package com.teskalabs.seacat.android.client.util;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Log;
import com.teskalabs.seacat.android.client.SeaCatInternals;
import com.teskalabs.seacat.android.client.auth.SeaCatUserNotAuthenticatedException;
import io.fabric.sdk.android.services.common.CommonUtils;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.util.Date;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes3.dex */
public class RSAKeyPair {
    private static final String TAG = RSAKeyPair.class.getName();
    private final String alias;

    public RSAKeyPair(String str) {
        this.alias = str;
    }

    private void generate_api17(Context context, int i, String str, Date date, Date date2, int i2, boolean z) throws GeneralSecurityException {
        new X500Principal(str);
        obtainKeyStore();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(i);
        try {
            keyPairGenerator.genKeyPair();
        } catch (IllegalStateException e) {
            Log.e(SeaCatInternals.L, "Failed to generate the key pair:", e);
            throw new SecurityException("Failed to generate the key pair.");
        }
    }

    private void generate_api18_22(Context context, int i, String str, Date date, Date date2, int i2, boolean z) throws GeneralSecurityException {
        Context applicationContext = context.getApplicationContext();
        X500Principal x500Principal = new X500Principal(str);
        KeyStore obtainKeyStore = obtainKeyStore();
        KeyPairGeneratorSpec.Builder builder = new KeyPairGeneratorSpec.Builder(applicationContext);
        builder.setAlias(this.alias);
        builder.setStartDate(date);
        builder.setEndDate(date2);
        builder.setSerialNumber(BigInteger.valueOf(i2));
        builder.setSubject(x500Principal);
        if (z) {
            builder.setEncryptionRequired();
        }
        if (Build.VERSION.SDK_INT >= 19) {
            builder.setKeySize(i);
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(builder.build());
        try {
            keyPairGenerator.generateKeyPair();
            if (((PrivateKey) obtainKeyStore.getKey(this.alias, null)) == null) {
                throw new SecurityException("Failed to obtain private key from a generated key pair");
            }
            if (obtainKeyStore.getCertificate(this.alias).getPublicKey() == null) {
                throw new SecurityException("Failed to obtain public key from a generated key pair");
            }
        } catch (IllegalStateException e) {
            Log.e(SeaCatInternals.L, "Failed to generate the key pair:", e);
            throw new SecurityException("Failed to generate the key pair.");
        }
    }

    private void generate_api23(int i, String str, Date date, Date date2, int i2, boolean z) throws GeneralSecurityException {
        X500Principal x500Principal = new X500Principal(str);
        KeyStore obtainKeyStore = obtainKeyStore();
        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(this.alias, 15);
        builder.setKeySize(i);
        builder.setBlockModes("ECB");
        builder.setEncryptionPaddings("PKCS1Padding");
        builder.setSignaturePaddings("PKCS1");
        builder.setDigests(CommonUtils.SHA256_INSTANCE);
        builder.setCertificateNotBefore(date);
        builder.setCertificateNotAfter(date2);
        builder.setCertificateSerialNumber(BigInteger.valueOf(i2));
        builder.setCertificateSubject(x500Principal);
        if (z) {
            builder.setUserAuthenticationRequired(true);
            builder.setUserAuthenticationValidityDurationSeconds(5);
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(builder.build());
        try {
            keyPairGenerator.generateKeyPair();
            if (((PrivateKey) obtainKeyStore.getKey(this.alias, null)) == null) {
                throw new SecurityException("Failed to obtain private key from a generated key pair");
            }
            if (obtainKeyStore.getCertificate(this.alias).getPublicKey() == null) {
                throw new SecurityException("Failed to obtain public key from a generated key pair");
            }
        } catch (IllegalStateException e) {
            Log.e(SeaCatInternals.L, "Failed to generate the key pair:", e);
            throw new SecurityException("Failed to generate the key pair.");
        }
    }

    private KeyStore obtainKeyStore() throws GeneralSecurityException {
        if (Build.VERSION.SDK_INT < 18) {
            return KeyStore.getInstance("BKS");
        }
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        try {
            keyStore.load(null);
            return keyStore;
        } catch (IOException e) {
            throw new KeyStoreException("Key store error", e);
        }
    }

    public byte[] decrypt(byte[] bArr) throws SeaCatUserNotAuthenticatedException, GeneralSecurityException {
        PrivateKey privateKey = (PrivateKey) obtainKeyStore().getKey(this.alias, null);
        if (privateKey == null) {
            return null;
        }
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, privateKey);
        try {
            return cipher.doFinal(bArr);
        } catch (GeneralSecurityException e) {
            if (Build.VERSION.SDK_INT < 23 || !(e instanceof UserNotAuthenticatedException)) {
                throw e;
            }
            Log.w(TAG, "User not logged in!");
            throw new SeaCatUserNotAuthenticatedException(e);
        }
    }

    public byte[] derive(String str, int i) throws SeaCatUserNotAuthenticatedException, GeneralSecurityException {
        Key key = obtainKeyStore().getKey(this.alias, null);
        if (key == null) {
            return null;
        }
        PrivateKey privateKey = (PrivateKey) key;
        Signature signature = Signature.getInstance("SHA256withRSA");
        try {
            signature.initSign(privateKey);
            signature.update(str.getBytes());
            byte[] sign = signature.sign();
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(new byte[mac.getMacLength()], "HmacSHA256"));
            SecretKeySpec secretKeySpec = new SecretKeySpec(mac.doFinal(sign), "HmacSHA256");
            for (int i2 = 0; i2 < sign.length; i2++) {
                sign[i2] = 119;
            }
            byte[] bArr = new byte[0];
            double d = i;
            double macLength = mac.getMacLength();
            Double.isNaN(d);
            Double.isNaN(macLength);
            int ceil = (int) Math.ceil(d / macLength);
            if (ceil > 255) {
                throw new IllegalArgumentException("out length must be maximal 255 * hash-length; requested: " + i + " bytes");
            }
            ByteBuffer allocate = ByteBuffer.allocate(i);
            int i3 = i;
            int i4 = 0;
            while (i4 < ceil) {
                Mac mac2 = Mac.getInstance("HmacSHA256");
                mac2.init(secretKeySpec);
                mac2.update(bArr);
                mac2.update(str.getBytes());
                i4++;
                mac2.update((byte) i4);
                bArr = mac2.doFinal();
                int min = Math.min(i3, bArr.length);
                allocate.put(bArr, 0, min);
                i3 -= min;
            }
            return allocate.array();
        } catch (GeneralSecurityException e) {
            if (Build.VERSION.SDK_INT < 23 || !(e instanceof UserNotAuthenticatedException)) {
                throw e;
            }
            Log.w(TAG, "User not logged in!");
            throw new SeaCatUserNotAuthenticatedException(e);
        }
    }

    public void discard() throws GeneralSecurityException {
        obtainKeyStore().deleteEntry(this.alias);
    }

    public byte[] encrypt(byte[] bArr) throws GeneralSecurityException {
        PublicKey publicKey = obtainKeyStore().getCertificate(this.alias).getPublicKey();
        if (publicKey == null) {
            return null;
        }
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(1, publicKey);
        return cipher.doFinal(bArr);
    }

    public boolean exists() {
        try {
            return ((PrivateKey) obtainKeyStore().getKey(this.alias, null)) != null;
        } catch (GeneralSecurityException e) {
            Log.w(SeaCatInternals.L, "Failed to validate that the " + this.alias + " key exists:", e);
            return false;
        }
    }

    public void generate(Context context, int i, String str, Date date, Date date2, int i2, boolean z) throws GeneralSecurityException {
        if (Build.VERSION.SDK_INT < 18) {
            generate_api17(context, i, str, date, date2, i2, z);
        } else if (Build.VERSION.SDK_INT < 23) {
            generate_api18_22(context, i, str, date, date2, i2, z);
        } else {
            generate_api23(i, str, date, date2, i2, z);
        }
    }

    public Certificate getCertificate() throws GeneralSecurityException {
        KeyStore obtainKeyStore = obtainKeyStore();
        if (obtainKeyStore == null) {
            return null;
        }
        return obtainKeyStore.getCertificate(this.alias);
    }

    public PublicKey getPublicKey() throws GeneralSecurityException {
        Certificate certificate = getCertificate();
        if (certificate == null) {
            return null;
        }
        return certificate.getPublicKey();
    }
}
