package com.gallagher.security.commandcentremobile.services;

import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import ch.qos.logback.core.joran.action.Action;
import com.gallagher.security.commandcentremobile.FatalError;
import com.gallagher.security.commandcentremobile.Preferences;
import com.gallagher.security.commandcentremobile.common.Util;
import com.gallagher.security.commandcentremobile.common.UtilKt;
import com.gallagher.security.libasn.AsnObject;
import com.gallagher.security.libasn.AsnObjectIdentifiers;
import com.gallagher.security.libasn.AsnTag;
import com.google.android.gms.common.util.ArrayUtils;
import com.google.firebase.messaging.Constants;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.collections.ArraysKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.interfaces.ECPrivateKey;
import org.bouncycastle.jce.interfaces.ECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPrivateKeySpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* compiled from: E2eEncryptionService.kt */
@Metadata(d1 = {"\u0000>\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0002\b\t\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\u0018\u0000 \u001d2\u00020\u0001:\u0001\u001dB\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0010\u0010\u0007\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\bH\u0002J\u000e\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\u000bJ\u0016\u0010\r\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\u000b2\u0006\u0010\u000e\u001a\u00020\u000bJ\u0018\u0010\u000f\u001a\u00020\u000b2\u0006\u0010\u0010\u001a\u00020\u000b2\u0006\u0010\u0011\u001a\u00020\bH\u0002J\u0006\u0010\u0012\u001a\u00020\u0006J\b\u0010\u0013\u001a\u00020\u0006H\u0002J\b\u0010\u0014\u001a\u00020\u0015H\u0003J\u0006\u0010\u0016\u001a\u00020\u000bJ\b\u0010\u0017\u001a\u00020\u0006H\u0002J\b\u0010\u0018\u001a\u00020\u0019H\u0002J\b\u0010\u001a\u001a\u00020\u001bH\u0002J\b\u0010\u001c\u001a\u00020\u000bH\u0002R\u0010\u0010\u0005\u001a\u0004\u0018\u00010\u0006X\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u001e"}, d2 = {"Lcom/gallagher/security/commandcentremobile/services/E2eEncryptionService;", "", "mPreferences", "Lcom/gallagher/security/commandcentremobile/Preferences;", "(Lcom/gallagher/security/commandcentremobile/Preferences;)V", "mKeyPair", "Ljava/security/KeyPair;", "calculatePublicKeyFromSecret", "Ljava/security/Key;", "secretKey", "decrypt", "", Constants.ScionAnalytics.MessageType.DATA_MESSAGE, "encrypt", "sitePublicKey", "encryptSecretKeyUsingAes", "clearBytes", Action.KEY_ATTRIBUTE, "generateKeyPair", "generateRsaKeyPair", "getAesEcEncryptorKey", "Ljavax/crypto/SecretKey;", "getClientPublicKey", "getKeyPair", "getRsaEcEncryptorKey", "Ljava/security/PrivateKey;", "getRsaPublicKey", "Ljava/security/PublicKey;", "getSecretKeyIv", "Companion", "app_release"}, k = 1, mv = {1, 5, 1}, xi = 48)
/* loaded from: classes.dex */
public final class E2eEncryptionService {
    private static final String AES_IDENTIFIER = "AES-";
    private static final String AES_TRANSFORMATION = "AES/CBC/PKCS7Padding";
    private static final String EC_ALGORITHM_STRING = "ecdh";
    private static final String ELLIPTIC_CURVE_NAME = "secp256r1";
    private static final String PROVIDER = "BC";
    private static final String RSA_EC_ENCRYPTOR_KEY_ALIAS = "EcRsaKey";
    private static final String RSA_IDENTIFIER = "RSA-";
    private static final String RSA_TRANSFORMATION = "RSA/ECB/PKCS1Padding";
    private static final ECNamedCurveParameterSpec ecNamedCurveParameterSpec;
    private static final ECParameterSpec ecParameterSpec;
    private KeyPair mKeyPair;
    private final Preferences mPreferences;

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) E2eEncryptionService.class);

    /* compiled from: E2eEncryptionService.kt */
    @Metadata(d1 = {"\u0000F\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0002\b\b\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0010\u000b\n\u0002\b\u0006\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0018\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u0016H\u0002J \u0010\u0018\u001a\u00020\u00142\u0006\u0010\u0019\u001a\u00020\u00142\u0006\u0010\u001a\u001a\u00020\u00162\u0006\u0010\u001b\u001a\u00020\u0014H\u0002J\u0018\u0010\u001c\u001a\u00020\u00142\u0006\u0010\u0019\u001a\u00020\u00142\u0006\u0010\u001a\u001a\u00020\u0016H\u0002J \u0010\u001d\u001a\u00020\u00142\u0006\u0010\u001e\u001a\u00020\u00142\u0006\u0010\u001a\u001a\u00020\u001f2\u0006\u0010\u001b\u001a\u00020\u0014H\u0002J\u0018\u0010 \u001a\u00020\u00142\u0006\u0010\u001e\u001a\u00020\u00142\u0006\u0010\u001a\u001a\u00020\u0016H\u0002J\b\u0010!\u001a\u00020\u0014H\u0002J\u0018\u0010\"\u001a\u00020\u00142\u0006\u0010\u001a\u001a\u00020\u00142\u0006\u0010#\u001a\u00020\u0014H\u0002J\u0010\u0010$\u001a\u00020\u00162\u0006\u0010%\u001a\u00020\u0014H\u0002J0\u0010&\u001a\u00020'2\u0006\u0010(\u001a\u00020\u00142\u0006\u0010)\u001a\u00020\u00142\u0006\u0010*\u001a\u00020\u00142\u0006\u0010+\u001a\u00020\u00142\u0006\u0010,\u001a\u00020\u0014H\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u0016\u0010\b\u001a\n \n*\u0004\u0018\u00010\t0\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u000b\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\r\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u000e\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u0016\u0010\u000f\u001a\n \n*\u0004\u0018\u00010\u00100\u0010X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0011\u001a\u00020\u0012X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006-"}, d2 = {"Lcom/gallagher/security/commandcentremobile/services/E2eEncryptionService$Companion;", "", "()V", "AES_IDENTIFIER", "", "AES_TRANSFORMATION", "EC_ALGORITHM_STRING", "ELLIPTIC_CURVE_NAME", "LOG", "Lorg/slf4j/Logger;", "kotlin.jvm.PlatformType", "PROVIDER", "RSA_EC_ENCRYPTOR_KEY_ALIAS", "RSA_IDENTIFIER", "RSA_TRANSFORMATION", "ecNamedCurveParameterSpec", "Lorg/bouncycastle/jce/spec/ECNamedCurveParameterSpec;", "ecParameterSpec", "Lorg/bouncycastle/jce/spec/ECParameterSpec;", "createSharedSecret", "", "secretKey", "Ljava/security/Key;", "publicKey", "decryptUsingAes", "cipherBytes", Action.KEY_ATTRIBUTE, "iv", "decryptUsingRsa", "encryptUsingAes", "clearBytes", "Ljavax/crypto/spec/SecretKeySpec;", "encryptUsingRsa", "getRandomBytes", "hmac", "message", "parsePublicKeyBytes", "publicKeyBytes", "verifyHmac", "", "cipherTextBytes", "ivBytes", "ephemeralPublicKeyBytes", "passedHmacBytes", "sharedSecretMacBytes", "app_release"}, k = 1, mv = {1, 5, 1}, xi = 48)
    /* loaded from: classes.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final byte[] createSharedSecret(Key secretKey, Key publicKey) {
            KeyAgreement keyAgreement = KeyAgreement.getInstance(E2eEncryptionService.EC_ALGORITHM_STRING, "BC");
            keyAgreement.init(secretKey);
            keyAgreement.doPhase(publicKey, true);
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(keyAgreement.generateSecret("AES").getEncoded());
            Intrinsics.checkNotNullExpressionValue(digest, "digest.digest(result.encoded)");
            return digest;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final byte[] decryptUsingAes(byte[] cipherBytes, Key key, byte[] iv) {
            Cipher cipher = Cipher.getInstance(E2eEncryptionService.AES_TRANSFORMATION);
            cipher.init(2, key, new IvParameterSpec(iv));
            byte[] doFinal = cipher.doFinal(cipherBytes);
            Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(cipherBytes)");
            return doFinal;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final byte[] decryptUsingRsa(byte[] cipherBytes, Key key) {
            Cipher cipher = Cipher.getInstance(E2eEncryptionService.RSA_TRANSFORMATION);
            cipher.init(2, key);
            byte[] doFinal = cipher.doFinal(cipherBytes);
            Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(cipherBytes)");
            return doFinal;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final byte[] encryptUsingAes(byte[] clearBytes, SecretKeySpec key, byte[] iv) {
            Cipher cipher = Cipher.getInstance(E2eEncryptionService.AES_TRANSFORMATION);
            cipher.init(1, key, new IvParameterSpec(iv));
            byte[] doFinal = cipher.doFinal(clearBytes);
            Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(clearBytes)");
            return doFinal;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final byte[] encryptUsingRsa(byte[] clearBytes, Key key) {
            Cipher cipher = Cipher.getInstance(E2eEncryptionService.RSA_TRANSFORMATION);
            cipher.init(1, key);
            byte[] doFinal = cipher.doFinal(clearBytes);
            Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(clearBytes)");
            return doFinal;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final byte[] getRandomBytes() {
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            return bArr;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final byte[] hmac(byte[] key, byte[] message) {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(key, "HmacSHA256"));
            byte[] doFinal = mac.doFinal(message);
            Intrinsics.checkNotNullExpressionValue(doFinal, "mac.doFinal(message)");
            return doFinal;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final Key parsePublicKeyBytes(byte[] publicKeyBytes) {
            PublicKey generatePublic = KeyFactory.getInstance(E2eEncryptionService.EC_ALGORITHM_STRING, "BC").generatePublic(new ECPublicKeySpec(E2eEncryptionService.ecNamedCurveParameterSpec.getCurve().decodePoint(publicKeyBytes), E2eEncryptionService.ecParameterSpec));
            Intrinsics.checkNotNullExpressionValue(generatePublic, "kf.generatePublic(publicKeySpec)");
            return generatePublic;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final boolean verifyHmac(byte[] cipherTextBytes, byte[] ivBytes, byte[] ephemeralPublicKeyBytes, byte[] passedHmacBytes, byte[] sharedSecretMacBytes) {
            byte[] concatByteArrays = ArrayUtils.concatByteArrays(cipherTextBytes, ivBytes, ephemeralPublicKeyBytes);
            Intrinsics.checkNotNullExpressionValue(concatByteArrays, "concatByteArrays(cipherTextBytes, ivBytes, ephemeralPublicKeyBytes)");
            byte[] hmac = hmac(sharedSecretMacBytes, concatByteArrays);
            Util.Assert(hmac.length == 32);
            return Arrays.equals(hmac, passedHmacBytes);
        }
    }

    static {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(ELLIPTIC_CURVE_NAME);
        ecNamedCurveParameterSpec = parameterSpec;
        ecParameterSpec = new ECParameterSpec(parameterSpec.getCurve(), parameterSpec.getG(), parameterSpec.getN(), parameterSpec.getH());
    }

    public E2eEncryptionService(Preferences mPreferences) {
        Intrinsics.checkNotNullParameter(mPreferences, "mPreferences");
        this.mPreferences = mPreferences;
        Security.removeProvider("BC");
        Security.addProvider(new BouncyCastleProvider());
    }

    private final Key calculatePublicKeyFromSecret(Key secretKey) {
        ECParameterSpec eCParameterSpec = ecParameterSpec;
        PublicKey generatePublic = KeyFactory.getInstance(EC_ALGORITHM_STRING, "BC").generatePublic(new ECPublicKeySpec(eCParameterSpec.getG().multiply(((ECPrivateKey) secretKey).getD()), eCParameterSpec));
        Intrinsics.checkNotNullExpressionValue(generatePublic, "kf.generatePublic(pubKeySpec)");
        return generatePublic;
    }

    private final byte[] encryptSecretKeyUsingAes(byte[] clearBytes, Key key) {
        Cipher cipher = Cipher.getInstance(AES_TRANSFORMATION);
        cipher.init(1, key);
        byte[] iv = cipher.getIV();
        Preferences preferences = this.mPreferences;
        Intrinsics.checkNotNullExpressionValue(iv, "iv");
        preferences.setEncryptedE2eSecretKeyIv(UtilKt.encodeBase64(iv));
        byte[] doFinal = cipher.doFinal(clearBytes);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(clearBytes)");
        return doFinal;
    }

    private final KeyPair generateRsaKeyPair() {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 30);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(ServiceLocator.INSTANCE.getContext()).setAlias(RSA_EC_ENCRYPTOR_KEY_ALIAS).setKeySize(2048).setSubject(new X500Principal("CN=Gallagher , O=GGL C=NZ")).setSerialNumber(BigInteger.valueOf(Math.abs(new SecureRandom().nextLong()))).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        Intrinsics.checkNotNullExpressionValue(build, "Builder(ServiceLocator.context)\n                .setAlias(RSA_EC_ENCRYPTOR_KEY_ALIAS)\n                .setKeySize(2048)\n                .setSubject(X500Principal(\"CN=Gallagher , O=GGL C=NZ\"))\n                .setSerialNumber(randomSerialNumber)\n                .setStartDate(start.time)\n                .setEndDate(end.time)\n                .build()");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(build);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        Intrinsics.checkNotNullExpressionValue(generateKeyPair, "generator.generateKeyPair()");
        return generateKeyPair;
    }

    private final SecretKey getAesEcEncryptorKey() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            if (Intrinsics.areEqual(aliases.nextElement(), "EcAesKey")) {
                Key key = keyStore.getKey("EcAesKey", null);
                if (key != null) {
                    return (SecretKey) key;
                }
                throw new NullPointerException("null cannot be cast to non-null type javax.crypto.SecretKey");
            }
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder("EcAesKey", 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding");
        Intrinsics.checkNotNullExpressionValue(encryptionPaddings, "Builder(ecEncryptorKeyAlias, KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT)\n                .setBlockModes(KeyProperties.BLOCK_MODE_CBC)\n                .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)");
        if (Build.VERSION.SDK_INT < 28 || !ServiceLocator.INSTANCE.getContext().getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore")) {
            LOG.trace("Generating Keypair. Phone does not support Strongbox.");
        } else {
            LOG.trace("Generating Keypair using Strongbox.");
            encryptionPaddings.setIsStrongBoxBacked(true);
            keyGenerator.init(encryptionPaddings.build());
            try {
                SecretKey generateKey = keyGenerator.generateKey();
                Intrinsics.checkNotNullExpressionValue(generateKey, "keyGenerator.generateKey()");
                return generateKey;
            } catch (Exception e) {
                LOG.error("Unable to generate key using Strongbox. Generating without", (Throwable) e);
                encryptionPaddings.setIsStrongBoxBacked(false);
            }
        }
        keyGenerator.init(encryptionPaddings.build());
        SecretKey generateKey2 = keyGenerator.generateKey();
        Intrinsics.checkNotNullExpressionValue(generateKey2, "keyGenerator.generateKey()");
        return generateKey2;
    }

    private final KeyPair getKeyPair() {
        String stringPlus;
        byte[] decryptUsingRsa;
        KeyPair keyPair = this.mKeyPair;
        if (keyPair != null) {
            return keyPair;
        }
        String encryptedE2eSecretKey = this.mPreferences.getEncryptedE2eSecretKey();
        if (encryptedE2eSecretKey == null) {
            KeyPair generateKeyPair = generateKeyPair();
            PrivateKey privateKey = generateKeyPair.getPrivate();
            if (privateKey == null) {
                throw new NullPointerException("null cannot be cast to non-null type org.bouncycastle.jce.interfaces.ECPrivateKey");
            }
            byte[] secretKeyBytes = ((ECPrivateKey) privateKey).getD().toByteArray();
            Preferences preferences = this.mPreferences;
            if (Build.VERSION.SDK_INT >= 23) {
                Intrinsics.checkNotNullExpressionValue(secretKeyBytes, "secretKeyBytes");
                stringPlus = Intrinsics.stringPlus(AES_IDENTIFIER, UtilKt.encodeBase64(encryptSecretKeyUsingAes(secretKeyBytes, getAesEcEncryptorKey())));
            } else {
                Companion companion = INSTANCE;
                Intrinsics.checkNotNullExpressionValue(secretKeyBytes, "secretKeyBytes");
                stringPlus = Intrinsics.stringPlus(RSA_IDENTIFIER, UtilKt.encodeBase64(companion.encryptUsingRsa(secretKeyBytes, getRsaPublicKey())));
            }
            preferences.setEncryptedE2eSecretKey(stringPlus);
            LOG.trace("New EC Keypair generated and stored in preferences");
            this.mKeyPair = generateKeyPair;
            return generateKeyPair;
        }
        String substring = encryptedE2eSecretKey.substring(0, 4);
        Intrinsics.checkNotNullExpressionValue(substring, "(this as java.lang.Strin…ing(startIndex, endIndex)");
        String substring2 = encryptedE2eSecretKey.substring(4);
        Intrinsics.checkNotNullExpressionValue(substring2, "(this as java.lang.String).substring(startIndex)");
        byte[] decodeBase64 = UtilKt.decodeBase64(substring2);
        if (Intrinsics.areEqual(substring, AES_IDENTIFIER)) {
            decryptUsingRsa = INSTANCE.decryptUsingAes(decodeBase64, getAesEcEncryptorKey(), getSecretKeyIv());
        } else {
            if (!Intrinsics.areEqual(substring, RSA_IDENTIFIER)) {
                this.mPreferences.setEncryptedE2eSecretKey(null);
                throw new InvalidKeyException("Encrypted secret key is corrupted", null);
            }
            decryptUsingRsa = INSTANCE.decryptUsingRsa(decodeBase64, getRsaEcEncryptorKey());
        }
        PrivateKey secretKey = KeyFactory.getInstance(EC_ALGORITHM_STRING, "BC").generatePrivate(new ECPrivateKeySpec(new BigInteger(decryptUsingRsa), ecParameterSpec));
        LOG.trace("Existing EC Keypair restored from preferences");
        Intrinsics.checkNotNullExpressionValue(secretKey, "secretKey");
        KeyPair keyPair2 = new KeyPair((ECPublicKey) calculatePublicKeyFromSecret(secretKey), (ECPrivateKey) secretKey);
        this.mKeyPair = keyPair2;
        return keyPair2;
    }

    private final PrivateKey getRsaEcEncryptorKey() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            if (Intrinsics.areEqual(aliases.nextElement(), RSA_EC_ENCRYPTOR_KEY_ALIAS)) {
                Key key = keyStore.getKey(RSA_EC_ENCRYPTOR_KEY_ALIAS, null);
                if (key != null) {
                    return (PrivateKey) key;
                }
                throw new NullPointerException("null cannot be cast to non-null type java.security.PrivateKey");
            }
        }
        PrivateKey privateKey = generateRsaKeyPair().getPrivate();
        Intrinsics.checkNotNullExpressionValue(privateKey, "generateRsaKeyPair().private");
        return privateKey;
    }

    private final PublicKey getRsaPublicKey() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            if (Intrinsics.areEqual(aliases.nextElement(), RSA_EC_ENCRYPTOR_KEY_ALIAS)) {
                PublicKey publicKey = keyStore.getCertificate(RSA_EC_ENCRYPTOR_KEY_ALIAS).getPublicKey();
                Intrinsics.checkNotNullExpressionValue(publicKey, "ks.getCertificate(RSA_EC_ENCRYPTOR_KEY_ALIAS).publicKey");
                return publicKey;
            }
        }
        PublicKey publicKey2 = generateRsaKeyPair().getPublic();
        Intrinsics.checkNotNullExpressionValue(publicKey2, "generateRsaKeyPair().public");
        return publicKey2;
    }

    private final byte[] getSecretKeyIv() {
        String encryptedE2eSecretKeyIv = this.mPreferences.getEncryptedE2eSecretKeyIv();
        if (encryptedE2eSecretKeyIv != null) {
            return UtilKt.decodeBase64(encryptedE2eSecretKeyIv);
        }
        throw new FatalError("No IV saved for encrypted E2E secret key");
    }

    public final byte[] decrypt(byte[] data) {
        Intrinsics.checkNotNullParameter(data, "data");
        AsnObject derDecode = AsnObject.derDecode(data);
        if (derDecode == null || !Intrinsics.areEqual(derDecode.getTag(), AsnTag.Simple.SEQUENCE) || derDecode.getChildren() == null) {
            throw new InvalidParameterException("data was not an E2E ASN Object");
        }
        List<AsnObject> children = derDecode.getChildren();
        Intrinsics.checkNotNull(children);
        Iterator<AsnObject> it = children.iterator();
        if (!it.hasNext()) {
            throw new Exception("Invalid E2E message received - no leading message oid");
        }
        byte[] value = it.next().getValue();
        if (value == null) {
            value = new byte[0];
        }
        String decodeObjectIdentifier = AsnObject.decodeObjectIdentifier(value);
        Intrinsics.checkNotNullExpressionValue(decodeObjectIdentifier, "decodeObjectIdentifier(asnIterator.next().value ?: ByteArray(0))");
        if (!Intrinsics.areEqual(decodeObjectIdentifier, AsnObjectIdentifiers.GGL_E2E_ENCRYPTED_PACKET)) {
            throw new Exception("Invalid E2E message received - bad message oid");
        }
        byte[] bArr = null;
        byte[] bArr2 = null;
        byte[] bArr3 = null;
        byte[] bArr4 = null;
        while (it.hasNext()) {
            AsnObject next = it.next();
            if (Intrinsics.areEqual(next.getTag(), AsnTag.Simple.SEQUENCE) && next.getChildren() != null) {
                List<AsnObject> children2 = next.getChildren();
                Intrinsics.checkNotNull(children2);
                Iterator<AsnObject> it2 = children2.iterator();
                if (it2.hasNext()) {
                    byte[] value2 = it2.next().getValue();
                    if (value2 == null) {
                        value2 = new byte[0];
                    }
                    String decodeObjectIdentifier2 = AsnObject.decodeObjectIdentifier(value2);
                    Intrinsics.checkNotNullExpressionValue(decodeObjectIdentifier2, "decodeObjectIdentifier(kvpEnumerator.next().value ?: ByteArray(0))");
                    if (it2.hasNext()) {
                        byte[] value3 = it2.next().getValue();
                        if (value3 == null) {
                            value3 = new byte[0];
                        }
                        switch (decodeObjectIdentifier2.hashCode()) {
                            case 1939710009:
                                if (!decodeObjectIdentifier2.equals(AsnObjectIdentifiers.GGL_E2E_EPHEMERAL_KEY)) {
                                    break;
                                } else {
                                    bArr2 = value3;
                                    break;
                                }
                            case 1939710010:
                                if (!decodeObjectIdentifier2.equals(AsnObjectIdentifiers.GGL_E2E_IV)) {
                                    break;
                                } else {
                                    bArr4 = value3;
                                    break;
                                }
                            case 1939710011:
                                if (!decodeObjectIdentifier2.equals(AsnObjectIdentifiers.GGL_E2E_CIPHER_TEXT)) {
                                    break;
                                } else {
                                    bArr = value3;
                                    break;
                                }
                            case 1939710012:
                                if (!decodeObjectIdentifier2.equals(AsnObjectIdentifiers.GGL_E2E_HMAC)) {
                                    break;
                                } else {
                                    bArr3 = value3;
                                    break;
                                }
                        }
                    }
                }
            }
        }
        if (bArr == null || bArr4 == null || bArr2 == null || bArr3 == null) {
            throw new Exception("Failed to deserialize E2e ASN Object correctly");
        }
        Companion companion = INSTANCE;
        Key parsePublicKeyBytes = companion.parsePublicKeyBytes(bArr2);
        PrivateKey privateKey = getKeyPair().getPrivate();
        Intrinsics.checkNotNullExpressionValue(privateKey, "getKeyPair().private");
        byte[] createSharedSecret = companion.createSharedSecret(privateKey, parsePublicKeyBytes);
        Util.Assert(createSharedSecret.length == 32);
        if (companion.verifyHmac(bArr, bArr4, bArr2, bArr3, ArraysKt.copyOfRange(createSharedSecret, 16, 32))) {
            return companion.decryptUsingAes(bArr, new SecretKeySpec(ArraysKt.copyOfRange(createSharedSecret, 0, 16), "AES"), bArr4);
        }
        throw new Exception("HMAC verification failed. Aborting decryption");
    }

    public final byte[] encrypt(byte[] data, byte[] sitePublicKey) {
        Intrinsics.checkNotNullParameter(data, "data");
        Intrinsics.checkNotNullParameter(sitePublicKey, "sitePublicKey");
        Companion companion = INSTANCE;
        byte[] randomBytes = companion.getRandomBytes();
        KeyPair generateKeyPair = generateKeyPair();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        Intrinsics.checkNotNullExpressionValue(privateKey, "ephemeralKeyPair.private");
        byte[] createSharedSecret = companion.createSharedSecret(privateKey, companion.parsePublicKeyBytes(sitePublicKey));
        Util.Assert(createSharedSecret.length == 32);
        byte[] encryptUsingAes = companion.encryptUsingAes(data, new SecretKeySpec(ArraysKt.copyOfRange(createSharedSecret, 0, 16), "AES"), randomBytes);
        PublicKey publicKey = generateKeyPair.getPublic();
        if (publicKey == null) {
            throw new NullPointerException("null cannot be cast to non-null type org.bouncycastle.jce.interfaces.ECPublicKey");
        }
        ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
        byte[] copyOfRange = ArraysKt.copyOfRange(createSharedSecret, 16, 32);
        byte[] concatByteArrays = ArrayUtils.concatByteArrays(encryptUsingAes, randomBytes, eCPublicKey.getQ().getEncoded(false));
        Intrinsics.checkNotNullExpressionValue(concatByteArrays, "concatByteArrays(cipherText, ivBytes, ephemeralPublicKey.q.getEncoded(false))");
        AsnObject sequence = AsnObject.sequence(AsnObject.objectIdentifier(AsnObjectIdentifiers.GGL_E2E_ENCRYPTED_PACKET), AsnObject.sequence(AsnObject.objectIdentifier(AsnObjectIdentifiers.GGL_E2E_CIPHER_TEXT), AsnObject.bitString(encryptUsingAes)), AsnObject.sequence(AsnObject.objectIdentifier(AsnObjectIdentifiers.GGL_E2E_IV), AsnObject.bitString(randomBytes)), AsnObject.sequence(AsnObject.objectIdentifier(AsnObjectIdentifiers.GGL_E2E_EPHEMERAL_KEY), AsnObject.bitString(eCPublicKey.getQ().getEncoded(false))), AsnObject.sequence(AsnObject.objectIdentifier(AsnObjectIdentifiers.GGL_E2E_HMAC), AsnObject.bitString(companion.hmac(copyOfRange, concatByteArrays))));
        Intrinsics.checkNotNullExpressionValue(sequence, "sequence(\n            AsnObject.objectIdentifier(AsnObjectIdentifiers.GGL_E2E_ENCRYPTED_PACKET),\n            AsnObject.sequence(AsnObject.objectIdentifier(AsnObjectIdentifiers.GGL_E2E_CIPHER_TEXT), AsnObject.bitString(cipherText)),\n            AsnObject.sequence(AsnObject.objectIdentifier(AsnObjectIdentifiers.GGL_E2E_IV), AsnObject.bitString(ivBytes)),\n            AsnObject.sequence(AsnObject.objectIdentifier(AsnObjectIdentifiers.GGL_E2E_EPHEMERAL_KEY), AsnObject.bitString(ephemeralPublicKey.q.getEncoded(false))),\n            AsnObject.sequence(AsnObject.objectIdentifier(AsnObjectIdentifiers.GGL_E2E_HMAC), AsnObject.bitString(hashBytes))\n        )");
        byte[] derEncode = sequence.derEncode();
        Intrinsics.checkNotNullExpressionValue(derEncode, "payload.derEncode()");
        return derEncode;
    }

    public final KeyPair generateKeyPair() {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(EC_ALGORITHM_STRING, "BC");
        keyPairGenerator.initialize(256);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        Intrinsics.checkNotNullExpressionValue(generateKeyPair, "kpg.generateKeyPair()");
        return generateKeyPair;
    }

    public final byte[] getClientPublicKey() {
        PublicKey publicKey = getKeyPair().getPublic();
        if (publicKey == null) {
            throw new NullPointerException("null cannot be cast to non-null type org.bouncycastle.jce.interfaces.ECPublicKey");
        }
        byte[] encoded = ((ECPublicKey) publicKey).getQ().getEncoded(false);
        Intrinsics.checkNotNullExpressionValue(encoded, "ecPublicKey.q.getEncoded(false)");
        return encoded;
    }
}
