package com.upmc.enterprises.myupmc.shared.services.crypto;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import com.upmc.enterprises.myupmc.shared.cryptography.domain.model.EncryptedData;
import com.upmc.enterprises.myupmc.shared.dagger.factories.IvParameterSpecFactory;
import com.upmc.enterprises.myupmc.shared.dagger.factories.StringFactory;
import com.upmc.enterprises.myupmc.shared.dagger.forwarders.CipherForwarder;
import com.upmc.enterprises.myupmc.shared.dagger.forwarders.KeyGenParameterSpecBuilderForwarder;
import com.upmc.enterprises.myupmc.shared.dagger.forwarders.KeyGeneratorForwarder;
import com.upmc.enterprises.myupmc.shared.dagger.forwarders.KeyStoreForwarder;
import com.upmc.enterprises.myupmc.shared.services.crypto.CryptographyConfig;
import com.upmc.enterprises.myupmc.shared.services.crypto.exceptions.CryptographyError;
import dagger.hilt.android.qualifiers.ApplicationContext;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.UnrecoverableKeyException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.inject.Inject;
import javax.inject.Named;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: CryptographyManager.kt */
@Metadata(d1 = {"\u0000b\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\b\u0018\u00002\u00020\u0001BU\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\b\b\u0001\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t\u0012\u0006\u0010\n\u001a\u00020\u000b\u0012\u0006\u0010\f\u001a\u00020\r\u0012\b\b\u0001\u0010\u000e\u001a\u00020\u000f\u0012\b\b\u0001\u0010\u0010\u001a\u00020\u0011\u0012\u0006\u0010\u0012\u001a\u00020\u0013¢\u0006\u0002\u0010\u0014J\b\u0010\u0015\u001a\u00020\u0016H\u0003J\u0016\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\u001cJ\u0016\u0010\u001d\u001a\u00020\u001e2\u0006\u0010\u001f\u001a\u00020\u00182\u0006\u0010\u001b\u001a\u00020\u001cJ\b\u0010 \u001a\u00020\u001cH\u0002J\u000e\u0010!\u001a\u00020\u001c2\u0006\u0010\"\u001a\u00020\u001aJ\u0006\u0010#\u001a\u00020\u001cJ\b\u0010$\u001a\u00020\u0016H\u0002J\b\u0010%\u001a\u00020\u0016H\u0002R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u000bX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\rX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u000e\u001a\u00020\u000fX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0010\u001a\u00020\u0011X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0012\u001a\u00020\u0013X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006&"}, d2 = {"Lcom/upmc/enterprises/myupmc/shared/services/crypto/CryptographyManager;", "", "cipherForwarder", "Lcom/upmc/enterprises/myupmc/shared/dagger/forwarders/CipherForwarder;", "context", "Landroid/content/Context;", "ivParameterSpecFactory", "Lcom/upmc/enterprises/myupmc/shared/dagger/factories/IvParameterSpecFactory;", "keyGeneratorForwarder", "Lcom/upmc/enterprises/myupmc/shared/dagger/forwarders/KeyGeneratorForwarder;", "keyGenParameterSpecBuilderForwarder", "Lcom/upmc/enterprises/myupmc/shared/dagger/forwarders/KeyGenParameterSpecBuilderForwarder;", "keyStoreForwarder", "Lcom/upmc/enterprises/myupmc/shared/dagger/forwarders/KeyStoreForwarder;", "requireBiometricVerificationToUnlockCipher", "", "sdkInt", "", "stringFactory", "Lcom/upmc/enterprises/myupmc/shared/dagger/factories/StringFactory;", "(Lcom/upmc/enterprises/myupmc/shared/dagger/forwarders/CipherForwarder;Landroid/content/Context;Lcom/upmc/enterprises/myupmc/shared/dagger/factories/IvParameterSpecFactory;Lcom/upmc/enterprises/myupmc/shared/dagger/forwarders/KeyGeneratorForwarder;Lcom/upmc/enterprises/myupmc/shared/dagger/forwarders/KeyGenParameterSpecBuilderForwarder;Lcom/upmc/enterprises/myupmc/shared/dagger/forwarders/KeyStoreForwarder;ZILcom/upmc/enterprises/myupmc/shared/dagger/factories/StringFactory;)V", "createSecretKey", "Ljavax/crypto/SecretKey;", "decryptData", "", "cipherText", "", "initializedCipher", "Ljavax/crypto/Cipher;", "encryptData", "Lcom/upmc/enterprises/myupmc/shared/cryptography/domain/model/EncryptedData;", "plaintext", "getCipher", "getCipherForDecryption", "iv", "getCipherForEncryption", "getOrCreateSecretKey", "tryDeleteAndRecreateKey", "shared_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class CryptographyManager {
    private final CipherForwarder cipherForwarder;
    private final Context context;
    private final IvParameterSpecFactory ivParameterSpecFactory;
    private final KeyGenParameterSpecBuilderForwarder keyGenParameterSpecBuilderForwarder;
    private final KeyGeneratorForwarder keyGeneratorForwarder;
    private final KeyStoreForwarder keyStoreForwarder;
    private final boolean requireBiometricVerificationToUnlockCipher;
    private final int sdkInt;
    private final StringFactory stringFactory;

    @Inject
    public CryptographyManager(CipherForwarder cipherForwarder, @ApplicationContext Context context, IvParameterSpecFactory ivParameterSpecFactory, KeyGeneratorForwarder keyGeneratorForwarder, KeyGenParameterSpecBuilderForwarder keyGenParameterSpecBuilderForwarder, KeyStoreForwarder keyStoreForwarder, @Named("com.upmc.enterprises.myupmc.shared.dagger.modules.AuthModule.REQUIRE_BIOMETRIC_VERIFICATION_TO_UNLOCK_CIPHER") boolean z, @Named("com.upmc.enterprises.myupmc.shared.dagger.modules.BuildConstantsModule.SDK_INT") int i, StringFactory stringFactory) {
        Intrinsics.checkNotNullParameter(cipherForwarder, "cipherForwarder");
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(ivParameterSpecFactory, "ivParameterSpecFactory");
        Intrinsics.checkNotNullParameter(keyGeneratorForwarder, "keyGeneratorForwarder");
        Intrinsics.checkNotNullParameter(keyGenParameterSpecBuilderForwarder, "keyGenParameterSpecBuilderForwarder");
        Intrinsics.checkNotNullParameter(keyStoreForwarder, "keyStoreForwarder");
        Intrinsics.checkNotNullParameter(stringFactory, "stringFactory");
        this.cipherForwarder = cipherForwarder;
        this.context = context;
        this.ivParameterSpecFactory = ivParameterSpecFactory;
        this.keyGeneratorForwarder = keyGeneratorForwarder;
        this.keyGenParameterSpecBuilderForwarder = keyGenParameterSpecBuilderForwarder;
        this.keyStoreForwarder = keyStoreForwarder;
        this.requireBiometricVerificationToUnlockCipher = z;
        this.sdkInt = i;
        this.stringFactory = stringFactory;
    }

    private final SecretKey createSecretKey() {
        KeyGenParameterSpec.Builder builder = this.keyGenParameterSpecBuilderForwarder.builder(CryptographyConfig.Key.NAME, 3);
        builder.setBlockModes(CryptographyConfig.Encryption.BLOCK_MODE);
        builder.setEncryptionPaddings(CryptographyConfig.Encryption.PADDING);
        builder.setKeySize(256);
        builder.setRandomizedEncryptionRequired(true);
        builder.setUserAuthenticationRequired(this.requireBiometricVerificationToUnlockCipher);
        if (this.sdkInt >= 24) {
            builder.setInvalidatedByBiometricEnrollment(true);
            builder.setUserAuthenticationValidWhileOnBody(false);
        }
        if (this.sdkInt >= 28 && this.context.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore")) {
            builder.setIsStrongBoxBacked(true);
        }
        if (this.requireBiometricVerificationToUnlockCipher) {
            if (this.sdkInt >= 30) {
                builder.setUserAuthenticationParameters(0, 3);
            } else {
                builder.setUserAuthenticationValidityDurationSeconds(0);
            }
        }
        KeyGenParameterSpec build = builder.build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        KeyGenerator keyGeneratorForwarder = this.keyGeneratorForwarder.getInstance(CryptographyConfig.Encryption.ALGORITHM, CryptographyConfig.Key.KEY_STORE_NAME);
        keyGeneratorForwarder.init(build);
        SecretKey generateKey = keyGeneratorForwarder.generateKey();
        Intrinsics.checkNotNullExpressionValue(generateKey, "generateKey(...)");
        return generateKey;
    }

    private final Cipher getCipher() {
        return this.cipherForwarder.getInstance("AES/CBC/PKCS7Padding");
    }

    private final SecretKey getOrCreateSecretKey() {
        KeyStore keyStoreForwarder = this.keyStoreForwarder.getInstance(CryptographyConfig.Key.KEY_STORE_NAME);
        keyStoreForwarder.load(null);
        if (!keyStoreForwarder.containsAlias(CryptographyConfig.Key.NAME)) {
            return createSecretKey();
        }
        try {
            Key key = keyStoreForwarder.getKey(CryptographyConfig.Key.NAME, null);
            Intrinsics.checkNotNull(key, "null cannot be cast to non-null type javax.crypto.SecretKey");
            return (SecretKey) key;
        } catch (KeyStoreException unused) {
            return tryDeleteAndRecreateKey();
        } catch (UnrecoverableKeyException unused2) {
            return tryDeleteAndRecreateKey();
        }
    }

    private final SecretKey tryDeleteAndRecreateKey() {
        KeyStore keyStoreForwarder = this.keyStoreForwarder.getInstance(CryptographyConfig.Key.KEY_STORE_NAME);
        keyStoreForwarder.load(null);
        try {
            keyStoreForwarder.deleteEntry(CryptographyConfig.Key.NAME);
        } catch (KeyStoreException unused) {
        }
        return createSecretKey();
    }

    public final String decryptData(byte[] cipherText, Cipher initializedCipher) {
        Intrinsics.checkNotNullParameter(cipherText, "cipherText");
        Intrinsics.checkNotNullParameter(initializedCipher, "initializedCipher");
        try {
            byte[] doFinal = initializedCipher.doFinal(cipherText);
            StringFactory stringFactory = this.stringFactory;
            Intrinsics.checkNotNull(doFinal);
            return stringFactory.newInstance(doFinal, CryptographyConfig.INSTANCE.getBYTE_ARRAY_ENCODING());
        } catch (BadPaddingException e) {
            throw new CryptographyError.UnableToDecryptData(e);
        } catch (IllegalBlockSizeException e2) {
            throw new CryptographyError.UnableToDecryptData(e2);
        }
    }

    public final EncryptedData encryptData(String plaintext, Cipher initializedCipher) {
        Intrinsics.checkNotNullParameter(plaintext, "plaintext");
        Intrinsics.checkNotNullParameter(initializedCipher, "initializedCipher");
        try {
            byte[] bytes = plaintext.getBytes(CryptographyConfig.INSTANCE.getBYTE_ARRAY_ENCODING());
            Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
            byte[] doFinal = initializedCipher.doFinal(bytes);
            Intrinsics.checkNotNull(doFinal);
            byte[] iv = initializedCipher.getIV();
            Intrinsics.checkNotNullExpressionValue(iv, "getIV(...)");
            return new EncryptedData(doFinal, iv);
        } catch (BadPaddingException e) {
            throw new CryptographyError.UnableToEncryptData(e);
        } catch (IllegalBlockSizeException e2) {
            throw new CryptographyError.UnableToEncryptData(e2);
        }
    }

    public final Cipher getCipherForDecryption(byte[] iv) {
        Intrinsics.checkNotNullParameter(iv, "iv");
        Cipher cipher = getCipher();
        try {
            cipher.init(2, getOrCreateSecretKey(), this.ivParameterSpecFactory.newInstance(iv));
            return cipher;
        } catch (KeyPermanentlyInvalidatedException e) {
            throw new CryptographyError.UnableToInitializeCipher(e);
        } catch (InvalidKeyException e2) {
            throw new CryptographyError.UnableToInitializeCipher(e2);
        }
    }

    public final Cipher getCipherForEncryption() {
        Cipher cipher = getCipher();
        try {
            try {
                cipher.init(1, getOrCreateSecretKey());
            } catch (KeyPermanentlyInvalidatedException e) {
                throw new CryptographyError.UnableToInitializeCipher(e);
            } catch (InvalidKeyException e2) {
                throw new CryptographyError.UnableToInitializeCipher(e2);
            }
        } catch (KeyPermanentlyInvalidatedException unused) {
            cipher.init(1, tryDeleteAndRecreateKey());
            return cipher;
        } catch (InvalidKeyException unused2) {
            cipher.init(1, tryDeleteAndRecreateKey());
            return cipher;
        }
        return cipher;
    }
}
