package cz.eman.core.api.plugin.keystore;

import android.annotation.SuppressLint;
import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import cz.eman.core.api.oneconnect.Constants;
import cz.eman.core.api.oneconnect.log.L;
import cz.eman.core.api.utils.CryptoUtils;
import cz.eman.core.api.utils.KeystoreUtils;
import java.io.File;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Calendar;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.jvm.internal.LongCompanionObject;

/* loaded from: classes2.dex */
public final class Keystore {
    private static final String FALLBACK_KEYSTORE_FILE = "fallback.keystore";
    private static final char[] FALLBACK_KEYSTORE_PASS = "hrozneTajneHesloNaKtereNikdoNeprijde+$p€c14ln1Zn4k*".toCharArray();
    private static final String SP_FILE_NAME = "cz.eman.core.api.plugin.keystore.Keystore";

    @SuppressLint({"StaticFieldLeak"})
    private static Keystore sInstance;
    private final Context mContext;
    private final SharedPreferences mPreferences;

    private Keystore(Context context) {
        this.mContext = context.getApplicationContext();
        this.mPreferences = Constants.getPreferences(this.mContext);
    }

    @Nullable
    private SecretKey generateAesKey(KeyStore keyStore, String str, boolean z) {
        return KeystoreUtils.isAndroidKeyStore(keyStore) ? Build.VERSION.SDK_INT >= 23 ? generateAndroidKeyStoreAesKeyApi23(str, z) : generateAndroidKeyStoreAesKeyApi18(keyStore, str) : generateFallbackAesKey(keyStore, str);
    }

    @Nullable
    private SecretKey generateAndroidKeyStoreAesKeyApi18(KeyStore keyStore, String str) {
        try {
            SecretKey generateAesKey = CryptoUtils.generateAesKey();
            Calendar calendar = Calendar.getInstance();
            calendar.setTimeInMillis(Long.MIN_VALUE);
            Calendar calendar2 = Calendar.getInstance();
            calendar2.setTimeInMillis(LongCompanionObject.MAX_VALUE);
            KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.mContext).setAlias(KeystoreUtils.prepareAlias(str)).setSubject(new X500Principal("CN=" + KeystoreUtils.prepareAlias(str))).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(CryptoUtils.ALGORITHM_RSA, KeystoreUtils.ANDROID_KEYSTORE);
                keyPairGenerator.initialize(build);
                try {
                    if (this.mPreferences.edit().putString(str, Base64.encodeToString(CryptoUtils.rsaEncrypt(generateAesKey.getEncoded(), keyPairGenerator.generateKeyPair().getPublic()), 0)).commit()) {
                        return generateAesKey;
                    }
                    return null;
                } catch (Exception e) {
                    if (!this.mPreferences.edit().remove(str).commit()) {
                        L.e(e, getClass(), "Could not clear preferences", new Object[0]);
                    }
                    try {
                        keyStore.deleteEntry(KeystoreUtils.prepareAlias(str));
                    } catch (KeyStoreException unused) {
                    }
                    L.e(e, getClass(), "Could not encrypt and save AES key", new Object[0]);
                    return null;
                }
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e2) {
                L.e(e2, getClass(), "Could not generate RSA key pair", new Object[0]);
                return null;
            }
        } catch (NoSuchAlgorithmException e3) {
            L.e(e3, getClass(), "Could not generate AES key", new Object[0]);
            return null;
        }
    }

    @Nullable
    @TargetApi(23)
    private SecretKey generateAndroidKeyStoreAesKeyApi23(String str, boolean z) {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(CryptoUtils.ALGORITHM_AES, KeystoreUtils.ANDROID_KEYSTORE);
            keyGenerator.init(new KeyGenParameterSpec.Builder(KeystoreUtils.prepareAlias(str), 3).setBlockModes(CryptoUtils.BLOCK_MODE_CBC).setUserAuthenticationRequired(z).setEncryptionPaddings(CryptoUtils.ENCRYPTION_PADDING_PKCS7).build());
            return keyGenerator.generateKey();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            L.e(e, getClass(), "Could not generate AES key", new Object[0]);
            return null;
        }
    }

    @Nullable
    private SecretKey generateFallbackAesKey(KeyStore keyStore, String str) {
        try {
            SecretKey generateAesKey = CryptoUtils.generateAesKey();
            keyStore.setKeyEntry(KeystoreUtils.prepareAlias(str), generateAesKey, null, null);
            if (KeystoreUtils.saveKeystore(keyStore, getFallbackKeystoreFile(), FALLBACK_KEYSTORE_PASS)) {
                return generateAesKey;
            }
            return null;
        } catch (KeyStoreException e) {
            L.e(e, getClass(), "Could not save AES key in KeyStore", new Object[0]);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            L.e(e2, getClass(), "Could not generate AES key", new Object[0]);
            return null;
        }
    }

    private File getFallbackKeystoreFile() {
        return new File(this.mContext.getFilesDir(), FALLBACK_KEYSTORE_FILE);
    }

    @Nullable
    public static Keystore getInstance(@NonNull Context context) {
        if (sInstance == null) {
            sInstance = new Keystore(context.getApplicationContext());
        }
        return sInstance;
    }

    @Nullable
    private KeyStore getKeyStore() {
        KeyStore androidKeyStore = KeystoreUtils.getAndroidKeyStore();
        return androidKeyStore == null ? KeystoreUtils.getKeystore(KeyStore.getDefaultType(), getFallbackKeystoreFile(), FALLBACK_KEYSTORE_PASS) : androidKeyStore;
    }

    @Nullable
    private SecretKey readAesKeyApi18(Key key, String str) {
        String string = this.mPreferences.getString(str, null);
        if (string != null) {
            try {
                return new SecretKeySpec(CryptoUtils.rsaDecrypt(Base64.decode(string, 0), key), CryptoUtils.ALGORITHM_AES);
            } catch (Exception e) {
                L.e(e, getClass(), "Could not decrypt AES key", new Object[0]);
            }
        }
        return null;
    }

    public boolean deleteKey(@Nullable String str) {
        if (!hasKey(str)) {
            return true;
        }
        KeyStore keyStore = getKeyStore();
        if (keyStore != null) {
            try {
                keyStore.deleteEntry(KeystoreUtils.prepareAlias(str));
                if (this.mPreferences.edit().remove(str).commit() && KeystoreUtils.isAndroidKeyStore(keyStore)) {
                    return true;
                }
                return KeystoreUtils.saveKeystore(keyStore, getFallbackKeystoreFile(), FALLBACK_KEYSTORE_PASS);
            } catch (KeyStoreException unused) {
            }
        }
        return false;
    }

    @Nullable
    public SecretKey generateKey(@Nullable String str, boolean z) {
        KeyStore keyStore = getKeyStore();
        if (keyStore != null) {
            return generateAesKey(keyStore, str, z);
        }
        return null;
    }

    @Nullable
    public SecretKey getKey(@Nullable String str) {
        KeyStore keyStore;
        Key key;
        if (hasKey(str) && (keyStore = getKeyStore()) != null && str != null && (key = KeystoreUtils.getKey(keyStore, str, null)) != null) {
            if (KeystoreUtils.isAndroidKeyStore(keyStore) && Build.VERSION.SDK_INT < 23) {
                return readAesKeyApi18(key, str);
            }
            if (key instanceof SecretKey) {
                return (SecretKey) key;
            }
        }
        return null;
    }

    public boolean hasKey(@Nullable String str) {
        KeyStore keyStore = getKeyStore();
        if (keyStore == null || str == null) {
            return false;
        }
        return KeystoreUtils.containsKeyAlias(keyStore, str);
    }
}
