package com.centrify.android.cipher;

import android.annotation.TargetApi;
import android.security.keystore.KeyGenParameterSpec;
import android.support.annotation.NonNull;
import android.util.Base64;
import com.centrify.agent.samsung.utils.LogUtil;
import com.sec.enterprise.knox.certenroll.CEPConstants;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.apache.commons.lang3.StringUtils;

@TargetApi(23)
/* loaded from: classes.dex */
public class CipherManagerM implements CipherManager {
    public static final int ENCRYPT_TYPE_ID = 1;
    static final String KEY_ALIAS = "CentrifyKeyAlias";
    static final String TAG = "CipherManagerM";
    static final String TRANSFORMATION = "RSA/ECB/PKCS1Padding";
    KeyStore mKeyStore = getAndroidKeyStore();

    public CipherManagerM() throws CipherException {
        if (this.mKeyStore == null) {
            throw new CipherException("Failed to init android keyStore");
        }
    }

    private synchronized void generateKey() {
        try {
            try {
                LogUtil.info(TAG, "Key not yet exist, generate a new one.");
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(CEPConstants.CEP_KEYALGO_TYPE_RSA, "AndroidKeyStore");
                keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(KEY_ALIAS, 15).setDigests("SHA-256", MessageDigestAlgorithms.SHA_512).setEncryptionPaddings("PKCS1Padding").build());
                LogUtil.info(TAG, "initialize complete.");
                keyPairGenerator.generateKeyPair();
                LogUtil.info(TAG, "Generate key complete.");
            } catch (NoSuchAlgorithmException e) {
                LogUtil.error(TAG, "generateKey", e);
            }
        } catch (InvalidAlgorithmParameterException e2) {
            LogUtil.error(TAG, "generateKey", e2);
        } catch (NoSuchProviderException e3) {
            LogUtil.error(TAG, "generateKey", e3);
        }
    }

    private KeyStore getAndroidKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore;
        } catch (IOException e) {
            LogUtil.warning(TAG, "getManager ", e);
            return null;
        } catch (KeyStoreException e2) {
            LogUtil.warning(TAG, "getManager ", e2);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            LogUtil.warning(TAG, "getManager ", e3);
            return null;
        } catch (CertificateException e4) {
            LogUtil.warning(TAG, "getManager ", e4);
            return null;
        }
    }

    private synchronized KeyStore.PrivateKeyEntry getEntry() {
        KeyStore.PrivateKeyEntry privateKeyEntry;
        KeyStore.Entry entry;
        try {
            try {
                try {
                    try {
                        if (!this.mKeyStore.containsAlias(KEY_ALIAS)) {
                            generateKey();
                        }
                        try {
                            entry = this.mKeyStore.getEntry(KEY_ALIAS, null);
                        } catch (NullPointerException e) {
                            LogUtil.warning(TAG, "The key didn't exist although the alias is already created.", e);
                            generateKey();
                            entry = this.mKeyStore.getEntry(KEY_ALIAS, null);
                        }
                    } catch (NoSuchAlgorithmException e2) {
                        LogUtil.error(TAG, "getEntry", e2);
                    }
                } catch (KeyStoreException e3) {
                    LogUtil.error(TAG, "getEntry", e3);
                }
            } catch (NullPointerException e4) {
                LogUtil.error(TAG, "Alias created, but the key still can't be created.", e4);
            }
        } catch (UnrecoverableEntryException e5) {
            LogUtil.error(TAG, "getEntry", e5);
        }
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
        } else {
            LogUtil.error(TAG, "getEntry keyEntry is not a privateKeyEntry");
            privateKeyEntry = null;
        }
        return privateKeyEntry;
    }

    @Override // com.centrify.android.cipher.CipherManager
    public String decrypt(String str) {
        try {
            KeyStore.PrivateKeyEntry entry = getEntry();
            if (entry != null && StringUtils.isNoneBlank(str)) {
                PrivateKey privateKey = entry.getPrivateKey();
                Cipher cipher = Cipher.getInstance(TRANSFORMATION);
                cipher.init(2, privateKey);
                return new String(cipher.doFinal(Base64.decode(str, 0)));
            }
        } catch (InvalidKeyException e) {
            LogUtil.error(TAG, "decrypt", e);
        } catch (NoSuchAlgorithmException e2) {
            LogUtil.error(TAG, "decrypt", e2);
        } catch (BadPaddingException e3) {
            LogUtil.error(TAG, "decrypt", e3);
        } catch (IllegalBlockSizeException e4) {
            LogUtil.error(TAG, "decrypt", e4);
        } catch (NoSuchPaddingException e5) {
            LogUtil.error(TAG, "decrypt", e5);
        }
        return str;
    }

    @Override // com.centrify.android.cipher.CipherManager
    public boolean deleteKey() {
        try {
            this.mKeyStore.deleteEntry(KEY_ALIAS);
            return true;
        } catch (KeyStoreException e) {
            LogUtil.error(TAG, "deleteKey", e);
            return false;
        }
    }

    @Override // com.centrify.android.cipher.CipherManager
    public String encrypt(@NonNull String str) {
        try {
            KeyStore.PrivateKeyEntry entry = getEntry();
            if (entry != null && StringUtils.isNoneBlank(str)) {
                Certificate certificate = entry.getCertificate();
                if (certificate != null) {
                    PublicKey publicKey = certificate.getPublicKey();
                    Cipher cipher = Cipher.getInstance(TRANSFORMATION);
                    cipher.init(1, publicKey);
                    return Base64.encodeToString(cipher.doFinal(str.getBytes()), 0);
                }
                LogUtil.error(TAG, "Failed to encrypt as cert is null");
            }
        } catch (InvalidKeyException e) {
            LogUtil.error(TAG, "encrypt", e);
        } catch (NoSuchAlgorithmException e2) {
            LogUtil.error(TAG, "encrypt", e2);
        } catch (BadPaddingException e3) {
            LogUtil.error(TAG, "encrypt", e3);
        } catch (IllegalBlockSizeException e4) {
            LogUtil.error(TAG, "encrypt", e4);
        } catch (NoSuchPaddingException e5) {
            LogUtil.error(TAG, "encrypt", e5);
        }
        return null;
    }

    @Override // com.centrify.android.cipher.CipherManager
    public int getEncryptType() {
        return 1;
    }
}
