package com.oblador.keychain.cipherStorage;

import android.annotation.SuppressLint;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Log;
import androidx.annotation.v0;
import com.facebook.react.bridge.ReactApplicationContext;
import com.oblador.keychain.SecurityLevel;
import com.oblador.keychain.cipherStorage.a;
import com.oblador.keychain.exceptions.CryptoFailedException;
import com.oblador.keychain.exceptions.KeyStoreAccessException;
import com.oblador.keychain.resultHandler.CryptoOperation;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.NoSuchPaddingException;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.e0;

@v0(23)
/* loaded from: classes3.dex */
public final class v extends CipherStorageBase {

    /* renamed from: o, reason: collision with root package name */
    @wa.k
    public static final String f57624o = "RSA";

    /* renamed from: p, reason: collision with root package name */
    @wa.k
    public static final String f57625p = "ECB";

    /* renamed from: q, reason: collision with root package name */
    @wa.k
    public static final String f57626q = "PKCS1Padding";

    /* renamed from: s, reason: collision with root package name */
    public static final int f57628s = 2048;

    /* renamed from: t, reason: collision with root package name */
    public static final int f57629t = 512;

    /* renamed from: n, reason: collision with root package name */
    @wa.k
    public static final a f57623n = new a(null);

    /* renamed from: r, reason: collision with root package name */
    @wa.k
    private static final String f57627r = "RSA/ECB/PKCS1Padding";

    /* loaded from: classes3.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        @wa.k
        public final String a() {
            return v.f57627r;
        }
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public v(@wa.k ReactApplicationContext reactContext) {
        super(reactContext);
        e0.p(reactContext, "reactContext");
    }

    private final a.c W(String str, String str2, String str3) throws GeneralSecurityException, IOException {
        Certificate certificate = D().getCertificate(str);
        if (certificate != null) {
            PublicKey generatePublic = KeyFactory.getInstance(f57624o).generatePublic(new X509EncodedKeySpec(certificate.getPublicKey().getEncoded()));
            e0.m(generatePublic);
            return new a.c(o(generatePublic, str3), o(generatePublic, str2), this);
        }
        throw new GeneralSecurityException("Certificate is null for alias " + str);
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    @SuppressLint({"NewApi"})
    @wa.k
    protected KeyGenParameterSpec.Builder A(@wa.k String alias) throws GeneralSecurityException {
        e0.p(alias, "alias");
        return B(alias, false);
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    @SuppressLint({"NewApi"})
    @wa.k
    protected KeyGenParameterSpec.Builder B(@wa.k String alias, boolean z10) throws GeneralSecurityException {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder randomizedEncryptionRequired;
        KeyGenParameterSpec.Builder userAuthenticationRequired;
        KeyGenParameterSpec.Builder keySize;
        e0.p(alias, "alias");
        int i10 = Build.VERSION.SDK_INT;
        if (i10 < 23) {
            throw new KeyStoreAccessException("Unsupported API" + i10 + " version detected.");
        }
        int i11 = z10 ? 512 : 2048;
        blockModes = br.com.classapp.RNSensitiveInfo.g.a(alias, 3).setBlockModes(f57625p);
        encryptionPaddings = blockModes.setEncryptionPaddings(f57626q);
        randomizedEncryptionRequired = encryptionPaddings.setRandomizedEncryptionRequired(true);
        userAuthenticationRequired = randomizedEncryptionRequired.setUserAuthenticationRequired(true);
        keySize = userAuthenticationRequired.setKeySize(i11);
        e0.o(keySize, "setKeySize(...)");
        if (i10 >= 30) {
            keySize.setUserAuthenticationParameters(5, 2);
        } else {
            keySize.setUserAuthenticationValidityDurationSeconds(5);
        }
        return keySize;
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    @wa.k
    protected KeyInfo C(@wa.k Key key) throws GeneralSecurityException {
        e0.p(key, "key");
        int i10 = Build.VERSION.SDK_INT;
        if (i10 >= 23) {
            KeySpec keySpec = KeyFactory.getInstance(key.getAlgorithm(), CipherStorageBase.f57575i).getKeySpec(key, br.com.classapp.RNSensitiveInfo.q.a());
            e0.o(keySpec, "getKeySpec(...)");
            return br.com.classapp.RNSensitiveInfo.r.a(keySpec);
        }
        throw new KeyStoreAccessException("Unsupported API" + i10 + " version detected.");
    }

    @Override // com.oblador.keychain.cipherStorage.a
    public int b() {
        return 23;
    }

    @Override // com.oblador.keychain.cipherStorage.a
    public boolean d() {
        return true;
    }

    @Override // com.oblador.keychain.cipherStorage.a
    @SuppressLint({"NewApi"})
    public void f(@wa.k com.oblador.keychain.resultHandler.b handler, @wa.k String alias, @wa.k byte[] username, @wa.k byte[] password, @wa.k SecurityLevel level) throws CryptoFailedException {
        Key key;
        String message;
        Key q10;
        e0.p(handler, "handler");
        e0.p(alias, "alias");
        e0.p(username, "username");
        e0.p(password, "password");
        e0.p(level, "level");
        P(level);
        String b10 = CipherStorageBase.f57574h.b(alias, c());
        try {
            try {
                q10 = q(b10, level, new AtomicInteger(1));
            } catch (UserNotAuthenticatedException e10) {
                e = e10;
                key = null;
            }
            try {
                handler.e(new a.b(m(q10, username), m(q10, password), null, 4, null), null);
            } catch (UserNotAuthenticatedException e11) {
                e = e11;
                key = q10;
                String E = E();
                message = e.getMessage();
                Log.d(E, "Unlock of keystore is needed. Error: " + message, e);
                e0.m(key);
                handler.c(new com.oblador.keychain.resultHandler.a(b10, key, password, username, CryptoOperation.DECRYPT));
            }
        } catch (Throwable th) {
            handler.e(null, th);
        }
    }

    @Override // com.oblador.keychain.cipherStorage.a
    public void g(@wa.k com.oblador.keychain.resultHandler.b handler, @wa.k String alias, @wa.k String username, @wa.k String password, @wa.k SecurityLevel level) throws CryptoFailedException {
        e0.p(handler, "handler");
        e0.p(alias, "alias");
        e0.p(username, "username");
        e0.p(password, "password");
        e0.p(level, "level");
        P(level);
        String b10 = CipherStorageBase.f57574h.b(alias, c());
        try {
            q(b10, level, new AtomicInteger(1));
            handler.g(W(b10, password, username), null);
        } catch (Exception e10) {
            if ((e10 instanceof NoSuchAlgorithmException) || (e10 instanceof InvalidKeySpecException) || (e10 instanceof NoSuchPaddingException) || (e10 instanceof InvalidKeyException)) {
                throw new CryptoFailedException("Could not encrypt data for service " + alias, e10);
            }
            if ((e10 instanceof KeyStoreException) || (e10 instanceof KeyStoreAccessException)) {
                throw new CryptoFailedException("Could not access Keystore for service " + alias, e10);
            }
            if (e10 instanceof IOException) {
                throw new CryptoFailedException("I/O error: " + e10.getMessage(), e10);
            }
            throw new CryptoFailedException("Unknown error: " + e10.getMessage(), e10);
        }
    }

    @Override // com.oblador.keychain.cipherStorage.a
    @wa.k
    public String i() {
        return "KeystoreRSAECB";
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    @wa.k
    protected Key s(@wa.k KeyGenParameterSpec spec) throws GeneralSecurityException {
        e0.p(spec, "spec");
        int i10 = Build.VERSION.SDK_INT;
        if (i10 >= 23) {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(y(), CipherStorageBase.f57575i);
            keyPairGenerator.initialize(spec);
            PrivateKey privateKey = keyPairGenerator.generateKeyPair().getPrivate();
            e0.o(privateKey, "getPrivate(...)");
            return privateKey;
        }
        throw new KeyStoreAccessException("Unsupported API" + i10 + " version detected.");
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    @wa.k
    protected String y() {
        return f57624o;
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    @wa.k
    protected String z() {
        return f57627r;
    }
}
