package com.amazon.alexa.vsk.clientlib.internal.util;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Iterator;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class EncryptionHelper {
    private static final String AES = "AES";
    private static final String AES_GCM_NOPADDING = "AES/GCM/NoPadding";
    private static final int AES_KEY_LENGTH = 256;
    private static final String ALIAS = "AlexaVideoVSK";
    private static final String ANDROID_KEYSTORE = "AndroidKeyStore";
    private static final int IV_LENGTH = 16;
    private static final String RSA = "RSA";
    private static final String RSA_ECB_PKCS1_PADDING = "RSA/ECB/PKCS1Padding";
    private static final int RSA_KEY_LENGTH = 2048;
    private static final String SEPARATOR = "|";
    private static final String SP_KEY_ENCRYPTION_ALIAS = "AESEncryptionKeY";
    private static final String SP_KEY_VERSION_ALIAS = "DataStorageEncryptionVersion";
    private static final int VERSION = 1;
    private static EncryptionHelper instance;
    private DataStorageHelper dataStorageHelper;
    private KeyStore keyStore;
    private static final String TAG = "AlexaClient" + EncryptionHelper.class.getSimpleName();
    public static final List<String> SECURE_KEYS_V0 = Arrays.asList("LastApplicationInstanceId");
    public static final List<String> INSECURE_KEYS_V0 = Arrays.asList("AlexaApiEndpointUrl");

    public EncryptionHelper(Context context, DataStorageHelper dataStorageHelper) {
        this.dataStorageHelper = dataStorageHelper;
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
            this.keyStore = keyStore;
            keyStore.load(null);
            KeyStore keyStore2 = this.keyStore;
            if (keyStore2 == null) {
                throw new IllegalArgumentException("Keystore is null!");
            }
            if (keyStore2.containsAlias(ALIAS)) {
                return;
            }
            generateNewAsymmetricKeys(context);
        } catch (Exception e) {
            throw new IllegalStateException(e.getMessage());
        }
    }

    private byte[] decryptAESKey(String str) {
        PrivateKey privateKey = (PrivateKey) this.keyStore.getKey(ALIAS, null);
        Cipher cipher = Cipher.getInstance(RSA_ECB_PKCS1_PADDING);
        cipher.init(2, privateKey);
        return cipher.doFinal(str != null ? Base64.decode(str, 2) : null);
    }

    private String encryptAESKey(byte[] bArr) {
        PublicKey publicKey = this.keyStore.getCertificate(ALIAS).getPublicKey();
        Cipher cipher = Cipher.getInstance(RSA_ECB_PKCS1_PADDING);
        cipher.init(1, publicKey);
        byte[] doFinal = cipher.doFinal(bArr);
        if (doFinal == null) {
            return null;
        }
        return Base64.encodeToString(doFinal, 2);
    }

    private static byte[] generateIV() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private SecretKeySpec generateKeySpec() {
        byte[] aESKey = getAESKey();
        if (getAESKey() != null) {
            return new SecretKeySpec(aESKey, AES);
        }
        throw new IllegalArgumentException("Encryption key is null!");
    }

    private void generateNewAsymmetricKeys(Context context) {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 30);
        KeyPairGeneratorSpec build = Build.VERSION.SDK_INT >= 19 ? new KeyPairGeneratorSpec.Builder(context).setAlias(ALIAS).setSubject(new X500Principal("CN=AlexaVideoVSK")).setSerialNumber(BigInteger.TEN).setKeySize(2048).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build() : new KeyPairGeneratorSpec.Builder(context).setAlias(ALIAS).setSubject(new X500Principal("CN=AlexaVideoVSK")).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA, ANDROID_KEYSTORE);
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
    }

    private byte[] getAESKey() {
        String stringUnencrypted = this.dataStorageHelper.getStringUnencrypted(SP_KEY_ENCRYPTION_ALIAS, null);
        if (stringUnencrypted != null) {
            return decryptAESKey(stringUnencrypted);
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance(AES);
        keyGenerator.init(256);
        byte[] encoded = keyGenerator.generateKey().getEncoded();
        this.dataStorageHelper.putStringUnencrypted(SP_KEY_ENCRYPTION_ALIAS, encryptAESKey(encoded));
        return encoded;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkForUpgrade() {
        Long valueOf = Long.valueOf(this.dataStorageHelper.getLong(SP_KEY_VERSION_ALIAS, 0L));
        String str = TAG;
        Log.i(str, "Checking DataStore encryption version: " + valueOf);
        if (valueOf.longValue() == 0) {
            Log.i(str, "Upgrading data storage security");
            for (String str2 : SECURE_KEYS_V0) {
                String stringUnencrypted = this.dataStorageHelper.getStringUnencrypted(str2, "");
                if (stringUnencrypted != "") {
                    this.dataStorageHelper.putString(str2, stringUnencrypted);
                }
            }
            Iterator<String> it = INSECURE_KEYS_V0.iterator();
            while (it.hasNext()) {
                this.dataStorageHelper.putStringUnencrypted(it.next(), "");
            }
            this.dataStorageHelper.putLong(SP_KEY_VERSION_ALIAS, 1L);
        }
    }

    public String concatKeyAndIV(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return "1|" + Base64.encodeToString(bArr3, 2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String decryptEntry(String str) {
        String substring = str.substring(2);
        byte[] decode = substring == null ? null : Base64.decode(substring, 2);
        Cipher cipher = Cipher.getInstance(AES_GCM_NOPADDING);
        if (cipher == null) {
            return "";
        }
        cipher.init(2, generateKeySpec(), new IvParameterSpec(decode, 0, 16));
        byte[] doFinal = cipher.doFinal(decode, 16, decode.length - 16);
        if (doFinal == null) {
            return "";
        }
        try {
            return new String(doFinal, "utf-8");
        } catch (UnsupportedEncodingException unused) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String encryptEntry(String str) {
        byte[] generateIV = generateIV();
        byte[] bArr = null;
        if (str != null) {
            try {
                bArr = str.getBytes("utf-8");
            } catch (UnsupportedEncodingException unused) {
            }
        }
        Cipher cipher = Cipher.getInstance(AES_GCM_NOPADDING);
        cipher.init(1, generateKeySpec(), new IvParameterSpec(generateIV));
        return concatKeyAndIV(generateIV, cipher.doFinal(bArr, 0, bArr.length));
    }
}
