package com.microsoft.rightsmanagement.streams.crypto;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import com.huawei.push.util.RSAEncrypt;
import com.microsoft.rightsmanagement.logger.RMSLogWrapper;
import com.microsoft.rightsmanagement.utils.ConstantParameters;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import junit.framework.Assert;

/* loaded from: classes.dex */
final class OfflineKeyManagerV2 extends OfflineKeyManager {
    private static final String KEYSPEC_ALGORITHM = "AES";
    private static final int KEY_SIZE = 256;
    private static final String KEY_STORE_CERT_ALIAS = "MsipKeysRootCert";
    private static final String TAG = "OfflineKeyManagerV2";
    private static final String WRAP_ALGORITHM = "RSA/ECB/PKCS1Padding";
    private final SecureRandom mRandom;
    private Context mApplicationContext = null;
    private SecretKey mOfflineKey = null;
    private Object mOfflineKeyLockObject = new Object();
    private KeyPair mRootKeyPair = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    public OfflineKeyManagerV2() throws GeneralSecurityException {
        if (Build.VERSION.SDK_INT < 18) {
            throw new GeneralSecurityException("Cannot instantiate this class when API is less than 18");
        }
        this.mRandom = new SecureRandom();
    }

    private void checkAndUpdateKeyManagementToCurrentVersion(Cipher cipher) throws GeneralSecurityException {
        if (super.isOfflineKeyStoragePreferenceUsed(this.mApplicationContext)) {
            RMSLogWrapper.rmsTrace(TAG, "#checkAndUpdateKeyManagementToCurrentVersion");
            this.mOfflineKey = new SecretKeySpec(super.retrieveOfflineKey(this.mApplicationContext), "AES");
            saveOfflineKey(cipher);
            super.removeOfflineKeyStoragePreference(this.mApplicationContext);
        }
    }

    private SecretKey generateSecretKey() throws NoSuchAlgorithmException, InvalidKeySpecException {
        RMSLogWrapper.rmsTrace(TAG, "#generateSecretKey");
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256, this.mRandom);
        return keyGenerator.generateKey();
    }

    @TargetApi(18)
    private synchronized KeyPair getKeyPairFromAndroidKeyStore() throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, CertificateException, IOException, UnrecoverableEntryException {
        KeyStore.PrivateKeyEntry privateKeyEntry;
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (keyStore.containsAlias(KEY_STORE_CERT_ALIAS)) {
            RMSLogWrapper.rmsTrace(TAG, "KeyStore alias is available");
        } else {
            RMSLogWrapper.rmsTrace(TAG, "KeyStore alias is not available");
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 100);
            String format = String.format("CN=%s, OU=%s", KEY_STORE_CERT_ALIAS, this.mApplicationContext.getPackageName());
            KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.mApplicationContext).setAlias(KEY_STORE_CERT_ALIAS).setSubject(new X500Principal(format)).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSAEncrypt.KEY_ALGORITHM, "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
            RMSLogWrapper.rmsTrace(TAG, "Key entry is generated for cert " + format);
        }
        RMSLogWrapper.rmsTrace(TAG, "Reading Key entry");
        privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(KEY_STORE_CERT_ALIAS, null);
        return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
    }

    private void loadRootKeyPair() throws NoSuchAlgorithmException, NoSuchPaddingException, KeyStoreException, CertificateException, IOException, NoSuchProviderException, InvalidAlgorithmParameterException, UnrecoverableEntryException {
        if (this.mRootKeyPair == null) {
            this.mRootKeyPair = getKeyPairFromAndroidKeyStore();
        }
    }

    private byte[] retrieveOfflineKeyInternal(Context context) throws GeneralSecurityException {
        byte[] encoded;
        synchronized (this.mOfflineKeyLockObject) {
            this.mApplicationContext = context;
            if (this.mOfflineKey != null) {
                encoded = this.mOfflineKey.getEncoded();
            } else {
                try {
                    loadRootKeyPair();
                    Cipher cipher = Cipher.getInstance(WRAP_ALGORITHM);
                    checkAndUpdateKeyManagementToCurrentVersion(cipher);
                    String string = this.mApplicationContext.getSharedPreferences(ConstantParameters.OfflineParams.SHARED_PREFS_NAME, 0).getString(ConstantParameters.OfflineParams.BASE_KEY_NAME_V2, null);
                    if (string == null) {
                        this.mOfflineKey = generateSecretKey();
                        saveOfflineKey(cipher);
                    } else {
                        byte[] decode = Base64.decode(string, 0);
                        cipher.init(4, this.mRootKeyPair.getPrivate());
                        this.mOfflineKey = (SecretKey) cipher.unwrap(decode, "AES", 3);
                    }
                    encoded = this.mOfflineKey.getEncoded();
                } catch (IOException e) {
                    RMSLogWrapper.rmsError(TAG, e, "IOException during loading keypair from Android KeyStore");
                    throw new GeneralSecurityException("IOException during loading keypair from Android KeyStore. " + e.getMessage());
                }
            }
        }
        return encoded;
    }

    private void saveOfflineKey(Cipher cipher) throws GeneralSecurityException {
        RMSLogWrapper.rmsTrace(TAG, "#saveOfflineKey");
        Assert.assertNotNull(this.mOfflineKey);
        cipher.init(3, this.mRootKeyPair.getPublic());
        String encodeToString = Base64.encodeToString(cipher.wrap(this.mOfflineKey), 0);
        SharedPreferences.Editor edit = this.mApplicationContext.getSharedPreferences(ConstantParameters.OfflineParams.SHARED_PREFS_NAME, 0).edit();
        edit.putString(ConstantParameters.OfflineParams.BASE_KEY_NAME_V2, encodeToString);
        if (edit.commit()) {
            return;
        }
        RMSLogWrapper.rmsError(TAG, "Unable to save key BASE_KEY_NAME_V2");
        throw new GeneralSecurityException("Unable to save key BASE_KEY_NAME_V2");
    }

    @Override // com.microsoft.rightsmanagement.streams.crypto.OfflineKeyManager
    public byte[] retrieveOfflineKey(Context context) throws GeneralSecurityException {
        RMSLogWrapper.rmsTrace(TAG, "#retrieveOfflineKey");
        this.mApplicationContext = context;
        return this.mOfflineKey != null ? this.mOfflineKey.getEncoded() : retrieveOfflineKeyInternal(context);
    }
}
