package com.onemoresecret.crypto;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyProtection;
import android.util.Log;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.List;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import org.spongycastle.crypto.AsymmetricCipherKeyPair;
import org.spongycastle.crypto.generators.RSAKeyPairGenerator;
import org.spongycastle.crypto.params.RSAKeyGenerationParameters;
import org.spongycastle.crypto.util.PrivateKeyInfoFactory;
import org.spongycastle.crypto.util.SubjectPublicKeyInfoFactory;
import org.spongycastle.jcajce.provider.asymmetric.util.PrimeCertaintyCalculator;
import org.spongycastle.operator.OperatorCreationException;

/* loaded from: classes.dex */
public class CryptographyManager {
    public static final String ANDROID_KEYSTORE = "AndroidKeyStore";
    public static final int DEFAULT_DAYS_VALID = 9999;
    public static final String[] ENCRYPTION_PADDINGS = {"PKCS1Padding", "OAEPPadding"};
    private static final String TAG = "CryptographyManager";
    public final KeyStore keyStore;

    public CryptographyManager() {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
            this.keyStore = keyStore;
            try {
                keyStore.load(null);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    public static KeyPair generateKeyPair(int i) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        RSAKeyPairGenerator rSAKeyPairGenerator = new RSAKeyPairGenerator();
        rSAKeyPairGenerator.init(new RSAKeyGenerationParameters(BigInteger.valueOf(65537L), new SecureRandom(), i, PrimeCertaintyCalculator.getDefaultCertainty(i)));
        AsymmetricCipherKeyPair generateKeyPair = rSAKeyPairGenerator.generateKeyPair();
        return restoreKeyPair(PrivateKeyInfoFactory.createPrivateKeyInfo(generateKeyPair.getPrivate()).getEncoded(), SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(generateKeyPair.getPublic()).getEncoded());
    }

    public static X509Certificate restoreCertificate(byte[] bArr) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    public static KeyPair restoreKeyPair(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeySpecException {
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        return new KeyPair(keyFactory.generatePublic(new X509EncodedKeySpec(bArr2)), keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr)));
    }

    public void deleteKey(String str) throws KeyStoreException {
        this.keyStore.deleteEntry(str);
    }

    public KeyPair generateKeyPair(KeyGenParameterSpec keyGenParameterSpec) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEYSTORE);
        keyPairGenerator.initialize(keyGenParameterSpec);
        return keyPairGenerator.generateKeyPair();
    }

    public List<String> getByFingerprint(byte[] bArr) throws KeyStoreException {
        ArrayList arrayList = new ArrayList();
        Enumeration<String> aliases = this.keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            try {
                if (Arrays.equals(bArr, RSAUtils.getFingerprint((RSAPublicKey) ((X509Certificate) getCertificate(nextElement)).getPublicKey()))) {
                    arrayList.add(nextElement);
                }
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        return arrayList;
    }

    public Certificate getCertificate(String str) throws KeyStoreException {
        return this.keyStore.getCertificate(str);
    }

    public Cipher getInitializedCipherForDecryption(String str, String str2) {
        try {
            Cipher cipher = Cipher.getInstance(str2);
            cipher.init(2, (PrivateKey) Objects.requireNonNull(getPrivateKey(str)));
            return cipher;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public Cipher getInitializedCipherForEncryption(String str, String str2) throws KeyStoreException, NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException {
        Cipher cipher = Cipher.getInstance(str2);
        cipher.init(1, this.keyStore.getCertificate(str).getPublicKey());
        return cipher;
    }

    public PrivateKey getPrivateKey(String str) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        Key key = this.keyStore.getKey(str, null);
        if (key == null) {
            return null;
        }
        return (PrivateKey) key;
    }

    public void importKey(String str, KeyPair keyPair, Context context) throws CertificateException, KeyStoreException, IOException, OperatorCreationException {
        X509Certificate generate = SelfSignedCertGenerator.generate(keyPair, "SHA256withRSA", "OneMoreSecret", DEFAULT_DAYS_VALID);
        this.keyStore.setEntry(str, new KeyStore.PrivateKeyEntry(keyPair.getPrivate(), new Certificate[]{generate}), new KeyProtection.Builder(3).setUserAuthenticationRequired(true).setEncryptionPaddings(ENCRYPTION_PADDINGS).setIsStrongBoxBacked(context.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore")).build());
        Log.d(TAG, "Private key '" + str + "' successfully imported. Certificate: " + generate.getSerialNumber());
    }
}
