package com.coresuite.android.components.encryption;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import junit.framework.Assert;
import utilities.Trace;

/* loaded from: classes6.dex */
final class RSACipherProvider implements ICipherProvider {
    private static final String ALGORITHM = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
    private static final String KEY_PAIR_GENERATOR_ALGORITHM = "RSA";
    private static final String KEY_PROVIDER = "AndroidKeyStoreBCWorkaround";
    private static final String TAG = "RSACipherProvider";
    private static final int VALIDITY_IN_YEARS = 5000;
    private static final String X500_PRINCIPAL = "CN=Coresystems, O=Coresystems AG, C=CH";
    private static final BigInteger SERIAL_NUMBER = BigInteger.valueOf(1122017);
    private static final int SDK_VERSION = Build.VERSION.SDK_INT;
    static final String KEYSTORE_NAME = "AndroidKeyStore";

    private synchronized boolean exists(@NonNull String str, @NonNull KeyStore keyStore) {
        try {
        } catch (KeyStoreException e) {
            Trace.e(TAG, "Failed verify if alias exists in keystore", e);
            return false;
        }
        return keyStore.containsAlias(str);
    }

    private synchronized boolean generateAndSaveKey(@NonNull String str, @NonNull Context context) {
        Calendar startDateTime = getStartDateTime();
        Calendar calendar = Calendar.getInstance();
        calendar.add(1, 5000);
        String str2 = TAG;
        Trace.i(str2, "Attempting to generate and save the RSA key pair...");
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_PAIR_GENERATOR_ALGORITHM, KEYSTORE_NAME);
            Trace.i(str2, "Generating RSA key pair for Android version >= SDK 23");
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 2).setKeyValidityStart(startDateTime.getTime()).setKeyValidityEnd(calendar.getTime()).setUserAuthenticationRequired(false).setDigests("SHA-256", "SHA-512").setEncryptionPaddings("OAEPPadding").build());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            if (generateKeyPair == null) {
                Trace.w(str2, "Key pair generated by the Android Keystore is null!");
            }
            return generateKeyPair != null;
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            Trace.e(TAG, "Failed to obtain an instance of KeyPairGenerator", e);
            return false;
        }
    }

    @Nullable
    private synchronized KeyStore.PrivateKeyEntry getKeyEntry(@NonNull String str, @NonNull KeyStore keyStore, @NonNull Context context) {
        try {
            if (exists(str, keyStore)) {
                Trace.i(TAG, "Alias for RSA key pair entry already exists in keystore, attempting to obtain entry...");
            } else {
                Assert.assertTrue(generateAndSaveKey(str, context));
                Assert.assertTrue(exists(str, keyStore));
                keyStore.aliases();
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null);
            if (privateKeyEntry == null) {
                Trace.w(TAG, "Key pair obtained from the keystore is null!");
            } else {
                Trace.i(TAG, "Successfully obtained key pair from the android keystore.");
            }
            return privateKeyEntry;
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
            Trace.e(TAG, "Failed to get KeyEntry", e);
            return null;
        }
    }

    static Calendar getStartDateTime() {
        Calendar calendar = Calendar.getInstance();
        calendar.add(6, -5);
        return calendar;
    }

    @Override // com.coresuite.android.components.encryption.ICipherProvider
    @Nullable
    public Cipher getDecryptCipher(@NonNull String str, @NonNull KeyStore keyStore, @NonNull Context context) {
        KeyStore.PrivateKeyEntry keyEntry = getKeyEntry(str, keyStore, context);
        if (keyEntry != null) {
            PrivateKey privateKey = keyEntry.getPrivateKey();
            Trace.i(TAG, "Retrieving decrypt cipher...");
            try {
                Cipher cipher = Cipher.getInstance(ALGORITHM, KEY_PROVIDER);
                cipher.init(2, privateKey);
                return cipher;
            } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException e) {
                Trace.e(TAG, "Failed to obtain Cipher instance", e);
            }
        }
        throw new IllegalArgumentException("Failed to obtain a cipher instance but encryption is mandatory");
    }

    @Override // com.coresuite.android.components.encryption.ICipherProvider
    public Cipher getEncryptCipher(@NonNull String str, @NonNull KeyStore keyStore, @NonNull Context context) {
        KeyStore.PrivateKeyEntry keyEntry = getKeyEntry(str, keyStore, context);
        if (keyEntry != null) {
            PublicKey publicKey = keyEntry.getCertificate().getPublicKey();
            Trace.i(TAG, "Retrieving encrypt cipher...");
            try {
                Cipher cipher = Cipher.getInstance(ALGORITHM, KEY_PROVIDER);
                cipher.init(1, publicKey);
                return cipher;
            } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException e) {
                Trace.e(TAG, "Failed to obtain Cipher instance", e);
            }
        }
        throw new IllegalArgumentException("Failed to obtain a cipher instance but encryption is mandatory");
    }
}
