package com.news.common.utils.crypto;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.RequiresApi;
import com.news.common.utils.Logger;
import com.news.common.utils.Storage;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.Calendar;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
public final class KeyStoreHelper {
    private static final String ANDROID_KEYSTORE = "AndroidKeyStore";
    private static final String KEY_ALGORITHM_AES = "AES";
    private static final String KEY_ALGORITHM_RSA = "RSA";
    private static final int KEY_SIZE = 2048;
    private static final Charset UTF_8 = Charset.forName("UTF-8");
    private SecretKeySpec aesSecretKey;
    private PrivateKey privateKey;
    private PublicKey publicKey;

    private KeyStoreHelper(@NonNull Context context, @NonNull String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
            keyStore.load(null);
            String format = String.format("CN=%s", str);
            String format2 = String.format("%s_Key_Store_Alias", str);
            String format3 = String.format("%s_ksh_scrap_string", str);
            if (!keyStore.containsAlias(format2)) {
                getKeyPairGenerator(context, format2, format).generateKeyPair();
            }
            this.privateKey = (PrivateKey) keyStore.getKey(format2, null);
            this.publicKey = keyStore.getCertificate(format2).getPublicKey();
            this.aesSecretKey = getSecretKey(context, getAESKey(context, format3), format3);
        } catch (IOException | RuntimeException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableEntryException | CertificateException e) {
            Logger.e(e);
        }
    }

    private byte[] generateAESKey() {
        try {
            SecureRandom randomInstance = CryptoUtils.getRandomInstance();
            KeyGenerator keyGenerator = KeyGenerator.getInstance(KEY_ALGORITHM_AES);
            keyGenerator.init(256, randomInstance);
            return CryptoUtils.rsaEncrypt(keyGenerator.generateKey().getEncoded(), this.publicKey);
        } catch (NoSuchAlgorithmException e) {
            Logger.e(e);
            return null;
        }
    }

    private synchronized String getAESKey(@NonNull Context context, @NonNull String str) {
        String str2;
        byte[] generateAESKey;
        try {
            str2 = Storage.get(context, str);
            if (str2 == null && (generateAESKey = generateAESKey()) != null) {
                str2 = Base64.encodeToString(generateAESKey, 0);
                Storage.set(context, str, str2);
            }
        } catch (Throwable th) {
            throw th;
        }
        return str2;
    }

    @RequiresApi(api = 18)
    static KeyPairGenerator getKeyPairGenerator(@NonNull Context context, @NonNull String str, @NonNull String str2) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM_RSA, ANDROID_KEYSTORE);
        if (Build.VERSION.SDK_INT < 23) {
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 1);
            keyPairGenerator.initialize(Build.VERSION.SDK_INT >= 19 ? new KeyPairGeneratorSpec.Builder(context).setAlias(str).setKeySize(2048).setSubject(new X500Principal(str2)).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build() : null);
        } else {
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 2).setDigests("SHA-256", "SHA-512").setEncryptionPaddings("PKCS1Padding").build());
        }
        return keyPairGenerator;
    }

    private synchronized SecretKeySpec getSecretKey(@NonNull Context context, @NonNull String str, @NonNull String str2) {
        try {
            if (TextUtils.isEmpty(str)) {
                Logger.w("Invalid AES Key.", new Object[0]);
                return null;
            }
            byte[] rsaDecrypt = CryptoUtils.rsaDecrypt(Base64.decode(str, 0), this.privateKey);
            if (rsaDecrypt != null && rsaDecrypt.length != 0) {
                return CryptoUtils.getAesKeyFromRaw(rsaDecrypt);
            }
            Logger.w("Unable to decrypt secret key. Removing from key store.", new Object[0]);
            Storage.set(context, str2, null);
            return null;
        } catch (Throwable th) {
            throw th;
        }
    }

    public static synchronized KeyStoreHelper newInstance(@NonNull Context context, @NonNull String str) {
        KeyStoreHelper keyStoreHelper;
        synchronized (KeyStoreHelper.class) {
            try {
                keyStoreHelper = new KeyStoreHelper(context, str);
            } catch (Throwable th) {
                throw th;
            }
        }
        return keyStoreHelper;
    }

    public static void removeAlias(@NonNull String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
            keyStore.load(null);
            keyStore.deleteEntry(String.format("%s_Key_Store_Alias", str));
        } catch (IOException e) {
            e = e;
            Logger.e(e);
        } catch (KeyStoreException e2) {
            e = e2;
            Logger.e(e);
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            Logger.e(e);
        } catch (CertificateException e4) {
            e = e4;
            Logger.e(e);
        }
    }

    public String decrypt(@NonNull String str) {
        byte[] aesDecrypt = CryptoUtils.aesDecrypt(Base64.decode(str, 0), this.aesSecretKey);
        return aesDecrypt != null ? new String(aesDecrypt, UTF_8) : null;
    }

    public String encrypt(@NonNull String str) {
        byte[] aesEncrypt = CryptoUtils.aesEncrypt(str.getBytes(UTF_8), this.aesSecretKey);
        return aesEncrypt != null ? Base64.encodeToString(aesEncrypt, 0) : null;
    }
}
