package defpackage;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.spec.SecretKeySpec;
import ru.railways.core.android.BaseApplication;

/* loaded from: classes3.dex */
public final class kq4 extends hq4 {
    public final KeyStore a;
    public final Cipher b;
    public final Cipher c;

    public kq4() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        this.a = keyStore;
        if (!keyStore.containsAlias("SharedPrefsRSA")) {
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("SharedPrefsRSA", 3).setDigests("SHA-256", "SHA-512").setBlockModes("ECB").setEncryptionPaddings("PKCS1Padding").build();
            ve5.e(build, "Builder(\n               …                 .build()");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
            h();
        }
        SecretKeySpec i = i();
        if (i == null) {
            h();
            i = i();
            ve5.c(i);
        }
        Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
        cipher.init(1, i);
        this.b = cipher;
        Cipher cipher2 = Cipher.getInstance("AES/ECB/PKCS5Padding");
        cipher2.init(2, i);
        this.c = cipher2;
    }

    public final String f(String str) {
        ve5.f(str, "encryptedText");
        byte[] doFinal = this.c.doFinal(Base64.decode(str, 0));
        ve5.e(doFinal, "decodingCipher\n         …tedText, Base64.DEFAULT))");
        return new String(doFinal, f10.b);
    }

    public final String g(String str) {
        byte[] bytes = str.getBytes(f10.b);
        ve5.e(bytes, "this as java.lang.String).getBytes(charset)");
        String encodeToString = Base64.encodeToString(this.b.doFinal(bytes), 0);
        ve5.e(encodeToString, "encodeToString(encodedBytes, Base64.DEFAULT)");
        return encodeToString;
    }

    public final void h() {
        Certificate certificate;
        PublicKey publicKey;
        Certificate certificate2;
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        KeyStore keyStore = this.a;
        try {
            if (Build.VERSION.SDK_INT >= 28) {
                certificate2 = keyStore.getCertificate("SharedPrefsRSA");
            } else {
                KeyStore.Entry entry = keyStore.getEntry("SharedPrefsRSA", null);
                ve5.d(entry, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
                certificate2 = ((KeyStore.PrivateKeyEntry) entry).getCertificate();
            }
            publicKey = certificate2.getPublicKey();
        } catch (Exception unused) {
            if (Build.VERSION.SDK_INT < 28) {
                certificate = keyStore.getCertificate("SharedPrefsRSA");
            } else {
                KeyStore.Entry entry2 = keyStore.getEntry("SharedPrefsRSA", null);
                ve5.d(entry2, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
                certificate = ((KeyStore.PrivateKeyEntry) entry2).getCertificate();
            }
            publicKey = certificate.getPublicKey();
        }
        cipher.init(1, publicKey);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        try {
            cipherOutputStream.write(bArr);
            ym8 ym8Var = ym8.a;
            l40.b(cipherOutputStream, null);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            ve5.e(byteArray, "outputStream.toByteArray()");
            String encodeToString = Base64.encodeToString(byteArray, 0);
            ve5.e(encodeToString, "encryptedSecretKeyB64");
            String str = BaseApplication.l;
            BaseApplication.a.b().getSharedPreferences("keys_pre_23api", 0).edit().putString(hq4.e("SharedPrefsRSA"), encodeToString).commit();
        } finally {
        }
    }

    public final SecretKeySpec i() {
        PrivateKey privateKey;
        String str = BaseApplication.l;
        String string = BaseApplication.a.b().getSharedPreferences("keys_pre_23api", 0).getString(hq4.e("SharedPrefsRSA"), null);
        if (string == null) {
            return null;
        }
        byte[] decode = Base64.decode(string, 0);
        ve5.e(decode, "encryptedSecretKey");
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        KeyStore keyStore = this.a;
        try {
            if (Build.VERSION.SDK_INT >= 28) {
                Key key = keyStore.getKey("SharedPrefsRSA", null);
                ve5.d(key, "null cannot be cast to non-null type java.security.PrivateKey");
                privateKey = (PrivateKey) key;
            } else {
                KeyStore.Entry entry = keyStore.getEntry("SharedPrefsRSA", null);
                ve5.d(entry, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
                privateKey = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
            }
        } catch (Exception unused) {
            if (Build.VERSION.SDK_INT < 28) {
                Key key2 = keyStore.getKey("SharedPrefsRSA", null);
                ve5.d(key2, "null cannot be cast to non-null type java.security.PrivateKey");
                privateKey = (PrivateKey) key2;
            } else {
                KeyStore.Entry entry2 = keyStore.getEntry("SharedPrefsRSA", null);
                ve5.d(entry2, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
                privateKey = ((KeyStore.PrivateKeyEntry) entry2).getPrivateKey();
            }
        }
        cipher.init(2, privateKey);
        return new SecretKeySpec(j75.G(new CipherInputStream(new ByteArrayInputStream(decode), cipher)), "AES");
    }
}
