package com.lunabeestudio.framework.local;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.core.util.AtomicFile;
import androidx.recyclerview.widget.RecyclerView;
import com.lunabeestudio.framework.utils.SelfDestroyCipherInputStream;
import com.lunabeestudio.framework.utils.SelfDestroyCipherOutputStream;
import com.lunabeestudio.robert.extension.ByteArrayExtKt;
import com.lunabeestudio.robert.model.SecretKeyAlreadyGeneratedException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import javax.security.cert.CertificateException;
import kotlin.Metadata;
import kotlin.io.ByteStreamsKt;
import kotlin.io.CloseableKt;
import kotlin.io.TextStreamsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import timber.log.Timber;

/* compiled from: LocalCryptoManager.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000\\\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\b\u0018\u0000 .2\u00020\u0001:\u0001.B\u000f\u0012\u0006\u0010*\u001a\u00020\u0002¢\u0006\u0004\b,\u0010-J\u0010\u0010\u0005\u001a\u00020\u00042\u0006\u0010\u0003\u001a\u00020\u0002H\u0003J\u000e\u0010\b\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\u0006J\u0018\u0010\b\u001a\u00020\u00062\u0006\u0010\n\u001a\u00020\t2\b\b\u0002\u0010\f\u001a\u00020\u000bJ\u0016\u0010\u0010\u001a\u00020\u000f2\u0006\u0010\u0007\u001a\u00020\u00062\u0006\u0010\u000e\u001a\u00020\rJ\u0018\u0010\u0011\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\t2\b\b\u0002\u0010\f\u001a\u00020\u000bJ\u000e\u0010\u0013\u001a\u00020\t2\u0006\u0010\u0012\u001a\u00020\u0006J\u000e\u0010\u0014\u001a\u00020\u00062\u0006\u0010\u0012\u001a\u00020\u0006J\u000e\u0010\u0014\u001a\u00020\u00062\u0006\u0010\u0015\u001a\u00020\rJ\u000e\u0010\u0013\u001a\u00020\t2\u0006\u0010\u0016\u001a\u00020\tJ\u0018\u0010\u001a\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\u00172\b\b\u0002\u0010\u0019\u001a\u00020\u000bJ!\u0010\u001f\u001a\u00020\u001b2\u0006\u0010\u001c\u001a\u00020\u001b2\n\b\u0002\u0010\u001e\u001a\u0004\u0018\u00010\u001d¢\u0006\u0004\b\u001f\u0010 R\u0016\u0010\"\u001a\u00020!8\u0002@\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\"\u0010#R\u0016\u0010&\u001a\u00020\u00048B@\u0002X\u0082\u0004¢\u0006\u0006\u001a\u0004\b$\u0010%R\u0016\u0010(\u001a\u00020'8\u0002@\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b(\u0010)R\u0016\u0010*\u001a\u00020\u00028\u0002@\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b*\u0010+¨\u0006/"}, d2 = {"Lcom/lunabeestudio/framework/local/LocalCryptoManager;", "", "Landroid/content/Context;", "context", "Ljavax/crypto/SecretKey;", "getAesGcmLocalProtectionKey", "", "clearText", "encryptToString", "", "passphrase", "", "clearPassphrase", "Landroidx/core/util/AtomicFile;", "targetFile", "", "encryptToFile", "encrypt", "encryptedText", "decrypt", "decryptToString", "file", "encryptedData", "Ljava/io/OutputStream;", "outputStream", "writeIvSize", "createCipherOutputStream", "Ljava/io/InputStream;", "inputStream", "", "pIvLength", "createCipherInputStream", "(Ljava/io/InputStream;Ljava/lang/Integer;)Ljava/io/InputStream;", "Ljava/security/KeyStore;", "keyStore", "Ljava/security/KeyStore;", "getLocalProtectionKey", "()Ljavax/crypto/SecretKey;", "localProtectionKey", "Landroid/content/SharedPreferences;", "sharedPreferences", "Landroid/content/SharedPreferences;", "appContext", "Landroid/content/Context;", "<init>", "(Landroid/content/Context;)V", "Companion", "framework_release"}, k = 1, mv = {1, 5, 1})
/* loaded from: classes.dex */
public final class LocalCryptoManager {
    private static final String AES_GCM_CIPHER_TYPE = "AES/GCM/NoPadding";
    private static final int AES_GCM_IV_LENGTH = 12;
    private static final int AES_GCM_KEY_SIZE_IN_BITS = 128;
    private static final String AES_LOCAL_PROTECTION_KEY_ALIAS = "aes_local_protection";
    private static final String AES_WRAPPED_PROTECTION_KEY_SHARED_PREFERENCE = "aes_wrapped_local_protection";
    private static final String ANDROID_KEY_STORE_PROVIDER = "AndroidKeyStore";
    private static final int BUFFER_SIZE = 1024;
    private static final String RSA_WRAP_CIPHER_TYPE = "RSA/NONE/PKCS1Padding";
    private static final String RSA_WRAP_LOCAL_PROTECTION_KEY_ALIAS = "rsa_wrap_local_protection";
    private static final String SECRET_KEY_GENERATED_SHARED_PREFERENCE = "secret_key_generated";
    private static final String SHARED_PREF_NAME = "crypto_prefs";
    private final Context appContext;
    private final KeyStore keyStore;
    private final SharedPreferences sharedPreferences;
    private static final SecureRandom prng = new SecureRandom();

    public LocalCryptoManager(Context appContext) {
        Intrinsics.checkNotNullParameter(appContext, "appContext");
        this.appContext = appContext;
        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER);
        keyStore.load(null);
        this.keyStore = keyStore;
        SharedPreferences sharedPreferences = appContext.getSharedPreferences(SHARED_PREF_NAME, 0);
        Intrinsics.checkNotNullExpressionValue(sharedPreferences, "appContext.getSharedPreferences(SHARED_PREF_NAME, Context.MODE_PRIVATE)");
        this.sharedPreferences = sharedPreferences;
    }

    public static /* synthetic */ InputStream createCipherInputStream$default(LocalCryptoManager localCryptoManager, InputStream inputStream, Integer num, int i, Object obj) throws NoSuchPaddingException, NoSuchAlgorithmException, CertificateException, InvalidKeyException, KeyStoreException, UnrecoverableKeyException, IllegalBlockSizeException, NoSuchProviderException, InvalidAlgorithmParameterException, IOException {
        if ((i & 2) != 0) {
            num = null;
        }
        return localCryptoManager.createCipherInputStream(inputStream, num);
    }

    public static /* synthetic */ OutputStream createCipherOutputStream$default(LocalCryptoManager localCryptoManager, OutputStream outputStream, boolean z, int i, Object obj) throws IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchPaddingException, NoSuchProviderException, KeyStoreException, IllegalBlockSizeException {
        if ((i & 2) != 0) {
            z = true;
        }
        return localCryptoManager.createCipherOutputStream(outputStream, z);
    }

    public static /* synthetic */ byte[] encrypt$default(LocalCryptoManager localCryptoManager, byte[] bArr, boolean z, int i, Object obj) {
        if ((i & 2) != 0) {
            z = true;
        }
        return localCryptoManager.encrypt(bArr, z);
    }

    public static /* synthetic */ String encryptToString$default(LocalCryptoManager localCryptoManager, byte[] bArr, boolean z, int i, Object obj) {
        if ((i & 2) != 0) {
            z = true;
        }
        return localCryptoManager.encryptToString(bArr, z);
    }

    @SuppressLint({"InlinedApi"})
    private final synchronized SecretKey getAesGcmLocalProtectionKey(Context context) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, NoSuchProviderException, InvalidAlgorithmParameterException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, UnrecoverableKeyException {
        SecretKey secretKey;
        if (Build.VERSION.SDK_INT < 23) {
            String string = this.sharedPreferences.getString(AES_WRAPPED_PROTECTION_KEY_SHARED_PREFERENCE, null);
            if (string == null || !this.keyStore.containsAlias(RSA_WRAP_LOCAL_PROTECTION_KEY_ALIAS)) {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEY_STORE_PROVIDER);
                Intrinsics.checkNotNullExpressionValue(keyPairGenerator, "getInstance(\n                    KeyProperties.KEY_ALGORITHM_RSA,\n                    ANDROID_KEY_STORE_PROVIDER\n                )");
                Calendar calendar = Calendar.getInstance();
                calendar.add(11, -26);
                Date time = calendar.getTime();
                Intrinsics.checkNotNullExpressionValue(time, "calendar.time");
                calendar.add(1, 10);
                Date time2 = calendar.getTime();
                Intrinsics.checkNotNullExpressionValue(time2, "calendar.time");
                keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(context).setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(RecyclerView.ViewHolder.FLAG_MOVED, RSAKeyGenParameterSpec.F4)).setAlias(RSA_WRAP_LOCAL_PROTECTION_KEY_ALIAS).setSubject(new X500Principal("CN=stopcovid-robert-android")).setStartDate(time).setEndDate(time2).setSerialNumber(BigInteger.ONE).build());
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                Intrinsics.checkNotNullExpressionValue(generateKeyPair, "generator.generateKeyPair()");
                byte[] bArr = new byte[16];
                prng.nextBytes(bArr);
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
                Cipher cipher = Cipher.getInstance(RSA_WRAP_CIPHER_TYPE);
                cipher.init(3, generateKeyPair.getPublic());
                this.sharedPreferences.edit().putString(AES_WRAPPED_PROTECTION_KEY_SHARED_PREFERENCE, Base64.encodeToString(cipher.wrap(secretKeySpec), 0)).apply();
                secretKey = secretKeySpec;
            } else {
                Key key = this.keyStore.getKey(RSA_WRAP_LOCAL_PROTECTION_KEY_ALIAS, null);
                if (key == null) {
                    throw new NullPointerException("null cannot be cast to non-null type java.security.PrivateKey");
                }
                byte[] decode = Base64.decode(string, 0);
                Cipher cipher2 = Cipher.getInstance(RSA_WRAP_CIPHER_TYPE);
                cipher2.init(4, (PrivateKey) key);
                Key unwrap = cipher2.unwrap(decode, "AES", 3);
                if (unwrap == null) {
                    throw new NullPointerException("null cannot be cast to non-null type javax.crypto.SecretKey");
                }
                secretKey = (SecretKey) unwrap;
            }
        } else if (this.keyStore.containsAlias(AES_LOCAL_PROTECTION_KEY_ALIAS)) {
            Key key2 = this.keyStore.getKey(AES_LOCAL_PROTECTION_KEY_ALIAS, null);
            if (key2 == null) {
                throw new NullPointerException("null cannot be cast to non-null type javax.crypto.SecretKey");
            }
            secretKey = (SecretKey) key2;
        } else {
            if (this.sharedPreferences.getBoolean(SECRET_KEY_GENERATED_SHARED_PREFERENCE, false)) {
                Enumeration<String> aliases = this.keyStore.aliases();
                Intrinsics.checkNotNullExpressionValue(aliases, "keyStore.aliases()");
                ArrayList list = Collections.list(aliases);
                Intrinsics.checkNotNullExpressionValue(list, "java.util.Collections.list(this)");
                Timber.e(Intrinsics.stringPlus("Secret key couldn't be found in the KeyStore but data are already encrypted with it\nkeystore aliases = ", list), new Object[0]);
                throw new SecretKeyAlreadyGeneratedException(null, 1, null);
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEY_STORE_PROVIDER);
            Intrinsics.checkNotNullExpressionValue(keyGenerator, "getInstance(\n                    KeyProperties.KEY_ALGORITHM_AES,\n                    ANDROID_KEY_STORE_PROVIDER\n                )");
            keyGenerator.init(new KeyGenParameterSpec.Builder(AES_LOCAL_PROTECTION_KEY_ALIAS, 3).setBlockModes("GCM").setKeySize(128).setEncryptionPaddings("NoPadding").build());
            secretKey = keyGenerator.generateKey();
            if (this.keyStore.containsAlias(AES_LOCAL_PROTECTION_KEY_ALIAS)) {
                SharedPreferences.Editor editor = this.sharedPreferences.edit();
                Intrinsics.checkNotNullExpressionValue(editor, "editor");
                editor.putBoolean(SECRET_KEY_GENERATED_SHARED_PREFERENCE, true);
                editor.apply();
            }
            Intrinsics.checkNotNullExpressionValue(secretKey, "{\n                val generator: KeyGenerator = KeyGenerator.getInstance(\n                    KeyProperties.KEY_ALGORITHM_AES,\n                    ANDROID_KEY_STORE_PROVIDER\n                )\n                generator.init(\n                    KeyGenParameterSpec.Builder(\n                        AES_LOCAL_PROTECTION_KEY_ALIAS,\n                        KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT\n                    )\n                        .setBlockModes(KeyProperties.BLOCK_MODE_GCM)\n                        .setKeySize(AES_GCM_KEY_SIZE_IN_BITS)\n                        .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)\n                        .build()\n                )\n                val newSecretKey = generator.generateKey()\n                if (keyStore.containsAlias(AES_LOCAL_PROTECTION_KEY_ALIAS)) {\n                    sharedPreferences.edit {\n                        putBoolean(SECRET_KEY_GENERATED_SHARED_PREFERENCE, true)\n                    }\n                }\n                newSecretKey\n            }");
        }
        return secretKey;
    }

    private final synchronized SecretKey getLocalProtectionKey() {
        return getAesGcmLocalProtectionKey(this.appContext);
    }

    public final InputStream createCipherInputStream(InputStream inputStream, Integer pIvLength) throws NoSuchPaddingException, NoSuchAlgorithmException, CertificateException, InvalidKeyException, KeyStoreException, UnrecoverableKeyException, IllegalBlockSizeException, NoSuchProviderException, InvalidAlgorithmParameterException, IOException {
        Intrinsics.checkNotNullParameter(inputStream, "inputStream");
        inputStream.mark(16);
        byte[] bArr = new byte[pIvLength == null ? inputStream.read() : pIvLength.intValue()];
        inputStream.read(bArr);
        Cipher cipher = Cipher.getInstance(AES_GCM_CIPHER_TYPE);
        cipher.init(2, getLocalProtectionKey(), Build.VERSION.SDK_INT >= 23 ? new GCMParameterSpec(128, bArr) : new IvParameterSpec(bArr));
        return new SelfDestroyCipherInputStream(inputStream, cipher, getLocalProtectionKey());
    }

    public final OutputStream createCipherOutputStream(OutputStream outputStream, boolean writeIvSize) throws IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchPaddingException, NoSuchProviderException, KeyStoreException, IllegalBlockSizeException {
        byte[] bArr;
        Intrinsics.checkNotNullParameter(outputStream, "outputStream");
        Cipher cipher = Cipher.getInstance(AES_GCM_CIPHER_TYPE);
        if (Build.VERSION.SDK_INT >= 23) {
            cipher.init(1, getLocalProtectionKey());
            bArr = cipher.getIV();
            Intrinsics.checkNotNullExpressionValue(bArr, "{\n            cipher.init(Cipher.ENCRYPT_MODE, localProtectionKey)\n            cipher.iv\n        }");
        } else {
            bArr = new byte[12];
            prng.nextBytes(bArr);
            cipher.init(1, getLocalProtectionKey(), new IvParameterSpec(bArr));
        }
        if (writeIvSize) {
            outputStream.write(bArr.length);
        }
        outputStream.write(bArr);
        Intrinsics.checkNotNullExpressionValue(cipher, "cipher");
        return new SelfDestroyCipherOutputStream(outputStream, cipher, getLocalProtectionKey());
    }

    public final byte[] decrypt(String encryptedText) {
        Intrinsics.checkNotNullParameter(encryptedText, "encryptedText");
        byte[] decode = Base64.decode(encryptedText, 2);
        Intrinsics.checkNotNullExpressionValue(decode, "decode(encryptedText, Base64.NO_WRAP)");
        return decrypt(decode);
    }

    public final synchronized byte[] decrypt(byte[] encryptedData) {
        byte[] byteArray;
        Intrinsics.checkNotNullParameter(encryptedData, "encryptedData");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            InputStream createCipherInputStream = createCipherInputStream(new ByteArrayInputStream(encryptedData), 12);
            try {
                ByteStreamsKt.copyTo(createCipherInputStream, byteArrayOutputStream, 1024);
                CloseableKt.closeFinally(createCipherInputStream, null);
                CloseableKt.closeFinally(byteArrayOutputStream, null);
                byteArray = byteArrayOutputStream.toByteArray();
                Intrinsics.checkNotNullExpressionValue(byteArray, "bos.toByteArray()");
            } finally {
            }
        } finally {
        }
        return byteArray;
    }

    public final String decryptToString(AtomicFile file) {
        Intrinsics.checkNotNullParameter(file, "file");
        InputStreamReader inputStreamReader = new InputStreamReader(createCipherInputStream$default(this, file.openRead(), null, 2, null), Charsets.UTF_8);
        try {
            StringWriter stringWriter = new StringWriter();
            TextStreamsKt.copyTo(inputStreamReader, stringWriter, 1024);
            String stringWriter2 = stringWriter.toString();
            CloseableKt.closeFinally(inputStreamReader, null);
            Intrinsics.checkNotNullExpressionValue(stringWriter2, "cis.reader().use { reader ->\n            val buffer = StringWriter()\n            reader.copyTo(buffer, BUFFER_SIZE)\n            buffer.toString()\n        }");
            return stringWriter2;
        } finally {
        }
    }

    public final String decryptToString(String encryptedText) {
        Intrinsics.checkNotNullParameter(encryptedText, "encryptedText");
        return new String(decrypt(encryptedText), Charsets.UTF_8);
    }

    public final synchronized byte[] encrypt(byte[] passphrase, boolean clearPassphrase) {
        byte[] cipherText;
        Intrinsics.checkNotNullParameter(passphrase, "passphrase");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        OutputStream createCipherOutputStream = createCipherOutputStream(byteArrayOutputStream, false);
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(passphrase);
            try {
                ByteStreamsKt.copyTo(byteArrayInputStream, createCipherOutputStream, 1024);
                CloseableKt.closeFinally(byteArrayInputStream, null);
                CloseableKt.closeFinally(createCipherOutputStream, null);
                cipherText = byteArrayOutputStream.toByteArray();
                if (clearPassphrase) {
                    ByteArrayExtKt.randomize(passphrase);
                }
                Intrinsics.checkNotNullExpressionValue(cipherText, "cipherText");
            } finally {
            }
        } finally {
        }
        return cipherText;
    }

    public final void encryptToFile(String clearText, AtomicFile targetFile) {
        Intrinsics.checkNotNullParameter(clearText, "clearText");
        Intrinsics.checkNotNullParameter(targetFile, "targetFile");
        FileOutputStream startWrite = targetFile.startWrite();
        OutputStream createCipherOutputStream$default = createCipherOutputStream$default(this, startWrite, false, 2, null);
        try {
            byte[] bytes = clearText.getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes);
            try {
                ByteStreamsKt.copyTo(byteArrayInputStream, createCipherOutputStream$default, 1024);
                CloseableKt.closeFinally(byteArrayInputStream, null);
                CloseableKt.closeFinally(createCipherOutputStream$default, null);
                targetFile.finishWrite(startWrite);
            } finally {
            }
        } finally {
        }
    }

    public final String encryptToString(String clearText) {
        Intrinsics.checkNotNullParameter(clearText, "clearText");
        byte[] bytes = clearText.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
        return encryptToString$default(this, bytes, false, 2, null);
    }

    public final String encryptToString(byte[] passphrase, boolean clearPassphrase) {
        Intrinsics.checkNotNullParameter(passphrase, "passphrase");
        String encodeToString = Base64.encodeToString(encrypt(passphrase, clearPassphrase), 2);
        Intrinsics.checkNotNullExpressionValue(encodeToString, "encodeToString(encrypt(passphrase, clearPassphrase), Base64.NO_WRAP)");
        return encodeToString;
    }
}
