package com.swissquote.android.framework.login.utils;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.preference.PreferenceManager;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.lifecycle.g;
import androidx.lifecycle.i;
import androidx.lifecycle.q;
import com.google.android.gms.measurement.api.AppMeasurementSdk;
import java.io.File;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.StringsKt;
import okhttp3.Credentials;
import org.bouncycastle.i18n.TextBundle;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

@Metadata(bv = {1, 0, 3}, d1 = {"\u0000>\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\f\n\u0002\u0010\u000b\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\n\n\u0002\u0018\u0002\n\u0002\b\b\n\u0002\u0010\u0002\n\u0002\b\t\u0018\u0000 52\u00020\u00012\u00020\u0002:\u000256B\r\u0012\u0006\u0010\u0003\u001a\u00020\u0004¢\u0006\u0002\u0010\u0005J\u0010\u0010-\u001a\u00020.2\u0006\u0010/\u001a\u00020\u0014H\u0016J\b\u00100\u001a\u00020.H\u0002J\u0010\u00101\u001a\u00020\u00072\u0006\u00102\u001a\u00020\u0007H\u0002J\u0018\u00103\u001a\u00020.2\u0006\u00102\u001a\u00020\u00072\u0006\u0010\u000f\u001a\u00020\u0007H\u0002J\b\u00104\u001a\u00020.H\u0007R\u0010\u0010\u0006\u001a\u0004\u0018\u00010\u0007X\u0082\u000e¢\u0006\u0002\n\u0000R\u0010\u0010\b\u001a\u0004\u0018\u00010\u0007X\u0082\u000e¢\u0006\u0002\n\u0000R\u0010\u0010\t\u001a\u0004\u0018\u00010\u0007X\u0082\u000e¢\u0006\u0002\n\u0000R\u0010\u0010\n\u001a\u0004\u0018\u00010\u0007X\u0082\u000e¢\u0006\u0002\n\u0000R\u0010\u0010\u000b\u001a\u0004\u0018\u00010\u0007X\u0082\u000e¢\u0006\u0002\n\u0000R\u0011\u0010\f\u001a\u00020\u00078F¢\u0006\u0006\u001a\u0004\b\r\u0010\u000eR$\u0010\u0010\u001a\u00020\u00072\u0006\u0010\u000f\u001a\u00020\u00078V@VX\u0096\u000e¢\u0006\f\u001a\u0004\b\u0011\u0010\u000e\"\u0004\b\u0012\u0010\u0013R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n\u0000R$\u0010\u0015\u001a\u00020\u00142\u0006\u0010\u000f\u001a\u00020\u00148F@FX\u0086\u000e¢\u0006\f\u001a\u0004\b\u0015\u0010\u0016\"\u0004\b\u0017\u0010\u0018R\u000e\u0010\u0019\u001a\u00020\u001aX\u0082\u0004¢\u0006\u0002\n\u0000R$\u0010\u001b\u001a\u00020\u00072\u0006\u0010\u000f\u001a\u00020\u00078V@VX\u0096\u000e¢\u0006\f\u001a\u0004\b\u001c\u0010\u000e\"\u0004\b\u001d\u0010\u0013R$\u0010\u001e\u001a\u00020\u00072\u0006\u0010\u000f\u001a\u00020\u00078V@VX\u0096\u000e¢\u0006\f\u001a\u0004\b\u001f\u0010\u000e\"\u0004\b \u0010\u0013R$\u0010!\u001a\u00020\u00072\u0006\u0010\u000f\u001a\u00020\u00078V@VX\u0096\u000e¢\u0006\f\u001a\u0004\b\"\u0010\u000e\"\u0004\b#\u0010\u0013R\u0016\u0010$\u001a\n &*\u0004\u0018\u00010%0%X\u0082\u0004¢\u0006\u0002\n\u0000R$\u0010'\u001a\u00020\u00142\u0006\u0010\u000f\u001a\u00020\u00148F@FX\u0086\u000e¢\u0006\f\u001a\u0004\b(\u0010\u0016\"\u0004\b)\u0010\u0018R$\u0010*\u001a\u00020\u00072\u0006\u0010\u000f\u001a\u00020\u00078V@VX\u0096\u000e¢\u0006\f\u001a\u0004\b+\u0010\u000e\"\u0004\b,\u0010\u0013¨\u00067"}, d2 = {"Lcom/swissquote/android/framework/login/utils/SecuredPreferencesCredentialsStorage;", "Lcom/swissquote/android/framework/login/utils/CredentialsStorage;", "Landroidx/lifecycle/LifecycleObserver;", "context", "Landroid/content/Context;", "(Landroid/content/Context;)V", "_client", "", "_m2", "_m2Hash", "_password", "_username", "authToken", "getAuthToken", "()Ljava/lang/String;", AppMeasurementSdk.ConditionalUserProperty.VALUE, SecuredPreferencesCredentialsStorage.FIELD_CLIENT, "getClient", "setClient", "(Ljava/lang/String;)V", "", "isConnected", "()Z", "setConnected", "(Z)V", "keyStore", "Lcom/swissquote/android/framework/login/utils/SecuredPreferencesCredentialsStorage$KeyStoreHelper;", SecuredPreferencesCredentialsStorage.FIELD_M2, "getM2", "setM2", "m2Hash", "getM2Hash", "setM2Hash", SecuredPreferencesCredentialsStorage.FIELD_PASSWORD, "getPassword", "setPassword", "preferences", "Landroid/content/SharedPreferences;", "kotlin.jvm.PlatformType", "rememberMe", "getRememberMe", "setRememberMe", SecuredPreferencesCredentialsStorage.FIELD_USERNAME, "getUsername", "setUsername", "clearCredentials", "", "forceLogout", "deleteStoredMailboxDocuments", "getDecryptedString", AppMeasurementSdk.ConditionalUserProperty.NAME, "putEncryptedString", "removeTemporaryCredentials", "Companion", "KeyStoreHelper", "lib_postFinancePhoneRelease"}, k = 1, mv = {1, 1, 15})
/* loaded from: classes9.dex */
public final class SecuredPreferencesCredentialsStorage implements i, CredentialsStorage {
    private static final String FIELD_CLIENT = "client";
    private static final String FIELD_CONNECTED = "connected";
    private static final String FIELD_M2 = "m2";
    private static final String FIELD_M2_HASH = "m2_hash";
    private static final String FIELD_PASSWORD = "password";
    private static final String FIELD_REMEMBER_ME = "remember_me";
    private static final String FIELD_USERNAME = "username";
    private String _client;
    private String _m2;
    private String _m2Hash;
    private String _password;
    private String _username;
    private final Context context;
    private final KeyStoreHelper keyStore;
    private final SharedPreferences preferences;

    /* JADX INFO: Access modifiers changed from: private */
    @Metadata(bv = {1, 0, 3}, d1 = {"\u0000>\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\u0003\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0002\b\u0002\u0018\u0000 \u00162\u00020\u0001:\u0001\u0016B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0010\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0002\u001a\u00020\u0003H\u0002J\b\u0010\u0007\u001a\u00020\u0006H\u0003J\u0010\u0010\b\u001a\u00020\u00062\u0006\u0010\u0002\u001a\u00020\u0003H\u0002J\u000e\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\nJ\u000e\u0010\f\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\nJ\u0010\u0010\r\u001a\n \u000f*\u0004\u0018\u00010\u000e0\u000eH\u0002J\n\u0010\u0010\u001a\u0004\u0018\u00010\u0011H\u0002J\b\u0010\u0012\u001a\u00020\u0013H\u0002J\b\u0010\u0014\u001a\u00020\u0015H\u0002¨\u0006\u0017"}, d2 = {"Lcom/swissquote/android/framework/login/utils/SecuredPreferencesCredentialsStorage$KeyStoreHelper;", "", "context", "Landroid/content/Context;", "(Landroid/content/Context;)V", "createKey", "", "createKeyM", "createKeySupport", "decrypt", "", TextBundle.TEXT_ENTRY, "encrypt", "getCipher", "Ljavax/crypto/Cipher;", "kotlin.jvm.PlatformType", "getPrivateKey", "Ljava/security/PrivateKey;", "getPublicKey", "Ljava/security/PublicKey;", "shouldCreateKeyForAlias", "", "Companion", "lib_postFinancePhoneRelease"}, k = 1, mv = {1, 1, 15})
    /* loaded from: classes9.dex */
    public static final class KeyStoreHelper {
        private static final String ALGORITHM = "RSA";
        private static final String BLOCKING_MODE = "NONE";
        private static final String KEYSTORE_PROVIDER = "AndroidKeyStore";
        private static final String KEY_ALIAS = "postFinancePhoneLoginData";
        private static final String PADDING_TYPE = "PKCS1Padding";

        public KeyStoreHelper(Context context) {
            Intrinsics.checkParameterIsNotNull(context, "context");
            if (shouldCreateKeyForAlias()) {
                createKey(context);
            }
        }

        private final void createKey(Context context) {
            if (Build.VERSION.SDK_INT >= 23) {
                createKeyM();
            } else {
                createKeySupport(context);
            }
        }

        @TargetApi(23)
        private final void createKeyM() {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM, KEYSTORE_PROVIDER);
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(KEY_ALIAS, 3).setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(1024, RSAKeyGenParameterSpec.F4)).setBlockModes("CBC").setEncryptionPaddings(PADDING_TYPE).setDigests(McElieceCCA2KeyGenParameterSpec.SHA256, McElieceCCA2KeyGenParameterSpec.SHA384, McElieceCCA2KeyGenParameterSpec.SHA512).setUserAuthenticationRequired(false).build());
            keyPairGenerator.genKeyPair();
        }

        private final void createKeySupport(Context context) {
            Calendar start = Calendar.getInstance();
            Calendar end = Calendar.getInstance();
            end.add(1, 100);
            KeyPairGeneratorSpec.Builder alias = new KeyPairGeneratorSpec.Builder(context).setAlias(KEY_ALIAS);
            Intrinsics.checkExpressionValueIsNotNull(end, "end");
            KeyPairGeneratorSpec.Builder serialNumber = alias.setEndDate(end.getTime()).setSubject(new X500Principal("CN=postFinancePhoneLoginData")).setSerialNumber(BigInteger.valueOf(Math.abs(KEY_ALIAS.hashCode())));
            Intrinsics.checkExpressionValueIsNotNull(start, "start");
            KeyPairGeneratorSpec build = serialNumber.setStartDate(start.getTime()).build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM, KEYSTORE_PROVIDER);
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
        }

        private final Cipher getCipher() {
            return Cipher.getInstance("RSA/NONE/PKCS1Padding");
        }

        private final PrivateKey getPrivateKey() {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_PROVIDER);
            keyStore.load(null);
            Key key = keyStore.getKey(KEY_ALIAS, null);
            if (!(key instanceof PrivateKey)) {
                key = null;
            }
            return (PrivateKey) key;
        }

        private final PublicKey getPublicKey() {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_PROVIDER);
            keyStore.load(null);
            Certificate certificate = keyStore.getCertificate(KEY_ALIAS);
            Intrinsics.checkExpressionValueIsNotNull(certificate, "keyStore.getCertificate(KEY_ALIAS)");
            PublicKey publicKey = certificate.getPublicKey();
            Intrinsics.checkExpressionValueIsNotNull(publicKey, "keyStore.getCertificate(KEY_ALIAS).publicKey");
            return publicKey;
        }

        private final boolean shouldCreateKeyForAlias() {
            KeyStore.getInstance(KEYSTORE_PROVIDER).load(null);
            return !r0.containsAlias(KEY_ALIAS);
        }

        public final String decrypt(String text) {
            Intrinsics.checkParameterIsNotNull(text, "text");
            PrivateKey privateKey = getPrivateKey();
            Cipher cipher = getCipher();
            cipher.init(2, privateKey);
            byte[] doFinal = cipher.doFinal(Base64.decode(text, 2));
            Intrinsics.checkExpressionValueIsNotNull(doFinal, "cipher.doFinal(Base64.de…de(text, Base64.NO_WRAP))");
            return new String(doFinal, Charsets.UTF_8);
        }

        public final String encrypt(String text) {
            Intrinsics.checkParameterIsNotNull(text, "text");
            PublicKey publicKey = getPublicKey();
            Cipher cipher = getCipher();
            cipher.init(1, publicKey);
            byte[] bytes = text.getBytes(Charsets.UTF_8);
            Intrinsics.checkExpressionValueIsNotNull(bytes, "(this as java.lang.String).getBytes(charset)");
            String encodeToString = Base64.encodeToString(cipher.doFinal(bytes), 2);
            Intrinsics.checkExpressionValueIsNotNull(encodeToString, "Base64.encodeToString(ci…Array()), Base64.NO_WRAP)");
            return encodeToString;
        }
    }

    public SecuredPreferencesCredentialsStorage(Context context) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        this.context = context;
        this.keyStore = new KeyStoreHelper(this.context);
        this.preferences = PreferenceManager.getDefaultSharedPreferences(this.context);
    }

    private final void deleteStoredMailboxDocuments() {
        File[] listFiles = new File(this.context.getFilesDir(), "mailbox").listFiles();
        if (listFiles != null) {
            for (File file : listFiles) {
                file.delete();
            }
        }
    }

    private final String getDecryptedString(String name) {
        String string = this.preferences.getString(name, "");
        if (string == null) {
            string = "";
        }
        return string.length() == 0 ? "" : this.keyStore.decrypt(string);
    }

    private final void putEncryptedString(String name, String value) {
        if (StringsKt.isBlank(value)) {
            this.preferences.edit().remove(name).apply();
        } else {
            this.preferences.edit().putString(name, this.keyStore.encrypt(value)).apply();
        }
    }

    @Override // com.swissquote.android.framework.login.utils.CredentialsStorage
    public void clearCredentials(boolean forceLogout) {
        deleteStoredMailboxDocuments();
        setConnected(false);
        setPassword("");
        setUsername("");
        if (forceLogout) {
            setClient("");
            setM2("");
            setM2Hash("");
        }
    }

    public final String getAuthToken() {
        if (!isConnected()) {
            return "";
        }
        String basic = Credentials.basic(getUsername(), getPassword());
        Intrinsics.checkExpressionValueIsNotNull(basic, "Credentials.basic(this.username, this.password)");
        return basic;
    }

    @Override // com.swissquote.android.framework.login.utils.CredentialsStorage
    public String getClient() {
        String str = this._client;
        if (str == null) {
            str = getDecryptedString(FIELD_CLIENT);
            this._client = StringsKt.isBlank(str) ^ true ? str : null;
        }
        return str;
    }

    @Override // com.swissquote.android.framework.login.utils.CredentialsStorage
    public String getM2() {
        String str = this._m2;
        if (str == null) {
            str = getDecryptedString(FIELD_M2);
            this._m2 = StringsKt.isBlank(str) ^ true ? str : null;
        }
        return str;
    }

    @Override // com.swissquote.android.framework.login.utils.CredentialsStorage
    public String getM2Hash() {
        String str = this._m2Hash;
        if (str == null) {
            str = getDecryptedString(FIELD_M2_HASH);
            this._m2Hash = StringsKt.isBlank(str) ^ true ? str : null;
        }
        return str;
    }

    @Override // com.swissquote.android.framework.login.utils.CredentialsStorage
    public String getPassword() {
        String str = this._password;
        if (str == null) {
            str = getDecryptedString(FIELD_PASSWORD);
            this._password = StringsKt.isBlank(str) ^ true ? str : null;
        }
        return str;
    }

    public final boolean getRememberMe() {
        return this.preferences.getBoolean(FIELD_REMEMBER_ME, true);
    }

    @Override // com.swissquote.android.framework.login.utils.CredentialsStorage
    public String getUsername() {
        String str = this._username;
        if (str == null) {
            str = getDecryptedString(FIELD_USERNAME);
            this._username = StringsKt.isBlank(str) ^ true ? str : null;
        }
        return str;
    }

    public final boolean isConnected() {
        return this.preferences.getBoolean(FIELD_CONNECTED, false);
    }

    @q(a = g.a.ON_DESTROY)
    public final void removeTemporaryCredentials() {
        if (getRememberMe()) {
            return;
        }
        clearCredentials(true);
    }

    @Override // com.swissquote.android.framework.login.utils.CredentialsStorage
    public void setClient(String value) {
        Intrinsics.checkParameterIsNotNull(value, "value");
        putEncryptedString(FIELD_CLIENT, value);
        Unit unit = Unit.INSTANCE;
        this._client = (String) null;
    }

    public final void setConnected(boolean z) {
        this.preferences.edit().putBoolean(FIELD_CONNECTED, z).apply();
    }

    @Override // com.swissquote.android.framework.login.utils.CredentialsStorage
    public void setM2(String value) {
        Intrinsics.checkParameterIsNotNull(value, "value");
        putEncryptedString(FIELD_M2, value);
        Unit unit = Unit.INSTANCE;
        this._m2 = (String) null;
    }

    @Override // com.swissquote.android.framework.login.utils.CredentialsStorage
    public void setM2Hash(String value) {
        Intrinsics.checkParameterIsNotNull(value, "value");
        putEncryptedString(FIELD_M2_HASH, value);
        Unit unit = Unit.INSTANCE;
        this._m2Hash = (String) null;
    }

    @Override // com.swissquote.android.framework.login.utils.CredentialsStorage
    public void setPassword(String value) {
        Intrinsics.checkParameterIsNotNull(value, "value");
        putEncryptedString(FIELD_PASSWORD, value);
        Unit unit = Unit.INSTANCE;
        this._password = (String) null;
    }

    public final void setRememberMe(boolean z) {
        this.preferences.edit().putBoolean(FIELD_REMEMBER_ME, z).apply();
    }

    @Override // com.swissquote.android.framework.login.utils.CredentialsStorage
    public void setUsername(String value) {
        Intrinsics.checkParameterIsNotNull(value, "value");
        putEncryptedString(FIELD_USERNAME, value);
        Unit unit = Unit.INSTANCE;
        this._username = (String) null;
    }
}
