package com.here.trackingdemo.trackerlibrary.persistency.encryption.keystore;

import a3.c;
import android.content.Context;
import android.content.SharedPreferences;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import com.here.trackingdemo.trackerlibrary.persistency.EncryptionPrefs;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import w0.w;

/* loaded from: classes.dex */
public final class KeyStoreProviderBeforeM implements KeyStoreProvider {
    private final Context context;
    private final SharedPreferences preferences;

    public KeyStoreProviderBeforeM(Context context, @EncryptionPrefs SharedPreferences sharedPreferences) {
        if (context == null) {
            w.m("context");
            throw null;
        }
        if (sharedPreferences == null) {
            w.m("preferences");
            throw null;
        }
        this.context = context;
        this.preferences = sharedPreferences;
    }

    private final byte[] fetchEncryptedKey() {
        byte[] decode = Base64.decode(this.preferences.getString("aes_encrypted_key", null), 0);
        w.e(decode, "Base64.decode(encryptedKeyB64, Base64.DEFAULT)");
        return decode;
    }

    private final Key fetchKey(KeyStore keyStore) {
        return new SecretKeySpec(rsaDecrypt(keyStore, fetchEncryptedKey()), "AES");
    }

    private final SecretKey generateKey(KeyStore keyStore) {
        generateKeyPair();
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        byte[] rsaEncrypt = rsaEncrypt(keyStore, bArr);
        storeEncryptedKey(rsaEncrypt);
        return new SecretKeySpec(rsaDecrypt(keyStore, rsaEncrypt), "AES");
    }

    private final void generateKeyPair() {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 30);
        KeyPairGeneratorSpec.Builder serialNumber = new KeyPairGeneratorSpec.Builder(this.context).setAlias(KeyStoreProviderKt.ALIAS).setSubject(new X500Principal("CN=HERETrackerAlias")).setSerialNumber(BigInteger.TEN);
        w.e(calendar, "start");
        KeyPairGeneratorSpec build = serialNumber.setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        w.e(build, "KeyPairGeneratorSpec.Bui…\n                .build()");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", KeyStoreProviderKt.ANDROID_KEY_STORE);
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
    }

    private final byte[] rsaDecrypt(KeyStore keyStore, byte[] bArr) throws Exception {
        byte[] bArr2;
        KeyStore.Entry entry = keyStore.getEntry(KeyStoreProviderKt.ALIAS, null);
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) (entry instanceof KeyStore.PrivateKeyEntry ? entry : null);
        if (privateKeyEntry == null) {
            bArr2 = KeyStoreProviderBeforeMKt.EMPTY_BYTE_ARRAY;
            return bArr2;
        }
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
        cipher.init(2, privateKeyEntry.getPrivateKey());
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        int size = arrayList.size();
        byte[] bArr3 = new byte[size];
        for (int i4 = 0; i4 < size; i4++) {
            Object obj = arrayList.get(i4);
            w.e(obj, "values[i]");
            bArr3[i4] = ((Number) obj).byteValue();
        }
        return bArr3;
    }

    private final byte[] rsaEncrypt(KeyStore keyStore, byte[] bArr) throws Exception {
        byte[] bArr2;
        KeyStore.Entry entry = keyStore.getEntry(KeyStoreProviderKt.ALIAS, null);
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) (entry instanceof KeyStore.PrivateKeyEntry ? entry : null);
        if (privateKeyEntry == null) {
            bArr2 = KeyStoreProviderBeforeMKt.EMPTY_BYTE_ARRAY;
            return bArr2;
        }
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
        Certificate certificate = privateKeyEntry.getCertificate();
        w.e(certificate, "it.certificate");
        cipher.init(1, certificate.getPublicKey());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(bArr);
        cipherOutputStream.close();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        w.e(byteArray, "outputStream.toByteArray()");
        return byteArray;
    }

    private final void storeEncryptedKey(byte[] bArr) {
        String encodeToString = Base64.encodeToString(bArr, 0);
        SharedPreferences.Editor edit = this.preferences.edit();
        edit.putString("aes_encrypted_key", encodeToString);
        edit.apply();
    }

    @Override // com.here.trackingdemo.trackerlibrary.persistency.encryption.keystore.KeyStoreProvider
    public Key secretKey() {
        KeyStore keyStore = KeyStore.getInstance(KeyStoreProviderKt.ANDROID_KEY_STORE);
        keyStore.load(null);
        boolean containsAlias = keyStore.containsAlias(KeyStoreProviderKt.ALIAS);
        if (containsAlias) {
            return fetchKey(keyStore);
        }
        if (containsAlias) {
            throw new c();
        }
        return generateKey(keyStore);
    }
}
