package com.okta.android.auth.security;

import android.content.Context;
import android.text.TextUtils;
import com.google.common.io.ByteStreams;
import com.okta.android.auth.data.CommonPreferences;
import com.okta.android.auth.data.IOUtils;
import com.okta.android.auth.data.database.keystorage.KeyDataType;
import com.okta.android.auth.data.database.keystorage.KeystoreDataType;
import com.okta.android.auth.security.PasswordGenerator;
import com.okta.lib.android.common.annotation.ApplicationContext;
import com.okta.lib.android.common.utilities.Log;
import io.fabric.sdk.android.services.events.EventsFilesManager;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import javax.crypto.Cipher;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.spongycastle.operator.OperatorCreationException;

@Singleton
/* loaded from: classes2.dex */
public class KeyPairHelperFallback extends KeyPairHelper {
    private static final String KEYSTORE_PREF_SUFFIX = "_ks";
    private static final String KEY_ENTRY_PREF_SUFFIX = "_ke";
    public static final String MUST_HAVE_AN_ALIAS = "Must have an alias";
    private static final String TAG = "KeyPairHelperFallback";

    @Inject
    AndroidIDPasswordGenerator androidIDPasswordGenerator;

    @ApplicationContext
    @Inject
    Context context;

    @Inject
    KeyStoreWrapper keyStoreWrapper;
    private PasswordGenerator passwordGenerator;

    @Inject
    CommonPreferences prefs;

    @Inject
    SerialPasswordGenerator serialPasswordGenerator;
    HashMap<String, KeyStore> keystoreCache = new HashMap<>();
    HashMap<String, String> keyCache = new HashMap<>();
    HashMap<String, byte[]> keystoreFileCache = new HashMap<>();

    @Inject
    public KeyPairHelperFallback() {
    }

    private String appendAliasWithPaddingTypeSuffix(String str, PasswordGenerator.PaddingType paddingType) {
        String indicator = paddingType.getIndicator();
        return TextUtils.isEmpty(indicator) ? str : str + EventsFilesManager.ROLL_OVER_FILE_NAME_SEPARATOR + indicator;
    }

    private KeyStore createKeystore(String str) throws KeyStoreException {
        if (TextUtils.isEmpty(str)) {
            throw new IllegalArgumentException(MUST_HAVE_AN_ALIAS);
        }
        KeyStore keyStore = this.keyStoreWrapper.getKeyStore();
        if (!loadKeyStore(keyStore, (FileInputStream) null, (String) null)) {
            throw new KeyStoreException("Failed to create keystore");
        }
        this.keystoreCache.put(getFilename(str), keyStore);
        return keyStore;
    }

    private String findKeyPassword(String str) {
        return this.prefs.getString(str + KEY_ENTRY_PREF_SUFFIX, null);
    }

    private String findKeystorePassword(String str) {
        return this.prefs.getString(str + KEYSTORE_PREF_SUFFIX, null);
    }

    private String getFilename(String str) {
        if (TextUtils.isEmpty(str)) {
            throw new IllegalArgumentException("Alias empty when finding keystore filename");
        }
        return str + ".keystore";
    }

    private KeyStore getKeystore(String str) throws KeyStoreException {
        if (TextUtils.isEmpty(str)) {
            throw new IllegalArgumentException(MUST_HAVE_AN_ALIAS);
        }
        String filename = getFilename(str);
        KeyStore keyStore = this.keystoreCache.get(filename);
        if (keyStore != null) {
            return keyStore;
        }
        String findKeystorePassword = findKeystorePassword(str);
        if (findKeystorePassword == null) {
            return null;
        }
        try {
            String str2 = TAG;
            Log.d(str2, "Starting to unlock keystore: " + str.substring(0, 3));
            KeyStore keyStore2 = this.keyStoreWrapper.getKeyStore();
            if (!loadKeyStore(keyStore2, filename, this.passwordGenerator.bruteForcePredictablePassword(findKeystorePassword))) {
                throw new KeyStoreException("Failed to load keystore");
            }
            Log.i(str2, "Successfully unlocked keystore for " + str.substring(0, 3));
            this.keystoreCache.put(filename, keyStore2);
            return keyStore2;
        } catch (GeneralSecurityException e) {
            Log.e(TAG, "error when trying to decrypt keystore from disk");
            throw new KeyStoreException(e);
        }
    }

    private File getKeystoreFile(String str) {
        if (TextUtils.isEmpty(str)) {
            throw new IllegalArgumentException("Alias empty when finding keystore file");
        }
        return new File(getFilename(str));
    }

    private boolean keyStoreToDisk(KeyStore keyStore, String str) {
        try {
            FileOutputStream openFileOutput = this.context.openFileOutput(getFilename(str), 0);
            byte[] generateRandomPassword = this.passwordGenerator.generateRandomPassword();
            try {
                try {
                    try {
                        try {
                            keyStore.store(openFileOutput, IOUtils.encodeBase64(generateRandomPassword).toCharArray());
                            storeKeystorePassword(str, generateRandomPassword);
                            return IOUtils.closeFileStream(openFileOutput);
                        } catch (GeneralSecurityException e) {
                            Log.e(TAG, "Failed to store keystore password", e);
                            return false;
                        }
                    } catch (NoSuchAlgorithmException e2) {
                        Log.e(TAG, "No Algorithm", e2);
                        return false;
                    } catch (CertificateException e3) {
                        Log.e(TAG, "Could not load certificates", e3);
                        return false;
                    }
                } catch (IOException e4) {
                    Log.e(TAG, "Could not read from file stream", e4);
                    return false;
                } catch (KeyStoreException e5) {
                    Log.e(TAG, "Key store not initialized", e5);
                    return false;
                }
            } finally {
                IOUtils.closeFileStream(openFileOutput);
            }
        } catch (FileNotFoundException e6) {
            Log.e(TAG, "File could not be found", e6);
            return false;
        }
    }

    private KeyPair loadKey(KeyStore keyStore, String str, String str2) throws KeyStoreException, UnrecoverableEntryException {
        try {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(IOUtils.encodeToDefaultCharset(str), new KeyStore.PasswordProtection(IOUtils.encodeToDefaultCharset(str2).toCharArray()));
            return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
        } catch (NoSuchAlgorithmException e) {
            Log.e(TAG, "Required algorithm is unavailable.", e);
            throw new KeyStoreException(e);
        }
    }

    private boolean loadKeyStore(KeyStore keyStore, InputStream inputStream, String str) {
        char[] charArray;
        if (str != null) {
            try {
                charArray = str.toCharArray();
            } catch (IOException e) {
                if (e.getCause() instanceof UnrecoverableKeyException) {
                    Log.e(TAG, "Bad password when loading keystore", e.getCause());
                    return false;
                }
                Log.e(TAG, "Could not load keystore", e);
                return false;
            } catch (NoSuchAlgorithmException e2) {
                Log.e(TAG, "No Algorithm", e2);
                return false;
            } catch (CertificateException e3) {
                Log.e(TAG, "Could not load certificates", e3);
                return false;
            }
        } else {
            charArray = null;
        }
        keyStore.load(inputStream, charArray);
        return true;
    }

    private boolean loadKeyStore(KeyStore keyStore, String str, String str2) throws InvalidAlgorithmParameterException {
        InputStream openFileStream = openFileStream(str);
        if (openFileStream == null) {
            return false;
        }
        try {
            boolean loadKeyStore = loadKeyStore(keyStore, openFileStream, str2);
            if (IOUtils.closeFileStream(openFileStream)) {
                return loadKeyStore;
            }
            return false;
        } finally {
            IOUtils.closeFileStream(openFileStream);
        }
    }

    private InputStream openFileStream(String str) {
        if (TextUtils.isEmpty(str)) {
            throw new IllegalArgumentException("Filename cannot be blank");
        }
        byte[] bArr = this.keystoreFileCache.get(str);
        if (bArr == null) {
            try {
                byte[] byteArray = ByteStreams.toByteArray(this.context.openFileInput(str));
                this.keystoreFileCache.put(str, byteArray);
                bArr = byteArray;
            } catch (FileNotFoundException e) {
                Log.e(TAG, "File could not be found", e);
                return null;
            } catch (IOException e2) {
                Log.e(TAG, "Error converting file to byte array", e2);
                return null;
            }
        }
        return new ByteArrayInputStream(bArr);
    }

    private void setPasswordGeneratorHelper(String str) {
        if (hasKeystoreForType(str, this.androidIDPasswordGenerator.getPaddingType())) {
            this.passwordGenerator = this.androidIDPasswordGenerator;
        } else {
            this.passwordGenerator = this.serialPasswordGenerator;
        }
    }

    private void storeKeyPassword(String str, byte[] bArr) throws GeneralSecurityException {
        this.prefs.edit().putString(str + KEY_ENTRY_PREF_SUFFIX, this.passwordGenerator.encryptPasswordToString(bArr)).apply();
    }

    private void storeKeystorePassword(String str, byte[] bArr) throws GeneralSecurityException {
        this.prefs.edit().putString(str + KEYSTORE_PREF_SUFFIX, this.passwordGenerator.encryptPasswordToString(bArr)).apply();
    }

    @Override // com.okta.android.auth.security.KeyPairHelper
    public synchronized void clearKeystore() throws GeneralSecurityException {
        for (String str : findAllAliases()) {
            if (!getKeystoreFile(str).delete()) {
                throw new GeneralSecurityException("Failed to delete the keystore for alias: " + str.substring(0, 3));
            }
        }
    }

    @Override // com.okta.android.auth.security.KeyPairHelper
    public KeyPair generateKeypair(String str) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        if (TextUtils.isEmpty(str)) {
            throw new IllegalArgumentException("Alias empty when generating keypair");
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        return keyPairGenerator.generateKeyPair();
    }

    @Override // com.okta.android.auth.security.KeyPairHelper
    public Cipher getCipher() throws GeneralSecurityException {
        return Cipher.getInstance("RSA", "CCJ");
    }

    @Override // com.okta.android.auth.security.KeyPairHelper
    public synchronized KeyPair getKeypair(String str) throws GeneralSecurityException {
        if (TextUtils.isEmpty(str)) {
            throw new IllegalArgumentException(MUST_HAVE_AN_ALIAS);
        }
        setPasswordGeneratorHelper(str);
        String appendAliasWithPaddingTypeSuffix = appendAliasWithPaddingTypeSuffix(str, this.passwordGenerator.getPaddingType());
        KeyStore keystore = getKeystore(appendAliasWithPaddingTypeSuffix);
        if (keystore == null) {
            return null;
        }
        String str2 = this.keyCache.get(appendAliasWithPaddingTypeSuffix);
        if (!TextUtils.isEmpty(str2)) {
            try {
                return loadKey(keystore, str, str2);
            } catch (UnrecoverableEntryException e) {
                Log.e(TAG, "Cached password failed", e);
            }
        }
        String bruteForcePredictablePassword = this.passwordGenerator.bruteForcePredictablePassword(findKeyPassword(appendAliasWithPaddingTypeSuffix));
        try {
            KeyPair loadKey = loadKey(keystore, str, bruteForcePredictablePassword);
            this.keyCache.put(appendAliasWithPaddingTypeSuffix, bruteForcePredictablePassword);
            return loadKey;
        } catch (UnrecoverableEntryException unused) {
            Log.e(TAG, "Stored key failed to decrypt key entry");
            throw new KeyStoreException("Failed to find password for key");
        }
    }

    @Override // com.okta.android.auth.security.KeyPairHelper
    protected KeystoreDataType getKeystoreType() {
        return KeystoreDataType.FALLBACK;
    }

    public boolean hasKeystoreForType(String str, PasswordGenerator.PaddingType paddingType) {
        return !TextUtils.isEmpty(findKeyPassword(appendAliasWithPaddingTypeSuffix(str, paddingType)));
    }

    @Override // com.okta.android.auth.security.KeyPairHelper
    public synchronized void storeUserKeypair(String str, KeyPair keyPair) throws GeneralSecurityException {
        if (TextUtils.isEmpty(str)) {
            throw new IllegalArgumentException(MUST_HAVE_AN_ALIAS);
        }
        AndroidIDPasswordGenerator androidIDPasswordGenerator = this.androidIDPasswordGenerator;
        this.passwordGenerator = androidIDPasswordGenerator;
        String appendAliasWithPaddingTypeSuffix = appendAliasWithPaddingTypeSuffix(str, androidIDPasswordGenerator.getPaddingType());
        KeyStore createKeystore = createKeystore(appendAliasWithPaddingTypeSuffix);
        byte[] generatePredictablePassword = this.passwordGenerator.generatePredictablePassword();
        String encodeBase64 = IOUtils.encodeBase64(generatePredictablePassword);
        try {
            X509Certificate generateCertificate = this.passwordGenerator.generateCertificate(keyPair, str);
            Log.d(TAG, generateCertificate.getSigAlgName());
            try {
                createKeystore.setEntry(str, new KeyStore.PrivateKeyEntry(keyPair.getPrivate(), new Certificate[]{generateCertificate}), new KeyStore.PasswordProtection(encodeBase64.toCharArray()));
                if (!keyStoreToDisk(createKeystore, appendAliasWithPaddingTypeSuffix)) {
                    throw new GeneralSecurityException("Failed to save keystore to disk");
                }
                storeKeyPassword(appendAliasWithPaddingTypeSuffix, generatePredictablePassword);
                this.keyCache.put(appendAliasWithPaddingTypeSuffix, encodeBase64);
                this.keyDataStorage.addKeyEntry(str, KeyDataType.RSA, KeystoreDataType.FALLBACK);
            } catch (KeyStoreException e) {
                Log.e(TAG, "Key store is not initialized.", e);
                throw e;
            }
        } catch (OperatorCreationException e2) {
            Log.e(TAG, "Failed to generate key certificate");
            throw new GeneralSecurityException(e2);
        }
    }
}
