package com.paypal.android.foundation.core.security;

import android.annotation.TargetApi;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.support.annotation.RequiresApi;
import android.support.annotation.VisibleForTesting;
import android.util.Base64;
import com.paypal.android.foundation.core.CommonContracts;
import com.paypal.android.foundation.core.FoundationCore;
import com.paypal.android.foundation.core.log.DebugLogger;
import io.fabric.sdk.android.services.common.CommonUtils;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
public abstract class BaseSecureKeyWrapper implements SecureKeyWrapper {
    private static final String AES_CBC_PKCS5_ALGORITHM = "AES/CBC/PKCS5Padding";
    private static final String ALGORITHM = "EC";
    static final String ANDROID_KEYSTORE = "AndroidKeyStore";
    private static final int CIPHER_IV_SIZE_IN_BYTES = 16;
    private static final String EC_CURVE = "secp256r1";
    private static final DebugLogger L = DebugLogger.getLogger(BaseSecureKeyWrapper.class);
    private static final String PKI_ALGORITHM = "SHA256withECDSA";
    protected static final String RSA_ALGORITHM = "RSA";
    private static final String RSA_PKCS1_ALGORITHM = "RSA/ECB/PKCS1Padding";

    public static String decryptDataUsingCipher(@NonNull String str, @NonNull Cipher cipher) {
        CommonContracts.requireNonEmptyString(str);
        CommonContracts.requireNonNull(cipher);
        try {
            L.debug("decryptData: base64EncryptedDataPrefixedByIv is : " + str, new Object[0]);
            byte[] decode = Base64.decode(str, 0);
            byte[] bArr = new byte[16];
            byte[] bArr2 = new byte[decode.length - 16];
            System.arraycopy(decode, 0, bArr, 0, bArr.length);
            System.arraycopy(decode, bArr.length, bArr2, 0, bArr2.length);
            String str2 = new String(cipher.doFinal(bArr2));
            L.debug("decryptData: Returning decrypted data : " + str2, new Object[0]);
            return str2;
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            L.error("decryptData: Exception", e);
            return null;
        }
    }

    public static String encryptDataUsingCipher(@NonNull String str, @NonNull Cipher cipher) {
        CommonContracts.requireNonEmptyString(str);
        CommonContracts.requireNonNull(cipher);
        try {
            byte[] doFinal = cipher.doFinal(str.getBytes());
            byte[] bArr = new byte[doFinal.length + 16];
            System.arraycopy(cipher.getIV(), 0, bArr, 0, 16);
            System.arraycopy(doFinal, 0, bArr, 16, doFinal.length);
            return Base64.encodeToString(bArr, 0);
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            L.error("Error while encrypting data: Exception", e);
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] getDecryptionIv(@NonNull String str) {
        if (str == null) {
            L.error("getDecryptionIv: base64EncryptedDataPrefixedByIv is null !", new Object[0]);
            return null;
        }
        byte[] decode = Base64.decode(str, 0);
        L.debug("getDecryptionIv: encryptedDataPrefixByIv is : " + Arrays.toString(decode), new Object[0]);
        byte[] bArr = new byte[16];
        System.arraycopy(decode, 0, bArr, 0, bArr.length);
        return bArr;
    }

    private PrivateKey getPrivateKey(@NonNull String str) {
        CommonContracts.requireNonEmptyString(str);
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                return ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
            }
            L.debug("Not an instance of a PrivateKeyEntry", new Object[0]);
            return null;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            L.error("Exception in retrieving Private key", e);
            throw new RuntimeException(e);
        }
    }

    @NonNull
    private PublicKey getPublicKey(@NonNull String str) {
        CommonContracts.requireNonEmptyString(str);
        try {
            return KeyFactory.getInstance(ALGORITHM).generatePublic(new X509EncodedKeySpec(Base64.decode(str, 9)));
        } catch (Exception e) {
            e.printStackTrace();
            L.debug("exception in generating public key " + e.getMessage(), new Object[0]);
            return null;
        }
    }

    private PublicKey getPublicKeyForEncryption(@NonNull String str) {
        CommonContracts.requireNonEmptyString(str);
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
            keyStore.load(null);
            Certificate certificate = keyStore.getCertificate(str);
            if (certificate == null) {
                return null;
            }
            return certificate.getPublicKey();
        } catch (Exception e) {
            L.error("Exception in retrieving Public key", e);
            CommonContracts.ensureShouldNeverReachHere();
            return null;
        }
    }

    @NonNull
    @TargetApi(18)
    private byte[] signDataUsingSignatureObject(@NonNull Signature signature, @NonNull byte[] bArr) {
        CommonContracts.requireNonNull(signature);
        CommonContracts.requireNonNull(bArr);
        try {
            signature.update(bArr);
            return signature.sign();
        } catch (SignatureException e) {
            e.printStackTrace();
            L.error("signDataUsingSignatureObject : Exception in signDataUsingSignatureObject", e);
            throw new RuntimeException(e);
        }
    }

    @Override // com.paypal.android.foundation.core.security.SecureKeyWrapper
    public String base64AndUrlSafeEncodedStringFromBytes(@NonNull byte[] bArr) {
        String str = new String(Base64.encode(bArr, 11));
        L.debug("Base64+URL Safe String: " + str, new Object[0]);
        return str;
    }

    @Override // com.paypal.android.foundation.core.security.SecureKeyWrapper
    @RequiresApi(18)
    public String decryptString(@NonNull String str, @NonNull String str2) {
        CommonContracts.requireNonEmptyString(str);
        CommonContracts.requireNonEmptyString(str2);
        try {
            Cipher cipher = Cipher.getInstance(RSA_PKCS1_ALGORITHM);
            cipher.init(2, getPrivateKey(str));
            byte[] doFinal = cipher.doFinal(Base64.decode(str2, 0));
            if (doFinal != null) {
                return new String(doFinal);
            }
            return null;
        } catch (Exception e) {
            L.error("Exception in decrypting String", e.getLocalizedMessage());
            return null;
        }
    }

    @Override // com.paypal.android.foundation.core.security.SecureKeyWrapper
    @RequiresApi(18)
    public String decryptStringUsingAES(@NonNull SecretKey secretKey, @NonNull String str) {
        CommonContracts.requireNonNull(secretKey);
        CommonContracts.requireNonEmptyString(str);
        try {
            Cipher cipher = Cipher.getInstance(AES_CBC_PKCS5_ALGORITHM);
            cipher.init(2, secretKey, new IvParameterSpec(getDecryptionIv(str)));
            return decryptDataUsingCipher(str, cipher);
        } catch (Exception e) {
            L.error("Exception in creating cipher for decrypting String", e.getLocalizedMessage());
            return null;
        }
    }

    @Override // com.paypal.android.foundation.core.security.SecureKeyWrapper
    @TargetApi(23)
    public void deleteAsymmetricKey(@NonNull String str) {
        CommonContracts.requireNonEmptyString(str);
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
            keyStore.load(null);
            keyStore.deleteEntry(str);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            L.error("Exception while deleting key" + e.getMessage(), new Object[0]);
        }
    }

    @Override // com.paypal.android.foundation.core.security.SecureKeyWrapper
    @RequiresApi(18)
    public String encryptString(@NonNull String str, @NonNull String str2) {
        CommonContracts.requireNonEmptyString(str);
        CommonContracts.requireNonEmptyString(str2);
        try {
            Cipher cipher = Cipher.getInstance(RSA_PKCS1_ALGORITHM);
            cipher.init(1, getPublicKeyForEncryption(str));
            return Base64.encodeToString(cipher.doFinal(str2.getBytes()), 0);
        } catch (Exception e) {
            L.error("Exception in encrypting String", e);
            CommonContracts.ensureShouldNeverReachHere();
            return null;
        }
    }

    @Override // com.paypal.android.foundation.core.security.SecureKeyWrapper
    @RequiresApi(18)
    public String encryptStringUsingAES(@NonNull SecretKey secretKey, @NonNull String str) {
        CommonContracts.requireNonNull(secretKey);
        CommonContracts.requireNonEmptyString(str);
        try {
            Cipher cipher = Cipher.getInstance(AES_CBC_PKCS5_ALGORITHM);
            cipher.init(1, secretKey);
            L.debug("IV size : " + cipher.getIV().length, new Object[0]);
            try {
                return encryptDataUsingCipher(str, cipher);
            } catch (RuntimeException e) {
                L.error("Exception in encrypting String", e);
                CommonContracts.ensureShouldNeverReachHere();
                return null;
            }
        } catch (Exception e2) {
            L.error("Exception in creating cipher for encrypting String", e2);
            CommonContracts.ensureShouldNeverReachHere();
            return null;
        }
    }

    @Override // com.paypal.android.foundation.core.security.SecureKeyWrapper
    @NonNull
    @RequiresApi(18)
    public SecretKey generateAESSecretKey() throws RuntimeException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(new SecureRandom());
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            L.error("Exception in generateAESSecretKey", e);
            CommonContracts.ensureShouldNeverReachHere();
            throw new RuntimeException(e);
        }
    }

    @Override // com.paypal.android.foundation.core.security.SecureKeyWrapper
    @RequiresApi(18)
    @Nullable
    public PublicKey generatePublicKey(@NonNull String str) throws RuntimeException {
        CommonContracts.requireNonNull(str);
        PublicKey publicKeyForEncryption = getPublicKeyForEncryption(str);
        if (publicKeyForEncryption != null) {
            return publicKeyForEncryption;
        }
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        calendar.add(1, 1);
        Date time2 = calendar.getTime();
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA_ALGORITHM, ANDROID_KEYSTORE);
            keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(FoundationCore.appContext()).setAlias(str).setStartDate(time).setEndDate(time2).setSerialNumber(BigInteger.valueOf(1L)).setSubject(new X500Principal("CN=" + str)).build());
            PublicKey publicKey = keyPairGenerator.generateKeyPair().getPublic();
            L.debug("publicKey: " + publicKey.toString(), new Object[0]);
            return publicKey;
        } catch (Exception e) {
            L.error("Exception in generatePublicKey", e);
            CommonContracts.ensureShouldNeverReachHere();
            return null;
        }
    }

    @NonNull
    @TargetApi(23)
    public PublicKey generatePublicKey(@NonNull String str, boolean z) {
        CommonContracts.requireNonNull(str);
        if (Build.VERSION.SDK_INT < 23) {
            throw new RuntimeException("Feature only supported for versions Android-M and above");
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM, ANDROID_KEYSTORE);
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 4).setAlgorithmParameterSpec(new ECGenParameterSpec(EC_CURVE)).setDigests(CommonUtils.SHA256_INSTANCE).setUserAuthenticationRequired(z).build());
            return keyPairGenerator.generateKeyPair().getPublic();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            L.error("Exception in generateAsymmetricKeyPairAndGetPublicKey", e);
            throw new RuntimeException(e);
        }
    }

    @Override // com.paypal.android.foundation.core.security.SecureKeyWrapper
    @NonNull
    @TargetApi(23)
    public Signature generateSignature(@NonNull String str) {
        CommonContracts.requireNonEmptyString(str);
        Signature signature = null;
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
            keyStore.load(null);
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, null);
            signature = Signature.getInstance(PKI_ALGORITHM);
            signature.initSign(privateKey);
            return signature;
        } catch (IOException e) {
            e = e;
            L.error("generateSignature : Exception in generateSignature" + e, new Object[0]);
            throw new RuntimeException(e);
        } catch (InvalidKeyException e2) {
            e = e2;
            L.error("generateSignature : Exception in generateSignature" + e, new Object[0]);
            throw new RuntimeException(e);
        } catch (KeyStoreException e3) {
            e = e3;
            L.error("generateSignature : Exception in generateSignature" + e, new Object[0]);
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            L.error("generateSignature : Exception in generateSignature" + e, new Object[0]);
            throw new RuntimeException(e);
        } catch (UnrecoverableEntryException e5) {
            e = e5;
            L.error("generateSignature : Exception in generateSignature" + e, new Object[0]);
            throw new RuntimeException(e);
        } catch (CertificateException e6) {
            e = e6;
            L.error("generateSignature : Exception in generateSignature" + e, new Object[0]);
            throw new RuntimeException(e);
        } catch (Exception e7) {
            if (Build.VERSION.SDK_INT < 23 || !"android.security.keystore.UserNotAuthenticatedException".equals(e7.getClass().getName())) {
                throw new RuntimeException(e7);
            }
            L.debug("generateSignature : UserNotAuthenticatedException in generateSignature", e7);
            return signature;
        }
    }

    @Override // com.paypal.android.foundation.core.security.SecureKeyWrapper
    @NonNull
    public String signDataUsingSignatureObjectAndBase64Encode(@NonNull Signature signature, @NonNull String str) {
        CommonContracts.requireNonNull(signature);
        CommonContracts.requireNonNull(str);
        String base64AndUrlSafeEncodedStringFromBytes = base64AndUrlSafeEncodedStringFromBytes(signDataUsingSignatureObject(signature, str.getBytes()));
        L.debug("encoded Signature String: " + base64AndUrlSafeEncodedStringFromBytes, new Object[0]);
        return base64AndUrlSafeEncodedStringFromBytes;
    }

    @Override // com.paypal.android.foundation.core.security.SecureKeyWrapper
    @VisibleForTesting
    @NonNull
    public boolean verifySignatureUsingPublicKey(@NonNull String str, @NonNull byte[] bArr, @NonNull String str2) {
        CommonContracts.requireNonNull(str);
        CommonContracts.requireNonNull(bArr);
        CommonContracts.requireNonNull(str2);
        try {
            Signature signature = Signature.getInstance(PKI_ALGORITHM);
            L.debug("s.getProvider(): " + signature.getProvider(), new Object[0]);
            signature.initVerify(getPublicKey(str));
            signature.update(bArr);
            boolean verify = signature.verify(Base64.decode(str2, 11));
            L.debug("isVerified: " + verify, new Object[0]);
            L.debug("signature verification result: " + verify, new Object[0]);
            return verify;
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            L.error("verifySignatureUsingPublicKey : Exception in verifySignatureUsingPublicKey", e);
            return false;
        }
    }
}
