package m2;

import android.app.KeyguardManager;
import android.content.Context;
import android.content.Intent;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import androidx.recyclerview.widget.RecyclerView;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Calendar;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
class e {

    /* renamed from: e, reason: collision with root package name */
    private static final String f13129e = "e";

    /* renamed from: a, reason: collision with root package name */
    private final String f13130a;

    /* renamed from: b, reason: collision with root package name */
    private final String f13131b;

    /* renamed from: c, reason: collision with root package name */
    private final j f13132c;

    /* renamed from: d, reason: collision with root package name */
    private final Context f13133d;

    public e(Context context, j jVar, String str) {
        String trim = str.trim();
        if (TextUtils.isEmpty(trim)) {
            throw new IllegalArgumentException("RSA and AES Key alias must be valid.");
        }
        this.f13130a = context.getPackageName() + "." + trim;
        this.f13131b = context.getPackageName() + "." + trim + "_iv";
        this.f13133d = context;
        this.f13132c = jVar;
    }

    private void d() {
        this.f13132c.f(this.f13130a);
        this.f13132c.f(this.f13131b);
    }

    private void e() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry(this.f13130a);
            Log.d(f13129e, "Deleting the existing RSA key pair from the KeyStore.");
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e10) {
            Log.e(f13129e, "Failed to remove the RSA KeyEntry from the Android KeyStore.", e10);
        }
    }

    private KeyStore.PrivateKeyEntry h(KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        PrivateKey privateKey;
        if (Build.VERSION.SDK_INT < 28 || (privateKey = (PrivateKey) keyStore.getKey(this.f13130a, null)) == null) {
            return (KeyStore.PrivateKeyEntry) keyStore.getEntry(this.f13130a, null);
        }
        Certificate certificate = keyStore.getCertificate(this.f13130a);
        if (certificate == null) {
            return null;
        }
        return new KeyStore.PrivateKeyEntry(privateKey, new Certificate[]{certificate});
    }

    byte[] a(byte[] bArr) throws f, d {
        try {
            PrivateKey privateKey = i().getPrivateKey();
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(2, privateKey);
            return cipher.doFinal(bArr);
        } catch (IllegalArgumentException e10) {
            e = e10;
            d();
            throw new d("The RSA encrypted input is corrupted and cannot be recovered. Please discard it.", e);
        } catch (InvalidKeyException e11) {
            e = e11;
            Log.e(f13129e, "The device can't decrypt input using a RSA Key.", e);
            throw new f(e);
        } catch (NoSuchAlgorithmException e12) {
            e = e12;
            Log.e(f13129e, "The device can't decrypt input using a RSA Key.", e);
            throw new f(e);
        } catch (BadPaddingException e13) {
            e = e13;
            d();
            throw new d("The RSA encrypted input is corrupted and cannot be recovered. Please discard it.", e);
        } catch (IllegalBlockSizeException e14) {
            e = e14;
            d();
            throw new d("The RSA encrypted input is corrupted and cannot be recovered. Please discard it.", e);
        } catch (NoSuchPaddingException e15) {
            e = e15;
            Log.e(f13129e, "The device can't decrypt input using a RSA Key.", e);
            throw new f(e);
        }
    }

    byte[] b(byte[] bArr) throws f, d {
        try {
            Certificate certificate = i().getCertificate();
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, certificate);
            return cipher.doFinal(bArr);
        } catch (InvalidKeyException e10) {
            e = e10;
            Log.e(f13129e, "The device can't encrypt input using a RSA Key.", e);
            throw new f(e);
        } catch (NoSuchAlgorithmException e11) {
            e = e11;
            Log.e(f13129e, "The device can't encrypt input using a RSA Key.", e);
            throw new f(e);
        } catch (BadPaddingException e12) {
            e = e12;
            d();
            throw new d("The RSA decrypted input is invalid.", e);
        } catch (IllegalBlockSizeException e13) {
            e = e13;
            d();
            throw new d("The RSA decrypted input is invalid.", e);
        } catch (NoSuchPaddingException e14) {
            e = e14;
            Log.e(f13129e, "The device can't encrypt input using a RSA Key.", e);
            throw new f(e);
        }
    }

    public byte[] c(byte[] bArr) throws d, f {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(g(), "AES");
            Cipher cipher = Cipher.getInstance("AES/GCM/NOPADDING");
            String d10 = this.f13132c.d(this.f13131b);
            if (TextUtils.isEmpty(d10)) {
                throw new d("The encryption keys changed recently. You need to re-encrypt something first.", null);
            }
            cipher.init(2, secretKeySpec, new IvParameterSpec(Base64.decode(d10, 0)));
            return cipher.doFinal(bArr);
        } catch (InvalidAlgorithmParameterException e10) {
            e = e10;
            Log.e(f13129e, "Error while decrypting the input.", e);
            throw new f(e);
        } catch (InvalidKeyException e11) {
            e = e11;
            Log.e(f13129e, "Error while decrypting the input.", e);
            throw new f(e);
        } catch (NoSuchAlgorithmException e12) {
            e = e12;
            Log.e(f13129e, "Error while decrypting the input.", e);
            throw new f(e);
        } catch (BadPaddingException e13) {
            e = e13;
            throw new d("The AES encrypted input is corrupted and cannot be recovered. Please discard it.", e);
        } catch (IllegalBlockSizeException e14) {
            e = e14;
            throw new d("The AES encrypted input is corrupted and cannot be recovered. Please discard it.", e);
        } catch (NoSuchPaddingException e15) {
            e = e15;
            Log.e(f13129e, "Error while decrypting the input.", e);
            throw new f(e);
        }
    }

    public byte[] f(byte[] bArr) throws d, f {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(g(), "AES");
            Cipher cipher = Cipher.getInstance("AES/GCM/NOPADDING");
            cipher.init(1, secretKeySpec);
            byte[] doFinal = cipher.doFinal(bArr);
            this.f13132c.store(this.f13131b, new String(Base64.encode(cipher.getIV(), 0)));
            return doFinal;
        } catch (InvalidKeyException e10) {
            e = e10;
            Log.e(f13129e, "Error while encrypting the input.", e);
            throw new f(e);
        } catch (NoSuchAlgorithmException e11) {
            e = e11;
            Log.e(f13129e, "Error while encrypting the input.", e);
            throw new f(e);
        } catch (BadPaddingException e12) {
            e = e12;
            throw new d("The AES decrypted input is invalid.", e);
        } catch (IllegalBlockSizeException e13) {
            e = e13;
            throw new d("The AES decrypted input is invalid.", e);
        } catch (NoSuchPaddingException e14) {
            e = e14;
            Log.e(f13129e, "Error while encrypting the input.", e);
            throw new f(e);
        }
    }

    byte[] g() throws f, d {
        byte[] a10;
        String d10 = this.f13132c.d(this.f13130a);
        if (d10 != null && (a10 = a(Base64.decode(d10, 0))) != null && a10.length == 32) {
            return a10;
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            byte[] encoded = keyGenerator.generateKey().getEncoded();
            this.f13132c.store(this.f13130a, new String(Base64.encode(b(encoded), 0)));
            return encoded;
        } catch (NoSuchAlgorithmException e10) {
            Log.e(f13129e, "Error while creating the AES key.", e10);
            throw new f(e10);
        }
    }

    KeyStore.PrivateKeyEntry i() throws d, f {
        AlgorithmParameterSpec build;
        KeyStore.PrivateKeyEntry h10;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(this.f13130a) && (h10 = h(keyStore)) != null) {
                return h10;
            }
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            boolean z10 = true;
            calendar2.add(1, 25);
            X500Principal x500Principal = new X500Principal("CN=Auth0.Android,O=Auth0");
            int i10 = Build.VERSION.SDK_INT;
            if (i10 >= 23) {
                build = new KeyGenParameterSpec.Builder(this.f13130a, 3).setCertificateSubject(x500Principal).setCertificateSerialNumber(BigInteger.ONE).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).setKeySize(RecyclerView.m.FLAG_MOVED).setEncryptionPaddings("PKCS1Padding").setBlockModes("ECB").build();
            } else {
                KeyPairGeneratorSpec.Builder endDate = new KeyPairGeneratorSpec.Builder(this.f13133d).setAlias(this.f13130a).setSubject(x500Principal).setKeySize(RecyclerView.m.FLAG_MOVED).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime());
                KeyguardManager keyguardManager = (KeyguardManager) this.f13133d.getSystemService("keyguard");
                if (i10 >= 21) {
                    Intent createConfirmDeviceCredentialIntent = keyguardManager.createConfirmDeviceCredentialIntent(null, null);
                    if (!keyguardManager.isKeyguardSecure() || createConfirmDeviceCredentialIntent == null) {
                        z10 = false;
                    }
                    if (z10) {
                        endDate.setEncryptionRequired();
                    }
                }
                build = endDate.build();
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
            return h(keyStore);
        } catch (IOException e10) {
            e = e10;
            e();
            d();
            throw new d("The existing RSA key pair could not be recovered and has been deleted. This occasionally happens when the Lock Screen settings are changed. You can safely retry this operation.", e);
        } catch (InvalidAlgorithmParameterException e11) {
            e = e11;
            Log.e(f13129e, "The device can't generate a new RSA Key pair.", e);
            throw new f(e);
        } catch (KeyStoreException e12) {
            e = e12;
            Log.e(f13129e, "The device can't generate a new RSA Key pair.", e);
            throw new f(e);
        } catch (NoSuchAlgorithmException e13) {
            e = e13;
            Log.e(f13129e, "The device can't generate a new RSA Key pair.", e);
            throw new f(e);
        } catch (NoSuchProviderException e14) {
            e = e14;
            Log.e(f13129e, "The device can't generate a new RSA Key pair.", e);
            throw new f(e);
        } catch (ProviderException e15) {
            e = e15;
            Log.e(f13129e, "The device can't generate a new RSA Key pair.", e);
            throw new f(e);
        } catch (UnrecoverableEntryException e16) {
            e = e16;
            e();
            d();
            throw new d("The existing RSA key pair could not be recovered and has been deleted. This occasionally happens when the Lock Screen settings are changed. You can safely retry this operation.", e);
        } catch (CertificateException e17) {
            e = e17;
            Log.e(f13129e, "The device can't generate a new RSA Key pair.", e);
            throw new f(e);
        }
    }
}
