package com.teamtailor.modules.encryption;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import expo.modules.securestore.encryptors.AESEncryptor;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.Metadata;
import kotlin.collections.ArraysKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;

/* compiled from: CryptoUtils.kt */
@Metadata(d1 = {"\u00008\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0002\bÆ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0006\u0010\b\u001a\u00020\tJ\b\u0010\n\u001a\u00020\u000bH\u0002J\u0006\u0010\f\u001a\u00020\u0004J&\u0010\r\u001a\u00020\u00042\u0006\u0010\u000e\u001a\u00020\u00042\u0006\u0010\u000f\u001a\u00020\u00042\u0006\u0010\u0010\u001a\u00020\u00042\u0006\u0010\u0011\u001a\u00020\u0004J\u000e\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u0004J\u000e\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u0004R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000¨\u0006\u0018"}, d2 = {"Lcom/teamtailor/modules/encryption/CryptoUtils;", "", "()V", "ANDROID_KEYSTORE", "", "GCM_TAG_LENGTH", "", "KEY_ALIAS", "deleteKeyPair", "", "getOrCreateKeyPair", "Ljava/security/KeyStore$PrivateKeyEntry;", "getPublicKey", "hybridDecrypt", "encryptedKey", "cipherText", "nonce", "tag", "rsaDecrypt", "", "encryptedBase64", "testEncryption", "", "message", "ttmobile-notification-service_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes5.dex */
public final class CryptoUtils {
    private static final String ANDROID_KEYSTORE = "AndroidKeyStore";
    private static final int GCM_TAG_LENGTH = 128;
    public static final CryptoUtils INSTANCE = new CryptoUtils();
    private static final String KEY_ALIAS = "com.teamtailor.app.cryptoutils.rsa";

    private CryptoUtils() {
    }

    private final KeyStore.PrivateKeyEntry getOrCreateKeyPair() {
        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
        keyStore.load(null);
        if (!keyStore.containsAlias(KEY_ALIAS)) {
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(KEY_ALIAS, 3).setDigests("SHA-1").setEncryptionPaddings("OAEPPadding").setKeySize(2048).build();
            Intrinsics.checkNotNullExpressionValue(build, "build(...)");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEYSTORE);
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
        }
        KeyStore.Entry entry = keyStore.getEntry(KEY_ALIAS, null);
        Intrinsics.checkNotNull(entry, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
        return (KeyStore.PrivateKeyEntry) entry;
    }

    public final void deleteKeyPair() {
        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
        keyStore.load(null);
        keyStore.deleteEntry(KEY_ALIAS);
    }

    public final String getPublicKey() {
        String encodeToString = Base64.encodeToString(getOrCreateKeyPair().getCertificate().getPublicKey().getEncoded(), 2);
        Intrinsics.checkNotNullExpressionValue(encodeToString, "encodeToString(...)");
        return encodeToString;
    }

    public final String hybridDecrypt(String encryptedKey, String cipherText, String nonce, String tag) {
        Intrinsics.checkNotNullParameter(encryptedKey, "encryptedKey");
        Intrinsics.checkNotNullParameter(cipherText, "cipherText");
        Intrinsics.checkNotNullParameter(nonce, "nonce");
        Intrinsics.checkNotNullParameter(tag, "tag");
        byte[] rsaDecrypt = rsaDecrypt(encryptedKey);
        Cipher cipher = Cipher.getInstance(AESEncryptor.AES_CIPHER);
        byte[] decode = Base64.decode(nonce, 2);
        byte[] decode2 = Base64.decode(cipherText, 2);
        byte[] decode3 = Base64.decode(tag, 2);
        cipher.init(2, new SecretKeySpec(rsaDecrypt, "AES"), new GCMParameterSpec(128, decode));
        Intrinsics.checkNotNull(decode2);
        Intrinsics.checkNotNull(decode3);
        byte[] doFinal = cipher.doFinal(ArraysKt.plus(decode2, decode3));
        Intrinsics.checkNotNull(doFinal);
        return new String(doFinal, Charsets.UTF_8);
    }

    public final byte[] rsaDecrypt(String encryptedBase64) {
        Intrinsics.checkNotNullParameter(encryptedBase64, "encryptedBase64");
        KeyStore.PrivateKeyEntry orCreateKeyPair = getOrCreateKeyPair();
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
        cipher.init(2, orCreateKeyPair.getPrivateKey());
        byte[] doFinal = cipher.doFinal(Base64.decode(encryptedBase64, 2));
        Intrinsics.checkNotNullExpressionValue(doFinal, "doFinal(...)");
        return doFinal;
    }

    public final boolean testEncryption(String message) {
        Intrinsics.checkNotNullParameter(message, "message");
        KeyStore.PrivateKeyEntry orCreateKeyPair = getOrCreateKeyPair();
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
        cipher.init(1, orCreateKeyPair.getCertificate().getPublicKey());
        byte[] bytes = message.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
        byte[] doFinal = cipher.doFinal(bytes);
        cipher.init(2, orCreateKeyPair.getPrivateKey());
        byte[] doFinal2 = cipher.doFinal(doFinal);
        Intrinsics.checkNotNull(doFinal2);
        return Intrinsics.areEqual(message, new String(doFinal2, Charsets.UTF_8));
    }
}
