package org.matrix.android.sdk.internal.session.securestorage;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import io.reactivex.android.plugins.RxAndroidPlugins;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Calendar;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.Lazy;
import kotlin.Pair;
import kotlin.Triple;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import org.matrix.android.sdk.internal.util.system.BuildVersionSdkIntProvider;

/* compiled from: SecretStoringUtils.kt */
/* loaded from: classes2.dex */
public final class SecretStoringUtils {
    public final BuildVersionSdkIntProvider buildVersionSdkIntProvider;
    public final Context context;
    public final Lazy keyStore$delegate;
    public final SecureRandom secureRandom;

    public SecretStoringUtils(Context context, BuildVersionSdkIntProvider buildVersionSdkIntProvider) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(buildVersionSdkIntProvider, "buildVersionSdkIntProvider");
        this.context = context;
        this.buildVersionSdkIntProvider = buildVersionSdkIntProvider;
        this.keyStore$delegate = RxAndroidPlugins.lazy(new Function0<KeyStore>() { // from class: org.matrix.android.sdk.internal.session.securestorage.SecretStoringUtils$keyStore$2
            @Override // kotlin.jvm.functions.Function0
            public final KeyStore invoke() {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                return keyStore;
            }
        });
        this.secureRandom = new SecureRandom();
    }

    public final String decryptString(InputStream inputStream, String str) {
        Triple<byte[], byte[], byte[]> format1Extract = format1Extract(inputStream);
        byte[] component1 = format1Extract.component1();
        byte[] component2 = format1Extract.component2();
        byte[] component3 = format1Extract.component3();
        byte[] rsaDecrypt = rsaDecrypt(str, new ByteArrayInputStream(component1));
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, new SecretKeySpec(rsaDecrypt, "AES"), new GCMParameterSpec(128, component2));
        byte[] doFinal = cipher.doFinal(component3);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(encrypted)");
        return new String(doFinal, Charsets.UTF_8);
    }

    public final String decryptStringM(InputStream inputStream, String str) {
        int read = inputStream.read();
        byte[] bArr = new byte[read];
        inputStream.read(bArr, 0, read);
        Pair pair = new Pair(bArr, RxAndroidPlugins.readBytes(inputStream));
        byte[] bArr2 = (byte[]) pair.component1();
        byte[] bArr3 = (byte[]) pair.component2();
        SecretKey orGenerateSymmetricKeyForAliasM = getOrGenerateSymmetricKeyForAliasM(str);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, orGenerateSymmetricKeyForAliasM, new GCMParameterSpec(128, bArr2));
        byte[] doFinal = cipher.doFinal(bArr3);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(encryptedText)");
        return new String(doFinal, Charsets.UTF_8);
    }

    public final Triple<byte[], byte[], byte[]> format1Extract(InputStream inputStream) {
        byte[] bArr = new byte[(inputStream.read() << 8) + inputStream.read()];
        inputStream.read(bArr);
        byte[] bArr2 = new byte[inputStream.read()];
        inputStream.read(bArr2);
        return new Triple<>(bArr, bArr2, RxAndroidPlugins.readBytes(inputStream));
    }

    public final KeyStore getKeyStore() {
        Object value = this.keyStore$delegate.getValue();
        Intrinsics.checkNotNullExpressionValue(value, "<get-keyStore>(...)");
        return (KeyStore) value;
    }

    public final KeyStore.PrivateKeyEntry getOrGenerateKeyPairForAlias(String str) {
        KeyStore.Entry entry = getKeyStore().getEntry(str, null);
        KeyStore.PrivateKeyEntry privateKeyEntry = entry instanceof KeyStore.PrivateKeyEntry ? (KeyStore.PrivateKeyEntry) entry : null;
        if (privateKeyEntry != null) {
            return privateKeyEntry;
        }
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 30);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.context).setAlias(str).setSubject(new X500Principal(Intrinsics.stringPlus("CN=", str))).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        Intrinsics.checkNotNullExpressionValue(build, "Builder(context)\n                .setAlias(alias)\n                .setSubject(X500Principal(\"CN=$alias\"))\n                .setSerialNumber(BigInteger.TEN)\n                // .setEncryptionRequired() requires that the phone has a pin/schema\n                .setStartDate(start.time)\n                .setEndDate(end.time)\n                .build()");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
        KeyStore.Entry entry2 = getKeyStore().getEntry(str, null);
        Objects.requireNonNull(entry2, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
        return (KeyStore.PrivateKeyEntry) entry2;
    }

    public final SecretKey getOrGenerateSymmetricKeyForAliasM(String str) {
        KeyStore.Entry entry = getKeyStore().getEntry(str, null);
        KeyStore.SecretKeyEntry secretKeyEntry = entry instanceof KeyStore.SecretKeyEntry ? (KeyStore.SecretKeyEntry) entry : null;
        SecretKey secretKey = secretKeyEntry != null ? secretKeyEntry.getSecretKey() : null;
        if (secretKey != null) {
            return secretKey;
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(str, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(128).build();
        Intrinsics.checkNotNullExpressionValue(build, "Builder(alias,\n                    KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT)\n                    .setBlockModes(KeyProperties.BLOCK_MODE_GCM)\n                    .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)\n                    .setKeySize(128)\n                    .build()");
        keyGenerator.init(build);
        SecretKey generateKey = keyGenerator.generateKey();
        Intrinsics.checkNotNullExpressionValue(generateKey, "generator.generateKey()");
        return generateKey;
    }

    public final byte[] rsaDecrypt(String str, InputStream inputStream) throws Exception {
        KeyStore.PrivateKeyEntry orGenerateKeyPairForAlias = getOrGenerateKeyPairForAlias(str);
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, orGenerateKeyPairForAlias.getPrivateKey());
        CipherInputStream cipherInputStream = new CipherInputStream(inputStream, cipher);
        try {
            byte[] readBytes = RxAndroidPlugins.readBytes(cipherInputStream);
            RxAndroidPlugins.closeFinally(cipherInputStream, null);
            return readBytes;
        } finally {
        }
    }

    public final byte[] rsaEncrypt(String str, byte[] bArr) throws Exception {
        KeyStore.PrivateKeyEntry orGenerateKeyPairForAlias = getOrGenerateKeyPairForAlias(str);
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(1, orGenerateKeyPairForAlias.getCertificate().getPublicKey());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        try {
            cipherOutputStream.write(bArr);
            RxAndroidPlugins.closeFinally(cipherOutputStream, null);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            Intrinsics.checkNotNullExpressionValue(byteArray, "outputStream.toByteArray()");
            return byteArray;
        } finally {
        }
    }
}
