package com.tuya.sdk.security;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.annotation.Nullable;
import com.amazon.identity.auth.device.datastore.AESEncryptor;
import com.tuya.bouncycastle.jce.provider.BouncyCastleProvider;
import com.tuya.sdk.security.SecuredPreferenceStore;
import com.tuya.smart.android.common.utils.AESUtil;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes29.dex */
public class EncryptionManager {
    public static final String AES_KEY_ALIAS_NAME = "aes_key";
    public static final String BLOCK_MODE_CBC = "CBC";
    public static final String BLOCK_MODE_ECB = "ECB";
    public static final String BLOCK_MODE_GCM = "GCM";
    public static final String DEFAULT_CHARSET = "UTF-8";
    public static final String DEFAULT_KEY_ALIAS_PREFIX = "sps";
    public static final String ENCRYPTION_PADDING_NONE = "NoPadding";
    public static final String ENCRYPTION_PADDING_PKCS7 = "PKCS7Padding";
    public static final String ENCRYPTION_PADDING_RSA_PKCS1 = "PKCS1Padding";
    public static final String IS_COMPAT_MODE_KEY_ALIAS_NAME = "data_in_compat";
    public static final String KEY_ALGORITHM_AES = "AES";
    public static final String KEY_ALGORITHM_RSA = "RSA";
    public static final String MAC_ALGORITHM_HMAC_SHA256 = "HmacSHA256";
    public static final String MAC_KEY_ALIAS_NAME = "mac_key";
    public static final String OVERRIDING_KEY_ALIAS_PREFIX_NAME = "OverridingAlias";
    public static final String RSA_KEY_ALIAS_NAME = "rsa_key";
    public final int AES_BIT_LENGTH;
    public final String AES_CIPHER;
    public final String AES_CIPHER_COMPAT;
    public final String AES_KEY_ALIAS;
    public final String BOUNCY_CASTLE_PROVIDER;
    public final int COMPAT_IV_LENGTH;
    public final String DELIMITER;
    public final int GCM_TAG_LENGTH;
    public final String IS_COMPAT_MODE_KEY_ALIAS;
    public final int IV_LENGTH;
    public final String KEYSTORE_PROVIDER;
    public final int MAC_BIT_LENGTH;
    public final String MAC_CIPHER;
    public final String MAC_KEY_ALIAS;
    public final int RSA_BIT_LENGTH;
    public final String RSA_CIPHER;
    public final String RSA_KEY_ALIAS;
    public final byte[] SHIFTING_KEY;
    public final String SSL_PROVIDER;
    public SecretKey aesKey;
    public boolean isCompat16Mode;
    public boolean isCompatMode;
    public Context mContext;
    public String mKeyAliasPrefix;
    public SharedPreferences mPrefs;
    public SecuredPreferenceStore.KeyStoreRecoveryNotifier mRecoveryHandler;
    public KeyStore mStore;
    public SecretKey macKey;
    public RSAPrivateKey privateKey;
    public RSAPublicKey publicKey;

    /* loaded from: classes29.dex */
    public static class EncryptedData {
        public byte[] IV;
        public byte[] encryptedData;
        public byte[] mac;

        public EncryptedData() {
            this.IV = null;
            this.encryptedData = null;
            this.mac = null;
        }

        public EncryptedData(byte[] bArr, byte[] bArr2, byte[] bArr3) {
            this.IV = bArr;
            this.encryptedData = bArr2;
            this.mac = bArr3;
        }

        public byte[] getDataForMacComputation() {
            byte[] bArr = this.IV;
            byte[] bArr2 = new byte[bArr.length + this.encryptedData.length];
            System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
            byte[] bArr3 = this.encryptedData;
            System.arraycopy(bArr3, 0, bArr2, this.IV.length, bArr3.length);
            return bArr2;
        }

        public byte[] getEncryptedData() {
            return this.encryptedData;
        }

        public byte[] getIV() {
            return this.IV;
        }

        public byte[] getMac() {
            return this.mac;
        }

        public void setEncryptedData(byte[] bArr) {
            this.encryptedData = bArr;
        }

        public void setIV(byte[] bArr) {
            this.IV = bArr;
        }

        public void setMac(byte[] bArr) {
            this.mac = bArr;
        }
    }

    /* loaded from: classes29.dex */
    public class InvalidMacException extends GeneralSecurityException {
        public InvalidMacException() {
            super("Invalid Mac, failed to verify integrity.");
        }
    }

    static {
        if (Build.VERSION.SDK_INT < 21) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    public EncryptionManager(Context context, SharedPreferences sharedPreferences, SecuredPreferenceStore.KeyStoreRecoveryNotifier keyStoreRecoveryNotifier) {
        this(context, sharedPreferences, null, null, keyStoreRecoveryNotifier);
    }

    public EncryptionManager(Context context, SharedPreferences sharedPreferences, @Nullable String str, @Nullable byte[] bArr, SecuredPreferenceStore.KeyStoreRecoveryNotifier keyStoreRecoveryNotifier) {
        this.RSA_BIT_LENGTH = 2048;
        this.AES_BIT_LENGTH = 256;
        this.MAC_BIT_LENGTH = 256;
        this.GCM_TAG_LENGTH = 128;
        this.COMPAT_IV_LENGTH = 16;
        this.IV_LENGTH = 12;
        this.KEYSTORE_PROVIDER = "AndroidKeyStore";
        this.SSL_PROVIDER = "AndroidOpenSSL";
        this.BOUNCY_CASTLE_PROVIDER = "BC";
        this.DELIMITER = "]";
        this.RSA_CIPHER = AESEncryptor.RSA_ECB_PKCS1_PADDING;
        this.AES_CIPHER = "AES/GCM/NoPadding";
        this.AES_CIPHER_COMPAT = "AES/CBC/PKCS7Padding";
        this.MAC_CIPHER = MAC_ALGORITHM_HMAC_SHA256;
        boolean z = false;
        this.isCompatMode = false;
        this.isCompat16Mode = false;
        this.SHIFTING_KEY = bArr;
        this.isCompat16Mode = Build.VERSION.SDK_INT <= 17;
        this.mContext = context;
        this.mPrefs = sharedPreferences;
        this.mRecoveryHandler = keyStoreRecoveryNotifier;
        try {
            str = sharedPreferences.getString(getHashed(OVERRIDING_KEY_ALIAS_PREFIX_NAME), str);
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
        }
        this.mKeyAliasPrefix = str == null ? DEFAULT_KEY_ALIAS_PREFIX : str;
        this.IS_COMPAT_MODE_KEY_ALIAS = String.format("%s_%s", this.mKeyAliasPrefix, IS_COMPAT_MODE_KEY_ALIAS_NAME);
        this.RSA_KEY_ALIAS = String.format("%s_%s", this.mKeyAliasPrefix, RSA_KEY_ALIAS_NAME);
        this.AES_KEY_ALIAS = String.format("%s_%s", this.mKeyAliasPrefix, AES_KEY_ALIAS_NAME);
        this.MAC_KEY_ALIAS = String.format("%s_%s", this.mKeyAliasPrefix, MAC_KEY_ALIAS_NAME);
        if (this.isCompat16Mode) {
            return;
        }
        try {
            this.isCompatMode = sharedPreferences.getBoolean(getHashed(this.IS_COMPAT_MODE_KEY_ALIAS), Build.VERSION.SDK_INT < 23);
            loadKeyStore();
            try {
                setup(context, sharedPreferences, bArr);
            } catch (Exception e3) {
                if (!isRecoverableError(e3)) {
                    throw e3;
                }
                z = tryRecovery(e3);
            }
            if (z) {
                setup(context, sharedPreferences, bArr);
            }
        } catch (Exception e4) {
            e4.printStackTrace();
            this.isCompat16Mode = true;
        }
    }

    public static byte[] base64Decode(String str) {
        return Base64.decode(str, 2);
    }

    public static String base64Encode(byte[] bArr) {
        return Base64.encodeToString(bArr, 2);
    }

    private byte[] decryptAES16Compat(byte[] bArr, byte[] bArr2) {
        AESUtil aESUtil = new AESUtil();
        aESUtil.setALGO("AES");
        aESUtil.setKeyValue(bArr2);
        try {
            return aESUtil.decryptWithBytes(bArr);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static String getHashed(String str) throws NoSuchAlgorithmException, UnsupportedEncodingException {
        return toHex(MessageDigest.getInstance("SHA-256").digest(str.getBytes("UTF-8")));
    }

    public static String toHex(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            sb.append(String.format("%02X", Byte.valueOf(b)));
        }
        return sb.toString();
    }

    private byte[] xorWithKey(byte[] bArr, byte[] bArr2) {
        if (bArr2 == null || bArr2.length == 0) {
            return bArr;
        }
        byte[] bArr3 = new byte[bArr.length];
        for (int i = 0; i < bArr.length; i++) {
            bArr3[i] = (byte) (bArr[i] ^ bArr2[i % bArr2.length]);
        }
        return bArr3;
    }

    public byte[] RSADecrypt(byte[] bArr) throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException {
        Cipher cipher = Cipher.getInstance(AESEncryptor.RSA_ECB_PKCS1_PADDING, "AndroidOpenSSL");
        cipher.init(2, this.privateKey);
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        byte[] bArr2 = new byte[arrayList.size()];
        for (int i = 0; i < bArr2.length; i++) {
            bArr2[i] = ((Byte) arrayList.get(i)).byteValue();
        }
        cipherInputStream.close();
        return bArr2;
    }

    public byte[] RSAEncrypt(byte[] bArr) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IOException {
        Cipher cipher = Cipher.getInstance(AESEncryptor.RSA_ECB_PKCS1_PADDING, "AndroidOpenSSL");
        cipher.init(1, this.publicKey);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(bArr);
        cipherOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] computeMac(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance(MAC_ALGORITHM_HMAC_SHA256);
        mac.init(this.macKey);
        return mac.doFinal(bArr);
    }

    public EncryptedData decodeEncryptedText(String str) {
        EncryptedData encryptedData = new EncryptedData();
        String[] split = str.split("]");
        encryptedData.IV = base64Decode(split[0]);
        encryptedData.encryptedData = base64Decode(split[1]);
        if (split.length > 2) {
            encryptedData.mac = base64Decode(split[2]);
        }
        return encryptedData;
    }

    public String decrypt(String str) throws IOException, NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidMacException, NoSuchProviderException, InvalidAlgorithmParameterException, KeyStoreException, UnrecoverableEntryException {
        if (str == null || str.length() <= 0) {
            return null;
        }
        byte[] tryDecrypt = tryDecrypt(decodeEncryptedText(str));
        return new String(tryDecrypt, 0, tryDecrypt.length, "UTF-8");
    }

    public void decrypt(BufferedInputStream bufferedInputStream, BufferedOutputStream bufferedOutputStream) throws IOException, NoSuchProviderException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException {
        int i = this.isCompatMode ? 16 : 12;
        byte[] bArr = new byte[i];
        int read = bufferedInputStream.read(bArr, 0, i);
        if (read == -1 || read != i) {
            throw new IllegalArgumentException("Unexpected encryption state");
        }
        CipherInputStream cipherInputStream = new CipherInputStream(bufferedInputStream, this.isCompatMode ? getCipherAESCompat(bArr, false) : getCipherAES(bArr, false));
        byte[] bArr2 = new byte[4096];
        while (true) {
            int read2 = cipherInputStream.read(bArr2);
            if (read2 == -1) {
                bufferedOutputStream.flush();
                bufferedOutputStream.close();
                cipherInputStream.close();
                return;
            }
            bufferedOutputStream.write(bArr2, 0, read2);
        }
    }

    public byte[] decrypt(EncryptedData encryptedData) throws IOException, NoSuchPaddingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidMacException, NoSuchProviderException, InvalidKeyException {
        byte[] bArr;
        if (encryptedData == null || (bArr = encryptedData.encryptedData) == null) {
            return null;
        }
        return this.isCompat16Mode ? decryptAES16Compat(bArr, this.SHIFTING_KEY) : this.isCompatMode ? decryptAESCompat(encryptedData) : decryptAES(encryptedData);
    }

    @TargetApi(19)
    public byte[] decryptAES(EncryptedData encryptedData) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        return getCipherAES(encryptedData.IV, false).doFinal(encryptedData.encryptedData);
    }

    public byte[] decryptAESCompat(EncryptedData encryptedData) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, NoSuchPaddingException, InvalidAlgorithmParameterException, BadPaddingException, IllegalBlockSizeException, InvalidMacException {
        if (verifyMac(encryptedData.mac, encryptedData.getDataForMacComputation())) {
            return getCipherAESCompat(encryptedData.IV, false).doFinal(encryptedData.encryptedData);
        }
        throw new InvalidMacException();
    }

    public String encodeEncryptedData(EncryptedData encryptedData) {
        if (encryptedData.mac == null) {
            return base64Encode(encryptedData.IV) + "]" + base64Encode(encryptedData.encryptedData);
        }
        return base64Encode(encryptedData.IV) + "]" + base64Encode(encryptedData.encryptedData) + "]" + base64Encode(encryptedData.mac);
    }

    public EncryptedData encrypt(byte[] bArr) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IOException, BadPaddingException, NoSuchProviderException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
        if (bArr == null || bArr.length <= 0) {
            return null;
        }
        byte[] iv = getIV();
        return this.isCompat16Mode ? encryptAES16Compat(bArr, this.SHIFTING_KEY) : this.isCompatMode ? encryptAESCompat(bArr, iv) : encryptAES(bArr, iv);
    }

    public String encrypt(String str) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IOException, IllegalBlockSizeException, InvalidAlgorithmParameterException, NoSuchProviderException, BadPaddingException, KeyStoreException, UnrecoverableEntryException {
        if (str == null || str.length() <= 0) {
            return null;
        }
        return encodeEncryptedData(tryEncrypt(str.getBytes("UTF-8")));
    }

    public void encrypt(BufferedInputStream bufferedInputStream, BufferedOutputStream bufferedOutputStream) throws IOException, NoSuchProviderException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException {
        byte[] iv = getIV();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(bufferedOutputStream, this.isCompatMode ? getCipherAESCompat(iv, true) : getCipherAES(iv, true));
        bufferedOutputStream.write(iv);
        byte[] bArr = new byte[4096];
        while (true) {
            int read = bufferedInputStream.read(bArr);
            if (read == -1) {
                cipherOutputStream.flush();
                cipherOutputStream.close();
                bufferedInputStream.close();
                return;
            }
            cipherOutputStream.write(bArr, 0, read);
        }
    }

    @TargetApi(19)
    public EncryptedData encryptAES(byte[] bArr, byte[] bArr2) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        Cipher cipherAES = getCipherAES(bArr2, true);
        EncryptedData encryptedData = new EncryptedData();
        encryptedData.IV = cipherAES.getIV();
        encryptedData.encryptedData = cipherAES.doFinal(bArr);
        return encryptedData;
    }

    public EncryptedData encryptAES16Compat(byte[] bArr, byte[] bArr2) {
        byte[] bArr3;
        AESUtil aESUtil = new AESUtil();
        aESUtil.setALGO("AES");
        aESUtil.setKeyValue(bArr2);
        try {
            bArr3 = aESUtil.encryptWithBytes(bArr);
        } catch (Exception e) {
            e.printStackTrace();
            bArr3 = null;
        }
        EncryptedData encryptedData = new EncryptedData();
        encryptedData.IV = bArr2;
        encryptedData.mac = null;
        encryptedData.encryptedData = bArr3;
        return encryptedData;
    }

    public EncryptedData encryptAESCompat(byte[] bArr, byte[] bArr2) throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
        Cipher cipherAESCompat = getCipherAESCompat(bArr2, true);
        EncryptedData encryptedData = new EncryptedData();
        encryptedData.IV = cipherAESCompat.getIV();
        encryptedData.encryptedData = cipherAESCompat.doFinal(bArr);
        encryptedData.mac = computeMac(encryptedData.getDataForMacComputation());
        return encryptedData;
    }

    @TargetApi(23)
    public boolean generateAESKey(@Nullable byte[] bArr) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        if (this.mStore.containsAlias(this.AES_KEY_ALIAS)) {
            return false;
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(this.AES_KEY_ALIAS, 3).setCertificateSubject(new X500Principal("CN = Secured Preference Store, O = Devliving Online")).setCertificateSerialNumber(BigInteger.ONE).setKeySize(256).setBlockModes(BLOCK_MODE_GCM).setEncryptionPaddings(ENCRYPTION_PADDING_NONE).setRandomizedEncryptionRequired(false).build();
        if (bArr == null || bArr.length <= 0) {
            keyGenerator.init(build);
        } else {
            keyGenerator.init(build, new SecureRandom());
        }
        keyGenerator.generateKey();
        return true;
    }

    public boolean generateFallbackAESKey(SharedPreferences sharedPreferences, @Nullable byte[] bArr) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, KeyStoreException, NoSuchProviderException, UnrecoverableEntryException {
        String hashed = getHashed(this.AES_KEY_ALIAS);
        if (sharedPreferences.contains(hashed)) {
            return false;
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        if (bArr == null || bArr.length <= 0) {
            keyGenerator.init(256);
        } else {
            keyGenerator.init(256, new SecureRandom());
        }
        boolean commit = sharedPreferences.edit().putString(hashed, base64Encode(RSAEncrypt(xorWithKey(keyGenerator.generateKey().getEncoded(), this.SHIFTING_KEY)))).commit();
        sharedPreferences.edit().putBoolean(getHashed(this.IS_COMPAT_MODE_KEY_ALIAS), true).apply();
        return commit;
    }

    public boolean generateKey(Context context, @Nullable byte[] bArr, SharedPreferences sharedPreferences) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, UnrecoverableEntryException, NoSuchPaddingException, InvalidKeyException, IOException {
        if (!this.isCompatMode) {
            return generateAESKey(bArr);
        }
        boolean generateRSAKeys = generateRSAKeys(context, bArr);
        loadRSAKeys();
        return generateMacKey(sharedPreferences, bArr) || (generateFallbackAESKey(sharedPreferences, bArr) || generateRSAKeys);
    }

    public boolean generateMacKey(SharedPreferences sharedPreferences, @Nullable byte[] bArr) throws NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, UnrecoverableEntryException, IOException {
        String hashed = getHashed(this.MAC_KEY_ALIAS);
        if (sharedPreferences.contains(hashed)) {
            return false;
        }
        byte[] bArr2 = new byte[32];
        ((bArr == null || bArr.length <= 0) ? new SecureRandom() : new SecureRandom()).nextBytes(bArr2);
        return sharedPreferences.edit().putString(hashed, base64Encode(RSAEncrypt(bArr2))).commit();
    }

    public boolean generateRSAKeys(Context context, @Nullable byte[] bArr) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyStoreException {
        KeyPairGeneratorSpec build;
        if (!this.mStore.containsAlias(this.RSA_KEY_ALIAS)) {
            KeyPairGenerator keyPairGenerator = Build.VERSION.SDK_INT < 21 ? KeyPairGenerator.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME) : KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            Calendar calendar = Calendar.getInstance();
            calendar.add(11, -26);
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 100);
            int i = Build.VERSION.SDK_INT;
            if (i >= 19) {
                build = new KeyPairGeneratorSpec.Builder(context).setAlias(this.RSA_KEY_ALIAS).setKeySize(2048).setKeyType("RSA").setSerialNumber(BigInteger.ONE).setSubject(new X500Principal("CN = Secured Preference Store, O = Devliving Online")).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
            } else if (i >= 18) {
                build = new KeyPairGeneratorSpec.Builder(context).setAlias(this.RSA_KEY_ALIAS).setSerialNumber(BigInteger.ONE).setSubject(new X500Principal("CN = Secured Preference Store, O = Devliving Online")).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
            }
            if (bArr == null || bArr.length <= 0) {
                keyPairGenerator.initialize(build);
            } else {
                keyPairGenerator.initialize(build, new SecureRandom());
            }
            keyPairGenerator.generateKeyPair();
            return true;
        }
        return false;
    }

    @TargetApi(19)
    public Cipher getCipherAES(byte[] bArr, boolean z) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(z ? 1 : 2, this.aesKey, new GCMParameterSpec(128, bArr));
        return cipher;
    }

    public Cipher getCipherAESCompat(byte[] bArr, boolean z) throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, InvalidKeyException {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
        cipher.init(z ? 1 : 2, this.aesKey, new IvParameterSpec(bArr));
        return cipher;
    }

    public SecretKey getFallbackAESKey(SharedPreferences sharedPreferences) throws IOException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, NoSuchPaddingException {
        String string = sharedPreferences.getString(getHashed(this.AES_KEY_ALIAS), null);
        if (string != null) {
            return new SecretKeySpec(xorWithKey(RSADecrypt(base64Decode(string)), this.SHIFTING_KEY), "AES");
        }
        return null;
    }

    public byte[] getIV() {
        byte[] bArr = !this.isCompatMode ? new byte[12] : new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    public SecretKey getMacKey(SharedPreferences sharedPreferences) throws IOException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, NoSuchPaddingException {
        String string = sharedPreferences.getString(getHashed(this.MAC_KEY_ALIAS), null);
        if (string != null) {
            return new SecretKeySpec(RSADecrypt(base64Decode(string)), MAC_ALGORITHM_HMAC_SHA256);
        }
        return null;
    }

    public <T extends Exception> boolean isRecoverableError(T t) {
        return (t instanceof KeyStoreException) || (t instanceof UnrecoverableEntryException) || (t instanceof InvalidKeyException) || (t instanceof IllegalStateException) || ((t instanceof IOException) && t.getCause() != null && (t.getCause() instanceof BadPaddingException));
    }

    public List<String> keyAliases() {
        return Arrays.asList(this.AES_KEY_ALIAS, this.RSA_KEY_ALIAS);
    }

    public void loadKey(SharedPreferences sharedPreferences) throws KeyStoreException, UnrecoverableEntryException, NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException, InvalidKeyException, IOException {
        if (!this.isCompatMode) {
            this.aesKey = (SecretKey) this.mStore.getKey(this.AES_KEY_ALIAS, null);
        } else {
            this.aesKey = getFallbackAESKey(sharedPreferences);
            this.macKey = getMacKey(sharedPreferences);
        }
    }

    public void loadKeyStore() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        this.mStore = KeyStore.getInstance("AndroidKeyStore");
        this.mStore.load(null);
    }

    public void loadRSAKeys() throws KeyStoreException, UnrecoverableEntryException, NoSuchAlgorithmException {
        if (this.mStore.containsAlias(this.RSA_KEY_ALIAS) && this.mStore.entryInstanceOf(this.RSA_KEY_ALIAS, KeyStore.PrivateKeyEntry.class)) {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.mStore.getEntry(this.RSA_KEY_ALIAS, null);
            this.publicKey = (RSAPublicKey) privateKeyEntry.getCertificate().getPublicKey();
            this.privateKey = (RSAPrivateKey) privateKeyEntry.getPrivateKey();
        }
    }

    public void setup(Context context, SharedPreferences sharedPreferences, @Nullable byte[] bArr) throws NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableEntryException, NoSuchProviderException, InvalidAlgorithmParameterException, IOException {
        if (generateKey(context, bArr, sharedPreferences)) {
            this.mPrefs.edit().putString(getHashed(OVERRIDING_KEY_ALIAS_PREFIX_NAME), this.mKeyAliasPrefix).apply();
        }
        loadKey(sharedPreferences);
    }

    public void tryDecrypt(BufferedInputStream bufferedInputStream, BufferedOutputStream bufferedOutputStream) throws IOException, NoSuchProviderException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, KeyStoreException, UnrecoverableEntryException {
        boolean tryRecovery;
        try {
            decrypt(bufferedInputStream, bufferedOutputStream);
            tryRecovery = false;
        } catch (Exception e) {
            if (!isRecoverableError(e)) {
                throw e;
            }
            tryRecovery = tryRecovery(e);
        }
        if (tryRecovery) {
            setup(this.mContext, this.mPrefs, null);
            decrypt(bufferedInputStream, bufferedOutputStream);
        }
    }

    public byte[] tryDecrypt(EncryptedData encryptedData) throws NoSuchPaddingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableEntryException, NoSuchProviderException, InvalidKeyException, IOException, BadPaddingException, IllegalBlockSizeException, InvalidMacException {
        boolean tryRecovery;
        byte[] bArr;
        try {
            bArr = decrypt(encryptedData);
            tryRecovery = false;
        } catch (Exception e) {
            if (!isRecoverableError(e)) {
                throw e;
            }
            tryRecovery = tryRecovery(e);
            bArr = null;
        }
        if (!tryRecovery) {
            return bArr;
        }
        setup(this.mContext, this.mPrefs, null);
        return decrypt(encryptedData);
    }

    public EncryptedData tryEncrypt(byte[] bArr) throws NoSuchPaddingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException, BadPaddingException, IllegalBlockSizeException, NoSuchProviderException, InvalidKeyException, KeyStoreException, UnrecoverableEntryException {
        boolean tryRecovery;
        EncryptedData encryptedData;
        try {
            encryptedData = encrypt(bArr);
            tryRecovery = false;
        } catch (Exception e) {
            if (!isRecoverableError(e)) {
                throw e;
            }
            tryRecovery = tryRecovery(e);
            encryptedData = null;
        }
        if (!tryRecovery) {
            return encryptedData;
        }
        setup(this.mContext, this.mPrefs, null);
        return encrypt(bArr);
    }

    public void tryEncrypt(BufferedInputStream bufferedInputStream, BufferedOutputStream bufferedOutputStream) throws IOException, NoSuchProviderException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, KeyStoreException, UnrecoverableEntryException {
        boolean tryRecovery;
        try {
            encrypt(bufferedInputStream, bufferedOutputStream);
            tryRecovery = false;
        } catch (Exception e) {
            if (!isRecoverableError(e)) {
                throw e;
            }
            tryRecovery = tryRecovery(e);
        }
        if (tryRecovery) {
            setup(this.mContext, this.mPrefs, null);
            encrypt(bufferedInputStream, bufferedOutputStream);
        }
    }

    public <T extends Exception> boolean tryRecovery(T t) {
        SecuredPreferenceStore.KeyStoreRecoveryNotifier keyStoreRecoveryNotifier = this.mRecoveryHandler;
        return keyStoreRecoveryNotifier != null && keyStoreRecoveryNotifier.onRecoveryRequired(t, this.mStore, keyAliases());
    }

    public boolean verifyMac(byte[] bArr, byte[] bArr2) throws InvalidKeyException, NoSuchAlgorithmException {
        if (bArr == null || bArr2 == null) {
            return false;
        }
        byte[] computeMac = computeMac(bArr2);
        if (computeMac.length != bArr.length) {
            return false;
        }
        int i = 0;
        for (int i2 = 0; i2 < computeMac.length; i2++) {
            i |= computeMac[i2] ^ bArr[i2];
        }
        return i == 0;
    }
}
