package w7;

import android.annotation.TargetApi;
import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import com.amazon.identity.auth.device.g;
import com.amazon.identity.auth.device.i;
import com.amazon.identity.auth.device.storage.f;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.util.HashSet;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import javax.security.auth.x500.X500Principal;
import k7.p7;
import k7.w;

@TargetApi(19)
/* loaded from: classes.dex */
public final class b implements p7 {

    /* renamed from: e, reason: collision with root package name */
    public static b f47021e;

    /* renamed from: a, reason: collision with root package name */
    public final Context f47022a;

    /* renamed from: b, reason: collision with root package name */
    public final a f47023b;

    /* renamed from: c, reason: collision with root package name */
    public final KeyStore f47024c;

    /* renamed from: d, reason: collision with root package name */
    public final w f47025d;

    public b(Context context) {
        i iVar = new i("LocalDataStorageEncryptor:InitiatingLocalDataStorageEncryptor");
        try {
            try {
                this.f47022a = context;
                this.f47025d = w.a(context, "LOCAL_DS_ENCRYPTION_KEY_NAMESPACE");
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                this.f47024c = keyStore;
                keyStore.load(null);
                d(iVar);
                this.f47023b = new a(e(iVar));
                iVar.h(true);
                g.c("LocalDataStorageEncryptor:Initiation:Success");
            } catch (Exception e11) {
                iVar.e(1.0d, "CreateFail:".concat(e11.getClass().getSimpleName()));
                iVar.h(false);
                g.c("LocalDataStorageEncryptor:Initiation:Failed:".concat(e11.getClass().getSimpleName()));
                throw e11;
            }
        } finally {
            iVar.d();
        }
    }

    public static synchronized b a(Context context) {
        b bVar;
        synchronized (b.class) {
            if (f47021e == null) {
                x30.a.k("LocalDataStorageEncryptor", "Generating LocalDataStorageEncryptor instance");
                f47021e = new b(context);
                x30.a.k("LocalDataStorageEncryptor", "Finish generating LocalDataStorageEncryptor instance");
            }
            bVar = f47021e;
        }
        return bVar;
    }

    /* JADX WARN: Removed duplicated region for block: B:17:0x0064  */
    @Override // k7.p7
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.lang.String b(java.lang.String r10) {
        /*
            r9 = this;
            r0 = 0
            if (r10 != 0) goto L4
            return r0
        L4:
            java.lang.String r1 = "Data to be encrypted "
            r1.concat(r10)
            java.lang.String r1 = "LocalDataStorageEncryptor"
            x30.a.a(r1)
            byte[] r10 = h.c.a(r10)
            w7.a r2 = r9.f47023b
            r2.getClass()
            java.lang.String r3 = "com.amazon.identity.auth.device.framework.crypto.AESCipher"
            if (r10 == 0) goto L8c
            java.lang.String r4 = "SHA-384"
            java.security.MessageDigest r4 = java.security.MessageDigest.getInstance(r4)     // Catch: java.security.NoSuchAlgorithmException -> L7b
            byte[] r4 = r4.digest(r10)     // Catch: java.security.NoSuchAlgorithmException -> L7b
            r5 = 12
            r6 = 0
            byte[] r4 = java.util.Arrays.copyOfRange(r4, r6, r5)     // Catch: java.security.NoSuchAlgorithmException -> L7b
            javax.crypto.spec.GCMParameterSpec r5 = new javax.crypto.spec.GCMParameterSpec
            r7 = 128(0x80, float:1.8E-43)
            r5.<init>(r7, r4)
            java.lang.String r7 = "AES/GCM/NoPadding"
            r8 = 1
            javax.crypto.Cipher r2 = r2.b(r8, r7, r5, r8)
            int r5 = r10.length     // Catch: javax.crypto.BadPaddingException -> L55
            byte[] r10 = w7.a.c(r2, r10, r6, r5)     // Catch: javax.crypto.BadPaddingException -> L55
            int r2 = r4.length     // Catch: java.lang.Exception -> L4e
            int r5 = r10.length     // Catch: java.lang.Exception -> L4e
            int r2 = r2 + r5
            byte[] r2 = new byte[r2]     // Catch: java.lang.Exception -> L4e
            int r5 = r4.length     // Catch: java.lang.Exception -> L4e
            java.lang.System.arraycopy(r4, r6, r2, r6, r5)     // Catch: java.lang.Exception -> L4e
            int r4 = r4.length     // Catch: java.lang.Exception -> L4e
            int r5 = r10.length     // Catch: java.lang.Exception -> L4e
            java.lang.System.arraycopy(r10, r6, r2, r4, r5)     // Catch: java.lang.Exception -> L4e
            goto L61
        L4e:
            r10 = move-exception
            java.lang.String r2 = "Exception happened during concatenating the initialization vectors and the cipher text"
            x30.a.f(r3, r2, r10)
            goto L60
        L55:
            r10 = move-exception
            java.lang.String r2 = "BadPaddingException in encryption, should never happen."
            x30.a.f(r3, r2, r10)
            java.lang.String r10 = "AESCipher:BadPadding:GCMMode"
            com.amazon.identity.auth.device.g.c(r10)
        L60:
            r2 = r0
        L61:
            if (r2 != 0) goto L64
            goto L69
        L64:
            r10 = 2
            java.lang.String r0 = android.util.Base64.encodeToString(r2, r10)
        L69:
            x30.a.a(r1)
            java.lang.StringBuilder r10 = new java.lang.StringBuilder
            java.lang.String r1 = "AES-GCM+"
            r10.<init>(r1)
            r10.append(r0)
            java.lang.String r10 = r10.toString()
            return r10
        L7b:
            r10 = move-exception
            java.lang.String r0 = "AESCipher:NoSHA-384"
            com.amazon.identity.auth.device.g.c(r0)
            java.lang.String r0 = "Couldn't find SHA-384 digest, which shouldn't happen!"
            x30.a.f(r3, r0, r10)
            java.lang.UnsupportedOperationException r10 = new java.lang.UnsupportedOperationException
            r10.<init>(r0)
            throw r10
        L8c:
            java.lang.IllegalArgumentException r10 = new java.lang.IllegalArgumentException
            java.lang.String r0 = "dataToEncrypt is null"
            r10.<init>(r0)
            throw r10
        */
        throw new UnsupportedOperationException("Method not decompiled: w7.b.b(java.lang.String):java.lang.String");
    }

    @Override // k7.p7
    public final String c(String str) {
        String str2;
        if (str == null) {
            return null;
        }
        "Decrypting data ".concat(str);
        x30.a.a("LocalDataStorageEncryptor");
        if (!str.startsWith("AES-GCM+")) {
            return str;
        }
        try {
            a aVar = this.f47023b;
            String substring = str.substring(8);
            byte[] decode = substring == null ? null : Base64.decode(substring, 2);
            aVar.getClass();
            if (decode == null) {
                throw new IllegalArgumentException("dataToDecrypt is null in GCMMode");
            }
            byte[] c11 = a.c(aVar.b(2, "AES/GCM/NoPadding", new GCMParameterSpec(128, decode, 0, 12), true), decode, 12, decode.length - 12);
            if (c11 != null) {
                try {
                    str2 = new String(c11, "UTF-8");
                } catch (UnsupportedEncodingException e11) {
                    x30.a.f("StringUtil", "System failure! UTF-8 unsupported from byte to String! This shouldn't happen!", e11);
                }
                x30.a.a("LocalDataStorageEncryptor");
                return str2;
            }
            str2 = null;
            x30.a.a("LocalDataStorageEncryptor");
            return str2;
        } catch (BadPaddingException unused) {
            x30.a.e("LocalDataStorageEncryptor", "Bad padding shouldn't happen, just return null.");
            g.c("LocalDataStorageEncryptor:decryptData:BadPadding");
            return null;
        }
    }

    public final void d(i iVar) {
        iVar.e(1.0d, "generateRSAKeyIfNotExists");
        KeyStore keyStore = this.f47024c;
        if (keyStore == null) {
            iVar.e(1.0d, "NullKeystore");
            throw new IllegalArgumentException("Keystore is null! This should not happen");
        }
        if (keyStore.containsAlias("IDENTITY_MAP_KEYSTORE_ALIAS")) {
            x30.a.k("LocalDataStorageEncryptor", "RSA keypair exists, fast return.");
            iVar.e(1.0d, "RSAKeyPairGenerated");
            return;
        }
        x30.a.k("LocalDataStorageEncryptor", "Generating RSA keypair");
        w wVar = this.f47025d;
        if (!TextUtils.isEmpty(wVar.i("AES_ENCRYPTION_KEY"))) {
            x30.a.k("LocalDataStorageEncryptor", "AES key generated, deleting it and clearing db before generating new RSA keys");
            wVar.b();
            Context context = this.f47022a;
            if (context != null) {
                context.deleteDatabase("map_data_storage.db");
            }
            HashSet hashSet = f.f7396f;
            if (!context.getSharedPreferences("distributed.datastore.info.store", 0).edit().putBoolean("distributed.datastore.init.key", false).commit()) {
                x30.a.e("com.amazon.identity.auth.device.c6", String.format("Failed to set key %s in the local key value store %s", "distributed.datastore.init.key", "distributed.datastore.info.store"));
            }
            iVar.e(1.0d, "DeleteExistAESKeyRegenerateRSAKey");
        }
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("IDENTITY_MAP_KEYSTORE_ALIAS", 3).setCertificateSubject(new X500Principal("CN=IDENTITY_MAP_KEYSTORE_ALIAS")).setCertificateSerialNumber(BigInteger.TEN).setKeySize(2048).setEncryptionPaddings("PKCS1Padding").build();
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
            iVar.e(1.0d, "RSAKeyPairGeneration:Success");
        } catch (Exception unused) {
            iVar.e(1.0d, "RSAKeyPairGeneration:Retry");
            x30.a.p("LocalDataStorageEncryptor", "Generating RSA key pair failed, retry once");
            KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator2.initialize(build);
            keyPairGenerator2.generateKeyPair();
            iVar.e(1.0d, "RSAKeyPairGeneration:Retry:Success");
        }
        g.c("RSAKeyPairGeneration:Success:Overall");
    }

    public final byte[] e(i iVar) {
        byte[] bArr;
        w wVar = this.f47025d;
        String i11 = wVar.i("AES_ENCRYPTION_KEY");
        boolean isEmpty = TextUtils.isEmpty(i11);
        KeyStore keyStore = this.f47024c;
        if (!isEmpty) {
            x30.a.k("LocalDataStorageEncryptor", "AES key generated, decrypting");
            x30.a.k("LocalDataStorageEncryptor", "Decrypting existed AES Key");
            PrivateKey privateKey = (PrivateKey) keyStore.getKey("IDENTITY_MAP_KEYSTORE_ALIAS", null);
            try {
                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                cipher.init(2, privateKey);
                return cipher.doFinal(i11 != null ? Base64.decode(i11, 2) : null);
            } catch (Exception e11) {
                x30.a.f("LocalDataStorageEncryptor", "Unable to create RSA cipher, this seems to be a system bug.", e11);
                throw new IllegalStateException("Unable to create RSA cipher.");
            }
        }
        x30.a.k("LocalDataStorageEncryptor", "Generating AES encryption key");
        SecureRandom secureRandom = a.f47019b;
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            bArr = keyGenerator.generateKey().getEncoded();
        } catch (NoSuchAlgorithmException e12) {
            x30.a.f("com.amazon.identity.auth.device.framework.crypto.AESCipher", "Could not generate AES key for algorithm AES, this shouldn't happen", e12);
            bArr = null;
        }
        x30.a.k("LocalDataStorageEncryptor", "Encrypting AES Key");
        PublicKey publicKey = keyStore.getCertificate("IDENTITY_MAP_KEYSTORE_ALIAS").getPublicKey();
        try {
            Cipher cipher2 = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher2.init(1, publicKey);
            byte[] doFinal = cipher2.doFinal(bArr);
            wVar.f("AES_ENCRYPTION_KEY", doFinal != null ? Base64.encodeToString(doFinal, 2) : null);
            iVar.e(1.0d, "AESKeyGeneration:Success");
            return bArr;
        } catch (Exception e13) {
            x30.a.f("LocalDataStorageEncryptor", "Unable to create RSA cipher, this seems to be a system bug.", e13);
            throw new IllegalStateException("Unable to create RSA cipher.");
        }
    }
}
