package com.oblador.keychain.cipherStorage;

import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.text.TextUtils;
import android.util.Log;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.VisibleForTesting;
import com.oblador.keychain.SecurityLevel;
import com.oblador.keychain.cipherStorage.CipherStorageBase;
import com.oblador.keychain.exceptions.CryptoFailedException;
import com.oblador.keychain.exceptions.KeyStoreAccessException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.UnrecoverableKeyException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: classes3.dex */
public abstract class CipherStorageBase implements CipherStorage {
    private static final int BUFFER_READ_WRITE_SIZE = 16384;
    private static final int BUFFER_SIZE = 4096;
    public static final String KEYSTORE_TYPE = "AndroidKeyStore";
    protected static final String LOG_TAG = "CipherStorageBase";
    public static final String TEST_KEY_ALIAS = "AndroidKeyStore#supportsSecureHardware";
    public static final Charset UTF8 = Charset.forName("UTF-8");
    protected final Object _sync = new Object();
    protected final Object _syncStrongbox = new Object();
    protected transient Cipher cachedCipher;
    protected transient KeyStore cachedKeyStore;
    protected transient AtomicBoolean isStrongboxAvailable;
    protected transient AtomicBoolean isSupportsSecureHardware;

    /* loaded from: classes3.dex */
    public interface DecryptBytesHandler {
        void initialize(@NonNull Cipher cipher, @NonNull Key key, @NonNull InputStream inputStream) throws GeneralSecurityException, IOException;
    }

    /* loaded from: classes3.dex */
    public static final class Defaults {
        public static final EncryptStringHandler encrypt = new EncryptStringHandler() { // from class: com.oblador.keychain.cipherStorage.a
            @Override // com.oblador.keychain.cipherStorage.CipherStorageBase.EncryptStringHandler
            public final void initialize(Cipher cipher, Key key, OutputStream outputStream) {
                cipher.init(1, key);
            }
        };
        public static final DecryptBytesHandler decrypt = new DecryptBytesHandler() { // from class: com.oblador.keychain.cipherStorage.b
            @Override // com.oblador.keychain.cipherStorage.CipherStorageBase.DecryptBytesHandler
            public final void initialize(Cipher cipher, Key key, InputStream inputStream) {
                cipher.init(2, key);
            }
        };
    }

    /* loaded from: classes3.dex */
    public interface EncryptStringHandler {
        void initialize(@NonNull Cipher cipher, @NonNull Key key, @NonNull OutputStream outputStream) throws GeneralSecurityException, IOException;
    }

    /* loaded from: classes3.dex */
    public static final class IV {
        public static final int IV_LENGTH = 16;
        public static final EncryptStringHandler encrypt = new EncryptStringHandler() { // from class: com.oblador.keychain.cipherStorage.c
            @Override // com.oblador.keychain.cipherStorage.CipherStorageBase.EncryptStringHandler
            public final void initialize(Cipher cipher, Key key, OutputStream outputStream) {
                CipherStorageBase.IV.lambda$static$0(cipher, key, outputStream);
            }
        };
        public static final DecryptBytesHandler decrypt = new DecryptBytesHandler() { // from class: com.oblador.keychain.cipherStorage.d
            @Override // com.oblador.keychain.cipherStorage.CipherStorageBase.DecryptBytesHandler
            public final void initialize(Cipher cipher, Key key, InputStream inputStream) {
                CipherStorageBase.IV.lambda$static$1(cipher, key, inputStream);
            }
        };

        /* JADX INFO: Access modifiers changed from: private */
        public static /* synthetic */ void lambda$static$0(Cipher cipher, Key key, OutputStream outputStream) throws GeneralSecurityException, IOException {
            cipher.init(1, key);
            byte[] iv = cipher.getIV();
            outputStream.write(iv, 0, iv.length);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static /* synthetic */ void lambda$static$1(Cipher cipher, Key key, InputStream inputStream) throws GeneralSecurityException, IOException {
            cipher.init(2, key, readIv(inputStream));
        }

        @NonNull
        public static IvParameterSpec readIv(@NonNull InputStream inputStream) throws IOException {
            byte[] bArr = new byte[16];
            if (inputStream.read(bArr, 0, 16) == 16) {
                return new IvParameterSpec(bArr);
            }
            throw new IOException("Input stream has insufficient data.");
        }

        @NonNull
        public static IvParameterSpec readIv(@NonNull byte[] bArr) throws IOException {
            byte[] bArr2 = new byte[16];
            if (16 >= bArr.length) {
                throw new IOException("Insufficient length of input data for IV extracting.");
            }
            System.arraycopy(bArr, 0, bArr2, 0, 16);
            return new IvParameterSpec(bArr2);
        }
    }

    /* loaded from: classes3.dex */
    public class SelfDestroyKey implements Closeable {
        public final Key key;
        public final String name;

        public SelfDestroyKey(@NonNull CipherStorageBase cipherStorageBase, String str) throws GeneralSecurityException {
            this(str, cipherStorageBase.tryGenerateRegularSecurityKey(str, true));
        }

        public SelfDestroyKey(@NonNull String str, @NonNull Key key) {
            this.name = str;
            this.key = key;
        }

        @Override // java.io.Closeable, java.lang.AutoCloseable
        public void close() {
            try {
                CipherStorageBase.this.removeKey(this.name);
            } catch (KeyStoreAccessException e2) {
                Log.w(CipherStorageBase.LOG_TAG, "AutoClose remove key failed. Error: " + e2.getMessage(), e2);
            }
        }
    }

    public static void copy(@NonNull InputStream inputStream, @NonNull OutputStream outputStream) throws IOException {
        byte[] bArr = new byte[16384];
        while (true) {
            int read = inputStream.read(bArr);
            if (read <= 0) {
                return;
            } else {
                outputStream.write(bArr, 0, read);
            }
        }
    }

    @NonNull
    public static String getDefaultAliasIfEmpty(@Nullable String str, @NonNull String str2) {
        return TextUtils.isEmpty(str) ? str2 : str;
    }

    @NonNull
    public String decryptBytes(@NonNull Key key, @NonNull byte[] bArr) throws IOException, GeneralSecurityException {
        return decryptBytes(key, bArr, Defaults.decrypt);
    }

    @NonNull
    protected String decryptBytes(@NonNull Key key, @NonNull byte[] bArr, @Nullable DecryptBytesHandler decryptBytesHandler) throws GeneralSecurityException, IOException {
        Cipher cachedInstance = getCachedInstance();
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                if (decryptBytesHandler != null) {
                    try {
                        decryptBytesHandler.initialize(cachedInstance, key, byteArrayInputStream);
                    } finally {
                    }
                }
                CipherInputStream cipherInputStream = new CipherInputStream(byteArrayInputStream, cachedInstance);
                try {
                    copy(cipherInputStream, byteArrayOutputStream);
                    cipherInputStream.close();
                    String str = new String(byteArrayOutputStream.toByteArray(), UTF8);
                    byteArrayOutputStream.close();
                    byteArrayInputStream.close();
                    return str;
                } finally {
                }
            } finally {
            }
        } catch (Throwable th) {
            Log.w(LOG_TAG, th.getMessage(), th);
            throw th;
        }
    }

    @NonNull
    public byte[] encryptString(@NonNull Key key, @NonNull String str) throws IOException, GeneralSecurityException {
        return encryptString(key, str, Defaults.encrypt);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NonNull
    public byte[] encryptString(@NonNull Key key, @NonNull String str, @Nullable EncryptStringHandler encryptStringHandler) throws IOException, GeneralSecurityException {
        Cipher cachedInstance = getCachedInstance();
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            if (encryptStringHandler != null) {
                try {
                    encryptStringHandler.initialize(cachedInstance, key, byteArrayOutputStream);
                    byteArrayOutputStream.flush();
                } finally {
                }
            }
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cachedInstance);
            try {
                cipherOutputStream.write(str.getBytes(UTF8));
                cipherOutputStream.close();
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                byteArrayOutputStream.close();
                return byteArray;
            } finally {
            }
        } catch (Throwable th) {
            Log.e(LOG_TAG, th.getMessage(), th);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NonNull
    public Key extractGeneratedKey(@NonNull String str, @NonNull SecurityLevel securityLevel, @NonNull AtomicInteger atomicInteger) throws GeneralSecurityException {
        Key extractKey;
        do {
            KeyStore keyStoreAndLoad = getKeyStoreAndLoad();
            if (!keyStoreAndLoad.containsAlias(str)) {
                generateKeyAndStoreUnderAlias(str, securityLevel);
            }
            extractKey = extractKey(keyStoreAndLoad, str, atomicInteger);
        } while (extractKey == null);
        return extractKey;
    }

    @Nullable
    protected Key extractKey(@NonNull KeyStore keyStore, @NonNull String str, @NonNull AtomicInteger atomicInteger) throws GeneralSecurityException {
        try {
            Key key = keyStore.getKey(str, null);
            if (key != null) {
                return key;
            }
            throw new KeyStoreAccessException("Empty key extracted!");
        } catch (UnrecoverableKeyException e2) {
            if (atomicInteger.getAndDecrement() <= 0) {
                throw e2;
            }
            keyStore.deleteEntry(str);
            return null;
        }
    }

    @NonNull
    protected abstract Key generateKey(@NonNull KeyGenParameterSpec keyGenParameterSpec) throws GeneralSecurityException;

    public void generateKeyAndStoreUnderAlias(@NonNull String str, @NonNull SecurityLevel securityLevel) throws GeneralSecurityException {
        Key key;
        synchronized (this._syncStrongbox) {
            AtomicBoolean atomicBoolean = this.isStrongboxAvailable;
            key = null;
            if (atomicBoolean == null || atomicBoolean.get()) {
                if (this.isStrongboxAvailable == null) {
                    this.isStrongboxAvailable = new AtomicBoolean(false);
                }
                try {
                    key = tryGenerateStrongBoxSecurityKey(str);
                    this.isStrongboxAvailable.set(true);
                } catch (GeneralSecurityException | ProviderException e2) {
                    Log.w(LOG_TAG, "StrongBox security storage is not available.", e2);
                }
            }
        }
        if (key == null || !this.isStrongboxAvailable.get()) {
            try {
                key = tryGenerateRegularSecurityKey(str);
            } catch (GeneralSecurityException e3) {
                Log.e(LOG_TAG, "Regular security storage is not available.", e3);
                throw e3;
            }
        }
        if (!validateKeySecurityLevel(securityLevel, key)) {
            throw new CryptoFailedException("Cannot generate keys with required security guarantees");
        }
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public Set<String> getAllKeys() throws KeyStoreAccessException {
        KeyStore keyStoreAndLoad = getKeyStoreAndLoad();
        try {
            return new HashSet(Collections.list(keyStoreAndLoad.aliases()));
        } catch (KeyStoreException e2) {
            throw new KeyStoreAccessException("Error accessing aliases in keystore " + keyStoreAndLoad, e2);
        }
    }

    @NonNull
    public Cipher getCachedInstance() throws NoSuchAlgorithmException, NoSuchPaddingException {
        if (this.cachedCipher == null) {
            synchronized (this) {
                if (this.cachedCipher == null) {
                    this.cachedCipher = Cipher.getInstance(getEncryptionTransformation());
                }
            }
        }
        return this.cachedCipher;
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public final int getCapabilityLevel() {
        return ((isBiometrySupported() ? 1 : 0) * 1000) + getMinSupportedApiLevel();
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public String getDefaultAliasServiceName() {
        return getCipherStorageName();
    }

    @NonNull
    protected abstract String getEncryptionAlgorithm();

    @NonNull
    protected abstract String getEncryptionTransformation();

    @NonNull
    protected abstract KeyGenParameterSpec.Builder getKeyGenSpecBuilder(@NonNull String str) throws GeneralSecurityException;

    @NonNull
    protected abstract KeyGenParameterSpec.Builder getKeyGenSpecBuilder(@NonNull String str, @NonNull boolean z2) throws GeneralSecurityException;

    @NonNull
    protected abstract KeyInfo getKeyInfo(@NonNull Key key) throws GeneralSecurityException;

    @NonNull
    public KeyStore getKeyStoreAndLoad() throws KeyStoreAccessException {
        if (this.cachedKeyStore == null) {
            synchronized (this) {
                if (this.cachedKeyStore == null) {
                    try {
                        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                        keyStore.load(null);
                        this.cachedKeyStore = keyStore;
                    } catch (Throwable th) {
                        throw new KeyStoreAccessException("Could not access Keystore", th);
                    }
                }
            }
        }
        return this.cachedKeyStore;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NonNull
    public SecurityLevel getSecurityLevel(@NonNull Key key) throws GeneralSecurityException {
        return getKeyInfo(key).isInsideSecureHardware() ? SecurityLevel.SECURE_HARDWARE : SecurityLevel.SECURE_SOFTWARE;
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public void removeKey(@NonNull String str) throws KeyStoreAccessException {
        String defaultAliasIfEmpty = getDefaultAliasIfEmpty(str, getDefaultAliasServiceName());
        KeyStore keyStoreAndLoad = getKeyStoreAndLoad();
        try {
            if (keyStoreAndLoad.containsAlias(defaultAliasIfEmpty)) {
                keyStoreAndLoad.deleteEntry(defaultAliasIfEmpty);
            }
        } catch (GeneralSecurityException unused) {
        }
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public SecurityLevel securityLevel() {
        return SecurityLevel.SECURE_HARDWARE;
    }

    @VisibleForTesting
    public CipherStorageBase setCipher(Cipher cipher) {
        this.cachedCipher = cipher;
        return this;
    }

    @VisibleForTesting
    public CipherStorageBase setKeyStore(KeyStore keyStore) {
        this.cachedKeyStore = keyStore;
        return this;
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public boolean supportsSecureHardware() {
        AtomicBoolean atomicBoolean = this.isSupportsSecureHardware;
        if (atomicBoolean != null) {
            return atomicBoolean.get();
        }
        synchronized (this._sync) {
            AtomicBoolean atomicBoolean2 = this.isSupportsSecureHardware;
            if (atomicBoolean2 != null) {
                return atomicBoolean2.get();
            }
            this.isSupportsSecureHardware = new AtomicBoolean(false);
            SelfDestroyKey selfDestroyKey = null;
            try {
                SelfDestroyKey selfDestroyKey2 = new SelfDestroyKey(this, TEST_KEY_ALIAS);
                try {
                    this.isSupportsSecureHardware.set(validateKeySecurityLevel(SecurityLevel.SECURE_HARDWARE, selfDestroyKey2.key));
                    selfDestroyKey2.close();
                } catch (Throwable unused) {
                    selfDestroyKey = selfDestroyKey2;
                    if (selfDestroyKey != null) {
                        selfDestroyKey.close();
                    }
                    return this.isSupportsSecureHardware.get();
                }
            } catch (Throwable unused2) {
            }
            return this.isSupportsSecureHardware.get();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void throwIfInsufficientLevel(@NonNull SecurityLevel securityLevel) throws CryptoFailedException {
        if (!securityLevel().satisfiesSafetyThreshold(securityLevel)) {
            throw new CryptoFailedException(String.format("Insufficient security level (wants %s; got %s)", securityLevel, securityLevel()));
        }
    }

    @NonNull
    protected Key tryGenerateRegularSecurityKey(@NonNull String str) throws GeneralSecurityException {
        return tryGenerateRegularSecurityKey(str, false);
    }

    @NonNull
    protected Key tryGenerateRegularSecurityKey(@NonNull String str, @NonNull boolean z2) throws GeneralSecurityException {
        return generateKey(getKeyGenSpecBuilder(str, z2).build());
    }

    @NonNull
    protected Key tryGenerateStrongBoxSecurityKey(@NonNull String str) throws GeneralSecurityException {
        return tryGenerateStrongBoxSecurityKey(str, false);
    }

    @NonNull
    protected Key tryGenerateStrongBoxSecurityKey(@NonNull String str, @NonNull boolean z2) throws GeneralSecurityException {
        return generateKey(getKeyGenSpecBuilder(str, z2).setIsStrongBoxBacked(true).build());
    }

    protected boolean validateKeySecurityLevel(@NonNull SecurityLevel securityLevel, @NonNull Key key) throws GeneralSecurityException {
        return getSecurityLevel(key).satisfiesSafetyThreshold(securityLevel);
    }
}
