package com.samsung.android.service.health.security;

import android.content.Context;
import com.samsung.android.sdk.healthdata.privileged.util.LogUtil;
import com.samsung.android.sdk.healthdata.privileged.util.StatePreferences;
import java.security.Key;
import java.util.Arrays;
import javax.crypto.spec.SecretKeySpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes5.dex */
public class TimaKeystoreKeyRepository implements KeyRepository {
    final String mClassName = getClass().getSimpleName();
    protected final Context mContext;
    protected byte[] mDbKey;
    final KnoxTimaKeystoreManager mKeystoreManager;
    private static final String TAG = LogUtil.makeTag("TimaKeystoreKeyRepository");
    private static final Object OP_LOCK = new Object();
    private static final Integer RETRY_COUNT = 3;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TimaKeystoreKeyRepository(Context context) {
        this.mContext = context;
        this.mKeystoreManager = new KnoxTimaKeystoreManager(this.mContext);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TimaKeystoreKeyRepository(Context context, KnoxTimaKeystoreManager knoxTimaKeystoreManager) {
        this.mContext = context;
        this.mKeystoreManager = knoxTimaKeystoreManager;
    }

    private void checkKeyValidity(byte[] bArr) {
        if (bArr == null || !KeyMdFile.isKnoxMdCorrupted(this.mContext, bArr)) {
            return;
        }
        KnoxLogger.doKnoxLogging(this.mContext, "KX_TM_KEY_CORRUPT", this.mClassName, null);
    }

    private byte[] getDbKeyFromTimaKeystoreWithValidityCheck() {
        KnoxLogger.doKnoxWeeklyLogging(this.mContext);
        Key keyFromTima = getKeyFromTima();
        if (keyFromTima == null) {
            KnoxLogger.doKnoxLogging(this.mContext, "KX_TM_GETKEY_FAIL", this.mClassName, null);
            return null;
        }
        byte[] encoded = keyFromTima.getEncoded();
        if (checkKeyValidityWithDb(encoded, "TimaDiffKey")) {
            return encoded;
        }
        checkKeyValidity(encoded);
        return null;
    }

    private byte[] setKeyToTimaKeystore(byte[] bArr) {
        Key key = null;
        if (!this.mKeystoreManager.enableTimaKeystore()) {
            return null;
        }
        if (bArr != null) {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
            if (!storeOnTimaKeystore(secretKeySpec)) {
                return null;
            }
            key = secretKeySpec;
        } else if (DbChecker.isDbAlreadyExist(this.mContext, false)) {
            Context context = this.mContext;
            KnoxLogger.doKnoxLogging(context, "KX_KM_WRONG_INIT_STATE", StatePreferences.getDbCreatedInfo(context), null);
            try {
                key = this.mKeystoreManager.getKeyFromTimaKeystore();
            } catch (Exception e) {
                KnoxLogger.doKnoxLogging(this.mContext, "KX_TM_FIRST_GETKEY_ERR", "MSG=" + e.getClass().getSimpleName() + " " + e.getMessage() + ", " + this.mClassName, null);
            }
        } else {
            key = createAndStoreKey();
        }
        byte[] leaveMd = leaveMd(key, "kx_strong_md");
        if (leaveMd == null) {
            KnoxLogger.resetTimaErrCount(this.mContext, "KX_KM_TM_SETUP_RESTORED");
        }
        return leaveMd;
    }

    private boolean storeOnTimaKeystore(Key key) {
        int i = 0;
        while (i < RETRY_COUNT.intValue() && !storeOnTimaKeystoreInternal(key)) {
            SecurityUtils.longSleepForRetry();
            i++;
        }
        if (i == 0) {
            return true;
        }
        KnoxLogger.doKnoxLogging(this.mContext, "KX_KM_RECHECK_FAIL", this.mClassName + ", ERRCOUNT=" + i, null);
        return i != RETRY_COUNT.intValue();
    }

    private boolean storeOnTimaKeystoreInternal(Key key) {
        Key key2;
        try {
            this.mKeystoreManager.storeKeyToTimaKeystore(key);
            StringBuilder sb = new StringBuilder();
            int i = 0;
            while (true) {
                if (i >= RETRY_COUNT.intValue()) {
                    key2 = null;
                    break;
                }
                try {
                    key2 = this.mKeystoreManager.getKeyFromTimaKeystore();
                    break;
                } catch (Exception e) {
                    sb.append(e.getClass().getSimpleName());
                    sb.append(" ");
                    sb.append(e.getMessage());
                    sb.append("/");
                    SecurityUtils.longSleepForRetry();
                    i++;
                }
            }
            if (i != 0) {
                KnoxLogger.doKnoxLogging(this.mContext, "KX_TM_GETKEY_ERR", "MSG=" + sb.toString() + "," + this.mClassName + ",ERRCOUNT=" + i, null);
                if (i == RETRY_COUNT.intValue()) {
                    return false;
                }
            }
            if (key2 == null) {
                KnoxLogger.doKnoxLogging(this.mContext, "KX_TM_RECHK_FAIL1", this.mClassName, null);
                return false;
            }
            if (!isSameKey(key, key2)) {
                KnoxLogger.doKnoxLogging(this.mContext, "KX_TM_RECHK_FAIL2", this.mClassName, null);
                return false;
            }
            LogUtil.LOGD(TAG, "Key is stored in " + this.mClassName + " successfully");
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean checkKeyValidityWithDb(byte[] bArr, String str) {
        if (bArr == null) {
            KnoxLogger.doKnoxLogging(this.mContext, "KX_TM_GETKEY_EMPTY", this.mClassName, null);
            return false;
        }
        if (!DbChecker.isDbKeyValid(this.mContext, bArr, str)) {
            return false;
        }
        KnoxLogger.resetTimaErrCount(this.mContext, "KX_KM_TM_RESTORED");
        return true;
    }

    public byte[] createAndStore() {
        byte[] keyToTimaKeystore;
        synchronized (OP_LOCK) {
            keyToTimaKeystore = setKeyToTimaKeystore(null);
        }
        return keyToTimaKeystore;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Key createAndStoreKey() {
        LogUtil.LOGD(TAG, "At first time (" + this.mClassName + ')');
        try {
            Key createNewKeyForTima = this.mKeystoreManager.createNewKeyForTima();
            if (createNewKeyForTima == null) {
                LogUtil.LOGD(TAG, "Fail to create new key");
                KnoxLogger.doKnoxLogging(this.mContext, "KX_KM_NK_FAIL", this.mClassName, null);
                return null;
            }
            if (storeOnTimaKeystore(createNewKeyForTima)) {
                return createNewKeyForTima;
            }
            LogUtil.LOGD(TAG, "Fail to store (" + this.mClassName + ')');
            return null;
        } catch (Exception e) {
            KnoxLogger.doKnoxLogging(this.mContext, "KX_KM_NK_ERR", "MSG=" + e.getClass().getSimpleName() + " " + e.getMessage() + ", " + this.mClassName, null);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Key getKeyFromTima() {
        try {
            return this.mKeystoreManager.getKeyFromTimaKeystore();
        } catch (Exception unused) {
            return null;
        }
    }

    boolean isSameKey(Key key, Key key2) {
        return Arrays.equals(key.getEncoded(), key2.getEncoded());
    }

    byte[] leaveMd(Key key, String str) {
        if (key == null) {
            return null;
        }
        byte[] encoded = key.getEncoded();
        if (encoded != null) {
            KeyMdFile.writeStrongMdFirst(this.mContext, encoded, str);
            this.mContext.getFileStreamPath("ss_key_md").delete();
            this.mContext.getFileStreamPath("km_key_md").delete();
            this.mContext.getFileStreamPath("dpw_md").delete();
        }
        return encoded;
    }

    public byte[] migrate(byte[] bArr, KeyRetrievalMode keyRetrievalMode) {
        synchronized (OP_LOCK) {
            byte[] keyToTimaKeystore = setKeyToTimaKeystore(bArr);
            if (keyToTimaKeystore == null) {
                return null;
            }
            if (keyRetrievalMode == null || KeyRetrievalMode.set(this.mContext, keyRetrievalMode)) {
                return keyToTimaKeystore;
            }
            return null;
        }
    }

    @Override // com.samsung.android.service.health.security.KeyRepository
    public byte[] retrieve() {
        synchronized (OP_LOCK) {
            if (this.mDbKey == null) {
                this.mDbKey = getDbKeyFromTimaKeystoreWithValidityCheck();
            }
        }
        return this.mDbKey;
    }

    public byte[] setUpForKeyRestoration(String str, String str2) {
        synchronized (OP_LOCK) {
            byte[] createAndStore = createAndStore();
            if (createAndStore == null || !KeyRetrievalMode.set(this.mContext, KeyRetrievalMode.TIMA_KEYSTORE)) {
                return null;
            }
            return createAndStore;
        }
    }
}
