package com.rayark.keystoretool;

import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.support.annotation.RequiresApi;
import android.util.Log;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.util.concurrent.Callable;
import java.util.concurrent.FutureTask;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public final class KeyStoreEncryption {
    private static final String TAG = "KeyStoreEncryption";

    private static FutureTask<byte[]> _decrypt(@NonNull final String str, @NonNull final String str2, @NonNull final byte[] bArr) {
        FutureTask<byte[]> futureTask = new FutureTask<>(new Callable<byte[]>() { // from class: com.rayark.keystoretool.KeyStoreEncryption.2
            @RequiresApi(18)
            private Key _getAESKey(@NonNull CompoundedData compoundedData) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
                return Utilities._canStoreSymmetricKeyInKeyStore() ? AesKeyManagement._retrieveAESKeyFromKeyStore(str) : new SecretKeySpec(Utilities._rsaDecrypt(RsaKeyManagement._retrieveRSAKeyFromKeyStore(str2).getPrivate(), compoundedData.getAesKey()), "AES");
            }

            @Override // java.util.concurrent.Callable
            public byte[] call() throws InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
                String str3 = str;
                if (str3 == null || str3.isEmpty()) {
                    throw new IllegalArgumentException("AES alias must not be null");
                }
                String str4 = str2;
                if (str4 == null || str4.isEmpty()) {
                    throw new IllegalArgumentException("RSA alias must not be null");
                }
                if (bArr.length == 0) {
                    return new byte[0];
                }
                if (!Utilities.androidVersionSupported()) {
                    return bArr;
                }
                try {
                    CompoundedData deserialize = CompoundedData.deserialize(bArr);
                    return Utilities._aesDecrypt(Utilities._getCipher(2, "AES/CBC/PKCS7Padding", _getAESKey(deserialize), new IvParameterSpec(deserialize.getIV())), deserialize.getCipherText());
                } catch (IOException | ClassNotFoundException e) {
                    Log.e(KeyStoreEncryption.TAG, "Invalid input", e);
                    throw new IllegalArgumentException(e.getMessage());
                }
            }
        });
        new Thread(futureTask).start();
        return futureTask;
    }

    private static FutureTask<byte[]> _encrypt(@NonNull final String str, @NonNull final byte[] bArr) {
        FutureTask<byte[]> futureTask = new FutureTask<>(new Callable<byte[]>() { // from class: com.rayark.keystoretool.KeyStoreEncryption.1
            @RequiresApi(18)
            private byte[] _encryptAESKey(@NonNull Key key) throws InvalidKeyException {
                KeyPair _generateRSAKey;
                try {
                    _generateRSAKey = RsaKeyManagement._retrieveRSAKeyFromKeyStore(str);
                } catch (IllegalArgumentException unused) {
                    _generateRSAKey = RsaKeyManagement._generateRSAKey(str);
                }
                return Utilities._rsaEncrypt(_generateRSAKey.getPublic(), key.getEncoded());
            }

            private byte[] _postProcess(@NonNull byte[] bArr2, @NonNull byte[] bArr3, @Nullable byte[] bArr4) throws IOException {
                CompoundedData compoundedData = new CompoundedData();
                compoundedData.setCipherText(bArr2);
                compoundedData.setIV(bArr3);
                compoundedData.setAesKey(bArr4);
                return CompoundedData.serialize(compoundedData);
            }

            @Override // java.util.concurrent.Callable
            public byte[] call() throws IOException, InvalidAlgorithmParameterException, InvalidKeyException {
                SecretKey _generateAESKeyWithCBC;
                String str2 = str;
                if (str2 == null || str2.isEmpty()) {
                    throw new IllegalArgumentException("alias must not be null");
                }
                if (bArr.length == 0) {
                    return new byte[0];
                }
                if (!Utilities.androidVersionSupported()) {
                    return bArr;
                }
                if (Utilities._canStoreSymmetricKeyInKeyStore()) {
                    try {
                        _generateAESKeyWithCBC = AesKeyManagement._retrieveAESKeyFromKeyStore(str);
                    } catch (IllegalArgumentException unused) {
                        _generateAESKeyWithCBC = AesKeyManagement._generateAESKeyWithCBC(str);
                    }
                } else {
                    _generateAESKeyWithCBC = AesKeyManagement._generateAESKeyWithSecureRandom();
                }
                Cipher _getCipher = Utilities._getCipher(1, "AES/CBC/PKCS7Padding", _generateAESKeyWithCBC, null);
                return _postProcess(Utilities._aesEncrypt(_getCipher, bArr), _getCipher.getIV(), true ^ Utilities._canStoreSymmetricKeyInKeyStore() ? _encryptAESKey(_generateAESKeyWithCBC) : null);
            }
        });
        new Thread(futureTask).start();
        return futureTask;
    }

    public static FutureTask<byte[]> decrypt(String str, byte[] bArr) {
        return _decrypt(AesKeyManagement._appendSuffix(str), RsaKeyManagement._appendSuffix(str), bArr);
    }

    public static FutureTask<byte[]> decryptLegacy(String str, byte[] bArr) {
        return _decrypt(str, str, bArr);
    }

    public static FutureTask<byte[]> encrypt(@NonNull String str, @NonNull byte[] bArr) {
        return Utilities._canStoreSymmetricKeyInKeyStore() ? _encrypt(AesKeyManagement._appendSuffix(str), bArr) : _encrypt(RsaKeyManagement._appendSuffix(str), bArr);
    }

    public static FutureTask<byte[]> encryptLegacy(@NonNull String str, @NonNull byte[] bArr) {
        return _encrypt(str, bArr);
    }
}
