package com.privateinternetaccess.android.utils;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.amazon.a.a.o.b;
import com.privateinternetaccess.android.pia.utils.DLog;
import com.privateinternetaccess.android.pia.utils.MultiPreferences;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;

/* compiled from: KeyStoreUtils.kt */
@Metadata(d1 = {"\u0000<\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0010\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0005\u0018\u0000 \u00182\u00020\u0001:\u0001\u0018B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u0010\u0010\t\u001a\u0004\u0018\u00010\n2\u0006\u0010\u000b\u001a\u00020\nJ\u000e\u0010\f\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\nJ\b\u0010\r\u001a\u00020\u000eH\u0002J\b\u0010\u000f\u001a\u00020\u000eH\u0002J\b\u0010\u0010\u001a\u00020\u000eH\u0002J\b\u0010\u0011\u001a\u00020\u0012H\u0002J\u0010\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u0014H\u0002J\u0010\u0010\u0016\u001a\u00020\u00142\u0006\u0010\u0017\u001a\u00020\u0014H\u0002R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u0010\u0010\u0007\u001a\u0004\u0018\u00010\bX\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u0019"}, d2 = {"Lcom/privateinternetaccess/android/utils/KeyStoreUtils;", "", "context", "Landroid/content/Context;", "multiPreferences", "Lcom/privateinternetaccess/android/pia/utils/MultiPreferences;", "(Landroid/content/Context;Lcom/privateinternetaccess/android/pia/utils/MultiPreferences;)V", "keyStore", "Ljava/security/KeyStore;", "decrypt", "", b.Y, "encrypt", "generateAESKey", "", "generateEncryptKey", "generateInitializationVector", "getSecretKey", "Ljava/security/Key;", "rsaDecrypt", "", "encrypted", "rsaEncrypt", "secret", "Companion", "pia-3.29.0-598_productionPlaystoreRelease"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class KeyStoreUtils {
    private static final String AES_MODE = "AES/GCM/NoPadding";
    private static final String ANDROID_KEYSTORE = "AndroidKeyStore";
    private static final String CIPHER_NAME_PROVIDER = "AndroidOpenSSL";
    private static final String ENCRYPTED_KEY = "ENCRYPTED_KEY";
    private static final String INITIALIZATION_VECTOR = "INITIALIZATION_VECTOR";
    private static final String KEY_ALIAS = "PIA_KEY";
    private static final String RSA_MODE = "RSA/ECB/PKCS1Padding";
    private static final String TAG = "KeyStoreUtils";
    private final Context context;
    private KeyStore keyStore;
    private final MultiPreferences multiPreferences;

    public KeyStoreUtils(Context context, MultiPreferences multiPreferences) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(multiPreferences, "multiPreferences");
        this.context = context;
        this.multiPreferences = multiPreferences;
        try {
            this.keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
            generateEncryptKey();
            generateInitializationVector();
            if (Build.VERSION.SDK_INT < 23) {
                generateAESKey();
            }
        } catch (KeyStoreException e) {
            DLog.e(TAG, "Exception on init " + e);
        }
    }

    private final void generateAESKey() {
        if (this.multiPreferences.getString(ENCRYPTED_KEY, null) == null) {
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            this.multiPreferences.setString(ENCRYPTED_KEY, Base64.encodeToString(rsaEncrypt(bArr), 0));
        }
    }

    private final void generateEncryptKey() {
        KeyStore keyStore = this.keyStore;
        if (keyStore != null) {
            keyStore.load(null);
            if (keyStore.containsAlias(KEY_ALIAS)) {
                return;
            }
        }
        if (Build.VERSION.SDK_INT >= 23) {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEYSTORE);
            keyGenerator.init(new KeyGenParameterSpec.Builder(KEY_ALIAS, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build());
            keyGenerator.generateKey();
            return;
        }
        Calendar calendar = Calendar.getInstance();
        Intrinsics.checkNotNullExpressionValue(calendar, "getInstance(...)");
        Calendar calendar2 = Calendar.getInstance();
        Intrinsics.checkNotNullExpressionValue(calendar2, "getInstance(...)");
        calendar2.add(1, 20);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.context).setAlias(KEY_ALIAS).setSubject(new X500Principal("CN=PIA_KEY")).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEYSTORE);
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
    }

    private final void generateInitializationVector() {
        if (this.multiPreferences.getString(INITIALIZATION_VECTOR, null) == null) {
            String encodeToString = Base64.encodeToString(new SecureRandom().generateSeed(12), 0);
            Intrinsics.checkNotNullExpressionValue(encodeToString, "encodeToString(...)");
            this.multiPreferences.setString(INITIALIZATION_VECTOR, encodeToString);
        }
    }

    private final Key getSecretKey() {
        if (Build.VERSION.SDK_INT < 23) {
            byte[] decode = Base64.decode(this.multiPreferences.getString(ENCRYPTED_KEY, null), 0);
            Intrinsics.checkNotNullExpressionValue(decode, "decode(...)");
            return new SecretKeySpec(rsaDecrypt(decode), "AES");
        }
        KeyStore keyStore = this.keyStore;
        if (keyStore != null) {
            keyStore.load(null);
        }
        KeyStore keyStore2 = this.keyStore;
        Key key = keyStore2 != null ? keyStore2.getKey(KEY_ALIAS, null) : null;
        Intrinsics.checkNotNull(key, "null cannot be cast to non-null type javax.crypto.SecretKey");
        return (SecretKey) key;
    }

    private final byte[] rsaDecrypt(byte[] encrypted) {
        KeyStore keyStore = this.keyStore;
        KeyStore.Entry entry = keyStore != null ? keyStore.getEntry(KEY_ALIAS, null) : null;
        Intrinsics.checkNotNull(entry, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
        Cipher cipher = Cipher.getInstance(RSA_MODE, CIPHER_NAME_PROVIDER);
        cipher.init(2, ((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(encrypted), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        int size = arrayList.size();
        byte[] bArr = new byte[size];
        for (int i = 0; i < size; i++) {
            Object obj = arrayList.get(i);
            Intrinsics.checkNotNullExpressionValue(obj, "get(...)");
            bArr[i] = ((Number) obj).byteValue();
        }
        return bArr;
    }

    private final byte[] rsaEncrypt(byte[] secret) {
        KeyStore keyStore = this.keyStore;
        KeyStore.Entry entry = keyStore != null ? keyStore.getEntry(KEY_ALIAS, null) : null;
        Intrinsics.checkNotNull(entry, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
        Cipher cipher = Cipher.getInstance(RSA_MODE, CIPHER_NAME_PROVIDER);
        cipher.init(1, ((KeyStore.PrivateKeyEntry) entry).getCertificate().getPublicKey());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(secret);
        cipherOutputStream.close();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        Intrinsics.checkNotNullExpressionValue(byteArray, "toByteArray(...)");
        return byteArray;
    }

    public final String decrypt(String value) {
        byte[] bArr;
        Intrinsics.checkNotNullParameter(value, "value");
        Cipher cipher = Cipher.getInstance(AES_MODE);
        try {
            cipher.init(2, getSecretKey(), new GCMParameterSpec(128, Base64.decode(this.multiPreferences.getString(INITIALIZATION_VECTOR, null), 0)));
            Charset forName = Charset.forName("UTF-8");
            Intrinsics.checkNotNullExpressionValue(forName, "forName(...)");
            byte[] bytes = value.getBytes(forName);
            Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
            bArr = cipher.doFinal(Base64.decode(bytes, 0));
        } catch (Exception e) {
            e.printStackTrace();
            bArr = null;
        }
        if (bArr != null) {
            return new String(bArr, Charsets.UTF_8);
        }
        return null;
    }

    public final String encrypt(String value) {
        Intrinsics.checkNotNullParameter(value, "value");
        Cipher cipher = Cipher.getInstance(AES_MODE);
        try {
            cipher.init(1, getSecretKey(), new GCMParameterSpec(128, Base64.decode(this.multiPreferences.getString(INITIALIZATION_VECTOR, null), 0)));
        } catch (Exception e) {
            e.printStackTrace();
        }
        Charset forName = Charset.forName("UTF-8");
        Intrinsics.checkNotNullExpressionValue(forName, "forName(...)");
        byte[] bytes = value.getBytes(forName);
        Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
        byte[] doFinal = cipher.doFinal(bytes);
        Intrinsics.checkNotNullExpressionValue(doFinal, "doFinal(...)");
        String encodeToString = Base64.encodeToString(doFinal, 0);
        Intrinsics.checkNotNullExpressionValue(encodeToString, "encodeToString(...)");
        return encodeToString;
    }
}
