package org.forgerock.android.auth;

import android.app.KeyguardManager;
import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Calendar;
import java.util.Date;
import javax.crypto.Cipher;
import javax.security.auth.x500.X500Principal;
import lombok.NonNull;
import org.conscrypt.SSLUtils;

/* loaded from: classes5.dex */
public class AsymmetricEncryptor implements Encryptor {
    public final Context context;
    public final String keyAlias;

    /* loaded from: classes5.dex */
    public class KeyUnavailableException extends Exception {
        public KeyUnavailableException(AsymmetricEncryptor asymmetricEncryptor, String str) {
            super(str);
        }
    }

    public AsymmetricEncryptor(Context context, @NonNull String str) {
        if (str == null) {
            throw new NullPointerException("keyAlias is marked non-null but is null");
        }
        this.context = context.getApplicationContext();
        this.keyAlias = str;
    }

    @Override // org.forgerock.android.auth.Encryptor
    public byte[] decrypt(@NonNull byte[] bArr) {
        if (bArr == null) {
            throw new NullPointerException("encryptedData is marked non-null but is null");
        }
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
            KeyStore keyStore = getKeyStore();
            if (!keyStore.containsAlias(this.keyAlias)) {
                throw new KeyUnavailableException(this, "Private Key not found.");
            }
            cipher.init(2, keyStore.getKey(this.keyAlias, null));
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new EncryptionException(e);
        }
    }

    @Override // org.forgerock.android.auth.Encryptor
    public byte[] encrypt(@NonNull byte[] bArr) {
        if (bArr == null) {
            throw new NullPointerException("data is marked non-null but is null");
        }
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
            cipher.init(1, getPublicKey());
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new EncryptionException(e);
        }
    }

    public final KeyStore getKeyStore() throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        return keyStore;
    }

    public final Key getPublicKey() throws GeneralSecurityException, IOException {
        KeyStore keyStore = getKeyStore();
        if (keyStore.containsAlias(this.keyAlias)) {
            return keyStore.getCertificate(this.keyAlias).getPublicKey();
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(SSLUtils.KEY_TYPE_RSA, "AndroidKeyStore");
        Context context = this.context;
        String str = this.keyAlias;
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        calendar.add(1, 10);
        KeyPairGeneratorSpec.Builder endDate = new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSubject(new X500Principal("CN=ForgeRock")).setKeySize(2048).setSerialNumber(BigInteger.ONE).setStartDate(time).setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4)).setEndDate(calendar.getTime());
        KeyguardManager keyguardManager = (KeyguardManager) context.getSystemService("keyguard");
        if (keyguardManager.isKeyguardSecure() && keyguardManager.createConfirmDeviceCredentialIntent(null, null) != null) {
            endDate.setEncryptionRequired();
        }
        keyPairGenerator.initialize(endDate.build());
        return keyPairGenerator.generateKeyPair().getPublic();
    }

    @Override // org.forgerock.android.auth.Encryptor
    public void reset() throws GeneralSecurityException, IOException {
        getKeyStore().deleteEntry(this.keyAlias);
    }
}
