package org.chromium.components.os_crypt;

import android.annotation.SuppressLint;
import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import android.util.Pair;
import defpackage.mus;
import defpackage.muv;
import defpackage.mux;
import defpackage.mvv;
import java.io.FileInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Iterator;
import java.util.Locale;
import java.util.concurrent.Callable;
import java.util.concurrent.FutureTask;
import java.util.concurrent.TimeUnit;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.security.auth.x500.X500Principal;
import org.chromium.base.annotations.CalledByNative;

/* loaded from: classes.dex */
public class KeyStorage {
    static int a = 3;

    /* JADX INFO: Access modifiers changed from: package-private */
    @TargetApi(23)
    /* loaded from: classes.dex */
    public static class a implements b {
        @SuppressLint({"TrulyRandom"})
        private static SecretKey a(SecureRandom secureRandom, boolean z) throws Exception {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry("aes", null);
            KeyStore.SecretKeyEntry secretKeyEntry = entry instanceof KeyStore.SecretKeyEntry ? (KeyStore.SecretKeyEntry) entry : null;
            if (secretKeyEntry != null) {
                return secretKeyEntry.getSecretKey();
            }
            if (!z) {
                throw new IllegalStateException("Secret AES key must exists");
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            keyGenerator.init(new KeyGenParameterSpec.Builder("aes", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build(), secureRandom);
            return keyGenerator.generateKey();
        }

        @Override // org.chromium.components.os_crypt.KeyStorage.b
        public final String a() {
            return "aes";
        }

        @Override // org.chromium.components.os_crypt.KeyStorage.b
        public final byte[] a(Context context, byte[] bArr, SecureRandom secureRandom) throws Exception {
            SecretKey a = a(secureRandom, true);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, a, secureRandom);
            byte[] doFinal = cipher.doFinal(bArr);
            byte[] iv = cipher.getIV();
            if (!(iv != null && iv.length == 12)) {
                mus.a.a(null, null);
            }
            if (!(((GCMParameterSpec) cipher.getParameters().getParameterSpec(GCMParameterSpec.class)).getTLen() == 128)) {
                mus.a.a(null, null);
            }
            byte[] bArr2 = new byte[iv.length + doFinal.length];
            System.arraycopy(iv, 0, bArr2, 0, iv.length);
            System.arraycopy(doFinal, 0, bArr2, iv.length, doFinal.length);
            return bArr2;
        }

        @Override // org.chromium.components.os_crypt.KeyStorage.b
        public final byte[] a(byte[] bArr) {
            return bArr;
        }

        @Override // org.chromium.components.os_crypt.KeyStorage.b
        public final byte[] b(Context context, byte[] bArr, SecureRandom secureRandom) throws Exception {
            if (bArr.length < 12) {
                throw new BadPaddingException("Can't extract iv");
            }
            byte[] bArr2 = new byte[12];
            System.arraycopy(bArr, 0, bArr2, 0, 12);
            byte[] bArr3 = new byte[bArr.length - 12];
            System.arraycopy(bArr, 12, bArr3, 0, bArr3.length);
            SecretKey a = a(secureRandom, false);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, a, new GCMParameterSpec(128, bArr2));
            return cipher.doFinal(bArr3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public interface b {
        String a();

        byte[] a(Context context, byte[] bArr, SecureRandom secureRandom) throws Exception;

        byte[] a(byte[] bArr);

        byte[] b(Context context, byte[] bArr, SecureRandom secureRandom) throws Exception;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @TargetApi(18)
    /* loaded from: classes.dex */
    public static class c implements b {
        @SuppressLint({"TrulyRandom"})
        private KeyPair a(Context context, SecureRandom secureRandom) throws Exception {
            Calendar calendar = Calendar.getInstance(Locale.US);
            Calendar calendar2 = Calendar.getInstance(Locale.US);
            calendar2.set(1, 2049);
            final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(context).setAlias("rsa").setSubject(new X500Principal("CN=rsa")).setSerialNumber(BigInteger.valueOf(65537L)).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build(), secureRandom);
            FutureTask futureTask = new FutureTask(new Callable<KeyPair>() { // from class: org.chromium.components.os_crypt.KeyStorage.c.1
                @Override // java.util.concurrent.Callable
                public final /* synthetic */ KeyPair call() throws Exception {
                    return keyPairGenerator.generateKeyPair();
                }
            });
            mvv.a.execute(futureTask);
            return (KeyPair) futureTask.get(KeyStorage.a, TimeUnit.SECONDS);
        }

        @SuppressLint({"TrulyRandom"})
        private KeyPair a(Context context, SecureRandom secureRandom, boolean z) throws Exception {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry("rsa", null);
            KeyStore.PrivateKeyEntry privateKeyEntry = entry instanceof KeyStore.PrivateKeyEntry ? (KeyStore.PrivateKeyEntry) entry : null;
            if (privateKeyEntry != null) {
                return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
            }
            if (!z) {
                throw new IllegalStateException("Secret RSA key must exist");
            }
            try {
                return a(context, secureRandom);
            } catch (IllegalArgumentException e) {
                mux.c("KeyStorage", "Can't generate certificate, try with Locale.US", e);
                Locale locale = Locale.getDefault();
                try {
                    Locale.setDefault(Locale.US);
                    return a(context, secureRandom);
                } finally {
                    Locale.setDefault(locale);
                }
            }
        }

        @Override // org.chromium.components.os_crypt.KeyStorage.b
        public final String a() {
            return "rsa";
        }

        @Override // org.chromium.components.os_crypt.KeyStorage.b
        public final byte[] a(Context context, byte[] bArr, SecureRandom secureRandom) throws Exception {
            KeyPair a = a(context, secureRandom, true);
            Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding");
            cipher.init(1, a.getPublic(), secureRandom);
            return cipher.doFinal(bArr);
        }

        @Override // org.chromium.components.os_crypt.KeyStorage.b
        public final byte[] a(byte[] bArr) {
            return bArr;
        }

        @Override // org.chromium.components.os_crypt.KeyStorage.b
        public final byte[] b(Context context, byte[] bArr, SecureRandom secureRandom) throws Exception {
            KeyPair a = a(context, secureRandom, false);
            Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding");
            cipher.init(2, a.getPrivate(), secureRandom);
            return cipher.doFinal(bArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class d implements b {
        @Override // org.chromium.components.os_crypt.KeyStorage.b
        public final String a() {
            return "salt";
        }

        @Override // org.chromium.components.os_crypt.KeyStorage.b
        public final byte[] a(Context context, byte[] bArr, SecureRandom secureRandom) throws Exception {
            return bArr;
        }

        @Override // org.chromium.components.os_crypt.KeyStorage.b
        public final byte[] a(byte[] bArr) {
            return KeyStorage.nativeDerivePassword(bArr);
        }

        @Override // org.chromium.components.os_crypt.KeyStorage.b
        public final byte[] b(Context context, byte[] bArr, SecureRandom secureRandom) throws Exception {
            return KeyStorage.nativeDerivePassword(bArr);
        }
    }

    private static ArrayList<b> a(ArrayList<b> arrayList, ArrayList<Pair<b, Exception>> arrayList2) {
        ArrayList<b> arrayList3 = new ArrayList<>();
        Iterator<b> it = arrayList.iterator();
        while (it.hasNext()) {
            b next = it.next();
            boolean z = true;
            Iterator<Pair<b, Exception>> it2 = arrayList2.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                if (next == it2.next().first) {
                    z = false;
                    break;
                }
            }
            if (z) {
                arrayList3.add(next);
            }
        }
        return arrayList3;
    }

    private static byte[] a(Context context, FileInputStream fileInputStream) throws Exception {
        byte[] bArr;
        String string;
        SharedPreferences sharedPreferences = context.getSharedPreferences("os_crypt_password", 0);
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr2 = new byte[16];
        if (fileInputStream.read(bArr2) != 16) {
            throw new IOException("Failed to get enough random data.");
        }
        secureRandom.setSeed(bArr2);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new d());
        if (Build.VERSION.SDK_INT >= 23) {
            arrayList.add(new a());
        }
        if (Build.VERSION.SDK_INT >= 18) {
            arrayList.add(new c());
        }
        ArrayList arrayList2 = new ArrayList();
        Iterator it = arrayList.iterator();
        while (true) {
            if (!it.hasNext()) {
                bArr = null;
                break;
            }
            b bVar = (b) it.next();
            try {
                string = sharedPreferences.getString(bVar.a(), null);
            } catch (Exception e) {
                mux.c("KeyStorage", "Password file corrupted -> regenerate password. All OSCrypted data will lost", e);
                arrayList2.add(new Pair(bVar, e));
                sharedPreferences.edit().remove(bVar.a()).apply();
            }
            if (string != null) {
                bArr = bVar.b(context, Base64.decode(string, 0), secureRandom);
                break;
            }
        }
        if (bArr != null) {
            return bArr;
        }
        if (arrayList2.size() == arrayList.size()) {
            throw ((Exception) ((Pair) arrayList2.get(0)).second);
        }
        byte[] bArr3 = new byte[32];
        if (fileInputStream.read(bArr3) != 32) {
            throw new IOException("Failed to get enough random data.");
        }
        ArrayList<b> a2 = a((ArrayList<b>) arrayList, (ArrayList<Pair<b, Exception>>) arrayList2);
        if (!(!a2.isEmpty())) {
            mus.a.a(null, null);
        }
        arrayList2.clear();
        Iterator<b> it2 = a2.iterator();
        while (it2.hasNext()) {
            b next = it2.next();
            try {
                sharedPreferences.edit().putString(next.a(), Base64.encodeToString(next.a(context, bArr3, secureRandom), 2)).apply();
                bArr3 = next.a(bArr3);
                break;
            } catch (Exception e2) {
                arrayList2.add(new Pair(next, e2));
            }
        }
        if (arrayList2.size() != a2.size()) {
            return bArr3;
        }
        throw ((Exception) ((Pair) arrayList2.get(0)).second);
    }

    @CalledByNative
    private static byte[] getPassword() {
        FileInputStream fileInputStream;
        Context context = muv.a;
        try {
            try {
                fileInputStream = new FileInputStream("/dev/urandom");
                try {
                    byte[] a2 = a(context, fileInputStream);
                    try {
                        fileInputStream.close();
                    } catch (IOException unused) {
                    }
                    return a2;
                } catch (Throwable th) {
                    th = th;
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException unused2) {
                        }
                    }
                    throw th;
                }
            } catch (Exception e) {
                mux.c("KeyStorage", "Unrecovable error in AndroidKeyStore", e);
                mus.a.a(null, e);
                return null;
            }
        } catch (Throwable th2) {
            th = th2;
            fileInputStream = null;
        }
    }

    static native byte[] nativeDerivePassword(byte[] bArr);
}
