package b.a.c.f.k0;

import ai.clova.cic.clientlib.exoplayer2.text.ttml.TtmlNode;
import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import db.h.c.p;
import db.h.c.r;
import db.m.w;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.util.Calendar;
import java.util.List;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.Lazy;
import kotlin.LazyKt__LazyJVMKt;

/* loaded from: classes4.dex */
public final class b implements d {

    /* renamed from: b, reason: collision with root package name */
    public final Lazy f9612b;
    public final Lazy c;
    public final Context d;

    /* loaded from: classes4.dex */
    public static final class a extends r implements db.h.b.a<KeyStore> {
        public static final a a = new a();

        public a() {
            super(0);
        }

        @Override // db.h.b.a
        public KeyStore invoke() {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore;
        }
    }

    /* renamed from: b.a.c.f.k0.b$b, reason: collision with other inner class name */
    /* loaded from: classes4.dex */
    public static final class C1312b extends r implements db.h.b.a<b.a.c.f.j0.b> {
        public C1312b() {
            super(0);
        }

        @Override // db.h.b.a
        public b.a.c.f.j0.b invoke() {
            return new b.a.c.f.j0.b(b.this.d);
        }
    }

    public b(Context context) {
        p.e(context, "context");
        this.d = context;
        this.f9612b = LazyKt__LazyJVMKt.lazy(a.a);
        this.c = LazyKt__LazyJVMKt.lazy(new C1312b());
        if (!c().containsAlias("com.linecorp.linepay.security.AesCipherWorkAround")) {
            d().b("SECURE_PREFERENCE_ENCRYPTED_AES_KEY", null);
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 99);
            KeyPairGeneratorSpec.Builder serialNumber = new KeyPairGeneratorSpec.Builder(context).setAlias("com.linecorp.linepay.security.AesCipherWorkAround").setSubject(new X500Principal("CN=com.linecorp.linepay.security.AesCipherWorkAround")).setSerialNumber(BigInteger.TEN);
            p.d(calendar, TtmlNode.START);
            KeyPairGeneratorSpec.Builder startDate = serialNumber.setStartDate(calendar.getTime());
            p.d(calendar2, TtmlNode.END);
            KeyPairGeneratorSpec build = startDate.setEndDate(calendar2.getTime()).build();
            p.d(build, "KeyPairGeneratorSpecBuil…ime)\n            .build()");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
        }
        if (((String) d().a("SECURE_PREFERENCE_ENCRYPTED_AES_KEY", null, String.class)) != null) {
            return;
        }
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        KeyStore.Entry entry = c().getEntry("com.linecorp.linepay.security.AesCipherWorkAround", null);
        Objects.requireNonNull(entry, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        Certificate certificate = ((KeyStore.PrivateKeyEntry) entry).getCertificate();
        p.d(certificate, "privateKeyEntry.certificate");
        cipher.init(3, certificate.getPublicKey());
        byte[] wrap = cipher.wrap(secretKeySpec);
        p.d(wrap, "Cipher.getInstance(RSA_M…wrap(secretKey)\n        }");
        d().b("SECURE_PREFERENCE_ENCRYPTED_AES_KEY", Base64.encodeToString(wrap, 0));
    }

    @Override // b.a.c.f.k0.d
    public String a(String str) throws b.a.c.f.k0.e.c {
        p.e(str, "plainText");
        byte[] bArr = new byte[12];
        new SecureRandom().nextBytes(bArr);
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, e(), new GCMParameterSpec(128, bArr));
            byte[] bytes = str.getBytes(db.m.a.a);
            p.d(bytes, "(this as java.lang.String).getBytes(charset)");
            byte[] doFinal = cipher.doFinal(bytes);
            p.d(doFinal, "encodedBytes");
            p.e(doFinal, "$this$encodeBase64");
            p.e(doFinal, "$this$encodeBase64");
            String encodeToString = Base64.encodeToString(doFinal, 2);
            p.d(encodeToString, "Base64.encodeToString(this, Base64.NO_WRAP)");
            p.e(bArr, "$this$encodeBase64");
            p.e(bArr, "$this$encodeBase64");
            String encodeToString2 = Base64.encodeToString(bArr, 2);
            p.d(encodeToString2, "Base64.encodeToString(this, Base64.NO_WRAP)");
            return new c(encodeToString, encodeToString2).toString();
        } catch (Exception e) {
            throw new b.a.c.f.k0.e.c("Failed to encrypt!", e);
        }
    }

    @Override // b.a.c.f.k0.d
    public String b(String str) throws b.a.c.f.k0.e.b {
        p.e(str, "encryptedEncodedText");
        p.e(str, "encryptedData");
        List i02 = w.i0(str, new String[]{";"}, false, 0, 6);
        if (!(i02.size() == 2)) {
            i02 = null;
        }
        if (i02 == null) {
            throw new IllegalArgumentException(b.e.b.a.a.M("Failed to split encrypted text `", str, '`'));
        }
        String str2 = (String) i02.get(0);
        String str3 = (String) i02.get(1);
        p.e(str2, "encryptedString");
        p.e(str3, "initialVector");
        p.e(str2, "$this$decodeBase64");
        p.e(str2, "$this$decodeBase64");
        byte[] decode = Base64.decode(str2, 2);
        p.d(decode, "Base64.decode(this, Base64.NO_WRAP)");
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            Key e = e();
            p.e(str3, "$this$decodeBase64");
            p.e(str3, "$this$decodeBase64");
            byte[] decode2 = Base64.decode(str3, 2);
            p.d(decode2, "Base64.decode(this, Base64.NO_WRAP)");
            cipher.init(2, e, new GCMParameterSpec(128, decode2));
            byte[] doFinal = cipher.doFinal(decode);
            p.d(doFinal, "decryptedBytes");
            return new String(doFinal, db.m.a.a);
        } catch (Exception e2) {
            throw new b.a.c.f.k0.e.c("Failed to decrypt!", e2);
        }
    }

    public final KeyStore c() {
        return (KeyStore) this.f9612b.getValue();
    }

    public final b.a.c.f.j0.b d() {
        return (b.a.c.f.j0.b) this.c.getValue();
    }

    public final Key e() throws Exception {
        String str = (String) d().a("SECURE_PREFERENCE_ENCRYPTED_AES_KEY", null, String.class);
        if (str == null) {
            throw new IllegalStateException("No key for aes encryption found!");
        }
        byte[] decode = Base64.decode(str, 0);
        p.d(decode, "Base64.decode(storedAesKey, Base64.DEFAULT)");
        KeyStore.Entry entry = c().getEntry("com.linecorp.linepay.security.AesCipherWorkAround", null);
        Objects.requireNonNull(entry, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(4, ((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
        Key unwrap = cipher.unwrap(decode, "AES", 3);
        p.d(unwrap, "Cipher.getInstance(RSA_M…her.SECRET_KEY)\n        }");
        return unwrap;
    }
}
