package com.lastpass.lpandroid.domain.encryption;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import com.lastpass.common.di.qualifiers.ApplicationContext;
import com.lastpass.common.di.scopes.ApplicationScope;
import com.lastpass.lpandroid.domain.LpLog;
import com.lastpass.lpandroid.domain.preferences.Preferences;
import com.lastpass.lpandroid.domain.tracking.Crashlytics;
import com.lastpass.lpandroid.utils.DeviceUtils;
import com.lastpass.lpandroid.utils.Formatting;
import java.io.IOException;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Calendar;
import java.util.Date;
import javax.crypto.Cipher;
import javax.inject.Inject;
import javax.security.auth.x500.X500Principal;

@ApplicationScope
/* loaded from: classes2.dex */
public class KeystoreWrapper {

    /* renamed from: a, reason: collision with root package name */
    private KeyStore f22844a = null;

    /* renamed from: b, reason: collision with root package name */
    private boolean f22845b = false;

    /* renamed from: c, reason: collision with root package name */
    private final Context f22846c;

    /* renamed from: d, reason: collision with root package name */
    private final Crashlytics f22847d;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.lastpass.lpandroid.domain.encryption.KeystoreWrapper$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f22848a;

        static {
            int[] iArr = new int[KeyStoreConfig.values().length];
            f22848a = iArr;
            try {
                iArr[KeyStoreConfig.PKCS1.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f22848a[KeyStoreConfig.OAEP.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    @Inject
    public KeystoreWrapper(@ApplicationContext Context context, Crashlytics crashlytics) {
        this.f22846c = context;
        this.f22847d = crashlytics;
    }

    private AlgorithmParameterSpec a(KeyStoreConfig keyStoreConfig, String str, Date date, Date date2) {
        X500Principal x500Principal = new X500Principal("CN=LastPass, O=LastPass");
        if (!DeviceUtils.m()) {
            return new KeyPairGeneratorSpec.Builder(this.f22846c).setAlias(str).setSubject(x500Principal).setSerialNumber(BigInteger.ONE).setStartDate(date).setEndDate(date2).build();
        }
        int i2 = AnonymousClass1.f22848a[keyStoreConfig.ordinal()];
        if (i2 == 1) {
            return new KeyGenParameterSpec.Builder(str, 3).setCertificateSubject(x500Principal).setEncryptionPaddings("PKCS1Padding").setCertificateSerialNumber(BigInteger.ONE).setCertificateNotBefore(date).setCertificateNotAfter(date2).build();
        }
        if (i2 != 2) {
            return null;
        }
        return new KeyGenParameterSpec.Builder(str, 3).setDigests("SHA-256", "SHA-512").setCertificateSubject(x500Principal).setKeySize(2048).setEncryptionPaddings("OAEPPadding").setCertificateSerialNumber(BigInteger.ONE).setCertificateNotBefore(date).setCertificateNotAfter(date2).build();
    }

    private synchronized void d(KeyStoreConfig keyStoreConfig) {
        c(keyStoreConfig);
        boolean k2 = k(keyStoreConfig);
        this.f22845b = k2;
        this.f22847d.d("KeyStoreTestedValid", Boolean.valueOf(k2));
    }

    private static Cipher g(int i2, KeyStoreConfig keyStoreConfig, Key key) {
        Cipher cipher = Cipher.getInstance(keyStoreConfig.b());
        if (keyStoreConfig.c() == null) {
            cipher.init(i2, key);
        } else {
            cipher.init(i2, key, keyStoreConfig.c());
        }
        return cipher;
    }

    public synchronized void b(String str, KeyStoreConfig keyStoreConfig) {
        if (this.f22844a != null && this.f22846c != null && !TextUtils.isEmpty(str)) {
            String str2 = str + keyStoreConfig.d();
            try {
                if (this.f22844a.containsAlias(str2)) {
                    LpLog.p("TagCryptography", "Key alias already exists " + str2);
                } else {
                    Calendar calendar = Calendar.getInstance();
                    Calendar calendar2 = Calendar.getInstance();
                    calendar2.add(1, 10);
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                    keyPairGenerator.initialize(a(keyStoreConfig, str2, calendar.getTime(), calendar2.getTime()));
                    keyPairGenerator.generateKeyPair();
                    LpLog.p("TagCryptography", "Created key pair for " + str2);
                }
            } catch (Exception e2) {
                LpLog.y(e2);
                LpLog.j("TagCryptography", "Cannot create key pair", e2);
            }
        }
    }

    public synchronized void c(KeyStoreConfig keyStoreConfig) {
        b("test_key_alias", keyStoreConfig);
    }

    public synchronized String e(String str, String str2, KeyStoreConfig keyStoreConfig) {
        if (!TextUtils.isEmpty(str) && !TextUtils.isEmpty(str2) && this.f22844a != null) {
            String str3 = str + keyStoreConfig.d();
            try {
                PrivateKey privateKey = (PrivateKey) this.f22844a.getKey(str3, null);
                if (privateKey == null) {
                    LpLog.E("TagCryptography", "Key alias not found " + str3);
                    return null;
                }
                byte[] doFinal = g(2, keyStoreConfig, privateKey).doFinal(Base64.decode(str2, 0));
                LpLog.d("TagCryptography", "Decrypted data of " + str3);
                return Formatting.v(doFinal);
            } catch (Exception e2) {
                LpLog.F("TagCryptography", "Cannot decrypt for " + str3, e2);
                return null;
            }
        }
        return null;
    }

    public synchronized String f(String str, String str2, KeyStoreConfig keyStoreConfig) {
        if (!TextUtils.isEmpty(str) && !TextUtils.isEmpty(str2) && this.f22844a != null) {
            String str3 = str + keyStoreConfig.d();
            try {
                PrivateKey privateKey = (PrivateKey) this.f22844a.getKey(str3, null);
                PublicKey publicKey = this.f22844a.getCertificate(str3).getPublicKey();
                if (privateKey != null && publicKey != null) {
                    byte[] doFinal = g(1, keyStoreConfig, publicKey).doFinal(Formatting.f(str2));
                    LpLog.d("TagCryptography", "Encrypted data of " + str3);
                    return Base64.encodeToString(doFinal, 2);
                }
                LpLog.E("TagCryptography", "Key alias not found " + str3);
                return null;
            } catch (Exception e2) {
                LpLog.F("TagCryptography", "Cannot encrypt for " + str3, e2);
                return null;
            }
        }
        return null;
    }

    public synchronized int h() {
        int i2;
        i2 = -1;
        try {
            KeyStore keyStore = this.f22844a;
            if (keyStore != null) {
                i2 = keyStore.size();
            }
        } catch (KeyStoreException unused) {
            return -1;
        }
        return i2;
    }

    public void i(KeyStoreConfigRepository keyStoreConfigRepository, Preferences preferences) {
        try {
            keyStoreConfigRepository.a(preferences);
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            this.f22844a = keyStore;
            keyStore.load(null);
            d(keyStoreConfigRepository.b());
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            LpLog.j("TagCryptography", "Cannot validate key store", e2);
            LpLog.y(e2);
        }
    }

    public synchronized boolean j() {
        boolean z;
        if (this.f22844a != null) {
            z = this.f22845b;
        }
        return z;
    }

    public synchronized boolean k(KeyStoreConfig keyStoreConfig) {
        boolean z;
        String str = "test_key_alias" + keyStoreConfig.d();
        LpLog.d("TagCryptography", "Validating keystore with " + str);
        z = false;
        try {
            String f2 = f("test_key_alias", "test_key_text", keyStoreConfig);
            if (TextUtils.isEmpty(f2)) {
                LpLog.i("TagCryptography", "Cannot encrypt string for keystore validation " + str);
            } else {
                String e2 = e("test_key_alias", f2, keyStoreConfig);
                if (TextUtils.isEmpty(e2) || !e2.equals("test_key_text")) {
                    LpLog.i("TagCryptography", "Keystore validation content mismatch " + str);
                } else {
                    z = true;
                }
            }
        } catch (Exception e3) {
            LpLog.j("TagCryptography", "Cannot validate key store with " + str, e3);
            LpLog.y(e3);
        }
        if (z) {
            LpLog.p("TagCryptography", "Key store valid");
        } else {
            LpLog.i("TagCryptography", "Key store invalid");
        }
        return z;
    }
}
