package d4;

import android.app.KeyguardManager;
import android.content.Context;
import android.content.Intent;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Pair;
import com.catapush.library.exceptions.CryptoException;
import com.catapush.library.exceptions.IncompatibleDeviceException;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Calendar;
import java.util.concurrent.Callable;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public final class i0 {

    /* renamed from: a, reason: collision with root package name */
    public final String f13334a;

    /* renamed from: b, reason: collision with root package name */
    public final cb.a<t3.b0> f13335b;

    /* renamed from: c, reason: collision with root package name */
    public final Context f13336c;

    /* renamed from: d, reason: collision with root package name */
    public KeyStore.PrivateKeyEntry f13337d;

    /* renamed from: e, reason: collision with root package name */
    public byte[] f13338e;

    public i0(Context context, cb.a<t3.b0> aVar, String str) {
        String trim = str.trim();
        if (TextUtils.isEmpty(trim)) {
            throw new IllegalArgumentException("RSA and AES Key alias must be valid.");
        }
        this.f13336c = context;
        this.f13335b = aVar;
        this.f13334a = trim;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ ob.y A(byte[] bArr) {
        return bArr.length == 0 ? ob.u.v(new Callable() { // from class: d4.y
            @Override // java.util.concurrent.Callable
            public final Object call() {
                byte[] B;
                B = i0.this.B();
                return B;
            }
        }).t(new ub.f() { // from class: d4.z
            @Override // ub.f
            public final Object apply(Object obj) {
                ob.y z10;
                z10 = i0.this.z((byte[]) obj);
                return z10;
            }
        }) : ob.u.y(bArr);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ byte[] B() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            byte[] encoded = keyGenerator.generateKey().getEncoded();
            this.f13338e = encoded;
            return encoded;
        } catch (NoSuchAlgorithmException e10) {
            throw new IncompatibleDeviceException(e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Pair j(byte[] bArr, byte[] bArr2) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "AES");
            Cipher l10 = l("AES/GCM/NOPADDING");
            l10.init(1, secretKeySpec);
            return new Pair(l10.doFinal(bArr), Base64.encode(l10.getIV(), 0));
        } catch (InvalidKeyException e10) {
            e = e10;
            throw new IncompatibleDeviceException(e);
        } catch (NoSuchAlgorithmException e11) {
            e = e11;
            throw new IncompatibleDeviceException(e);
        } catch (BadPaddingException e12) {
            e = e12;
            throw new CryptoException("The AES decrypted input is invalid.", e);
        } catch (IllegalBlockSizeException e13) {
            e = e13;
            throw new CryptoException("The AES decrypted input is invalid.", e);
        } catch (NoSuchPaddingException e14) {
            e = e14;
            throw new IncompatibleDeviceException(e);
        }
    }

    public static Cipher l(String str) {
        Cipher cipher;
        Cipher cipher2 = null;
        try {
            e = null;
            cipher2 = Cipher.getInstance(str);
            cipher = null;
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e10) {
            e = e10;
            try {
                cipher = Cipher.getInstance(str, Build.VERSION.SDK_INT >= 23 ? "AndroidKeyStoreBCWorkaround" : "AndroidOpenSSL");
            } catch (NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException unused) {
                cipher = null;
            }
        }
        if (cipher2 == null) {
            if (cipher != null) {
                return cipher;
            }
            if (e != null) {
                if (e instanceof NoSuchAlgorithmException) {
                    throw ((NoSuchAlgorithmException) e);
                }
                if (e instanceof NoSuchPaddingException) {
                    throw ((NoSuchPaddingException) e);
                }
            }
        }
        return cipher2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ ob.y n(Pair pair) {
        final byte[] bArr = (byte[]) pair.first;
        return this.f13335b.get().o("AES_IV", new String((byte[]) pair.second)).z(new ub.f() { // from class: d4.h0
            @Override // ub.f
            public final Object apply(Object obj) {
                return i0.s(bArr, (Boolean) obj);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ ob.y o(Boolean bool) {
        return this.f13335b.get().t("AES_IV");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ ob.y p(Throwable th) {
        return th instanceof CryptoException ? this.f13335b.get().t("AES_KEY_ENCRYPTED").t(new ub.f() { // from class: d4.a0
            @Override // ub.f
            public final Object apply(Object obj) {
                ob.y o10;
                o10 = i0.this.o((Boolean) obj);
                return o10;
            }
        }).z(new ub.f() { // from class: d4.b0
            @Override // ub.f
            public final Object apply(Object obj) {
                return i0.v((Boolean) obj);
            }
        }) : ob.u.q(th);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] r(byte[] bArr, Pair pair) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec((byte[]) pair.first, "AES");
            Cipher l10 = l("AES/GCM/NOPADDING");
            String str = (String) pair.second;
            if (TextUtils.isEmpty(str)) {
                return new byte[0];
            }
            l10.init(2, secretKeySpec, new IvParameterSpec(Base64.decode(str, 0)));
            return l10.doFinal(bArr);
        } catch (InvalidAlgorithmParameterException e10) {
            e = e10;
            throw new IncompatibleDeviceException(e);
        } catch (InvalidKeyException e11) {
            e = e11;
            throw new IncompatibleDeviceException(e);
        } catch (NoSuchAlgorithmException e12) {
            e = e12;
            throw new IncompatibleDeviceException(e);
        } catch (BadPaddingException e13) {
            e = e13;
            throw new CryptoException("The AES encrypted input is corrupted and cannot be recovered. Please discard it.", e);
        } catch (IllegalBlockSizeException e14) {
            e = e14;
            throw new CryptoException("The AES encrypted input is corrupted and cannot be recovered. Please discard it.", e);
        } catch (NoSuchPaddingException e15) {
            e = e15;
            throw new IncompatibleDeviceException(e);
        }
    }

    public static /* synthetic */ byte[] s(byte[] bArr, Boolean bool) {
        return bArr;
    }

    public static /* synthetic */ byte[] v(Boolean bool) {
        return new byte[0];
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] w(String str) {
        if (!TextUtils.isEmpty(str)) {
            byte[] decode = Base64.decode(str, 0);
            try {
                PrivateKey privateKey = y().getPrivateKey();
                Cipher l10 = l("RSA/ECB/PKCS1Padding");
                l10.init(2, privateKey);
                byte[] doFinal = l10.doFinal(decode);
                if (doFinal != null && doFinal.length == 32) {
                    this.f13338e = doFinal;
                    return doFinal;
                }
            } catch (IllegalArgumentException e10) {
                e = e10;
                q();
                throw new CryptoException("The RSA encrypted input is corrupted and cannot be recovered. Please discard it.", e);
            } catch (InvalidKeyException e11) {
                e = e11;
                b.b(e, "The device can't decrypt input using a RSA Key.", new Object[0]);
                throw new IncompatibleDeviceException(e);
            } catch (NoSuchAlgorithmException e12) {
                e = e12;
                b.b(e, "The device can't decrypt input using a RSA Key.", new Object[0]);
                throw new IncompatibleDeviceException(e);
            } catch (BadPaddingException e13) {
                e = e13;
                q();
                throw new CryptoException("The RSA encrypted input is corrupted and cannot be recovered. Please discard it.", e);
            } catch (IllegalBlockSizeException e14) {
                e = e14;
                q();
                throw new CryptoException("The RSA encrypted input is corrupted and cannot be recovered. Please discard it.", e);
            } catch (NoSuchPaddingException e15) {
                e = e15;
                b.b(e, "The device can't decrypt input using a RSA Key.", new Object[0]);
                throw new IncompatibleDeviceException(e);
            }
        }
        return new byte[0];
    }

    public static /* synthetic */ byte[] x(byte[] bArr, Boolean bool) {
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ob.y z(final byte[] bArr) {
        t3.b0 b0Var = this.f13335b.get();
        try {
            Certificate certificate = y().getCertificate();
            Cipher l10 = l("RSA/ECB/PKCS1Padding");
            l10.init(1, certificate);
            return b0Var.o("AES_KEY_ENCRYPTED", new String(Base64.encode(l10.doFinal(bArr), 0))).z(new ub.f() { // from class: d4.c0
                @Override // ub.f
                public final Object apply(Object obj) {
                    return i0.x(bArr, (Boolean) obj);
                }
            });
        } catch (InvalidKeyException e10) {
            e = e10;
            b.b(e, "The device can't encrypt input using a RSA Key.", new Object[0]);
            throw new IncompatibleDeviceException(e);
        } catch (NoSuchAlgorithmException e11) {
            e = e11;
            b.b(e, "The device can't encrypt input using a RSA Key.", new Object[0]);
            throw new IncompatibleDeviceException(e);
        } catch (BadPaddingException e12) {
            e = e12;
            q();
            throw new CryptoException("The RSA decrypted input is invalid.", e);
        } catch (IllegalBlockSizeException e13) {
            e = e13;
            q();
            throw new CryptoException("The RSA decrypted input is invalid.", e);
        } catch (NoSuchPaddingException e14) {
            e = e14;
            b.b(e, "The device can't encrypt input using a RSA Key.", new Object[0]);
            throw new IncompatibleDeviceException(e);
        }
    }

    public final KeyStore.PrivateKeyEntry k(KeyStore keyStore) {
        PrivateKey privateKey;
        try {
            if (Build.VERSION.SDK_INT >= 28 && (privateKey = (PrivateKey) keyStore.getKey(this.f13334a, null)) != null) {
                Certificate certificate = keyStore.getCertificate(this.f13334a);
                if (certificate == null) {
                    return null;
                }
                return new KeyStore.PrivateKeyEntry(privateKey, new Certificate[]{certificate});
            }
            return (KeyStore.PrivateKeyEntry) keyStore.getEntry(this.f13334a, null);
        } catch (NullPointerException e10) {
            if (!"invalid null input".equals(e10.getMessage())) {
                throw e10;
            }
            throw new IncompatibleDeviceException("KeyStore said \"invalid null input\" but key alias was: " + this.f13334a, e10);
        }
    }

    public final ob.u<byte[]> m(final byte[] bArr) {
        return ob.u.R(t(), this.f13335b.get().n("AES_IV", String.class).E(""), new ub.c() { // from class: d4.d0
            @Override // ub.c
            public final Object a(Object obj, Object obj2) {
                return new Pair((byte[]) obj, (String) obj2);
            }
        }).z(new ub.f() { // from class: d4.e0
            @Override // ub.f
            public final Object apply(Object obj) {
                byte[] r10;
                r10 = i0.this.r(bArr, (Pair) obj);
                return r10;
            }
        });
    }

    public final void q() {
        this.f13338e = null;
        this.f13335b.get().t("AES_KEY_ENCRYPTED");
        this.f13335b.get().t("AES_IV");
    }

    public final ob.u<byte[]> t() {
        byte[] bArr = this.f13338e;
        return bArr != null ? ob.u.y(bArr) : this.f13335b.get().n("AES_KEY_ENCRYPTED", String.class).E("").z(new ub.f() { // from class: d4.v
            @Override // ub.f
            public final Object apply(Object obj) {
                byte[] w10;
                w10 = i0.this.w((String) obj);
                return w10;
            }
        }).C(new ub.f() { // from class: d4.w
            @Override // ub.f
            public final Object apply(Object obj) {
                ob.y p10;
                p10 = i0.this.p((Throwable) obj);
                return p10;
            }
        }).t(new ub.f() { // from class: d4.x
            @Override // ub.f
            public final Object apply(Object obj) {
                ob.y A;
                A = i0.this.A((byte[]) obj);
                return A;
            }
        });
    }

    public final ob.u<byte[]> u(final byte[] bArr) {
        return t().z(new ub.f() { // from class: d4.f0
            @Override // ub.f
            public final Object apply(Object obj) {
                Pair j10;
                j10 = i0.this.j(bArr, (byte[]) obj);
                return j10;
            }
        }).t(new ub.f() { // from class: d4.g0
            @Override // ub.f
            public final Object apply(Object obj) {
                ob.y n10;
                n10 = i0.this.n((Pair) obj);
                return n10;
            }
        });
    }

    public final KeyStore.PrivateKeyEntry y() {
        AlgorithmParameterSpec build;
        KeyGenParameterSpec.Builder certificateSubject;
        KeyGenParameterSpec.Builder certificateSerialNumber;
        KeyGenParameterSpec.Builder certificateNotBefore;
        KeyGenParameterSpec.Builder certificateNotAfter;
        KeyGenParameterSpec.Builder keySize;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder blockModes;
        KeyStore.PrivateKeyEntry k10;
        KeyStore.PrivateKeyEntry privateKeyEntry = this.f13337d;
        if (privateKeyEntry != null) {
            return privateKeyEntry;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(this.f13334a) && (k10 = k(keyStore)) != null) {
                this.f13337d = k10;
                return k10;
            }
            Calendar calendar = Calendar.getInstance();
            boolean z10 = true;
            calendar.add(1, -12);
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 62);
            X500Principal x500Principal = new X500Principal("CN=Catapush.Android.SDK,O=Catapush");
            if (Build.VERSION.SDK_INT >= 23) {
                m.a();
                certificateSubject = l.a(this.f13334a, 3).setCertificateSubject(x500Principal);
                certificateSerialNumber = certificateSubject.setCertificateSerialNumber(BigInteger.ONE);
                certificateNotBefore = certificateSerialNumber.setCertificateNotBefore(calendar.getTime());
                certificateNotAfter = certificateNotBefore.setCertificateNotAfter(calendar2.getTime());
                keySize = certificateNotAfter.setKeySize(2048);
                encryptionPaddings = keySize.setEncryptionPaddings("PKCS1Padding");
                blockModes = encryptionPaddings.setBlockModes("ECB");
                build = blockModes.build();
            } else {
                KeyPairGeneratorSpec.Builder endDate = new KeyPairGeneratorSpec.Builder(this.f13336c).setAlias(this.f13334a).setSubject(x500Principal).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime());
                endDate.setKeySize(2048);
                KeyguardManager keyguardManager = (KeyguardManager) this.f13336c.getSystemService("keyguard");
                if (keyguardManager != null) {
                    Intent createConfirmDeviceCredentialIntent = keyguardManager.createConfirmDeviceCredentialIntent(null, null);
                    if (!keyguardManager.isKeyguardSecure() || createConfirmDeviceCredentialIntent == null) {
                        z10 = false;
                    }
                    if (z10) {
                        endDate.setEncryptionRequired();
                    }
                }
                build = endDate.build();
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
            KeyStore.PrivateKeyEntry k11 = k(keyStore);
            this.f13337d = k11;
            return k11;
        } catch (IOException e10) {
            e = e10;
            this.f13337d = null;
            try {
                KeyStore keyStore2 = KeyStore.getInstance("AndroidKeyStore");
                keyStore2.load(null);
                keyStore2.deleteEntry(this.f13334a);
                b.a("Deleting the existing RSA key pair from the KeyStore.", new Object[0]);
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e11) {
                b.b(e11, "Failed to remove the RSA KeyEntry from the Android KeyStore.", new Object[0]);
            }
            q();
            throw new CryptoException("The existing RSA key pair could not be recovered and has been deleted. This occasionally happens when the Lock Screen settings are changed. You can safely retry this operation.", e);
        } catch (InvalidAlgorithmParameterException e12) {
            e = e12;
            throw new IncompatibleDeviceException(e);
        } catch (KeyStoreException e13) {
            e = e13;
            throw new IncompatibleDeviceException(e);
        } catch (NoSuchAlgorithmException e14) {
            e = e14;
            throw new IncompatibleDeviceException(e);
        } catch (NoSuchProviderException e15) {
            e = e15;
            throw new IncompatibleDeviceException(e);
        } catch (ProviderException e16) {
            e = e16;
            throw new IncompatibleDeviceException(e);
        } catch (UnrecoverableEntryException e17) {
            e = e17;
            this.f13337d = null;
            KeyStore keyStore22 = KeyStore.getInstance("AndroidKeyStore");
            keyStore22.load(null);
            keyStore22.deleteEntry(this.f13334a);
            b.a("Deleting the existing RSA key pair from the KeyStore.", new Object[0]);
            q();
            throw new CryptoException("The existing RSA key pair could not be recovered and has been deleted. This occasionally happens when the Lock Screen settings are changed. You can safely retry this operation.", e);
        } catch (CertificateException e18) {
            e = e18;
            throw new IncompatibleDeviceException(e);
        }
    }
}
