package org.matrix.android.sdk.api.securestorage;

import android.annotation.SuppressLint;
import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import androidx.cardview.R$dimen$$ExternalSyntheticOutline0;
import im.vector.app.features.pin.lockscreen.crypto.LockScreenCryptoConstants;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.Pair;
import kotlin.Triple;
import kotlin.Unit;
import kotlin.io.ByteStreamsKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import org.matrix.android.sdk.api.util.BuildVersionSdkIntProvider;

/* compiled from: SecretStoringUtils.kt */
/* loaded from: classes3.dex */
public final class SecretStoringUtils {
    public final BuildVersionSdkIntProvider buildVersionSdkIntProvider;
    public final Context context;
    public final boolean keyNeedsUserAuthentication;
    public final KeyStore keyStore;
    public final SecureRandom secureRandom;

    public /* synthetic */ SecretStoringUtils() {
        throw null;
    }

    public SecretStoringUtils(Context context, KeyStore keyStore, BuildVersionSdkIntProvider buildVersionSdkIntProvider, boolean z) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(keyStore, "keyStore");
        Intrinsics.checkNotNullParameter(buildVersionSdkIntProvider, "buildVersionSdkIntProvider");
        this.context = context;
        this.keyStore = keyStore;
        this.buildVersionSdkIntProvider = buildVersionSdkIntProvider;
        this.keyNeedsUserAuthentication = z;
        this.secureRandom = new SecureRandom();
    }

    public static Triple format1Extract(InputStream inputStream) {
        byte[] bArr = new byte[(inputStream.read() << 8) + inputStream.read()];
        inputStream.read(bArr);
        byte[] bArr2 = new byte[inputStream.read()];
        inputStream.read(bArr2);
        return new Triple(bArr, bArr2, ByteStreamsKt.readBytes(inputStream));
    }

    public final byte[] decryptBytes(ByteArrayInputStream byteArrayInputStream, String str) {
        Triple format1Extract = format1Extract(byteArrayInputStream);
        byte[] bArr = (byte[]) format1Extract.component1();
        byte[] bArr2 = (byte[]) format1Extract.component2();
        byte[] bArr3 = (byte[]) format1Extract.component3();
        byte[] rsaDecrypt = rsaDecrypt(new ByteArrayInputStream(bArr), str);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, new SecretKeySpec(rsaDecrypt, "AES"), new GCMParameterSpec(128, bArr2));
        byte[] doFinal = cipher.doFinal(bArr3);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(encrypted)");
        return doFinal;
    }

    public final byte[] decryptBytesM(ByteArrayInputStream byteArrayInputStream, String str) {
        int read = byteArrayInputStream.read();
        byte[] bArr = new byte[read];
        byteArrayInputStream.read(bArr, 0, read);
        Pair pair = new Pair(bArr, ByteStreamsKt.readBytes(byteArrayInputStream));
        byte[] bArr2 = (byte[]) pair.component1();
        byte[] bArr3 = (byte[]) pair.component2();
        SecretKey orGenerateSymmetricKeyForAliasM = getOrGenerateSymmetricKeyForAliasM(str);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, orGenerateSymmetricKeyForAliasM, new GCMParameterSpec(128, bArr2));
        byte[] doFinal = cipher.doFinal(bArr3);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(encryptedText)");
        return doFinal;
    }

    @SuppressLint({"NewApi"})
    public final KeyStore.Entry ensureKey(String alias) {
        Intrinsics.checkNotNullParameter(alias, "alias");
        if (this.buildVersionSdkIntProvider.get() >= 23) {
            getOrGenerateSymmetricKeyForAliasM(alias);
        } else {
            getOrGenerateKeyPairForAlias(alias).getPrivateKey();
        }
        KeyStore.Entry entry = this.keyStore.getEntry(alias, null);
        Intrinsics.checkNotNullExpressionValue(entry, "keyStore.getEntry(alias, null)");
        return entry;
    }

    public final Cipher getEncryptCipher(String alias) {
        Key publicKey;
        Intrinsics.checkNotNullParameter(alias, "alias");
        KeyStore.Entry ensureKey = ensureKey(alias);
        if (ensureKey instanceof KeyStore.SecretKeyEntry) {
            publicKey = ((KeyStore.SecretKeyEntry) ensureKey).getSecretKey();
        } else {
            if (!(ensureKey instanceof KeyStore.PrivateKeyEntry)) {
                throw new IllegalStateException("Unknown KeyEntry type.");
            }
            publicKey = ((KeyStore.PrivateKeyEntry) ensureKey).getCertificate().getPublicKey();
        }
        Cipher cipher = Cipher.getInstance(this.buildVersionSdkIntProvider.get() >= 23 ? "AES/GCM/NoPadding" : "RSA/ECB/PKCS1Padding");
        cipher.init(1, publicKey);
        return cipher;
    }

    public final KeyStore.PrivateKeyEntry getOrGenerateKeyPairForAlias(String str) {
        KeyStore keyStore = this.keyStore;
        KeyStore.Entry entry = keyStore.getEntry(str, null);
        KeyStore.PrivateKeyEntry privateKeyEntry = entry instanceof KeyStore.PrivateKeyEntry ? (KeyStore.PrivateKeyEntry) entry : null;
        if (privateKeyEntry != null) {
            return privateKeyEntry;
        }
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 30);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.context).setAlias(str).setSubject(new X500Principal(R$dimen$$ExternalSyntheticOutline0.m("CN=", str))).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        Intrinsics.checkNotNullExpressionValue(build, "Builder(context)\n       …\n                .build()");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", LockScreenCryptoConstants.ANDROID_KEY_STORE);
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
        KeyStore.Entry entry2 = keyStore.getEntry(str, null);
        Intrinsics.checkNotNull(entry2, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
        return (KeyStore.PrivateKeyEntry) entry2;
    }

    public final SecretKey getOrGenerateSymmetricKeyForAliasM(String str) {
        KeyStore.Entry entry = this.keyStore.getEntry(str, null);
        KeyStore.SecretKeyEntry secretKeyEntry = entry instanceof KeyStore.SecretKeyEntry ? (KeyStore.SecretKeyEntry) entry : null;
        SecretKey secretKey = secretKeyEntry != null ? secretKeyEntry.getSecretKey() : null;
        if (secretKey != null) {
            return secretKey;
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", LockScreenCryptoConstants.ANDROID_KEY_STORE);
        KeyGenParameterSpec.Builder keySize = new KeyGenParameterSpec.Builder(str, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(128);
        boolean z = this.keyNeedsUserAuthentication;
        final KeyGenParameterSpec.Builder userAuthenticationRequired = keySize.setUserAuthenticationRequired(z);
        if (z) {
            Function0<KeyGenParameterSpec.Builder> function0 = new Function0<KeyGenParameterSpec.Builder>() { // from class: org.matrix.android.sdk.api.securestorage.SecretStoringUtils$getOrGenerateSymmetricKeyForAliasM$keyGenSpec$1$1
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(0);
                }

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // kotlin.jvm.functions.Function0
                public final KeyGenParameterSpec.Builder invoke() {
                    KeyGenParameterSpec.Builder invalidatedByBiometricEnrollment;
                    invalidatedByBiometricEnrollment = userAuthenticationRequired.setInvalidatedByBiometricEnrollment(true);
                    return invalidatedByBiometricEnrollment;
                }
            };
            BuildVersionSdkIntProvider buildVersionSdkIntProvider = this.buildVersionSdkIntProvider;
            buildVersionSdkIntProvider.whenAtLeast(function0, 24);
            buildVersionSdkIntProvider.whenAtLeast(new Function0<KeyGenParameterSpec.Builder>() { // from class: org.matrix.android.sdk.api.securestorage.SecretStoringUtils$getOrGenerateSymmetricKeyForAliasM$keyGenSpec$1$2
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(0);
                }

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // kotlin.jvm.functions.Function0
                public final KeyGenParameterSpec.Builder invoke() {
                    KeyGenParameterSpec.Builder unlockedDeviceRequired;
                    unlockedDeviceRequired = userAuthenticationRequired.setUnlockedDeviceRequired(true);
                    return unlockedDeviceRequired;
                }
            }, 28);
        }
        KeyGenParameterSpec build = userAuthenticationRequired.build();
        Intrinsics.checkNotNullExpressionValue(build, "Builder(\n               …                 .build()");
        keyGenerator.init(build);
        SecretKey generateKey = keyGenerator.generateKey();
        Intrinsics.checkNotNullExpressionValue(generateKey, "generator.generateKey()");
        return generateKey;
    }

    @SuppressLint({"NewApi"})
    public final byte[] loadSecureSecretBytes(String keyAlias, byte[] encrypted) throws Exception {
        byte[] decryptBytes;
        Intrinsics.checkNotNullParameter(encrypted, "encrypted");
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(encrypted);
        try {
            byte read = (byte) byteArrayInputStream.read();
            if (read == 0) {
                decryptBytes = decryptBytesM(byteArrayInputStream, keyAlias);
            } else {
                if (read != 1) {
                    throw new IllegalArgumentException("Unknown format " + ((int) read));
                }
                decryptBytes = decryptBytes(byteArrayInputStream, keyAlias);
            }
            CloseableKt.closeFinally(byteArrayInputStream, null);
            return decryptBytes;
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                CloseableKt.closeFinally(byteArrayInputStream, th);
                throw th2;
            }
        }
    }

    public final byte[] rsaDecrypt(ByteArrayInputStream byteArrayInputStream, String str) throws Exception {
        KeyStore.PrivateKeyEntry orGenerateKeyPairForAlias = getOrGenerateKeyPairForAlias(str);
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, orGenerateKeyPairForAlias.getPrivateKey());
        CipherInputStream cipherInputStream = new CipherInputStream(byteArrayInputStream, cipher);
        try {
            byte[] readBytes = ByteStreamsKt.readBytes(cipherInputStream);
            CloseableKt.closeFinally(cipherInputStream, null);
            return readBytes;
        } finally {
        }
    }

    public final byte[] rsaEncrypt(String str, byte[] bArr) throws Exception {
        Cipher encryptCipher = getEncryptCipher(str);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, encryptCipher);
        try {
            cipherOutputStream.write(bArr);
            Unit unit = Unit.INSTANCE;
            CloseableKt.closeFinally(cipherOutputStream, null);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            Intrinsics.checkNotNullExpressionValue(byteArray, "outputStream.toByteArray()");
            return byteArray;
        } finally {
        }
    }

    public final byte[] securelyStoreBytes(String keyAlias, byte[] secret) throws Exception {
        Intrinsics.checkNotNullParameter(secret, "secret");
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        if (this.buildVersionSdkIntProvider.isAtLeast(23)) {
            Cipher encryptCipher = getEncryptCipher(keyAlias);
            byte[] iv = encryptCipher.getIV();
            byte[] doFinal = encryptCipher.doFinal(secret);
            Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(byteArray)");
            Intrinsics.checkNotNullExpressionValue(iv, "iv");
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(iv.length + 2 + doFinal.length);
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(iv.length);
            byteArrayOutputStream.write(iv);
            byteArrayOutputStream.write(doFinal);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            Intrinsics.checkNotNullExpressionValue(byteArray, "bos.toByteArray()");
            return byteArray;
        }
        byte[] bArr = new byte[16];
        this.secureRandom.nextBytes(bArr);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        byte[] rsaEncrypt = rsaEncrypt(keyAlias, bArr);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, secretKeySpec);
        byte[] iv2 = cipher.getIV();
        byte[] doFinal2 = cipher.doFinal(secret);
        Intrinsics.checkNotNullExpressionValue(doFinal2, "cipher.doFinal(byteArray)");
        Intrinsics.checkNotNullExpressionValue(iv2, "iv");
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream(rsaEncrypt.length + 4 + iv2.length + doFinal2.length);
        byteArrayOutputStream2.write(1);
        byteArrayOutputStream2.write((rsaEncrypt.length & 65280) >> 8);
        byteArrayOutputStream2.write(rsaEncrypt.length & 255);
        byteArrayOutputStream2.write(rsaEncrypt);
        byteArrayOutputStream2.write(iv2.length);
        byteArrayOutputStream2.write(iv2);
        byteArrayOutputStream2.write(doFinal2);
        byte[] byteArray2 = byteArrayOutputStream2.toByteArray();
        Intrinsics.checkNotNullExpressionValue(byteArray2, "bos.toByteArray()");
        return byteArray2;
    }
}
