package com.microsoft.workfolders.UI.Model.Keychain;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import com.microsoft.workfolders.Common.ESCheck;
import com.microsoft.workfolders.Common.ESTracing;
import com.microsoft.workfolders.Common.IESResolver;
import com.microsoft.workfolders.ESWorkFoldersApplication;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import java.util.Calendar;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class ESKeychainService implements IESKeychainService {
    private Context _applicationContext;
    private IvParameterSpec _initializationVector;
    private KeyStore _keyStore;
    private File _keychainFolder;
    private KeyStore.PrivateKeyEntry _privateRSAKeyEntry;
    private SecretKeySpec _symmetricAESKey;
    private SecretKeySpec _symmetricMAMKey;
    private final String SHA256_ALGORITHM = "SHA-256";
    private final String RSA_ALGORITHM = "RSA";
    private final String AES_ALGORITHM = "AES";
    private final String RSA_ENCRYPTION_ALGORITHM = "RSA/ECB/PKCS1Padding";
    private final String AES_ENCRYPTION_ALGORITHM = "AES/CBC/PKCS5Padding";
    private final int RSA_KEY_SIZE = 2048;
    private final int AES_KEY_SIZE = 256;
    private final int IV_SIZE = 16;
    private final String ANDROID_KEYSTORE = "AndroidKeyStore";
    private final String WORKFOLDERS_ALIAS = "9cbd32fa-8a18-4ff0-9b22-42fd06d71027";
    private final String KEY_SUBJECT = "CN=Name, O=Authority";
    private final String ENCRYPTED_FOLDER = "4ae50828-47da-42f0-b6dd-4f45bda719ad";
    private final String SYMMETRIC_KEY_NAME = "SYMMETRIC_KEY";
    private final String IV_KEY_NAME = "INIT_VECTOR";
    private final String MAM_SYMMETRIC_KEY_NAME = "MAM_SYMMETRIC_KEY";

    private ESKeychainService(Context context) {
        this._applicationContext = (Context) ESCheck.notNull(context, "ESKeychainService::constr::applicationContext");
        initializeKeyStore();
    }

    private synchronized void addMAMKeyToKeychain(byte[] bArr) {
        ESCheck.notNull(bArr, "ESKeychainService::addToKeychain::value");
        saveFileToEncryptedFolder(obscureKeyValue("MAM_SYMMETRIC_KEY"), encryptSymmetricKeyValue(bArr));
    }

    private synchronized void addSymmetricKeyToKeychain(byte[] bArr, byte[] bArr2) {
        ESCheck.notNull(bArr, "ESKeychainService::addToKeychain::value");
        String obscureKeyValue = obscureKeyValue("SYMMETRIC_KEY");
        String obscureKeyValue2 = obscureKeyValue("INIT_VECTOR");
        byte[] encryptSymmetricKeyValue = encryptSymmetricKeyValue(bArr);
        byte[] encryptSymmetricKeyValue2 = encryptSymmetricKeyValue(bArr2);
        saveFileToEncryptedFolder(obscureKeyValue, encryptSymmetricKeyValue);
        saveFileToEncryptedFolder(obscureKeyValue2, encryptSymmetricKeyValue2);
    }

    public static IESKeychainService createInstance(IESResolver iESResolver) {
        ESCheck.notNull(iESResolver, "ESKeychainService::createInstance::resolver");
        return new ESKeychainService((Context) iESResolver.resolve(ESWorkFoldersApplication.class));
    }

    private byte[] decryptSymmetricKeyValue(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(2, this._privateRSAKeyEntry.getPrivateKey());
            CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (true) {
                int read = cipherInputStream.read();
                if (read == -1) {
                    cipherInputStream.close();
                    return byteArrayOutputStream.toByteArray();
                }
                byteArrayOutputStream.write(read);
            }
        } catch (Exception e) {
            ESTracing.traceException(e);
            ESCheck.isTrue(false, "Unrecoverable exception in ESKeychainService::decryptValue");
            return null;
        }
    }

    private String decryptValue(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, this._symmetricAESKey, this._initializationVector);
            CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (true) {
                int read = cipherInputStream.read();
                if (read == -1) {
                    cipherInputStream.close();
                    return new String(byteArrayOutputStream.toByteArray(), StandardCharsets.UTF_8);
                }
                byteArrayOutputStream.write(read);
            }
        } catch (Exception e) {
            ESTracing.traceException(e);
            ESCheck.isTrue(false, "Unrecoverable exception in ESKeychainService::decryptValue");
            return null;
        }
    }

    private boolean doesKeyExist(String str) {
        return new File(this._keychainFolder, obscureKeyValue(str)).exists();
    }

    private byte[] encryptSymmetricKeyValue(byte[] bArr) {
        try {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) ESCheck.notNull(this._privateRSAKeyEntry.getCertificate().getPublicKey(), "ESKeychainService::encryptValue::publicKey");
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, rSAPublicKey);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            cipherOutputStream.write(bArr);
            cipherOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            ESTracing.traceException(e);
            ESCheck.isTrue(false, "Unrecoverable exception in ESKeychainService::encryptValue");
            return null;
        }
    }

    private byte[] encryptValue(String str) {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, this._symmetricAESKey, this._initializationVector);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            cipherOutputStream.write(str.getBytes(StandardCharsets.UTF_8));
            cipherOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            ESTracing.traceException(e);
            ESCheck.isTrue(false, "Unrecoverable exception in ESKeychainService::encryptValue");
            return null;
        }
    }

    private void generateAndStoreNewMAMEncryptionKey() {
        try {
            SecureRandom secureRandom = new SecureRandom();
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256, secureRandom);
            SecretKeySpec secretKeySpec = new SecretKeySpec(keyGenerator.generateKey().getEncoded(), "AES");
            secureRandom.nextBytes(new byte[16]);
            addMAMKeyToKeychain(secretKeySpec.getEncoded());
            this._symmetricMAMKey = secretKeySpec;
        } catch (Exception e) {
            ESTracing.traceException(e);
            ESCheck.isTrue(false, "Unrecoverable exception in ESKeychainService::generateAndStoreNewEncryptionKey");
        }
    }

    private void generateAndStoreNewRSAEncryptionKey() {
        Locale locale = Locale.getDefault();
        try {
            try {
                Locale.setDefault(Locale.ENGLISH);
                Calendar calendar = Calendar.getInstance();
                Calendar calendar2 = Calendar.getInstance();
                calendar2.add(1, 100);
                KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this._applicationContext).setAlias("9cbd32fa-8a18-4ff0-9b22-42fd06d71027").setSubject(new X500Principal("CN=Name, O=Authority")).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).setKeySize(2048).build();
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                keyPairGenerator.initialize(build);
                keyPairGenerator.generateKeyPair();
                this._privateRSAKeyEntry = (KeyStore.PrivateKeyEntry) this._keyStore.getEntry("9cbd32fa-8a18-4ff0-9b22-42fd06d71027", null);
            } catch (Exception e) {
                ESTracing.traceException(e);
                ESCheck.isTrue(false, "Unrecoverable exception in ESKeychainService::generateAndStoreNewRSAEncryptionKey");
            }
        } finally {
            Locale.setDefault(locale);
        }
    }

    private void generateAndStoreNewSymmetricEncryptionKey() {
        try {
            SecureRandom secureRandom = new SecureRandom();
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256, secureRandom);
            SecretKeySpec secretKeySpec = new SecretKeySpec(keyGenerator.generateKey().getEncoded(), "AES");
            byte[] bArr = new byte[16];
            secureRandom.nextBytes(bArr);
            addSymmetricKeyToKeychain(secretKeySpec.getEncoded(), bArr);
            this._symmetricAESKey = secretKeySpec;
            this._initializationVector = new IvParameterSpec(bArr);
        } catch (Exception e) {
            ESTracing.traceException(e);
            ESCheck.isTrue(false, "Unrecoverable exception in ESKeychainService::generateAndStoreNewEncryptionKey");
        }
    }

    private void generateNewEncryptionKeys() {
        for (File file : this._keychainFolder.listFiles()) {
            file.delete();
        }
        generateAndStoreNewRSAEncryptionKey();
        generateAndStoreNewSymmetricEncryptionKey();
        generateAndStoreNewMAMEncryptionKey();
    }

    private synchronized byte[] getSymmetricKeyFromKeychain(String str) {
        byte[] readFileFromEncryptedFolder = readFileFromEncryptedFolder(obscureKeyValue(str));
        if (readFileFromEncryptedFolder == null) {
            return null;
        }
        return decryptSymmetricKeyValue(readFileFromEncryptedFolder);
    }

    private void initializeKeyStore() {
        try {
            this._keyStore = KeyStore.getInstance("AndroidKeyStore");
            this._keyStore.load(null);
            this._keychainFolder = new File(this._applicationContext.getFilesDir(), "4ae50828-47da-42f0-b6dd-4f45bda719ad");
            if (!this._keychainFolder.exists()) {
                this._keychainFolder.mkdirs();
            }
            if (!this._keyStore.containsAlias("9cbd32fa-8a18-4ff0-9b22-42fd06d71027")) {
                generateNewEncryptionKeys();
                return;
            }
            if (!doesKeyExist("SYMMETRIC_KEY")) {
                this._privateRSAKeyEntry = (KeyStore.PrivateKeyEntry) this._keyStore.getEntry("9cbd32fa-8a18-4ff0-9b22-42fd06d71027", null);
                generateAndStoreNewSymmetricEncryptionKey();
                generateAndStoreNewMAMEncryptionKey();
            } else {
                if (doesKeyExist("MAM_SYMMETRIC_KEY")) {
                    this._privateRSAKeyEntry = (KeyStore.PrivateKeyEntry) this._keyStore.getEntry("9cbd32fa-8a18-4ff0-9b22-42fd06d71027", null);
                    this._symmetricAESKey = new SecretKeySpec(getSymmetricKeyFromKeychain("SYMMETRIC_KEY"), "AES");
                    this._initializationVector = new IvParameterSpec(getSymmetricKeyFromKeychain("INIT_VECTOR"));
                    this._symmetricMAMKey = new SecretKeySpec(getSymmetricKeyFromKeychain("MAM_SYMMETRIC_KEY"), "AES");
                    return;
                }
                this._privateRSAKeyEntry = (KeyStore.PrivateKeyEntry) this._keyStore.getEntry("9cbd32fa-8a18-4ff0-9b22-42fd06d71027", null);
                this._symmetricAESKey = new SecretKeySpec(getSymmetricKeyFromKeychain("SYMMETRIC_KEY"), "AES");
                this._initializationVector = new IvParameterSpec(getSymmetricKeyFromKeychain("INIT_VECTOR"));
                generateAndStoreNewMAMEncryptionKey();
            }
        } catch (Exception e) {
            ESTracing.traceException(e);
            ESCheck.isTrue(false, "Unrecoverable exception in ESKeychainService::initializeKeyStore");
        }
    }

    private String obscureKeyValue(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(str.getBytes());
            byte[] digest = messageDigest.digest();
            StringBuilder sb = new StringBuilder();
            for (byte b : digest) {
                String hexString = Integer.toHexString(b & 255);
                while (hexString.length() < 2) {
                    hexString = "0" + hexString;
                }
                sb.append(hexString);
            }
            return sb.toString();
        } catch (Exception e) {
            ESTracing.traceException(e);
            ESCheck.isTrue(false, "Unrecoverable exception in ESKeychainService::obscureKeyValue");
            return null;
        }
    }

    private byte[] readFileFromEncryptedFolder(String str) {
        try {
            File file = new File(this._keychainFolder, str);
            if (file.exists() && file.length() > 0 && file.length() < 2147483647L) {
                byte[] bArr = new byte[(int) file.length()];
                FileInputStream fileInputStream = new FileInputStream(file);
                try {
                    fileInputStream.read(bArr);
                    return bArr;
                } finally {
                    fileInputStream.close();
                }
            }
            return null;
        } catch (Exception e) {
            ESTracing.traceException(e);
            ESCheck.isTrue(false, "Unrecoverable exception in ESKeychainService::readFileFromEncryptedFolder");
            return null;
        }
    }

    private void saveFileToEncryptedFolder(String str, byte[] bArr) {
        try {
            File file = new File(this._keychainFolder, str);
            if (file.exists()) {
                file.delete();
            }
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            try {
                fileOutputStream.write(bArr);
                fileOutputStream.close();
            } catch (Throwable th) {
                fileOutputStream.close();
                throw th;
            }
        } catch (Exception e) {
            ESTracing.traceException(e);
            ESCheck.isTrue(false, "Unrecoverable exception in ESKeychainService::saveFileToEncryptedFolder");
        }
    }

    @Override // com.microsoft.workfolders.UI.Model.Keychain.IESKeychainService
    public synchronized void addToKeychain(String str, String str2) {
        ESCheck.notNullOrEmpty(str, "ESKeychainService::addToKeychain::key");
        ESCheck.notNullOrEmpty(str2, "ESKeychainService::addToKeychain::value");
        ESCheck.isTrue(!str.equals("SYMMETRIC_KEY"), "Key Name not Allowed");
        ESCheck.isTrue(!str.equals("INIT_VECTOR"), "Key Name not Allowed");
        saveFileToEncryptedFolder(obscureKeyValue(str), encryptValue(str2));
    }

    @Override // com.microsoft.workfolders.UI.Model.Keychain.IESKeychainService
    public synchronized void clearKeychain() {
        for (File file : this._keychainFolder.listFiles()) {
            file.delete();
        }
        try {
            if (this._keyStore.containsAlias("9cbd32fa-8a18-4ff0-9b22-42fd06d71027")) {
                this._keyStore.deleteEntry("9cbd32fa-8a18-4ff0-9b22-42fd06d71027");
            }
        } catch (Exception e) {
            ESTracing.traceException(e);
            ESCheck.isTrue(false, "Unrecoverable exception in ESKeychainService::clearKeychain");
        }
        generateNewEncryptionKeys();
    }

    @Override // com.microsoft.workfolders.UI.Model.Keychain.IESKeychainService
    public synchronized String getFromKeychain(String str) {
        ESCheck.notNullOrEmpty(str, "ESKeychainService::getFromKeychain::key");
        ESCheck.isTrue(!str.equals("SYMMETRIC_KEY"), "Key Name not Allowed");
        ESCheck.isTrue(!str.equals("INIT_VECTOR"), "Key Name not Allowed");
        byte[] readFileFromEncryptedFolder = readFileFromEncryptedFolder(obscureKeyValue(str));
        if (readFileFromEncryptedFolder == null) {
            return null;
        }
        return decryptValue(readFileFromEncryptedFolder);
    }

    @Override // com.microsoft.workfolders.UI.Model.Keychain.IESKeychainService
    public synchronized byte[] getMAMKey() {
        return this._symmetricMAMKey.getEncoded();
    }

    @Override // com.microsoft.workfolders.UI.Model.Keychain.IESKeychainService
    public synchronized void removeFromKeychain(String str) {
        ESCheck.notNullOrEmpty(str, "ESKeychainService::removeFromKeychain::key");
        ESCheck.isTrue(!str.equals("SYMMETRIC_KEY"), "Key Name not Allowed");
        ESCheck.isTrue(!str.equals("INIT_VECTOR"), "Key Name not Allowed");
        File file = new File(this._keychainFolder, obscureKeyValue(str));
        if (file.exists()) {
            file.delete();
        }
    }
}
