package com.oblador.keychain.cipherStorage;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.text.TextUtils;
import android.util.Log;
import androidx.room.InvalidationTracker$$ExternalSyntheticOutline0;
import com.google.firebase.remoteconfig.FirebaseRemoteConfig$$ExternalSyntheticLambda0;
import com.google.firebase.remoteconfig.FirebaseRemoteConfig$$ExternalSyntheticLambda1;
import com.instabug.bug.f$$ExternalSyntheticLambda1;
import com.instabug.crash.CrashReporting$$ExternalSyntheticLambda5;
import com.instabug.library.networkv2.request.Constants;
import com.oblador.keychain.SecurityLevel;
import com.oblador.keychain.exceptions.CryptoFailedException;
import com.oblador.keychain.exceptions.KeyStoreAccessException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.Closeable;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.UnrecoverableKeyException;
import java.util.Collections;
import java.util.HashSet;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.NoSuchPaddingException;
import okhttp3.internal.http2.Http2;

/* loaded from: classes2.dex */
public abstract class CipherStorageBase implements CipherStorage {
    public static final Charset UTF8 = Charset.forName(Constants.UTF_8);
    public final Object _sync = new Object();
    public final Object _syncStrongbox = new Object();
    public transient Cipher cachedCipher;
    public transient KeyStore cachedKeyStore;
    public transient AtomicBoolean isStrongboxAvailable;
    public transient AtomicBoolean isSupportsSecureHardware;

    /* loaded from: classes2.dex */
    public static final class Defaults {
        public static final CrashReporting$$ExternalSyntheticLambda5 encrypt = new CrashReporting$$ExternalSyntheticLambda5();

        static {
            new f$$ExternalSyntheticLambda1();
        }
    }

    /* loaded from: classes2.dex */
    public interface EncryptStringHandler {
        void initialize(Cipher cipher, Key key, ByteArrayOutputStream byteArrayOutputStream) throws GeneralSecurityException, IOException;
    }

    /* loaded from: classes2.dex */
    public static final class IV {
        public static final FirebaseRemoteConfig$$ExternalSyntheticLambda0 encrypt = new FirebaseRemoteConfig$$ExternalSyntheticLambda0();

        static {
            new FirebaseRemoteConfig$$ExternalSyntheticLambda1();
        }
    }

    /* loaded from: classes2.dex */
    public class SelfDestroyKey implements Closeable {
        public final Key key;
        public final String name;
        public final /* synthetic */ CipherStorageBase this$0;

        public SelfDestroyKey(CipherStorageBase cipherStorageBase) throws GeneralSecurityException {
            Key generateKey = cipherStorageBase.generateKey(cipherStorageBase.getKeyGenSpecBuilder("AndroidKeyStore#supportsSecureHardware", true).build());
            this.this$0 = cipherStorageBase;
            this.name = "AndroidKeyStore#supportsSecureHardware";
            this.key = generateKey;
        }

        @Override // java.io.Closeable, java.lang.AutoCloseable
        public final void close() {
            try {
                this.this$0.removeKey(this.name);
            } catch (KeyStoreAccessException e) {
                Charset charset = CipherStorageBase.UTF8;
                Log.w("CipherStorageBase", "AutoClose remove key failed. Error: " + e.getMessage(), e);
            }
        }
    }

    public String decryptBytes(Key key, byte[] bArr) throws IOException, GeneralSecurityException {
        return decryptBytes$1(key, bArr);
    }

    public String decryptBytes$1(Key key, byte[] bArr) throws GeneralSecurityException, IOException {
        Cipher cachedInstance = getCachedInstance();
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    cachedInstance.init(2, key);
                    CipherInputStream cipherInputStream = new CipherInputStream(byteArrayInputStream, cachedInstance);
                    try {
                        byte[] bArr2 = new byte[Http2.INITIAL_MAX_FRAME_SIZE];
                        while (true) {
                            int read = cipherInputStream.read(bArr2);
                            if (read <= 0) {
                                cipherInputStream.close();
                                String str = new String(byteArrayOutputStream.toByteArray(), UTF8);
                                byteArrayOutputStream.close();
                                byteArrayInputStream.close();
                                return str;
                            }
                            byteArrayOutputStream.write(bArr2, 0, read);
                        }
                    } finally {
                    }
                } finally {
                }
            } finally {
            }
        } catch (Throwable th) {
            Log.w("CipherStorageBase", th.getMessage(), th);
            throw th;
        }
    }

    public final byte[] encryptString(Key key, String str, EncryptStringHandler encryptStringHandler) throws IOException, GeneralSecurityException {
        Cipher cachedInstance = getCachedInstance();
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                encryptStringHandler.initialize(cachedInstance, key, byteArrayOutputStream);
                byteArrayOutputStream.flush();
                CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cachedInstance);
                try {
                    cipherOutputStream.write(str.getBytes(UTF8));
                    cipherOutputStream.close();
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    byteArrayOutputStream.close();
                    return byteArray;
                } finally {
                }
            } finally {
            }
        } catch (Throwable th) {
            Log.e("CipherStorageBase", th.getMessage(), th);
            throw th;
        }
    }

    public final Key extractGeneratedKey(String str, SecurityLevel securityLevel, AtomicInteger atomicInteger) throws GeneralSecurityException {
        Key key;
        do {
            KeyStore keyStoreAndLoad = getKeyStoreAndLoad();
            if (!keyStoreAndLoad.containsAlias(str)) {
                generateKeyAndStoreUnderAlias(str, securityLevel);
            }
            key = null;
            try {
                key = keyStoreAndLoad.getKey(str, null);
                if (key == null) {
                    throw new KeyStoreAccessException("Empty key extracted!");
                }
            } catch (UnrecoverableKeyException e) {
                if (atomicInteger.getAndDecrement() <= 0) {
                    throw e;
                }
                keyStoreAndLoad.deleteEntry(str);
            }
        } while (key == null);
        return key;
    }

    public abstract Key generateKey(KeyGenParameterSpec keyGenParameterSpec) throws GeneralSecurityException;

    public final void generateKeyAndStoreUnderAlias(String str, SecurityLevel securityLevel) throws GeneralSecurityException {
        Key key;
        synchronized (this._syncStrongbox) {
            AtomicBoolean atomicBoolean = this.isStrongboxAvailable;
            key = null;
            if (atomicBoolean == null || atomicBoolean.get()) {
                if (this.isStrongboxAvailable == null) {
                    this.isStrongboxAvailable = new AtomicBoolean(false);
                }
                try {
                    key = tryGenerateStrongBoxSecurityKey(str);
                    this.isStrongboxAvailable.set(true);
                } catch (GeneralSecurityException | ProviderException e) {
                    Log.w("CipherStorageBase", "StrongBox security storage is not available.", e);
                }
            }
        }
        if (key == null || !this.isStrongboxAvailable.get()) {
            try {
                key = generateKey(getKeyGenSpecBuilder(str, false).build());
            } catch (GeneralSecurityException e2) {
                Log.e("CipherStorageBase", "Regular security storage is not available.", e2);
                throw e2;
            }
        }
        if (!((getKeyInfo(key).isInsideSecureHardware() ? SecurityLevel.SECURE_HARDWARE : SecurityLevel.SECURE_SOFTWARE).compareTo(securityLevel) >= 0)) {
            throw new CryptoFailedException("Cannot generate keys with required security guarantees");
        }
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public final HashSet getAllKeys() throws KeyStoreAccessException {
        KeyStore keyStoreAndLoad = getKeyStoreAndLoad();
        try {
            return new HashSet(Collections.list(keyStoreAndLoad.aliases()));
        } catch (KeyStoreException e) {
            throw new KeyStoreAccessException("Error accessing aliases in keystore " + keyStoreAndLoad, e);
        }
    }

    public final Cipher getCachedInstance() throws NoSuchAlgorithmException, NoSuchPaddingException {
        if (this.cachedCipher == null) {
            synchronized (this) {
                if (this.cachedCipher == null) {
                    this.cachedCipher = Cipher.getInstance(getEncryptionTransformation());
                }
            }
        }
        return this.cachedCipher;
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public final int getCapabilityLevel() {
        return getMinSupportedApiLevel() + ((isBiometrySupported() ? 1 : 0) * 1000);
    }

    public String getDefaultAliasServiceName() {
        return getCipherStorageName();
    }

    public abstract String getEncryptionTransformation();

    public abstract KeyGenParameterSpec.Builder getKeyGenSpecBuilder(String str, boolean z) throws GeneralSecurityException;

    public abstract KeyInfo getKeyInfo(Key key) throws GeneralSecurityException;

    public final KeyStore getKeyStoreAndLoad() throws KeyStoreAccessException {
        if (this.cachedKeyStore == null) {
            synchronized (this) {
                if (this.cachedKeyStore == null) {
                    try {
                        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                        keyStore.load(null);
                        this.cachedKeyStore = keyStore;
                    } catch (Throwable th) {
                        throw new KeyStoreAccessException("Could not access Keystore", th);
                    }
                }
            }
        }
        return this.cachedKeyStore;
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public void removeKey(String str) throws KeyStoreAccessException {
        String defaultAliasServiceName = getDefaultAliasServiceName();
        if (TextUtils.isEmpty(str)) {
            str = defaultAliasServiceName;
        }
        KeyStore keyStoreAndLoad = getKeyStoreAndLoad();
        try {
            if (keyStoreAndLoad.containsAlias(str)) {
                keyStoreAndLoad.deleteEntry(str);
            }
        } catch (GeneralSecurityException unused) {
        }
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public SecurityLevel securityLevel() {
        return SecurityLevel.SECURE_HARDWARE;
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public boolean supportsSecureHardware() {
        SelfDestroyKey selfDestroyKey;
        AtomicBoolean atomicBoolean = this.isSupportsSecureHardware;
        if (atomicBoolean != null) {
            return atomicBoolean.get();
        }
        synchronized (this._sync) {
            AtomicBoolean atomicBoolean2 = this.isSupportsSecureHardware;
            if (atomicBoolean2 != null) {
                return atomicBoolean2.get();
            }
            this.isSupportsSecureHardware = new AtomicBoolean(false);
            try {
                selfDestroyKey = new SelfDestroyKey(this);
            } catch (Throwable unused) {
                selfDestroyKey = null;
            }
            try {
                SecurityLevel securityLevel = SecurityLevel.SECURE_HARDWARE;
                this.isSupportsSecureHardware.set((getKeyInfo(selfDestroyKey.key).isInsideSecureHardware() ? securityLevel : SecurityLevel.SECURE_SOFTWARE).compareTo(securityLevel) >= 0);
            } catch (Throwable unused2) {
                if (selfDestroyKey != null) {
                    selfDestroyKey.close();
                }
                return this.isSupportsSecureHardware.get();
            }
            selfDestroyKey.close();
            return this.isSupportsSecureHardware.get();
        }
    }

    public final void throwIfInsufficientLevel(SecurityLevel securityLevel) throws CryptoFailedException {
        if (!(securityLevel().compareTo(securityLevel) >= 0)) {
            throw new CryptoFailedException(String.format("Insufficient security level (wants %s; got %s)", securityLevel, securityLevel()));
        }
    }

    public final Key tryGenerateStrongBoxSecurityKey(String str) throws GeneralSecurityException {
        KeyGenParameterSpec.Builder isStrongBoxBacked;
        int i = Build.VERSION.SDK_INT;
        if (i < 28) {
            throw new KeyStoreAccessException(InvalidationTracker$$ExternalSyntheticOutline0.m("Strong box security keystore is not supported for old API", i, "."));
        }
        isStrongBoxBacked = getKeyGenSpecBuilder(str, false).setIsStrongBoxBacked(true);
        return generateKey(isStrongBoxBacked.build());
    }
}
