package dev.skomlach.biometric.compat.crypto;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.SharedPreferences;
import android.content.res.Configuration;
import android.content.res.Resources;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import androidx.annotation.RequiresApi;
import com.tencent.soter.core.keystore.KeyPropertiesCompact;
import dev.skomlach.biometric.compat.crypto.CryptographyManagerInterface;
import dev.skomlach.biometric.compat.crypto.rsa.RsaPrivateKey;
import dev.skomlach.biometric.compat.crypto.rsa.RsaPublicKey;
import dev.skomlach.biometric.compat.utils.logging.BiometricLoggerImpl;
import dev.skomlach.common.contextprovider.AndroidContext;
import dev.skomlach.common.storage.SharedPreferenceProvider;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

@RequiresApi(19)
@Metadata(d1 = {"\u0000b\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\f\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0007\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J\u0010\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u0004H\u0016J\u0010\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u0004H\u0003J\b\u0010\u0018\u001a\u00020\u0019H\u0002J\"\u0010\u001a\u001a\u00020\u00192\u0006\u0010\u0014\u001a\u00020\u00042\u0006\u0010\u001b\u001a\u00020\u001c2\b\u0010\u001d\u001a\u0004\u0018\u00010\u001eH\u0016J\u0018\u0010\u001f\u001a\u00020\u00192\u0006\u0010\u0014\u001a\u00020\u00042\u0006\u0010\u001b\u001a\u00020\u001cH\u0016J\u0012\u0010 \u001a\u0004\u0018\u00010!2\u0006\u0010\u0017\u001a\u00020\u0004H\u0002J\u0010\u0010\"\u001a\u00020\u00132\u0006\u0010\u0017\u001a\u00020\u0004H\u0002J\u0018\u0010#\u001a\n\u0012\u0006\u0012\u0004\u0018\u00010%0$2\u0006\u0010\u0017\u001a\u00020\u0004H\u0002J\u0018\u0010&\u001a\n\u0012\u0006\u0012\u0004\u0018\u00010'0$2\u0006\u0010\u0017\u001a\u00020\u0004H\u0002J\u0010\u0010(\u001a\u00020\u001c2\u0006\u0010\u0017\u001a\u00020\u0004H\u0002J\u0010\u0010)\u001a\u00020\u001c2\u0006\u0010\u0017\u001a\u00020\u0004H\u0002J\b\u0010*\u001a\u00020\u0013H\u0002J\u0010\u0010+\u001a\u00020\u00132\u0006\u0010,\u001a\u00020-H\u0002J\u0018\u0010.\u001a\u00020\u00132\u0006\u0010\u0017\u001a\u00020\u00042\u0006\u0010/\u001a\u00020!H\u0002R\u0014\u0010\u0003\u001a\u00020\u00048BX\u0082\u0004¢\u0006\u0006\u001a\u0004\b\u0005\u0010\u0006R\u0014\u0010\u0007\u001a\u00020\u00048BX\u0082\u0004¢\u0006\u0006\u001a\u0004\b\b\u0010\u0006R\u000e\u0010\t\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n\u0000R\u0014\u0010\n\u001a\u00020\u00048BX\u0082\u0004¢\u0006\u0006\u001a\u0004\b\u000b\u0010\u0006R\u0014\u0010\f\u001a\u00020\u00048BX\u0082\u0004¢\u0006\u0006\u001a\u0004\b\r\u0010\u0006R\u0014\u0010\u000e\u001a\u00020\u00048BX\u0082\u0004¢\u0006\u0006\u001a\u0004\b\u000f\u0010\u0006R\u000e\u0010\u0010\u001a\u00020\u0011X\u0082\u0004¢\u0006\u0002\n\u0000¨\u00060"}, d2 = {"Ldev/skomlach/biometric/compat/crypto/CryptographyManagerInterfaceKitkatImpl;", "Ldev/skomlach/biometric/compat/crypto/CryptographyManagerInterface;", "()V", "ANDROID_KEYSTORE_PROVIDER_TYPE", "", "getANDROID_KEYSTORE_PROVIDER_TYPE", "()Ljava/lang/String;", "KEYSTORE_FALLBACK_NAME", "getKEYSTORE_FALLBACK_NAME", "KEY_NAME", "PRIVATE_KEY_NAME", "getPRIVATE_KEY_NAME", "PUBLIC_KEY_NAME", "getPUBLIC_KEY_NAME", "TYPE_RSA", "getTYPE_RSA", "context", "Landroid/content/Context;", "deleteKey", "", "keyName", "getAlgorithmParameterSpec", "Ljava/security/spec/AlgorithmParameterSpec;", "name", "getCipher", "Ljavax/crypto/Cipher;", "getInitializedCipherForDecryption", "isUserAuthRequired", "", "initializationVector", "", "getInitializedCipherForEncryption", "getKeyPairFromFallback", "Ljava/security/KeyPair;", "getOrCreateSecretKey", "getPrivateKeys", "", "Ljava/security/PrivateKey;", "getPublicKeys", "Ljava/security/PublicKey;", "keyExist", "keyPairInFallback", "setFakeEnglishLocale", "setLocale", "locale", "Ljava/util/Locale;", "storeKeyPairInFallback", "keyPair", "biometric_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes7.dex */
public final class CryptographyManagerInterfaceKitkatImpl implements CryptographyManagerInterface {

    @NotNull
    private final Context context = AndroidContext.INSTANCE.getAppContext();

    @NotNull
    private final String KEY_NAME = "CryptographyManagerInterfaceKitkatImpl-" + getVersion();

    private final String getANDROID_KEYSTORE_PROVIDER_TYPE() {
        return "AndroidKeyStore";
    }

    @SuppressLint({"WrongConstant"})
    private final AlgorithmParameterSpec getAlgorithmParameterSpec(String name) {
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.context).setAlias(name).setKeySize(2048).setSubject(new X500Principal("CN=" + name)).setSerialNumber(BigInteger.valueOf(1337L)).build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        return build;
    }

    private final Cipher getCipher() {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(...)");
        return cipher;
    }

    private final String getKEYSTORE_FALLBACK_NAME() {
        return "biometric_keystore_fallback";
    }

    private final KeyPair getKeyPairFromFallback(String name) {
        try {
            SharedPreferences preferences = SharedPreferenceProvider.INSTANCE.getPreferences(getKEYSTORE_FALLBACK_NAME() + "-" + name);
            if (preferences.contains(getPRIVATE_KEY_NAME()) && preferences.contains(getPUBLIC_KEY_NAME())) {
                byte[] decode = Base64.decode(preferences.getString(getPRIVATE_KEY_NAME(), null), 0);
                byte[] decode2 = Base64.decode(preferences.getString(getPUBLIC_KEY_NAME(), null), 0);
                RsaPrivateKey.Companion companion = RsaPrivateKey.INSTANCE;
                Intrinsics.checkNotNull(decode);
                RsaPrivateKey fromByteArray = companion.fromByteArray(decode, 8);
                RsaPublicKey.Companion companion2 = RsaPublicKey.INSTANCE;
                Intrinsics.checkNotNull(decode2);
                return new KeyPair(companion2.fromByteArray(decode2, 8).toRsaKey(), fromByteArray.toRsaKey());
            }
        } catch (Throwable unused) {
        }
        return null;
    }

    private final void getOrCreateSecretKey(String name) throws Exception {
        if (keyExist(name)) {
            return;
        }
        Locale systemLocale = AndroidContext.INSTANCE.getSystemLocale();
        try {
            try {
                try {
                    setFakeEnglishLocale();
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(getTYPE_RSA(), getANDROID_KEYSTORE_PROVIDER_TYPE());
                    keyPairGenerator.initialize(getAlgorithmParameterSpec(name));
                    KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                    Intrinsics.checkNotNull(generateKeyPair);
                    storeKeyPairInFallback(name, generateKeyPair);
                } catch (IllegalStateException unused) {
                    KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance(getTYPE_RSA());
                    keyPairGenerator2.initialize(2048);
                    KeyPair generateKeyPair2 = keyPairGenerator2.generateKeyPair();
                    Intrinsics.checkNotNullExpressionValue(generateKeyPair2, "generateKeyPair(...)");
                    storeKeyPairInFallback(name, generateKeyPair2);
                }
            } catch (Exception e6) {
                throw e6;
            }
        } finally {
            setLocale(systemLocale);
        }
    }

    private final String getPRIVATE_KEY_NAME() {
        return "privateKey";
    }

    private final String getPUBLIC_KEY_NAME() {
        return "publicKey";
    }

    private final List<PrivateKey> getPrivateKeys(String name) {
        ArrayList arrayList = new ArrayList();
        Locale systemLocale = AndroidContext.INSTANCE.getSystemLocale();
        try {
            setFakeEnglishLocale();
            KeyStore keyStore = KeyStore.getInstance(getANDROID_KEYSTORE_PROVIDER_TYPE());
            keyStore.load(null);
            arrayList.add((PrivateKey) keyStore.getKey(name, null));
        } catch (Throwable unused) {
        }
        setLocale(systemLocale);
        KeyPair keyPairFromFallback = getKeyPairFromFallback(name);
        if (keyPairFromFallback != null) {
            arrayList.add(keyPairFromFallback.getPrivate());
        }
        return arrayList;
    }

    private final List<PublicKey> getPublicKeys(String name) {
        ArrayList arrayList = new ArrayList();
        Locale systemLocale = AndroidContext.INSTANCE.getSystemLocale();
        try {
            setFakeEnglishLocale();
            KeyStore keyStore = KeyStore.getInstance(getANDROID_KEYSTORE_PROVIDER_TYPE());
            keyStore.load(null);
            Certificate certificate = keyStore.getCertificate(name);
            arrayList.add(certificate != null ? certificate.getPublicKey() : null);
        } catch (Throwable unused) {
        }
        setLocale(systemLocale);
        KeyPair keyPairFromFallback = getKeyPairFromFallback(name);
        if (keyPairFromFallback != null) {
            arrayList.add(keyPairFromFallback.getPublic());
        }
        return arrayList;
    }

    private final String getTYPE_RSA() {
        return KeyPropertiesCompact.KEY_ALGORITHM_RSA;
    }

    private final boolean keyExist(String name) throws Exception {
        boolean keyPairInFallback = keyPairInFallback(name);
        try {
            KeyStore keyStore = KeyStore.getInstance(getANDROID_KEYSTORE_PROVIDER_TYPE());
            keyStore.load(null);
            if (!keyPairInFallback) {
                if (!keyStore.containsAlias(name)) {
                    return false;
                }
            }
            return true;
        } catch (Throwable unused) {
            return keyPairInFallback;
        }
    }

    private final boolean keyPairInFallback(String name) {
        try {
            SharedPreferences preferences = SharedPreferenceProvider.INSTANCE.getPreferences(getKEYSTORE_FALLBACK_NAME() + "-" + name);
            if (preferences.contains(getPRIVATE_KEY_NAME())) {
                return preferences.contains(getPUBLIC_KEY_NAME());
            }
            return false;
        } catch (Throwable unused) {
            return false;
        }
    }

    private final void setFakeEnglishLocale() {
        Locale US = Locale.US;
        Intrinsics.checkNotNullExpressionValue(US, "US");
        setLocale(US);
    }

    private final void setLocale(Locale locale) {
        Locale.setDefault(locale);
        Resources resources = this.context.getResources();
        Configuration configuration = resources.getConfiguration();
        configuration.locale = locale;
        resources.updateConfiguration(configuration, resources.getDisplayMetrics());
    }

    private final void storeKeyPairInFallback(String name, KeyPair keyPair) {
        try {
            RsaPrivateKey.Companion companion = RsaPrivateKey.INSTANCE;
            PrivateKey privateKey = keyPair.getPrivate();
            Intrinsics.checkNotNull(privateKey, "null cannot be cast to non-null type java.security.interfaces.RSAPrivateCrtKey");
            RsaPrivateKey fromRsaKey = companion.fromRsaKey((RSAPrivateCrtKey) privateKey);
            RsaPublicKey.Companion companion2 = RsaPublicKey.INSTANCE;
            PublicKey publicKey = keyPair.getPublic();
            Intrinsics.checkNotNull(publicKey, "null cannot be cast to non-null type java.security.interfaces.RSAPublicKey");
            RsaPublicKey fromRsaKey2 = companion2.fromRsaKey((RSAPublicKey) publicKey);
            SharedPreferenceProvider.INSTANCE.getPreferences(getKEYSTORE_FALLBACK_NAME() + "-" + name).edit().putString(getPRIVATE_KEY_NAME(), Base64.encodeToString(fromRsaKey.toByteArray(8), 0)).putString(getPUBLIC_KEY_NAME(), Base64.encodeToString(fromRsaKey2.toByteArray(8), 0)).apply();
        } catch (Throwable unused) {
        }
    }

    @Override // dev.skomlach.biometric.compat.crypto.CryptographyManagerInterface
    public void deleteKey(@NotNull String keyName) {
        Intrinsics.checkNotNullParameter(keyName, "keyName");
        KeyStore keyStore = KeyStore.getInstance(getANDROID_KEYSTORE_PROVIDER_TYPE());
        keyStore.load(null);
        keyStore.deleteEntry(this.KEY_NAME + "." + keyName);
        SharedPreferenceProvider.INSTANCE.getPreferences(getKEYSTORE_FALLBACK_NAME() + "-" + keyName).edit().clear().apply();
    }

    @Override // dev.skomlach.biometric.compat.crypto.CryptographyManagerInterface
    @NotNull
    public Cipher getInitializedCipherForDecryption(@NotNull String keyName, boolean isUserAuthRequired, @Nullable byte[] initializationVector) {
        Intrinsics.checkNotNullParameter(keyName, "keyName");
        try {
            Cipher cipher = getCipher();
            getOrCreateSecretKey(this.KEY_NAME + "." + keyName);
            for (PrivateKey privateKey : getPrivateKeys(this.KEY_NAME + "." + keyName)) {
                if (privateKey != null) {
                    try {
                        cipher.init(2, privateKey);
                    } catch (Exception unused) {
                    }
                }
            }
            return cipher;
        } catch (Throwable th) {
            BiometricLoggerImpl.INSTANCE.e(th, "KeyName=" + this.KEY_NAME + "." + keyName + "; isUserAuthRequired=" + isUserAuthRequired);
            throw th;
        }
    }

    @Override // dev.skomlach.biometric.compat.crypto.CryptographyManagerInterface
    @NotNull
    public Cipher getInitializedCipherForEncryption(@NotNull String keyName, boolean isUserAuthRequired) {
        Intrinsics.checkNotNullParameter(keyName, "keyName");
        try {
            Cipher cipher = getCipher();
            getOrCreateSecretKey(this.KEY_NAME + "." + keyName);
            for (PublicKey publicKey : getPublicKeys(this.KEY_NAME + "." + keyName)) {
                if (publicKey != null) {
                    try {
                        cipher.init(1, KeyFactory.getInstance(publicKey.getAlgorithm()).generatePublic(new X509EncodedKeySpec(publicKey.getEncoded())));
                        return cipher;
                    } catch (Exception unused) {
                        continue;
                    }
                }
            }
            throw new IllegalStateException("Cipher initialization error");
        } catch (Throwable th) {
            BiometricLoggerImpl.INSTANCE.e(th, "KeyName=" + this.KEY_NAME + "." + keyName + "; isUserAuthRequired=" + isUserAuthRequired);
            throw th;
        }
    }

    @Override // dev.skomlach.biometric.compat.crypto.CryptographyManagerInterface
    @NotNull
    public String getVersion() {
        return CryptographyManagerInterface.DefaultImpls.getVersion(this);
    }
}
