package com.adobe.echosign.echosignutils;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
public final class ASSecurityManager {
    private static final String ANDROID_KEYSTORE_PROVIDER = "AndroidKeyStore";
    private static final String ENCRYPTION_ALGORITHM_NAME = "AES";
    private static final int ENCRYPTION_KEY_SIZE_128 = 128;
    private static final String ENCRYPTION_MODE_WITH_PADDING_AES = "AES/CBC/PKCS5Padding";
    private static final String ENCRYPTION_MODE_WITH_PADDING_RSA = "RSA/ECB/PKCS1Padding";
    private static final String TOKENS_SECRET_IVKEY = "connectorsTokensSecretIVKey";
    private static final String TOKENS_SECRET_KEY = "connectorsTokensSecretKey";
    private Context mContext;
    private ASKeystoreHandler mHandler;
    private SecretKey mSecretKey;

    /* loaded from: classes2.dex */
    public interface ASKeystoreHandler {
        SharedPreferences getKeyStorePreferences();

        String getKeyStoreSecretKeyAlias();
    }

    private ASSecurityManager() {
    }

    public ASSecurityManager(Context context, ASKeystoreHandler aSKeystoreHandler) {
        this.mContext = context;
        this.mHandler = aSKeystoreHandler;
    }

    private static byte[] decrypt(Key key, byte[] bArr, byte[] bArr2) throws Exception {
        if (key instanceof SecretKey) {
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, key, ivParameterSpec);
            return cipher.doFinal(bArr2);
        }
        if (!(key instanceof PrivateKey)) {
            throw new Exception("ASSecurityManager:decrypt - key of type " + key.getClass().getName() + " not supported");
        }
        EchosignLog.log("size of the data is " + bArr2.length);
        Cipher cipher2 = Cipher.getInstance(ENCRYPTION_MODE_WITH_PADDING_RSA);
        cipher2.init(2, key);
        return cipher2.doFinal(bArr2);
    }

    private static byte[] encrypt(Key key, byte[] bArr, byte[] bArr2) throws Exception {
        if (key instanceof SecretKey) {
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, key, ivParameterSpec);
            return cipher.doFinal(bArr2);
        }
        if (key instanceof PublicKey) {
            Cipher cipher2 = Cipher.getInstance(ENCRYPTION_MODE_WITH_PADDING_RSA);
            cipher2.init(1, key);
            return cipher2.doFinal(bArr2);
        }
        throw new Exception("ASSecurityManager:encrypt - key passed of type " + key.getClass().getName() + ". Only SecretKey or PublicKey allowed");
    }

    private static byte[] generateIVBytes(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private static SecretKey generateKey(String str, int i) throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(str);
        keyGenerator.init(i, new SecureRandom());
        return keyGenerator.generateKey();
    }

    private static PublicKey generateKeyUsingKeystore(Context context, String str) throws Exception {
        if (Build.VERSION.SDK_INT < 19) {
            return null;
        }
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        calendar.add(1, 25);
        Date time2 = calendar.getTime();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEYSTORE_PROVIDER);
        keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(context).setAlias(str).setStartDate(time).setEndDate(time2).setKeySize(2048).setSerialNumber(BigInteger.valueOf(1L)).setSubject(new X500Principal(String.format("CN=%s, OU=%s", str, context.getPackageName()))).build());
        keyPairGenerator.generateKeyPair();
        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE_PROVIDER);
        keyStore.load(null);
        return ((KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null)).getCertificate().getPublicKey();
    }

    private SecretKey generateRandomKey() throws NoSuchAlgorithmException {
        SecretKey generateKey = generateKey("AES", 128);
        String encodeToString = Base64.encodeToString(generateIVBytes(16), 0);
        SharedPreferences.Editor edit = this.mHandler.getKeyStorePreferences().edit();
        edit.putString(TOKENS_SECRET_IVKEY, encodeToString);
        edit.apply();
        return generateKey;
    }

    private byte[] getCryptorIv() {
        String string;
        byte[] bArr = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
        ASKeystoreHandler aSKeystoreHandler = this.mHandler;
        return (aSKeystoreHandler == null || (string = aSKeystoreHandler.getKeyStorePreferences().getString(TOKENS_SECRET_IVKEY, null)) == null) ? bArr : Base64.decode(string, 0);
    }

    private SecretKey getCryptorKey() throws Exception {
        SecretKey generateRandomKey;
        KeyStore.PrivateKeyEntry secretKeyEntryFromKeyStore;
        ASKeystoreHandler aSKeystoreHandler = this.mHandler;
        if (aSKeystoreHandler != null) {
            SharedPreferences keyStorePreferences = aSKeystoreHandler.getKeyStorePreferences();
            if (this.mSecretKey == null) {
                if (isSecretKeyPresentInPrefs(keyStorePreferences)) {
                    String string = keyStorePreferences.getString(TOKENS_SECRET_KEY, null);
                    EchosignLog.log("ASSecurityManager:getCryptorKey - SecretKey as read from preferences " + string);
                    if (string != null) {
                        byte[] decode = Base64.decode(string, 0);
                        EchosignLog.log("ASSecurityManager:getCryptorKey - SecretKey after decoding as read from preferences " + Arrays.toString(decode));
                        if (isSecretKeyPresentInKeyStore(this.mHandler.getKeyStoreSecretKeyAlias()) && (secretKeyEntryFromKeyStore = getSecretKeyEntryFromKeyStore(this.mHandler.getKeyStoreSecretKeyAlias())) != null) {
                            EchosignLog.log("ASSecurityManager:getCryptorKey - SecretKey after decoding as read from preferences is encrypted");
                            decode = decrypt(secretKeyEntryFromKeyStore.getPrivateKey(), getCryptorIv(), decode);
                            EchosignLog.log("ASSecurityManager:getCryptorKey - decrypted secret key " + Arrays.toString(decode));
                        }
                        this.mSecretKey = new SecretKeySpec(decode, "AES");
                    }
                }
                if (this.mSecretKey == null && (generateRandomKey = generateRandomKey()) != null) {
                    byte[] encoded = generateRandomKey.getEncoded();
                    PublicKey generateKeyUsingKeystore = generateKeyUsingKeystore(this.mContext, this.mHandler.getKeyStoreSecretKeyAlias());
                    if (generateKeyUsingKeystore != null) {
                        byte[] encoded2 = generateRandomKey.getEncoded();
                        EchosignLog.log("ASSecurityManager:getCryptorKey - unencrypted decoded secret key " + Arrays.toString(encoded2));
                        encoded = encrypt(generateKeyUsingKeystore, getCryptorIv(), encoded2);
                        EchosignLog.log("ASSecurityManager:getCryptorKey - encrypted decoded secret key " + Arrays.toString(encoded));
                        EchosignLog.log("ASSecurityManager:getCryptorKey - encrypted encoded secret key " + Base64.encodeToString(encoded, 0));
                    }
                    SharedPreferences.Editor edit = keyStorePreferences.edit();
                    edit.putString(TOKENS_SECRET_KEY, Base64.encodeToString(encoded, 0));
                    edit.apply();
                    this.mSecretKey = generateRandomKey;
                }
            }
        }
        return this.mSecretKey;
    }

    private static KeyStore.PrivateKeyEntry getSecretKeyEntryFromKeyStore(String str) {
        if (Build.VERSION.SDK_INT < 19) {
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE_PROVIDER);
            keyStore.load(null);
            return (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null);
        } catch (Exception e) {
            EchosignLog.log("getSecretKeyEntryFromKeyStore" + e);
            return null;
        }
    }

    private boolean isCloudSecretKeyPresentInPreferences() {
        return this.mHandler.getKeyStorePreferences().contains(TOKENS_SECRET_KEY);
    }

    private boolean isSecretKeyPresent() {
        return isCloudSecretKeyPresentInPreferences() || isSecretKeyPresentInKeyStore(this.mHandler.getKeyStoreSecretKeyAlias());
    }

    private static boolean isSecretKeyPresentInKeyStore(String str) {
        if (!(Build.VERSION.SDK_INT >= 19)) {
            return false;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE_PROVIDER);
            keyStore.load(null);
            return keyStore.containsAlias(str);
        } catch (Exception e) {
            EchosignLog.log("isSecretKeyPresentInKeyStore" + e);
            return false;
        }
    }

    private boolean isSecretKeyPresentInPrefs(SharedPreferences sharedPreferences) {
        return sharedPreferences.contains(TOKENS_SECRET_KEY);
    }

    private static void removeKeyFromKeyStore(String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE_PROVIDER);
        keyStore.load(null);
        keyStore.deleteEntry(str);
    }

    public String decrypt(String str) {
        return (str == null || !isSecretKeyPresent()) ? str : new String(decrypt(Base64.decode(str.getBytes(), 0)));
    }

    public byte[] decrypt(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return bArr;
        }
        try {
            return decrypt(getCryptorKey(), getCryptorIv(), bArr);
        } catch (Exception e) {
            EchosignLog.log("ASSecurityManager:decrypt " + e);
            return bArr;
        }
    }

    public String encrypt(String str) {
        if (str == null) {
            return str;
        }
        String encodeToString = Base64.encodeToString(encrypt(str.getBytes()), 0);
        EchosignLog.log("encrypted value = " + encodeToString);
        return encodeToString;
    }

    public byte[] encrypt(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return bArr;
        }
        try {
            return encrypt(getCryptorKey(), getCryptorIv(), bArr);
        } catch (Exception e) {
            removeSecretKey();
            EchosignLog.log("ASSecurityManager:encrypt " + e.getMessage());
            return bArr;
        }
    }

    public void removeSecretKey() {
        SharedPreferences.Editor edit = this.mHandler.getKeyStorePreferences().edit();
        edit.remove(TOKENS_SECRET_KEY);
        edit.remove(TOKENS_SECRET_IVKEY);
        edit.apply();
        try {
            removeKeyFromKeyStore(this.mHandler.getKeyStoreSecretKeyAlias());
        } catch (Exception unused) {
        }
        this.mSecretKey = null;
    }
}
