package com.arkea.anrlib.core.services.seed.impl;

import android.content.ContentValues;
import android.content.Context;
import android.database.Cursor;
import android.database.sqlite.SQLiteDatabase;
import com.arkea.anrlib.core.AnrLib;
import com.arkea.anrlib.core.R;
import com.arkea.anrlib.core.services.seed.ISeedCryptoService;
import com.arkea.anrlib.core.utils.seed.SeedBroadcastUtils;
import com.arkea.anrlib.core.utils.user.UserDbUtils;
import com.arkea.mobile.component.security.model.SeedCrypto;
import com.arkea.mobile.component.security.services.authentication.SecurityContext;
import com.arkea.mobile.component.security.utils.crypto.HashUtils;
import com.newrelic.agent.android.instrumentation.SQLiteInstrumentation;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Calendar;
import java.util.Date;
import java.util.Locale;
import java.util.Map;
import java.util.TreeMap;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.cert.X509v1CertificateBuilder;
import org.spongycastle.operator.ContentSigner;
import timber.log.Timber;

/* loaded from: classes.dex */
public class SeedCryptoService implements ISeedCryptoService {
    private static final int AES_KEYSIZE = 128;
    private static final String ALG_AES = "AES";
    private static final String ALG_AES_CIPHER = "AES/ECB/PKCS7Padding";
    private static final String ALG_RSA = "RSA";
    private static final int NB_REGEN_MAX = 10;
    private static final int SEEDCRYPTO_DEFAULT_ID = 1;
    private Context context;
    private UserDbUtils userDbUtils;
    private static Map<String, SecretKey> keys = new TreeMap();
    private static SeedCryptoService instance = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class JCESigner implements ContentSigner {
        private static final AlgorithmIdentifier PKCS1_SHA256_WITH_RSA_OID = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.1.1.11"));
        private static final String SIGNATURE_ALGORITHM = "SHA256withRSA";
        private ByteArrayOutputStream outputStream;
        private Signature signature;

        public JCESigner(PrivateKey privateKey) {
            try {
                this.outputStream = new ByteArrayOutputStream();
                Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
                this.signature = signature;
                signature.initSign(privateKey);
            } catch (GeneralSecurityException e) {
                throw new IllegalArgumentException(e);
            }
        }

        @Override // org.spongycastle.operator.ContentSigner
        public AlgorithmIdentifier getAlgorithmIdentifier() {
            if (this.signature.getAlgorithm().equals(SIGNATURE_ALGORITHM)) {
                return PKCS1_SHA256_WITH_RSA_OID;
            }
            return null;
        }

        @Override // org.spongycastle.operator.ContentSigner
        public OutputStream getOutputStream() {
            return this.outputStream;
        }

        @Override // org.spongycastle.operator.ContentSigner
        public byte[] getSignature() {
            try {
                this.signature.update(this.outputStream.toByteArray());
                return this.signature.sign();
            } catch (GeneralSecurityException e) {
                Timber.e(e, "in getSignature", new Object[0]);
                return null;
            }
        }
    }

    private SeedCryptoService(Context context) {
        this.context = context;
        this.userDbUtils = UserDbUtils.getInstance(context);
    }

    private SecretKey generateAESKey() throws NoSuchAlgorithmException, InvalidKeyException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(ALG_AES);
        keyGenerator.init(128);
        SecretKey generateKey = keyGenerator.generateKey();
        int i = 0;
        while (true) {
            if ((generateKey.getEncoded()[0] == 0 || generateKey.getEncoded()[generateKey.getEncoded().length - 1] == 0) && i < 10) {
                generateKey = keyGenerator.generateKey();
                i++;
            }
        }
        if (i != 10) {
            return generateKey;
        }
        throw new InvalidKeyException("Failed to regenerate a valid AES key after 10 tries");
    }

    private static Certificate generateCertificate(KeyPair keyPair) throws IllegalStateException, IOException, CertificateException {
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        calendar.add(1, 99);
        return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(new X509v1CertificateBuilder(new X500Name("CN=localhost"), new BigInteger("1"), time, calendar.getTime(), Locale.FRANCE, new X500Name("CN=localhost"), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())).build(new JCESigner(keyPair.getPrivate())).getEncoded()));
    }

    public static SeedCryptoService getInstance(Context context) {
        if (instance == null) {
            instance = new SeedCryptoService(context.getApplicationContext());
        }
        return instance;
    }

    private SecretKey getSecretKey(SeedCrypto seedCrypto) {
        String md5 = HashUtils.md5(seedCrypto.getRsaKeystore());
        SecretKey secretKey = keys.get(md5);
        if (secretKey != null) {
            return secretKey;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(new ByteArrayInputStream(seedCrypto.getRsaKeystore()), this.context.getString(R.string.seed_crypto_keystore_password).toCharArray());
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(this.context.getString(R.string.seed_crypto_privatekey_alias), this.context.getString(R.string.seed_crypto_privatekey_password).toCharArray());
            Cipher cipher = Cipher.getInstance(ALG_RSA);
            cipher.init(2, privateKey);
            SecretKeySpec secretKeySpec = new SecretKeySpec(cipher.doFinal(seedCrypto.getAesKey()), ALG_AES);
            keys.put(md5, secretKeySpec);
            return secretKeySpec;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private int insert(SeedCrypto seedCrypto) {
        final ContentValues seedCryptoToContentValues = this.userDbUtils.seedCryptoToContentValues(seedCrypto);
        return (int) ((Long) this.userDbUtils.doWithDb(true, new UserDbUtils.DbCallback() { // from class: com.arkea.anrlib.core.services.seed.impl.-$$Lambda$SeedCryptoService$6ackzOd27HZ1iMMRAvEqFYWSseU
            @Override // com.arkea.anrlib.core.utils.user.UserDbUtils.DbCallback
            public final Object doWithDb(SQLiteDatabase sQLiteDatabase) {
                Long valueOf;
                valueOf = Long.valueOf(!(r4 instanceof SQLiteDatabase) ? sQLiteDatabase.insert(UserDbUtils.SeedCryptoTable.NAME, "origin", r0) : SQLiteInstrumentation.insert(sQLiteDatabase, UserDbUtils.SeedCryptoTable.NAME, "origin", seedCryptoToContentValues));
                return valueOf;
            }
        })).longValue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ Void lambda$storeSecretKeyInKeystore$2(ContentValues contentValues, SQLiteDatabase sQLiteDatabase) {
        if (sQLiteDatabase instanceof SQLiteDatabase) {
            SQLiteInstrumentation.update(sQLiteDatabase, UserDbUtils.SeedCryptoTable.NAME, contentValues, "seed_crypto_id=1", null);
        } else {
            sQLiteDatabase.update(UserDbUtils.SeedCryptoTable.NAME, contentValues, "seed_crypto_id=1", null);
        }
        return null;
    }

    @Override // com.arkea.anrlib.core.services.seed.ISeedCryptoService
    public String decryptSeed(SeedCrypto seedCrypto, byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance(ALG_AES_CIPHER);
            cipher.init(2, getSecretKey(seedCrypto));
            return new String(cipher.doFinal(bArr));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.arkea.anrlib.core.services.seed.ISeedCryptoService
    public byte[] encryptSeed(SeedCrypto seedCrypto, String str) {
        try {
            Cipher cipher = Cipher.getInstance(ALG_AES_CIPHER);
            cipher.init(1, getSecretKey(seedCrypto));
            return cipher.doFinal(str.getBytes());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.arkea.anrlib.core.services.seed.ISeedCryptoService
    public SeedCrypto getDefault(boolean z) {
        SeedCrypto seedCryptoById = getSeedCryptoById(1);
        if (seedCryptoById != null || !z) {
            return seedCryptoById;
        }
        try {
            SeedCrypto seedCrypto = new SeedCrypto();
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            KeyPair generateKeyPair = KeyPairGenerator.getInstance(ALG_RSA).generateKeyPair();
            keyStore.setKeyEntry(this.context.getString(R.string.seed_crypto_privatekey_alias), generateKeyPair.getPrivate(), this.context.getString(R.string.seed_crypto_privatekey_password).toCharArray(), new Certificate[]{generateCertificate(generateKeyPair)});
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            keyStore.store(byteArrayOutputStream, this.context.getString(R.string.seed_crypto_keystore_password).toCharArray());
            byteArrayOutputStream.flush();
            seedCrypto.setRsaKeystore(byteArrayOutputStream.toByteArray());
            SecretKey generateAESKey = generateAESKey();
            Cipher cipher = Cipher.getInstance(ALG_RSA);
            cipher.init(1, generateKeyPair.getPublic());
            seedCrypto.setAesKey(cipher.doFinal(generateAESKey.getEncoded()));
            SecurityContext securityContext = AnrLib.getSecurityContext();
            seedCrypto.setOrigin(String.format("%s/%s", securityContext.getApplicationId(), securityContext.getApplicationVersion()));
            seedCrypto.setId(1);
            insert(seedCrypto);
            return seedCrypto;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public SeedCrypto getSeedCryptoById(final int i) {
        return (SeedCrypto) this.userDbUtils.doWithDb(false, new UserDbUtils.DbCallback() { // from class: com.arkea.anrlib.core.services.seed.impl.-$$Lambda$SeedCryptoService$I3Qp9RoevYVst4EI-gDMRE_ib5w
            @Override // com.arkea.anrlib.core.utils.user.UserDbUtils.DbCallback
            public final Object doWithDb(SQLiteDatabase sQLiteDatabase) {
                return SeedCryptoService.this.lambda$getSeedCryptoById$1$SeedCryptoService(i, sQLiteDatabase);
            }
        });
    }

    public /* synthetic */ SeedCrypto lambda$getSeedCryptoById$1$SeedCryptoService(int i, SQLiteDatabase sQLiteDatabase) {
        String format = String.format(Locale.FRANCE, "select origin, rsa_keystore, aes_key from seed_crypto where seed_crypto_id=%d and rsa_keystore is not null and aes_key is not null", Integer.valueOf(i));
        Cursor rawQuery = !(sQLiteDatabase instanceof SQLiteDatabase) ? sQLiteDatabase.rawQuery(format, null) : SQLiteInstrumentation.rawQuery(sQLiteDatabase, format, null);
        try {
            if (!rawQuery.moveToNext()) {
                return null;
            }
            SeedCrypto cursorToSeedCrypto = this.userDbUtils.cursorToSeedCrypto(rawQuery);
            cursorToSeedCrypto.setId(i);
            return cursorToSeedCrypto;
        } finally {
            rawQuery.close();
        }
    }

    public SeedCrypto setDefault(byte[] bArr, byte[] bArr2) {
        if (this.userDbUtils.queryForInt(String.format("select count(*) from %s", UserDbUtils.SeedCryptoTable.NAME)) != 0) {
            Timber.w("setDefault : could not save keys because they already exist", new Object[0]);
            return getDefault(false);
        }
        SeedCrypto seedCrypto = new SeedCrypto();
        seedCrypto.setId(1);
        seedCrypto.setRsaKeystore(bArr);
        seedCrypto.setAesKey(bArr2);
        insert(seedCrypto);
        return seedCrypto;
    }

    public void setDefault(Map<String, byte[]> map) {
        byte[] bArr = map.get(SeedBroadcastUtils.KEYSTORE_FILENAME);
        byte[] bArr2 = map.get(SeedBroadcastUtils.AES_KEY_FILENAME);
        if (bArr == null || bArr2 == null) {
            return;
        }
        setDefault(bArr, bArr2);
    }

    public void storeSecretKeyInKeystore(String str, String str2, SecretKey secretKey) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        SeedCrypto seedCrypto = getDefault(true);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(new ByteArrayInputStream(seedCrypto.getRsaKeystore()), this.context.getString(R.string.seed_crypto_keystore_password).toCharArray());
        KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(secretKey);
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(str2.toCharArray());
        if (keyStore.containsAlias(str)) {
            keyStore.deleteEntry(str);
        }
        try {
            keyStore.setEntry(str, secretKeyEntry, passwordProtection);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            keyStore.store(byteArrayOutputStream, this.context.getString(R.string.seed_crypto_keystore_password).toCharArray());
            byteArrayOutputStream.flush();
            seedCrypto.setRsaKeystore(byteArrayOutputStream.toByteArray());
            final ContentValues seedCryptoToContentValues = this.userDbUtils.seedCryptoToContentValues(seedCrypto);
            this.userDbUtils.doWithDb(true, new UserDbUtils.DbCallback() { // from class: com.arkea.anrlib.core.services.seed.impl.-$$Lambda$SeedCryptoService$4TNQlscHivTEyUF-t-sQgGyqxYE
                @Override // com.arkea.anrlib.core.utils.user.UserDbUtils.DbCallback
                public final Object doWithDb(SQLiteDatabase sQLiteDatabase) {
                    return SeedCryptoService.lambda$storeSecretKeyInKeystore$2(seedCryptoToContentValues, sQLiteDatabase);
                }
            });
            SeedBroadcastUtils.broadcastKeys(this.context, seedCrypto);
        } catch (Throwable th) {
            Timber.e(th, "while storing key", new Object[0]);
        }
    }
}
