package com.couchbase.lite.auth;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import androidx.recyclerview.widget.RecyclerView;
import com.couchbase.lite.support.security.SymmetricKey;
import com.couchbase.lite.support.security.SymmetricKeyException;
import com.couchbase.lite.util.Base64;
import com.couchbase.lite.util.ConversionUtils;
import com.couchbase.lite.util.Log;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.net.URL;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Calendar;
import java.util.Locale;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class RSASecureTokenStore implements TokenStore {
    private static final String CIPHER_ALGORITHM_RSA = "RSA/ECB/PKCS1Padding";
    private static final String KEYPAIRGEN_ALGORITHM = "RSA";
    private static final String TAG = "Sync";
    private static final String alias = "CouchbaseLiteTokenStoreRSA";
    private static final boolean hasKeyStore;
    private static final String serviceName = "CouchbaseLite";
    private Context context;

    static {
        hasKeyStore = Build.VERSION.SDK_INT >= 18;
    }

    public RSASecureTokenStore(Context context) {
        this.context = null;
        this.context = context;
        initializePrivateKey(context);
    }

    static byte[] decryptDataByRSA(RSAPrivateKey rSAPrivateKey, byte[] bArr) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(RecyclerView.m.FLAG_MOVED);
            try {
                Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM_RSA);
                cipher.init(2, rSAPrivateKey);
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
                try {
                    CipherInputStream cipherInputStream = new CipherInputStream(byteArrayInputStream, cipher);
                    try {
                        byte[] bArr2 = new byte[512];
                        while (true) {
                            int read = cipherInputStream.read(bArr2);
                            if (read == -1) {
                                byteArrayInputStream.close();
                                return byteArrayOutputStream.toByteArray();
                            }
                            byteArrayOutputStream.write(bArr2, 0, read);
                        }
                    } finally {
                        cipherInputStream.close();
                    }
                } catch (Throwable th) {
                    byteArrayInputStream.close();
                    throw th;
                }
            } finally {
                byteArrayOutputStream.close();
            }
        } catch (Exception e2) {
            Log.e("Sync", "Unable to decrypt data", e2);
            return null;
        }
    }

    static byte[] encryptDataByRSA(RSAPublicKey rSAPublicKey, byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM_RSA);
            cipher.init(1, rSAPublicKey);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
                try {
                    cipherOutputStream.write(bArr);
                    cipherOutputStream.close();
                    return byteArrayOutputStream.toByteArray();
                } catch (Throwable th) {
                    cipherOutputStream.close();
                    throw th;
                }
            } finally {
                byteArrayOutputStream.close();
            }
        } catch (Exception e2) {
            Log.e("Sync", "Unable to open KeyStore", e2);
            return null;
        }
    }

    static RSAPrivateKey getRSAPrivateKeyFromKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return (RSAPrivateKey) ((KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, null)).getPrivateKey();
        } catch (Exception e2) {
            Log.e("Sync", "Unable to open KeyStore or to get RSA key", e2);
            return null;
        }
    }

    static RSAPublicKey getRSAPublicKeyFromKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return (RSAPublicKey) ((KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, null)).getCertificate().getPublicKey();
        } catch (Exception e2) {
            Log.e("Sync", "Unable to open KeyStore or to get RSA key", e2);
            return null;
        }
    }

    @TargetApi(18)
    private void initializePrivateKey(Context context) {
        if (hasKeyStore) {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                if (keyStore.containsAlias(alias)) {
                    return;
                }
                try {
                    Calendar calendar = Calendar.getInstance();
                    Calendar calendar2 = Calendar.getInstance();
                    calendar2.add(1, 1);
                    KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias(alias).setSubject(new X500Principal("CN=CouchbaseLiteTokenStoreRSA")).setSerialNumber(BigInteger.valueOf(1337L)).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEYPAIRGEN_ALGORITHM, "AndroidKeyStore");
                    keyPairGenerator.initialize(build);
                    keyPairGenerator.generateKeyPair();
                } catch (Exception e2) {
                    Log.e("Sync", "Unable to create new key", e2);
                }
            } catch (Exception e3) {
                Log.e("Sync", "Unable to open KeyStore", e3);
            }
        }
    }

    Map decrypt(byte[] bArr, byte[] bArr2) {
        try {
            byte[] decryptData = new SymmetricKey(decryptDataByRSA(getRSAPrivateKeyFromKeyStore(), bArr)).decryptData(bArr2);
            if (decryptData == null) {
                return null;
            }
            return ConversionUtils.fromByteArray(decryptData);
        } catch (Exception e2) {
            Log.e("Sync", "Error in decryption", e2);
            return null;
        }
    }

    @Override // com.couchbase.lite.auth.TokenStore
    @TargetApi(18)
    public boolean deleteTokens(URL url, String str) {
        if (!hasKeyStore) {
            return false;
        }
        SharedPreferences.Editor edit = this.context.getSharedPreferences("CouchbaseLite", 0).edit();
        String key = getKey(url, str);
        edit.remove(key + "_key");
        edit.remove(key + "_data");
        return edit.commit();
    }

    byte[][] encrypt(Map<String, String> map) {
        byte[] byteArray = ConversionUtils.toByteArray(map);
        if (byteArray == null) {
            return null;
        }
        try {
            SymmetricKey symmetricKey = new SymmetricKey();
            byte[] encryptDataByRSA = encryptDataByRSA(getRSAPublicKeyFromKeyStore(), symmetricKey.getKey());
            if (encryptDataByRSA == null) {
                return null;
            }
            return new byte[][]{encryptDataByRSA, symmetricKey.encryptData(byteArray)};
        } catch (SymmetricKeyException e2) {
            Log.e("Sync", "Error in encryption", e2);
            return null;
        }
    }

    String getKey(URL url, String str) {
        String externalForm = url.toExternalForm();
        String format = String.format(Locale.ENGLISH, "%s OpenID Connect tokens", url.getHost());
        return str == null ? String.format(Locale.ENGLISH, "%s%s%s", alias, format, externalForm) : String.format(Locale.ENGLISH, "%s%s%s%s", alias, format, externalForm, str);
    }

    @Override // com.couchbase.lite.auth.TokenStore
    @TargetApi(18)
    public Map<String, String> loadTokens(URL url, String str) throws Exception {
        if (!hasKeyStore) {
            return null;
        }
        SharedPreferences sharedPreferences = this.context.getSharedPreferences("CouchbaseLite", 0);
        String key = getKey(url, str);
        if (!sharedPreferences.contains(key + "_key")) {
            return null;
        }
        if (!sharedPreferences.contains(key + "_data")) {
            return null;
        }
        return decrypt(Base64.decode(sharedPreferences.getString(key + "_key", null), 0), Base64.decode(sharedPreferences.getString(key + "_data", null), 0));
    }

    @Override // com.couchbase.lite.auth.TokenStore
    @TargetApi(18)
    public boolean saveTokens(URL url, String str, Map<String, String> map) {
        byte[][] encrypt;
        if (!hasKeyStore || (encrypt = encrypt(map)) == null || encrypt.length != 2) {
            return false;
        }
        SharedPreferences.Editor edit = this.context.getSharedPreferences("CouchbaseLite", 0).edit();
        String key = getKey(url, str);
        edit.putString(key + "_key", Base64.encodeToString(encrypt[0], 0));
        edit.putString(key + "_data", Base64.encodeToString(encrypt[1], 0));
        return edit.commit();
    }
}
