package com.citrix.client.Receiver.repository.keystore;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import android.util.Log;
import com.citrix.client.Receiver.repository.android.CitrixApplication;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class Encryption implements IEncryption {
    private static final String AES_CIPHER_TRANSFORMATION = "AES/CBC/PKCS5Padding";
    private static final String AES_GCM_NOPADDING_TRANSFORMATION = "AES/GCM/NoPadding";
    private static final int AES_KEY_SIZE = 256;
    private static final String AES_MODE = "AES/ECB/PKCS7Padding";
    private static final String AndroidKeyStore = "AndroidKeyStore";
    private static final String ENCRYPTED_KEY = "PRE_ANDROID_M_ENCRYPTED_KEY";
    private static final int GCM_AUTH_TAG_LEN = 128;
    private static final int IV_SIZE_ANDROIDM = 12;
    private static final int IV_SIZE_PRE_ANDROIDM = 16;
    private static final int KEY_SIZE = 2048;
    private static final String RSA_CIPHER_TRANSFORMATION = "RSA/ECB/PKCS1Padding";
    private static final String RSA_MODE = "RSA/ECB/PKCS1Padding";
    private static final String SHARED_PREFERENCE_NAME = "PRE_ANDROID_M_KEY";
    private static final String TAG = "Encryption";
    private final Context mContext;
    private static final long KEY_DURATION_MS = TimeUnit.DAYS.toMillis(18250);
    private static Encryption INSTANCE = new Encryption(CitrixApplication.getInstance().getContext());
    private String KEY_ALIAS = "GenerateKey";
    private KeyStore mKeyStore = null;

    public Encryption(Context context) {
        this.mContext = context;
    }

    @TargetApi(19)
    private byte[] decryptAESKey(byte[] bArr) throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, InvalidAlgorithmParameterException, IOException, NoSuchPaddingException, InvalidKeyException {
        PrivateKey privateKey = getPrivateKey();
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, privateKey);
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        byte[] bArr2 = new byte[arrayList.size()];
        for (int i = 0; i < bArr2.length; i++) {
            bArr2[i] = ((Byte) arrayList.get(i)).byteValue();
        }
        return bArr2;
    }

    @TargetApi(23)
    private byte[] decryptForAndroidMAndAbove(byte[] bArr) throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchPaddingException, BadPaddingException, IllegalBlockSizeException {
        if (bArr.length < 13) {
            throw new InvalidAlgorithmParameterException();
        }
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, 12);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 12, bArr.length);
        SecretKey secretKey = ((KeyStore.SecretKeyEntry) this.mKeyStore.getEntry(this.KEY_ALIAS, null)).getSecretKey();
        Cipher cipher = Cipher.getInstance(AES_GCM_NOPADDING_TRANSFORMATION);
        cipher.init(2, secretKey, new GCMParameterSpec(128, copyOfRange));
        return cipher.doFinal(copyOfRange2);
    }

    @TargetApi(19)
    private byte[] decryptForPreAndroidM(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchPaddingException, BadPaddingException, IllegalBlockSizeException, UnrecoverableKeyException, CertificateException, NoSuchProviderException, KeyStoreException, IOException {
        if (bArr.length < 17) {
            throw new InvalidAlgorithmParameterException();
        }
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, 16);
        int length = bArr.length - 16;
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 16, bArr.length);
        Log.i(TAG, "IV Len=16::dataLen=" + length);
        SecretKeySpec aESKeyForPreAndroidM = getAESKeyForPreAndroidM();
        Cipher cipher = Cipher.getInstance(AES_CIPHER_TRANSFORMATION);
        cipher.init(2, aESKeyForPreAndroidM, new IvParameterSpec(copyOfRange));
        return cipher.doFinal(copyOfRange2);
    }

    private void deleteEncryptedAESKeyFromSharedPreferences() {
        this.mContext.getSharedPreferences(SHARED_PREFERENCE_NAME, 0).edit().remove(ENCRYPTED_KEY).commit();
    }

    @TargetApi(23)
    private void deleteKeystoreEntry() throws Exception {
        this.mKeyStore = KeyStore.getInstance(AndroidKeyStore);
        this.mKeyStore.load(null);
        if (this.mKeyStore.containsAlias(this.KEY_ALIAS)) {
            this.mKeyStore.deleteEntry(this.KEY_ALIAS);
        }
    }

    @TargetApi(19)
    private byte[] encryptAESKey(byte[] bArr) throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, InvalidAlgorithmParameterException, IOException, NoSuchPaddingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        PublicKey publicKey = getPublicKey();
        if (publicKey == null) {
            return null;
        }
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(1, publicKey);
        return cipher.doFinal(bArr);
    }

    @TargetApi(23)
    private byte[] encryptForAndroidMAndAbove(byte[] bArr) throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException, NoSuchPaddingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, IOException {
        SecretKey secretKey = ((KeyStore.SecretKeyEntry) this.mKeyStore.getEntry(this.KEY_ALIAS, null)).getSecretKey();
        Cipher cipher = Cipher.getInstance(AES_GCM_NOPADDING_TRANSFORMATION);
        cipher.init(1, secretKey);
        byte[] iv = cipher.getIV();
        byte[] doFinal = cipher.doFinal(bArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte length = (byte) iv.length;
        byteArrayOutputStream.write(iv);
        byteArrayOutputStream.write(doFinal);
        Log.i("encrypt", "ivLength::dataLength" + ((int) length) + "::" + doFinal.length);
        return byteArrayOutputStream.toByteArray();
    }

    @TargetApi(19)
    private byte[] encryptForPreAndroidM(byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, IOException, InvalidAlgorithmParameterException, UnrecoverableKeyException, CertificateException, NoSuchProviderException, KeyStoreException {
        SecretKeySpec aESKeyForPreAndroidM = getAESKeyForPreAndroidM();
        Cipher cipher = Cipher.getInstance(AES_CIPHER_TRANSFORMATION);
        byte[] bArr2 = new byte[16];
        new SecureRandom().nextBytes(bArr2);
        cipher.init(1, aESKeyForPreAndroidM, new IvParameterSpec(bArr2));
        byte[] iv = cipher.getIV();
        byte[] doFinal = cipher.doFinal(bArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte length = (byte) iv.length;
        byteArrayOutputStream.write(iv);
        byteArrayOutputStream.write(doFinal);
        Log.i(TAG, "IV Len=" + ((int) length) + "::dataLen=" + doFinal.length);
        return byteArrayOutputStream.toByteArray();
    }

    @TargetApi(19)
    private void generateKeyPair19(Context context) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, KeyStoreException, IOException, CertificateException {
        this.mKeyStore = KeyStore.getInstance(AndroidKeyStore);
        this.mKeyStore.load(null);
        if (this.mKeyStore.containsAlias(this.KEY_ALIAS)) {
            return;
        }
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias(this.KEY_ALIAS).setSubject(new X500Principal("CN=" + this.KEY_ALIAS + ",O=Citrix,C=US")).setKeySize(2048).setStartDate(new Date(System.currentTimeMillis() - 1)).setEndDate(new Date(System.currentTimeMillis() + KEY_DURATION_MS)).setSerialNumber(BigInteger.TEN).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", AndroidKeyStore);
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
    }

    private void generateKeys() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, InvalidAlgorithmParameterException, IOException, UnrecoverableKeyException, BadPaddingException, NoSuchPaddingException, IllegalBlockSizeException, InvalidKeyException {
        if (Build.VERSION.SDK_INT >= 23) {
            generateKeysForAndroidMAndAbove();
        } else {
            generateKeysForPreAndroidM();
        }
    }

    @TargetApi(23)
    private void generateKeysForAndroidMAndAbove() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, NoSuchProviderException, InvalidAlgorithmParameterException {
        this.mKeyStore = KeyStore.getInstance(AndroidKeyStore);
        this.mKeyStore.load(null);
        if (this.mKeyStore.containsAlias(this.KEY_ALIAS)) {
            return;
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", AndroidKeyStore);
        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(this.KEY_ALIAS, 3);
        builder.setBlockModes("GCM");
        builder.setKeySize(256);
        builder.setRandomizedEncryptionRequired(true);
        builder.setUserAuthenticationRequired(false);
        builder.setEncryptionPaddings("NoPadding");
        keyGenerator.init(builder.build());
        keyGenerator.generateKey();
    }

    @TargetApi(19)
    private void generateKeysForPreAndroidM() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, NoSuchProviderException, InvalidAlgorithmParameterException, UnrecoverableKeyException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, NoSuchPaddingException {
        this.mKeyStore = KeyStore.getInstance(AndroidKeyStore);
        this.mKeyStore.load(null);
        if (getEncryptedAESKeyFromSharedPreferences() == null) {
            generateKeyPair19(this.mContext);
            SecureRandom secureRandom = new SecureRandom();
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256, secureRandom);
            setEncryptedAESKeyToSharedPreferences(encryptAESKey(keyGenerator.generateKey().getEncoded()));
        }
    }

    private SecretKey getAESKey() throws UnrecoverableEntryException, NoSuchAlgorithmException, KeyStoreException, CertificateException, InvalidAlgorithmParameterException, IOException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException {
        Log.i(TAG, "getAESKey function++");
        return Build.VERSION.SDK_INT >= 23 ? getAESKeyForAndroidMAndAbove() : getAESKeyForPreAndroidM();
    }

    @TargetApi(23)
    private SecretKey getAESKeyForAndroidMAndAbove() throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException {
        return ((KeyStore.SecretKeyEntry) this.mKeyStore.getEntry(this.KEY_ALIAS, null)).getSecretKey();
    }

    @TargetApi(19)
    private SecretKeySpec getAESKeyForPreAndroidM() throws IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchPaddingException, NoSuchProviderException, KeyStoreException {
        return new SecretKeySpec(decryptAESKey(getEncryptedAESKeyFromSharedPreferences()), "AES");
    }

    private byte[] getEncryptedAESKeyFromSharedPreferences() {
        String string = this.mContext.getSharedPreferences(SHARED_PREFERENCE_NAME, 0).getString(ENCRYPTED_KEY, null);
        if (string != null) {
            return Base64.decode(string, 0);
        }
        return null;
    }

    public static Encryption getINSTANCE() {
        return INSTANCE;
    }

    @TargetApi(19)
    private PrivateKey getPrivateKey() throws InvalidAlgorithmParameterException, KeyStoreException, NoSuchProviderException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException, IOException {
        PrivateKey privateKey = null;
        this.mKeyStore = KeyStore.getInstance(AndroidKeyStore);
        this.mKeyStore.load(null);
        if (this.mKeyStore != null && this.mKeyStore.containsAlias(this.KEY_ALIAS)) {
            privateKey = (PrivateKey) this.mKeyStore.getKey(this.KEY_ALIAS, null);
        }
        if (privateKey != null) {
            Log.i(TAG, "PrivateKey algorithm=" + privateKey.getAlgorithm());
        } else {
            Log.e(TAG, "Failed to obtain RSA PrivateKey");
        }
        return privateKey;
    }

    @TargetApi(19)
    private PublicKey getPublicKey() throws InvalidAlgorithmParameterException, KeyStoreException, NoSuchProviderException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException, IOException {
        Certificate certificate;
        PublicKey publicKey = null;
        this.mKeyStore = KeyStore.getInstance(AndroidKeyStore);
        this.mKeyStore.load(null);
        if (this.mKeyStore != null && this.mKeyStore.containsAlias(this.KEY_ALIAS) && (certificate = this.mKeyStore.getCertificate(this.KEY_ALIAS)) != null) {
            publicKey = certificate.getPublicKey();
        }
        if (publicKey != null) {
            Log.i(TAG, "PublicKey algorithm=" + publicKey.getAlgorithm());
        } else {
            Log.e(TAG, "Failed to obtain RSA PublicKey");
        }
        return publicKey;
    }

    private void setEncryptedAESKeyToSharedPreferences(byte[] bArr) {
        SharedPreferences sharedPreferences = this.mContext.getSharedPreferences(SHARED_PREFERENCE_NAME, 0);
        String encodeToString = Base64.encodeToString(bArr, 0);
        SharedPreferences.Editor edit = sharedPreferences.edit();
        edit.putString(ENCRYPTED_KEY, encodeToString);
        edit.commit();
    }

    @Override // com.citrix.client.Receiver.repository.keystore.IEncryption
    public byte[] decrypt(byte[] bArr) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, InvalidAlgorithmParameterException, IOException, IllegalBlockSizeException, NoSuchPaddingException, BadPaddingException, UnrecoverableEntryException, InvalidKeyException {
        Log.i(TAG, "decrypt function++");
        generateKeys();
        return Build.VERSION.SDK_INT >= 23 ? decryptForAndroidMAndAbove(bArr) : decryptForPreAndroidM(bArr);
    }

    @Override // com.citrix.client.Receiver.repository.keystore.IEncryption
    public byte[] encrypt(byte[] bArr) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, InvalidAlgorithmParameterException, IOException, IllegalBlockSizeException, InvalidKeyException, BadPaddingException, UnrecoverableEntryException, NoSuchPaddingException {
        Log.i(TAG, "encrypt function++");
        generateKeys();
        return Build.VERSION.SDK_INT >= 23 ? encryptForAndroidMAndAbove(bArr) : encryptForPreAndroidM(bArr);
    }
}
