package org.forgerock.android.auth;

import android.app.KeyguardManager;
import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Calendar;
import java.util.Date;
import javax.crypto.Cipher;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes6.dex */
class AsymmetricEncryptor implements Encryptor {
    public static final String CN_FORGE_ROCK = "CN=ForgeRock";
    public static final int KEY_SIZE = 2048;
    private static final String RSA_ECB_PKCS1_PADDING = "RSA/ECB/PKCS1PADDING";
    private final Context context;
    private final String keyAlias;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes6.dex */
    public class KeyUnavailableException extends Exception {
        KeyUnavailableException(String str) {
            super(str);
        }
    }

    AsymmetricEncryptor(Context context, String str) {
        this.context = context.getApplicationContext();
        this.keyAlias = str;
    }

    private KeyStore getKeyStore() throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(Encryptor.ANDROID_KEYSTORE);
        keyStore.load(null);
        return keyStore;
    }

    private Key getPrivateKey() throws GeneralSecurityException, IOException, KeyUnavailableException {
        KeyStore keyStore = getKeyStore();
        if (keyStore.containsAlias(this.keyAlias)) {
            return keyStore.getKey(this.keyAlias, null);
        }
        throw new KeyUnavailableException("Private Key not found.");
    }

    private Key getPublicKey() throws GeneralSecurityException, IOException {
        KeyStore keyStore = getKeyStore();
        if (keyStore.containsAlias(this.keyAlias)) {
            return keyStore.getCertificate(this.keyAlias).getPublicKey();
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", Encryptor.ANDROID_KEYSTORE);
        keyPairGenerator.initialize(getSpec(this.context, this.keyAlias));
        return keyPairGenerator.generateKeyPair().getPublic();
    }

    private KeyPairGeneratorSpec getSpec(Context context, String str) {
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        calendar.add(1, 10);
        KeyPairGeneratorSpec.Builder endDate = new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSubject(new X500Principal(CN_FORGE_ROCK)).setKeySize(2048).setSerialNumber(BigInteger.ONE).setStartDate(time).setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4)).setEndDate(calendar.getTime());
        KeyguardManager keyguardManager = (KeyguardManager) context.getSystemService("keyguard");
        if (keyguardManager.isKeyguardSecure() && keyguardManager.createConfirmDeviceCredentialIntent(null, null) != null) {
            endDate.setEncryptionRequired();
        }
        return endDate.build();
    }

    @Override // org.forgerock.android.auth.Encryptor
    public byte[] decrypt(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance(RSA_ECB_PKCS1_PADDING);
            cipher.init(2, getPrivateKey());
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new EncryptionException(e);
        }
    }

    @Override // org.forgerock.android.auth.Encryptor
    public byte[] encrypt(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance(RSA_ECB_PKCS1_PADDING);
            cipher.init(1, getPublicKey());
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new EncryptionException(e);
        }
    }

    @Override // org.forgerock.android.auth.Encryptor
    public void reset() throws GeneralSecurityException, IOException {
        getKeyStore().deleteEntry(this.keyAlias);
    }
}
