package org.matrix.android.sdk.api.securestorage;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.RequiresApi;
import defpackage.AR;
import defpackage.C3604mF;
import defpackage.C3729n5;
import defpackage.C5490yp;
import defpackage.InterfaceC4255qd;
import defpackage.O10;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.Pair;
import kotlin.Triple;

/* loaded from: classes3.dex */
public final class SecretStoringUtils {
    public final Context a;
    public final KeyStore b;
    public final InterfaceC4255qd c;
    public final boolean d;
    public final SecureRandom e;

    public SecretStoringUtils(Context context, KeyStore keyStore, InterfaceC4255qd interfaceC4255qd) {
        O10.g(context, "context");
        O10.g(keyStore, "keyStore");
        O10.g(interfaceC4255qd, "buildVersionSdkIntProvider");
        this.a = context;
        this.b = keyStore;
        this.c = interfaceC4255qd;
        this.d = false;
        this.e = new SecureRandom();
    }

    public final byte[] a(ByteArrayInputStream byteArrayInputStream, String str) {
        byte[] bArr = new byte[(byteArrayInputStream.read() << 8) + byteArrayInputStream.read()];
        byteArrayInputStream.read(bArr);
        byte[] bArr2 = new byte[byteArrayInputStream.read()];
        byteArrayInputStream.read(bArr2);
        Triple triple = new Triple(bArr, bArr2, C3604mF.s(byteArrayInputStream));
        byte[] bArr3 = (byte[]) triple.component1();
        byte[] bArr4 = (byte[]) triple.component2();
        byte[] bArr5 = (byte[]) triple.component3();
        ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(bArr3);
        KeyStore.PrivateKeyEntry d = d(str);
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, d.getPrivateKey());
        CipherInputStream cipherInputStream = new CipherInputStream(byteArrayInputStream2, cipher);
        try {
            byte[] s = C3604mF.s(cipherInputStream);
            C5490yp.b(cipherInputStream, null);
            Cipher cipher2 = Cipher.getInstance("AES/GCM/NoPadding");
            cipher2.init(2, new SecretKeySpec(s, "AES"), new GCMParameterSpec(128, bArr4));
            byte[] doFinal = cipher2.doFinal(bArr5);
            O10.f(doFinal, "cipher.doFinal(encrypted)");
            return doFinal;
        } finally {
        }
    }

    @RequiresApi(23)
    public final byte[] b(ByteArrayInputStream byteArrayInputStream, String str) {
        int read = byteArrayInputStream.read();
        byte[] bArr = new byte[read];
        byteArrayInputStream.read(bArr, 0, read);
        Pair pair = new Pair(bArr, C3604mF.s(byteArrayInputStream));
        byte[] bArr2 = (byte[]) pair.component1();
        byte[] bArr3 = (byte[]) pair.component2();
        SecretKey e = e(str);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, e, new GCMParameterSpec(128, bArr2));
        byte[] doFinal = cipher.doFinal(bArr3);
        O10.f(doFinal, "cipher.doFinal(encryptedText)");
        return doFinal;
    }

    public final Cipher c(String str) {
        Key publicKey;
        O10.g(str, "alias");
        InterfaceC4255qd interfaceC4255qd = this.c;
        if (interfaceC4255qd.get() >= 23) {
            e(str);
        } else {
            d(str).getPrivateKey();
        }
        KeyStore.Entry entry = this.b.getEntry(str, null);
        O10.f(entry, "keyStore.getEntry(alias, null)");
        if (entry instanceof KeyStore.SecretKeyEntry) {
            publicKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
        } else {
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new IllegalStateException("Unknown KeyEntry type.");
            }
            publicKey = ((KeyStore.PrivateKeyEntry) entry).getCertificate().getPublicKey();
        }
        Cipher cipher = Cipher.getInstance(interfaceC4255qd.get() >= 23 ? "AES/GCM/NoPadding" : "RSA/ECB/PKCS1Padding");
        cipher.init(1, publicKey);
        return cipher;
    }

    public final KeyStore.PrivateKeyEntry d(String str) {
        KeyStore keyStore = this.b;
        KeyStore.Entry entry = keyStore.getEntry(str, null);
        KeyStore.PrivateKeyEntry privateKeyEntry = entry instanceof KeyStore.PrivateKeyEntry ? (KeyStore.PrivateKeyEntry) entry : null;
        if (privateKeyEntry != null) {
            return privateKeyEntry;
        }
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 30);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.a).setAlias(str).setSubject(new X500Principal(C3729n5.f("CN=", str))).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        O10.f(build, "Builder(context)\n       …\n                .build()");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
        KeyStore.Entry entry2 = keyStore.getEntry(str, null);
        O10.e(entry2, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
        return (KeyStore.PrivateKeyEntry) entry2;
    }

    @RequiresApi(23)
    public final SecretKey e(String str) {
        KeyStore.Entry entry = this.b.getEntry(str, null);
        KeyStore.SecretKeyEntry secretKeyEntry = entry instanceof KeyStore.SecretKeyEntry ? (KeyStore.SecretKeyEntry) entry : null;
        SecretKey secretKey = secretKeyEntry != null ? secretKeyEntry.getSecretKey() : null;
        if (secretKey != null) {
            return secretKey;
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        KeyGenParameterSpec.Builder keySize = new KeyGenParameterSpec.Builder(str, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(128);
        boolean z = this.d;
        final KeyGenParameterSpec.Builder userAuthenticationRequired = keySize.setUserAuthenticationRequired(z);
        if (z) {
            AR<KeyGenParameterSpec.Builder> ar = new AR<KeyGenParameterSpec.Builder>() { // from class: org.matrix.android.sdk.api.securestorage.SecretStoringUtils$getOrGenerateSymmetricKeyForAliasM$keyGenSpec$1$1
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(0);
                }

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // defpackage.AR
                public final KeyGenParameterSpec.Builder invoke() {
                    return userAuthenticationRequired.setInvalidatedByBiometricEnrollment(true);
                }
            };
            InterfaceC4255qd interfaceC4255qd = this.c;
            interfaceC4255qd.a(24, ar);
            interfaceC4255qd.a(28, new AR<KeyGenParameterSpec.Builder>() { // from class: org.matrix.android.sdk.api.securestorage.SecretStoringUtils$getOrGenerateSymmetricKeyForAliasM$keyGenSpec$1$2
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(0);
                }

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // defpackage.AR
                public final KeyGenParameterSpec.Builder invoke() {
                    KeyGenParameterSpec.Builder unlockedDeviceRequired;
                    unlockedDeviceRequired = userAuthenticationRequired.setUnlockedDeviceRequired(true);
                    return unlockedDeviceRequired;
                }
            });
        }
        KeyGenParameterSpec build = userAuthenticationRequired.build();
        O10.f(build, "Builder(\n               …                 .build()");
        keyGenerator.init(build);
        SecretKey generateKey = keyGenerator.generateKey();
        O10.f(generateKey, "generator.generateKey()");
        return generateKey;
    }
}
