package com.axis.lib.security.crypto;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import com.axis.lib.log.AxisLog;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Calendar;
import java.util.Date;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes3.dex */
public class KeyStoreRsaEncryptionStrategy extends AbstractEncryptionStrategy {
    private static final String ANDROID_KEY_STORE_NAME = "AndroidKeyStore";
    private static final String CERTIFICATE_ALIAS = "AxisCert-RSA/ECB/PKCS1Padding-2048";
    private static final String KEY_ALGORITHM_RSA = "RSA";
    private static final int KEY_SIZE = 2048;
    private static final int MAX_NUMBER_OF_PLAIN_TEXT_BYTES_PER_CHUNK = 245;
    private static final int MINIMUM_API_LEVEL = 19;
    private static final String TRANSFORMATION = "RSA/ECB/PKCS1Padding";
    private static final String X500_COMMON_NAME = "AxisCert";
    private static final String X500_DISTINGUISHED_NAME = "CN=AxisCert, O=AXIS Communications";
    private static final String X500_ORGANIZATION = "AXIS Communications";
    private final Context context;

    public KeyStoreRsaEncryptionStrategy(Context context) {
        this.context = context;
    }

    private static Cipher createCipher() throws NoSuchAlgorithmException, NoSuchPaddingException {
        return Cipher.getInstance(TRANSFORMATION);
    }

    private Certificate createOrGetCertificate(Context context, KeyStore keyStore, String str) throws KeyStoreException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException {
        if (!keyStore.containsAlias(str)) {
            generateKeyInAndroidKeyStore(context, str);
        }
        return keyStore.getCertificate(str);
    }

    private byte[] encrypt(Context context, KeyStore keyStore, String str, byte[] bArr) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyStoreException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, IOException {
        PublicKey publicKey = createOrGetCertificate(context, keyStore, str).getPublicKey();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        int i = 0;
        while (i < bArr.length) {
            int min = Math.min(MAX_NUMBER_OF_PLAIN_TEXT_BYTES_PER_CHUNK, bArr.length - i);
            encryptChunk(publicKey, byteArrayOutputStream, bArr, i, min);
            i += min;
        }
        return byteArrayOutputStream.toByteArray();
    }

    private void encryptChunk(PublicKey publicKey, OutputStream outputStream, byte[] bArr, int i, int i2) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyStoreException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, IOException {
        Cipher createCipher = createCipher();
        createCipher.init(1, publicKey);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(createCipher.getOutputSize(i2));
        byte[] update = createCipher.update(bArr, i, i2);
        if (update != null) {
            byteArrayOutputStream.write(update);
        }
        byte[] doFinal = createCipher.doFinal();
        if (doFinal != null) {
            byteArrayOutputStream.write(doFinal);
        }
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(outputStream);
        objectOutputStream.writeShort(byteArrayOutputStream.toByteArray().length);
        objectOutputStream.flush();
        outputStream.write(byteArrayOutputStream.toByteArray());
    }

    private void generateKeyInAndroidKeyStore(Context context, String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        if (!isSufficientApiLevel()) {
            throw new EncryptionNotSupportedException("Key generation not supported until API level 19");
        }
        Date date = new Date();
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSubject(new X500Principal(X500_DISTINGUISHED_NAME)).setSerialNumber(BigInteger.ONE).setStartDate(date).setEndDate(getCertificateEndDate(date)).setKeyType(KEY_ALGORITHM_RSA).setKeySize(2048).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM_RSA, ANDROID_KEY_STORE_NAME);
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
        AxisLog.i("Generated key with alias " + str + " in key store, key size: " + build.getKeySize());
    }

    private Date getCertificateEndDate(Date date) {
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(1, 1000);
        return calendar.getTime();
    }

    private PrivateKey getPrivateKey(KeyStore keyStore, String str) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        return (PrivateKey) keyStore.getKey(str, null);
    }

    private static KeyStore initializeKeystore() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_NAME);
        keyStore.load(null);
        return keyStore;
    }

    private static boolean isSufficientApiLevel() {
        return true;
    }

    public byte[] decrypt(Context context, KeyStore keyStore, String str, byte[] bArr) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyStoreException, NoSuchProviderException, UnrecoverableKeyException, InvalidKeyException, InvalidEncryptedDataException, IOException {
        createOrGetCertificate(context, keyStore, str);
        PrivateKey privateKey = getPrivateKey(keyStore, str);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        while (byteArrayInputStream.available() > 0) {
            decryptChunk(privateKey, byteArrayOutputStream, byteArrayInputStream);
        }
        return byteArrayOutputStream.toByteArray();
    }

    @Override // com.axis.lib.security.crypto.EncryptionStrategy
    public byte[] decrypt(byte[] bArr) throws InvalidEncryptedDataException {
        try {
            return decrypt(this.context, initializeKeystore(), CERTIFICATE_ALIAS, bArr);
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableKeyException | CertificateException | NoSuchPaddingException e) {
            throw new EncryptionNotSupportedException(e);
        }
    }

    public void decryptChunk(PrivateKey privateKey, OutputStream outputStream, InputStream inputStream) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyStoreException, NoSuchProviderException, UnrecoverableKeyException, InvalidKeyException, InvalidEncryptedDataException, IOException {
        int readShort = new ObjectInputStream(inputStream).readShort();
        if (readShort <= 0) {
            throw new InvalidEncryptedDataException("Invalid chunk length: " + readShort);
        }
        byte[] bArr = new byte[readShort];
        if (inputStream.read(bArr) != readShort) {
            throw new InvalidEncryptedDataException("Premature end of data, unable to read chunk of " + readShort + " byte(s)");
        }
        Cipher createCipher = createCipher();
        createCipher.init(2, privateKey);
        byte[] update = createCipher.update(bArr);
        if (update != null) {
            outputStream.write(update);
        }
        try {
            byte[] doFinal = createCipher.doFinal();
            if (doFinal != null) {
                outputStream.write(doFinal);
            }
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            throw new InvalidEncryptedDataException(e);
        }
    }

    @Override // com.axis.lib.security.crypto.EncryptionStrategy
    public byte[] encrypt(byte[] bArr) {
        try {
            return encrypt(this.context, initializeKeystore(), CERTIFICATE_ALIAS, bArr);
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new EncryptionNotSupportedException(e);
        }
    }

    @Override // com.axis.lib.security.crypto.AbstractEncryptionStrategy, com.axis.lib.security.crypto.EncryptionStrategy
    public boolean isSupported() {
        return isSufficientApiLevel() && super.isSupported();
    }
}
