package com.qnap.qnapauthenticator.OTP.Utility;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import com.qnapcomm.debugtools.DebugLog;
import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.util.GregorianCalendar;
import javax.crypto.SecretKey;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
public class KeyStoreHelper {
    public static SecretKey loadEncryptionKeyFromKeyStore(Context context, boolean z) {
        try {
            KeyPair loadOrGenerateAsymmetricKeyPair = loadOrGenerateAsymmetricKeyPair(context, Constants.KEYSTORE_ALIAS_WRAPPING);
            if (loadOrGenerateAsymmetricKeyPair != null) {
                return EncryptionHelper.loadOrGenerateWrappedKey(new File(context.getFilesDir() + "/qnap_magic_otp_key"), loadOrGenerateAsymmetricKeyPair);
            }
            return null;
        } catch (IOException | GeneralSecurityException | ProviderException e) {
            DebugLog.log(e);
            if (z) {
                return null;
            }
            DebugLog.log("Failed to load the encryption key from the KeyStore.\n        <b>Any entries that are added will be lost.</b>\\n\\nTo continue using andOTP, you can go\n        to the <b>Settings</b> and switch the <b>Database encryption</b> to <b>Password / PIN</b>.");
            return null;
        }
    }

    public static KeyPair loadOrGenerateAsymmetricKeyPair(Context context, String str) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (!keyStore.containsAlias(str)) {
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
            gregorianCalendar2.add(1, 100);
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(str, 3).setCertificateSubject(new X500Principal("CN=" + str)).setEncryptionPaddings("PKCS1Padding").setCertificateSerialNumber(BigInteger.ONE).setCertificateNotBefore(gregorianCalendar.getTime()).setCertificateNotAfter(gregorianCalendar2.getTime()).build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
        }
        if (Build.VERSION.SDK_INT >= 28) {
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, null);
            PublicKey publicKey = keyStore.getCertificate(str).getPublicKey();
            if (privateKey != null && publicKey != null) {
                return new KeyPair(publicKey, privateKey);
            }
        } else {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null);
            if (privateKeyEntry != null) {
                return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
            }
        }
        return null;
    }

    public static void wipeKeys(Context context) {
        File file = new File(context.getFilesDir() + "/qnap_magic_otp_key");
        if (file.exists()) {
            DebugLog.log("Encryption key file deleted: " + file.delete());
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(Constants.KEYSTORE_ALIAS_WRAPPING)) {
                keyStore.deleteEntry(Constants.KEYSTORE_ALIAS_WRAPPING);
                DebugLog.log("keyStore deleted");
            }
        } catch (IOException | GeneralSecurityException e) {
            DebugLog.log(e);
        }
    }
}
