package com.squarespace.android.squarespaceapi.tokenstore;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import com.squarespace.android.commons.util.IoUtils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class SecureTokenPreM extends SecureTokenStore {
    private static final String AES_KEY_SPEC = "AES";
    private static final String AES_PROVIDER = "BC";
    private static final String AES_TRANSFORMATION = "AES/ECB/PKCS7Padding";
    private static final String ANDROID_OPEN_SSL = "AndroidOpenSSL";
    private static final String DEFAULT_CHARSET = "UTF-8";
    private static final String ENCRYPTED_KEY = "Squarespace Pre M Encrypted Key";
    private static final String PRE_M_KEY_STORAGE_PREF = "Pre M Key Pref";
    private static final String RSA_TRANSFORMATION = "RSA/ECB/PKCS1Padding";
    private final Key key;
    private final KeyStore keyStore;
    private final SharedPreferences sharedPreferences;

    public SecureTokenPreM(Context context) throws Exception {
        super(context);
        this.keyStore = KeyStore.getInstance("AndroidKeyStore");
        this.keyStore.load(null);
        this.sharedPreferences = context.getSharedPreferences(PRE_M_KEY_STORAGE_PREF, 0);
        if (!this.keyStore.containsAlias("Squarespace Key") || !this.sharedPreferences.contains(ENCRYPTED_KEY)) {
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 30);
            KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias("Squarespace Key").setSubject(new X500Principal("CN=Squarespace Key")).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            this.sharedPreferences.edit().putString(ENCRYPTED_KEY, Base64.encodeToString(encryptKey(bArr), 0)).apply();
        }
        this.key = getSecretKey();
    }

    private byte[] decryptKey(byte[] bArr) throws Exception {
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.keyStore.getEntry("Squarespace Key", null);
        Cipher cipher = Cipher.getInstance(RSA_TRANSFORMATION, ANDROID_OPEN_SSL);
        cipher.init(2, privateKeyEntry.getPrivateKey());
        return IoUtils.asBytes(new CipherInputStream(new ByteArrayInputStream(bArr), cipher));
    }

    private byte[] encryptKey(byte[] bArr) throws Exception {
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.keyStore.getEntry("Squarespace Key", null);
        Cipher cipher = Cipher.getInstance(RSA_TRANSFORMATION, ANDROID_OPEN_SSL);
        cipher.init(1, privateKeyEntry.getCertificate().getPublicKey());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(bArr);
        cipherOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    private Key getSecretKey() throws Exception {
        return new SecretKeySpec(decryptKey(Base64.decode(this.sharedPreferences.getString(ENCRYPTED_KEY, null), 0)), "AES");
    }

    @Override // com.squarespace.android.squarespaceapi.tokenstore.SecureTokenStore
    protected String decryptCipherText(EncryptedObject encryptedObject) throws Exception {
        Cipher cipher = Cipher.getInstance(AES_TRANSFORMATION, AES_PROVIDER);
        cipher.init(2, this.key);
        return new String(cipher.doFinal(encryptedObject.getCipherBytes()), "UTF-8");
    }

    @Override // com.squarespace.android.squarespaceapi.tokenstore.SecureTokenStore
    protected EncryptedObject encryptPlainText(String str) throws Exception {
        Cipher cipher = Cipher.getInstance(AES_TRANSFORMATION, AES_PROVIDER);
        cipher.init(1, this.key);
        return new EncryptedObject(cipher.doFinal(str.getBytes("UTF-8")), null);
    }
}
