package com.billpocket.bil_lib.crypto;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.billpocket.bil_lib.models.BillpocketDao;
import com.billpocket.minerva.core.CryptoUtils;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class SecurityUtilsBillpocket {
    private static final String AES_ALGORITHM = "AES/CBC/PKCS7Padding";
    private static final String AES_CBC_PKCS7_PADDING = "AES/CBC/PKCS7Padding";
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String ANDROID_OPENSSL = "AndroidOpenSSL";
    private static final int IV_SIZE = 16;
    private static final String KEY_ALGORITHM_RSA = "RSA/ECB/PKCS1Padding";
    private static final String KEY_ALIAS = "BP_USER_DEVICE_KEY";
    private static final String KEY_ALIAS_LEGACY = "BILLPOCKET_RSA_KEY";
    private static final String KEY_STORE_LEGACY = "BKS";
    private static final int RSA_KEYSIZE = 2048;
    private static final SecureRandom daSecureRandom = new SecureRandom();
    private static SecurityUtilsBillpocket instance;
    private KeyStore keyStoreInstance;
    private PrivateKey privateKey;
    private PublicKey publicKey;

    private SecurityUtilsBillpocket() {
    }

    private byte[][] aesBulkOperation(Context context, int i, byte[] bArr, byte[][] bArr2, byte[][] bArr3) throws GeneralSecurityException {
        int length = bArr3.length;
        byte[][] bArr4 = new byte[length];
        SecretKeySpec secretKeySpec = new SecretKeySpec(privateOperation(context, 2, bArr), CryptoUtils.AES_CBC_PKCS7_PADDING);
        for (int i2 = 0; i2 < length; i2++) {
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2[i2]);
            Cipher aESCipher = getAESCipher();
            aESCipher.init(i, secretKeySpec, ivParameterSpec);
            bArr4[i2] = aESCipher.doFinal(bArr3[i2]);
        }
        return bArr4;
    }

    private byte[] aesOperation(Context context, int i, byte[] bArr, byte[] bArr2, byte[] bArr3) throws GeneralSecurityException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(privateOperation(context, 2, bArr), CryptoUtils.AES_CBC_PKCS7_PADDING);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
        Cipher aESCipher = getAESCipher();
        aESCipher.init(i, secretKeySpec, ivParameterSpec);
        return aESCipher.doFinal(bArr3);
    }

    private void deleteLegacyEntries(Context context) {
        new BillpocketDao();
        context.getSharedPreferences("billpocket_preferences", 0).edit().remove(BillpocketDao.KEY_USER_LIST_CRYPT_LEGACY).remove(BillpocketDao.KEY_USER_PIN_SALT_CRYPT_LEGACY).remove("KEY_USER_TOKEN_CRYPT").remove(BillpocketDao.KEY_MAIL_SAVED_CRYPT_LEGACY).apply();
        context.getSharedPreferences(BillpocketCrypt.BPCKT_CRYPTO_SHPREFS, 0).edit().remove(BillpocketCrypt.AES_ENCRYPTED_KEY_LEGACY).apply();
    }

    private void fixRNG() {
        PRNGFixes.apply();
    }

    private void generateKeyPair(KeyStore keyStore, KeyPairGenerator keyPairGenerator) throws CertificateException, KeyStoreException {
        keyPairGenerator.generateKeyPair();
    }

    private byte[] generateSecretAESKey(Context context, int i) {
        if (i != 128 && i != 192 && i != 256) {
            return null;
        }
        byte[] bArr = new byte[i / 8];
        daSecureRandom.nextBytes(bArr);
        try {
            return publicOperation(context, 1, bArr);
        } catch (GeneralSecurityException unused) {
            return bArr;
        }
    }

    public static SecureRandom getDaSecureRandom() {
        return daSecureRandom;
    }

    public static SecurityUtilsBillpocket getInstance() {
        synchronized (SecurityUtilsBillpocket.class) {
            if (instance == null) {
                instance = new SecurityUtilsBillpocket();
            }
        }
        return instance;
    }

    private KeyPairGenerator getKeyPairGenerator(Context context) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEY_STORE);
            Calendar calendar = Calendar.getInstance();
            calendar.set(1, 2018);
            calendar.set(2, 0);
            calendar.set(5, 1);
            calendar.set(11, 0);
            calendar.set(12, 0);
            calendar.set(13, 1);
            Calendar calendar2 = Calendar.getInstance();
            calendar2.set(1, 2068);
            calendar2.set(2, 0);
            calendar2.set(5, 1);
            calendar2.set(11, 0);
            calendar2.set(12, 0);
            calendar2.set(13, 1);
            KeyGenParameterSpec.Builder keyValidityForOriginationEnd = new KeyGenParameterSpec.Builder(KEY_ALIAS, 15).setCertificateSubject(new X500Principal("C=MX, ST=JAL, O=Pocket de Latinoamerica, CN=Billpocket")).setBlockModes("ECB").setEncryptionPaddings("PKCS1Padding", "NoPadding").setUserAuthenticationRequired(false).setRandomizedEncryptionRequired(false).setKeyValidityStart(calendar.getTime()).setKeyValidityEnd(calendar2.getTime()).setKeyValidityForConsumptionEnd(calendar2.getTime()).setKeyValidityForOriginationEnd(calendar2.getTime());
            keyValidityForOriginationEnd.setInvalidatedByBiometricEnrollment(false);
            keyPairGenerator.initialize(keyValidityForOriginationEnd.build(), daSecureRandom);
            return keyPairGenerator;
        } catch (Exception e) {
            throw new RuntimeException("getKeyPairGenerator: Failed to get an instance of KeyPairGenerator", e);
        }
    }

    private synchronized KeyStore getKeystore(Context context) throws GeneralSecurityException {
        KeyStore keyStore = this.keyStoreInstance;
        if (keyStore != null) {
            return keyStore;
        }
        KeyStore keyStore2 = KeyStore.getInstance(ANDROID_KEY_STORE);
        this.keyStoreInstance = keyStore2;
        try {
            keyStore2.load(null);
            return this.keyStoreInstance;
        } catch (IOException e) {
            throw new GeneralSecurityException("Cannot load Android Keystore", e);
        }
    }

    private PrivateKey getPrivateKeyFromKeystore(KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        PrivateKey privateKey = this.privateKey;
        if (privateKey != null) {
            return privateKey;
        }
        PrivateKey privateKey2 = (PrivateKey) keyStore.getKey(KEY_ALIAS, null);
        this.privateKey = privateKey2;
        if (privateKey2 == null) {
            this.privateKey = ((KeyStore.PrivateKeyEntry) keyStore.getEntry(KEY_ALIAS, null)).getPrivateKey();
        }
        return this.privateKey;
    }

    private PublicKey getPublicKeyFromKeystore(KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        PublicKey publicKey = this.publicKey;
        if (publicKey != null) {
            return publicKey;
        }
        Certificate certificate = keyStore.getCertificate(KEY_ALIAS);
        if (certificate == null) {
            certificate = ((KeyStore.PrivateKeyEntry) keyStore.getEntry(KEY_ALIAS, null)).getCertificate();
        }
        PublicKey publicKey2 = certificate.getPublicKey();
        this.publicKey = publicKey2;
        return publicKey2;
    }

    private Cipher getRSACipher() {
        try {
            return Cipher.getInstance("RSA/ECB/PKCS1Padding");
        } catch (Exception e) {
            throw new RuntimeException("getRSACipher: Failed to get an instance of Cipher", e);
        }
    }

    private byte[] getRandomBytes(int i) {
        byte[] bArr = new byte[i];
        daSecureRandom.nextBytes(bArr);
        return bArr;
    }

    private void initBillpocketKeys(Context context) {
        if (isAndroidKeystoreAvailable()) {
            try {
                if (initKeystore(context)) {
                    loadKeys();
                    SharedPreferences sharedPreferences = context.getSharedPreferences(BillpocketCrypt.BPCKT_CRYPTO_SHPREFS, 0);
                    if (sharedPreferences.contains(BillpocketCrypt.AES_ENCRYPTED_KEY)) {
                        return;
                    }
                    sharedPreferences.edit().putString(BillpocketCrypt.AES_ENCRYPTED_KEY, Base64.encodeToString(generateSecretAESKey(context, 256), 0)).apply();
                }
            } catch (Exception unused) {
            }
        }
    }

    private boolean initKeystore(Context context) {
        try {
            KeyStore keystore = getKeystore(context);
            if (keystore.containsAlias(KEY_ALIAS_LEGACY)) {
                try {
                    keystore.deleteEntry(KEY_ALIAS_LEGACY);
                } catch (Throwable unused) {
                }
            }
            if (!keystore.containsAlias(KEY_ALIAS)) {
                new BillpocketDao().setIsFirstRun(context, true);
                generateKeyPair(keystore, getKeyPairGenerator(context));
                persistKeyStore(context, keystore);
            }
            return true;
        } catch (Exception unused2) {
            return false;
        }
    }

    public static boolean isAndroidKeystoreAvailable() {
        return true;
    }

    private void loadKeys() {
        try {
            getPrivateKeyFromKeystore(this.keyStoreInstance);
            getPublicKeyFromKeystore(this.keyStoreInstance);
        } catch (Exception unused) {
        }
    }

    private boolean persistKeyStore(Context context, KeyStore keyStore) {
        return true;
    }

    private byte[] publicOperation(Context context, int i, byte[] bArr) throws GeneralSecurityException {
        PublicKey publicKeyFromKeystore = getPublicKeyFromKeystore(getKeystore(context));
        Cipher rSACipher = getRSACipher();
        rSACipher.init(i, publicKeyFromKeystore);
        return rSACipher.doFinal(bArr);
    }

    public void bootstrap(Context context) {
        fixRNG();
        deleteLegacyEntries(context);
        initBillpocketKeys(context);
    }

    public Cipher getAESCipher() {
        try {
            return Cipher.getInstance(CryptoUtils.AES_CBC_PKCS7_PADDING);
        } catch (Exception e) {
            throw new RuntimeException("getAESCipher: Failed to get an instance of Cipher", e);
        }
    }

    public byte[] getPublicKey(Context context) throws GeneralSecurityException {
        return getPublicKeyFromKeystore(getKeystore(context)).getEncoded();
    }

    public byte[] privateOperation(Context context, int i, byte[] bArr) throws GeneralSecurityException {
        PrivateKey privateKeyFromKeystore = getPrivateKeyFromKeystore(getKeystore(context));
        Cipher rSACipher = getRSACipher();
        rSACipher.init(i, privateKeyFromKeystore);
        return rSACipher.doFinal(bArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[][] processSensitiveBulkPayload(Context context, int i, byte[][] bArr) throws GeneralSecurityException {
        String string = context.getSharedPreferences(BillpocketCrypt.BPCKT_CRYPTO_SHPREFS, 0).getString(BillpocketCrypt.AES_ENCRYPTED_KEY, null);
        if (string == null) {
            throw new GeneralSecurityException("No AES card in storage");
        }
        byte[] decode = Base64.decode(string, 0);
        byte[][] bArr2 = new byte[bArr.length];
        if (i == 1) {
            for (int i2 = 0; i2 < bArr.length; i2++) {
                bArr2[i2] = getRandomBytes(16);
            }
        } else {
            for (int i3 = 0; i3 < bArr.length; i3++) {
                byte[] bArr3 = new byte[16];
                System.arraycopy(bArr[i3], 0, bArr3, 0, 16);
                byte[] bArr4 = bArr[i3];
                int length = bArr4.length - 16;
                byte[] bArr5 = new byte[length];
                System.arraycopy(bArr4, 16, bArr5, 0, length);
                bArr[i3] = bArr5;
                bArr2[i3] = bArr3;
            }
        }
        byte[][] aesBulkOperation = aesBulkOperation(context, i, decode, bArr2, bArr);
        if (i == 1) {
            for (int i4 = 0; i4 < bArr.length; i4++) {
                byte[] bArr6 = new byte[aesBulkOperation[i4].length + 16];
                System.arraycopy(bArr2[i4], 0, bArr6, 0, 16);
                byte[] bArr7 = aesBulkOperation[i4];
                System.arraycopy(bArr7, 0, bArr6, 16, bArr7.length);
                aesBulkOperation[i4] = bArr6;
            }
        }
        return aesBulkOperation;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] processSensitivePayload(Context context, int i, byte[] bArr) throws GeneralSecurityException {
        byte[] bArr2;
        byte[] bArr3;
        String string = context.getSharedPreferences(BillpocketCrypt.BPCKT_CRYPTO_SHPREFS, 0).getString(BillpocketCrypt.AES_ENCRYPTED_KEY, null);
        if (string == null) {
            throw new GeneralSecurityException("No AES key in storage");
        }
        byte[] decode = Base64.decode(string, 0);
        if (i == 1) {
            bArr3 = bArr;
            bArr2 = getRandomBytes(16);
        } else {
            byte[] bArr4 = new byte[16];
            System.arraycopy(bArr, 0, bArr4, 0, 16);
            int length = bArr.length - 16;
            byte[] bArr5 = new byte[length];
            System.arraycopy(bArr, 16, bArr5, 0, length);
            bArr2 = bArr4;
            bArr3 = bArr5;
        }
        byte[] aesOperation = aesOperation(context, i, decode, bArr2, bArr3);
        if (i != 1) {
            return aesOperation;
        }
        byte[] bArr6 = new byte[aesOperation.length + 16];
        System.arraycopy(bArr2, 0, bArr6, 0, 16);
        System.arraycopy(aesOperation, 0, bArr6, 16, aesOperation.length);
        return bArr6;
    }
}
