package a8;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import com.microsoft.identity.common.crypto.AndroidAuthSdkStorageEncryptionManager;
import com.microsoft.identity.common.internal.util.AndroidKeyStoreUtil;
import com.microsoft.identity.common.java.crypto.key.AES256KeyLoader;
import com.microsoft.identity.common.java.crypto.key.KeyUtil;
import com.microsoft.identity.common.java.platform.AbstractDevicePopManager;
import com.microsoft.identity.common.java.util.ported.DateUtilities;
import com.nimbusds.jose.shaded.json.parser.JSONParser;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.DigestException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Calendar;
import java.util.Date;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class t {

    /* renamed from: a, reason: collision with root package name */
    private final Context f383a;

    /* renamed from: c, reason: collision with root package name */
    private KeyPair f385c;

    /* renamed from: d, reason: collision with root package name */
    private String f386d;

    /* renamed from: e, reason: collision with root package name */
    private SecretKey f387e = null;

    /* renamed from: f, reason: collision with root package name */
    private SecretKey f388f = null;

    /* renamed from: g, reason: collision with root package name */
    private SecretKey f389g = null;

    /* renamed from: b, reason: collision with root package name */
    private final SecureRandom f384b = new SecureRandom();

    public t(Context context) {
        this.f383a = context;
    }

    private void a(byte[] bArr, int i10, int i11, byte[] bArr2) {
        if (bArr2.length != i11 - i10) {
            throw new IllegalArgumentException("Unexpected HMAC length");
        }
        byte b10 = 0;
        for (int i12 = i10; i12 < i11; i12++) {
            b10 = (byte) (b10 | (bArr2[i12 - i10] ^ bArr[i12]));
        }
        if (b10 != 0) {
            throw new DigestException();
        }
    }

    private void c() {
        Context context = this.f383a;
        File file = new File(context.getDir(context.getPackageName(), 0), AndroidAuthSdkStorageEncryptionManager.WRAPPED_KEY_FILE_NAME);
        if (file.exists()) {
            n.j("StorageHelper:deleteKeyFile", "Delete KeyFile");
            if (file.delete()) {
                return;
            }
            n.j("StorageHelper:deleteKeyFile", "Delete KeyFile failed");
        }
    }

    private synchronized KeyPair e() {
        synchronized ((DateUtilities.isLocaleCalendarNonGregorian(Locale.getDefault()) ? DateUtilities.LOCALE_CHANGE_LOCK : new Object())) {
            Locale locale = Locale.getDefault();
            AndroidKeyStoreUtil.applyKeyStoreLocaleWorkarounds(locale);
            KeyPair q10 = q();
            if (q10 != null) {
                n.j("StorageHelper:generateKeyPairFromAndroidKeyStore", "Existing keypair was found.  Returning existing key rather than generating new one.");
                return q10;
            }
            KeyStore.getInstance("AndroidKeyStore").load(null);
            n.j("StorageHelper:generateKeyPairFromAndroidKeyStore", "Generate KeyPair from AndroidKeyStore");
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 100);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(AbstractDevicePopManager.KeyPairGeneratorAlgorithms.RSA, "AndroidKeyStore");
            keyPairGenerator.initialize(k(this.f383a, calendar.getTime(), calendar2.getTime()));
            try {
                try {
                    return keyPairGenerator.generateKeyPair();
                } catch (IllegalStateException e10) {
                    throw new KeyStoreException(e10);
                }
            } finally {
                Locale.setDefault(locale);
            }
        }
    }

    private SecretKey f() {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(AES256KeyLoader.AES_ALGORITHM);
        keyGenerator.init(JSONParser.ACCEPT_TAILLING_DATA, this.f384b);
        return keyGenerator.generateKey();
    }

    private char g() {
        return (char) 99;
    }

    private SecretKey h(SecretKey secretKey) {
        byte[] encoded = secretKey.getEncoded();
        return encoded != null ? new SecretKeySpec(MessageDigest.getInstance("SHA256").digest(encoded), AES256KeyLoader.AES_ALGORITHM) : secretKey;
    }

    /* JADX WARN: Removed duplicated region for block: B:10:0x0028  */
    /* JADX WARN: Removed duplicated region for block: B:21:0x0046 A[Catch: all -> 0x0052, TRY_LEAVE, TryCatch #0 {, blocks: (B:3:0x0001, B:11:0x002a, B:16:0x0030, B:19:0x003e, B:20:0x0045, B:21:0x0046, B:24:0x0011, B:27:0x001b), top: B:2:0x0001 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private synchronized javax.crypto.SecretKey i(java.lang.String r4) {
        /*
            r3 = this;
            monitor-enter(r3)
            int r0 = r4.hashCode()     // Catch: java.lang.Throwable -> L52
            r1 = 1984080(0x1e4650, float:2.780288E-39)
            r2 = 1
            if (r0 == r1) goto L1b
            r1 = 2579900(0x275dbc, float:3.61521E-39)
            if (r0 == r1) goto L11
            goto L25
        L11:
            java.lang.String r0 = "U001"
            boolean r4 = r4.equals(r0)     // Catch: java.lang.Throwable -> L52
            if (r4 == 0) goto L25
            r4 = 0
            goto L26
        L1b:
            java.lang.String r0 = "A001"
            boolean r4 = r4.equals(r0)     // Catch: java.lang.Throwable -> L52
            if (r4 == 0) goto L25
            r4 = 1
            goto L26
        L25:
            r4 = -1
        L26:
            if (r4 == 0) goto L46
            if (r4 != r2) goto L3e
            javax.crypto.SecretKey r4 = r3.f389g     // Catch: java.lang.Throwable -> L52
            if (r4 == 0) goto L30
            monitor-exit(r3)
            return r4
        L30:
            java.security.KeyPair r4 = r3.q()     // Catch: java.lang.Throwable -> L52
            r3.f385c = r4     // Catch: java.lang.Throwable -> L52
            javax.crypto.SecretKey r4 = r3.m()     // Catch: java.lang.Throwable -> L52
            r3.f389g = r4     // Catch: java.lang.Throwable -> L52
            monitor-exit(r3)
            return r4
        L3e:
            java.io.IOException r4 = new java.io.IOException     // Catch: java.lang.Throwable -> L52
            java.lang.String r0 = "Unknown keyVersion."
            r4.<init>(r0)     // Catch: java.lang.Throwable -> L52
            throw r4     // Catch: java.lang.Throwable -> L52
        L46:
            a8.i r4 = a8.i.INSTANCE     // Catch: java.lang.Throwable -> L52
            byte[] r4 = r4.i()     // Catch: java.lang.Throwable -> L52
            javax.crypto.SecretKey r4 = r3.l(r4)     // Catch: java.lang.Throwable -> L52
            monitor-exit(r3)
            return r4
        L52:
            r4 = move-exception
            monitor-exit(r3)
            throw r4
        */
        throw new UnsupportedOperationException("Method not decompiled: a8.t.i(java.lang.String):javax.crypto.SecretKey");
    }

    private synchronized SecretKey j(String str) {
        if ("U001".equals(str)) {
            return l(i.INSTANCE.i());
        }
        try {
            this.f389g = i(str);
        } catch (IOException | GeneralSecurityException unused) {
            n.j("StorageHelper:getKeyOrCreate", "Key does not exist in AndroidKeyStore, try to generate new keys.");
        }
        if (this.f389g == null) {
            this.f385c = e();
            SecretKey f10 = f();
            this.f389g = f10;
            u(t(f10));
        }
        return this.f389g;
    }

    private AlgorithmParameterSpec k(Context context, Date date, Date date2) {
        return new KeyPairGeneratorSpec.Builder(context).setAlias(AndroidAuthSdkStorageEncryptionManager.WRAPPING_KEY_ALIAS).setSubject(new X500Principal(String.format(Locale.ROOT, "CN=%s, OU=%s", AndroidAuthSdkStorageEncryptionManager.WRAPPING_KEY_ALIAS, context.getPackageName()))).setSerialNumber(BigInteger.ONE).setStartDate(date).setEndDate(date2).build();
    }

    private SecretKey l(byte[] bArr) {
        if (bArr != null) {
            return new SecretKeySpec(bArr, AES256KeyLoader.AES_ALGORITHM);
        }
        throw new IllegalArgumentException("rawBytes");
    }

    private synchronized SecretKey m() {
        SecretKey s10;
        n.j("StorageHelper:getUnwrappedSecretKey", "Reading SecretKey");
        try {
            s10 = s(p());
            n.j("StorageHelper:getUnwrappedSecretKey", "Finished reading SecretKey");
        } catch (IOException | GeneralSecurityException e10) {
            n.c("StorageHelper:getUnwrappedSecretKey", "Unwrap failed for AndroidKeyStore", "", a.ANDROIDKEYSTORE_FAILED, e10);
            this.f385c = null;
            c();
            r();
            n.j("StorageHelper:getUnwrappedSecretKey", "Removed previous key pair info.");
            throw e10;
        }
        return s10;
    }

    private byte[] p() {
        Context context = this.f383a;
        File file = new File(context.getDir(context.getPackageName(), 0), AndroidAuthSdkStorageEncryptionManager.WRAPPED_KEY_FILE_NAME);
        if (!file.exists()) {
            throw new IOException("Key file to read does not exist");
        }
        n.j("StorageHelper", "Reading key data from a file");
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[1024];
            while (true) {
                int read = fileInputStream.read(bArr);
                if (read == -1) {
                    return byteArrayOutputStream.toByteArray();
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
        } finally {
            fileInputStream.close();
        }
    }

    private synchronized KeyPair q() {
        n.j("StorageHelper:readKeyPair", "Reading Key entry");
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Certificate certificate = keyStore.getCertificate(AndroidAuthSdkStorageEncryptionManager.WRAPPING_KEY_ALIAS);
            Key key = keyStore.getKey(AndroidAuthSdkStorageEncryptionManager.WRAPPING_KEY_ALIAS, null);
            if (certificate != null && key != null) {
                return new KeyPair(certificate.getPublicKey(), (PrivateKey) key);
            }
            n.j("StorageHelper:readKeyPair", "Key entry doesn't exist.");
            return null;
        } catch (RuntimeException e10) {
            throw new KeyStoreException(e10);
        }
    }

    private synchronized void r() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        keyStore.deleteEntry(AndroidAuthSdkStorageEncryptionManager.WRAPPING_KEY_ALIAS);
    }

    private SecretKey s(byte[] bArr) {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(4, this.f385c.getPrivate());
        try {
            return (SecretKey) cipher.unwrap(bArr, AES256KeyLoader.AES_ALGORITHM, 3);
        } catch (IllegalArgumentException e10) {
            throw new KeyStoreException(e10);
        }
    }

    private byte[] t(SecretKey secretKey) {
        n.j("StorageHelper", "Wrap secret key.");
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(3, this.f385c.getPublic());
        return cipher.wrap(secretKey);
    }

    private void u(byte[] bArr) {
        n.j("StorageHelper", "Writing key data to a file");
        Context context = this.f383a;
        FileOutputStream fileOutputStream = new FileOutputStream(new File(context.getDir(context.getPackageName(), 0), AndroidAuthSdkStorageEncryptionManager.WRAPPED_KEY_FILE_NAME));
        try {
            fileOutputStream.write(bArr);
        } finally {
            fileOutputStream.close();
        }
    }

    public String b(String str) {
        n.j("StorageHelper:decrypt", "Starting decryption");
        if (u.a(str)) {
            throw new IllegalArgumentException("Input is empty or null");
        }
        int charAt = str.charAt(0) - 'a';
        if (charAt <= 0) {
            throw new IllegalArgumentException(String.format("Encode version length: '%s' is not valid, it must be greater of equal to 0", Integer.valueOf(charAt)));
        }
        int i10 = charAt + 1;
        if (!str.substring(1, i10).equals("E1")) {
            throw new IllegalArgumentException(String.format("Encode version received was: '%s', Encode version supported is: '%s'", str, "E1"));
        }
        byte[] decode = Base64.decode(str.substring(i10), 0);
        String str2 = new String(decode, 0, 4, "UTF-8");
        n.h("StorageHelper:decrypt", "", "Encrypt version:" + str2);
        SecretKey i11 = i(str2);
        SecretKey h10 = h(i11);
        int length = (decode.length - 16) + (-32);
        int length2 = decode.length - 32;
        int i12 = length - 4;
        if (length < 0 || length2 < 0 || i12 < 0) {
            throw new IOException("Invalid byte array input for decryption.");
        }
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        Mac mac = Mac.getInstance(KeyUtil.HMAC_ALGORITHM);
        mac.init(h10);
        mac.update(decode, 0, length2);
        a(decode, length2, decode.length, mac.doFinal());
        cipher.init(2, i11, new IvParameterSpec(decode, length, 16));
        String str3 = new String(cipher.doFinal(decode, 4, i12), "UTF-8");
        n.j("StorageHelper:decrypt", "Finished decryption");
        return str3;
    }

    public String d(String str) {
        n.j("StorageHelper:encrypt", "Starting encryption");
        if (u.a(str)) {
            throw new IllegalArgumentException("Input is empty or null");
        }
        SecretKey n10 = n();
        this.f387e = n10;
        this.f388f = h(n10);
        n.h("StorageHelper:encrypt", "", "Encrypt version:" + this.f386d);
        byte[] bytes = this.f386d.getBytes("UTF-8");
        byte[] bytes2 = str.getBytes("UTF-8");
        byte[] bArr = new byte[16];
        this.f384b.nextBytes(bArr);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        Mac mac = Mac.getInstance(KeyUtil.HMAC_ALGORITHM);
        cipher.init(1, this.f387e, ivParameterSpec);
        byte[] doFinal = cipher.doFinal(bytes2);
        mac.init(this.f388f);
        mac.update(bytes);
        mac.update(doFinal);
        mac.update(bArr);
        byte[] doFinal2 = mac.doFinal();
        byte[] bArr2 = new byte[bytes.length + doFinal.length + 16 + doFinal2.length];
        System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
        System.arraycopy(doFinal, 0, bArr2, bytes.length, doFinal.length);
        System.arraycopy(bArr, 0, bArr2, bytes.length + doFinal.length, 16);
        System.arraycopy(doFinal2, 0, bArr2, bytes.length + doFinal.length + 16, doFinal2.length);
        String str2 = new String(Base64.encode(bArr2, 2), "UTF-8");
        n.j("StorageHelper:encrypt", "Finished encryption");
        return g() + "E1" + str2;
    }

    synchronized SecretKey n() {
        return o(i.INSTANCE.i() == null ? "A001" : "U001");
    }

    synchronized SecretKey o(String str) {
        SecretKey secretKey = this.f387e;
        if (secretKey != null && this.f388f != null) {
            return secretKey;
        }
        this.f386d = str;
        return j(str);
    }
}
