package jp.co.rakuten.sdtd.user.internal;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.util.Arrays;
import java.util.Calendar;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.lang.CharEncoding;

/* compiled from: EncryptedDataStore.java */
/* loaded from: classes2.dex */
public final class d {

    /* renamed from: a, reason: collision with root package name */
    private static final f f20547a = new f("EncryptedDataStore");

    /* renamed from: b, reason: collision with root package name */
    private static int f20548b = 11;

    /* renamed from: c, reason: collision with root package name */
    private static final SecretKeySpec f20549c = new SecretKeySpec(new byte[]{108, -43, 110, 13, -88, -42, -74, -31, -103, 106, -97, -12, 72, -21, 6, -64, -32, 20, -73, 66, -23, 88, -4, -80, 9, 111, 116, -58, -12, 94, -28, 68}, "AES");

    /* renamed from: d, reason: collision with root package name */
    private static a f20550d = new b();

    /* renamed from: e, reason: collision with root package name */
    private final String f20551e;

    /* renamed from: f, reason: collision with root package name */
    private final SharedPreferences f20552f;

    /* renamed from: g, reason: collision with root package name */
    private final Context f20553g;

    /* compiled from: EncryptedDataStore.java */
    /* loaded from: classes2.dex */
    public interface a {
        Cipher a(String str, byte[] bArr);

        Signature b();

        Mac c();

        Cipher d(String str);
    }

    /* compiled from: EncryptedDataStore.java */
    /* loaded from: classes2.dex */
    public static class b implements a {
        private synchronized SecretKey e(String str, KeyGenParameterSpec keyGenParameterSpec) {
            SecretKey generateKey;
            String keystoreAlias = keyGenParameterSpec.getKeystoreAlias();
            KeyStore.SecretKeyEntry g2 = g(keystoreAlias);
            if (g2 != null) {
                generateKey = g2.getSecretKey();
                if (generateKey == null) {
                    throw new GeneralSecurityException("Key [" + keystoreAlias + "] disappeared into oblivion");
                }
            } else {
                KeyGenerator keyGenerator = KeyGenerator.getInstance(str, "AndroidKeyStore");
                keyGenerator.init(keyGenParameterSpec);
                generateKey = keyGenerator.generateKey();
                if (generateKey == null) {
                    throw new GeneralSecurityException("Generator returned null for key [" + keystoreAlias + "]");
                }
            }
            return generateKey;
        }

        private SecretKey f(String str) {
            return e("AES", new KeyGenParameterSpec.Builder(str, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setUserAuthenticationRequired(false).build());
        }

        static KeyStore.SecretKeyEntry g(String str) {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                try {
                    keyStore.load(null);
                    if (keyStore.containsAlias(str)) {
                        return (KeyStore.SecretKeyEntry) keyStore.getEntry(str, null);
                    }
                    return null;
                } catch (IOException e2) {
                    throw new KeyStoreException("Can't load keystore", e2);
                }
            } catch (Throwable th) {
                throw new GeneralSecurityException("Failed to access the keystore", th);
            }
        }

        @Override // jp.co.rakuten.sdtd.user.internal.d.a
        public Cipher a(String str, byte[] bArr) {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            cipher.init(2, f(str), new IvParameterSpec(bArr));
            return cipher;
        }

        @Override // jp.co.rakuten.sdtd.user.internal.d.a
        public Signature b() {
            return null;
        }

        @Override // jp.co.rakuten.sdtd.user.internal.d.a
        public Mac c() {
            SecretKey e2 = e("HmacSHA256", new KeyGenParameterSpec.Builder("default-mac", 4).build());
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(e2);
            return mac;
        }

        @Override // jp.co.rakuten.sdtd.user.internal.d.a
        public Cipher d(String str) {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            cipher.init(1, f(str));
            return cipher;
        }
    }

    /* compiled from: EncryptedDataStore.java */
    /* loaded from: classes2.dex */
    public static class c implements a {

        /* renamed from: a, reason: collision with root package name */
        private Context f20554a;

        c(Context context) {
            this.f20554a = context;
        }

        private Cipher e(int i2, Key key) {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(i2, key);
            return cipher;
        }

        private synchronized KeyStore.PrivateKeyEntry f(KeyPairGeneratorSpec keyPairGeneratorSpec) {
            String keystoreAlias = keyPairGeneratorSpec.getKeystoreAlias();
            KeyStore.PrivateKeyEntry i2 = i(keystoreAlias);
            if (i2 != null) {
                return i2;
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(keyPairGeneratorSpec);
            keyPairGenerator.generateKeyPair();
            return i(keystoreAlias);
        }

        private KeyPairGeneratorSpec g(Context context, String str) {
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 30);
            return new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSubject(new X500Principal("CN=" + str)).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        }

        private PrivateKey h(Context context, String str) {
            return f(g(context, str)).getPrivateKey();
        }

        static KeyStore.PrivateKeyEntry i(String str) {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                try {
                    keyStore.load(null);
                    if (keyStore.containsAlias(str)) {
                        KeyStore.Entry entry = keyStore.getEntry(str, null);
                        if (entry instanceof KeyStore.PrivateKeyEntry) {
                            return (KeyStore.PrivateKeyEntry) entry;
                        }
                    }
                    return null;
                } catch (IOException e2) {
                    throw new KeyStoreException("Can't load keystore", e2);
                }
            } catch (Throwable th) {
                throw new GeneralSecurityException("Failed to access the keystore", th);
            }
        }

        private PublicKey j(Context context, String str) {
            return f(g(context, str)).getCertificate().getPublicKey();
        }

        private byte[] k(String str) {
            SharedPreferences sharedPreferences = this.f20554a.getSharedPreferences("master_key", 0);
            String string = sharedPreferences.getString(str + "_rsa_key", null);
            if (string != null) {
                return e(2, h(this.f20554a, str)).doFinal(Base64.decode(string, d.f20548b));
            }
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            byte[] doFinal = e(1, j(this.f20554a, str)).doFinal(bArr);
            sharedPreferences.edit().putString(str + "_rsa_key", Base64.encodeToString(doFinal, d.f20548b)).apply();
            return bArr;
        }

        @Override // jp.co.rakuten.sdtd.user.internal.d.a
        public Cipher a(String str, byte[] bArr) {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            cipher.init(2, new SecretKeySpec(k(str), "AES"), new IvParameterSpec(bArr));
            return cipher;
        }

        @Override // jp.co.rakuten.sdtd.user.internal.d.a
        public Signature b() {
            try {
                Signature signature = Signature.getInstance("SHA512withRSA");
                signature.initSign(h(this.f20554a, "alias_rsa_keypair"));
                return signature;
            } catch (NoSuchAlgorithmException unused) {
                throw new GeneralSecurityException("RSA algorithm is not supported");
            }
        }

        @Override // jp.co.rakuten.sdtd.user.internal.d.a
        public Mac c() {
            return null;
        }

        @Override // jp.co.rakuten.sdtd.user.internal.d.a
        public Cipher d(String str) {
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            cipher.init(1, new SecretKeySpec(k(str), "AES"), new IvParameterSpec(bArr));
            return cipher;
        }
    }

    public d(Context context, String str) {
        if (Build.VERSION.SDK_INT < 23) {
            i(new c(context));
        }
        this.f20551e = str;
        this.f20552f = context.getSharedPreferences(str + "_legacy", 0);
        this.f20553g = context;
    }

    public static void i(a aVar) {
        f20550d = aVar;
    }

    public void b() {
        this.f20552f.edit().clear().apply();
    }

    String c(String str) {
        String[] split = str.split("/", -1);
        byte[] decode = Base64.decode(split[0], f20548b);
        byte[] decode2 = Base64.decode(split[1], f20548b);
        byte[] decode3 = Base64.decode(split[2], f20548b);
        try {
            if (l(decode2, decode, decode3)) {
                return new String(f20550d.a(this.f20551e, decode).doFinal(decode2), Charset.forName(CharEncoding.UTF_8));
            }
            throw new GeneralSecurityException("Signature does not match");
        } catch (GeneralSecurityException unused) {
            if (!m(decode2, decode, decode3)) {
                throw new GeneralSecurityException("Signature does not match");
            }
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, f20549c, new IvParameterSpec(decode));
            return new String(cipher.doFinal(decode2), Charset.forName(CharEncoding.UTF_8));
        }
    }

    String d(String str) {
        Cipher d2 = f20550d.d(this.f20551e);
        byte[] doFinal = d2.doFinal(str.getBytes(Charset.forName(CharEncoding.UTF_8)));
        byte[] iv = d2.getIV();
        return Base64.encodeToString(iv, f20548b) + "/" + Base64.encodeToString(doFinal, f20548b) + "/" + Base64.encodeToString(j(doFinal, iv), f20548b);
    }

    public String e(String str, String str2) {
        try {
            String string = this.f20552f.getString(g(str), null);
            if (string != null) {
                return c(string.split("//", -1)[1]);
            }
        } catch (GeneralSecurityException e2) {
            f20547a.b("Could not retrieve value for key =", str, e2);
            jp.co.rakuten.sdtd.user.internal.c.f(this.f20553g, "store.get()", null, e2);
        }
        return str2;
    }

    public Set<String> f() {
        HashSet hashSet = new HashSet();
        Iterator<?> it = this.f20552f.getAll().values().iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            try {
                hashSet.add(c(str.split("//", -1)[0]));
            } catch (GeneralSecurityException e2) {
                f20547a.b("Could not decrypt key for tuple =", str, e2);
                jp.co.rakuten.sdtd.user.internal.c.f(this.f20553g, "store.getAll()", null, e2);
            }
        }
        return hashSet;
    }

    String g(String str) {
        try {
            return String.format("%064x", new BigInteger(1, MessageDigest.getInstance("SHA-256").digest(str.getBytes(Charset.forName(CharEncoding.UTF_8)))));
        } catch (NoSuchAlgorithmException e2) {
            throw new UnsupportedOperationException("Could not hash key", e2);
        }
    }

    public boolean h(String str, String str2) {
        try {
            String g2 = g(str);
            if (str2 == null) {
                this.f20552f.edit().remove(g2).apply();
            } else {
                this.f20552f.edit().putString(g2, d(str) + "//" + d(str2)).apply();
            }
            return true;
        } catch (GeneralSecurityException e2) {
            f20547a.b("Could not store value for key =", str, e2);
            jp.co.rakuten.sdtd.user.internal.c.f(this.f20553g, "store.put()", null, e2);
            return false;
        }
    }

    byte[] j(byte[] bArr, byte[] bArr2) {
        a aVar = f20550d;
        Signature b2 = aVar instanceof c ? aVar.b() : null;
        if (b2 != null) {
            b2.update(bArr);
            return b2.sign();
        }
        Mac c2 = f20550d.c();
        c2.update(bArr2);
        return c2.doFinal(bArr);
    }

    byte[] k(byte[] bArr, byte[] bArr2) {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(f20549c.getEncoded(), "HmacSHA256"));
        mac.update(bArr2);
        return mac.doFinal(bArr);
    }

    boolean l(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return Arrays.equals(j(bArr, bArr2), bArr3);
    }

    boolean m(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return Arrays.equals(k(bArr, bArr2), bArr3);
    }
}
