package com.drei.kundenzone.data.local.encryption;

import android.content.Context;
import android.security.KeyChain;
import com.drei.android.annotations.dagger.qualifier.ApplicationContext;
import com.drei.kundenzone.data.local.PrefRepo;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import oc.a;

/* loaded from: classes.dex */
public class EncryptionKeyManager {
    private static final int AES_256_KEY_LENGTH_BYTES = 32;
    private static final String AES_CIPHER = "AES/CBC/PKCS5Padding";
    private static final int MAX_KEY_LENGTH_BYTES = 64;
    private final Context context;
    private final PrefRepo prefRepo;
    private final SecureRandom random = new SecureRandom();
    private SecretKey fullSecretKey = null;

    public EncryptionKeyManager(PrefRepo prefRepo, @ApplicationContext Context context) {
        this.prefRepo = prefRepo;
        this.context = context;
    }

    private IvParameterSpec generateIv(int i10) {
        byte[] bArr = new byte[i10];
        this.random.nextBytes(bArr);
        return new IvParameterSpec(bArr);
    }

    private SecretKey getSecretKey(int i10) throws GeneralSecurityException, IOException {
        try {
            return loadOrGenerateKey(i10);
        } catch (GeneralSecurityException e10) {
            a.c(e10, "Could not load key, resetting …", new Object[0]);
            try {
                resetEncryptionKey();
                this.fullSecretKey = null;
                return loadOrGenerateKey(i10);
            } catch (GeneralSecurityException e11) {
                a.c(e11, "Could not reset key, changing key alias …", new Object[0]);
                this.prefRepo.setEncryptionKey(null);
                this.prefRepo.changeEncryptionKeySuffix();
                this.fullSecretKey = null;
                return loadOrGenerateKey(i10);
            }
        }
    }

    private SecretKey loadOrGenerateKey(int i10) throws GeneralSecurityException, IOException {
        if (i10 > 64) {
            throw new IllegalArgumentException("Key size must be smaller than " + i10);
        }
        if (this.fullSecretKey == null) {
            StringBuilder sb2 = new StringBuilder();
            sb2.append("Encryption key is ");
            sb2.append(KeyChain.isBoundKeyAlgorithm("RSA") ? "hardware-backed" : "software-backed");
            SecretKeyWrapper secretKeyWrapper = new SecretKeyWrapper(this.context, this.prefRepo.getEncryptionKeyAlias());
            byte[] encryptionKey = this.prefRepo.getEncryptionKey();
            if (encryptionKey == null) {
                byte[] bArr = new byte[64];
                new SecureRandom().nextBytes(bArr);
                this.prefRepo.setEncryptionKey(secretKeyWrapper.wrap(new SecretKeySpec(bArr, "AES")));
                encryptionKey = this.prefRepo.getEncryptionKey();
            }
            this.fullSecretKey = secretKeyWrapper.unwrap(encryptionKey);
        }
        return i10 != 64 ? new SecretKeySpec(Arrays.copyOf(this.fullSecretKey.getEncoded(), i10), "AES") : this.fullSecretKey;
    }

    private static IvParameterSpec readIv(int i10, InputStream inputStream) throws IOException {
        byte[] bArr = new byte[i10];
        inputStream.read(bArr);
        return new IvParameterSpec(bArr);
    }

    private void resetEncryptionKey() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        this.prefRepo.setEncryptionKey(null);
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        keyStore.deleteEntry(this.prefRepo.getEncryptionKeyAlias());
    }

    public CipherInputStream getCipherInputStream(File file) throws IOException, GeneralSecurityException {
        FileInputStream fileInputStream = new FileInputStream(file);
        Cipher cipher = Cipher.getInstance(AES_CIPHER);
        cipher.init(2, getSecretKey(32), readIv(cipher.getBlockSize(), fileInputStream));
        return new CipherInputStream(fileInputStream, cipher);
    }

    public CipherInputStream getCipherInputStream(String str) throws IOException, GeneralSecurityException {
        return getCipherInputStream(new File(str));
    }

    public CipherOutputStream getCipherOutputStream(File file) throws IOException, GeneralSecurityException {
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        Cipher cipher = Cipher.getInstance(AES_CIPHER);
        IvParameterSpec generateIv = generateIv(cipher.getBlockSize());
        cipher.init(1, getSecretKey(32), generateIv);
        fileOutputStream.write(generateIv.getIV());
        return new CipherOutputStream(fileOutputStream, cipher);
    }

    public CipherOutputStream getCipherOutputStream(String str) throws IOException, GeneralSecurityException {
        return getCipherOutputStream(new File(str));
    }
}
