package com.amazon.identity.auth.device.framework.crypto;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import androidx.recyclerview.widget.RecyclerView;
import com.amazon.identity.auth.device.c6;
import com.amazon.identity.auth.device.q6;
import com.amazon.identity.auth.device.storage.i;
import com.amazon.identity.auth.device.v6;
import com.amazon.identity.auth.device.x6;
import com.amazon.identity.auth.device.xa;
import com.amazon.identity.auth.device.z3;
import com.amazon.mosaic.common.lib.utils.CryptoUtils;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.HashSet;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import javax.security.auth.x500.X500Principal;

/* compiled from: DCP */
@TargetApi(19)
/* loaded from: classes.dex */
public final class a implements z3 {
    public static a e;
    public final Context a;
    public final AESCipher b;
    public final KeyStore c;
    public final c6 d;

    public a(Context context) throws Exception {
        xa xaVar = new xa("LocalDataStorageEncryptor:InitiatingLocalDataStorageEncryptor");
        try {
            try {
                this.a = context;
                this.d = c6.a(context, "LOCAL_DS_ENCRYPTION_KEY_NAMESPACE");
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                this.c = keyStore;
                keyStore.load(null);
                a(context, xaVar);
                this.b = new AESCipher(a(xaVar));
                xaVar.a(true);
                v6.a("LocalDataStorageEncryptor:Initiation:Success");
            } catch (Exception e2) {
                String concat = "CreateFail:".concat(e2.getClass().getSimpleName());
                ((x6.a) xaVar.c).a(concat, Double.valueOf(1.0d));
                xaVar.a(false);
                v6.a("LocalDataStorageEncryptor:Initiation:Failed:".concat(e2.getClass().getSimpleName()));
                throw e2;
            }
        } finally {
            xaVar.a();
        }
    }

    public static synchronized a a(Context context) throws Exception {
        a aVar;
        synchronized (a.class) {
            if (e == null) {
                q6.a("LocalDataStorageEncryptor");
                e = new a(context);
                q6.a("LocalDataStorageEncryptor");
            }
            aVar = e;
        }
        return aVar;
    }

    /* JADX WARN: Removed duplicated region for block: B:18:0x005e  */
    @Override // com.amazon.identity.auth.device.z3
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.lang.String a(java.lang.String r10) {
        /*
            r9 = this;
            r0 = 0
            if (r10 != 0) goto L4
            return r0
        L4:
            java.lang.String r1 = "Data to be encrypted "
            r1.concat(r10)
            java.lang.String r1 = "LocalDataStorageEncryptor"
            com.amazon.identity.auth.device.q6.a(r1)
            com.amazon.identity.auth.device.framework.crypto.AESCipher r2 = r9.b
            byte[] r10 = com.amazon.identity.auth.device.ka.b(r10)
            java.util.Objects.requireNonNull(r2)
            java.lang.String r3 = "com.amazon.identity.auth.device.framework.crypto.AESCipher"
            if (r10 == 0) goto L85
            java.lang.String r4 = "SHA-384"
            java.security.MessageDigest r4 = java.security.MessageDigest.getInstance(r4)     // Catch: java.security.NoSuchAlgorithmException -> L75
            byte[] r4 = r4.digest(r10)     // Catch: java.security.NoSuchAlgorithmException -> L75
            r5 = 12
            r6 = 0
            byte[] r4 = java.util.Arrays.copyOfRange(r4, r6, r5)     // Catch: java.security.NoSuchAlgorithmException -> L75
            javax.crypto.spec.GCMParameterSpec r5 = new javax.crypto.spec.GCMParameterSpec
            r7 = 128(0x80, float:1.8E-43)
            r5.<init>(r7, r4)
            r7 = 1
            java.lang.String r8 = "AES/GCM/NoPadding"
            javax.crypto.Cipher r2 = r2.a(r7, r8, r5, r7)
            int r5 = r10.length     // Catch: javax.crypto.BadPaddingException -> L52
            byte[] r10 = com.amazon.identity.auth.device.framework.crypto.AESCipher.a(r2, r10, r6, r5)     // Catch: javax.crypto.BadPaddingException -> L52
            int r2 = r4.length     // Catch: java.lang.Exception -> L4e
            int r5 = r10.length     // Catch: java.lang.Exception -> L4e
            int r2 = r2 + r5
            byte[] r2 = new byte[r2]     // Catch: java.lang.Exception -> L4e
            int r5 = r4.length     // Catch: java.lang.Exception -> L4e
            java.lang.System.arraycopy(r4, r6, r2, r6, r5)     // Catch: java.lang.Exception -> L4e
            int r4 = r4.length     // Catch: java.lang.Exception -> L4e
            int r5 = r10.length     // Catch: java.lang.Exception -> L4e
            java.lang.System.arraycopy(r10, r6, r2, r4, r5)     // Catch: java.lang.Exception -> L4e
            goto L5b
        L4e:
            com.amazon.identity.auth.device.q6.a(r3)
            goto L5a
        L52:
            com.amazon.identity.auth.device.q6.a(r3)
            java.lang.String r10 = "AESCipher:BadPadding:GCMMode"
            com.amazon.identity.auth.device.v6.a(r10)
        L5a:
            r2 = r0
        L5b:
            if (r2 != 0) goto L5e
            goto L63
        L5e:
            r10 = 2
            java.lang.String r0 = android.util.Base64.encodeToString(r2, r10)
        L63:
            com.amazon.identity.auth.device.q6.a(r1)
            java.lang.StringBuilder r10 = new java.lang.StringBuilder
            java.lang.String r1 = "AES-GCM+"
            r10.<init>(r1)
            r10.append(r0)
            java.lang.String r10 = r10.toString()
            return r10
        L75:
            java.lang.String r10 = "AESCipher:NoSHA-384"
            com.amazon.identity.auth.device.v6.a(r10)
            com.amazon.identity.auth.device.q6.a(r3)
            java.lang.UnsupportedOperationException r10 = new java.lang.UnsupportedOperationException
            java.lang.String r0 = "Couldn't find SHA-384 digest, which shouldn't happen!"
            r10.<init>(r0)
            throw r10
        L85:
            java.lang.IllegalArgumentException r10 = new java.lang.IllegalArgumentException
            java.lang.String r0 = "dataToEncrypt is null"
            r10.<init>(r0)
            throw r10
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.identity.auth.device.framework.crypto.a.a(java.lang.String):java.lang.String");
    }

    public final void a(Context context, xa xaVar) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        x6.b bVar = xaVar.c;
        Double valueOf = Double.valueOf(1.0d);
        ((x6.a) bVar).a("generateRSAKeyIfNotExists", valueOf);
        KeyStore keyStore = this.c;
        if (keyStore == null) {
            ((x6.a) xaVar.c).a("NullKeystore", valueOf);
            throw new IllegalArgumentException("Keystore is null! This should not happen");
        }
        if (keyStore.containsAlias("IDENTITY_MAP_KEYSTORE_ALIAS")) {
            q6.a("LocalDataStorageEncryptor");
            ((x6.a) xaVar.c).a("RSAKeyPairGenerated", valueOf);
            return;
        }
        q6.a("LocalDataStorageEncryptor");
        if (!TextUtils.isEmpty(this.d.a.getString("AES_ENCRYPTION_KEY", null))) {
            q6.a("LocalDataStorageEncryptor");
            this.d.a();
            Context context2 = this.a;
            if (context2 != null) {
                context2.deleteDatabase("map_data_storage.db");
            }
            Context context3 = this.a;
            HashSet hashSet = i.f;
            if (!context3.getSharedPreferences("distributed.datastore.info.store", 0).edit().putBoolean("distributed.datastore.init.key", false).commit()) {
                String.format("Failed to set key %s in the local key value store %s", "distributed.datastore.init.key", "distributed.datastore.info.store");
                q6.a("com.amazon.identity.auth.device.c6");
            }
            ((x6.a) xaVar.c).a("DeleteExistAESKeyRegenerateRSAKey", valueOf);
        }
        AlgorithmParameterSpec build = Build.VERSION.SDK_INT <= 23 ? new KeyPairGeneratorSpec.Builder(context).setAlias("IDENTITY_MAP_KEYSTORE_ALIAS").setSubject(new X500Principal("CN=IDENTITY_MAP_KEYSTORE_ALIAS")).setSerialNumber(BigInteger.TEN).setKeySize(RecyclerView.ViewHolder.FLAG_MOVED).build() : new KeyGenParameterSpec.Builder("IDENTITY_MAP_KEYSTORE_ALIAS", 3).setCertificateSubject(new X500Principal("CN=IDENTITY_MAP_KEYSTORE_ALIAS")).setCertificateSerialNumber(BigInteger.TEN).setKeySize(RecyclerView.ViewHolder.FLAG_MOVED).setEncryptionPaddings("PKCS1Padding").build();
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
            ((x6.a) xaVar.c).a("RSAKeyPairGeneration:Success", valueOf);
        } catch (Exception unused) {
            ((x6.a) xaVar.c).a("RSAKeyPairGeneration:Retry", valueOf);
            q6.a("LocalDataStorageEncryptor");
            KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator2.initialize(build);
            keyPairGenerator2.generateKeyPair();
            ((x6.a) xaVar.c).a("RSAKeyPairGeneration:Retry:Success", valueOf);
        }
        v6.a("RSAKeyPairGeneration:Success:Overall");
    }

    public final byte[] a(xa xaVar) throws NoSuchAlgorithmException, KeyStoreException, BadPaddingException, IllegalBlockSizeException, UnrecoverableKeyException {
        byte[] bArr;
        String string = this.d.a.getString("AES_ENCRYPTION_KEY", null);
        if (!TextUtils.isEmpty(string)) {
            q6.a("LocalDataStorageEncryptor");
            q6.a("LocalDataStorageEncryptor");
            PrivateKey privateKey = (PrivateKey) this.c.getKey("IDENTITY_MAP_KEYSTORE_ALIAS", null);
            try {
                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                cipher.init(2, privateKey);
                return cipher.doFinal(string != null ? Base64.decode(string, 2) : null);
            } catch (Exception unused) {
                q6.a("LocalDataStorageEncryptor");
                throw new IllegalStateException("Unable to create RSA cipher.");
            }
        }
        q6.a("LocalDataStorageEncryptor");
        SecureRandom secureRandom = AESCipher.b;
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(CryptoUtils.AES);
            keyGenerator.init(RecyclerView.ViewHolder.FLAG_TMP_DETACHED);
            bArr = keyGenerator.generateKey().getEncoded();
        } catch (NoSuchAlgorithmException unused2) {
            q6.a("com.amazon.identity.auth.device.framework.crypto.AESCipher");
            bArr = null;
        }
        q6.a("LocalDataStorageEncryptor");
        PublicKey publicKey = this.c.getCertificate("IDENTITY_MAP_KEYSTORE_ALIAS").getPublicKey();
        try {
            Cipher cipher2 = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher2.init(1, publicKey);
            byte[] doFinal = cipher2.doFinal(bArr);
            this.d.a("AES_ENCRYPTION_KEY", doFinal != null ? Base64.encodeToString(doFinal, 2) : null);
            ((x6.a) xaVar.c).a("AESKeyGeneration:Success", Double.valueOf(1.0d));
            return bArr;
        } catch (Exception unused3) {
            q6.a("LocalDataStorageEncryptor");
            throw new IllegalStateException("Unable to create RSA cipher.");
        }
    }

    @Override // com.amazon.identity.auth.device.z3
    public final String b(String str) {
        String str2;
        if (str == null) {
            return null;
        }
        "Decrypting data ".concat(str);
        q6.a("LocalDataStorageEncryptor");
        if (!str.startsWith("AES-GCM+")) {
            return str;
        }
        try {
            AESCipher aESCipher = this.b;
            String substring = str.substring(8);
            byte[] decode = substring == null ? null : Base64.decode(substring, 2);
            Objects.requireNonNull(aESCipher);
            if (decode == null) {
                throw new IllegalArgumentException("dataToDecrypt is null in GCMMode");
            }
            byte[] a = AESCipher.a(aESCipher.a(2, "AES/GCM/NoPadding", (AlgorithmParameterSpec) new GCMParameterSpec(128, decode, 0, 12), true), decode, 12, decode.length - 12);
            if (a != null) {
                try {
                    str2 = new String(a, "UTF-8");
                } catch (UnsupportedEncodingException unused) {
                    q6.a("StringUtil");
                }
                q6.a("LocalDataStorageEncryptor");
                return str2;
            }
            str2 = null;
            q6.a("LocalDataStorageEncryptor");
            return str2;
        } catch (BadPaddingException unused2) {
            q6.a("LocalDataStorageEncryptor");
            v6.a("LocalDataStorageEncryptor:decryptData:BadPadding");
            return null;
        }
    }
}
