package com.kanetik.core.billing;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.support.annotation.RequiresApi;
import android.support.v4.app.NotificationCompat;
import android.text.TextUtils;
import android.util.Base64;
import com.android.billingclient.api.Purchase;
import com.google.android.gms.gcm.GoogleCloudMessaging;
import com.kanetik.core.model.PurchaseVerification;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import timber.log.Timber;

/* loaded from: classes.dex */
public class SecurityUtils {
    public static final int GCM_NONCE_LENGTH = 12;
    public static final int GCM_TAG_LENGTH = 16;

    private static String decryptData(Context context, String str, String str2) throws GeneralSecurityException, IOException {
        initKeys(context, str);
        if (str2 == null) {
            throw new IllegalArgumentException("Data to be decrypted must be non null");
        }
        byte[] decode = Base64.decode(str2, 0);
        try {
            if (Build.VERSION.SDK_INT < 23) {
                Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC");
                cipher.init(2, getSecretKeyAPILessThanM(context, str));
                return new String(cipher.doFinal(decode), "UTF-8");
            }
            Cipher cipher2 = Cipher.getInstance("AES/GCM/NoPadding");
            cipher2.init(2, getSecretKeyAPIMorGreater(str), new GCMParameterSpec(128, Arrays.copyOfRange(decode, 0, 12)));
            return new String(cipher2.doFinal(decode, 12, decode.length - 12), "UTF-8");
        } catch (IOException | InvalidKeyException e) {
            removeKeys(context, str);
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String deleteStoredPurchaseToken(Context context, Purchase purchase) {
        try {
            context.getSharedPreferences("SecureSharedPreferences", 0).edit().remove(!TextUtils.isEmpty(purchase.getOrderId()) ? purchase.getOrderId() : NotificationCompat.CATEGORY_PROMO).apply();
            return "";
        } catch (Exception e) {
            Timber.e(e);
            return "";
        }
    }

    private static String encryptData(Context context, String str, String str2) throws GeneralSecurityException, IOException {
        initKeys(context, str);
        if (str2 == null) {
            throw new IllegalArgumentException("Data to be decrypted must be non null");
        }
        if (Build.VERSION.SDK_INT < 23) {
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC");
            try {
                cipher.init(1, getSecretKeyAPILessThanM(context, str));
                return Base64.encodeToString(cipher.doFinal(str2.getBytes("UTF-8")), 0);
            } catch (IOException | InvalidKeyException e) {
                removeKeys(context, str);
                throw e;
            }
        }
        Cipher cipher2 = Cipher.getInstance("AES/GCM/NoPadding");
        byte[] bArr = new byte[12];
        new SecureRandom().nextBytes(bArr);
        cipher2.init(1, getSecretKeyAPIMorGreater(str), new GCMParameterSpec(128, bArr));
        byte[] bytes = str2.getBytes("UTF-8");
        byte[] bArr2 = new byte[bArr.length + cipher2.getOutputSize(bytes.length)];
        for (int i = 0; i < bArr.length; i++) {
            bArr2[i] = bArr[i];
        }
        cipher2.doFinal(bytes, 0, bytes.length, bArr2, bArr.length);
        return Base64.encodeToString(bArr2, 0);
    }

    private static void generateKeysForAPILessThanM(Context context, String str) throws GeneralSecurityException, IOException {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 30);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSubject(new X500Principal("CN=" + str)).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
        saveEncryptedKeyForAPILessThanM(context, str);
    }

    @RequiresApi(api = 23)
    private static void generateKeysForAPIMOrGreater(String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes(GoogleCloudMessaging.INSTANCE_ID_SCOPE).setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build());
        keyGenerator.generateKey();
    }

    private static KeyStore getKeystore() throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return keyStore;
    }

    public static long getPurchaseVerificationTs(Context context, String str) {
        try {
            String string = context.getSharedPreferences("SecureSharedPreferences", 0).getString("VerifiedPurchasesTs", "");
            if (TextUtils.isEmpty(string)) {
                return 0L;
            }
            return Long.parseLong(decryptData(context, str, string));
        } catch (Exception e) {
            Timber.e(e);
            return 0L;
        }
    }

    private static Key getSecretKeyAPILessThanM(Context context, String str) throws GeneralSecurityException, IOException {
        return new SecretKeySpec(rsaDecryptKeyForAPILessThanM(str, Base64.decode(context.getSharedPreferences("EncryptedKeysSharedPreferences", 0).getString("EncryptedKeysKeyName", null), 0)), "AES");
    }

    private static Key getSecretKeyAPIMorGreater(String str) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return keyStore.getKey(str, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getStoredPurchaseToken(Context context, String str, Purchase purchase) {
        try {
            String string = context.getSharedPreferences("SecureSharedPreferences", 0).getString(!TextUtils.isEmpty(purchase.getOrderId()) ? purchase.getOrderId() : NotificationCompat.CATEGORY_PROMO, "");
            return !TextUtils.isEmpty(string) ? decryptData(context, str, string) : "";
        } catch (Exception e) {
            Timber.e(e);
            return "";
        }
    }

    private static void initKeys(Context context, String str) throws GeneralSecurityException, IOException {
        KeyStore keystore = getKeystore();
        if (!keystore.containsAlias(str)) {
            initValidKeys(context, str);
            return;
        }
        boolean z = false;
        KeyStore.Entry entry = keystore.getEntry(str, null);
        if ((entry instanceof KeyStore.SecretKeyEntry) && Build.VERSION.SDK_INT >= 23) {
            z = true;
        }
        if ((entry instanceof KeyStore.PrivateKeyEntry) && Build.VERSION.SDK_INT < 23) {
            z = true;
        }
        if (z) {
            return;
        }
        removeKeys(context, str);
        initValidKeys(context, str);
    }

    private static void initValidKeys(Context context, String str) throws GeneralSecurityException, IOException {
        if (Build.VERSION.SDK_INT >= 23) {
            generateKeysForAPIMOrGreater(str);
        } else {
            generateKeysForAPILessThanM(context, str);
        }
    }

    private static void removeKeys(Context context, String str) throws GeneralSecurityException, IOException {
        getKeystore().deleteEntry(str);
        removeSavedSharedPreferences(context);
    }

    @SuppressLint({"ApplySharedPref"})
    private static void removeSavedSharedPreferences(Context context) {
        context.getSharedPreferences("EncryptedKeysSharedPreferences", 0).edit().clear().commit();
    }

    private static byte[] rsaDecryptKeyForAPILessThanM(String str, byte[] bArr) throws GeneralSecurityException, IOException {
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) getKeystore().getEntry(str, null);
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
        cipher.init(2, privateKeyEntry.getPrivateKey());
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        byte[] bArr2 = new byte[arrayList.size()];
        for (int i = 0; i < bArr2.length; i++) {
            bArr2[i] = ((Byte) arrayList.get(i)).byteValue();
        }
        return bArr2;
    }

    private static byte[] rsaEncryptKeyForAPILessThanM(String str, byte[] bArr) throws GeneralSecurityException, IOException {
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) getKeystore().getEntry(str, null);
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
        cipher.init(1, privateKeyEntry.getCertificate().getPublicKey());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(bArr);
        cipherOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    @SuppressLint({"ApplySharedPref"})
    private static void saveEncryptedKeyForAPILessThanM(Context context, String str) throws GeneralSecurityException, IOException {
        SharedPreferences sharedPreferences = context.getSharedPreferences("EncryptedKeysSharedPreferences", 0);
        if (sharedPreferences.getString("EncryptedKeysKeyName", null) == null) {
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            String encodeToString = Base64.encodeToString(rsaEncryptKeyForAPILessThanM(str, bArr), 0);
            SharedPreferences.Editor edit = sharedPreferences.edit();
            edit.putString("EncryptedKeysKeyName", encodeToString);
            edit.commit();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setPurchaseToken(Context context, String str, PurchaseVerification purchaseVerification) {
        try {
            String orderId = !TextUtils.isEmpty(purchaseVerification.getOrderId()) ? purchaseVerification.getOrderId() : NotificationCompat.CATEGORY_PROMO;
            context.getSharedPreferences("SecureSharedPreferences", 0).edit().putString(orderId, encryptData(context, str, purchaseVerification.getPurchaseToken())).apply();
        } catch (Exception e) {
            Timber.e(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setPurchaseVerificationTs(Context context, String str) {
        try {
            SharedPreferences sharedPreferences = context.getSharedPreferences("SecureSharedPreferences", 0);
            sharedPreferences.edit().putString("VerifiedPurchasesTs", encryptData(context, str, Long.toString(System.currentTimeMillis()))).apply();
        } catch (Exception e) {
            Timber.e(e);
        }
    }
}
