package com.paycom.mobile.lib.util.encryption;

import android.os.Build;
import android.security.KeyStoreException;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.core.app.NotificationCompat;
import com.google.android.gms.stats.CodePackage;
import com.google.gson.Gson;
import com.paycom.mobile.lib.logger.data.LoggerExtensionsKt;
import com.paycom.mobile.lib.logger.domain.AppBehaviorLogEvent;
import com.paycom.mobile.lib.logger.domain.AuditLogger;
import com.paycom.mobile.lib.logger.domain.ErrorLogEvent;
import com.paycom.mobile.lib.logger.domain.LogCtrl;
import com.paycom.mobile.lib.logger.domain.LogModule;
import com.paycom.mobile.lib.logger.domain.Logger;
import com.paycom.mobile.lib.logger.domain.LoggerKt;
import com.paycom.mobile.lib.util.encryption.exception.CipherException;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.ProviderException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.AEADBadTagException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Metadata;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;

/* compiled from: KeyStoreEncryptionHelper.kt */
@Metadata(d1 = {"\u0000L\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\t\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\b\n\u0002\b\u0004\bÇ\u0002\u0018\u00002\u00020\u0001:\u0001%B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u001a\u0010\u0005\u001a\u0004\u0018\u00010\u00062\u0006\u0010\u0007\u001a\u00020\u00062\b\u0010\b\u001a\u0004\u0018\u00010\u0006J\u001c\u0010\t\u001a\u0004\u0018\u00010\u00062\u0006\u0010\u0007\u001a\u00020\u00062\b\u0010\n\u001a\u0004\u0018\u00010\u0006H\u0002J\u001c\u0010\u000b\u001a\u0004\u0018\u00010\u00062\u0006\u0010\u0007\u001a\u00020\u00062\b\u0010\n\u001a\u0004\u0018\u00010\u0006H\u0002J\u0018\u0010\f\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\u00062\b\u0010\r\u001a\u0004\u0018\u00010\u0006J\u001a\u0010\u000e\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\u00062\b\u0010\r\u001a\u0004\u0018\u00010\u0006H\u0002J\u0010\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0007\u001a\u00020\u0006H\u0002J\u0010\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u0006H\u0002J\u000e\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0007\u001a\u00020\u0006J\u000e\u0010\u0016\u001a\u00020\u00102\u0006\u0010\u0007\u001a\u00020\u0006J$\u0010\u0017\u001a\u00020\u00102\n\u0010\u0018\u001a\u00060\u0019j\u0002`\u001a2\u0006\u0010\u001b\u001a\u00020\u00062\u0006\u0010\u001c\u001a\u00020\u0006H\u0002J4\u0010\u001d\u001a\u00020\u001e2\u0006\u0010\u001f\u001a\u00020\u00122\b\u0010 \u001a\u0004\u0018\u00010\u00062\u0006\u0010!\u001a\u00020\u00062\u0006\u0010\"\u001a\u00020#2\b\u0010$\u001a\u0004\u0018\u00010\u001eH\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006&²\u0006\n\u0010'\u001a\u00020\u0006X\u008a\u0084\u0002²\u0006\n\u0010'\u001a\u00020\u0006X\u008a\u0084\u0002²\u0006\n\u0010'\u001a\u00020\u0006X\u008a\u0084\u0002"}, d2 = {"Lcom/paycom/mobile/lib/util/encryption/KeyStoreEncryptionHelper;", "", "()V", "logger", "Lcom/paycom/mobile/lib/logger/domain/Logger;", "decrypt", "", "keyAlias", "encodedEncryptedData", "decryptAES", "dataToDecrypt", "decryptRSA", "encrypt", "dataToEncrypt", "encryptAES", "generateAESKey", "", "getCipher", "Ljavax/crypto/Cipher;", "cipherTransformation", "hasKeyStoreEntry", "", "removeKey", "throwOperationException", "ex", "Ljava/lang/Exception;", "Lkotlin/Exception;", NotificationCompat.CATEGORY_MESSAGE, "alias", "unWrapKey", "Ljava/security/Key;", "cipher", "wrappedKeyData", "algorithm", "wrappedKeyType", "", "keyToUnWrapWith", "EncryptedData", "lib-util_release", "failedMsg"}, k = 1, mv = {1, 8, 0}, xi = 48)
@LogCtrl(module = LogModule.AUTH)
/* loaded from: classes5.dex */
public final class KeyStoreEncryptionHelper {
    public static final KeyStoreEncryptionHelper INSTANCE;
    private static final Logger logger;

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: KeyStoreEncryptionHelper.kt */
    @Metadata(d1 = {"\u0000\u0014\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u000b\b\u0002\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002R\u001c\u0010\u0003\u001a\u0004\u0018\u00010\u0004X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u0005\u0010\u0006\"\u0004\b\u0007\u0010\bR\u001c\u0010\t\u001a\u0004\u0018\u00010\u0004X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\n\u0010\u0006\"\u0004\b\u000b\u0010\bR\u001c\u0010\f\u001a\u0004\u0018\u00010\u0004X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\r\u0010\u0006\"\u0004\b\u000e\u0010\b¨\u0006\u000f"}, d2 = {"Lcom/paycom/mobile/lib/util/encryption/KeyStoreEncryptionHelper$EncryptedData;", "", "()V", "encryptedData", "", "getEncryptedData", "()Ljava/lang/String;", "setEncryptedData", "(Ljava/lang/String;)V", "iv", "getIv", "setIv", "wrappedKeyData", "getWrappedKeyData", "setWrappedKeyData", "lib-util_release"}, k = 1, mv = {1, 8, 0}, xi = 48)
    /* loaded from: classes5.dex */
    public static final class EncryptedData {
        private String encryptedData = "";
        private String iv = "";
        private String wrappedKeyData = "";

        public final String getEncryptedData() {
            return this.encryptedData;
        }

        public final String getIv() {
            return this.iv;
        }

        public final String getWrappedKeyData() {
            return this.wrappedKeyData;
        }

        public final void setEncryptedData(String str) {
            this.encryptedData = str;
        }

        public final void setIv(String str) {
            this.iv = str;
        }

        public final void setWrappedKeyData(String str) {
            this.wrappedKeyData = str;
        }
    }

    static {
        KeyStoreEncryptionHelper keyStoreEncryptionHelper = new KeyStoreEncryptionHelper();
        INSTANCE = keyStoreEncryptionHelper;
        logger = LoggerKt.getLogger(keyStoreEncryptionHelper);
    }

    private KeyStoreEncryptionHelper() {
    }

    private final String decryptAES(String keyAlias, String dataToDecrypt) throws CipherException {
        SecretKey secretKey;
        if (dataToDecrypt != null) {
            if (!(dataToDecrypt.length() == 0)) {
                Lazy lazy = LazyKt.lazy(new Function0<String>() { // from class: com.paycom.mobile.lib.util.encryption.KeyStoreEncryptionHelper$decryptAES$failedMsg$2
                    @Override // kotlin.jvm.functions.Function0
                    public final String invoke() {
                        return "Failed to decrypt with AES";
                    }
                });
                try {
                    Gson gson = new Gson();
                    byte[] decode = Base64.decode(dataToDecrypt, 2);
                    Intrinsics.checkNotNullExpressionValue(decode, "decode(dataToDecrypt, Base64.NO_WRAP)");
                    EncryptedData encryptedData = (EncryptedData) gson.fromJson(new String(decode, Charsets.UTF_8), EncryptedData.class);
                    String iv = encryptedData.getIv();
                    String encryptedData2 = encryptedData.getEncryptedData();
                    if (iv != null && encryptedData2 != null) {
                        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                        keyStore.load(null);
                        if (!keyStore.containsAlias(keyAlias)) {
                            return null;
                        }
                        byte[] decode2 = Base64.decode(iv, 2);
                        byte[] decode3 = Base64.decode(encryptedData2, 2);
                        KeyStore.Entry entry = keyStore.getEntry(keyAlias, null);
                        if (entry instanceof KeyStore.SecretKeyEntry) {
                            KeyStore.Entry entry2 = keyStore.getEntry(keyAlias, null);
                            Intrinsics.checkNotNull(entry2, "null cannot be cast to non-null type java.security.KeyStore.SecretKeyEntry");
                            SecretKey secretKey2 = ((KeyStore.SecretKeyEntry) entry2).getSecretKey();
                            Intrinsics.checkNotNullExpressionValue(secretKey2, "secretKeyEntry.secretKey");
                            secretKey = secretKey2;
                        } else {
                            if (entry instanceof KeyStore.PrivateKeyEntry) {
                                return decryptRSA(keyAlias, dataToDecrypt);
                            }
                            secretKey = null;
                        }
                        Cipher cipher = getCipher("AES/GCM/NoPadding");
                        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, decode2);
                        if (secretKey == null) {
                            Intrinsics.throwUninitializedPropertyAccessException("encryptionKey");
                            secretKey = null;
                        }
                        cipher.init(2, secretKey, gCMParameterSpec);
                        byte[] doFinal = cipher.doFinal(decode3);
                        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(encryptedData)");
                        return new String(doFinal, Charsets.UTF_8);
                    }
                    return null;
                } catch (IllegalArgumentException e) {
                    throwOperationException(e, decryptAES$lambda$3(lazy), keyAlias);
                } catch (InvocationTargetException e2) {
                    throwOperationException(e2, decryptAES$lambda$3(lazy), keyAlias);
                } catch (UnrecoverableKeyException e3) {
                    removeKey(keyAlias);
                    throwOperationException(e3, decryptAES$lambda$3(lazy), keyAlias);
                } catch (AEADBadTagException e4) {
                    removeKey(keyAlias);
                    throwOperationException(e4, decryptAES$lambda$3(lazy), keyAlias);
                } catch (Exception e5) {
                    throwOperationException(e5, decryptAES$lambda$3(lazy), keyAlias);
                }
            }
        }
        return null;
    }

    private static final String decryptAES$lambda$3(Lazy<String> lazy) {
        return lazy.getValue();
    }

    private final String decryptRSA(String keyAlias, String dataToDecrypt) throws CipherException {
        if (dataToDecrypt != null) {
            if (!(dataToDecrypt.length() == 0)) {
                Lazy lazy = LazyKt.lazy(new Function0<String>() { // from class: com.paycom.mobile.lib.util.encryption.KeyStoreEncryptionHelper$decryptRSA$failedMsg$2
                    @Override // kotlin.jvm.functions.Function0
                    public final String invoke() {
                        return "Failed to decrypt with RSA";
                    }
                });
                try {
                    Gson gson = new Gson();
                    byte[] decode = Base64.decode(dataToDecrypt, 2);
                    Intrinsics.checkNotNullExpressionValue(decode, "decode(dataToDecrypt, Base64.NO_WRAP)");
                    EncryptedData encryptedData = (EncryptedData) gson.fromJson(new String(decode, Charsets.UTF_8), EncryptedData.class);
                    String iv = encryptedData.getIv();
                    String encryptedData2 = encryptedData.getEncryptedData();
                    String wrappedKeyData = encryptedData.getWrappedKeyData();
                    if (encryptedData2 == null) {
                        return null;
                    }
                    KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                    keyStore.load(null);
                    if (!keyStore.containsAlias(keyAlias)) {
                        return null;
                    }
                    byte[] decode2 = Base64.decode(encryptedData2, 2);
                    byte[] decode3 = Base64.decode(iv, 2);
                    KeyStore.Entry entry = keyStore.getEntry(keyAlias, null);
                    Intrinsics.checkNotNull(entry, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
                    Key unWrapKey = unWrapKey(getCipher("RSA/ECB/PKCS1Padding"), wrappedKeyData, "AES", 3, ((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
                    Cipher cipher = getCipher("AES/GCM/NoPadding");
                    cipher.init(2, unWrapKey, new GCMParameterSpec(128, decode3));
                    byte[] doFinal = cipher.doFinal(decode2);
                    Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(encryptedData)");
                    return new String(doFinal, Charsets.UTF_8);
                } catch (IllegalArgumentException e) {
                    throwOperationException(e, decryptRSA$lambda$4(lazy), keyAlias);
                } catch (InvocationTargetException e2) {
                    throwOperationException(e2, decryptRSA$lambda$4(lazy), keyAlias);
                } catch (UnrecoverableKeyException e3) {
                    removeKey(keyAlias);
                    throwOperationException(e3, decryptRSA$lambda$4(lazy), keyAlias);
                } catch (Exception e4) {
                    throwOperationException(e4, decryptRSA$lambda$4(lazy), keyAlias);
                }
            }
        }
        return null;
    }

    private static final String decryptRSA$lambda$4(Lazy<String> lazy) {
        return lazy.getValue();
    }

    private final String encryptAES(String keyAlias, String dataToEncrypt) throws CipherException {
        EncryptedData encryptedData = new EncryptedData();
        Lazy lazy = LazyKt.lazy(new Function0<String>() { // from class: com.paycom.mobile.lib.util.encryption.KeyStoreEncryptionHelper$encryptAES$failedMsg$2
            @Override // kotlin.jvm.functions.Function0
            public final String invoke() {
                return "Failed to encrypt with AES";
            }
        });
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (dataToEncrypt == null) {
                if (keyStore.containsAlias(keyAlias)) {
                    keyStore.deleteEntry(keyAlias);
                }
                return "";
            }
            if (keyStore.containsAlias(keyAlias) && (keyStore.getEntry(keyAlias, null) instanceof KeyStore.PrivateKeyEntry)) {
                keyStore.deleteEntry(keyAlias);
                LoggerExtensionsKt.atInternalAndExternalAudit(logger).log(AppBehaviorLogEvent.Other.keyStoreMigration.INSTANCE);
            }
            if (!keyStore.containsAlias(keyAlias)) {
                generateAESKey(keyAlias);
            }
            KeyStore.Entry entry = keyStore.getEntry(keyAlias, null);
            Intrinsics.checkNotNull(entry, "null cannot be cast to non-null type java.security.KeyStore.SecretKeyEntry");
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
            Cipher cipher = getCipher("AES/GCM/NoPadding");
            cipher.init(1, secretKey);
            byte[] iv = cipher.getIV();
            byte[] bytes = dataToEncrypt.getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
            byte[] doFinal = cipher.doFinal(bytes);
            encryptedData.setIv(Base64.encodeToString(iv, 2));
            encryptedData.setEncryptedData(Base64.encodeToString(doFinal, 2));
            String json = new Gson().toJson(encryptedData);
            Intrinsics.checkNotNullExpressionValue(json, "Gson().toJson(encryptedData)");
            byte[] bytes2 = json.getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes2, "this as java.lang.String).getBytes(charset)");
            String encodeToString = Base64.encodeToString(bytes2, 2);
            Intrinsics.checkNotNullExpressionValue(encodeToString, "encodeToString(Gson().to…eArray(), Base64.NO_WRAP)");
            return encodeToString;
        } catch (IllegalArgumentException e) {
            throwOperationException(e, encryptAES$lambda$2(lazy), keyAlias);
            return "";
        } catch (InvocationTargetException e2) {
            throwOperationException(e2, encryptAES$lambda$2(lazy), keyAlias);
            return "";
        } catch (Exception e3) {
            throwOperationException(e3, encryptAES$lambda$2(lazy), keyAlias);
            return "";
        }
    }

    private static final String encryptAES$lambda$2(Lazy<String> lazy) {
        return lazy.getValue();
    }

    private final void generateAESKey(String keyAlias) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, ProviderException {
        LoggerExtensionsKt.atInternalAndExternalAudit(logger).log(new AppBehaviorLogEvent.Other.keystoreKeyGenerated(keyAlias));
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(keyAlias, 3).setBlockModes(CodePackage.GCM).setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(true).build();
        Intrinsics.checkNotNullExpressionValue(build, "Builder(keyAlias,\n      …\n                .build()");
        keyGenerator.init(build);
        keyGenerator.generateKey();
    }

    private final Cipher getCipher(String cipherTransformation) {
        Cipher cipher = Cipher.getInstance(cipherTransformation);
        Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(cipherTransformation)");
        return cipher;
    }

    private final void throwOperationException(Exception ex, String msg, String alias) throws CipherException {
        if (Build.VERSION.SDK_INT < 33 || !(ex.getCause() instanceof KeyStoreException)) {
            LoggerExtensionsKt.atInternalAndExternalAudit(logger).log(new ErrorLogEvent.Authentication.keystoreOpError(ex, msg, alias, null, null, null, null, null, 248, null));
        } else {
            AuditLogger atInternalAndExternalAudit = LoggerExtensionsKt.atInternalAndExternalAudit(logger);
            Throwable cause = ex.getCause();
            Intrinsics.checkNotNull(cause, "null cannot be cast to non-null type android.security.KeyStoreException");
            Integer valueOf = Integer.valueOf(((KeyStoreException) cause).getNumericErrorCode());
            Throwable cause2 = ex.getCause();
            Intrinsics.checkNotNull(cause2, "null cannot be cast to non-null type android.security.KeyStoreException");
            Boolean valueOf2 = Boolean.valueOf(((KeyStoreException) cause2).isSystemError());
            Throwable cause3 = ex.getCause();
            Intrinsics.checkNotNull(cause3, "null cannot be cast to non-null type android.security.KeyStoreException");
            Integer valueOf3 = Integer.valueOf(((KeyStoreException) cause3).getRetryPolicy());
            Throwable cause4 = ex.getCause();
            Intrinsics.checkNotNull(cause4, "null cannot be cast to non-null type android.security.KeyStoreException");
            Boolean valueOf4 = Boolean.valueOf(((KeyStoreException) cause4).isTransientFailure());
            Throwable cause5 = ex.getCause();
            Intrinsics.checkNotNull(cause5, "null cannot be cast to non-null type android.security.KeyStoreException");
            atInternalAndExternalAudit.log(new ErrorLogEvent.Authentication.keystoreOpError(ex, msg, alias, valueOf, valueOf2, valueOf3, valueOf4, Boolean.valueOf(((KeyStoreException) cause5).requiresUserAuthentication())));
        }
        if (ex instanceof java.security.KeyStoreException ? true : ex instanceof CertificateException ? true : ex instanceof IOException ? true : ex instanceof NoSuchAlgorithmException ? true : ex instanceof UnrecoverableEntryException ? true : ex instanceof NoSuchPaddingException ? true : ex instanceof InvalidAlgorithmParameterException ? true : ex instanceof InvalidKeyException ? true : ex instanceof BadPaddingException ? true : ex instanceof NoSuchProviderException ? true : ex instanceof UnrecoverableKeyException ? true : ex instanceof AEADBadTagException ? true : ex instanceof IllegalBlockSizeException ? true : ex instanceof ProviderException) {
            throw new CipherException(ex);
        }
        if (!(ex instanceof InvocationTargetException)) {
            throw ex;
        }
        throw new Exception(ex.getCause());
    }

    private final Key unWrapKey(Cipher cipher, String wrappedKeyData, String algorithm, int wrappedKeyType, Key keyToUnWrapWith) {
        byte[] decode = Base64.decode(wrappedKeyData, 0);
        cipher.init(4, keyToUnWrapWith);
        Key unwrap = cipher.unwrap(decode, algorithm, wrappedKeyType);
        Intrinsics.checkNotNullExpressionValue(unwrap, "cipher.unwrap(encryptedK…lgorithm, wrappedKeyType)");
        return unwrap;
    }

    public final String decrypt(String keyAlias, String encodedEncryptedData) throws CipherException {
        String decryptAES;
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        synchronized (this) {
            decryptAES = INSTANCE.decryptAES(keyAlias, encodedEncryptedData);
        }
        return decryptAES;
    }

    public final String encrypt(String keyAlias, String dataToEncrypt) throws CipherException {
        String encryptAES;
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        synchronized (this) {
            encryptAES = INSTANCE.encryptAES(keyAlias, dataToEncrypt);
        }
        return encryptAES;
    }

    public final synchronized boolean hasKeyStoreEntry(String keyAlias) {
        KeyStore keyStore;
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return keyStore.containsAlias(keyAlias);
    }

    public final synchronized void removeKey(String keyAlias) {
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (keyStore.containsAlias(keyAlias)) {
            keyStore.deleteEntry(keyAlias);
        }
    }
}
