init(3, publicKey);
        byte[] wrap = rSACipher.wrap(key);
        Intrinsics.checkNotNullExpressionValue(wrap, "cipher.wrap(key)");
        return wrap;
    }
}
