package au.gov.health.covidsafe.security.crypto;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import au.gov.health.covidsafe.app.TracerApp;
import au.gov.health.covidsafe.preference.Preference;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;

/* compiled from: AESEncryptionForPreAndroidM.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u00002\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\t\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0004\bÆ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u000e\u0010\u000e\u001a\u00020\u00042\u0006\u0010\u000f\u001a\u00020\u0004J\u000e\u0010\u0010\u001a\u00020\u00042\u0006\u0010\u0011\u001a\u00020\u0004J\b\u0010\u0012\u001a\u00020\u0013H\u0002J\b\u0010\u0014\u001a\u00020\u0013H\u0002J\b\u0010\u0015\u001a\u00020\u0016H\u0002J\u0010\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u0018H\u0002J\u0010\u0010\u001a\u001a\u00020\u00182\u0006\u0010\u001b\u001a\u00020\u0018H\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0004X\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0004X\u0082D¢\u0006\u0002\n\u0000R\u001a\u0010\b\u001a\u00020\tX\u0086.¢\u0006\u000e\n\u0000\u001a\u0004\b\n\u0010\u000b\"\u0004\b\f\u0010\r¨\u0006\u001c"}, d2 = {"Lau/gov/health/covidsafe/security/crypto/AESEncryptionForPreAndroidM;", "", "()V", "AES_MODE", "", "ANDROID_KEY_STORE", "RSA_KEY_ALIAS", "RSA_MODE", "keyStore", "Ljava/security/KeyStore;", "getKeyStore", "()Ljava/security/KeyStore;", "setKeyStore", "(Ljava/security/KeyStore;)V", "decrypt", "aesEncryptedText", "encrypt", "plainText", "generateAndStoreRSAKeyPairs", "", "generateEncryptAndStoreAESKey", "getAESKeyFromSharedPreferences", "Ljava/security/Key;", "rsaDecrypt", "", "encrypted", "rsaEncrypt", "plainBytes", "app_release"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes.dex */
public final class AESEncryptionForPreAndroidM {
    private static final String AES_MODE;
    private static final String ANDROID_KEY_STORE;
    public static final AESEncryptionForPreAndroidM INSTANCE;
    private static final String RSA_KEY_ALIAS;
    private static final String RSA_MODE;
    public static KeyStore keyStore;

    static {
        AESEncryptionForPreAndroidM aESEncryptionForPreAndroidM = new AESEncryptionForPreAndroidM();
        INSTANCE = aESEncryptionForPreAndroidM;
        ANDROID_KEY_STORE = "AndroidKeyStore";
        RSA_KEY_ALIAS = "RSA_KEY_ALIAS";
        RSA_MODE = "RSA/ECB/PKCS1Padding";
        AES_MODE = "AES/CBC/PKCS5Padding";
        aESEncryptionForPreAndroidM.generateAndStoreRSAKeyPairs();
        aESEncryptionForPreAndroidM.generateEncryptAndStoreAESKey();
    }

    private AESEncryptionForPreAndroidM() {
    }

    private final void generateAndStoreRSAKeyPairs() {
        KeyStore keyStore2 = KeyStore.getInstance(ANDROID_KEY_STORE);
        Intrinsics.checkNotNullExpressionValue(keyStore2, "KeyStore.getInstance(ANDROID_KEY_STORE)");
        keyStore = keyStore2;
        if (keyStore2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("keyStore");
        }
        keyStore2.load(null);
        KeyStore keyStore3 = keyStore;
        if (keyStore3 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("keyStore");
        }
        if (keyStore3.containsAlias(RSA_KEY_ALIAS)) {
            return;
        }
        Calendar calendar = Calendar.getInstance();
        Intrinsics.checkNotNullExpressionValue(calendar, "Calendar.getInstance()");
        Calendar calendar2 = Calendar.getInstance();
        Intrinsics.checkNotNullExpressionValue(calendar2, "Calendar.getInstance()");
        calendar2.add(1, 1);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(TracerApp.INSTANCE.getAppContext()).setAlias(RSA_KEY_ALIAS).setSubject(new X500Principal("CN=" + RSA_KEY_ALIAS)).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).setKeySize(2048).build();
        Intrinsics.checkNotNullExpressionValue(build, "KeyPairGeneratorSpec.Bui…                 .build()");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEY_STORE);
        Intrinsics.checkNotNullExpressionValue(keyPairGenerator, "KeyPairGenerator.getInst…D_KEY_STORE\n            )");
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
    }

    private final void generateEncryptAndStoreAESKey() {
        if (Preference.INSTANCE.getEncodedRSAEncryptedAESKey(TracerApp.INSTANCE.getAppContext()) == null) {
            SecureRandom secureRandom = new SecureRandom();
            byte[] bArr = new byte[16];
            secureRandom.nextBytes(bArr);
            byte[] bArr2 = new byte[16];
            secureRandom.nextBytes(bArr2);
            Preference preference = Preference.INSTANCE;
            Context appContext = TracerApp.INSTANCE.getAppContext();
            String encodeToString = Base64.encodeToString(bArr2, 0);
            Intrinsics.checkNotNullExpressionValue(encodeToString, "Base64.encodeToString(\n …ULT\n                    )");
            preference.putEncodedAESInitialisationVector(appContext, encodeToString);
            String encodedRSAEncryptedAESKey = Base64.encodeToString(rsaEncrypt(bArr), 0);
            Preference preference2 = Preference.INSTANCE;
            Context appContext2 = TracerApp.INSTANCE.getAppContext();
            Intrinsics.checkNotNullExpressionValue(encodedRSAEncryptedAESKey, "encodedRSAEncryptedAESKey");
            preference2.putEncodedRSAEncryptedAESKey(appContext2, encodedRSAEncryptedAESKey);
        }
    }

    private final Key getAESKeyFromSharedPreferences() {
        String encodedRSAEncryptedAESKey = Preference.INSTANCE.getEncodedRSAEncryptedAESKey(TracerApp.INSTANCE.getAppContext());
        if (encodedRSAEncryptedAESKey == null) {
            throw new IllegalStateException("Encrypted AES Key not available in shared preferences.");
        }
        byte[] rsaEncryptedAESKey = Base64.decode(encodedRSAEncryptedAESKey, 0);
        AESEncryptionForPreAndroidM aESEncryptionForPreAndroidM = INSTANCE;
        Intrinsics.checkNotNullExpressionValue(rsaEncryptedAESKey, "rsaEncryptedAESKey");
        return new SecretKeySpec(aESEncryptionForPreAndroidM.rsaDecrypt(rsaEncryptedAESKey), "AES");
    }

    private final byte[] rsaDecrypt(byte[] encrypted) {
        KeyStore keyStore2 = keyStore;
        if (keyStore2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("keyStore");
        }
        KeyStore.Entry entry = keyStore2.getEntry(RSA_KEY_ALIAS, null);
        if (entry == null) {
            throw new NullPointerException("null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
        }
        Cipher cipher = Cipher.getInstance(RSA_MODE);
        cipher.init(2, ((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(encrypted), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        int size = arrayList.size();
        byte[] bArr = new byte[size];
        for (int i = 0; i < size; i++) {
            Object obj = arrayList.get(i);
            Intrinsics.checkNotNullExpressionValue(obj, "values[i]");
            bArr[i] = ((Number) obj).byteValue();
        }
        return bArr;
    }

    private final byte[] rsaEncrypt(byte[] plainBytes) {
        KeyStore keyStore2 = keyStore;
        if (keyStore2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("keyStore");
        }
        KeyStore.Entry entry = keyStore2.getEntry(RSA_KEY_ALIAS, null);
        if (entry == null) {
            throw new NullPointerException("null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
        }
        Cipher cipher = Cipher.getInstance(RSA_MODE);
        Intrinsics.checkNotNullExpressionValue(cipher, "Cipher.getInstance(RSA_MODE)");
        Certificate certificate = ((KeyStore.PrivateKeyEntry) entry).getCertificate();
        Intrinsics.checkNotNullExpressionValue(certificate, "privateKeyEntry.certificate");
        cipher.init(1, certificate.getPublicKey());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(plainBytes);
        cipherOutputStream.close();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        Intrinsics.checkNotNullExpressionValue(byteArray, "outputStream.toByteArray()");
        return byteArray;
    }

    public final String decrypt(String aesEncryptedText) {
        Intrinsics.checkNotNullParameter(aesEncryptedText, "aesEncryptedText");
        String encodedAESInitialisationVector = Preference.INSTANCE.getEncodedAESInitialisationVector(TracerApp.INSTANCE.getAppContext());
        if (encodedAESInitialisationVector == null) {
            throw new IllegalStateException("AES IV not available in shared preferences.");
        }
        byte[] decode = Base64.decode(encodedAESInitialisationVector, 0);
        byte[] decode2 = Base64.decode(aesEncryptedText, 0);
        Cipher cipher = Cipher.getInstance(AES_MODE);
        cipher.init(2, INSTANCE.getAESKeyFromSharedPreferences(), new IvParameterSpec(decode));
        byte[] doFinal = cipher.doFinal(decode2);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(encryptedBytes)");
        return new String(doFinal, Charsets.UTF_8);
    }

    public final String encrypt(String plainText) {
        Intrinsics.checkNotNullParameter(plainText, "plainText");
        String encodedAESInitialisationVector = Preference.INSTANCE.getEncodedAESInitialisationVector(TracerApp.INSTANCE.getAppContext());
        if (encodedAESInitialisationVector == null) {
            throw new IllegalStateException("AES IV not available in shared preferences.");
        }
        byte[] decode = Base64.decode(encodedAESInitialisationVector, 0);
        Cipher cipher = Cipher.getInstance(AES_MODE);
        cipher.init(1, INSTANCE.getAESKeyFromSharedPreferences(), new IvParameterSpec(decode));
        byte[] bytes = plainText.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
        String encodeToString = Base64.encodeToString(cipher.doFinal(bytes), 0);
        Intrinsics.checkNotNullExpressionValue(encodeToString, "Base64.encodeToString(en…dedBytes, Base64.DEFAULT)");
        return encodeToString;
    }

    public final KeyStore getKeyStore() {
        KeyStore keyStore2 = keyStore;
        if (keyStore2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("keyStore");
        }
        return keyStore2;
    }

    public final void setKeyStore(KeyStore keyStore2) {
        Intrinsics.checkNotNullParameter(keyStore2, "<set-?>");
        keyStore = keyStore2;
    }
}
