package com.ts.common.internal.core.encryption.post18;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import com.ts.common.api.SDKBase;
import com.ts.common.api.core.encryption.PrivateKeyNotFoundException;
import com.ts.common.internal.core.encryption.CommonStoreEncryptor;
import com.ts.common.internal.core.logger.Log;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.util.Calendar;
import java.util.Date;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.inject.Inject;
import javax.inject.Named;
import javax.security.auth.x500.X500Principal;
import javax.security.cert.X509Certificate;

@TargetApi(18)
/* loaded from: classes2.dex */
public class Post18EncryptorImpl extends CommonStoreEncryptor {
    private static final String AES_CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
    private static final String DELIMITER = "]";
    protected static final String DEVICE_KEY_ALIAS = "DeviceKeyAlias";
    private static final int IV_LENGTH = 16;
    private static final String KEY_GENERATION_ALGORITHM = "PBKDF2WithHmacSHA1";
    private static final String RSA_CIPHER_ALGORITHM = "RSA/NONE/PKCS1Padding";
    private static final String SIGNATURE_ALGORITHM = "SHA256withRSA";
    private static final String TAG = "com.ts.common.internal.core.encryption.post18.Post18EncryptorImpl";
    private Context mContext;
    private SecureRandom mRandom = new SecureRandom();
    private SDKBase.AuthenticatorsProperties mSDKProperties;
    private final String mUsernameKeyIDPrefix;

    @Inject
    public Post18EncryptorImpl(Context context, @Named("uid") String str, SDKBase.AuthenticatorsProperties authenticatorsProperties) {
        this.mContext = context;
        this.mUsernameKeyIDPrefix = str + ".";
        this.mSDKProperties = authenticatorsProperties;
    }

    private byte[] generateIV() {
        try {
            byte[] bArr = new byte[16];
            this.mRandom.nextBytes(bArr);
            return bArr;
        } catch (Exception e) {
            Log.e(TAG, "Failed to generate IV");
            throw new RuntimeException(e);
        }
    }

    private String getKeyStoreInfo() {
        try {
            KeyStore.getInstance("AndroidKeyStore").load(null);
            return "Could load keystore";
        } catch (Exception e) {
            return "Could not load keystore; " + e.toString();
        }
    }

    private PublicKey getPublicKey(String str) throws GeneralSecurityException, IOException {
        String storeKeyID = getStoreKeyID(str);
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        KeyStore.Entry entry = keyStore.getEntry(storeKeyID, null);
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            return ((KeyStore.PrivateKeyEntry) entry).getCertificate().getPublicKey();
        }
        Log.w(TAG, "Not an instance of a PrivateKeyEntry");
        throw new PrivateKeyNotFoundException("Could not get private key");
    }

    private String getStoreKeyID(String str) {
        return this.mUsernameKeyIDPrefix + str;
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public void clearDeviceKey() {
        clearKey(DEVICE_KEY_ALIAS);
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public void clearKey(String str) {
        String storeKeyID = getStoreKeyID(str);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry(storeKeyID);
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException("Failed clearing key", e);
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String decryptAES(String str, SecretKey secretKey) {
        try {
            String[] split = str.split(DELIMITER);
            if (split.length != 2) {
                throw new IllegalArgumentException("Invalid encrypted text format");
            }
            byte[] decode = Base64.decode(split[0], 2);
            byte[] decode2 = Base64.decode(split[1], 2);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(decode);
            Cipher cipher = Cipher.getInstance(AES_CIPHER_ALGORITHM);
            cipher.init(2, secretKey, ivParameterSpec);
            return new String(cipher.doFinal(decode2), "UTF-8");
        } catch (UnsupportedEncodingException | GeneralSecurityException e) {
            throw new RuntimeException("Failed decrypting data with AES", e);
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String decryptWithDeviceKey(String str) {
        try {
            Cipher cipher = Cipher.getInstance(RSA_CIPHER_ALGORITHM, "AndroidOpenSSL");
            cipher.init(2, getPrivateKey(DEVICE_KEY_ALIAS));
            return new String(cipher.doFinal(Base64.decode(str, 2)), Charset.forName("UTF-8"));
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException("Could not decrypt.", e);
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String encryptAES(String str, SecretKey secretKey) {
        try {
            byte[] generateIV = generateIV();
            IvParameterSpec ivParameterSpec = new IvParameterSpec(generateIV);
            Cipher cipher = Cipher.getInstance(AES_CIPHER_ALGORITHM);
            cipher.init(1, secretKey, ivParameterSpec);
            return String.format("%s%s%s", Base64.encodeToString(generateIV, 2), DELIMITER, Base64.encodeToString(cipher.doFinal(str.getBytes(Charset.forName("UTF-8"))), 2));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("Failed encrypting data with AES", e);
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String encryptWithDeviceKey(String str) {
        return encryptWithDeviceKey(str.getBytes(Charset.forName("utf-8")));
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String encryptWithDeviceKey(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance(RSA_CIPHER_ALGORITHM, "AndroidOpenSSL");
            cipher.init(1, getPublicKey(DEVICE_KEY_ALIAS));
            return Base64.encodeToString(cipher.doFinal(bArr), 2);
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException("Could not encrypt.", e);
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String encryptWithExternalPublicCert(String str, String str2) {
        try {
            PublicKey publicKey = X509Certificate.getInstance(Base64.decode(str, 2)).getPublicKey();
            Cipher cipher = Cipher.getInstance(RSA_CIPHER_ALGORITHM);
            cipher.init(1, publicKey);
            return Base64.encodeToString(cipher.doFinal(str2.getBytes(Charset.forName("UTF-8"))), 2);
        } catch (Exception e) {
            throw new RuntimeException("Could not parse cert or encrypt.", e);
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public SecretKey generateKey(char[] cArr, byte[] bArr) {
        try {
            return SecretKeyFactory.getInstance(KEY_GENERATION_ALGORITHM).generateSecret(new PBEKeySpec(cArr, bArr, this.mSDKProperties.keyDerivationParameters.iterationsCount, 256));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("Could not extends auth data", e);
        }
    }

    @Override // com.ts.common.internal.core.encryption.CommonStoreEncryptor
    protected KeyPair generateKeyPair(String str) {
        try {
            String storeKeyID = getStoreKeyID(str);
            Calendar calendar = Calendar.getInstance();
            Date time = calendar.getTime();
            calendar.add(1, 10);
            Date time2 = calendar.getTime();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            KeyPairGeneratorSpec.Builder subject = new KeyPairGeneratorSpec.Builder(this.mContext).setAlias(storeKeyID).setStartDate(time).setEndDate(time2).setSerialNumber(BigInteger.valueOf(1L)).setSubject(new X500Principal("CN=TransmitSecurity"));
            if (Build.VERSION.SDK_INT >= 19) {
                subject.setKeySize(CommonStoreEncryptor.getKeySize());
            }
            keyPairGenerator.initialize(subject.build());
            Locale locale = Locale.getDefault();
            Locale.setDefault(Locale.US);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Locale.setDefault(locale);
            return generateKeyPair;
        } catch (Exception e) {
            throw new RuntimeException("Could not generate keys; " + getKeyStoreInfo(), e);
        }
    }

    protected PrivateKey getPrivateKey(String str) throws GeneralSecurityException, IOException {
        String storeKeyID = getStoreKeyID(str);
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        KeyStore.Entry entry = keyStore.getEntry(storeKeyID, null);
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            return ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
        }
        Log.w(TAG, "Not an instance of a PrivateKeyEntry");
        throw new PrivateKeyNotFoundException("Could not get private key");
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String signWithDeviceKey(String str) {
        return signWithKey(DEVICE_KEY_ALIAS, str);
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String signWithDeviceKey(byte[] bArr) {
        return signWithKey(DEVICE_KEY_ALIAS, bArr);
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String signWithKey(String str, String str2) {
        return signWithKey(str, str2.getBytes(Charset.forName("utf-8")));
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public String signWithKey(String str, byte[] bArr) {
        try {
            Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
            signature.initSign(getPrivateKey(str));
            signature.update(bArr);
            return Base64.encodeToString(signature.sign(), 2);
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException("Could not sign data!", e);
        }
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public Boolean verifyWithDeviceKey(String str, String str2) {
        return Boolean.valueOf(verifyWithKey(DEVICE_KEY_ALIAS, str, str2));
    }

    @Override // com.ts.common.api.core.encryption.Encryptor
    public boolean verifyWithKey(String str, String str2, String str3) {
        try {
            Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
            signature.initVerify(getPublicKey(str));
            signature.update(str3.getBytes(Charset.forName("utf-8")));
            return signature.verify(Base64.decode(str2, 2));
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException("Could not validate signature", e);
        }
    }
}
