package be.appmire.flutterkeychain;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import io.flutter.plugins.firebase.crashlytics.Constants;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;

@Metadata(bv = {1, 0, 3}, d1 = {"\u0000>\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0003\n\u0002\u0010\u000e\n\u0002\b\t\n\u0002\u0018\u0002\n\u0002\b\u0007\u0018\u00002\u00020\u0001B\u000f\u0012\u0006\u0010\u001d\u001a\u00020\u001c¢\u0006\u0004\b!\u0010\"J\u000f\u0010\u0003\u001a\u00020\u0002H\u0002¢\u0006\u0004\b\u0003\u0010\u0004J\u000f\u0010\u0006\u001a\u00020\u0005H\u0002¢\u0006\u0004\b\u0006\u0010\u0007J\u000f\u0010\t\u001a\u00020\bH\u0002¢\u0006\u0004\b\t\u0010\nJ\u000f\u0010\u000b\u001a\u00020\bH\u0003¢\u0006\u0004\b\u000b\u0010\nJ\u0017\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\r\u001a\u00020\fH\u0016¢\u0006\u0004\b\u000f\u0010\u0010J\u001f\u0010\u0014\u001a\u00020\f2\u0006\u0010\u0011\u001a\u00020\u000e2\u0006\u0010\u0013\u001a\u00020\u0012H\u0016¢\u0006\u0004\b\u0014\u0010\u0015J\u0015\u0010\u0017\u001a\u00020\u000e2\u0006\u0010\u0016\u001a\u00020\u000e¢\u0006\u0004\b\u0017\u0010\u0018J\u0015\u0010\u0019\u001a\u00020\u000e2\u0006\u0010\u0016\u001a\u00020\u000e¢\u0006\u0004\b\u0019\u0010\u0018R\u0016\u0010\u001a\u001a\u00020\u00128\u0002@\u0002X\u0082D¢\u0006\u0006\n\u0004\b\u001a\u0010\u001bR\u0016\u0010\u001d\u001a\u00020\u001c8\u0002@\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u001d\u0010\u001eR\u0016\u0010\u001f\u001a\u00020\u00128\u0002@\u0002X\u0082D¢\u0006\u0006\n\u0004\b\u001f\u0010\u001bR\u0016\u0010 \u001a\u00020\u00128\u0002@\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b \u0010\u001b¨\u0006#"}, d2 = {"Lbe/appmire/flutterkeychain/RsaKeyStoreKeyWrapper;", "Lbe/appmire/flutterkeychain/KeyWrapper;", "Ljava/security/KeyStore;", "getKeyStore", "()Ljava/security/KeyStore;", "Ljavax/crypto/Cipher;", "getRSACipher", "()Ljavax/crypto/Cipher;", "", "createRSAKeysIfNeeded", "()V", "createKeys", "Ljava/security/Key;", Constants.KEY, "", "wrap", "(Ljava/security/Key;)[B", "wrappedKey", "", "algorithm", "unwrap", "([BLjava/lang/String;)Ljava/security/Key;", "input", "encrypt", "([B)[B", "decrypt", "TYPE_RSA", "Ljava/lang/String;", "Landroid/content/Context;", "context", "Landroid/content/Context;", "KEYSTORE_PROVIDER_ANDROID", "keyAlias", "<init>", "(Landroid/content/Context;)V", "flutter_keychain_release"}, k = 1, mv = {1, 4, 2})
/* loaded from: classes.dex */
public final class RsaKeyStoreKeyWrapper implements KeyWrapper {
    private final String KEYSTORE_PROVIDER_ANDROID;
    private final String TYPE_RSA;
    private final Context context;
    private final String keyAlias;

    public RsaKeyStoreKeyWrapper(@NotNull Context context) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        this.TYPE_RSA = "RSA";
        this.KEYSTORE_PROVIDER_ANDROID = "AndroidKeyStore";
        this.keyAlias = context.getPackageName() + ".FlutterKeychain";
        this.context = context;
        createRSAKeysIfNeeded();
    }

    @SuppressLint({"NewApi"})
    private final void createKeys() throws Exception {
        AlgorithmParameterSpec build;
        Calendar start = Calendar.getInstance();
        Calendar end = Calendar.getInstance();
        end.add(1, 25);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.TYPE_RSA, this.KEYSTORE_PROVIDER_ANDROID);
        if (Build.VERSION.SDK_INT < 23) {
            KeyPairGeneratorSpec.Builder serialNumber = new KeyPairGeneratorSpec.Builder(this.context).setAlias(this.keyAlias).setSubject(new X500Principal("CN=" + this.keyAlias)).setSerialNumber(BigInteger.valueOf(1L));
            Intrinsics.checkExpressionValueIsNotNull(start, "start");
            KeyPairGeneratorSpec.Builder startDate = serialNumber.setStartDate(start.getTime());
            Intrinsics.checkExpressionValueIsNotNull(end, "end");
            build = startDate.setEndDate(end.getTime()).build();
            Intrinsics.checkExpressionValueIsNotNull(build, "android.security.KeyPair…e)\n              .build()");
        } else {
            KeyGenParameterSpec.Builder certificateSerialNumber = new KeyGenParameterSpec.Builder(this.keyAlias, 3).setCertificateSubject(new X500Principal("CN=" + this.keyAlias)).setDigests("SHA-256").setEncryptionPaddings("PKCS1Padding").setUserAuthenticationRequired(false).setCertificateSerialNumber(BigInteger.valueOf(1L));
            Intrinsics.checkExpressionValueIsNotNull(start, "start");
            KeyGenParameterSpec.Builder certificateNotBefore = certificateSerialNumber.setCertificateNotBefore(start.getTime());
            Intrinsics.checkExpressionValueIsNotNull(end, "end");
            build = certificateNotBefore.setCertificateNotAfter(end.getTime()).build();
            Intrinsics.checkExpressionValueIsNotNull(build, "KeyGenParameterSpec.Buil…\n                .build()");
        }
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
    }

    private final void createRSAKeysIfNeeded() throws Exception {
        PublicKey publicKey;
        Key key;
        KeyStore keyStore = KeyStore.getInstance(this.KEYSTORE_PROVIDER_ANDROID);
        keyStore.load(null);
        int i = 1;
        PrivateKey privateKey = null;
        while (true) {
            if (i > 5) {
                publicKey = null;
                break;
            }
            try {
                Key key2 = keyStore.getKey(this.keyAlias, null);
                if (key2 == null) {
                    throw new TypeCastException("null cannot be cast to non-null type java.security.PrivateKey");
                    break;
                }
                PrivateKey privateKey2 = (PrivateKey) key2;
                try {
                    Certificate certificate = keyStore.getCertificate(this.keyAlias);
                    Intrinsics.checkExpressionValueIsNotNull(certificate, "ks.getCertificate(keyAlias)");
                    publicKey = certificate.getPublicKey();
                    privateKey = privateKey2;
                    break;
                } catch (Exception unused) {
                    privateKey = privateKey2;
                }
            } catch (Exception unused2) {
            }
            i++;
        }
        if (privateKey == null || publicKey == null) {
            createKeys();
            try {
                key = keyStore.getKey(this.keyAlias, null);
            } catch (Exception unused3) {
            }
            if (key == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.security.PrivateKey");
            }
            PrivateKey privateKey3 = (PrivateKey) key;
            try {
                Certificate certificate2 = keyStore.getCertificate(this.keyAlias);
                Intrinsics.checkExpressionValueIsNotNull(certificate2, "ks.getCertificate(keyAlias)");
                publicKey = certificate2.getPublicKey();
            } catch (Exception unused4) {
                privateKey = privateKey3;
                keyStore.deleteEntry(this.keyAlias);
                privateKey3 = privateKey;
                if (privateKey3 != null) {
                }
                createKeys();
            }
            if (privateKey3 != null || publicKey == null) {
                createKeys();
            }
        }
    }

    private final KeyStore getKeyStore() throws Exception {
        KeyStore ks = KeyStore.getInstance(this.KEYSTORE_PROVIDER_ANDROID);
        ks.load(null);
        Intrinsics.checkExpressionValueIsNotNull(ks, "ks");
        return ks;
    }

    private final Cipher getRSACipher() throws Exception {
        if (Build.VERSION.SDK_INT < 23) {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
            Intrinsics.checkExpressionValueIsNotNull(cipher, "Cipher.getInstance(\"RSA/…dding\", \"AndroidOpenSSL\")");
            return cipher;
        }
        Cipher cipher2 = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidKeyStoreBCWorkaround");
        Intrinsics.checkExpressionValueIsNotNull(cipher2, "Cipher.getInstance(\"RSA/…oidKeyStoreBCWorkaround\")");
        return cipher2;
    }

    @NotNull
    public final byte[] decrypt(@NotNull byte[] input) throws Exception {
        Intrinsics.checkParameterIsNotNull(input, "input");
        Key key = getKeyStore().getKey(this.keyAlias, null);
        Cipher rSACipher = getRSACipher();
        rSACipher.init(2, key);
        byte[] doFinal = rSACipher.doFinal(input);
        Intrinsics.checkExpressionValueIsNotNull(doFinal, "cipher.doFinal(input)");
        return doFinal;
    }

    @NotNull
    public final byte[] encrypt(@NotNull byte[] input) throws Exception {
        Intrinsics.checkParameterIsNotNull(input, "input");
        Certificate certificate = getKeyStore().getCertificate(this.keyAlias);
        Intrinsics.checkExpressionValueIsNotNull(certificate, "getKeyStore().getCertificate(keyAlias)");
        PublicKey publicKey = certificate.getPublicKey();
        Cipher rSACipher = getRSACipher();
        rSACipher.init(1, publicKey);
        byte[] doFinal = rSACipher.doFinal(input);
        Intrinsics.checkExpressionValueIsNotNull(doFinal, "cipher.doFinal(input)");
        return doFinal;
    }

    @Override // be.appmire.flutterkeychain.KeyWrapper
    @NotNull
    public Key unwrap(@NotNull byte[] wrappedKey, @NotNull String algorithm) throws Exception {
        Intrinsics.checkParameterIsNotNull(wrappedKey, "wrappedKey");
        Intrinsics.checkParameterIsNotNull(algorithm, "algorithm");
        Key key = getKeyStore().getKey(this.keyAlias, null);
        Cipher rSACipher = getRSACipher();
        rSACipher.init(4, key);
        Key unwrap = rSACipher.unwrap(wrappedKey, algorithm, 3);
        Intrinsics.checkExpressionValueIsNotNull(unwrap, "cipher.unwrap(wrappedKey…rithm, Cipher.SECRET_KEY)");
        return unwrap;
    }

    @Override // be.appmire.flutterkeychain.KeyWrapper
    @NotNull
    public byte[] wrap(@NotNull Key key) throws Exception {
        Intrinsics.checkParameterIsNotNull(key, "key");
        Certificate certificate = getKeyStore().getCertificate(this.keyAlias);
        PublicKey publicKey = certificate != null ? certificate.getPublicKey() : null;
        Cipher rSACipher = getRSACipher();
        rSACipher.init(3, publicKey);
        byte[] wrap = rSACipher.wrap(key);
        Intrinsics.checkExpressionValueIsNotNull(wrap, "cipher.wrap(key)");
        return wrap;
    }
}
