package com.samsung.android.support.senl.nt.base.common.util;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.preference.PreferenceManager;
import android.security.keystore.KeyGenParameterSpec;
import com.samsung.android.sdk.scloud.util.HashUtil;
import com.samsung.android.support.senl.cm.base.framework.support.LoggerBase;
import com.samsung.android.support.senl.nt.composer.main.base.view.menu.template.util.sa.SAConstants;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.MGF1ParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PSource;

/* loaded from: classes4.dex */
public class PasswordEncryptUtils {
    private static final String ALIAS_NAME_USER_PASSWORD = "com.samsung.android.app.notes_userpasswordkey";
    private static final int DECRYPTION_ERROR_DECRYPT_FAILED = -1;
    private static final char[] HEX_TABLE = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', SAConstants.DETAIL_SAVE_DEFAULT_TEMPLATE_BASE, 'b', 'c', 'd', 'e', 'f'};
    private static final String PREF_GET_CERT_NULL_COUNT = "GetCertNullCount";
    private static final String TAG = "PasswordEncryptUtils";

    public static String decryptString(String str) {
        return decryptString(str, null);
    }

    public static String decryptString(String str, int[] iArr) {
        byte[] byteArray = getByteArray(str);
        if (byteArray == null) {
            LoggerBase.e(TAG, "decryption fail 1");
            return null;
        }
        PrivateKey passwordPrivateKey = getPasswordPrivateKey();
        if (passwordPrivateKey == null) {
            LoggerBase.e(TAG, "decryption fail 2");
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
            try {
                if (25 < Build.VERSION.SDK_INT) {
                    cipher.init(2, passwordPrivateKey, new OAEPParameterSpec(HashUtil.SHA256, "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT));
                } else {
                    cipher.init(2, passwordPrivateKey);
                }
                try {
                    return getHexString(cipher.doFinal(byteArray));
                } catch (Exception e) {
                    if (iArr != null && iArr.length > 0) {
                        iArr[0] = -1;
                    }
                    LoggerBase.e(TAG, "decryption fail 5 - [" + e.toString() + "]");
                    return null;
                }
            } catch (Exception e2) {
                LoggerBase.e(TAG, "decryption fail 4 - [" + e2.toString() + "]");
                return null;
            }
        } catch (Exception e3) {
            LoggerBase.e(TAG, "decryption fail 3 - [" + e3.toString() + "]");
            return null;
        }
    }

    public static String encryptBytes(Context context, byte[] bArr) {
        PublicKey passwordPublicKey = getPasswordPublicKey(context);
        if (passwordPublicKey == null) {
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
            try {
                if (25 < Build.VERSION.SDK_INT) {
                    cipher.init(1, passwordPublicKey, new OAEPParameterSpec(HashUtil.SHA256, "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT));
                } else {
                    cipher.init(1, passwordPublicKey);
                }
                try {
                    return getHexString(cipher.doFinal(bArr));
                } catch (Exception e) {
                    LoggerBase.e(TAG, "encryption fail 3 - [" + e.toString() + "]");
                    return null;
                }
            } catch (Exception e2) {
                LoggerBase.e(TAG, "encryption fail 2 - [" + e2.toString() + "]");
                return null;
            }
        } catch (Exception e3) {
            LoggerBase.e(TAG, "encryption fail 1 - [" + e3.toString() + "]");
            return null;
        }
    }

    public static String encryptString(Context context, String str) {
        byte[] byteArray = getByteArray(str);
        if (byteArray == null) {
            LoggerBase.e(TAG, "encryption fail 1");
            return null;
        }
        PublicKey passwordPublicKey = getPasswordPublicKey(context);
        if (passwordPublicKey == null) {
            LoggerBase.e(TAG, "encryption fail 2");
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
            try {
                if (25 < Build.VERSION.SDK_INT) {
                    cipher.init(1, passwordPublicKey, new OAEPParameterSpec(HashUtil.SHA256, "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT));
                } else {
                    cipher.init(1, passwordPublicKey);
                }
                try {
                    return getHexString(cipher.doFinal(byteArray));
                } catch (Exception e) {
                    LoggerBase.e(TAG, "encryption fail 5 - [" + e.toString() + "]");
                    return null;
                }
            } catch (Exception e2) {
                LoggerBase.e(TAG, "encryption fail 4 - [" + e2.toString() + "]");
                return null;
            }
        } catch (Exception e3) {
            LoggerBase.e(TAG, "encryption fail 3 - [" + e3.toString() + "]");
            return null;
        }
    }

    public static byte[] getByteArray(String str) {
        if (str == null || str.length() == 0) {
            return null;
        }
        byte[] bArr = new byte[str.length() / 2];
        int length = bArr.length;
        int i = 0;
        while (i < length) {
            int i2 = i + 1;
            bArr[i] = (byte) Integer.parseInt(str.substring(i * 2, i2 * 2), 16);
            i = i2;
        }
        return bArr;
    }

    public static String getHexString(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (byte b : bArr) {
            sb.append(HEX_TABLE[(b & 240) >> 4]);
            sb.append(HEX_TABLE[b & 15]);
        }
        return sb.toString();
    }

    private static PrivateKey getPasswordPrivateKey() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            try {
                keyStore.load(null);
                try {
                    if (!keyStore.containsAlias(ALIAS_NAME_USER_PASSWORD)) {
                        KeyPair makePasswordKeyPair = makePasswordKeyPair();
                        if (makePasswordKeyPair != null) {
                            return makePasswordKeyPair.getPrivate();
                        }
                        LoggerBase.e(TAG, "Fail to make key pair");
                        return null;
                    }
                    try {
                        return (PrivateKey) keyStore.getKey(ALIAS_NAME_USER_PASSWORD, null);
                    } catch (Exception e) {
                        LoggerBase.e(TAG, "Fail to get private key 4 - [" + e.toString() + "]");
                        return null;
                    }
                } catch (Exception e2) {
                    LoggerBase.e(TAG, "Fail to get private key 3 - [" + e2.toString() + "]");
                    return null;
                }
            } catch (Exception e3) {
                LoggerBase.e(TAG, "Fail to get private key 2 - [" + e3.toString() + "]");
                return null;
            }
        } catch (KeyStoreException e4) {
            LoggerBase.e(TAG, "Fail to get private key 1 - [" + e4.toString() + "]");
            return null;
        }
    }

    private static PublicKey getPasswordPublicKey(Context context) {
        KeyPair keyPair;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            try {
                keyStore.load(null);
                try {
                    if (!keyStore.containsAlias(ALIAS_NAME_USER_PASSWORD)) {
                        LoggerBase.e(TAG, "KeyStore does not contain keyPair");
                        KeyPair makePasswordKeyPair = makePasswordKeyPair();
                        if (makePasswordKeyPair != null) {
                            return makePasswordKeyPair.getPublic();
                        }
                        LoggerBase.e(TAG, "Fail to make key pair");
                        return null;
                    }
                    try {
                        int prefGetCertNullCount = getPrefGetCertNullCount(context);
                        Certificate certificate = keyStore.getCertificate(ALIAS_NAME_USER_PASSWORD);
                        if (certificate != null) {
                            PublicKey publicKey = certificate.getPublicKey();
                            if (prefGetCertNullCount != 0) {
                                setPrefGetCertNullCount(context, 0);
                            }
                            return publicKey;
                        }
                        LoggerBase.e(TAG, "KeyStore contains keyPair but returns null");
                        if (prefGetCertNullCount > 3) {
                            LoggerBase.e(TAG, "retry make keyPair");
                            keyPair = makePasswordKeyPair();
                            setPrefGetCertNullCount(context, 0);
                        } else {
                            LoggerBase.e(TAG, "retry get keyPair count" + prefGetCertNullCount);
                            setPrefGetCertNullCount(context, prefGetCertNullCount + 1);
                            keyPair = null;
                        }
                        if (keyPair != null) {
                            return keyPair.getPublic();
                        }
                        LoggerBase.e(TAG, "Fail to get key pair 2");
                        return null;
                    } catch (Exception e) {
                        LoggerBase.e(TAG, "Fail to get public key 4 - [" + e.toString() + "]");
                        return null;
                    }
                } catch (Exception e2) {
                    LoggerBase.e(TAG, "Fail to get public key 3 - [" + e2.toString() + "]");
                    return null;
                }
            } catch (Exception e3) {
                LoggerBase.e(TAG, "Fail to get public key 2 - [" + e3.toString() + "]");
                return null;
            }
        } catch (Exception e4) {
            LoggerBase.e(TAG, "Fail to get public key 1 - [" + e4.toString() + "]");
            return null;
        }
    }

    private static int getPrefGetCertNullCount(Context context) {
        return PreferenceManager.getDefaultSharedPreferences(context).getInt(PREF_GET_CERT_NULL_COUNT, 0);
    }

    public static byte[] getSecureHash(String str, byte[] bArr) {
        try {
            try {
                return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(str.toCharArray(), bArr, 4000, 256)).getEncoded();
            } catch (InvalidKeySpecException unused) {
                LoggerBase.d(TAG, "InvalidKeySpecException");
                return null;
            }
        } catch (NoSuchAlgorithmException unused2) {
            LoggerBase.d(TAG, "NoSuchAlgorithmException");
            return null;
        }
    }

    private static KeyPair makePasswordKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(ALIAS_NAME_USER_PASSWORD, 3).setKeySize(2048).setDigests(HashUtil.SHA256).setEncryptionPaddings("OAEPPadding").build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(build);
        return keyPairGenerator.generateKeyPair();
    }

    private static void setPrefGetCertNullCount(Context context, int i) {
        SharedPreferences.Editor edit = PreferenceManager.getDefaultSharedPreferences(context).edit();
        edit.putInt(PREF_GET_CERT_NULL_COUNT, i);
        edit.apply();
    }
}
