package com.dowjones.authlib.util;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.RequiresApi;
import dowjones.com.logflume.Flume;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Calendar;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

@RequiresApi(api = 19)
/* loaded from: classes.dex */
public class DjCryptoUtil {
    private static final String a = "DjCryptoUtil";
    private final SharedPreferences b;
    private final Context c;

    public DjCryptoUtil(Context context) {
        this.c = context.getApplicationContext();
        this.b = context.getSharedPreferences("com.dowjones.authlib.crypto", 0);
    }

    private byte[] a(byte[] bArr, String str) throws GeneralSecurityException {
        try {
            PrivateKey privateKey = g(str).getPrivateKey();
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(2, privateKey);
            return cipher.doFinal(bArr);
        } catch (KeyException e) {
            e = e;
            throw new GeneralSecurityException("Couldn't decrypt the input using the RSA Key.", e);
        } catch (NoSuchAlgorithmException e2) {
            e = e2;
            throw new GeneralSecurityException("Couldn't decrypt the input using the RSA Key.", e);
        } catch (BadPaddingException e3) {
            e = e3;
            c(str);
            Flume.e(a, "The input contained unexpected content, probably because it was encrypted using a different key. The existing keys have been deleted and a new pair will be created next time. Please try to encrypt the content again.", e);
            return new byte[0];
        } catch (IllegalBlockSizeException e4) {
            e = e4;
            c(str);
            Flume.e(a, "The input contained unexpected content, probably because it was encrypted using a different key. The existing keys have been deleted and a new pair will be created next time. Please try to encrypt the content again.", e);
            return new byte[0];
        } catch (NoSuchPaddingException e5) {
            e = e5;
            throw new GeneralSecurityException("Couldn't decrypt the input using the RSA Key.", e);
        }
    }

    private byte[] b(byte[] bArr, String str) throws GeneralSecurityException {
        try {
            Certificate certificate = g(str).getCertificate();
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, certificate);
            return cipher.doFinal(bArr);
        } catch (KeyException e) {
            e = e;
            throw new GeneralSecurityException("Couldn't encrypt the input using the RSA Key.", e);
        } catch (NoSuchAlgorithmException e2) {
            e = e2;
            throw new GeneralSecurityException("Couldn't encrypt the input using the RSA Key.", e);
        } catch (BadPaddingException e3) {
            e = e3;
            c(str);
            Flume.e(a, "The input contained unexpected content and it was deemed unrecoverable. The existing keys have been deleted and a new pair will be created next time.", e);
            return new byte[0];
        } catch (IllegalBlockSizeException e4) {
            e = e4;
            c(str);
            Flume.e(a, "The input contained unexpected content and it was deemed unrecoverable. The existing keys have been deleted and a new pair will be created next time.", e);
            return new byte[0];
        } catch (NoSuchPaddingException e5) {
            e = e5;
            throw new GeneralSecurityException("Couldn't encrypt the input using the RSA Key.", e);
        }
    }

    private void c(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry(str);
            this.b.edit().remove(f(str)).remove(e(str)).apply();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            Flume.e(a, "Failed to remove the RSA KeyEntry from the Android KeyStore.", e);
        }
    }

    private byte[] d(String str) throws GeneralSecurityException {
        String string = this.b.getString(e(str), null);
        if (string != null) {
            return a(Base64.decode(string, 0), str);
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            byte[] encoded = keyGenerator.generateKey().getEncoded();
            this.b.edit().putString(e(str), new String(Base64.encode(b(encoded, str), 0))).apply();
            return encoded;
        } catch (NoSuchAlgorithmException e) {
            Flume.e(a, "Error while creating the AES key.", e);
            throw new KeyException("Error while creating the AES key.", e);
        }
    }

    private String e(String str) {
        return str + "_aes";
    }

    private String f(String str) {
        return str + "_iv";
    }

    private KeyStore.PrivateKeyEntry g(String str) throws KeyException {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(str)) {
                try {
                    return (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null);
                } catch (NullPointerException unused) {
                    throw new KeyException("Error while retrieving Private Key Entry: inputKey, certificate, or attributes is null");
                }
            }
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 25);
            X500Principal x500Principal = new X500Principal("CN=Auth0.Android,O=Auth0");
            AlgorithmParameterSpec build = Build.VERSION.SDK_INT >= 23 ? new KeyGenParameterSpec.Builder(str, 3).setCertificateSubject(x500Principal).setCertificateSerialNumber(BigInteger.ONE).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).setKeySize(2048).setEncryptionPaddings("PKCS1Padding").setBlockModes("ECB").build() : new KeyPairGeneratorSpec.Builder(this.c).setAlias(str).setSubject(x500Principal).setKeySize(2048).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
            return (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null);
        } catch (IOException e) {
            e = e;
            Flume.e(a, "An error occurred while trying to obtain the RSA KeyPair Entry from the Android KeyStore.", e);
            throw new KeyException("An error occurred while trying to obtain the RSA KeyPair Entry from the Android KeyStore.", e);
        } catch (InvalidAlgorithmParameterException e2) {
            e = e2;
            Flume.e(a, "An error occurred while trying to obtain the RSA KeyPair Entry from the Android KeyStore.", e);
            throw new KeyException("An error occurred while trying to obtain the RSA KeyPair Entry from the Android KeyStore.", e);
        } catch (KeyStoreException e3) {
            e = e3;
            Flume.e(a, "An error occurred while trying to obtain the RSA KeyPair Entry from the Android KeyStore.", e);
            throw new KeyException("An error occurred while trying to obtain the RSA KeyPair Entry from the Android KeyStore.", e);
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            Flume.e(a, "An error occurred while trying to obtain the RSA KeyPair Entry from the Android KeyStore.", e);
            throw new KeyException("An error occurred while trying to obtain the RSA KeyPair Entry from the Android KeyStore.", e);
        } catch (NoSuchProviderException e5) {
            e = e5;
            Flume.e(a, "An error occurred while trying to obtain the RSA KeyPair Entry from the Android KeyStore.", e);
            throw new KeyException("An error occurred while trying to obtain the RSA KeyPair Entry from the Android KeyStore.", e);
        } catch (UnrecoverableEntryException unused2) {
            Flume.w(a, "RSA KeyPair was deemed unrecoverable. Deleting the existing entry and trying again.");
            c(str);
            return g(str);
        } catch (CertificateException e6) {
            e = e6;
            Flume.e(a, "An error occurred while trying to obtain the RSA KeyPair Entry from the Android KeyStore.", e);
            throw new KeyException("An error occurred while trying to obtain the RSA KeyPair Entry from the Android KeyStore.", e);
        }
    }

    public byte[] decrypt(byte[] bArr, String str) throws GeneralSecurityException {
        try {
            if (bArr.length == 0) {
                throw new InvalidAlgorithmParameterException("The token was never created. User must create a token first");
            }
            byte[] decode = Base64.decode(bArr, 0);
            SecretKeySpec secretKeySpec = new SecretKeySpec(d(str), "AES");
            Cipher cipher = Cipher.getInstance("AES/GCM/NOPADDING");
            String string = this.b.getString(f(str), null);
            if (TextUtils.isEmpty(string)) {
                throw new InvalidAlgorithmParameterException("The AES Key exists but an IV was never stored. Try to encrypt something first.");
            }
            cipher.init(2, secretKeySpec, new IvParameterSpec(Base64.decode(string, 0)));
            return cipher.doFinal(decode);
        } catch (IllegalArgumentException | InvalidAlgorithmParameterException | KeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            Flume.e(a, "Error while decoding or decrypting the input.", e);
            c(str);
            throw new GeneralSecurityException("Error while decrypting the input.", e);
        }
    }

    public String encrypt(byte[] bArr, String str) throws GeneralSecurityException {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(d(str), "AES");
            Cipher cipher = Cipher.getInstance("AES/GCM/NOPADDING");
            cipher.init(1, secretKeySpec);
            String encodeToString = Base64.encodeToString(cipher.doFinal(bArr), 0);
            this.b.edit().putString(f(str), new String(Base64.encode(cipher.getIV(), 0))).apply();
            return encodeToString;
        } catch (KeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            Flume.e(a, "Error while encrypting the input.", e);
            throw new GeneralSecurityException("Error while encrypting the input.", e);
        }
    }
}
