package com.edriving.mentor.lite.cache.security;

import android.os.Build;
import android.preference.PreferenceManager;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import com.edriving.mentor.lite.EdMentorApp;
import com.edriving.mentor.lite.cache.exception.KeyDecryptingException;
import com.edriving.mentor.lite.cache.exception.KeyPairException;
import com.edriving.mentor.lite.cache.exception.KeyStoreGeneralException;
import com.edriving.mentor.lite.cache.util.Constants;
import com.google.android.gms.stats.CodePackage;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Calendar;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.security.auth.x500.X500Principal;
import kotlin.text.Charsets;
import org.apache.log4j.Logger;

/* loaded from: classes.dex */
public class DataSecurityKeyManager {
    private static final String DATABASE_EXTENSIONS_KEY = "database_extensions_key";
    private static final String ENCRYPTION_LEVEL_KEY = "encryption_level_key";
    private static final String IV_KEY = "iv";
    private static final int KEY_SIZE = 64;
    private static final String REALM_KEY = "realm_key";
    private static DataSecurityKeyManager instance;
    private String databaseExtension;
    private int defaultEncryptionLevel;
    private int encryptionLevel;
    private String iv;
    private KeyStore keyStore;
    private Logger logger = Logger.getLogger("DataSecurityKeyManager");
    private String storedRealmKey;

    private DataSecurityKeyManager() {
        initializeKeyStore();
    }

    private KeyPair createKeyStoreAsymmetricKey(String str) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 99);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(EdMentorApp.INSTANCE.getContext()).setAlias(str).setSubject(new X500Principal("CN=" + str + " CA Certificate")).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(Constants.RsaAlgorithm, Constants.androidKeystore);
        keyPairGenerator.initialize(build);
        return keyPairGenerator.generateKeyPair();
    }

    private byte[] decrepitKey() throws KeyDecryptingException {
        try {
            Cipher cipher = Cipher.getInstance(Constants.transformation);
            cipher.init(2, getSecretKey(Constants.mentorAlias), new GCMParameterSpec(128, getIv().getBytes(Charsets.ISO_8859_1)));
            return cipher.doFinal(getStoredRealmKey().getBytes(Charsets.ISO_8859_1));
        } catch (RuntimeException e) {
            this.logger.error("decrypt String error, Runtime Exception", e);
            throw new KeyDecryptingException();
        } catch (GeneralSecurityException e2) {
            this.logger.error("decrypt String error, fail to decrypt", e2);
            throw new KeyDecryptingException(e2);
        }
    }

    private byte[] decrepitLegacy() throws KeyDecryptingException {
        try {
            Cipher cipher = Cipher.getInstance(Constants.transformationAsym);
            cipher.init(2, getAndroidKeyStoreAsymmetricKeyPair(Constants.mentorAlias).getPrivate());
            return cipher.doFinal(getStoredRealmKey().getBytes(Charsets.ISO_8859_1));
        } catch (KeyPairException unused) {
            throw new KeyDecryptingException();
        } catch (InvalidKeyException e) {
            e = e;
            this.logger.error("decrypt String error, fail to encrypt with the lacey also", e);
            throw new KeyDecryptingException(e);
        } catch (NoSuchAlgorithmException e2) {
            e = e2;
            this.logger.error("decrypt String error, fail to encrypt with the lacey also", e);
            throw new KeyDecryptingException(e);
        } catch (BadPaddingException e3) {
            e = e3;
            this.logger.error("decrypt String error, fail to encrypt with the lacey also", e);
            throw new KeyDecryptingException(e);
        } catch (IllegalBlockSizeException e4) {
            e = e4;
            this.logger.error("decrypt String error, fail to encrypt with the lacey also", e);
            throw new KeyDecryptingException(e);
        } catch (NoSuchPaddingException e5) {
            e = e5;
            this.logger.error("decrypt String error, fail to encrypt with the lacey also", e);
            throw new KeyDecryptingException(e);
        }
    }

    private void encryptAndStoreRealmKey(byte[] bArr) throws KeyStoreGeneralException {
        try {
            if (Build.VERSION.SDK_INT < 23) {
                encryptKeyLegacy(Constants.mentorAlias, bArr);
                this.logger.info("Level 2 done");
                return;
            }
            try {
                encryptKey(Constants.mentorAlias, bArr);
                this.logger.info("Level 3 done");
            } catch (Exception e) {
                this.logger.error("encryption error, fall to lower version", e);
                encryptKeyLegacy(Constants.mentorAlias, bArr);
                this.logger.info("Level 2 done");
            }
        } catch (Exception e2) {
            this.logger.error("encryption error, fail to encrypt with the lagacy also", e2);
            throw new KeyStoreGeneralException();
        }
    }

    private void encryptKey(String str, byte[] bArr) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
        Cipher cipher = Cipher.getInstance(Constants.transformation);
        cipher.init(1, generateSecretKey(str));
        setStoredRealmKey(new String(cipher.doFinal(bArr), Charsets.ISO_8859_1));
        setIv(new String(cipher.getIV(), Charsets.ISO_8859_1));
        setEncryptionLevel(3);
    }

    private void encryptKeyLegacy(String str, byte[] bArr) throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, KeyPairException {
        Cipher cipher = Cipher.getInstance(Constants.transformationAsym);
        createKeyStoreAsymmetricKey(str);
        cipher.init(1, getAndroidKeyStoreAsymmetricKeyPair(str).getPublic());
        setStoredRealmKey(new String(cipher.doFinal(bArr), Charsets.ISO_8859_1));
        setIv("");
        setEncryptionLevel(2);
    }

    private void generateNewDatabaseExtension() {
        String str = this.databaseExtension;
        if (str == null || str.isEmpty()) {
            this.logger.info("For the first time generate an extension");
            this.databaseExtension = "1";
        } else {
            try {
                this.databaseExtension += (Integer.parseInt(this.databaseExtension) + 1);
            } catch (NumberFormatException unused) {
                this.logger.error("failed to read the previous database extension, current version " + this.databaseExtension);
                this.databaseExtension += "01";
            }
        }
        this.logger.info("The new database extension created " + this.databaseExtension);
        PreferenceManager.getDefaultSharedPreferences(EdMentorApp.INSTANCE.getContext()).edit().putString(DATABASE_EXTENSIONS_KEY, this.databaseExtension).apply();
    }

    private byte[] generateRandomKey() {
        byte[] bArr = new byte[64];
        new SecureRandom().nextBytes(bArr);
        this.logger.info("a new key generated");
        return bArr;
    }

    private Key generateSecretKey(String str) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes(CodePackage.GCM).setEncryptionPaddings("NoPadding").build());
        return keyGenerator.generateKey();
    }

    private KeyPair getAndroidKeyStoreAsymmetricKeyPair(String str) throws KeyPairException {
        try {
            PrivateKey privateKey = (PrivateKey) this.keyStore.getKey(str, null);
            PublicKey publicKey = this.keyStore.getCertificate(str).getPublicKey();
            if (privateKey == null || publicKey == null) {
                throw new KeyPairException("Key pair is null");
            }
            return new KeyPair(publicKey, privateKey);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            this.logger.error("getAndroidKeyStoreAsymmetricKeyPair", e);
            throw new KeyPairException(e);
        }
    }

    private int getDefaultEncryptionLevel() {
        return Build.VERSION.SDK_INT >= 23 ? 3 : 2;
    }

    public static DataSecurityKeyManager getInstance() {
        if (instance == null) {
            instance = new DataSecurityKeyManager();
        }
        return instance;
    }

    private String getIv() {
        return this.iv;
    }

    private byte[] getNonEncryptedStoredRealmKey() throws KeyDecryptingException {
        if (this.encryptionLevel == 1) {
            return getStoredRealmKey().getBytes(Charsets.ISO_8859_1);
        }
        if (Build.VERSION.SDK_INT >= 23 && this.encryptionLevel == 3) {
            return decrepitKey();
        }
        return decrepitLegacy();
    }

    private Key getSecretKey(String str) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException {
        return this.keyStore.getKey(str, null);
    }

    private String getStoredRealmKey() {
        return this.storedRealmKey;
    }

    private void initializeKeyStore() {
        try {
            this.storedRealmKey = PreferenceManager.getDefaultSharedPreferences(EdMentorApp.INSTANCE.getContext()).getString(REALM_KEY, "");
            this.iv = PreferenceManager.getDefaultSharedPreferences(EdMentorApp.INSTANCE.getContext()).getString(IV_KEY, "");
            this.databaseExtension = PreferenceManager.getDefaultSharedPreferences(EdMentorApp.INSTANCE.getContext()).getString(DATABASE_EXTENSIONS_KEY, "");
            this.defaultEncryptionLevel = getDefaultEncryptionLevel();
            this.encryptionLevel = PreferenceManager.getDefaultSharedPreferences(EdMentorApp.INSTANCE.getContext()).getInt(ENCRYPTION_LEVEL_KEY, this.defaultEncryptionLevel);
            KeyStore keyStore = KeyStore.getInstance(Constants.androidKeystore);
            this.keyStore = keyStore;
            keyStore.load(null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            this.logger.error("initializeKeyStore", e);
        }
    }

    private void setEncryptionLevel(int i) {
        this.encryptionLevel = i;
        PreferenceManager.getDefaultSharedPreferences(EdMentorApp.INSTANCE.getContext()).edit().putInt(ENCRYPTION_LEVEL_KEY, i).apply();
    }

    private void setIv(String str) {
        this.iv = str;
        PreferenceManager.getDefaultSharedPreferences(EdMentorApp.INSTANCE.getContext()).edit().putString(IV_KEY, str).commit();
    }

    private void setRealmKey(byte[] bArr) {
        setStoredRealmKey(new String(bArr, Charsets.ISO_8859_1));
        setEncryptionLevel(1);
    }

    private void setStoredRealmKey(String str) {
        this.storedRealmKey = str;
        PreferenceManager.getDefaultSharedPreferences(EdMentorApp.INSTANCE.getContext()).edit().putString(REALM_KEY, this.storedRealmKey).commit();
    }

    public void deleteOldNotUsedDatabases() {
        this.logger.info("current database is :" + getDataBaseName());
    }

    public String getDataBaseName() {
        return Constants.DATABASE_NAME + this.databaseExtension;
    }

    public byte[] getNonEncryptedRealmKey() throws KeyDecryptingException {
        if (getStoredRealmKey() != null && !getStoredRealmKey().isEmpty()) {
            return getNonEncryptedStoredRealmKey();
        }
        this.logger.info("no key, we need to generated");
        byte[] generateRandomKey = generateRandomKey();
        try {
            encryptAndStoreRealmKey(generateRandomKey);
        } catch (Exception unused) {
            setRealmKey(generateRandomKey);
            this.logger.info("Level 1 done");
        }
        return generateRandomKey;
    }

    public void handleDatabaseCrashing() {
        try {
            setRealmKey(generateRandomKey());
            generateNewDatabaseExtension();
        } catch (Exception e) {
            this.logger.error("Failed in database clean up", e);
        }
    }

    public void resetKeyManger() {
        setEncryptionLevel(3);
        setStoredRealmKey("");
        setIv("");
        instance = null;
    }
}
