package de.vwag.carnet.app.smartwatch.util;

import android.content.Context;
import android.util.Base64;
import de.vwag.carnet.app.utils.L;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Calendar;
import javax.crypto.Cipher;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes4.dex */
public class SmartwatchProtocolEncryptionHelper {
    private static final String ALIAS = "SMARTWATCH_PROTOCOL_KEY";
    private static final String KEY_ALGORITHM = "RSA";
    private static final int KEY_SIZE = 2048;
    private static final String PEM_FOOTER = "\n-----END CERTIFICATE-----\n";
    private static final String PEM_HEADER = "-----BEGIN CERTIFICATE-----\n";
    private static final String PROVIDER = "SC";
    private static final String TRANSFORMATION_TYPE = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
    BKSKeyStore bcKeyStore;
    Context context;

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    private String decryptFromRsaBase64(String str, PrivateKey privateKey) throws Exception {
        byte[] decode = Base64.decode(str, 0);
        Cipher cipher = Cipher.getInstance(TRANSFORMATION_TYPE, "SC");
        cipher.init(2, privateKey);
        return new String(cipher.doFinal(decode));
    }

    private String encryptToRsaBase64(String str, Key key) throws Exception {
        Cipher cipher = Cipher.getInstance(TRANSFORMATION_TYPE, "SC");
        cipher.init(1, key);
        return Base64.encodeToString(cipher.doFinal(str.getBytes()), 0);
    }

    private X509Certificate generateCertificate(KeyPair keyPair) throws OperatorCreationException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 1);
        X500Name x500Name = new X500Name("CN=de.vwag.carnet.app");
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider("SC").getCertificate(new JcaX509v3CertificateBuilder(x500Name, new BigInteger(64, new SecureRandom()), calendar.getTime(), calendar2.getTime(), x500Name, keyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate())));
        certificate.verify(keyPair.getPublic());
        return certificate;
    }

    private KeyPair generateRSAKeyPair() {
        try {
            SecureRandom secureRandom = new SecureRandom();
            RSAKeyGenParameterSpec rSAKeyGenParameterSpec = new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM, "SC");
            keyPairGenerator.initialize(rSAKeyGenParameterSpec, secureRandom);
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private String getPEMEncodedStringFromCertificate(Certificate certificate) throws CertificateEncodingException {
        return PEM_HEADER + new String(Base64.encode(certificate.getEncoded(), 0)).replaceAll("(.{64})", "$1\n") + PEM_FOOTER;
    }

    public String decryptMessage(String str) throws Exception {
        return decryptFromRsaBase64(str, this.bcKeyStore.getPrivateKey(ALIAS));
    }

    public String encryptMessage(String str) throws Exception {
        return encryptToRsaBase64(str, this.bcKeyStore.getPrivateKey(ALIAS));
    }

    public String getCertificateAsPEM() {
        try {
            return getPEMEncodedStringFromCertificate(this.bcKeyStore.getCertificate(ALIAS));
        } catch (Exception e) {
            L.e(e);
            return null;
        }
    }

    public Certificate getCertificateFromString(String str) throws Exception {
        return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(str.replace(PEM_HEADER, "").replace(PEM_FOOTER, ""), 0)));
    }

    public boolean initializeRSAEncryption() {
        if (!this.bcKeyStore.hasValidRSAKeyPair(ALIAS)) {
            try {
                KeyPair generateRSAKeyPair = generateRSAKeyPair();
                this.bcKeyStore.setKeyEntry(ALIAS, generateRSAKeyPair.getPrivate(), new Certificate[]{generateCertificate(generateRSAKeyPair)});
            } catch (Exception e) {
                L.e(e);
                return false;
            }
        }
        return true;
    }
}
