package com.ca.mas.core.util;

import ch.qos.logback.core.AsyncAppenderBase;
import com.ca.mas.core.security.GenerateKeyAttribute;
import com.ca.mas.core.security.KeyStoreException;
import com.ca.mas.core.security.KeyStoreRepository;
import com.ca.mas.foundation.MAS;
import com.ca.mas.foundation.MASConfiguration;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.MGF1ParameterSpec;
import java.util.ArrayList;
import java.util.Iterator;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;

/* loaded from: classes2.dex */
public class KeyUtilsAsymmetric {
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String CIPHER_ENCRYPTION_ANDROID_M_PLUS = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
    private static KeyStoreRepository keyRepository = KeyStoreRepository.getKeyStoreRepository();

    protected KeyUtilsAsymmetric() {
    }

    private static byte[] arrayConcat(ArrayList<byte[]> arrayList) {
        Iterator<byte[]> it = arrayList.iterator();
        int i10 = 0;
        while (it.hasNext()) {
            i10 += it.next().length;
        }
        byte[] bArr = new byte[i10];
        Iterator<byte[]> it2 = arrayList.iterator();
        int i11 = 0;
        while (it2.hasNext()) {
            byte[] next = it2.next();
            System.arraycopy(next, 0, bArr, i11, next.length);
            i11 += next.length;
        }
        return bArr;
    }

    private static ArrayList<byte[]> arraySplit(byte[] bArr, int i10) {
        ArrayList<byte[]> arrayList = new ArrayList<>();
        int i11 = 0;
        while (i11 < bArr.length) {
            int length = bArr.length - i11;
            if (length > i10) {
                length = i10;
            }
            byte[] bArr2 = new byte[length];
            System.arraycopy(bArr, i11, bArr2, 0, length);
            arrayList.add(bArr2);
            i11 += length;
        }
        return arrayList;
    }

    public static void clearCertificateChain(String str) {
        keyRepository.deleteCertificateChain(sanitizeAlias(str));
    }

    public static byte[] decrypt(PrivateKey privateKey, byte[] bArr) throws NoSuchPaddingException, InvalidKeyException, BadPaddingException, NoSuchAlgorithmException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
        ArrayList<byte[]> arraySplit = arraySplit(bArr, AsyncAppenderBase.DEFAULT_QUEUE_SIZE);
        ArrayList arrayList = new ArrayList();
        Iterator<byte[]> it = arraySplit.iterator();
        while (it.hasNext()) {
            arrayList.add(decryptSection(privateKey, it.next()));
        }
        return arrayConcat(arrayList);
    }

    private static byte[] decryptSection(PrivateKey privateKey, byte[] bArr) throws NoSuchPaddingException, InvalidKeyException, BadPaddingException, NoSuchAlgorithmException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
        Cipher cipher = Cipher.getInstance(CIPHER_ENCRYPTION_ANDROID_M_PLUS);
        cipher.init(2, privateKey, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
        return cipher.doFinal(bArr);
    }

    public static void deletePrivateKey(String str) {
        keyRepository.deleteKey(sanitizeAlias(str));
    }

    public static byte[] encrypt(PublicKey publicKey, byte[] bArr) throws NoSuchPaddingException, InvalidKeyException, BadPaddingException, NoSuchAlgorithmException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
        ArrayList<byte[]> arraySplit = arraySplit(bArr, 128);
        ArrayList arrayList = new ArrayList();
        Iterator<byte[]> it = arraySplit.iterator();
        while (it.hasNext()) {
            arrayList.add(encryptSection(publicKey, it.next()));
        }
        return arrayConcat(arrayList);
    }

    private static byte[] encryptSection(PublicKey publicKey, byte[] bArr) throws NoSuchPaddingException, InvalidKeyException, BadPaddingException, NoSuchAlgorithmException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
        Cipher cipher = Cipher.getInstance(CIPHER_ENCRYPTION_ANDROID_M_PLUS);
        cipher.init(1, publicKey, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
        return cipher.doFinal(bArr);
    }

    public static PrivateKey generateRsaPrivateKey(int i10, String str, String str2, boolean z10, boolean z11, int i11, boolean z12) throws KeyStoreException {
        if (i10 < 2048) {
            i10 = 2048;
        }
        GenerateKeyAttribute generateKeyAttribute = new GenerateKeyAttribute();
        generateKeyAttribute.setKeySize(i10);
        generateKeyAttribute.setDn(str2);
        generateKeyAttribute.setEncryptionRequired(z10);
        generateKeyAttribute.setUserAuthenticationRequired(z11);
        generateKeyAttribute.setInvalidatedByBiometricEnrollment(z12);
        generateKeyAttribute.setUserAuthenticationValidityDurationSeconds(i11);
        return keyRepository.createPrivateKey(sanitizeAlias(str), generateKeyAttribute).getPrivate();
    }

    public static PrivateKey generateRsaPrivateKey(String str, String str2, boolean z10, boolean z11, int i10, boolean z12) throws KeyStoreException {
        return generateRsaPrivateKey(2048, str, str2, z10, z11, i10, z12);
    }

    public static X509Certificate[] getCertificateChain(String str) throws KeyStoreException {
        return keyRepository.getCertificateChain(sanitizeAlias(str));
    }

    public static Key getKeystoreKey(String str) throws IOException, java.security.KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
        keyStore.load(null);
        return keyStore.getKey(str, null);
    }

    public static PrivateKey getRsaPrivateKey(String str) throws KeyStoreException {
        return (PrivateKey) keyRepository.getPrivateKey(sanitizeAlias(str));
    }

    public static PublicKey getRsaPublicKey(String str) throws KeyStoreException {
        return (PublicKey) keyRepository.getPublicKey(sanitizeAlias(str));
    }

    public static String sanitizeAlias(String str) {
        if (MASConfiguration.getCurrentConfiguration().isSsoEnabled()) {
            return str;
        }
        return MAS.getContext().getPackageName() + "_" + str;
    }

    public static void setCertificateChain(String str, X509Certificate[] x509CertificateArr) throws KeyStoreException {
        keyRepository.saveCertificateChain(sanitizeAlias(str), x509CertificateArr);
    }
}
