package c.e.a.e;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import android.util.Pair;
import com.tunnelbear.android.C0233va;
import com.tunnelbear.sdk.client.TBLog;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.util.ArrayList;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* compiled from: CryptoHelper.java */
/* loaded from: classes.dex */
public class b {

    /* renamed from: a, reason: collision with root package name */
    private SharedPreferences f2614a;

    /* compiled from: CryptoHelper.java */
    /* loaded from: classes.dex */
    public enum a {
        PASSWORD
    }

    public b(SharedPreferences sharedPreferences) {
        this.f2614a = sharedPreferences;
    }

    private Pair<Key, Boolean> a(String str, boolean z) {
        boolean a2 = a();
        Key key = null;
        if (a2) {
            byte[] decode = Base64.decode(this.f2614a.getString("SYM_KEY", ""), 0);
            key = new SecretKeySpec(decode, 0, decode.length, "AES");
        } else if (Build.VERSION.SDK_INT >= 21) {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                KeyStore.Entry entry = keyStore.getEntry(str, null);
                if (entry != null) {
                    if (entry instanceof KeyStore.SecretKeyEntry) {
                        key = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
                    } else if (entry instanceof KeyStore.PrivateKeyEntry) {
                        key = z ? a(entry) : ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
                    }
                }
            } catch (IOException | NullPointerException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException unused) {
                TBLog.e("CryptoHelper", "Error loading Android Keystore during CryptoHelper#getKey, key was not retrieved");
            }
        } else {
            TBLog.e("CryptoHelper", "Key was not retrieved");
        }
        return new Pair<>(key, Boolean.valueOf(a2));
    }

    private static RSAPublicKey a(KeyStore.Entry entry) {
        return (RSAPublicKey) ((KeyStore.PrivateKeyEntry) entry).getCertificate().getPublicKey();
    }

    private boolean a() {
        return !TextUtils.isEmpty(this.f2614a.getString("SYM_KEY", ""));
    }

    private static boolean a(String str) {
        try {
            if (Build.VERSION.SDK_INT < 21) {
                return false;
            }
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore.getEntry(str, null) != null;
        } catch (IOException | RuntimeException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e2) {
            TBLog.e("CryptoHelper", Log.getStackTraceString(e2));
            return false;
        }
    }

    private void b(a aVar, String str) {
        this.f2614a.edit().putString("ENCODED_IV" + aVar, str).commit();
    }

    private void b(String str) {
        this.f2614a.edit().putString("SYM_KEY", str).commit();
    }

    public String a(Context context, a aVar, String str) {
        boolean z;
        try {
            if (!a()) {
                if (Build.VERSION.SDK_INT >= 21) {
                    z = a("PolarbearKey");
                    if (!z) {
                        if (Build.VERSION.SDK_INT >= 23) {
                            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                            keyGenerator.init(C0233va.b("PolarbearKey"));
                            try {
                                keyGenerator.generateKey();
                                z = true;
                            } catch (Exception e2) {
                                TBLog.e("CryptoHelper", Log.getStackTraceString(e2));
                            }
                        }
                        if (!z) {
                            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                            keyPairGenerator.initialize(C0233va.b(context, "PolarbearKey"));
                            try {
                                keyPairGenerator.generateKeyPair();
                                z = true;
                            } catch (Exception e3) {
                                TBLog.e("CryptoHelper", Log.getStackTraceString(e3));
                            }
                        }
                    }
                } else {
                    z = false;
                }
                if (!z) {
                    KeyGenerator keyGenerator2 = KeyGenerator.getInstance("AES");
                    keyGenerator2.init(256);
                    b(Base64.encodeToString(keyGenerator2.generateKey().getEncoded(), 0));
                }
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e4) {
            TBLog.e("CryptoHelper", Log.getStackTraceString(e4));
        }
        Cipher cipher = null;
        Pair<Key, Boolean> a2 = a("PolarbearKey", true);
        try {
            if (a2.first == null) {
                TBLog.e("CryptoHelper", "Encryption key is null.");
                return "";
            }
            if (!(a2.first instanceof SecretKeySpec) && !(a2.first instanceof SecretKey)) {
                if (a2.first instanceof RSAPublicKey) {
                    cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
                    cipher.init(1, (Key) a2.first);
                }
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
                cipherOutputStream.write(str.getBytes("UTF-8"));
                cipherOutputStream.close();
                return Base64.encodeToString(byteArrayOutputStream.toByteArray(), 0);
            }
            if (((Boolean) a2.second).booleanValue() || Build.VERSION.SDK_INT < 23) {
                cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
                cipher.init(1, (Key) a2.first);
                b(aVar, Base64.encodeToString(((IvParameterSpec) cipher.getParameters().getParameterSpec(IvParameterSpec.class)).getIV(), 0));
            } else {
                cipher = Cipher.getInstance("AES/GCM/NoPadding");
                cipher.init(1, (Key) a2.first);
                b(aVar, Base64.encodeToString(((GCMParameterSpec) cipher.getParameters().getParameterSpec(GCMParameterSpec.class)).getIV(), 0));
            }
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream2 = new CipherOutputStream(byteArrayOutputStream2, cipher);
            cipherOutputStream2.write(str.getBytes("UTF-8"));
            cipherOutputStream2.close();
            return Base64.encodeToString(byteArrayOutputStream2.toByteArray(), 0);
        } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | InvalidParameterSpecException | NoSuchPaddingException e5) {
            TBLog.e("CryptoHelper", Log.getStackTraceString(e5));
            return "";
        }
    }

    public String a(a aVar, String str) {
        Cipher cipher;
        AlgorithmParameterSpec ivParameterSpec;
        Pair<Key, Boolean> a2 = a("PolarbearKey", false);
        Object obj = a2.first;
        if (obj == null) {
            return "";
        }
        Key key = (Key) obj;
        boolean z = !((Boolean) a2.second).booleanValue();
        try {
            if (key instanceof SecretKey) {
                byte[] decode = Base64.decode(this.f2614a.getString("ENCODED_IV" + aVar, ""), 0);
                if (!z || Build.VERSION.SDK_INT < 23) {
                    cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
                    ivParameterSpec = new IvParameterSpec(decode);
                } else {
                    cipher = Cipher.getInstance("AES/GCM/NoPadding");
                    ivParameterSpec = new GCMParameterSpec(128, decode);
                }
                cipher.init(2, key, ivParameterSpec);
            } else if (key instanceof PrivateKey) {
                cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                cipher.init(2, key);
            } else {
                cipher = null;
            }
            CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(Base64.decode(str, 0)), cipher);
            ArrayList arrayList = new ArrayList();
            while (true) {
                int read = cipherInputStream.read();
                if (read == -1) {
                    break;
                }
                arrayList.add(Byte.valueOf((byte) read));
            }
            byte[] bArr = new byte[arrayList.size()];
            for (int i = 0; i < bArr.length; i++) {
                bArr[i] = ((Byte) arrayList.get(i)).byteValue();
            }
            return new String(bArr, 0, bArr.length, "UTF-8");
        } catch (Exception e2) {
            if (Log.getStackTraceString(e2).contains("AEADBadTagException")) {
                return "";
            }
            TBLog.e("CryptoHelper", Log.getStackTraceString(e2));
            return "";
        }
    }
}
