package com.alphero.security;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.NonNull;
import com.alphero.security.exception.EncryptionException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.util.Calendar;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.security.auth.x500.X500Principal;

@TargetApi(18)
/* loaded from: classes.dex */
public class RsaKeystoreEncrypter extends AndroidKeystoreEncrypter {
    private static final String BLOCK_MODE = "ECB";
    private static final String KEY_ALGORITHM = "RSA";
    private static final String PADDING_MODE = "PKCS1Padding";
    private static final String SUBJECT_ALIAS = "Android Self Signed Certificate";
    private final String alias;
    private final Context context;

    public RsaKeystoreEncrypter(Context context, String str) throws EncryptionException {
        super(str);
        this.context = context;
        this.alias = str;
    }

    private Cipher createCipher(boolean z6) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, UnrecoverableEntryException, KeyStoreException {
        Cipher cipher = Cipher.getInstance(String.format(Locale.ENGLISH, "%s/%s/%s", KEY_ALGORITHM, "ECB", PADDING_MODE));
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.keyStore.getEntry(this.alias, null);
        if (z6) {
            cipher.init(1, privateKeyEntry.getCertificate());
        } else {
            cipher.init(2, privateKeyEntry.getPrivateKey());
        }
        return cipher;
    }

    @Override // com.alphero.security.AndroidKeystoreEncrypter
    public void createKey() throws EncryptionException {
        try {
            X500Principal x500Principal = new X500Principal(String.format("CN=%s, OU=%s", SUBJECT_ALIAS, this.context.getPackageName()));
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 30);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM, AndroidKeystoreEncrypter.PROVIDER);
            if (Build.VERSION.SDK_INT >= 23) {
                keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(this.alias, 3).setBlockModes("ECB").setEncryptionPaddings(PADDING_MODE).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).setCertificateSubject(x500Principal).setUserAuthenticationRequired(this.userAuthenticationRequired).setUserAuthenticationValidityDurationSeconds(this.userValiditySeconds).build());
            } else {
                KeyPairGeneratorSpec.Builder endDate = new KeyPairGeneratorSpec.Builder(this.context).setAlias(this.alias).setSubject(x500Principal).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime());
                if (this.userAuthenticationRequired) {
                    endDate.setEncryptionRequired();
                }
                keyPairGenerator.initialize(endDate.build());
            }
            keyPairGenerator.generateKeyPair();
        } catch (Exception e7) {
            throw new EncryptionException(e7);
        }
    }

    @Override // com.alphero.security.AndroidKeystoreEncrypter
    public byte[] doDecrypt(@NonNull byte[] bArr) throws EncryptionException {
        try {
            return createCipher(false).doFinal(bArr);
        } catch (Exception e7) {
            throw new EncryptionException(e7);
        }
    }

    @Override // com.alphero.security.AndroidKeystoreEncrypter
    public byte[] doEncrypt(@NonNull byte[] bArr) throws EncryptionException {
        try {
            return createCipher(true).doFinal(bArr);
        } catch (Exception e7) {
            throw new EncryptionException(e7);
        }
    }
}
