package com.resmed.mon.common.security;

import android.annotation.SuppressLint;
import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Pair;
import androidx.recyclerview.widget.RecyclerView;
import com.resmed.mon.common.log.AppFileLog;
import com.resmed.mon.common.tools.j;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.Calendar;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.jvm.internal.k;

/* compiled from: KeyStoreController.kt */
@Metadata(bv = {}, d1 = {"\u0000F\n\u0002\u0018\u0002\n\u0002\u0010\u0010\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\t\b\u0086\u0001\u0018\u0000 \u001d2\b\u0012\u0004\u0012\u00020\u00000\u00012\u00020\u0002:\u0001\u001eB\t\b\u0002¢\u0006\u0004\b\u001b\u0010\u001cJ\u001e\u0010\b\u001a\u0010\u0012\u0004\u0012\u00020\u0006\u0012\u0004\u0012\u00020\u0007\u0018\u00010\u00052\u0006\u0010\u0004\u001a\u00020\u0003H\u0003J(\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\n\u001a\u00020\t2\u0006\u0010\u000b\u001a\u00020\u00032\u0006\u0010\f\u001a\u00020\u00032\u0006\u0010\r\u001a\u00020\u0003H\u0002J \u0010\u0010\u001a\u00020\u00032\u0006\u0010\n\u001a\u00020\t2\u0006\u0010\f\u001a\u00020\u00032\u0006\u0010\r\u001a\u00020\u0003H\u0002J\n\u0010\u0012\u001a\u0004\u0018\u00010\u0011H\u0002J\u0012\u0010\u0014\u001a\u0004\u0018\u00010\u00132\u0006\u0010\n\u001a\u00020\tH\u0016J \u0010\u000f\u001a\u00020\u000e2\u0006\u0010\n\u001a\u00020\t2\u0006\u0010\u000b\u001a\u00020\u00032\u0006\u0010\f\u001a\u00020\u0003H\u0016J\u0018\u0010\u0010\u001a\u00020\u00032\u0006\u0010\n\u001a\u00020\t2\u0006\u0010\f\u001a\u00020\u0003H\u0016J\u0018\u0010\u0015\u001a\u00020\u000e2\u0006\u0010\n\u001a\u00020\t2\u0006\u0010\f\u001a\u00020\u0003H\u0016J\u0012\u0010\u0018\u001a\u0004\u0018\u00010\u00172\u0006\u0010\u0016\u001a\u00020\u0003H\u0017J\u0012\u0010\u001a\u001a\u0004\u0018\u00010\u00032\u0006\u0010\u0019\u001a\u00020\u0017H\u0017j\u0002\b\u001f¨\u0006 "}, d2 = {"Lcom/resmed/mon/common/security/KeyStoreController;", "", "Lcom/resmed/mon/common/security/b;", "", "alias", "Landroid/util/Pair;", "Ljavax/crypto/Cipher;", "Ljavax/crypto/SecretKey;", "generateAesKey", "Landroid/content/Context;", "context", "key", "fileName", "transformation", "", "storeKey", "readKey", "Ljava/security/KeyStore;", "obtainKeyStore", "Ljava/security/KeyPair;", "generateKey", "deleteKey", "credentialKey", "Lcom/resmed/mon/common/security/a;", "aesEncryptText", "encryptedData", "aesDecryptText", "<init>", "(Ljava/lang/String;I)V", "Companion", "a", "INSTANCE", "common_release"}, k = 1, mv = {1, 7, 1})
/* loaded from: classes2.dex */
public enum KeyStoreController implements b {
    INSTANCE;

    public static final String ALIAS = "ResMedAlias";
    private static final String CREDENTIAL_AUTH_KEY_ALIAS = "credential_auth_key_alias";
    public static final String KEYSTORE = "AndroidKeyStore";
    private static final String TRANSFORMATION_AES = "AES/CBC/PKCS7Padding";
    private static final String TRANSFORMATION_DEFAULT = "RSA/ECB/OAEPwithSHA-1andMGF1Padding";
    public static final String TRANSFORMATION_PKCS1_PADDING = "RSA/ECB/PKCS1Padding";
    private static final String X500_PRINCIPAL_NAME = "CN=Master, O=ResMed";
    private static KeyStore keyStore;

    static {
        try {
            KeyStore keyStore2 = KeyStore.getInstance(KEYSTORE);
            keyStore = keyStore2;
            k.f(keyStore2);
            keyStore2.load(null);
        } catch (Exception e) {
            AppFileLog.a(AppFileLog.LogType.DBS, "Error!! Exception accessing Android Keystore: " + e.getClass() + " message: " + e.getMessage());
        }
    }

    @SuppressLint({"NewApi"})
    private final Pair<Cipher, SecretKey> generateAesKey(String alias) {
        try {
            Cipher cipher = Cipher.getInstance(TRANSFORMATION_AES);
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", KEYSTORE);
            keyGenerator.init(new KeyGenParameterSpec.Builder(alias, 3).setBlockModes("CBC").setRandomizedEncryptionRequired(true).setEncryptionPaddings("PKCS7Padding").build());
            return new Pair<>(cipher, keyGenerator.generateKey());
        } catch (Exception e) {
            com.resmed.mon.common.log.a.d("com.resmed.mon.auth", "Error!! tryEncryptKey. Exception: " + e.getClass() + " message: " + e.getMessage(), null, 4, null);
            return null;
        }
    }

    private final KeyStore obtainKeyStore() {
        KeyStore keyStore2 = keyStore;
        if (keyStore2 != null) {
            return keyStore2;
        }
        try {
            KeyStore keyStore3 = KeyStore.getInstance(KEYSTORE);
            keyStore = keyStore3;
            k.f(keyStore3);
            keyStore3.load(null);
        } catch (Exception e) {
            AppFileLog.a(AppFileLog.LogType.DBS, "Error!! Exception accessing Android Keystore: " + e.getClass() + " message: " + e.getMessage());
        }
        return keyStore;
    }

    private final String readKey(Context context, String fileName, String transformation) {
        try {
            KeyStore obtainKeyStore = obtainKeyStore();
            k.f(obtainKeyStore);
            Key key = obtainKeyStore.getKey(ALIAS, null);
            k.g(key, "null cannot be cast to non-null type java.security.PrivateKey");
            Cipher cipher = Cipher.getInstance(transformation);
            cipher.init(2, (PrivateKey) key);
            CipherInputStream cipherInputStream = new CipherInputStream(new FileInputStream(j.r(context).toString() + File.separator + fileName), cipher);
            StringBuilder sb = new StringBuilder();
            byte[] bArr = new byte[RecyclerView.d0.FLAG_ADAPTER_FULLUPDATE];
            while (true) {
                int read = cipherInputStream.read(bArr);
                if (read == -1) {
                    cipherInputStream.close();
                    String sb2 = sb.toString();
                    k.h(sb2, "result.toString()");
                    return sb2;
                }
                sb.append(new String(bArr, 0, read, kotlin.text.c.UTF_8));
            }
        } catch (FileNotFoundException unused) {
            return "";
        } catch (Exception e) {
            j.A(AppFileLog.LogType.IPC, "Error!! Exception reading from the key store", e);
            return "";
        }
    }

    private final boolean storeKey(Context context, String key, String fileName, String transformation) {
        try {
            KeyStore obtainKeyStore = obtainKeyStore();
            k.f(obtainKeyStore);
            PublicKey publicKey = null;
            if (((PrivateKey) obtainKeyStore.getKey(ALIAS, null)) != null) {
                Certificate certificate = obtainKeyStore.getCertificate(ALIAS);
                if (certificate != null) {
                    publicKey = certificate.getPublicKey();
                }
            } else {
                KeyPair generateKey = generateKey(context);
                if (generateKey != null) {
                    publicKey = generateKey.getPublic();
                }
            }
            if (publicKey == null) {
                return false;
            }
            String str = j.r(context).toString() + File.separator + fileName;
            j.d(str);
            Cipher cipher = Cipher.getInstance(transformation);
            cipher.init(1, publicKey);
            CipherOutputStream cipherOutputStream = new CipherOutputStream(new FileOutputStream(str), cipher);
            byte[] bytes = key.getBytes(kotlin.text.c.UTF_8);
            k.h(bytes, "this as java.lang.String).getBytes(charset)");
            cipherOutputStream.write(bytes);
            cipherOutputStream.close();
            return true;
        } catch (Exception e) {
            AppFileLog.a(AppFileLog.LogType.DBS, "Error!! Exception storing the MasterPairKey: " + e.getClass() + " message: " + e.getMessage());
            return false;
        }
    }

    @SuppressLint({"NewApi"})
    public String aesDecryptText(CredentialKeyData encryptedData) {
        k.i(encryptedData, "encryptedData");
        try {
            KeyStore obtainKeyStore = obtainKeyStore();
            k.f(obtainKeyStore);
            Key key = obtainKeyStore.getKey(CREDENTIAL_AUTH_KEY_ALIAS, null);
            k.g(key, "null cannot be cast to non-null type javax.crypto.SecretKey");
            Cipher cipher = Cipher.getInstance(TRANSFORMATION_AES);
            cipher.init(2, (SecretKey) key, new IvParameterSpec(encryptedData.getIv()));
            byte[] byteCredential = cipher.doFinal(encryptedData.getDataValue());
            k.h(byteCredential, "byteCredential");
            return new String(byteCredential, kotlin.text.c.UTF_8);
        } catch (KeyPermanentlyInvalidatedException e) {
            com.resmed.mon.common.log.a.d("com.resmed.mon.auth", "Failed to initialize decryption cipher, key has been invalidated - " + e, null, 4, null);
            return null;
        } catch (Exception e2) {
            com.resmed.mon.common.log.a.d("com.resmed.mon.auth", "Failed to initialize decryption cipher - " + e2, null, 4, null);
            return null;
        }
    }

    @SuppressLint({"NewApi"})
    public CredentialKeyData aesEncryptText(String credentialKey) {
        k.i(credentialKey, "credentialKey");
        try {
            Pair<Cipher, SecretKey> generateAesKey = generateAesKey(CREDENTIAL_AUTH_KEY_ALIAS);
            if (generateAesKey == null) {
                return null;
            }
            Cipher cipher = (Cipher) generateAesKey.first;
            cipher.init(1, (SecretKey) generateAesKey.second);
            byte[] bytes = credentialKey.getBytes(kotlin.text.c.UTF_8);
            k.h(bytes, "this as java.lang.String).getBytes(charset)");
            return new CredentialKeyData(cipher.doFinal(bytes), cipher.getIV());
        } catch (KeyPermanentlyInvalidatedException e) {
            com.resmed.mon.common.log.a.d("com.resmed.mon.auth", "Failed to initialize encryption cipher, key has been invalidated - " + e, null, 4, null);
            return null;
        } catch (InvalidKeyException e2) {
            com.resmed.mon.common.log.a.d("com.resmed.mon.auth", "Failed to initialize encryption cipher - " + e2, null, 4, null);
            return null;
        } catch (BadPaddingException e3) {
            com.resmed.mon.common.log.a.d("com.resmed.mon.auth", "Failed to initialize encryption cipher - " + e3, null, 4, null);
            return null;
        } catch (IllegalBlockSizeException e4) {
            com.resmed.mon.common.log.a.d("com.resmed.mon.auth", "Failed to initialize encryption cipher - " + e4, null, 4, null);
            return null;
        }
    }

    @Override // com.resmed.mon.common.security.b
    public boolean deleteKey(Context context, String fileName) {
        k.i(context, "context");
        k.i(fileName, "fileName");
        try {
            File file = new File(j.r(context).toString() + File.separator + fileName);
            if (!file.exists()) {
                com.resmed.mon.common.log.a.d("com.resmed.mon.filelog", "KeyStore key file does not exist: " + file.getAbsolutePath(), null, 4, null);
            }
            return file.delete();
        } catch (Exception e) {
            j.A(AppFileLog.LogType.IPC, "Error!! Exception deleting from the key store", e);
            return false;
        }
    }

    public KeyPair generateKey(Context context) {
        k.i(context, "context");
        try {
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 5);
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(ALIAS, 3).setCertificateSubject(new X500Principal(X500_PRINCIPAL_NAME)).setCertificateSerialNumber(BigInteger.ONE).setEncryptionPaddings("OAEPPadding").setDigests("SHA-1").setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).build();
            k.h(build, "Builder(ALIAS, KeyProper…\n                .build()");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", KEYSTORE);
            keyPairGenerator.initialize(build);
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            AppFileLog.a(AppFileLog.LogType.DBS, "Error!! Exception generating the key for Keystore. Exception: " + e.getClass() + " message: " + e.getMessage());
            return null;
        }
    }

    @Override // com.resmed.mon.common.security.b
    public String readKey(Context context, String fileName) {
        k.i(context, "context");
        k.i(fileName, "fileName");
        return readKey(context, fileName, TRANSFORMATION_DEFAULT);
    }

    @Override // com.resmed.mon.common.security.b
    public boolean storeKey(Context context, String key, String fileName) {
        k.i(context, "context");
        k.i(key, "key");
        k.i(fileName, "fileName");
        return storeKey(context, key, fileName, TRANSFORMATION_DEFAULT);
    }
}
