package com.liveperson.infra.controller;

import android.content.res.Resources;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.text.TextUtils;
import android.util.Base64;
import com.dynatrace.android.agent.events.eventsapi.EventMetricsAggregator;
import com.facebook.react.uimanager.ViewProps;
import com.google.android.gms.stats.CodePackage;
import com.liveperson.infra.Clearable;
import com.liveperson.infra.Infra;
import com.liveperson.infra.R;
import com.liveperson.infra.configuration.Configuration;
import com.liveperson.infra.errors.ErrorCode;
import com.liveperson.infra.log.FlowTags;
import com.liveperson.infra.log.LPLog;
import com.liveperson.infra.managers.PreferenceManager;
import com.liveperson.infra.utils.AndroidFrameworkUtils;
import com.liveperson.infra.utils.EncryptionVersion;
import com.liveperson.infra.utils.Utils;
import com.oblador.keychain.cipherStorage.CipherStorageKeystoreAesCbc;
import com.oblador.keychain.cipherStorage.CipherStorageKeystoreRsaEcb;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Regex;

/* compiled from: DBEncryptionService.kt */
@Metadata(d1 = {"\u0000^\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\b\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\b\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0016\u0018\u0000 12\u00020\u0001:\u000201B\u0005¢\u0006\u0002\u0010\u0002J\b\u0010\u000f\u001a\u00020\u0010H\u0016J\u0014\u0010\u0011\u001a\u0004\u0018\u00010\u00122\b\u0010\u0013\u001a\u0004\u0018\u00010\u0012H\u0016J\u0012\u0010\u0014\u001a\u0004\u0018\u00010\u00122\u0006\u0010\u0015\u001a\u00020\u0012H\u0002J\u0018\u0010\u0016\u001a\u00020\u00122\u0006\u0010\u0015\u001a\u00020\u00122\u0006\u0010\u0017\u001a\u00020\u0018H\u0002J\u0014\u0010\u0019\u001a\u0004\u0018\u00010\u00122\b\u0010\u001a\u001a\u0004\u0018\u00010\u0012H\u0016J\u0012\u0010\u001b\u001a\u00020\u00102\b\u0010\u001c\u001a\u0004\u0018\u00010\u0012H\u0002J\b\u0010\u001d\u001a\u00020\u0012H\u0002J\b\u0010\u001e\u001a\u00020\u0010H\u0002J\u0012\u0010\u001f\u001a\u00020\u00182\b\u0010 \u001a\u0004\u0018\u00010!H\u0002J\b\u0010\"\u001a\u00020\u0018H\u0002J\u0010\u0010#\u001a\u00020\u00182\u0006\u0010$\u001a\u00020%H\u0002J\b\u0010&\u001a\u00020\u0010H\u0016J\n\u0010'\u001a\u0004\u0018\u00010\u0012H\u0002J\n\u0010(\u001a\u0004\u0018\u00010\fH\u0002J\b\u0010)\u001a\u00020\u0010H\u0016J\u0012\u0010*\u001a\u00020\u00102\b\u0010+\u001a\u0004\u0018\u00010\u0012H\u0002J\u0010\u0010,\u001a\u00020-2\u0006\u0010.\u001a\u00020\u0012H\u0002J\u0010\u0010/\u001a\u00020\f2\u0006\u0010.\u001a\u00020\u0012H\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082.¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082.¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\bX\u0082.¢\u0006\u0002\n\u0000R\u0010\u0010\t\u001a\u0004\u0018\u00010\nX\u0082\u000e¢\u0006\u0002\n\u0000R\u0010\u0010\u000b\u001a\u0004\u0018\u00010\fX\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\r\u001a\u00020\u000eX\u0082\u000e¢\u0006\u0002\n\u0000¨\u00062"}, d2 = {"Lcom/liveperson/infra/controller/DBEncryptionService;", "Lcom/liveperson/infra/Clearable;", "()V", "androidInterface", "Lcom/liveperson/infra/controller/AndroidInterface;", "androidKeyStore", "Ljava/security/KeyStore;", "cipherWrapperFactory", "Lcom/liveperson/infra/controller/CipherWrapperFactory;", DBEncryptionService.DB_ENCRYPTION_KEY, "Ljavax/crypto/SecretKey;", "legacyIvSpec", "Ljavax/crypto/spec/IvParameterSpec;", "onlyKeystore", "", "clear", "", "decrypt", "", "cipherText", "decryptKey", "encryptedKey", "decryptKeyWithCipher", "cipherWrapper", "Lcom/liveperson/infra/controller/CipherWrapper;", "encrypt", "plainText", "encryptAndSaveKey", "decryptedKey", "generateAesEncryptionKeyAndSave", "generateKeyPairInStoreIfNotExists", "getAESDecryptCipher", "apSpec", "Ljava/security/spec/AlgorithmParameterSpec;", "getAESEncryptCipher", "getCipherForKey", "opMode", "", "initialize", "loadInternalLegacyAESKey", "loadLegacyIvSpec", "resetDBEncryptionService", "setDbEncryptionKey", "key", "unpackGCMSpecBytes", "Ljavax/crypto/spec/GCMParameterSpec;", "base64ivSpec", "unpackIvSpecBytes", EventMetricsAggregator.OS_NAME, "Companion", "infra_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
/* loaded from: classes3.dex */
public class DBEncryptionService implements Clearable {
    private static final String ANDROID_INFRA_DB_ENC_KEY = "androidInfraDbEncKey";
    private static final int ANDROID_INFRA_DB_ENC_KEY_SIZE = 256;
    private static final String ANDROID_KEYSTORE = "AndroidKeyStore";

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);
    private static final String DB_ENCRYPTION_KEY = "dbEncryptionKey";
    private static final String DB_ENCRYPTION_USES_KEYSTORE = "dbEncryptionUsesKeyStore";
    private static final String DB_ENC_CN = "CN=DBKeyEncryptor, O=Liveperson";
    private static final String INITIALIZATION_VECTOR = "initializationVector";
    private static final String IV_SEPARATOR = "::";
    private static final String MDNAME = "SHA-256";
    private static final String MGFNAME = "MGF1";
    private static final String MGFSPEC_MDNAME = "SHA-1";
    private static final String TAG = "DBEncryptionService";
    private static final String TRANSFORMATION_AES_GCM_NoPadding = "AES/GCM/NoPadding";
    private static final String TRANSFORMATION_AES_PKCS5Padding = "AES/CBC/PKCS5Padding";
    private static final String TRANSFORMATION_AES_PKCS7Padding = "AES/CBC/PKCS7Padding";
    private static final String TRANSFORMATION_RSA_18_PLUS = "RSA/ECB/PKCS1Padding";
    private static final String TRANSFORMATION_RSA_23_PLUS = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
    private static int encryptAttempts;
    private AndroidInterface androidInterface;
    private KeyStore androidKeyStore;
    private CipherWrapperFactory cipherWrapperFactory;
    private SecretKey dbEncryptionKey;
    private IvParameterSpec legacyIvSpec;
    private boolean onlyKeystore;

    /* compiled from: DBEncryptionService.kt */
    @Metadata(d1 = {"\u0000D\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0004\b\u0096\u0004\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J\b\u0010\t\u001a\u00020\nH\u0016J\b\u0010\u000b\u001a\u00020\nH\u0017J\b\u0010\f\u001a\u00020\rH\u0016J\b\u0010\u000e\u001a\u00020\u000fH\u0016J\b\u0010\u0010\u001a\u00020\u0011H\u0016J\u0018\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u0015H\u0016J\u0010\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\rH\u0016J\b\u0010\u001a\u001a\u00020\nH\u0016J\b\u0010\u001b\u001a\u00020\nH\u0016J\n\u0010\u0007\u001a\u0004\u0018\u00010\u0004H\u0016R\u0011\u0010\u0003\u001a\u00020\u00048F¢\u0006\u0006\u001a\u0004\b\u0005\u0010\u0006R\u0018\u0010\u0007\u001a\u0004\u0018\u00010\u00048BX\u0082\u000e¢\u0006\b\n\u0000\u001a\u0004\b\b\u0010\u0006¨\u0006\u001c"}, d2 = {"Lcom/liveperson/infra/controller/DBEncryptionService$Android;", "Lcom/liveperson/infra/controller/AndroidInterface;", "(Lcom/liveperson/infra/controller/DBEncryptionService;)V", "keyStoreSecretKey", "Ljavax/crypto/SecretKey;", "getKeyStoreSecretKey", "()Ljavax/crypto/SecretKey;", "secretKey", "getSecretKey", "clear", "", "createKeystoreAESKeyIfNecessary", "generateLegacyAesEncryptionKey", "", "getKeystoreEntry", "Ljava/security/KeyStore$PrivateKeyEntry;", "getPublicKey", "Ljava/security/PublicKey;", "initKeyPairGenerator", "Ljava/security/KeyPairGenerator;", "start", "Ljava/util/Calendar;", ViewProps.END, "keystoreContainsAlias", "", "alias", "loadKeystore", "refreshKey", "infra_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
    /* loaded from: classes3.dex */
    public class Android implements AndroidInterface {
        private SecretKey secretKey;

        public Android() {
        }

        private final SecretKey getSecretKey() {
            SecretKey secretKey = this.secretKey;
            return secretKey != null ? secretKey : getKeyStoreSecretKey();
        }

        @Override // com.liveperson.infra.controller.AndroidInterface
        public void clear() {
            try {
                KeyStore keyStore = DBEncryptionService.this.androidKeyStore;
                if (keyStore == null) {
                    Intrinsics.throwUninitializedPropertyAccessException("androidKeyStore");
                    keyStore = null;
                }
                keyStore.deleteEntry(DBEncryptionService.ANDROID_INFRA_DB_ENC_KEY);
                LPLog.INSTANCE.d(DBEncryptionService.TAG, "clear succeed");
            } catch (Exception e) {
                LPLog.INSTANCE.d(DBEncryptionService.TAG, "exception deleting key store entry: ", e);
            }
        }

        @Override // com.liveperson.infra.controller.AndroidInterface
        public void createKeystoreAESKeyIfNecessary() {
            try {
                AndroidInterface androidInterface = DBEncryptionService.this.androidInterface;
                AndroidInterface androidInterface2 = null;
                if (androidInterface == null) {
                    Intrinsics.throwUninitializedPropertyAccessException("androidInterface");
                    androidInterface = null;
                }
                if (androidInterface.keystoreContainsAlias(DBEncryptionService.ANDROID_INFRA_DB_ENC_KEY)) {
                    return;
                }
                try {
                    KeyGenerator keyGenerator = KeyGenerator.getInstance(CipherStorageKeystoreAesCbc.ALGORITHM_AES, "AndroidKeyStore");
                    KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(DBEncryptionService.ANDROID_INFRA_DB_ENC_KEY, 3).setKeySize(256).setBlockModes(CodePackage.GCM).setEncryptionPaddings("NoPadding").build();
                    Intrinsics.checkNotNullExpressionValue(build, "Builder(\n\t\t\t\t\t\t\tANDROID_…ING_NONE)\n\t\t\t\t\t\t\t.build()");
                    keyGenerator.init(build);
                    keyGenerator.generateKey();
                    AndroidInterface androidInterface3 = DBEncryptionService.this.androidInterface;
                    if (androidInterface3 == null) {
                        Intrinsics.throwUninitializedPropertyAccessException("androidInterface");
                    } else {
                        androidInterface2 = androidInterface3;
                    }
                    androidInterface2.refreshKey();
                } catch (Exception e) {
                    LPLog.INSTANCE.e(DBEncryptionService.TAG, ErrorCode.ERR_0000014B, "Fatal exception while generating new AES key: ", e);
                }
            } catch (KeyStoreException e2) {
                LPLog.INSTANCE.e(DBEncryptionService.TAG, ErrorCode.ERR_0000014A, "Fatal exception while accessing keystore: ", e2);
            }
        }

        @Override // com.liveperson.infra.controller.AndroidInterface
        public String generateLegacyAesEncryptionKey() {
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance(CipherStorageKeystoreAesCbc.ALGORITHM_AES);
                keyGenerator.init(256);
                SecretKey generateKey = keyGenerator.generateKey();
                Intrinsics.checkNotNullExpressionValue(generateKey, "{\n\t\t\t\tval keyGen = KeyGe…eyGen.generateKey()\n\n\t\t\t}");
                String encodeToString = Base64.encodeToString(generateKey.getEncoded(), 0);
                Intrinsics.checkNotNullExpressionValue(encodeToString, "encodeToString(secretKey.encoded, Base64.DEFAULT)");
                return encodeToString;
            } catch (NoSuchAlgorithmException e) {
                LPLog.INSTANCE.e(DBEncryptionService.TAG, ErrorCode.ERR_00000037, "Exception while generating AES Encryption Key", e);
                byte[] bArr = new byte[32];
                new SecureRandom().nextBytes(bArr);
                String encodeToString2 = Base64.encodeToString(bArr, 0);
                Intrinsics.checkNotNullExpressionValue(encodeToString2, "encodeToString(randomBytes, Base64.DEFAULT)");
                return encodeToString2;
            }
        }

        public final SecretKey getKeyStoreSecretKey() {
            KeyStore keyStore = DBEncryptionService.this.androidKeyStore;
            if (keyStore == null) {
                Intrinsics.throwUninitializedPropertyAccessException("androidKeyStore");
                keyStore = null;
            }
            KeyStore.Entry entry = keyStore.getEntry(DBEncryptionService.ANDROID_INFRA_DB_ENC_KEY, null);
            Objects.requireNonNull(entry, "null cannot be cast to non-null type java.security.KeyStore.SecretKeyEntry");
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
            Intrinsics.checkNotNullExpressionValue(secretKey, "keyEntry as KeyStore.SecretKeyEntry).secretKey");
            return secretKey;
        }

        @Override // com.liveperson.infra.controller.AndroidInterface
        public KeyStore.PrivateKeyEntry getKeystoreEntry() throws IOException {
            KeyStore keyStore = DBEncryptionService.this.androidKeyStore;
            if (keyStore == null) {
                Intrinsics.throwUninitializedPropertyAccessException("androidKeyStore");
                keyStore = null;
            }
            KeyStore.Entry entry = keyStore.getEntry(DBEncryptionService.ANDROID_INFRA_DB_ENC_KEY, null);
            Objects.requireNonNull(entry, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
            return (KeyStore.PrivateKeyEntry) entry;
        }

        @Override // com.liveperson.infra.controller.AndroidInterface
        public PublicKey getPublicKey() {
            PublicKey publicKey = getKeystoreEntry().getCertificate().getPublicKey();
            Intrinsics.checkNotNullExpressionValue(publicKey, "getKeystoreEntry().certificate.publicKey");
            return publicKey;
        }

        @Override // com.liveperson.infra.controller.AndroidInterface
        public KeyPairGenerator initKeyPairGenerator(Calendar start, Calendar end) {
            Intrinsics.checkNotNullParameter(start, "start");
            Intrinsics.checkNotNullParameter(end, "end");
            KeyPairGenerator generator = KeyPairGenerator.getInstance(CipherStorageKeystoreRsaEcb.ALGORITHM_RSA, "AndroidKeyStore");
            if (Build.VERSION.SDK_INT >= 23) {
                KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(DBEncryptionService.ANDROID_INFRA_DB_ENC_KEY, 3).setCertificateSubject(new X500Principal(DBEncryptionService.DB_ENC_CN)).setCertificateSerialNumber(BigInteger.ONE).setKeyValidityStart(start.getTime()).setKeyValidityEnd(end.getTime()).build();
                Intrinsics.checkNotNullExpressionValue(build, "Builder(ANDROID_INFRA_DB…d(end.time)\n\t\t\t\t\t.build()");
                generator.initialize(build);
            } else {
                generator.initialize(new KeyPairGeneratorSpec.Builder(Infra.instance.getApplicationContext()).setAlias(DBEncryptionService.ANDROID_INFRA_DB_ENC_KEY).setSubject(new X500Principal(DBEncryptionService.DB_ENC_CN)).setSerialNumber(BigInteger.ONE).setStartDate(start.getTime()).setEndDate(end.getTime()).build());
            }
            Intrinsics.checkNotNullExpressionValue(generator, "generator");
            return generator;
        }

        @Override // com.liveperson.infra.controller.AndroidInterface
        public boolean keystoreContainsAlias(String alias) {
            Intrinsics.checkNotNullParameter(alias, "alias");
            KeyStore keyStore = DBEncryptionService.this.androidKeyStore;
            if (keyStore == null) {
                Intrinsics.throwUninitializedPropertyAccessException("androidKeyStore");
                keyStore = null;
            }
            return keyStore.containsAlias(alias);
        }

        @Override // com.liveperson.infra.controller.AndroidInterface
        public void loadKeystore() {
            try {
                DBEncryptionService dBEncryptionService = DBEncryptionService.this;
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                Intrinsics.checkNotNullExpressionValue(keyStore, "getInstance(\"AndroidKeyStore\")");
                dBEncryptionService.androidKeyStore = keyStore;
                KeyStore keyStore2 = DBEncryptionService.this.androidKeyStore;
                if (keyStore2 == null) {
                    Intrinsics.throwUninitializedPropertyAccessException("androidKeyStore");
                    keyStore2 = null;
                }
                keyStore2.load(null, null);
            } catch (Exception e) {
                LPLog.INSTANCE.e(DBEncryptionService.TAG, ErrorCode.ERR_00000034, "Failed to load Keystore.", e);
            }
        }

        @Override // com.liveperson.infra.controller.AndroidInterface
        public void refreshKey() {
            this.secretKey = getKeyStoreSecretKey();
        }

        @Override // com.liveperson.infra.controller.AndroidInterface
        public SecretKey secretKey() {
            return getSecretKey();
        }
    }

    /* compiled from: DBEncryptionService.kt */
    @Metadata(d1 = {"\u0000\"\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\b\n\u0002\b\u0010\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u000b\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\r\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u000e\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u000f\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0010\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0011\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0012\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0013\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0014\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0015\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u001a\u0010\u0016\u001a\u00020\u00178FX\u0087\u0004¢\u0006\f\u0012\u0004\b\u0018\u0010\u0002\u001a\u0004\b\u0019\u0010\u001aR\u000e\u0010\u001b\u001a\u00020\u0006X\u0082\u000e¢\u0006\u0002\n\u0000¨\u0006\u001c"}, d2 = {"Lcom/liveperson/infra/controller/DBEncryptionService$Companion;", "", "()V", "ANDROID_INFRA_DB_ENC_KEY", "", "ANDROID_INFRA_DB_ENC_KEY_SIZE", "", "ANDROID_KEYSTORE", "DB_ENCRYPTION_KEY", "DB_ENCRYPTION_USES_KEYSTORE", "DB_ENC_CN", "INITIALIZATION_VECTOR", "IV_SEPARATOR", "MDNAME", "MGFNAME", "MGFSPEC_MDNAME", "TAG", "TRANSFORMATION_AES_GCM_NoPadding", "TRANSFORMATION_AES_PKCS5Padding", "TRANSFORMATION_AES_PKCS7Padding", "TRANSFORMATION_RSA_18_PLUS", "TRANSFORMATION_RSA_23_PLUS", "appEncryptionVersion", "Lcom/liveperson/infra/utils/EncryptionVersion;", "getAppEncryptionVersion$annotations", "getAppEncryptionVersion", "()Lcom/liveperson/infra/utils/EncryptionVersion;", "encryptAttempts", "infra_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
    /* loaded from: classes3.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        @JvmStatic
        public static /* synthetic */ void getAppEncryptionVersion$annotations() {
        }

        public final EncryptionVersion getAppEncryptionVersion() {
            try {
                EncryptionVersion fromInt = EncryptionVersion.fromInt(Configuration.getInteger(R.integer.encryptionVersion));
                Intrinsics.checkNotNullExpressionValue(fromInt, "{\n\t\t\t\tEncryptionVersion.….encryptionVersion))\n\t\t\t}");
                return fromInt;
            } catch (Resources.NotFoundException e) {
                LPLog.INSTANCE.e(DBEncryptionService.TAG, ErrorCode.ERR_0000003C, "Exception while getting app encryption version.", e);
                return EncryptionVersion.VERSION_1;
            }
        }
    }

    public DBEncryptionService() {
        initialize();
    }

    private final String decryptKey(String encryptedKey) {
        String str = null;
        try {
            return decryptKeyWithCipher(encryptedKey, getCipherForKey(2));
        } catch (IOException e) {
            LPLog.INSTANCE.e(TAG, ErrorCode.ERR_00000035, "IOException while decrypting key. Android SDK Version: " + Build.VERSION.SDK_INT, e);
            try {
                LPLog.INSTANCE.w(TAG, "fallback: use old RSA algorithm - RSA/ECB/PKCS1Padding, to decrypt key in sharedPref");
                AndroidInterface androidInterface = this.androidInterface;
                if (androidInterface == null) {
                    Intrinsics.throwUninitializedPropertyAccessException("androidInterface");
                    androidInterface = null;
                }
                KeyStore.PrivateKeyEntry keystoreEntry = androidInterface.getKeystoreEntry();
                CipherWrapperFactory cipherWrapperFactory = this.cipherWrapperFactory;
                if (cipherWrapperFactory == null) {
                    Intrinsics.throwUninitializedPropertyAccessException("cipherWrapperFactory");
                    cipherWrapperFactory = null;
                }
                str = decryptKeyWithCipher(encryptedKey, cipherWrapperFactory.createCipherWrapper("RSA/ECB/PKCS1Padding", 2, keystoreEntry.getPrivateKey()));
                if (AndroidFrameworkUtils.getSdkVersion() >= 23 && PreferenceManager.getInstance().contains(DB_ENCRYPTION_KEY, PreferenceManager.APP_LEVEL_PREFERENCES)) {
                    LPLog.INSTANCE.d(TAG, "set flag to reset DBEncryptionService");
                    PreferenceManager.getInstance().setBooleanValue(PreferenceManager.RESET_DB_ENCRYPTION_SERVICE_KEY, PreferenceManager.APP_LEVEL_PREFERENCES, true);
                }
                LPLog.INSTANCE.d(TAG, "Got decrypted key by using old RSA algorithm");
                return str;
            } catch (Exception e2) {
                LPLog.INSTANCE.e(TAG, ErrorCode.ERR_00000035, "Exception while decrypting key - fallback", e2);
                return str;
            }
        } catch (Exception e3) {
            LPLog.INSTANCE.e(TAG, ErrorCode.ERR_00000035, "Exception while decrypting key.", e3);
            return null;
        }
    }

    private final String decryptKeyWithCipher(String encryptedKey, CipherWrapper cipherWrapper) {
        CipherInputStream createCipherInputStream = cipherWrapper.createCipherInputStream(encryptedKey);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = createCipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        int size = arrayList.size();
        byte[] bArr = new byte[size];
        for (int i = 0; i < size; i++) {
            Object obj = arrayList.get(i);
            Intrinsics.checkNotNullExpressionValue(obj, "values[i]");
            bArr[i] = ((Number) obj).byteValue();
        }
        Charset UTF_8 = StandardCharsets.UTF_8;
        Intrinsics.checkNotNullExpressionValue(UTF_8, "UTF_8");
        return new String(bArr, 0, size, UTF_8);
    }

    private final void encryptAndSaveKey(String decryptedKey) {
        generateKeyPairInStoreIfNotExists();
        boolean z = false;
        try {
            CipherWrapper cipherForKey = getCipherForKey(1);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CipherOutputStream createCipherOutputStream = cipherForKey.createCipherOutputStream(byteArrayOutputStream);
            Intrinsics.checkNotNull(decryptedKey);
            Charset UTF_8 = StandardCharsets.UTF_8;
            Intrinsics.checkNotNullExpressionValue(UTF_8, "UTF_8");
            byte[] bytes = decryptedKey.getBytes(UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
            createCipherOutputStream.write(bytes);
            createCipherOutputStream.close();
            decryptedKey = Base64.encodeToString(byteArrayOutputStream.toByteArray(), 0);
            z = true;
        } catch (Exception e) {
            LPLog.INSTANCE.e(TAG, ErrorCode.ERR_00000036, "Exception while encrypting/saving key.", e);
        }
        PreferenceManager.getInstance().setStringValue(DB_ENCRYPTION_KEY, PreferenceManager.APP_LEVEL_PREFERENCES, decryptedKey);
        PreferenceManager.getInstance().setBooleanValue(DB_ENCRYPTION_USES_KEYSTORE, PreferenceManager.APP_LEVEL_PREFERENCES, z);
    }

    private final String generateAesEncryptionKeyAndSave() {
        AndroidInterface androidInterface = this.androidInterface;
        if (androidInterface == null) {
            Intrinsics.throwUninitializedPropertyAccessException("androidInterface");
            androidInterface = null;
        }
        String generateLegacyAesEncryptionKey = androidInterface.generateLegacyAesEncryptionKey();
        encryptAndSaveKey(generateLegacyAesEncryptionKey);
        return generateLegacyAesEncryptionKey;
    }

    private final void generateKeyPairInStoreIfNotExists() {
        try {
            AndroidInterface androidInterface = this.androidInterface;
            AndroidInterface androidInterface2 = null;
            if (androidInterface == null) {
                Intrinsics.throwUninitializedPropertyAccessException("androidInterface");
                androidInterface = null;
            }
            if (androidInterface.keystoreContainsAlias(ANDROID_INFRA_DB_ENC_KEY)) {
                return;
            }
            Calendar start = Calendar.getInstance();
            Calendar end = Calendar.getInstance();
            end.add(1, 120);
            AndroidInterface androidInterface3 = this.androidInterface;
            if (androidInterface3 == null) {
                Intrinsics.throwUninitializedPropertyAccessException("androidInterface");
            } else {
                androidInterface2 = androidInterface3;
            }
            Intrinsics.checkNotNullExpressionValue(start, "start");
            Intrinsics.checkNotNullExpressionValue(end, "end");
            androidInterface2.initKeyPairGenerator(start, end).generateKeyPair();
        } catch (Exception e) {
            LPLog.INSTANCE.e(TAG, ErrorCode.ERR_00000038, "Exception while generating KeyPair.", e);
        }
    }

    private final CipherWrapper getAESDecryptCipher(AlgorithmParameterSpec apSpec) throws NoSuchAlgorithmException, NoSuchPaddingException, UnrecoverableEntryException, KeyStoreException, InvalidAlgorithmParameterException, InvalidKeyException {
        CipherWrapperFactory cipherWrapperFactory = null;
        AndroidInterface androidInterface = null;
        if (!this.onlyKeystore) {
            CipherWrapperFactory cipherWrapperFactory2 = this.cipherWrapperFactory;
            if (cipherWrapperFactory2 == null) {
                Intrinsics.throwUninitializedPropertyAccessException("cipherWrapperFactory");
            } else {
                cipherWrapperFactory = cipherWrapperFactory2;
            }
            SecretKey secretKey = this.dbEncryptionKey;
            if (apSpec != null) {
                return cipherWrapperFactory.createCipherWrapper(TRANSFORMATION_AES_GCM_NoPadding, 2, secretKey, apSpec);
            }
            throw new IllegalArgumentException("Required value was null.".toString());
        }
        AndroidInterface androidInterface2 = this.androidInterface;
        if (androidInterface2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("androidInterface");
            androidInterface2 = null;
        }
        androidInterface2.createKeystoreAESKeyIfNecessary();
        CipherWrapperFactory cipherWrapperFactory3 = this.cipherWrapperFactory;
        if (cipherWrapperFactory3 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("cipherWrapperFactory");
            cipherWrapperFactory3 = null;
        }
        AndroidInterface androidInterface3 = this.androidInterface;
        if (androidInterface3 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("androidInterface");
        } else {
            androidInterface = androidInterface3;
        }
        SecretKey secretKey2 = androidInterface.secretKey();
        if (apSpec != null) {
            return cipherWrapperFactory3.createCipherWrapper(TRANSFORMATION_AES_GCM_NoPadding, 2, secretKey2, apSpec);
        }
        throw new IllegalArgumentException("Required value was null.".toString());
    }

    private final CipherWrapper getAESEncryptCipher() throws NoSuchAlgorithmException, NoSuchPaddingException, UnrecoverableEntryException, KeyStoreException, InvalidAlgorithmParameterException, InvalidKeyException {
        CipherWrapper createCipherWrapper;
        if (this.cipherWrapperFactory == null) {
            this.cipherWrapperFactory = new CipherWrapperFactory();
        }
        CipherWrapperFactory cipherWrapperFactory = null;
        AndroidInterface androidInterface = null;
        if (this.onlyKeystore) {
            AndroidInterface androidInterface2 = this.androidInterface;
            if (androidInterface2 == null) {
                Intrinsics.throwUninitializedPropertyAccessException("androidInterface");
                androidInterface2 = null;
            }
            androidInterface2.createKeystoreAESKeyIfNecessary();
            CipherWrapperFactory cipherWrapperFactory2 = this.cipherWrapperFactory;
            if (cipherWrapperFactory2 == null) {
                Intrinsics.throwUninitializedPropertyAccessException("cipherWrapperFactory");
                cipherWrapperFactory2 = null;
            }
            AndroidInterface androidInterface3 = this.androidInterface;
            if (androidInterface3 == null) {
                Intrinsics.throwUninitializedPropertyAccessException("androidInterface");
            } else {
                androidInterface = androidInterface3;
            }
            createCipherWrapper = cipherWrapperFactory2.createCipherWrapper(TRANSFORMATION_AES_GCM_NoPadding, 1, androidInterface.secretKey());
        } else {
            CipherWrapperFactory cipherWrapperFactory3 = this.cipherWrapperFactory;
            if (cipherWrapperFactory3 == null) {
                Intrinsics.throwUninitializedPropertyAccessException("cipherWrapperFactory");
            } else {
                cipherWrapperFactory = cipherWrapperFactory3;
            }
            createCipherWrapper = cipherWrapperFactory.createCipherWrapper(TRANSFORMATION_AES_GCM_NoPadding, 1, this.dbEncryptionKey, this.legacyIvSpec);
        }
        if (createCipherWrapper != null) {
            return createCipherWrapper;
        }
        throw new IllegalArgumentException("Required value was null.".toString());
    }

    public static final EncryptionVersion getAppEncryptionVersion() {
        return INSTANCE.getAppEncryptionVersion();
    }

    private final CipherWrapper getCipherForKey(int opMode) {
        PrivateKey privateKey;
        CipherWrapperFactory cipherWrapperFactory = null;
        if (opMode == 1) {
            AndroidInterface androidInterface = this.androidInterface;
            if (androidInterface == null) {
                Intrinsics.throwUninitializedPropertyAccessException("androidInterface");
                androidInterface = null;
            }
            privateKey = androidInterface.getPublicKey();
        } else {
            privateKey = null;
        }
        if (opMode == 2) {
            AndroidInterface androidInterface2 = this.androidInterface;
            if (androidInterface2 == null) {
                Intrinsics.throwUninitializedPropertyAccessException("androidInterface");
                androidInterface2 = null;
            }
            privateKey = androidInterface2.getKeystoreEntry().getPrivateKey();
        }
        if (AndroidFrameworkUtils.getSdkVersion() < 23) {
            CipherWrapperFactory cipherWrapperFactory2 = this.cipherWrapperFactory;
            if (cipherWrapperFactory2 == null) {
                Intrinsics.throwUninitializedPropertyAccessException("cipherWrapperFactory");
            } else {
                cipherWrapperFactory = cipherWrapperFactory2;
            }
            if (privateKey != null) {
                return cipherWrapperFactory.createCipherWrapper("RSA/ECB/PKCS1Padding", opMode, privateKey);
            }
            throw new IllegalArgumentException("Required value was null.".toString());
        }
        OAEPParameterSpec oAEPParameterSpec = new OAEPParameterSpec(MDNAME, MGFNAME, new MGF1ParameterSpec(MGFSPEC_MDNAME), PSource.PSpecified.DEFAULT);
        CipherWrapperFactory cipherWrapperFactory3 = this.cipherWrapperFactory;
        if (cipherWrapperFactory3 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("cipherWrapperFactory");
        } else {
            cipherWrapperFactory = cipherWrapperFactory3;
        }
        if (privateKey != null) {
            return cipherWrapperFactory.createCipherWrapper(TRANSFORMATION_RSA_23_PLUS, opMode, privateKey, oAEPParameterSpec);
        }
        throw new IllegalArgumentException("Required value was null.".toString());
    }

    private final String loadInternalLegacyAESKey() {
        KeyStore.PrivateKeyEntry privateKeyEntry = null;
        String stringValue = PreferenceManager.getInstance().getStringValue(DB_ENCRYPTION_KEY, PreferenceManager.APP_LEVEL_PREFERENCES, null);
        try {
            AndroidInterface androidInterface = this.androidInterface;
            if (androidInterface == null) {
                Intrinsics.throwUninitializedPropertyAccessException("androidInterface");
                androidInterface = null;
            }
            privateKeyEntry = androidInterface.getKeystoreEntry();
        } catch (Exception unused) {
        }
        if (stringValue == null || privateKeyEntry == null) {
            return generateAesEncryptionKeyAndSave();
        }
        if (PreferenceManager.getInstance().getBooleanValue(DB_ENCRYPTION_USES_KEYSTORE, PreferenceManager.APP_LEVEL_PREFERENCES, false)) {
            return decryptKey(stringValue);
        }
        encryptAndSaveKey(stringValue);
        return stringValue;
    }

    private final IvParameterSpec loadLegacyIvSpec() {
        String stringValue = PreferenceManager.getInstance().getStringValue(INITIALIZATION_VECTOR, PreferenceManager.APP_LEVEL_PREFERENCES, null);
        if (stringValue == null) {
            return null;
        }
        LPLog.INSTANCE.w(TAG, "Found a legacy Initialization Vector; loading it. Please log out and back in to clear old data.");
        return new IvParameterSpec(Base64.decode(stringValue, 0));
    }

    private final void setDbEncryptionKey(String key) {
        String str = key;
        if (str == null || str.length() == 0) {
            LPLog.INSTANCE.d(TAG, "setDbEncryptionKey - key is NullOrEmpty");
            return;
        }
        byte[] decode = Base64.decode(key, 0);
        decode[0] = (byte) (decode[0] + 1);
        this.dbEncryptionKey = new SecretKeySpec(decode, CipherStorageKeystoreAesCbc.ALGORITHM_AES);
    }

    private final GCMParameterSpec unpackGCMSpecBytes(String base64ivSpec) {
        return new GCMParameterSpec(128, Base64.decode(base64ivSpec, 0));
    }

    private final IvParameterSpec unpackIvSpecBytes(String base64ivSpec) {
        return new IvParameterSpec(Base64.decode(base64ivSpec, 0));
    }

    @Override // com.liveperson.infra.Clearable
    public void clear() {
        LPLog.INSTANCE.d(TAG, "clear()");
        AndroidInterface androidInterface = this.androidInterface;
        if (androidInterface == null) {
            Intrinsics.throwUninitializedPropertyAccessException("androidInterface");
            androidInterface = null;
        }
        androidInterface.clear();
    }

    public String decrypt(String cipherText) {
        String str;
        LPLog.INSTANCE.d(TAG, "decrypt() " + cipherText);
        String str2 = cipherText;
        if (TextUtils.isEmpty(str2)) {
            return cipherText;
        }
        Intrinsics.checkNotNull(cipherText);
        Object[] array = new Regex(IV_SEPARATOR).split(str2, 0).toArray(new String[0]);
        Intrinsics.checkNotNull(array, "null cannot be cast to non-null type kotlin.Array<T of kotlin.collections.ArraysKt__ArraysJVMKt.toTypedArray>");
        String[] strArr = (String[]) array;
        if (strArr.length <= 1) {
            LPLog.INSTANCE.w(TAG, "decrypt failure. No gcmParameterSpec.");
            return cipherText;
        }
        GCMParameterSpec unpackGCMSpecBytes = unpackGCMSpecBytes(strArr[0]);
        String str3 = strArr[1];
        try {
            byte[] doFinal = getAESDecryptCipher(unpackGCMSpecBytes).doFinal(Base64.decode(str3, 0));
            Charset UTF_8 = StandardCharsets.UTF_8;
            Intrinsics.checkNotNullExpressionValue(UTF_8, "UTF_8");
            String str4 = new String(doFinal, UTF_8);
            LPLog lPLog = LPLog.INSTANCE;
            StringBuilder sb = new StringBuilder();
            sb.append("Successfully Decrypted ");
            if (strArr.length > 1) {
                str = LPLog.INSTANCE.mask("block " + strArr[0] + "\nres = " + str4);
            } else {
                str = "Legacy block";
            }
            sb.append(str);
            lPLog.v(TAG, sb.toString());
            return str4;
        } catch (InvalidAlgorithmParameterException unused) {
            LPLog.INSTANCE.w(TAG, FlowTags.DECRYPTION, "InvalidAlgorithmParameterException " + cipherText);
            return null;
        } catch (BadPaddingException e) {
            LPLog.INSTANCE.w(TAG, FlowTags.DECRYPTION, "Caught a bad padding exception!", e);
            LPLog.INSTANCE.d(TAG, FlowTags.DECRYPTION, "Using fallback after BadPaddingException");
            try {
                byte[] doFinal2 = getAESDecryptCipher(unpackGCMSpecBytes).doFinal(Utils.hexStringToByteArray(str3));
                LPLog.INSTANCE.d(TAG, FlowTags.DECRYPTION, "BadPaddingException fallback worked!");
                Charset UTF_82 = StandardCharsets.UTF_8;
                Intrinsics.checkNotNullExpressionValue(UTF_82, "UTF_8");
                return new String(doFinal2, UTF_82);
            } catch (Exception e2) {
                LPLog.INSTANCE.e(TAG, FlowTags.DECRYPTION, ErrorCode.ERR_0000003A, "BadPaddingException fallback failed.", e2);
                return cipherText;
            }
        } catch (Exception e3) {
            LPLog.INSTANCE.e(TAG, FlowTags.DECRYPTION, ErrorCode.ERR_0000003B, "Caught an unexpected exception.", e3);
            return cipherText;
        }
    }

    public String encrypt(String plainText) {
        LPLog.INSTANCE.d(TAG, "encrypt()");
        if (TextUtils.isEmpty(plainText)) {
            return plainText;
        }
        try {
            CipherWrapper aESEncryptCipher = getAESEncryptCipher();
            Intrinsics.checkNotNull(plainText);
            Charset UTF_8 = StandardCharsets.UTF_8;
            Intrinsics.checkNotNullExpressionValue(UTF_8, "UTF_8");
            byte[] bytes = plainText.getBytes(UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
            byte[] doFinal = aESEncryptCipher.doFinal(bytes);
            byte[] iv = aESEncryptCipher.iv();
            String encodeToString = Base64.encodeToString(doFinal, 0);
            String encodeToString2 = Base64.encodeToString(iv, 0);
            LPLog.INSTANCE.v(TAG, "Successfully Encrypted block " + LPLog.INSTANCE.mask(encodeToString2));
            encryptAttempts = 0;
            return encodeToString2 + IV_SEPARATOR + encodeToString;
        } catch (InvalidKeyException e) {
            LPLog.INSTANCE.w(TAG, "InvalidKeyException " + e);
            if (Build.VERSION.SDK_INT >= 23 && (e.getCause() instanceof KeyPermanentlyInvalidatedException)) {
                LPLog.INSTANCE.e(TAG, ErrorCode.ERR_00000039, "KeyPermanentlyInvalidatedException while Encrypting text.", e);
                KeyStore keyStore = this.androidKeyStore;
                if (keyStore == null) {
                    Intrinsics.throwUninitializedPropertyAccessException("androidKeyStore");
                    keyStore = null;
                }
                keyStore.deleteEntry(ANDROID_INFRA_DB_ENC_KEY);
                int i = encryptAttempts;
                if (i == 0) {
                    encryptAttempts = i + 1;
                    encrypt(plainText);
                }
            }
            return plainText;
        } catch (Exception e2) {
            LPLog.INSTANCE.e(TAG, ErrorCode.ERR_00000039, "Exception while Encrypting text.", e2);
            return plainText;
        }
    }

    public void initialize() {
        if (this.androidInterface == null) {
            this.androidInterface = new Android();
        }
        this.onlyKeystore = Build.VERSION.SDK_INT >= 23 && !PreferenceManager.getInstance().contains(DB_ENCRYPTION_KEY, PreferenceManager.APP_LEVEL_PREFERENCES);
        LPLog lPLog = LPLog.INSTANCE;
        StringBuilder sb = new StringBuilder();
        sb.append("Using ");
        sb.append(this.onlyKeystore ? "Keystore" : "Legacy");
        sb.append(" encryption system.");
        lPLog.i(TAG, sb.toString());
        AndroidInterface androidInterface = this.androidInterface;
        if (androidInterface == null) {
            Intrinsics.throwUninitializedPropertyAccessException("androidInterface");
            androidInterface = null;
        }
        androidInterface.loadKeystore();
        this.legacyIvSpec = loadLegacyIvSpec();
        if (this.cipherWrapperFactory == null) {
            this.cipherWrapperFactory = new CipherWrapperFactory();
        }
        if (this.onlyKeystore) {
            this.dbEncryptionKey = null;
        } else {
            setDbEncryptionKey(loadInternalLegacyAESKey());
        }
    }

    public void resetDBEncryptionService() {
        LPLog.INSTANCE.d(TAG, "resetDBEncryptionService");
        this.onlyKeystore = true;
        AndroidInterface androidInterface = null;
        this.dbEncryptionKey = null;
        this.legacyIvSpec = null;
        AndroidInterface androidInterface2 = this.androidInterface;
        if (androidInterface2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("androidInterface");
        } else {
            androidInterface = androidInterface2;
        }
        androidInterface.clear();
        PreferenceManager.getInstance().remove(DB_ENCRYPTION_KEY, PreferenceManager.APP_LEVEL_PREFERENCES);
        PreferenceManager.getInstance().remove(INITIALIZATION_VECTOR, PreferenceManager.APP_LEVEL_PREFERENCES);
    }
}
