package com.ts.common.internal.core.encryption.pre18;

import android.annotation.TargetApi;
import com.ts.common.api.SDKBase;
import com.ts.common.api.core.encryption.PrivateKeyNotFoundException;
import com.ts.common.internal.core.encryption.CommonStoreEncryptor;
import com.ts.common.internal.core.logger.Log;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.inject.Inject;
import javax.inject.Named;

@TargetApi(14)
/* loaded from: classes2.dex */
public class Pre18KeyStoreEncryptor extends CommonStoreEncryptor {
    private static final String AES_CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
    private static final String DELIMITER = "]";
    private static final int IV_LENGTH = 16;
    private static final String PUBLIC_ALIAS_POSTFIX = ".public";
    private static final String RSA_CIPHER_ALGORITHM = "RSA/NONE/PKCS1Padding";
    private static String TAG = "com.ts.common.internal.core.encryption.pre18.Pre18KeyStoreEncryptor";
    private KeyStore mKeyStore = KeyStore.getInstance();
    private SecureRandom mRandom = new SecureRandom();
    private SDKBase.AuthenticatorsProperties mSDKProperties;
    private final String mUsernameKeyIDPrefix;

    @Inject
    public Pre18KeyStoreEncryptor(@Named("uid") String str, SDKBase.AuthenticatorsProperties authenticatorsProperties) {
        this.mUsernameKeyIDPrefix = str + ".";
        this.mSDKProperties = authenticatorsProperties;
    }

    private byte[] generateIV() {
        try {
            byte[] bArr = new byte[16];
            this.mRandom.nextBytes(bArr);
            return bArr;
        } catch (Exception e) {
            Log.e(TAG, "Failed to generate IV");
            throw new RuntimeException(e);
        }
    }

    public static KeyPair generateRsaKeyPair() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, NoSuchProviderException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(new RSAKeyGenParameterSpec(CommonStoreEncryptor.getKeySize(), RSAKeyGenParameterSpec.F4));
        return keyPairGenerator.generateKeyPair();
    }

    private PrivateKey getPrivateKey(String str) throws GeneralSecurityException {
        String storeKeyID = getStoreKeyID(str);
        byte[] bArr = this.mKeyStore.get(storeKeyID);
        if (bArr != null) {
            return KeyFactory.getInstance("RSA", "BC").generatePrivate(new PKCS8EncodedKeySpec(bArr));
        }
        throw new PrivateKeyNotFoundException("Could not get private key with alias " + storeKeyID + ", error: " + this.mKeyStore.getLastError());
    }

    private PublicKey getPublicKey(String str) throws GeneralSecurityException {
        String storeKeyID = getStoreKeyID(str);
        byte[] bArr = this.mKeyStore.get(storeKeyID + PUBLIC_ALIAS_POSTFIX);
        if (bArr != null) {
            return KeyFactory.getInstance("RSA", "BC").generatePublic(new X509EncodedKeySpec(bArr));
        }
        throw new IllegalStateException("Could not get public key with alias " + storeKeyID + ", error: " + this.mKeyStore.getLastError());
    }

    private String getStoreKeyID(String str) {
        return this.mUsernameKeyIDPrefix + str;
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public void clearDeviceKey() {
        clearKey("DeviceKeyAlias");
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public void clearKey(String str) {
        if (this.mKeyStore.delete(getStoreKeyID(str))) {
            return;
        }
        throw new RuntimeException("Could not clear keys. Error: " + this.mKeyStore.getLastError());
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String decryptAES(String str, SecretKey secretKey) {
        try {
            String[] split = str.split(DELIMITER);
            if (split.length != 2) {
                throw new IllegalArgumentException("Invalid encypted text format");
            }
            byte[] decode = Base64.decode(split[0], 2);
            byte[] decode2 = Base64.decode(split[1], 2);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(decode);
            Cipher cipher = Cipher.getInstance(AES_CIPHER_ALGORITHM, "BC");
            cipher.init(2, secretKey, ivParameterSpec);
            return new String(cipher.doFinal(decode2), "UTF-8");
        } catch (UnsupportedEncodingException | GeneralSecurityException e) {
            throw new RuntimeException("Failed decrypting data with AES", e);
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String decryptWithDeviceKey(String str) {
        try {
            Cipher cipher = Cipher.getInstance(RSA_CIPHER_ALGORITHM);
            cipher.init(2, getPrivateKey("DeviceKeyAlias"));
            return new String(cipher.doFinal(Base64.decode(str, 2)), Charset.forName("UTF-8"));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("Could not decrypt.", e);
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String encryptAES(String str, SecretKey secretKey) {
        try {
            byte[] generateIV = generateIV();
            IvParameterSpec ivParameterSpec = new IvParameterSpec(generateIV);
            Cipher cipher = Cipher.getInstance(AES_CIPHER_ALGORITHM, "BC");
            cipher.init(1, secretKey, ivParameterSpec);
            return String.format("%s%s%s", Base64.encodeToString(generateIV, 2), DELIMITER, Base64.encodeToString(cipher.doFinal(str.getBytes(Charset.forName("UTF-8"))), 2));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("Failed encrypting data with AES", e);
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String encryptWithDeviceKey(String str) {
        return encryptWithDeviceKey(str.getBytes(Charset.forName("utf-8")));
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String encryptWithDeviceKey(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance(RSA_CIPHER_ALGORITHM, "BC");
            cipher.init(1, getPublicKey("DeviceKeyAlias"));
            return Base64.encodeToString(cipher.doFinal(bArr), 2);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("Could not encrypt.", e);
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String encryptWithExternalPublicCert(String str, String str2) {
        throw new UnsupportedOperationException();
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public SecretKey generateKey(char[] cArr, byte[] bArr) {
        try {
            return new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1", "BC").generateSecret(new PBEKeySpec(cArr, bArr, this.mSDKProperties.keyDerivationParameters.iterationsCount, 256)).getEncoded(), "AES");
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("Could not extends auth data", e);
        }
    }

    @Override // com.ts.common.internal.core.encryption.CommonStoreEncryptor
    protected KeyPair generateKeyPair(String str) {
        String storeKeyID = getStoreKeyID(str);
        try {
            KeyPair generateRsaKeyPair = generateRsaKeyPair();
            if (!this.mKeyStore.put(storeKeyID, generateRsaKeyPair.getPrivate().getEncoded())) {
                throw new IllegalStateException("Could not store private key, error: " + this.mKeyStore.getLastError());
            }
            if (this.mKeyStore.put(storeKeyID + PUBLIC_ALIAS_POSTFIX, generateRsaKeyPair.getPublic().getEncoded())) {
                return generateRsaKeyPair;
            }
            throw new IllegalStateException("Could not store public key, error: " + this.mKeyStore.getLastError());
        } catch (Exception e) {
            throw new IllegalStateException("Could not generate key pair", e);
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String signWithDeviceKey(String str) {
        return signWithDeviceKey(str.getBytes(Charset.forName("utf-8")));
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String signWithDeviceKey(byte[] bArr) {
        return signWithKey("DeviceKeyAlias", bArr);
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String signWithKey(String str, String str2) {
        return signWithKey(str, str2.getBytes(Charset.forName("utf-8")));
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String signWithKey(String str, byte[] bArr) {
        try {
            PrivateKey privateKey = getPrivateKey(str);
            Signature signature = Signature.getInstance("SHA256withRSA", "BC");
            signature.initSign(privateKey);
            signature.update(bArr);
            return Base64.encodeToString(signature.sign(), 2);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("Failed to sign data with key", e);
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public Boolean verifyWithDeviceKey(String str, String str2) {
        return Boolean.valueOf(verifyWithKey("DeviceKeyAlias", str, str2));
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public boolean verifyWithKey(String str, String str2, String str3) {
        try {
            PublicKey publicKey = getPublicKey(str);
            Signature signature = Signature.getInstance("SHA256withRSA", "BC");
            signature.initVerify(publicKey);
            signature.update(str3.getBytes(Charset.forName("utf-8")));
            return signature.verify(Base64.decode(str2, 2));
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException("Could not verify data", e);
        }
    }
}
