package T1;

import android.app.KeyguardManager;
import android.content.Context;
import android.content.Intent;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Calendar;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public final class e {

    /* renamed from: a, reason: collision with root package name */
    public final String f4453a;

    /* renamed from: b, reason: collision with root package name */
    public final String f4454b;

    /* renamed from: c, reason: collision with root package name */
    public final String f4455c;

    /* renamed from: d, reason: collision with root package name */
    public final String f4456d;

    /* renamed from: e, reason: collision with root package name */
    public final j f4457e;

    /* renamed from: f, reason: collision with root package name */
    public final Context f4458f;

    public e(Context context, i iVar) {
        if (TextUtils.isEmpty("com.auth0.key")) {
            throw new IllegalArgumentException("RSA and AES Key alias must be valid.");
        }
        this.f4453a = "com.auth0.key";
        this.f4454b = "com.auth0.key_iv";
        this.f4455c = context.getPackageName() + ".com.auth0.key";
        this.f4456d = context.getPackageName() + ".com.auth0.key_iv";
        this.f4458f = context;
        this.f4457e = iVar;
    }

    public static KeyStore.PrivateKeyEntry f(String str, KeyStore keyStore) {
        PrivateKey privateKey;
        if (Build.VERSION.SDK_INT < 28 || (privateKey = (PrivateKey) keyStore.getKey(str, null)) == null) {
            return (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null);
        }
        Certificate certificate = keyStore.getCertificate(str);
        if (certificate == null) {
            return null;
        }
        return new KeyStore.PrivateKeyEntry(privateKey, new Certificate[]{certificate});
    }

    public final byte[] a(byte[] bArr) {
        try {
            Certificate certificate = g().getCertificate();
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, certificate);
            return cipher.doFinal(bArr);
        } catch (InvalidKeyException e6) {
            e = e6;
            Log.e("e", "The device can't encrypt input using a RSA Key.", e);
            throw new f(e);
        } catch (NoSuchAlgorithmException e7) {
            e = e7;
            Log.e("e", "The device can't encrypt input using a RSA Key.", e);
            throw new f(e);
        } catch (BadPaddingException e8) {
            e = e8;
            c();
            throw new RuntimeException("The RSA decrypted input is invalid.", e);
        } catch (IllegalBlockSizeException e9) {
            e = e9;
            c();
            throw new RuntimeException("The RSA decrypted input is invalid.", e);
        } catch (NoSuchPaddingException e10) {
            e = e10;
            Log.e("e", "The device can't encrypt input using a RSA Key.", e);
            throw new f(e);
        }
    }

    public final byte[] b(byte[] bArr) {
        j jVar = this.f4457e;
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(e(), "AES");
            Cipher cipher = Cipher.getInstance("AES/GCM/NOPADDING");
            String b6 = ((i) jVar).b(this.f4456d);
            if (TextUtils.isEmpty(b6)) {
                b6 = ((i) jVar).b(this.f4454b);
                if (TextUtils.isEmpty(b6)) {
                    throw new c("The encryption keys changed recently. You need to re-encrypt something first.", null);
                }
            }
            cipher.init(2, secretKeySpec, new IvParameterSpec(Base64.decode(b6, 0)));
            return cipher.doFinal(bArr);
        } catch (InvalidAlgorithmParameterException e6) {
            e = e6;
            Log.e("e", "Error while decrypting the input.", e);
            throw new f(e);
        } catch (InvalidKeyException e7) {
            e = e7;
            Log.e("e", "Error while decrypting the input.", e);
            throw new f(e);
        } catch (NoSuchAlgorithmException e8) {
            e = e8;
            Log.e("e", "Error while decrypting the input.", e);
            throw new f(e);
        } catch (BadPaddingException e9) {
            e = e9;
            throw new RuntimeException("The AES encrypted input is corrupted and cannot be recovered. Please discard it.", e);
        } catch (IllegalBlockSizeException e10) {
            e = e10;
            throw new RuntimeException("The AES encrypted input is corrupted and cannot be recovered. Please discard it.", e);
        } catch (NoSuchPaddingException e11) {
            e = e11;
            Log.e("e", "Error while decrypting the input.", e);
            throw new f(e);
        }
    }

    public final void c() {
        String str = this.f4455c;
        j jVar = this.f4457e;
        ((i) jVar).a(str);
        ((i) jVar).a(this.f4456d);
        ((i) jVar).a(this.f4453a);
        ((i) jVar).a(this.f4454b);
    }

    public final byte[] d(byte[] bArr) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(e(), "AES");
            Cipher cipher = Cipher.getInstance("AES/GCM/NOPADDING");
            cipher.init(1, secretKeySpec);
            byte[] doFinal = cipher.doFinal(bArr);
            byte[] encode = Base64.encode(cipher.getIV(), 0);
            ((i) this.f4457e).e(this.f4456d, new String(encode, StandardCharsets.UTF_8));
            return doFinal;
        } catch (InvalidKeyException e6) {
            e = e6;
            Log.e("e", "Error while encrypting the input.", e);
            throw new f(e);
        } catch (NoSuchAlgorithmException e7) {
            e = e7;
            Log.e("e", "Error while encrypting the input.", e);
            throw new f(e);
        } catch (BadPaddingException e8) {
            e = e8;
            throw new RuntimeException("The AES decrypted input is invalid.", e);
        } catch (IllegalBlockSizeException e9) {
            e = e9;
            throw new RuntimeException("The AES decrypted input is invalid.", e);
        } catch (NoSuchPaddingException e10) {
            e = e10;
            Log.e("e", "Error while encrypting the input.", e);
            throw new f(e);
        }
    }

    public final byte[] e() {
        j jVar = this.f4457e;
        i iVar = (i) jVar;
        String str = this.f4455c;
        String b6 = iVar.b(str);
        if (TextUtils.isEmpty(b6)) {
            b6 = iVar.b(this.f4453a);
        }
        if (b6 != null) {
            byte[] decode = Base64.decode(b6, 0);
            try {
                PrivateKey privateKey = g().getPrivateKey();
                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                cipher.init(2, privateKey);
                byte[] doFinal = cipher.doFinal(decode);
                if (doFinal != null && doFinal.length == 32) {
                    return doFinal;
                }
            } catch (IllegalArgumentException e6) {
                e = e6;
                c();
                throw new RuntimeException("The RSA encrypted input is corrupted and cannot be recovered. Please discard it.", e);
            } catch (InvalidKeyException e7) {
                e = e7;
                Log.e("e", "The device can't decrypt input using a RSA Key.", e);
                throw new f(e);
            } catch (NoSuchAlgorithmException e8) {
                e = e8;
                Log.e("e", "The device can't decrypt input using a RSA Key.", e);
                throw new f(e);
            } catch (BadPaddingException e9) {
                e = e9;
                c();
                throw new RuntimeException("The RSA encrypted input is corrupted and cannot be recovered. Please discard it.", e);
            } catch (IllegalBlockSizeException e10) {
                e = e10;
                c();
                throw new RuntimeException("The RSA encrypted input is corrupted and cannot be recovered. Please discard it.", e);
            } catch (NoSuchPaddingException e11) {
                e = e11;
                Log.e("e", "The device can't decrypt input using a RSA Key.", e);
                throw new f(e);
            }
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            byte[] encoded = keyGenerator.generateKey().getEncoded();
            ((i) jVar).e(str, new String(Base64.encode(a(encoded), 0), StandardCharsets.UTF_8));
            return encoded;
        } catch (NoSuchAlgorithmException e12) {
            Log.e("e", "Error while creating the AES key.", e12);
            throw new f(e12);
        }
    }

    public final KeyStore.PrivateKeyEntry g() {
        KeyStore.PrivateKeyEntry f6;
        AlgorithmParameterSpec build;
        KeyGenParameterSpec.Builder certificateSubject;
        KeyGenParameterSpec.Builder certificateSerialNumber;
        KeyGenParameterSpec.Builder certificateNotBefore;
        KeyGenParameterSpec.Builder certificateNotAfter;
        KeyGenParameterSpec.Builder keySize;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder blockModes;
        Context context = this.f4458f;
        String str = this.f4453a;
        String str2 = this.f4455c;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(str)) {
                KeyStore.PrivateKeyEntry f7 = f(str, keyStore);
                if (f7 != null) {
                    return f7;
                }
            } else if (keyStore.containsAlias(str2) && (f6 = f(str2, keyStore)) != null) {
                return f6;
            }
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 25);
            X500Principal x500Principal = new X500Principal("CN=Auth0.Android,O=Auth0");
            if (Build.VERSION.SDK_INT >= 23) {
                d.m();
                certificateSubject = d.i(str2).setCertificateSubject(x500Principal);
                certificateSerialNumber = certificateSubject.setCertificateSerialNumber(BigInteger.ONE);
                certificateNotBefore = certificateSerialNumber.setCertificateNotBefore(calendar.getTime());
                certificateNotAfter = certificateNotBefore.setCertificateNotAfter(calendar2.getTime());
                keySize = certificateNotAfter.setKeySize(2048);
                encryptionPaddings = keySize.setEncryptionPaddings("PKCS1Padding");
                blockModes = encryptionPaddings.setBlockModes("ECB");
                build = blockModes.build();
            } else {
                KeyPairGeneratorSpec.Builder endDate = new KeyPairGeneratorSpec.Builder(context).setAlias(str2).setSubject(x500Principal).setKeySize(2048).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime());
                KeyguardManager keyguardManager = (KeyguardManager) context.getSystemService("keyguard");
                Intent createConfirmDeviceCredentialIntent = keyguardManager.createConfirmDeviceCredentialIntent(null, null);
                if (keyguardManager.isKeyguardSecure() && createConfirmDeviceCredentialIntent != null) {
                    endDate.setEncryptionRequired();
                }
                build = endDate.build();
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
            return f(str2, keyStore);
        } catch (IOException e6) {
            e = e6;
            try {
                KeyStore keyStore2 = KeyStore.getInstance("AndroidKeyStore");
                keyStore2.load(null);
                keyStore2.deleteEntry(str2);
                keyStore2.deleteEntry(str);
                Log.d("e", "Deleting the existing RSA key pair from the KeyStore.");
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e7) {
                Log.e("e", "Failed to remove the RSA KeyEntry from the Android KeyStore.", e7);
            }
            c();
            throw new RuntimeException("The existing RSA key pair could not be recovered and has been deleted. This occasionally happens when the Lock Screen settings are changed. You can safely retry this operation.", e);
        } catch (InvalidAlgorithmParameterException e8) {
            e = e8;
            Log.e("e", "The device can't generate a new RSA Key pair.", e);
            throw new f(e);
        } catch (KeyStoreException e9) {
            e = e9;
            Log.e("e", "The device can't generate a new RSA Key pair.", e);
            throw new f(e);
        } catch (NoSuchAlgorithmException e10) {
            e = e10;
            Log.e("e", "The device can't generate a new RSA Key pair.", e);
            throw new f(e);
        } catch (NoSuchProviderException e11) {
            e = e11;
            Log.e("e", "The device can't generate a new RSA Key pair.", e);
            throw new f(e);
        } catch (ProviderException e12) {
            e = e12;
            Log.e("e", "The device can't generate a new RSA Key pair.", e);
            throw new f(e);
        } catch (UnrecoverableEntryException e13) {
            e = e13;
            KeyStore keyStore22 = KeyStore.getInstance("AndroidKeyStore");
            keyStore22.load(null);
            keyStore22.deleteEntry(str2);
            keyStore22.deleteEntry(str);
            Log.d("e", "Deleting the existing RSA key pair from the KeyStore.");
            c();
            throw new RuntimeException("The existing RSA key pair could not be recovered and has been deleted. This occasionally happens when the Lock Screen settings are changed. You can safely retry this operation.", e);
        } catch (CertificateException e14) {
            e = e14;
            Log.e("e", "The device can't generate a new RSA Key pair.", e);
            throw new f(e);
        }
    }
}
