package com.bottlerocketstudios.vault.keys.wrapper;

import android.annotation.SuppressLint;
import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import com.bottlerocketstudios.vault.EncryptionConstants;
import com.bottlerocketstudios.vault.keys.generator.Aes256RandomKeyFactory;
import com.bottlerocketstudios.vault.keys.storage.KeyStorageType;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.Calendar;
import java.util.GregorianCalendar;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public abstract class AbstractAndroidKeystoreSecretKeyWrapper implements SecretKeyWrapper {
    protected static final String ALGORITHM = "RSA";
    protected static final int CERTIFICATE_LIFE_YEARS = 100;
    protected static final int START_OFFSET = -5;
    private final String mAlias;
    private final Cipher mCipher = Cipher.getInstance(getTransformation());
    private final Context mContext;
    private KeyPair mKeyPair;

    @SuppressLint({"GetInstance"})
    public AbstractAndroidKeystoreSecretKeyWrapper(Context context, String str) {
        this.mAlias = str;
        this.mContext = context.getApplicationContext();
    }

    @TargetApi(23)
    private AlgorithmParameterSpec buildApi23AlgorithmParameterSpec(String str, Calendar calendar, Calendar calendar2, BigInteger bigInteger, X500Principal x500Principal) {
        KeyGenParameterSpec.Builder certificateSubject;
        KeyGenParameterSpec.Builder certificateSerialNumber;
        KeyGenParameterSpec.Builder keyValidityStart;
        KeyGenParameterSpec.Builder certificateNotBefore;
        KeyGenParameterSpec.Builder keyValidityEnd;
        KeyGenParameterSpec.Builder certificateNotAfter;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder digests;
        KeyGenParameterSpec build;
        certificateSubject = new KeyGenParameterSpec.Builder(str, 7).setCertificateSubject(x500Principal);
        certificateSerialNumber = certificateSubject.setCertificateSerialNumber(bigInteger);
        keyValidityStart = certificateSerialNumber.setKeyValidityStart(calendar.getTime());
        certificateNotBefore = keyValidityStart.setCertificateNotBefore(calendar.getTime());
        keyValidityEnd = certificateNotBefore.setKeyValidityEnd(calendar2.getTime());
        certificateNotAfter = keyValidityEnd.setCertificateNotAfter(calendar2.getTime());
        encryptionPaddings = certificateNotAfter.setEncryptionPaddings(getEncryptionPadding());
        blockModes = encryptionPaddings.setBlockModes(getBlockModes());
        digests = blockModes.setDigests(getDigests());
        build = digests.build();
        return build;
    }

    @TargetApi(18)
    private AlgorithmParameterSpec buildLegacyAlgorithmParameterSpec(Context context, String str, Calendar calendar, Calendar calendar2, BigInteger bigInteger, X500Principal x500Principal) {
        return new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSubject(x500Principal).setSerialNumber(bigInteger).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
    }

    @TargetApi(18)
    private void generateKeyPair(Context context, String str) {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.add(12, START_OFFSET);
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.add(1, 100);
        AlgorithmParameterSpec versionAppropriateAlgorithmParameterSpec = getVersionAppropriateAlgorithmParameterSpec(context, str, gregorianCalendar, gregorianCalendar2, BigInteger.ONE, new X500Principal("CN=" + str));
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM, EncryptionConstants.ANDROID_KEY_STORE);
        keyPairGenerator.initialize(versionAppropriateAlgorithmParameterSpec);
        keyPairGenerator.generateKeyPair();
    }

    private KeyPair getKeyPair() {
        synchronized (this.mAlias) {
            if (this.mKeyPair == null) {
                KeyStore keyStore = KeyStore.getInstance(EncryptionConstants.ANDROID_KEY_STORE);
                keyStore.load(null);
                if (!keyStore.containsAlias(this.mAlias)) {
                    generateKeyPair(this.mContext, this.mAlias);
                }
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(this.mAlias, null);
                this.mKeyPair = new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
            }
        }
        return this.mKeyPair;
    }

    @TargetApi(18)
    private AlgorithmParameterSpec getVersionAppropriateAlgorithmParameterSpec(Context context, String str, Calendar calendar, Calendar calendar2, BigInteger bigInteger, X500Principal x500Principal) {
        return Build.VERSION.SDK_INT >= 23 ? buildApi23AlgorithmParameterSpec(str, calendar, calendar2, bigInteger, x500Principal) : buildLegacyAlgorithmParameterSpec(context, str, calendar, calendar2, bigInteger, x500Principal);
    }

    public AlgorithmParameterSpec buildCipherAlgorithmParameterSpec() {
        return null;
    }

    @Override // com.bottlerocketstudios.vault.keys.wrapper.SecretKeyWrapper
    public synchronized void clearKey(Context context) {
        this.mKeyPair = null;
        KeyStore keyStore = KeyStore.getInstance(EncryptionConstants.ANDROID_KEY_STORE);
        keyStore.load(null);
        keyStore.deleteEntry(this.mAlias);
    }

    protected abstract String[] getBlockModes();

    protected abstract String[] getDigests();

    protected abstract String[] getEncryptionPadding();

    @Override // com.bottlerocketstudios.vault.keys.wrapper.SecretKeyWrapper
    public KeyStorageType getKeyStorageType() {
        return KeyStorageType.ANDROID_KEYSTORE;
    }

    protected abstract String getTransformation();

    public boolean testKey() {
        if (getKeyPair() == null) {
            return false;
        }
        SecretKey createKey = Aes256RandomKeyFactory.createKey();
        SecretKey unwrap = unwrap(wrap(createKey), EncryptionConstants.AES_CIPHER);
        return unwrap != null && Arrays.equals(unwrap.getEncoded(), createKey.getEncoded());
    }

    @Override // com.bottlerocketstudios.vault.keys.wrapper.SecretKeyWrapper
    public synchronized SecretKey unwrap(byte[] bArr, String str) {
        AlgorithmParameterSpec buildCipherAlgorithmParameterSpec = buildCipherAlgorithmParameterSpec();
        if (buildCipherAlgorithmParameterSpec == null) {
            this.mCipher.init(4, getKeyPair().getPrivate());
        } else {
            this.mCipher.init(4, getKeyPair().getPrivate(), buildCipherAlgorithmParameterSpec);
        }
        return (SecretKey) this.mCipher.unwrap(bArr, str, 3);
    }

    @Override // com.bottlerocketstudios.vault.keys.wrapper.SecretKeyWrapper
    public synchronized byte[] wrap(SecretKey secretKey) {
        AlgorithmParameterSpec buildCipherAlgorithmParameterSpec = buildCipherAlgorithmParameterSpec();
        if (buildCipherAlgorithmParameterSpec == null) {
            this.mCipher.init(3, getKeyPair().getPublic());
        } else {
            this.mCipher.init(3, getKeyPair().getPublic(), buildCipherAlgorithmParameterSpec);
        }
        return this.mCipher.wrap(secretKey);
    }
}
