package com.fitbit.coin.kit.internal.ui.fingerprint;

import android.annotation.SuppressLint;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.fitbit.coin.kit.internal.device.PaymentDeviceId;
import com.fitbit.coin.kit.internal.device.PinManager;
import com.fitbit.coin.kit.internal.store.Key;
import com.fitbit.coin.kit.internal.store.Path;
import com.fitbit.coin.kit.internal.store.Store;
import com.fitbit.coin.kit.internal.ui.fingerprint.CipherManager;
import io.reactivex.Completable;
import io.reactivex.Single;
import io.reactivex.functions.Action;
import io.reactivex.functions.Function;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.concurrent.Callable;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.inject.Inject;
import javax.inject.Named;

@SuppressLint({"NewApi"})
/* loaded from: classes4.dex */
public class CipherManager {
    public static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    public static final String PIN_KEY_ALIAS = "fitbit_pay_pin";

    /* renamed from: b, reason: collision with root package name */
    public static final String f10540b = "AES";

    /* renamed from: c, reason: collision with root package name */
    public static final String f10541c = "RSA/ECB/PKCS1Padding";

    /* renamed from: d, reason: collision with root package name */
    public static final String f10542d = "AES/ECB/PKCS7Padding";

    /* renamed from: a, reason: collision with root package name */
    public final Store f10543a;

    @Inject
    public CipherManager(@Named("ckData") Store store) {
        this.f10543a = store;
    }

    public static Key<String> a(PaymentDeviceId paymentDeviceId) {
        return Key.create(String.class, new Path(PinManager.pinPath(paymentDeviceId), "encryption_key_2.58"));
    }

    public static /* synthetic */ Cipher a(SecretKey secretKey) throws Exception {
        Cipher cipher = Cipher.getInstance(f10542d);
        cipher.init(2, secretKey);
        return cipher;
    }

    private byte[] a(byte[] bArr) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(PIN_KEY_ALIAS, null);
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, privateKeyEntry.getPrivateKey());
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        byte[] bArr2 = new byte[arrayList.size()];
        for (int i2 = 0; i2 < bArr2.length; i2++) {
            bArr2[i2] = ((Byte) arrayList.get(i2)).byteValue();
        }
        return bArr2;
    }

    private Single<String> b() {
        return Single.fromCallable(new Callable() { // from class: d.j.x4.a.c.k.d1.a
            @Override // java.util.concurrent.Callable
            public final Object call() {
                return CipherManager.this.a();
            }
        });
    }

    private Single<SecretKey> b(PaymentDeviceId paymentDeviceId) {
        return this.f10543a.getOrRetrieve(a(paymentDeviceId), b()).map(new Function() { // from class: d.j.x4.a.c.k.d1.d
            @Override // io.reactivex.functions.Function
            public final Object apply(Object obj) {
                return CipherManager.this.a((String) obj);
            }
        });
    }

    public static /* synthetic */ Cipher b(SecretKey secretKey) throws Exception {
        Cipher cipher = Cipher.getInstance(f10542d);
        cipher.init(1, secretKey);
        return cipher;
    }

    private byte[] b(byte[] bArr) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(PIN_KEY_ALIAS, null);
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(1, privateKeyEntry.getCertificate().getPublicKey());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(bArr);
        cipherOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    private void c() throws GeneralSecurityException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(PIN_KEY_ALIAS, 3).setBlockModes("ECB").setEncryptionPaddings("PKCS1Padding").build());
        keyPairGenerator.generateKeyPair();
    }

    public static /* synthetic */ void d() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (keyStore.containsAlias(PIN_KEY_ALIAS)) {
            keyStore.deleteEntry(PIN_KEY_ALIAS);
            if (keyStore.containsAlias(PIN_KEY_ALIAS)) {
                throw new Exception("Failed to remove fitbit_pay_pin");
            }
        }
    }

    public /* synthetic */ String a() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (!keyStore.containsAlias(PIN_KEY_ALIAS)) {
            c();
        }
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return Base64.encodeToString(b(bArr), 0);
    }

    public /* synthetic */ SecretKey a(String str) throws Exception {
        return new SecretKeySpec(a(Base64.decode(str, 0)), "AES");
    }

    public Single<Cipher> getDecryptCipher(PaymentDeviceId paymentDeviceId) {
        return b(paymentDeviceId).map(new Function() { // from class: d.j.x4.a.c.k.d1.c
            @Override // io.reactivex.functions.Function
            public final Object apply(Object obj) {
                return CipherManager.a((SecretKey) obj);
            }
        });
    }

    public Single<Cipher> getEncryptCipher(PaymentDeviceId paymentDeviceId) {
        return b(paymentDeviceId).map(new Function() { // from class: d.j.x4.a.c.k.d1.b
            @Override // io.reactivex.functions.Function
            public final Object apply(Object obj) {
                return CipherManager.b((SecretKey) obj);
            }
        });
    }

    public Completable removeEncryptionKeys() {
        return Completable.fromAction(new Action() { // from class: d.j.x4.a.c.k.d1.e
            @Override // io.reactivex.functions.Action
            public final void run() {
                CipherManager.d();
            }
        });
    }
}
