package com.opera.gx.util;

import android.annotation.SuppressLint;
import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.List;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public final class p {
    public static final a a = new a(null);

    /* renamed from: b */
    private final Context f5992b;

    /* renamed from: c */
    private final j0 f5993c;

    /* loaded from: classes.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(kotlin.jvm.c.g gVar) {
            this();
        }

        @SuppressLint({"GetInstance"})
        public final Cipher d() {
            return Cipher.getInstance("AES/GCM/NoPadding");
        }

        public final String b(String str) {
            List<String> D0;
            String M;
            kotlin.jvm.c.m.f(str, "publicKeyString");
            D0 = kotlin.e0.y.D0(str, 64);
            M = kotlin.v.x.M(D0, "\n", "-----BEGIN PUBLIC KEY-----\n", "\n-----END PUBLIC KEY-----", 0, null, null, 56, null);
            return M;
        }

        public final byte[] c(byte[] bArr, SecretKey secretKey, byte[] bArr2) {
            kotlin.jvm.c.m.f(bArr, "data");
            kotlin.jvm.c.m.f(secretKey, "key");
            kotlin.jvm.c.m.f(bArr2, "iv");
            Cipher d2 = d();
            d2.init(1, secretKey, new GCMParameterSpec(128, bArr2));
            byte[] doFinal = d2.doFinal(bArr);
            kotlin.jvm.c.m.e(doFinal, "doFinal(data)");
            return doFinal;
        }

        public final String e(String str) {
            kotlin.jvm.c.m.f(str, "pemString");
            return new kotlin.e0.j("-.+-|\n|\r").g(str, "");
        }

        public final String f(Key key) {
            String str;
            List<String> D0;
            String M;
            kotlin.jvm.c.m.f(key, "key");
            if (key instanceof PublicKey) {
                str = "PUBLIC";
            } else {
                if (!(key instanceof PrivateKey)) {
                    return null;
                }
                str = "PRIVATE";
            }
            String encodeToString = Base64.encodeToString(key.getEncoded(), 2);
            kotlin.jvm.c.m.e(encodeToString, "encodeToString(key.encoded, Base64.NO_WRAP)");
            D0 = kotlin.e0.y.D0(encodeToString, 64);
            M = kotlin.v.x.M(D0, "\n", "-----BEGIN " + str + " KEY-----\n", "\n-----END " + str + " KEY-----", 0, null, null, 56, null);
            return M;
        }
    }

    public p(Context context, j0 j0Var) {
        kotlin.jvm.c.m.f(context, "context");
        kotlin.jvm.c.m.f(j0Var, "analytics");
        this.f5992b = context;
        this.f5993c = j0Var;
    }

    private final boolean a() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        boolean z = keyStore.getCertificate("GXKP") != null;
        boolean z2 = keyStore.getKey("GXKP", null) != null;
        if (z && !z2) {
            this.f5993c.d(new GeneralSecurityException("have public but no private key"));
        }
        return z && z2;
    }

    private final byte[] b(byte[] bArr, SecretKey secretKey, byte[] bArr2) {
        Cipher d2 = a.d();
        d2.init(2, secretKey, new GCMParameterSpec(128, bArr2));
        byte[] doFinal = d2.doFinal(bArr);
        kotlin.jvm.c.m.e(doFinal, "cipher.doFinal(data)");
        return doFinal;
    }

    public static /* synthetic */ byte[] g(p pVar, byte[] bArr, Key key, int i2, Object obj) {
        if ((i2 & 2) != 0) {
            key = null;
        }
        return pVar.f(bArr, key);
    }

    public static /* synthetic */ String l(p pVar, int i2, int i3, Object obj) {
        if ((i3 & 1) != 0) {
            i2 = 12;
        }
        return pVar.k(i2);
    }

    private final void m() {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder("GXKP", 15).setDigests("SHA-1", "SHA-512").setEncryptionPaddings("OAEPPadding").setSignaturePaddings("PSS", "PKCS1").setRandomizedEncryptionRequired(true).setKeySize(2048).build());
        keyPairGenerator.generateKeyPair();
        o();
    }

    private final void n() {
        m();
    }

    private final PrivateKey o() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        Key key = keyStore.getKey("GXKP", null);
        PrivateKey privateKey = key instanceof PrivateKey ? (PrivateKey) key : null;
        if (privateKey != null) {
            return privateKey;
        }
        throw new GeneralSecurityException("couldn't get private key from KeyStore");
    }

    private final byte[] q(String str) {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-512");
        Charset charset = kotlin.e0.d.a;
        Objects.requireNonNull(str, "null cannot be cast to non-null type java.lang.String");
        byte[] bytes = str.getBytes(charset);
        kotlin.jvm.c.m.e(bytes, "(this as java.lang.String).getBytes(charset)");
        byte[] digest = messageDigest.digest(bytes);
        kotlin.jvm.c.m.e(digest, "md.digest(data.toByteArray())");
        return digest;
    }

    private final byte[] v(byte[] bArr, String str) {
        Signature signature = Signature.getInstance(str);
        signature.initSign(o());
        signature.update(bArr);
        byte[] sign = signature.sign();
        kotlin.jvm.c.m.e(sign, "signer.sign()");
        return sign;
    }

    private final boolean x(byte[] bArr, byte[] bArr2, PublicKey publicKey, String str) {
        Signature signature = Signature.getInstance(str);
        signature.initVerify(publicKey);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public final byte[] c(byte[] bArr) {
        kotlin.jvm.c.m.f(bArr, "data");
        OAEPParameterSpec oAEPParameterSpec = new OAEPParameterSpec("SHA-1", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT);
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
        cipher.init(2, o(), oAEPParameterSpec);
        byte[] doFinal = cipher.doFinal(bArr);
        kotlin.jvm.c.m.e(doFinal, "cipher.doFinal(data)");
        return doFinal;
    }

    public final CipherOutputStream d(OutputStream outputStream, SecretKey secretKey, String str) {
        kotlin.jvm.c.m.f(outputStream, "data");
        kotlin.jvm.c.m.f(secretKey, "key");
        kotlin.jvm.c.m.f(str, "ivString");
        byte[] decode = Base64.decode(str, 0);
        Cipher d2 = a.d();
        d2.init(2, secretKey, new GCMParameterSpec(128, decode));
        return new CipherOutputStream(outputStream, d2);
    }

    public final String e(String str, SecretKey secretKey, String str2) {
        kotlin.jvm.c.m.f(str, "data");
        kotlin.jvm.c.m.f(secretKey, "key");
        kotlin.jvm.c.m.f(str2, "iv");
        byte[] decode = Base64.decode(str, 0);
        kotlin.jvm.c.m.e(decode, "decode(data, Base64.DEFAULT)");
        byte[] decode2 = Base64.decode(str2, 0);
        kotlin.jvm.c.m.e(decode2, "decode(iv, Base64.DEFAULT)");
        return new String(b(decode, secretKey, decode2), kotlin.e0.d.a);
    }

    public final byte[] f(byte[] bArr, Key key) {
        kotlin.jvm.c.m.f(bArr, "data");
        OAEPParameterSpec oAEPParameterSpec = new OAEPParameterSpec("SHA-1", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT);
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
        if (key == null) {
            key = p();
        }
        cipher.init(1, key, oAEPParameterSpec);
        byte[] doFinal = cipher.doFinal(bArr);
        kotlin.jvm.c.m.e(doFinal, "cipher.doFinal(data)");
        return doFinal;
    }

    public final w0 h(InputStream inputStream, int i2, SecretKey secretKey, String str) {
        kotlin.jvm.c.m.f(inputStream, "data");
        kotlin.jvm.c.m.f(secretKey, "key");
        kotlin.jvm.c.m.f(str, "ivString");
        byte[] decode = Base64.decode(str, 0);
        Cipher d2 = a.d();
        d2.init(1, secretKey, new GCMParameterSpec(128, decode));
        kotlin.jvm.c.m.e(d2, "cipher");
        return new i0(inputStream, d2, d2.getOutputSize(i2));
    }

    public final String i(String str, SecretKey secretKey, String str2) {
        kotlin.jvm.c.m.f(str, "data");
        kotlin.jvm.c.m.f(secretKey, "key");
        kotlin.jvm.c.m.f(str2, "iv");
        a aVar = a;
        byte[] bytes = str.getBytes(kotlin.e0.d.a);
        kotlin.jvm.c.m.e(bytes, "(this as java.lang.String).getBytes(charset)");
        byte[] decode = Base64.decode(str2, 0);
        kotlin.jvm.c.m.e(decode, "decode(iv, Base64.DEFAULT)");
        String encodeToString = Base64.encodeToString(aVar.c(bytes, secretKey, decode), 2);
        kotlin.jvm.c.m.e(encodeToString, "encodeToString(encryptedBytes, Base64.NO_WRAP)");
        return encodeToString;
    }

    public final void j() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (keyStore.containsAlias("GXKP") && a()) {
            return;
        }
        n();
    }

    public final String k(int i2) {
        byte[] bArr = new byte[i2];
        new SecureRandom().nextBytes(bArr);
        String encodeToString = Base64.encodeToString(bArr, 2);
        kotlin.jvm.c.m.e(encodeToString, "encodeToString(iv, Base64.NO_WRAP)");
        return encodeToString;
    }

    public final PublicKey p() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        PublicKey publicKey = keyStore.getCertificate("GXKP").getPublicKey();
        kotlin.jvm.c.m.e(publicKey, "keyStore.getCertificate(KEY_ALIAS).publicKey");
        return publicKey;
    }

    public final String r(String str) {
        kotlin.jvm.c.m.f(str, "data");
        String encodeToString = Base64.encodeToString(q(str), 2);
        kotlin.jvm.c.m.e(encodeToString, "encodeToString(hashWithSHA(data), Base64.NO_WRAP)");
        return encodeToString;
    }

    public final PublicKey s(String str) {
        kotlin.jvm.c.m.f(str, "encodedKey");
        PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode(str, 0)));
        kotlin.jvm.c.m.e(generatePublic, "keyFactory.generatePublic(spec)");
        return generatePublic;
    }

    public final SecretKey t(byte[] bArr) {
        kotlin.jvm.c.m.f(bArr, "keyBytes");
        return new SecretKeySpec(bArr, 0, bArr.length, "AES");
    }

    public final byte[] u(byte[] bArr) {
        kotlin.jvm.c.m.f(bArr, "data");
        try {
            return v(bArr, "SHA512withRSA/PSS");
        } catch (Exception unused) {
            return v(bArr, "SHA512withRSA");
        }
    }

    public final boolean w(String str, String str2, String str3) {
        kotlin.jvm.c.m.f(str, "message");
        kotlin.jvm.c.m.f(str2, "signatureString");
        kotlin.jvm.c.m.f(str3, "keyString");
        PublicKey s = s(str3);
        byte[] bytes = str.getBytes(kotlin.e0.d.a);
        kotlin.jvm.c.m.e(bytes, "(this as java.lang.String).getBytes(charset)");
        byte[] decode = Base64.decode(str2, 2);
        try {
            kotlin.jvm.c.m.e(decode, "signatureBytes");
            if (x(bytes, decode, s, "SHA512withRSA/PSS")) {
                return true;
            }
        } catch (Exception unused) {
        }
        try {
            kotlin.jvm.c.m.e(decode, "signatureBytes");
            return x(bytes, decode, s, "SHA512withRSA");
        } catch (Exception unused2) {
            return false;
        }
    }
}
