package com.interpark.library.openid.security;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.annotation.RequiresApi;
import com.interpark.library.debugtool.log.TimberUtil;
import com.interpark.library.openid.domain.constants.RequestField;
import com.xshield.dc;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.List;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.collections.CollectionsKt___CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.StringsKt__StringsJVMKt;
import kotlin.text.StringsKt__StringsKt;
import kotlin.text.StringsKt___StringsKt;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

@Metadata(d1 = {"\u0000L\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\u0003\bÆ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\n\u0010\n\u001a\u0004\u0018\u00010\u000bH\u0007J\b\u0010\f\u001a\u00020\rH\u0003J \u0010\u000e\u001a\u00020\u000f2\b\u0010\u0010\u001a\u0004\u0018\u00010\u00112\u0006\u0010\u0012\u001a\u00020\u00042\u0006\u0010\u0013\u001a\u00020\u0004J \u0010\u0014\u001a\u00020\u000f2\b\u0010\u0010\u001a\u0004\u0018\u00010\u00112\u0006\u0010\u0015\u001a\u00020\u00042\u0006\u0010\u0013\u001a\u00020\u0004J\u0014\u0010\u0016\u001a\u0004\u0018\u00010\u00172\b\u0010\u0010\u001a\u0004\u0018\u00010\u0011H\u0002J \u0010\u0018\u001a\u0010\u0012\u0006\u0012\u0004\u0018\u00010\u001a\u0012\u0004\u0012\u00020\u001b0\u00192\b\u0010\u0010\u001a\u0004\u0018\u00010\u0011H\u0002J \u0010\u001c\u001a\u0010\u0012\u0006\u0012\u0004\u0018\u00010\u001a\u0012\u0004\u0012\u00020\u001b0\u00192\b\u0010\u0010\u001a\u0004\u0018\u00010\u0011H\u0002J\u0010\u0010\u001d\u001a\u00020\u001e2\u0006\u0010\u0010\u001a\u00020\u0011H\u0002J\u0010\u0010\u001f\u001a\u00020\u001e2\u0006\u0010\u0010\u001a\u00020\u0011H\u0002J\b\u0010 \u001a\u00020\u001eH\u0003R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\u0004X\u0082\u000e¢\u0006\u0002\n\u0000¨\u0006!"}, d2 = {"Lcom/interpark/library/openid/security/OpenIdKeystoreManager;", "", "()V", "CIPHER_ALGORITHM", "", "CIPHER_ALGORITHM_BIOMETRIC", "KEY_BIOMETRIC_SECRET", "KEY_STORE_PROVIDER", "SPLIT_CHAR", "keyAlias", "getBiometricCipher", "Ljavax/crypto/Cipher;", "getBiometricSecretKey", "Ljavax/crypto/SecretKey;", "getDecryptedIdToken", "Lcom/interpark/library/openid/security/KeystoreIdToken;", "context", "Landroid/content/Context;", "encryptedIdToken", "tag", "getEncryptedIdToken", RequestField.ID_TOKEN, "getKeyStore", "Ljava/security/KeyStore;", "getPrivateKey", "Lkotlin/Pair;", "Ljava/security/Key;", "", "getPublicKey", "initAndroidK", "", "initAndroidM", "initBiometricSecretKey", "security_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
/* loaded from: classes4.dex */
public final class OpenIdKeystoreManager {

    @NotNull
    private static final String CIPHER_ALGORITHM = "RSA/ECB/PKCS1Padding";

    @NotNull
    private static final String CIPHER_ALGORITHM_BIOMETRIC = "AES/CBC/PKCS7Padding";

    @NotNull
    private static final String KEY_BIOMETRIC_SECRET = "InterparkBiometricKey";

    @NotNull
    private static final String KEY_STORE_PROVIDER = "AndroidKeyStore";

    @NotNull
    private static final String SPLIT_CHAR = "~";

    @NotNull
    public static final OpenIdKeystoreManager INSTANCE = new OpenIdKeystoreManager();

    @NotNull
    private static String keyAlias = "";

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private OpenIdKeystoreManager() {
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @RequiresApi(23)
    private final SecretKey getBiometricSecretKey() {
        KeyStore keyStore = KeyStore.getInstance(dc.m882(-2003012097));
        keyStore.load(null);
        String m872 = dc.m872(137456060);
        if (!keyStore.containsAlias(m872)) {
            initBiometricSecretKey();
        }
        Key key = keyStore.getKey(m872, null);
        Objects.requireNonNull(key, dc.m875(1702772413));
        return (SecretKey) key;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private final KeyStore getKeyStore(Context context) {
        if (context == null) {
            return null;
        }
        String packageName = context.getPackageName();
        Intrinsics.checkNotNullExpressionValue(packageName, dc.m873(1280227939));
        keyAlias = StringsKt__StringsJVMKt.replace$default(StringsKt__StringsJVMKt.replace$default(packageName, dc.m871(-976557031), "", false, 4, (Object) null), dc.m873(1280040091), "", false, 4, (Object) null);
        try {
            KeyStore keyStore = KeyStore.getInstance(KEY_STORE_PROVIDER);
            keyStore.load(null);
            if (!keyStore.containsAlias(keyAlias)) {
                if (Build.VERSION.SDK_INT >= 23) {
                    initAndroidM(context);
                } else {
                    initAndroidK(context);
                }
            }
            return keyStore;
        } catch (Exception e2) {
            TimberUtil.e(e2);
            return null;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private final Pair<Key, Integer> getPrivateKey(Context context) {
        KeyStore.Entry entry;
        PrivateKey privateKey;
        Key key;
        int intValue = getPublicKey(context).getSecond().intValue();
        KeyStore keyStore = getKeyStore(context);
        PrivateKey privateKey2 = null;
        if (intValue != 0) {
            if (intValue == 1) {
                if (keyStore == null) {
                    key = null;
                } else {
                    try {
                        key = keyStore.getKey(keyAlias, null);
                    } catch (Exception e2) {
                        TimberUtil.e(e2);
                    }
                }
                if (key instanceof PrivateKey) {
                    privateKey = (PrivateKey) key;
                }
            }
            return new Pair<>(privateKey2, Integer.valueOf(intValue));
        }
        if (keyStore == null) {
            entry = null;
        } else {
            try {
                entry = keyStore.getEntry(keyAlias, null);
            } catch (Exception e3) {
                TimberUtil.e(e3);
            }
        }
        KeyStore.PrivateKeyEntry privateKeyEntry = entry instanceof KeyStore.PrivateKeyEntry ? (KeyStore.PrivateKeyEntry) entry : null;
        if (privateKeyEntry == null) {
            return new Pair<>(privateKey2, Integer.valueOf(intValue));
        }
        privateKey = privateKeyEntry.getPrivateKey();
        privateKey2 = privateKey;
        return new Pair<>(privateKey2, Integer.valueOf(intValue));
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private final Pair<Key, Integer> getPublicKey(Context context) {
        PublicKey publicKey;
        KeyStore.Entry entry;
        Certificate certificate;
        KeyStore keyStore = getKeyStore(context);
        int i2 = 1;
        PublicKey publicKey2 = null;
        if (keyStore == null) {
            entry = null;
        } else {
            try {
                entry = keyStore.getEntry(keyAlias, null);
            } catch (Exception e2) {
                TimberUtil.e(e2);
                if (keyStore != null) {
                    try {
                        Certificate certificate2 = keyStore.getCertificate(keyAlias);
                        if (certificate2 != null) {
                            publicKey = certificate2.getPublicKey();
                        }
                    } catch (Exception e3) {
                        TimberUtil.e(e3);
                    }
                }
            }
        }
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            publicKey2 = ((KeyStore.PrivateKeyEntry) entry).getCertificate().getPublicKey();
            i2 = 0;
            return new Pair<>(publicKey2, Integer.valueOf(i2));
        }
        if (keyStore != null && (certificate = keyStore.getCertificate(keyAlias)) != null) {
            publicKey = certificate.getPublicKey();
            publicKey2 = publicKey;
        }
        return new Pair<>(publicKey2, Integer.valueOf(i2));
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private final void initAndroidK(Context context) {
        try {
            if (Build.VERSION.SDK_INT >= 19) {
                Calendar calendar = Calendar.getInstance();
                Calendar calendar2 = Calendar.getInstance();
                calendar2.add(1, 25);
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", KEY_STORE_PROVIDER);
                keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(context).setKeySize(4096).setAlias(keyAlias).setSubject(new X500Principal(Intrinsics.stringPlus("CN=", keyAlias))).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build());
                keyPairGenerator.generateKeyPair();
            }
        } catch (Exception e2) {
            TimberUtil.e(e2);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private final void initAndroidM(Context context) {
        try {
            if (Build.VERSION.SDK_INT >= 23) {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", KEY_STORE_PROVIDER);
                keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(keyAlias, 3).setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(4096, RSAKeyGenParameterSpec.F4)).setBlockModes("CBC").setEncryptionPaddings("PKCS1Padding").setDigests("SHA-512", "SHA-384", "SHA-256").setUserAuthenticationRequired(false).build());
                keyPairGenerator.generateKeyPair();
            }
        } catch (Exception e2) {
            TimberUtil.e(e2);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @RequiresApi(23)
    private final void initBiometricSecretKey() {
        try {
            KeyGenParameterSpec.Builder userAuthenticationRequired = new KeyGenParameterSpec.Builder(KEY_BIOMETRIC_SECRET, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setUserAuthenticationRequired(true);
            Intrinsics.checkNotNullExpressionValue(userAuthenticationRequired, "Builder(\n               …henticationRequired(true)");
            int i2 = Build.VERSION.SDK_INT;
            if (i2 >= 30) {
                userAuthenticationRequired.setUserAuthenticationParameters(0, 2);
            } else {
                userAuthenticationRequired.setUserAuthenticationValidityDurationSeconds(-1);
            }
            if (i2 >= 24) {
                userAuthenticationRequired.setInvalidatedByBiometricEnrollment(true);
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", KEY_STORE_PROVIDER);
            keyGenerator.init(userAuthenticationRequired.build());
            keyGenerator.generateKey();
        } catch (Exception e2) {
            TimberUtil.e(e2);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @RequiresApi(24)
    @Nullable
    public final Cipher getBiometricCipher() {
        try {
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM_BIOMETRIC);
            cipher.init(1, getBiometricSecretKey());
            return cipher;
        } catch (Exception e2) {
            TimberUtil.e(e2);
            return null;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @NotNull
    public final KeystoreIdToken getDecryptedIdToken(@Nullable Context context, @NotNull String encryptedIdToken, @NotNull String tag) {
        Intrinsics.checkNotNullParameter(encryptedIdToken, dc.m872(137434628));
        Intrinsics.checkNotNullParameter(tag, dc.m874(1567494382));
        if (encryptedIdToken.length() == 0) {
            return new KeystoreIdToken("", "토큰 없음");
        }
        try {
            Pair<Key, Integer> privateKey = getPrivateKey(context);
            Key first = privateKey.getFirst();
            int intValue = privateKey.getSecond().intValue();
            if (first != null) {
                StringBuffer stringBuffer = new StringBuffer();
                for (String str : StringsKt__StringsKt.split$default((CharSequence) encryptedIdToken, new String[]{SPLIT_CHAR}, false, 0, 6, (Object) null)) {
                    Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
                    cipher.init(2, first);
                    Charset forName = Charset.forName("UTF-8");
                    Intrinsics.checkNotNullExpressionValue(forName, "forName(\"UTF-8\")");
                    byte[] bytes = str.getBytes(forName);
                    Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
                    byte[] doFinal = cipher.doFinal(Base64.decode(bytes, 0));
                    Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(decryptedBytes)");
                    stringBuffer.append(new String(doFinal, Charsets.UTF_8));
                }
                String stringBuffer2 = stringBuffer.toString();
                Intrinsics.checkNotNullExpressionValue(stringBuffer2, "idToken.toString()");
                return new KeystoreIdToken(StringsKt__StringsKt.trim((CharSequence) stringBuffer2).toString(), "keystore 복호화 성공 (" + intValue + ')');
            }
        } catch (Exception e2) {
            TimberUtil.e(e2);
        }
        return new KeystoreIdToken("", "keystore 복호화 실패");
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @NotNull
    public final KeystoreIdToken getEncryptedIdToken(@Nullable Context context, @NotNull String idToken, @NotNull String tag) {
        String str;
        String str2;
        Key first;
        int intValue;
        Intrinsics.checkNotNullParameter(idToken, dc.m874(1568180238));
        Intrinsics.checkNotNullParameter(tag, dc.m874(1567494382));
        String str3 = "";
        if (idToken.length() == 0) {
            return new KeystoreIdToken("", "토큰 없음");
        }
        List<String> chunked = StringsKt___StringsKt.chunked(idToken, 500);
        try {
            Pair<Key, Integer> publicKey = getPublicKey(context);
            first = publicKey.getFirst();
            intValue = publicKey.getSecond().intValue();
        } catch (Exception unused) {
            str = "";
        }
        if (first == null) {
            str2 = "";
            return new KeystoreIdToken(str3, str2);
        }
        ArrayList arrayList = new ArrayList();
        for (String str4 : chunked) {
            Charset forName = Charset.forName("UTF-8");
            Intrinsics.checkNotNullExpressionValue(forName, "forName(\"UTF-8\")");
            byte[] bytes = str4.getBytes(forName);
            Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
            cipher.init(1, first);
            String encodeToString = Base64.encodeToString(cipher.doFinal(bytes), 1);
            Intrinsics.checkNotNullExpressionValue(encodeToString, "encodeToString(encryptedBytes, Base64.NO_PADDING)");
            arrayList.add(StringsKt__StringsKt.trim((CharSequence) encodeToString).toString());
        }
        str = CollectionsKt___CollectionsKt.joinToString$default(arrayList, SPLIT_CHAR, null, null, 0, null, null, 62, null);
        try {
            str3 = "keystore 암호화 성공 (" + intValue + ')';
        } catch (Exception unused2) {
            TimberUtil.e("id_token keystore 암호화 실패");
            str2 = str3;
            str3 = str;
            return new KeystoreIdToken(str3, str2);
        }
        str2 = str3;
        str3 = str;
        return new KeystoreIdToken(str3, str2);
    }
}
