package com.hcsc.dep.digitalengagementplatform.common;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Base64;
import androidx.biometric.BiometricPrompt;
import co.acoustic.mobile.push.sdk.attributes.StoredAttributeDatabase;
import com.hcsc.dep.digitalengagementplatform.DepApplicationModule;
import com.hcsc.dep.digitalengagementplatform.common.CryptoErrors;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.inject.Inject;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;

/* compiled from: SilentCryptographer.kt */
@Metadata(d1 = {"\u0000h\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0010\u000e\n\u0002\b\t\n\u0002\u0010\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\b\n\u0002\u0018\u0002\n\u0002\b\u0004\b\u0007\u0018\u0000 52\u00020\u0001:\u00015B\u000f\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0006\u0010\u000f\u001a\u00020\u0010J\u000e\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u0014J\u000e\u0010\u0015\u001a\u00020\u00142\u0006\u0010\u0016\u001a\u00020\u0014J\u000e\u0010\u0017\u001a\u00020\u00142\u0006\u0010\u0018\u001a\u00020\u0012J\u000e\u0010\u0019\u001a\u00020\u00142\u0006\u0010\u001a\u001a\u00020\u0014J\u000e\u0010\u001b\u001a\u00020\u00122\u0006\u0010\u001c\u001a\u00020\u0012J\u0006\u0010\u001d\u001a\u00020\u001eJ\u0006\u0010\u001f\u001a\u00020\u001eJ\u0006\u0010 \u001a\u00020\u001eJ\u0010\u0010!\u001a\u00020\"2\u0006\u0010#\u001a\u00020\u0014H\u0002J \u0010$\u001a\u00020\u001e2\u0006\u0010%\u001a\u00020&2\u0006\u0010'\u001a\u00020\u00142\b\u0010(\u001a\u0004\u0018\u00010)J\"\u0010*\u001a\u00020\u001e2\u0006\u0010%\u001a\u00020&2\b\u0010(\u001a\u0004\u0018\u00010)2\u0006\u0010+\u001a\u00020\"H\u0002J\u0006\u0010,\u001a\u00020\u001eJ\u000e\u0010-\u001a\u00020\u001e2\u0006\u0010%\u001a\u00020&J\u0006\u0010.\u001a\u00020\u001eJ\u000e\u0010/\u001a\u00020\b2\u0006\u00100\u001a\u00020\u0014J\u0006\u00101\u001a\u000202J\u0010\u00103\u001a\u00020\u001e2\u0006\u00104\u001a\u00020\u0012H\u0002R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082.¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u001e\u0010\t\u001a\u00020\b2\u0006\u0010\u0007\u001a\u00020\b@BX\u0086\u000e¢\u0006\b\n\u0000\u001a\u0004\b\t\u0010\nR\u000e\u0010\u000b\u001a\u00020\fX\u0082.¢\u0006\u0002\n\u0000R\u000e\u0010\r\u001a\u00020\u000eX\u0082.¢\u0006\u0002\n\u0000¨\u00066"}, d2 = {"Lcom/hcsc/dep/digitalengagementplatform/common/SilentCryptographer;", "", "context", "Landroid/content/Context;", "(Landroid/content/Context;)V", "cipher", "Ljavax/crypto/Cipher;", "<set-?>", "", "isInitialized", "()Z", "keyGenerator", "Ljavax/crypto/KeyGenerator;", "keystore", "Ljava/security/KeyStore;", "createCryptoObject", "Landroidx/biometric/BiometricPrompt$CryptoObject;", "decodeBase64", "", "inputString", "", "decryptSecret", "encryptedPassword", "encodeBase64", "inputBytes", "encryptSecret", "plainText", "executeCipher", "input", "generateFingerprintKey", "", "generateFingerprintKeyIfNotPresent", "generateSecretsKey", "getKeyForAlias", "Ljavax/crypto/SecretKey;", "keyName", "initAndStoreCipher", "opMode", "", "keyAlias", "spec", "Ljava/security/spec/AlgorithmParameterSpec;", "initCipher", StoredAttributeDatabase.KEY_COLUMN, "initCipherForFid", "initCipherForSecretsWithMode", "initialize", "isKeyPresentForAlias", "alias", "retrieveIv", "Ljavax/crypto/spec/IvParameterSpec;", "storeIv", "iv", "Companion", "app_illinoisProduction"}, k = 1, mv = {1, 8, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class SilentCryptographer {
    public static final String FINGERPRINT_KEY_ALIAS = "FINGERPRINT_KEY";
    private static final String KEY_STORE = "AndroidKeyStore";
    public static final String SECRETS_KEY_ALIAS = "SECRETS_KEY";
    private Cipher cipher;
    private final Context context;
    private boolean isInitialized;
    private KeyGenerator keyGenerator;
    private KeyStore keystore;
    public static final int $stable = 8;

    @Inject
    public SilentCryptographer(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        this.context = context;
    }

    private final SecretKey getKeyForAlias(String keyName) {
        try {
            KeyStore keyStore = this.keystore;
            if (keyStore == null) {
                Intrinsics.throwUninitializedPropertyAccessException("keystore");
                keyStore = null;
            }
            Key key = keyStore.getKey(keyName, null);
            Intrinsics.checkNotNull(key, "null cannot be cast to non-null type javax.crypto.SecretKey");
            return (SecretKey) key;
        } catch (KeyStoreException e) {
            throw new CryptoErrors.InitializationException(CryptoErrors.KEY_RECOVERY_FAILURE, e);
        } catch (NoSuchAlgorithmException e2) {
            throw new CryptoErrors.KeyRecoveryException("Unable to find key for alias '" + keyName + "'", e2);
        } catch (UnrecoverableKeyException e3) {
            throw new CryptoErrors.KeyRecoveryException("Unable to find key for alias '" + keyName + "'", e3);
        }
    }

    private final void initCipher(int opMode, AlgorithmParameterSpec spec, SecretKey key) {
        try {
            Cipher cipher = this.cipher;
            if (cipher == null) {
                Intrinsics.throwUninitializedPropertyAccessException("cipher");
                cipher = null;
            }
            cipher.init(opMode, key, spec);
        } catch (InvalidAlgorithmParameterException e) {
            throw new CryptoErrors.CipherInitializationException("Failed to initialize cipher", e);
        } catch (InvalidKeyException e2) {
            throw new CryptoErrors.CipherInitializationException("Failed to initialize cipher", e2);
        }
    }

    private final void storeIv(byte[] iv) {
        this.context.getSharedPreferences(DepApplicationModule.DEP_APPLICATION, 0).edit().putString(DepApplicationModule.DEP_SECURE_IV, Base64.encodeToString(iv, 0)).apply();
    }

    public final BiometricPrompt.CryptoObject createCryptoObject() throws CryptoErrors.CryptoException, KeyStoreException {
        initialize();
        generateFingerprintKeyIfNotPresent();
        initCipherForFid();
        Cipher cipher = this.cipher;
        if (cipher == null) {
            Intrinsics.throwUninitializedPropertyAccessException("cipher");
            cipher = null;
        }
        return new BiometricPrompt.CryptoObject(cipher);
    }

    public final byte[] decodeBase64(String inputString) {
        Intrinsics.checkNotNullParameter(inputString, "inputString");
        byte[] decode = Base64.decode(inputString, 0);
        Intrinsics.checkNotNullExpressionValue(decode, "decode(inputString, Base64.DEFAULT)");
        return decode;
    }

    public final String decryptSecret(String encryptedPassword) throws CryptoErrors.CryptoException, KeyStoreException {
        Intrinsics.checkNotNullParameter(encryptedPassword, "encryptedPassword");
        if (!this.isInitialized) {
            initialize();
        }
        if (!isKeyPresentForAlias(SECRETS_KEY_ALIAS)) {
            throw new CryptoErrors.MissingKeyException(CryptoErrors.KEY_MISSING);
        }
        initCipherForSecretsWithMode(2);
        return new String(executeCipher(decodeBase64(encryptedPassword)), Charsets.UTF_8);
    }

    public final String encodeBase64(byte[] inputBytes) {
        Intrinsics.checkNotNullParameter(inputBytes, "inputBytes");
        String encodeToString = Base64.encodeToString(inputBytes, 0);
        Intrinsics.checkNotNullExpressionValue(encodeToString, "encodeToString(inputBytes, Base64.DEFAULT)");
        return encodeToString;
    }

    public final String encryptSecret(String plainText) throws CryptoErrors.CryptoException, KeyStoreException {
        Intrinsics.checkNotNullParameter(plainText, "plainText");
        if (!this.isInitialized) {
            initialize();
        }
        if (!isKeyPresentForAlias(SECRETS_KEY_ALIAS)) {
            generateSecretsKey();
        }
        initCipherForSecretsWithMode(1);
        byte[] bytes = plainText.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        return encodeBase64(executeCipher(bytes));
    }

    public final byte[] executeCipher(byte[] input) {
        Intrinsics.checkNotNullParameter(input, "input");
        try {
            Cipher cipher = this.cipher;
            if (cipher == null) {
                Intrinsics.throwUninitializedPropertyAccessException("cipher");
                cipher = null;
            }
            byte[] doFinal = cipher.doFinal(input);
            Intrinsics.checkNotNullExpressionValue(doFinal, "{\n            cipher.doFinal(input)\n        }");
            return doFinal;
        } catch (Exception e) {
            throw new CryptoErrors.CipherExecutionException(e);
        }
    }

    public final void generateFingerprintKey() throws CryptoErrors.CryptoException {
        try {
            KeyGenerator keyGenerator = this.keyGenerator;
            KeyGenerator keyGenerator2 = null;
            if (keyGenerator == null) {
                Intrinsics.throwUninitializedPropertyAccessException("keyGenerator");
                keyGenerator = null;
            }
            keyGenerator.init(new KeyGenParameterSpec.Builder(FINGERPRINT_KEY_ALIAS, 3).setBlockModes("CBC").setUserAuthenticationRequired(true).setEncryptionPaddings("PKCS7Padding").build());
            KeyGenerator keyGenerator3 = this.keyGenerator;
            if (keyGenerator3 == null) {
                Intrinsics.throwUninitializedPropertyAccessException("keyGenerator");
            } else {
                keyGenerator2 = keyGenerator3;
            }
            keyGenerator2.generateKey();
        } catch (Exception e) {
            throw new CryptoErrors.KeyGenerationException(CryptoErrors.FID_KEYGEN_FAILURE, e);
        }
    }

    public final void generateFingerprintKeyIfNotPresent() {
        if (isKeyPresentForAlias(FINGERPRINT_KEY_ALIAS)) {
            return;
        }
        generateFingerprintKey();
    }

    public final void generateSecretsKey() {
        try {
            KeyGenerator keyGenerator = this.keyGenerator;
            KeyGenerator keyGenerator2 = null;
            if (keyGenerator == null) {
                Intrinsics.throwUninitializedPropertyAccessException("keyGenerator");
                keyGenerator = null;
            }
            keyGenerator.init(new KeyGenParameterSpec.Builder(SECRETS_KEY_ALIAS, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").build());
            KeyGenerator keyGenerator3 = this.keyGenerator;
            if (keyGenerator3 == null) {
                Intrinsics.throwUninitializedPropertyAccessException("keyGenerator");
            } else {
                keyGenerator2 = keyGenerator3;
            }
            keyGenerator2.generateKey();
        } catch (InvalidAlgorithmParameterException e) {
            throw new CryptoErrors.KeyGenerationException(CryptoErrors.FID_KEYGEN_FAILURE, e);
        }
    }

    public final void initAndStoreCipher(int opMode, String keyAlias, AlgorithmParameterSpec spec) {
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        SecretKey keyForAlias = getKeyForAlias(keyAlias);
        Cipher cipher = null;
        try {
            Cipher cipher2 = this.cipher;
            if (cipher2 == null) {
                Intrinsics.throwUninitializedPropertyAccessException("cipher");
                cipher2 = null;
            }
            cipher2.init(opMode, keyForAlias, spec);
        } catch (KeyPermanentlyInvalidatedException unused) {
            KeyStore keyStore = this.keystore;
            if (keyStore == null) {
                Intrinsics.throwUninitializedPropertyAccessException("keystore");
                keyStore = null;
            }
            keyStore.deleteEntry(keyAlias);
            generateFingerprintKey();
            initCipher(opMode, spec, keyForAlias);
        } catch (InvalidAlgorithmParameterException e) {
            throw new CryptoErrors.CipherInitializationException("Failed to initialize cipher", e);
        } catch (InvalidKeyException e2) {
            throw new CryptoErrors.CipherInitializationException("Failed to initialize cipher", e2);
        }
        if (spec == null && Intrinsics.areEqual(SECRETS_KEY_ALIAS, keyAlias) && opMode == 1) {
            Cipher cipher3 = this.cipher;
            if (cipher3 == null) {
                Intrinsics.throwUninitializedPropertyAccessException("cipher");
            } else {
                cipher = cipher3;
            }
            byte[] iv = cipher.getIV();
            Intrinsics.checkNotNullExpressionValue(iv, "cipher.iv");
            storeIv(iv);
        }
    }

    public final void initCipherForFid() {
        initAndStoreCipher(1, FINGERPRINT_KEY_ALIAS, null);
    }

    public final void initCipherForSecretsWithMode(int opMode) {
        initAndStoreCipher(opMode, SECRETS_KEY_ALIAS, opMode == 2 ? retrieveIv() : null);
    }

    public final void initialize() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KEY_STORE);
            Intrinsics.checkNotNullExpressionValue(keyStore, "getInstance(KEY_STORE)");
            this.keystore = keyStore;
            if (keyStore == null) {
                Intrinsics.throwUninitializedPropertyAccessException("keystore");
                keyStore = null;
            }
            keyStore.load(null);
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", KEY_STORE);
                Intrinsics.checkNotNullExpressionValue(keyGenerator, "{\n            KeyGenerat…AES, KEY_STORE)\n        }");
                this.keyGenerator = keyGenerator;
                try {
                    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
                    Intrinsics.checkNotNullExpressionValue(cipher, "{\n            Cipher.get…_PADDING_PKCS7)\n        }");
                    this.cipher = cipher;
                    this.isInitialized = true;
                } catch (Exception e) {
                    throw new CryptoErrors.InitializationException(CryptoErrors.CIPHER_LOAD_FAILURE, e);
                }
            } catch (Exception e2) {
                throw new CryptoErrors.InitializationException(CryptoErrors.KEYGENERATOR_LOAD_FAILURE, e2);
            }
        } catch (Exception e3) {
            throw new CryptoErrors.InitializationException(CryptoErrors.KEYSTORE_LOAD_FAILURE, e3);
        }
    }

    /* renamed from: isInitialized, reason: from getter */
    public final boolean getIsInitialized() {
        return this.isInitialized;
    }

    public final boolean isKeyPresentForAlias(String alias) {
        Intrinsics.checkNotNullParameter(alias, "alias");
        try {
            KeyStore keyStore = this.keystore;
            if (keyStore == null) {
                Intrinsics.throwUninitializedPropertyAccessException("keystore");
                keyStore = null;
            }
            return keyStore.containsAlias(alias);
        } catch (KeyStoreException e) {
            throw new CryptoErrors.InitializationException(CryptoErrors.KEY_RECOVERY_FAILURE, e);
        }
    }

    public final IvParameterSpec retrieveIv() {
        String string = this.context.getSharedPreferences(DepApplicationModule.DEP_APPLICATION, 0).getString(DepApplicationModule.DEP_SECURE_IV, CryptoErrors.IV_MISSING);
        if (Intrinsics.areEqual(CryptoErrors.IV_MISSING, string)) {
            throw new CryptoErrors.MissingIvException(CryptoErrors.IV_MISSING);
        }
        return new IvParameterSpec(Base64.decode(string, 0));
    }
}
