package com.yahoo.mail.util;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.yahoo.mobile.client.android.mailsdk.R;
import com.yahoo.mobile.client.share.logging.Log;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* compiled from: Yahoo */
/* loaded from: classes3.dex */
public final class r {
    private static final g.f.g.l d;

    /* renamed from: e, reason: collision with root package name */
    public static final r f10948e = new r();
    private static final c a = new c(null, null, 0, 0, 0, 31);
    private static final b b = new b(null, null, 0, 7);
    private static final m0 c = new m0(null, null, 3);

    static {
        g.f.g.m mVar = new g.f.g.m();
        mVar.b();
        d = mVar.a();
    }

    private r() {
    }

    private final String a(SecretKey secretKey) {
        String encodeToString = Base64.encodeToString(secretKey.getEncoded(), 2);
        kotlin.jvm.internal.l.e(encodeToString, "Base64.encodeToString(key.encoded, Base64.NO_WRAP)");
        String b2 = a.b();
        if (b2 == null) {
            throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
        }
        String lowerCase = b2.toLowerCase();
        kotlin.jvm.internal.l.e(lowerCase, "(this as java.lang.String).toLowerCase()");
        String n2 = d.n(new o(encodeToString, lowerCase, a.c(), a.d()));
        kotlin.jvm.internal.l.e(n2, "gson.toJson(clientKey)");
        return n2;
    }

    private final byte[] c(String str, SecretKey secretKey, byte[] bArr) {
        Cipher cipher = Cipher.getInstance(a.b());
        int d2 = a.d();
        Charset charset = StandardCharsets.UTF_8;
        kotlin.jvm.internal.l.e(charset, "StandardCharsets.UTF_8");
        if (str == null) {
            throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
        }
        byte[] bytes = str.getBytes(charset);
        kotlin.jvm.internal.l.e(bytes, "(this as java.lang.String).getBytes(charset)");
        cipher.init(1, secretKey, new GCMParameterSpec(a.c(), bArr));
        byte[] bArr2 = new byte[cipher.getOutputSize(bytes.length) + d2];
        System.arraycopy(bArr, 0, bArr2, 0, a.d());
        cipher.doFinal(bytes, 0, bytes.length, bArr2, d2);
        return bArr2;
    }

    private final byte[] f(String str, Key key) {
        byte[] bytes = str.getBytes(kotlin.i0.e.a);
        kotlin.jvm.internal.l.e(bytes, "(this as java.lang.String).getBytes(charset)");
        return g(bytes, key);
    }

    private final byte[] g(byte[] bArr, Key key) {
        Cipher cipher = Cipher.getInstance(c.a());
        cipher.init(1, key);
        byte[] doFinal = cipher.doFinal(bArr);
        kotlin.jvm.internal.l.e(doFinal, "cipher.doFinal(data)");
        return doFinal;
    }

    private final SecretKey i() {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(a.e());
        keyGenerator.init(a.a());
        SecretKey generateKey = keyGenerator.generateKey();
        kotlin.jvm.internal.l.e(generateKey, "keygen.generateKey()");
        return generateKey;
    }

    private final byte[] j() {
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[a.d()];
        secureRandom.nextBytes(bArr);
        return bArr;
    }

    public final String b(String encryptedData, String passwordId) throws IllegalStateException {
        kotlin.jvm.internal.l.f(encryptedData, "encryptedData");
        kotlin.jvm.internal.l.f(passwordId, "passwordId");
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(passwordId, null);
            if (entry == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.KeyStore.SecretKeyEntry");
            }
            SecretKey key = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
            kotlin.jvm.internal.l.e(key, "secretKeyEntry.secretKey");
            kotlin.jvm.internal.l.f(encryptedData, "encryptedData");
            kotlin.jvm.internal.l.f(key, "key");
            Cipher cipher = Cipher.getInstance(a.b());
            byte[] decode = Base64.decode(encryptedData, 0);
            cipher.init(2, key, new GCMParameterSpec(a.c(), decode, 0, a.d()));
            byte[] doFinal = cipher.doFinal(decode, a.d(), decode.length - a.d());
            kotlin.jvm.internal.l.e(doFinal, "cipher.doFinal(encrypted…esGcmCipherMode.ivLength)");
            return new String(doFinal, kotlin.i0.e.a);
        } catch (Exception unused) {
            throw new IllegalStateException("Can't retrieve keys from Keystore");
        }
    }

    public final String d(String data, String keyId) throws IllegalStateException {
        kotlin.jvm.internal.l.f(data, "credential");
        kotlin.jvm.internal.l.f(keyId, "keyId");
        Cipher cipher = Cipher.getInstance(a.b());
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(keyId, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build();
            kotlin.jvm.internal.l.e(build, "KeyGenParameterSpec.Buil…\n                .build()");
            keyGenerator.init(build);
            SecretKey key = keyGenerator.generateKey();
            kotlin.jvm.internal.l.e(key, "keyGenerator.generateKey()");
            cipher.init(1, key);
            kotlin.jvm.internal.l.f(data, "data");
            kotlin.jvm.internal.l.f(key, "key");
            Cipher cipher2 = Cipher.getInstance(a.b());
            int d2 = a.d();
            Charset charset = StandardCharsets.UTF_8;
            kotlin.jvm.internal.l.e(charset, "StandardCharsets.UTF_8");
            byte[] bytes = data.getBytes(charset);
            kotlin.jvm.internal.l.e(bytes, "(this as java.lang.String).getBytes(charset)");
            cipher2.init(1, key);
            kotlin.jvm.internal.l.e(cipher2, "cipher");
            byte[] iv = cipher2.getIV();
            byte[] bArr = new byte[cipher2.getOutputSize(bytes.length) + d2];
            System.arraycopy(iv, 0, bArr, 0, a.d());
            cipher2.doFinal(bytes, 0, bytes.length, bArr, iv.length);
            String encodeToString = Base64.encodeToString(bArr, 0);
            kotlin.jvm.internal.l.e(encodeToString, "Base64.encodeToString(ivCTAndTag, Base64.DEFAULT)");
            return encodeToString;
        } catch (Exception e2) {
            StringBuilder r1 = g.b.c.a.a.r1("Fail to generate key, with error: ");
            r1.append(e2.getMessage());
            Log.i("EncryptionUtil", r1.toString());
            throw new IllegalStateException("Can't generate key in keystore ");
        }
    }

    public final EncryptedPushToken e(String data, PublicKey publicRSAKey) {
        kotlin.jvm.internal.l.f(data, "pushToken");
        kotlin.jvm.internal.l.f(publicRSAKey, "publicRSAKey");
        SecretKey key = i();
        kotlin.jvm.internal.l.f(data, "data");
        kotlin.jvm.internal.l.f(key, "key");
        Cipher cipher = Cipher.getInstance(b.a());
        cipher.init(1, key);
        byte[] bytes = data.getBytes(kotlin.i0.e.a);
        kotlin.jvm.internal.l.e(bytes, "(this as java.lang.String).getBytes(charset)");
        String encodeToString = Base64.encodeToString(cipher.doFinal(bytes), 0);
        kotlin.jvm.internal.l.e(encodeToString, "Base64.encodeToString(en…ptedData, Base64.DEFAULT)");
        byte[] encoded = key.getEncoded();
        kotlin.jvm.internal.l.e(encoded, "aesKey.encoded");
        String encryptedAesKey = Base64.encodeToString(g(encoded, publicRSAKey), 2);
        kotlin.jvm.internal.l.e(encryptedAesKey, "encryptedAesKey");
        return new EncryptedPushToken(encodeToString, encryptedAesKey);
    }

    public final q h(String data, n accountData, Key providerPublicKey, Key deviceTokenPublicKey) {
        kotlin.jvm.internal.l.f(data, "data");
        kotlin.jvm.internal.l.f(accountData, "accountData");
        kotlin.jvm.internal.l.f(providerPublicKey, "providerPublicKey");
        kotlin.jvm.internal.l.f(deviceTokenPublicKey, "deviceTokenPublicKey");
        SecretKey i2 = i();
        String n2 = d.n(accountData);
        kotlin.jvm.internal.l.e(n2, "gson.toJson(accountData)");
        SecretKey i3 = i();
        String encryptedCred = Base64.encodeToString(c(data, i3, j()), 2);
        String encryptedESK = Base64.encodeToString(f(a(i3), providerPublicKey), 2);
        String encryptedAccountData = Base64.encodeToString(c(n2, i3, j()), 2);
        kotlin.jvm.internal.l.e(encryptedESK, "encryptedESK");
        kotlin.jvm.internal.l.e(encryptedCred, "encryptedCred");
        kotlin.jvm.internal.l.e(encryptedAccountData, "encryptedAccountData");
        String n3 = d.n(new p(encryptedESK, encryptedCred, encryptedAccountData));
        kotlin.jvm.internal.l.e(n3, "gson.toJson(envelop)");
        String encryptedCredL2 = Base64.encodeToString(c(n3, i2, j()), 2);
        String encryptedDevToken = Base64.encodeToString(f(a(i2), deviceTokenPublicKey), 2);
        kotlin.jvm.internal.l.e(encryptedCredL2, "encryptedCredL2");
        kotlin.jvm.internal.l.e(encryptedDevToken, "encryptedDevToken");
        return new q(encryptedCredL2, encryptedDevToken);
    }

    public final PublicKey k(String key) throws InvalidKeySpecException {
        kotlin.jvm.internal.l.f(key, "key");
        byte[] bytes = key.getBytes(kotlin.i0.e.a);
        kotlin.jvm.internal.l.e(bytes, "(this as java.lang.String).getBytes(charset)");
        PublicKey generatePublic = KeyFactory.getInstance(c.b()).generatePublic(new X509EncodedKeySpec(Base64.decode(bytes, 0)));
        kotlin.jvm.internal.l.e(generatePublic, "KeyFactory.getInstance(r…ratePublic(x509publicKey)");
        return generatePublic;
    }

    public final PublicKey l(Context appContext) {
        kotlin.jvm.internal.l.f(appContext, "appContext");
        InputStream openRawResource = appContext.getResources().openRawResource(R.raw.pushtoken_pub);
        kotlin.jvm.internal.l.e(openRawResource, "appContext.resources.ope…urce(R.raw.pushtoken_pub)");
        o.k d2 = o.v.d(o.v.k(openRawResource));
        kotlin.jvm.internal.l.e(d2, "Okio.buffer(Okio.source(res))");
        PublicKey generatePublic = KeyFactory.getInstance(c.b()).generatePublic(new X509EncodedKeySpec(d2.q()));
        kotlin.jvm.internal.l.e(generatePublic, "KeyFactory.getInstance(r…e.key).generatePublic(ks)");
        return generatePublic;
    }

    public final void m(String keyId) {
        kotlin.jvm.internal.l.f(keyId, "keyId");
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry(keyId);
        } catch (KeyStoreException unused) {
            Log.i("EncryptionUtil", "Fail to remove key from Keystore");
        }
    }
}
