package com.tunnelbear.sdk.security;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import android.util.Pair;
import com.tunnelbear.sdk.client.TBLog;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.util.ArrayList;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes3.dex */
public class CryptoHelper {

    /* renamed from: a, reason: collision with root package name */
    private SharedPreferences f8301a;

    /* loaded from: classes3.dex */
    public enum IVFieldType {
        PASSWORD
    }

    public CryptoHelper(SharedPreferences sharedPreferences) {
        this.f8301a = sharedPreferences;
    }

    private Pair<Key, Boolean> a(String str, boolean z) {
        Key key;
        Key key2 = null;
        boolean a2 = a();
        if (a2) {
            byte[] decode = Base64.decode(b(), 0);
            key2 = new SecretKeySpec(decode, 0, decode.length, "AES");
        } else if (Build.VERSION.SDK_INT >= 21) {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                KeyStore.Entry entry = keyStore.getEntry(str, null);
                if (entry != null) {
                    if (entry instanceof KeyStore.SecretKeyEntry) {
                        key = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
                    } else if (entry instanceof KeyStore.PrivateKeyEntry) {
                        key = z ? a(entry) : b(entry);
                    }
                    key2 = key;
                }
                key = null;
                key2 = key;
            } catch (IOException | NullPointerException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
                TBLog.e("CryptoHelper", "Error loading Android Keystore during CryptoHelper#getKey, key was not retrieved");
            }
        } else {
            TBLog.e("CryptoHelper", "Key was not retrieved");
        }
        return new Pair<>(key2, Boolean.valueOf(a2));
    }

    private String a(IVFieldType iVFieldType) {
        return this.f8301a.getString("ENCODED_IV" + iVFieldType, "");
    }

    private String a(Key key, IVFieldType iVFieldType, String str, boolean z) {
        AlgorithmParameterSpec ivParameterSpec;
        Cipher cipher = null;
        try {
            if (key instanceof SecretKey) {
                byte[] decode = Base64.decode(a(iVFieldType), 0);
                if (!z || Build.VERSION.SDK_INT < 23) {
                    cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
                    ivParameterSpec = new IvParameterSpec(decode);
                } else {
                    cipher = Cipher.getInstance("AES/GCM/NoPadding");
                    ivParameterSpec = new GCMParameterSpec(128, decode);
                }
                cipher.init(2, key, ivParameterSpec);
            } else if (key instanceof PrivateKey) {
                cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                cipher.init(2, key);
            }
            CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(Base64.decode(str, 0)), cipher);
            ArrayList arrayList = new ArrayList();
            while (true) {
                int read = cipherInputStream.read();
                if (read == -1) {
                    break;
                }
                arrayList.add(Byte.valueOf((byte) read));
            }
            byte[] bArr = new byte[arrayList.size()];
            for (int i = 0; i < bArr.length; i++) {
                bArr[i] = ((Byte) arrayList.get(i)).byteValue();
            }
            return new String(bArr, 0, bArr.length, "UTF-8");
        } catch (Exception e) {
            if (Log.getStackTraceString(e).contains("AEADBadTagException")) {
                return "";
            }
            TBLog.e("CryptoHelper", Log.getStackTraceString(e));
            return "";
        }
    }

    private static RSAPublicKey a(KeyStore.Entry entry) {
        return (RSAPublicKey) ((KeyStore.PrivateKeyEntry) entry).getCertificate().getPublicKey();
    }

    /* JADX WARN: Removed duplicated region for block: B:23:0x0049 A[Catch: NoSuchProviderException -> 0x0070, NoSuchAlgorithmException -> 0x0087, InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException -> 0x0089, TRY_ENTER, TryCatch #4 {InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException -> 0x0089, blocks: (B:3:0x0002, B:5:0x0008, B:7:0x000e, B:9:0x0016, B:11:0x001c, B:13:0x002d, B:17:0x0066, B:19:0x0033, B:21:0x0044, B:23:0x0049, B:30:0x007c), top: B:2:0x0002 }] */
    /* JADX WARN: Removed duplicated region for block: B:27:? A[RETURN, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void a(android.content.Context r5) {
        /*
            r4 = this;
            r0 = 1
            r1 = 0
            boolean r2 = r4.a()     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
            if (r2 != 0) goto L64
            int r2 = android.os.Build.VERSION.SDK_INT     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
            r3 = 21
            if (r2 < r3) goto L85
            java.lang.String r1 = "PolarbearKey"
            boolean r1 = a(r1)     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
            if (r1 != 0) goto L8b
            int r2 = android.os.Build.VERSION.SDK_INT     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
            r3 = 23
            if (r2 < r3) goto L31
            java.lang.String r2 = "AES"
            java.lang.String r3 = "AndroidKeyStore"
            javax.crypto.KeyGenerator r2 = javax.crypto.KeyGenerator.getInstance(r2, r3)     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
            java.lang.String r3 = "PolarbearKey"
            java.security.spec.AlgorithmParameterSpec r3 = com.tunnelbear.sdk.security.b.a(r3)     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
            r2.init(r3)     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
            r2.generateKey()     // Catch: java.lang.Exception -> L65 java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
            r1 = r0
        L31:
            if (r1 != 0) goto L85
            java.lang.String r2 = "RSA"
            java.lang.String r3 = "AndroidKeyStore"
            java.security.KeyPairGenerator r2 = java.security.KeyPairGenerator.getInstance(r2, r3)     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
            java.lang.String r3 = "PolarbearKey"
            java.security.spec.AlgorithmParameterSpec r3 = com.tunnelbear.sdk.security.b.a(r5, r3)     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
            r2.initialize(r3)     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
            r2.generateKeyPair()     // Catch: java.security.NoSuchProviderException -> L70 java.lang.Exception -> L7b java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
        L47:
            if (r0 != 0) goto L64
            java.lang.String r0 = "AES"
            javax.crypto.KeyGenerator r0 = javax.crypto.KeyGenerator.getInstance(r0)     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
            r1 = 256(0x100, float:3.59E-43)
            r0.init(r1)     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
            javax.crypto.SecretKey r0 = r0.generateKey()     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
            byte[] r0 = r0.getEncoded()     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
            r1 = 0
            java.lang.String r0 = android.util.Base64.encodeToString(r0, r1)     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
            r4.b(r0)     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
        L64:
            return
        L65:
            r2 = move-exception
            java.lang.String r3 = "CryptoHelper"
            java.lang.String r2 = android.util.Log.getStackTraceString(r2)     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
            com.tunnelbear.sdk.client.TBLog.e(r3, r2)     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
            goto L31
        L70:
            r0 = move-exception
        L71:
            java.lang.String r1 = "CryptoHelper"
            java.lang.String r0 = android.util.Log.getStackTraceString(r0)
            com.tunnelbear.sdk.client.TBLog.e(r1, r0)
            goto L64
        L7b:
            r0 = move-exception
            java.lang.String r2 = "CryptoHelper"
            java.lang.String r0 = android.util.Log.getStackTraceString(r0)     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
            com.tunnelbear.sdk.client.TBLog.e(r2, r0)     // Catch: java.security.NoSuchProviderException -> L70 java.security.NoSuchAlgorithmException -> L87 java.security.InvalidAlgorithmParameterException -> L89
        L85:
            r0 = r1
            goto L47
        L87:
            r0 = move-exception
            goto L71
        L89:
            r0 = move-exception
            goto L71
        L8b:
            r0 = r1
            goto L47
        */
        throw new UnsupportedOperationException("Method not decompiled: com.tunnelbear.sdk.security.CryptoHelper.a(android.content.Context):void");
    }

    private boolean a() {
        return !TextUtils.isEmpty(b());
    }

    private static boolean a(String str) {
        try {
            if (Build.VERSION.SDK_INT < 21) {
                return false;
            }
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore.getEntry(str, null) != null;
        } catch (IOException | RuntimeException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            TBLog.e("CryptoHelper", Log.getStackTraceString(e));
            return false;
        }
    }

    private String b() {
        return this.f8301a.getString("SYM_KEY", "");
    }

    private static PrivateKey b(KeyStore.Entry entry) {
        return ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
    }

    private void b(IVFieldType iVFieldType, String str) {
        this.f8301a.edit().putString("ENCODED_IV" + iVFieldType, str).commit();
    }

    private void b(String str) {
        this.f8301a.edit().putString("SYM_KEY", str).commit();
    }

    public String a(Context context, IVFieldType iVFieldType, String str) {
        a(context);
        Cipher cipher = null;
        Pair<Key, Boolean> a2 = a("PolarbearKey", true);
        if (a2 != null) {
            try {
                if (a2.first != null) {
                    if ((a2.first instanceof SecretKeySpec) || (a2.first instanceof SecretKey)) {
                        if (((Boolean) a2.second).booleanValue() || Build.VERSION.SDK_INT < 23) {
                            Cipher cipher2 = Cipher.getInstance("AES/CBC/PKCS7Padding");
                            cipher2.init(1, (Key) a2.first);
                            b(iVFieldType, Base64.encodeToString(((IvParameterSpec) cipher2.getParameters().getParameterSpec(IvParameterSpec.class)).getIV(), 0));
                            cipher = cipher2;
                        } else {
                            Cipher cipher3 = Cipher.getInstance("AES/GCM/NoPadding");
                            cipher3.init(1, (Key) a2.first);
                            b(iVFieldType, Base64.encodeToString(((GCMParameterSpec) cipher3.getParameters().getParameterSpec(GCMParameterSpec.class)).getIV(), 0));
                            cipher = cipher3;
                        }
                    } else if (a2.first instanceof RSAPublicKey) {
                        Cipher cipher4 = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
                        cipher4.init(1, (Key) a2.first);
                        cipher = cipher4;
                    }
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
                    cipherOutputStream.write(str.getBytes("UTF-8"));
                    cipherOutputStream.close();
                    return Base64.encodeToString(byteArrayOutputStream.toByteArray(), 0);
                }
            } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | InvalidParameterSpecException | NoSuchPaddingException e) {
                TBLog.e("CryptoHelper", Log.getStackTraceString(e));
            }
        }
        TBLog.e("CryptoHelper", "Encryption key is null.");
        return "";
    }

    public String a(IVFieldType iVFieldType, String str) {
        Pair<Key, Boolean> a2 = a("PolarbearKey", false);
        if (a2 == null || a2.first == null) {
            return "";
        }
        return a((Key) a2.first, iVFieldType, str, !((Boolean) a2.second).booleanValue());
    }
}
