package com.zoho.authentication.util;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.text.TextUtils;
import android.util.Base64;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import net.sqlcipher.BuildConfig;

/* loaded from: classes.dex */
public class b {

    /* renamed from: e, reason: collision with root package name */
    private static final String f15795e = "b";

    /* renamed from: a, reason: collision with root package name */
    private final c f15796a;

    /* renamed from: b, reason: collision with root package name */
    private KeyGenerator f15797b;

    /* renamed from: c, reason: collision with root package name */
    private KeyStore f15798c;

    /* renamed from: d, reason: collision with root package name */
    private Cipher f15799d;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f15800a;

        static {
            int[] iArr = new int[AuthenticationMode.values().length];
            f15800a = iArr;
            try {
                iArr[AuthenticationMode.FINGERPRINT.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f15800a[AuthenticationMode.CONFIRM_CREDENTIALS.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f15800a[AuthenticationMode.PIN_CODE.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* renamed from: com.zoho.authentication.util.b$b, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    public static final class C0173b {

        /* renamed from: a, reason: collision with root package name */
        private c f15801a;

        public C0173b(c cVar) {
            this.f15801a = cVar;
        }

        public b a() {
            return new b(this.f15801a);
        }
    }

    b(c cVar) {
        this.f15796a = cVar;
        t();
        int i8 = Build.VERSION.SDK_INT;
        if (i8 >= 18) {
            if (i8 >= 23) {
                w();
            }
            x();
        }
    }

    @TargetApi(18)
    private void a(Context context, String str) {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 1);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSubject(new X500Principal("CN=" + str)).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
    }

    private String c(m8.a aVar, SecretKey secretKey) {
        if (aVar == null || TextUtils.isEmpty(aVar.a()) || TextUtils.isEmpty(aVar.b())) {
            return null;
        }
        byte[] decode = Base64.decode(aVar.b(), 0);
        byte[] decode2 = Base64.decode(aVar.a(), 0);
        u(secretKey, decode);
        try {
            return new String(this.f15799d.doFinal(decode2), "UTF-8");
        } catch (UnsupportedEncodingException e10) {
            y(f15795e, e10.getClass().getSimpleName(), e10);
            return null;
        }
    }

    private m8.a h(String str, m8.b bVar) {
        SecretKey b10 = bVar.b();
        String a10 = bVar.a();
        v(b10);
        byte[] iv = this.f15799d.getIV();
        byte[] bArr = new byte[0];
        try {
            bArr = str.getBytes("UTF-8");
        } catch (UnsupportedEncodingException e10) {
            y(f15795e, e10.getClass().getSimpleName(), e10);
        }
        return new m8.a(Base64.encodeToString(this.f15799d.doFinal(bArr), 0), Base64.encodeToString(iv, 0), a10);
    }

    private static byte[] l(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(str.getBytes());
            for (int i8 = 0; i8 < 1000; i8++) {
                messageDigest.update(messageDigest.digest());
            }
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e10) {
            y(f15795e, e10.getClass().getSimpleName(), e10);
            return null;
        }
    }

    private SecretKey m(char[] cArr, byte[] bArr) {
        SecretKeyFactory secretKeyFactory;
        try {
            secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
        } catch (NoSuchAlgorithmException e10) {
            y(f15795e, e10.getClass().getSimpleName(), e10);
            e10.printStackTrace();
            secretKeyFactory = null;
        }
        return secretKeyFactory.generateSecret(new PBEKeySpec(cArr, bArr, 1000, 256));
    }

    private m8.b o(String str) {
        if (TextUtils.isEmpty(str)) {
            StringBuilder sb = new StringBuilder();
            sb.append("Pin used to create secret key should not be ");
            sb.append(str == null ? "null" : "empty");
            throw new InvalidAlgorithmParameterException(sb.toString());
        }
        char[] charArray = str.toCharArray();
        byte[] q10 = q();
        try {
            return new m8.b(m(charArray, q10), Base64.encodeToString(q10, 0).trim());
        } catch (InvalidKeySpecException e10) {
            y(f15795e, e10.getClass().getSimpleName(), e10);
            throw new InvalidAlgorithmParameterException(e10.getCause());
        }
    }

    private m8.b p(String str) {
        if (TextUtils.isEmpty(str)) {
            StringBuilder sb = new StringBuilder();
            sb.append("Pin used to create secret key should not be ");
            sb.append(str != null ? "empty" : "null");
            throw new InvalidAlgorithmParameterException(sb.toString());
        }
        char[] charArray = str.toCharArray();
        String c8 = this.f15796a.c("saltToGenerateSecretkeySaveTag", null);
        if (TextUtils.isEmpty(c8)) {
            StringBuilder sb2 = new StringBuilder();
            sb2.append("Salt used to create secret key in persistence is ");
            sb2.append(c8 != null ? "empty" : "null");
            throw new InvalidAlgorithmParameterException(sb2.toString());
        }
        String trim = c8.trim();
        try {
            return new m8.b(m(charArray, Base64.decode(trim, 0)), trim);
        } catch (InvalidKeySpecException e10) {
            y(f15795e, e10.getClass().getSimpleName(), e10);
            throw new InvalidAlgorithmParameterException(e10.getCause());
        }
    }

    public static String s(String str) {
        return Base64.encodeToString(l(str), 0).trim();
    }

    private void t() {
        try {
            this.f15799d = Cipher.getInstance("AES/CBC/PKCS7Padding");
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e10) {
            y(f15795e, "Failed to get an instance of Cipher :" + e10.getClass().getSimpleName(), e10);
        }
    }

    private void w() {
        try {
            this.f15797b = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        } catch (NoSuchAlgorithmException | NoSuchProviderException e10) {
            y(f15795e, "Failed to get an instance of KeyGenerator : " + e10.getClass().getSimpleName(), e10);
        }
    }

    private void x() {
        try {
            this.f15798c = KeyStore.getInstance("AndroidKeyStore");
        } catch (KeyStoreException e10) {
            y(f15795e, "Failed to get an instance of KeyStore :" + e10.getClass().getSimpleName(), e10);
        }
    }

    private static void y(String str, String str2, Exception exc) {
        AppAuthenticator.u(str, str2, exc);
    }

    @TargetApi(23)
    public m8.b b(AuthenticationMode authenticationMode, String str) {
        int i8 = a.f15800a[authenticationMode.ordinal()];
        if (i8 == 1) {
            this.f15797b.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("CBC").setUserAuthenticationRequired(true).setEncryptionPaddings("PKCS7Padding").build());
            return new m8.b(this.f15797b.generateKey(), null);
        }
        if (i8 == 2) {
            this.f15797b.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("CBC").setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(62).setEncryptionPaddings("PKCS7Padding").build());
            return new m8.b(this.f15797b.generateKey(), null);
        }
        if (i8 == 3) {
            this.f15797b.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").build());
            return new m8.b(this.f15797b.generateKey(), null);
        }
        throw new InvalidAlgorithmParameterException(authenticationMode + " does not need to create secret key");
    }

    @TargetApi(23)
    public String d(m8.a aVar, String str) {
        SecretKey r10 = r(str);
        if (r10 != null) {
            return c(aVar, r10);
        }
        throw new KeyPermanentlyInvalidatedException("key missing from KeyStore");
    }

    public String e(m8.a aVar, String str) {
        if (aVar == null || TextUtils.isEmpty(aVar.a())) {
            return null;
        }
        byte[] decode = Base64.decode(aVar.a(), 0);
        this.f15798c.load(null);
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.f15798c.getEntry(str, null);
        if (privateKeyEntry == null) {
            return null;
        }
        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) privateKeyEntry.getPrivateKey();
        Cipher cipher = Build.VERSION.SDK_INT >= 23 ? Cipher.getInstance("RSA/ECB/PKCS1Padding") : Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
        cipher.init(2, rSAPrivateKey);
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(decode), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        int size = arrayList.size();
        byte[] bArr = new byte[size];
        for (int i8 = 0; i8 < size; i8++) {
            bArr[i8] = ((Byte) arrayList.get(i8)).byteValue();
        }
        return new String(bArr, 0, size, Charset.forName("UTF-8"));
    }

    public String f(m8.a aVar, String str) {
        return c(aVar, new SecretKeySpec(p(str).b().getEncoded(), "AES"));
    }

    public boolean g(String str) {
        if (Build.VERSION.SDK_INT < 18) {
            return false;
        }
        try {
            KeyStore keyStore = this.f15798c;
            if (keyStore == null) {
                return false;
            }
            keyStore.load(null);
            this.f15798c.deleteEntry(str);
            return true;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e10) {
            y(f15795e, "Failed to delete SecretKey in KeyStore " + e10.getClass().getSimpleName(), e10);
            return false;
        }
    }

    @TargetApi(23)
    public m8.a i(String str, AuthenticationMode authenticationMode, String str2) {
        return h(str, b(authenticationMode, str2));
    }

    public m8.a j(String str, Context context, String str2) {
        this.f15798c.load(null);
        a(context, str2);
        RSAPublicKey rSAPublicKey = (RSAPublicKey) ((KeyStore.PrivateKeyEntry) this.f15798c.getEntry(str2, null)).getCertificate().getPublicKey();
        Cipher cipher = Build.VERSION.SDK_INT >= 23 ? Cipher.getInstance("RSA/ECB/PKCS1Padding") : Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
        cipher.init(1, rSAPublicKey);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(str.getBytes(Charset.forName("UTF-8")));
        cipherOutputStream.close();
        return new m8.a(Base64.encodeToString(byteArrayOutputStream.toByteArray(), 0), BuildConfig.FLAVOR, BuildConfig.FLAVOR);
    }

    public m8.a k(String str, String str2) {
        return h(str, o(str2));
    }

    public Cipher n() {
        return this.f15799d;
    }

    public byte[] q() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    @TargetApi(18)
    public SecretKey r(String str) {
        this.f15798c.load(null);
        return (SecretKey) this.f15798c.getKey(str, null);
    }

    public void u(SecretKey secretKey, byte[] bArr) {
        this.f15799d.init(2, secretKey, new IvParameterSpec(bArr));
    }

    public void v(SecretKey secretKey) {
        this.f15799d.init(1, secretKey);
    }
}
