package it.matmacci.mmc.core.engine.security;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.io.IOException;
import java.lang.ref.WeakReference;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Calendar;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.security.auth.x500.X500Principal;
import timber.log.Timber;

/* loaded from: classes2.dex */
public class MmcSecureProvider {
    private static final String ALGORITHM = "RSA";
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String MASTER_KEY = "MASTER_KEY";
    private static final String TRANSFORMATION = "RSA/ECB/PKCS1Padding";
    private static MmcSecureProvider provider;
    private KeyPair keyPair;
    private final WeakReference<Context> refContext;

    private MmcSecureProvider(Context context) {
        this.refContext = new WeakReference<>(context);
    }

    public static String decrypt(String str) {
        Timber.d("decrypt called", new Object[0]);
        MmcSecureProvider mmcSecureProvider = provider;
        if (mmcSecureProvider == null) {
            throw new IllegalStateException("decrypt called before init");
        }
        if (mmcSecureProvider.keyPair == null) {
            throw new IllegalStateException("decrypt called before loadKeyPair");
        }
        try {
            Cipher cipher = Cipher.getInstance(TRANSFORMATION);
            cipher.init(2, provider.keyPair.getPrivate());
            byte[] doFinal = cipher.doFinal(Base64.decode(str, 2));
            return new String(doFinal, 0, doFinal.length, StandardCharsets.UTF_8);
        } catch (InvalidKeyException unused) {
            Timber.e("The provided key is inappropriate for cipher initialization or the given parameters are not valid", new Object[0]);
            return null;
        } catch (NoSuchAlgorithmException e) {
            Timber.e(e, "Transformation is not valid or Provider does not support CipherSpi implementation", new Object[0]);
            return null;
        } catch (BadPaddingException e2) {
            Timber.e(e2, "The input data provided is not bounded by the appropriate padding bytes", new Object[0]);
            return null;
        } catch (IllegalBlockSizeException e3) {
            Timber.e(e3, "The encryption algorithm is unable to process the input data provided", new Object[0]);
            return null;
        } catch (NoSuchPaddingException e4) {
            Timber.e(e4, "Transformation contains a padding scheme that is not available", new Object[0]);
            return null;
        }
    }

    public static String encrypt(String str) {
        Timber.d("encrypt called", new Object[0]);
        MmcSecureProvider mmcSecureProvider = provider;
        if (mmcSecureProvider == null) {
            throw new IllegalStateException("encrypt called before init");
        }
        if (mmcSecureProvider.keyPair == null) {
            throw new IllegalStateException("encrypt called before loadKeyPair");
        }
        try {
            Cipher cipher = Cipher.getInstance(TRANSFORMATION);
            cipher.init(1, provider.keyPair.getPublic());
            return Base64.encodeToString(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)), 2);
        } catch (InvalidKeyException unused) {
            Timber.e("The provided key is inappropriate for cipher initialization or the given parameters are not valid", new Object[0]);
            return null;
        } catch (NoSuchAlgorithmException e) {
            Timber.e(e, "Transformation is not valid or Provider does not support CipherSpi implementation", new Object[0]);
            return null;
        } catch (BadPaddingException e2) {
            Timber.e(e2, "The input data provided is not bounded by the appropriate padding bytes", new Object[0]);
            return null;
        } catch (IllegalBlockSizeException e3) {
            Timber.e(e3, "The encryption algorithm is unable to process the input data provided", new Object[0]);
            return null;
        } catch (NoSuchPaddingException e4) {
            Timber.e(e4, "Transformation contains a padding scheme that is not available", new Object[0]);
            return null;
        }
    }

    public static void init(Context context) {
        synchronized (MmcSecureProvider.class) {
            if (provider == null) {
                provider = new MmcSecureProvider(context);
            }
        }
    }

    private boolean initKeyPair() {
        Timber.d("initKeyPair called", new Object[0]);
        if (provider == null) {
            throw new IllegalStateException("initKeyPair called before init");
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM, ANDROID_KEY_STORE);
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 25);
            X500Principal x500Principal = new X500Principal("CN=MASTER_KEY CA Certificate");
            if (Build.VERSION.SDK_INT >= 23) {
                keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(MASTER_KEY, 3).setBlockModes("ECB").setEncryptionPaddings("PKCS1Padding").setCertificateSubject(x500Principal).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).setCertificateSerialNumber(BigInteger.ONE).build());
            } else {
                keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(provider.refContext.get()).setAlias(MASTER_KEY).setSubject(x500Principal).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build());
            }
            provider.keyPair = keyPairGenerator.generateKeyPair();
            return true;
        } catch (InvalidAlgorithmParameterException e) {
            Timber.e(e, "The algorithm to recover the key is not valid", new Object[0]);
            return false;
        } catch (NoSuchAlgorithmException e2) {
            Timber.e(e2, "The KeyPairGeneratorSpi implementation for the specified algorithm is not available from the specified provider", new Object[0]);
            return false;
        } catch (NoSuchProviderException e3) {
            Timber.e(e3, "The algorithm to recover the key cannot be found", new Object[0]);
            return false;
        }
    }

    public static boolean loadKeyPair() {
        Timber.d("loadKeyPair called", new Object[0]);
        if (provider == null) {
            throw new IllegalStateException("loadKeyPair called before init");
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore.load(null);
            if (!keyStore.containsAlias(MASTER_KEY)) {
                return provider.initKeyPair();
            }
            Key key = keyStore.getKey(MASTER_KEY, null);
            if (key == null) {
                Timber.e("The Private Key is null", new Object[0]);
                return provider.initKeyPair();
            }
            if (!(key instanceof PrivateKey)) {
                Timber.e("Retrieved key is not a Private key", new Object[0]);
                return provider.initKeyPair();
            }
            Certificate certificate = keyStore.getCertificate(MASTER_KEY);
            if (certificate == null) {
                Timber.e("The Certificate is null", new Object[0]);
                return provider.initKeyPair();
            }
            Timber.d("KeyStore available with Private and Public keys", new Object[0]);
            provider.keyPair = new KeyPair(certificate.getPublicKey(), (PrivateKey) key);
            return true;
        } catch (IOException e) {
            Timber.e(e, "I/O or format problem with the KeyStore", new Object[0]);
            return false;
        } catch (KeyStoreException e2) {
            Timber.e(e2, "No Provider supports a KeyStoreSpi implementation for the specified type", new Object[0]);
            return false;
        } catch (NoSuchAlgorithmException e3) {
            Timber.e(e3, "Load store parameter cannot be recognized", new Object[0]);
            return false;
        } catch (UnrecoverableKeyException e4) {
            Timber.e(e4, "The key cannot be recovered due to wrong password", new Object[0]);
            return false;
        } catch (CertificateException e5) {
            Timber.e(e5, "Any of the certificates in the keystore could not be loaded", new Object[0]);
            return false;
        }
    }
}
