package com.bestbuy.handsets.auth.xpmfmigration;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.keystore.KeyProtection;
import android.util.Base64;
import com.bestbuy.handsets.auth.xpmfmigration.XpmfKeyMigrator;
import com.greatcall.lively.account.presentation.utils.Constants;
import com.greatcall.touch.updaterinterface.UpdateConstants;
import java.io.File;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.RSAPublicKeySpec;
import java.util.Date;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import timber.log.Timber;

/* compiled from: XpmfKeyMigrator.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000^\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0007\u0018\u00002\u00020\u0001:\u0001.B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0018\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u001e2\u0006\u0010\u001f\u001a\u00020\u001eH\u0002J\b\u0010 \u001a\u00020!H\u0002J\b\u0010\"\u001a\u00020!H\u0002J\u0012\u0010#\u001a\u0004\u0018\u00010$2\u0006\u0010\u001d\u001a\u00020\u001eH\u0002J\u001c\u0010%\u001a\u000e\u0012\u0004\u0012\u00020'\u0012\u0004\u0012\u00020(0&2\u0006\u0010)\u001a\u00020$H\u0002J\b\u0010*\u001a\u0004\u0018\u00010\u001eJ\u0012\u0010+\u001a\u0004\u0018\u00010\u001e2\u0006\u0010\u001d\u001a\u00020\u001eH\u0002J\u0014\u0010,\u001a\n \u0007*\u0004\u0018\u00010$0$*\u00020\u001eH\u0002J\u0014\u0010-\u001a\n \u0007*\u0004\u0018\u00010$0$*\u00020$H\u0002R#\u0010\u0005\u001a\n \u0007*\u0004\u0018\u00010\u00060\u00068BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\n\u0010\u000b\u001a\u0004\b\b\u0010\tR\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R#\u0010\f\u001a\n \u0007*\u0004\u0018\u00010\r0\r8BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\u0010\u0010\u000b\u001a\u0004\b\u000e\u0010\u000fR#\u0010\u0011\u001a\n \u0007*\u0004\u0018\u00010\u00120\u00128BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\u0015\u0010\u000b\u001a\u0004\b\u0013\u0010\u0014R\u001b\u0010\u0016\u001a\u00020\u00178BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\u001a\u0010\u000b\u001a\u0004\b\u0018\u0010\u0019¨\u0006/"}, d2 = {"Lcom/bestbuy/handsets/auth/xpmfmigration/XpmfKeyMigrator;", "", "context", "Landroid/content/Context;", "(Landroid/content/Context;)V", "cipher", "Ljavax/crypto/Cipher;", "kotlin.jvm.PlatformType", "getCipher", "()Ljavax/crypto/Cipher;", "cipher$delegate", "Lkotlin/Lazy;", "keyStore", "Ljava/security/KeyStore;", "getKeyStore", "()Ljava/security/KeyStore;", "keyStore$delegate", "sharedPreferences", "Landroid/content/SharedPreferences;", "getSharedPreferences", "()Landroid/content/SharedPreferences;", "sharedPreferences$delegate", "sharedPrefsFile", "Ljava/io/File;", "getSharedPrefsFile", "()Ljava/io/File;", "sharedPrefsFile$delegate", "checkAlgorithm", "", "key", "", "expectation", "createAsymmetricKeyProtection", "Landroid/security/keystore/KeyProtection;", "createSymmetricKeyProtection", "getBytes", "", "getKeyPair", "Lkotlin/Pair;", "Ljava/security/cert/Certificate;", "Ljava/security/PrivateKey;", "encryptedPrivateKeyBytes", "migrateIfNeeded", "read", "decode", "decrypt", "Constants", "xpmf-migration_release"}, k = 1, mv = {1, 4, 1})
/* loaded from: classes2.dex */
public final class XpmfKeyMigrator {

    /* renamed from: cipher$delegate, reason: from kotlin metadata */
    private final Lazy cipher;
    private final Context context;

    /* renamed from: keyStore$delegate, reason: from kotlin metadata */
    private final Lazy keyStore;

    /* renamed from: sharedPreferences$delegate, reason: from kotlin metadata */
    private final Lazy sharedPreferences;

    /* renamed from: sharedPrefsFile$delegate, reason: from kotlin metadata */
    private final Lazy sharedPrefsFile;

    /* compiled from: XpmfKeyMigrator.kt */
    @Metadata(bv = {1, 0, 3}, d1 = {"\u0000\u001c\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0006\n\u0002\u0010\b\n\u0002\b\u0002\bÂ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u000bX\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000¨\u0006\r"}, d2 = {"Lcom/bestbuy/handsets/auth/xpmfmigration/XpmfKeyMigrator$Constants;", "", "()V", "androidKeyStore", "", "asymmetricKeyAlias", "encryptionKey", "fileName", "keyPrefix", "password", "publicExponent", "", "symmetricKeyAlias", "xpmf-migration_release"}, k = 1, mv = {1, 4, 1})
    /* loaded from: classes2.dex */
    private static final class Constants {
        public static final Constants INSTANCE = new Constants();
        public static final String androidKeyStore = "AndroidKeyStore";
        public static final String asymmetricKeyAlias = "AuthAsymmetricKey";
        public static final String encryptionKey = "ertCwmm3I8vx7oW4n7WOIw";
        public static final String fileName = "com.greatcall.xpmf.device";
        public static final String keyPrefix = "greatcall.device";
        public static final String password = "dummy_password";
        public static final int publicExponent = 65537;
        public static final String symmetricKeyAlias = "AuthSymmetricKey";

        private Constants() {
        }
    }

    public XpmfKeyMigrator(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        this.context = context;
        this.cipher = LazyKt.lazy(new Function0<Cipher>() { // from class: com.bestbuy.handsets.auth.xpmfmigration.XpmfKeyMigrator$cipher$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final Cipher invoke() {
                byte[] decode;
                Cipher cipher = Cipher.getInstance(Constants.ALGORITHM);
                decode = XpmfKeyMigrator.this.decode(XpmfKeyMigrator.Constants.encryptionKey);
                cipher.init(2, new SecretKeySpec(decode, cipher.getAlgorithm()));
                return cipher;
            }
        });
        this.sharedPreferences = LazyKt.lazy(new Function0<SharedPreferences>() { // from class: com.bestbuy.handsets.auth.xpmfmigration.XpmfKeyMigrator$sharedPreferences$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // kotlin.jvm.functions.Function0
            public final SharedPreferences invoke() {
                Context context2;
                context2 = XpmfKeyMigrator.this.context;
                return context2.getSharedPreferences(XpmfKeyMigrator.Constants.fileName, 0);
            }
        });
        this.sharedPrefsFile = LazyKt.lazy(new Function0<File>() { // from class: com.bestbuy.handsets.auth.xpmfmigration.XpmfKeyMigrator$sharedPrefsFile$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // kotlin.jvm.functions.Function0
            public final File invoke() {
                Context context2;
                context2 = XpmfKeyMigrator.this.context;
                return new File(context2.getDataDir(), "shared_prefs/com.greatcall.xpmf.device.xml");
            }
        });
        this.keyStore = LazyKt.lazy(new Function0<KeyStore>() { // from class: com.bestbuy.handsets.auth.xpmfmigration.XpmfKeyMigrator$keyStore$2
            @Override // kotlin.jvm.functions.Function0
            public final KeyStore invoke() {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                return keyStore;
            }
        });
    }

    private final boolean checkAlgorithm(String key, String expectation) {
        String read = read(key);
        boolean areEqual = Intrinsics.areEqual(expectation, read);
        if (!areEqual) {
            Timber.w("Expected algorithm '" + expectation + "', found '" + read + '\'', new Object[0]);
        }
        return areEqual;
    }

    private final KeyProtection createAsymmetricKeyProtection() {
        KeyProtection build = new KeyProtection.Builder(12).setRandomizedEncryptionRequired(true).setUserAuthenticationRequired(false).setSignaturePaddings("PKCS1").setDigests("SHA-256").build();
        Intrinsics.checkNotNullExpressionValue(build, "KeyProtection.Builder(Ke…256)\n            .build()");
        return build;
    }

    private final KeyProtection createSymmetricKeyProtection() {
        KeyProtection build = new KeyProtection.Builder(3).setBlockModes(com.greatcall.lively.account.presentation.utils.Constants.BLOCK_MODE).setRandomizedEncryptionRequired(true).setUserAuthenticationRequired(false).setEncryptionPaddings(com.greatcall.lively.account.presentation.utils.Constants.PADDING).build();
        Intrinsics.checkNotNullExpressionValue(build, "KeyProtection.Builder(Ke…CS7)\n            .build()");
        return build;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final byte[] decode(String str) {
        return Base64.decode(str, 1);
    }

    private final byte[] decrypt(byte[] bArr) {
        return getCipher().doFinal(bArr);
    }

    private final byte[] getBytes(String key) {
        byte[] decode;
        String read = read(key);
        if (read == null || (decode = decode(read)) == null) {
            return null;
        }
        return decrypt(decode);
    }

    private final Cipher getCipher() {
        return (Cipher) this.cipher.getValue();
    }

    private final Pair<Certificate, PrivateKey> getKeyPair(byte[] encryptedPrivateKeyBytes) {
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        PKCS8EncryptedPrivateKeyInfo pKCS8EncryptedPrivateKeyInfo = new PKCS8EncryptedPrivateKeyInfo(encryptedPrivateKeyBytes);
        BouncyCastleProvider bouncyCastleProvider2 = bouncyCastleProvider;
        JceOpenSSLPKCS8DecryptorProviderBuilder provider = new JceOpenSSLPKCS8DecryptorProviderBuilder().setProvider(bouncyCastleProvider2);
        char[] charArray = Constants.password.toCharArray();
        Intrinsics.checkNotNullExpressionValue(charArray, "(this as java.lang.String).toCharArray()");
        PrivateKey privateKey = new JcaPEMKeyConverter().getPrivateKey(pKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(provider.build(charArray)));
        if (privateKey == null) {
            throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.RSAPrivateKey");
        }
        PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(((RSAPrivateKey) privateKey).getModulus(), BigInteger.valueOf(Constants.publicExponent)));
        ContentSigner build = new JcaContentSignerBuilder("sha256WithRSAEncryption").build(privateKey);
        X500Name x500Name = new X500Name("CN=fake");
        return new Pair<>(new JcaX509CertificateConverter().setProvider(bouncyCastleProvider2).getCertificate(new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(1L), new Date(0L), new Date(2461478400000L), x500Name, generatePublic).build(build)), privateKey);
    }

    private final KeyStore getKeyStore() {
        return (KeyStore) this.keyStore.getValue();
    }

    private final SharedPreferences getSharedPreferences() {
        return (SharedPreferences) this.sharedPreferences.getValue();
    }

    private final File getSharedPrefsFile() {
        return (File) this.sharedPrefsFile.getValue();
    }

    private final String read(String key) {
        String string = getSharedPreferences().getString(key, null);
        if (string == null) {
            Timber.w("Key not found: " + key, new Object[0]);
        }
        return string;
    }

    public final String migrateIfNeeded() {
        String read;
        String read2;
        byte[] bytes;
        byte[] bytes2;
        try {
            if (!getSharedPrefsFile().exists() || (read = read(UpdateConstants.SERIAL_ID)) == null || (read2 = read("ValidPair")) == null || !checkAlgorithm("greatcall.device.encrypt.alg" + read2, "AES128_CBC") || !checkAlgorithm("greatcall.device.sign.alg" + read2, "RS256") || (bytes = getBytes("greatcall.device.encrypt.bytes" + read2)) == null || (bytes2 = getBytes("greatcall.device.sign.bytes" + read2)) == null) {
                return null;
            }
            SecretKeySpec secretKeySpec = new SecretKeySpec(bytes, com.greatcall.lively.account.presentation.utils.Constants.ALGORITHM);
            Pair<Certificate, PrivateKey> keyPair = getKeyPair(bytes2);
            getKeyStore().setEntry("AuthAsymmetricKey", new KeyStore.PrivateKeyEntry(keyPair.component2(), new Certificate[]{keyPair.component1()}), createAsymmetricKeyProtection());
            getKeyStore().setEntry("AuthSymmetricKey", new KeyStore.SecretKeyEntry(secretKeySpec), createSymmetricKeyProtection());
            SharedPreferences.Editor edit = getSharedPreferences().edit();
            edit.clear();
            edit.commit();
            getSharedPrefsFile().delete();
            return read;
        } catch (Exception e) {
            Timber.w(e);
            return null;
        }
    }
}
