package be.appmire.flutterkeychain;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.security.auth.x500.X500Principal;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;

/* loaded from: classes.dex */
public final class RsaKeyStoreKeyWrapper implements KeyWrapper {

    @NotNull
    private final String KEYSTORE_PROVIDER_ANDROID;

    @NotNull
    private final String TYPE_RSA;

    @NotNull
    private final Context context;

    @NotNull
    private final String keyAlias;

    public RsaKeyStoreKeyWrapper(@NotNull Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        this.TYPE_RSA = "RSA";
        this.KEYSTORE_PROVIDER_ANDROID = "AndroidKeyStore";
        this.keyAlias = context.getPackageName() + ".FlutterKeychain";
        this.context = context;
        createRSAKeysIfNeeded();
    }

    @SuppressLint({"NewApi"})
    private final void createKeys() {
        AlgorithmParameterSpec build;
        String str;
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 25);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.TYPE_RSA, this.KEYSTORE_PROVIDER_ANDROID);
        if (Build.VERSION.SDK_INT < 23) {
            build = new KeyPairGeneratorSpec.Builder(this.context).setAlias(this.keyAlias).setSubject(new X500Principal("CN=" + this.keyAlias)).setSerialNumber(BigInteger.valueOf(1L)).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
            str = "Builder(context)\n       …\n                .build()";
        } else {
            build = new KeyGenParameterSpec.Builder(this.keyAlias, 3).setCertificateSubject(new X500Principal("CN=" + this.keyAlias)).setDigests("SHA-256").setEncryptionPaddings("PKCS1Padding").setUserAuthenticationRequired(false).setCertificateSerialNumber(BigInteger.valueOf(1L)).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).build();
            str = "Builder(\n               …\n                .build()";
        }
        Intrinsics.checkNotNullExpressionValue(build, str);
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
    }

    private final void createRSAKeysIfNeeded() {
        PublicKey publicKey;
        PrivateKey privateKey;
        KeyStore keyStore = KeyStore.getInstance(this.KEYSTORE_PROVIDER_ANDROID);
        keyStore.load(null);
        int i2 = 1;
        PrivateKey privateKey2 = null;
        while (true) {
            if (i2 >= 6) {
                publicKey = null;
                break;
            }
            try {
                Key key = keyStore.getKey(this.keyAlias, null);
                Intrinsics.checkNotNull(key, "null cannot be cast to non-null type java.security.PrivateKey");
                PrivateKey privateKey3 = (PrivateKey) key;
                try {
                    publicKey = keyStore.getCertificate(this.keyAlias).getPublicKey();
                    privateKey2 = privateKey3;
                    break;
                } catch (Exception unused) {
                    privateKey2 = privateKey3;
                }
            } catch (Exception unused2) {
            }
            i2++;
        }
        if (privateKey2 == null || publicKey == null) {
            createKeys();
            try {
                Key key2 = keyStore.getKey(this.keyAlias, null);
                Intrinsics.checkNotNull(key2, "null cannot be cast to non-null type java.security.PrivateKey");
                privateKey = (PrivateKey) key2;
            } catch (Exception unused3) {
            }
            try {
                publicKey = keyStore.getCertificate(this.keyAlias).getPublicKey();
            } catch (Exception unused4) {
                privateKey2 = privateKey;
                keyStore.deleteEntry(this.keyAlias);
                privateKey = privateKey2;
                if (privateKey != null) {
                }
                createKeys();
            }
            if (privateKey != null || publicKey == null) {
                createKeys();
            }
        }
    }

    private final KeyStore getKeyStore() {
        KeyStore ks = KeyStore.getInstance(this.KEYSTORE_PROVIDER_ANDROID);
        ks.load(null);
        Intrinsics.checkNotNullExpressionValue(ks, "ks");
        return ks;
    }

    private final Cipher getRSACipher() {
        Cipher cipher;
        String str;
        if (Build.VERSION.SDK_INT < 23) {
            cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
            str = "{\n            Cipher.get…e or public key\n        }";
        } else {
            cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidKeyStoreBCWorkaround");
            str = "{\n            Cipher.get…oreBCWorkaround\n        }";
        }
        Intrinsics.checkNotNullExpressionValue(cipher, str);
        return cipher;
    }

    @NotNull
    public final byte[] decrypt(@NotNull byte[] input) {
        Intrinsics.checkNotNullParameter(input, "input");
        Key key = getKeyStore().getKey(this.keyAlias, null);
        Cipher rSACipher = getRSACipher();
        rSACipher.init(2, key);
        byte[] doFinal = rSACipher.doFinal(input);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(input)");
        return doFinal;
    }

    @NotNull
    public final byte[] encrypt(@NotNull byte[] input) {
        Intrinsics.checkNotNullParameter(input, "input");
        PublicKey publicKey = getKeyStore().getCertificate(this.keyAlias).getPublicKey();
        Cipher rSACipher = getRSACipher();
        rSACipher.init(1, publicKey);
        byte[] doFinal = rSACipher.doFinal(input);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(input)");
        return doFinal;
    }

    @Override // be.appmire.flutterkeychain.KeyWrapper
    @NotNull
    public Key unwrap(@NotNull byte[] wrappedKey, @NotNull String algorithm) {
        Intrinsics.checkNotNullParameter(wrappedKey, "wrappedKey");
        Intrinsics.checkNotNullParameter(algorithm, "algorithm");
        Key key = getKeyStore().getKey(this.keyAlias, null);
        Cipher rSACipher = getRSACipher();
        rSACipher.init(4, key);
        Key unwrap = rSACipher.unwrap(wrappedKey, algorithm, 3);
        Intrinsics.checkNotNullExpressionValue(unwrap, "cipher.unwrap(wrappedKey…rithm, Cipher.SECRET_KEY)");
        return unwrap;
    }

    @Override // be.appmire.flutterkeychain.KeyWrapper
    @NotNull
    public byte[] wrap(@NotNull Key key) {
        Intrinsics.checkNotNullParameter(key, "key");
        Certificate certificate = getKeyStore().getCertificate(this.keyAlias);
        PublicKey publicKey = certificate != null ? certificate.getPublicKey() : null;
        Cipher rSACipher = getRSACipher();
        rSACipher.init(3, publicKey);
        byte[] wrap = rSACipher.wrap(key);
        Intrinsics.checkNotNullExpressionValue(wrap, "cipher.wrap(key)");
        return wrap;
    }
}
