package com.veridiumid.sdk.security;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import com.android.tools.r8.GeneratedOutlineSupport;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.GregorianCalendar;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;
import org.jivesoftware.smackx.omemo.util.OmemoConstants;

/* loaded from: classes6.dex */
public class SimpleAndroidKeyStoreKImpl implements SimpleAndroidKeyStore {
    private static final int BASE64_FLAGS = 2;
    private static final String RSA_TRANSFORMATION_MODE = "RSA/ECB/PKCS1Padding";
    private static final String SECRET_KEYS_STORE_FILENAME = "com.veridiumid.sdk.secret-keys-vault";
    private final Context mContext;
    private final KeyStore mKeyStore;
    private final SharedPreferences mPreferences;

    public SimpleAndroidKeyStoreKImpl(Context context) throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        this.mKeyStore = keyStore;
        keyStore.load(null);
        this.mContext = context;
        this.mPreferences = context.getSharedPreferences(SECRET_KEYS_STORE_FILENAME, 0);
    }

    private String hashPreferenceKey(String str) throws UnsupportedEncodingException, NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA256);
        byte[] bytes = str.getBytes("UTF-8");
        messageDigest.update(bytes, 0, bytes.length);
        return Base64.encodeToString(messageDigest.digest(), 2);
    }

    private SecretKey unwrapKey(String str, PrivateKey privateKey) throws InvalidKeyException, NoSuchPaddingException, NoSuchAlgorithmException {
        Cipher cipher = Cipher.getInstance(RSA_TRANSFORMATION_MODE);
        cipher.init(4, privateKey);
        return (SecretKey) cipher.unwrap(Base64.decode(str, 2), OmemoConstants.Crypto.KEYTYPE, 3);
    }

    private String wrap(SecretKey secretKey, PublicKey publicKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException {
        Cipher cipher = Cipher.getInstance(RSA_TRANSFORMATION_MODE);
        cipher.init(3, publicKey);
        return new String(Base64.encode(cipher.wrap(secretKey), 2));
    }

    @Override // com.veridiumid.sdk.security.SimpleAndroidKeyStore
    public boolean containsAlias(String str) {
        try {
            if (this.mPreferences.contains(hashPreferenceKey(str))) {
                return this.mKeyStore.containsAlias(str);
            }
            return false;
        } catch (UnsupportedEncodingException | KeyStoreException | NoSuchAlgorithmException unused) {
            return false;
        }
    }

    @Override // com.veridiumid.sdk.security.SimpleAndroidKeyStore
    public KeyPair createKeyPair(String str) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        throw new UnsupportedOperationException("Not implemented");
    }

    @Override // com.veridiumid.sdk.security.SimpleAndroidKeyStore
    public SecretKey createSecretKey(String str) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        SecretKey generateKey = KeyGenerator.getInstance(OmemoConstants.Crypto.KEYTYPE).generateKey();
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.add(1, 100);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.mContext).setAlias(str).setSerialNumber(BigInteger.ONE).setSubject(new X500Principal(GeneratedOutlineSupport.outline52("CN=", str))).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", this.mKeyStore.getProvider());
        keyPairGenerator.initialize(build);
        try {
            this.mPreferences.edit().putString(hashPreferenceKey(str), wrap(generateKey, keyPairGenerator.generateKeyPair().getPublic())).apply();
            return generateKey;
        } catch (UnsupportedEncodingException | InvalidKeyException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new InvalidAlgorithmParameterException(e);
        }
    }

    @Override // com.veridiumid.sdk.security.SimpleAndroidKeyStore
    public Key getKey(String str) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        try {
            String string = this.mPreferences.getString(hashPreferenceKey(str), null);
            if (string == null) {
                return null;
            }
            return unwrapKey(string, (PrivateKey) this.mKeyStore.getKey(str, null));
        } catch (UnsupportedEncodingException | InvalidKeyException | NoSuchPaddingException e) {
            throw new UnrecoverableKeyException(e.getMessage());
        }
    }

    @Override // com.veridiumid.sdk.security.SimpleAndroidKeyStore
    public boolean isKeyInsideHardware(PrivateKey privateKey) {
        return false;
    }

    @Override // com.veridiumid.sdk.security.SimpleAndroidKeyStore
    public boolean isKeyInsideHardware(SecretKey secretKey) {
        return false;
    }
}
