package f.a.a.m.e;

import android.annotation.TargetApi;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.StrongBoxUnavailableException;
import android.util.Log;
import androidx.annotation.NonNull;
import com.clp.clp_revamp.keychain.exceptions.CryptoFailedException;
import com.clp.clp_revamp.keychain.exceptions.KeyStoreAccessException;
import com.facebook.stetho.common.Utf8Charset;
import f.a.a.m.d;
import f.a.a.m.e.a;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;

@TargetApi(23)
/* loaded from: classes.dex */
public class b implements a {
    public boolean a = true;

    @Override // f.a.a.m.e.a
    public d a() {
        return d.SECURE_HARDWARE;
    }

    @TargetApi(23)
    public final d a(SecretKey secretKey) {
        try {
            return ((KeyInfo) SecretKeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(secretKey, KeyInfo.class)).isInsideSecureHardware() ? d.SECURE_HARDWARE : d.SECURE_SOFTWARE;
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException unused) {
            return d.ANY;
        }
    }

    @Override // f.a.a.m.e.a
    public a.b a(@NonNull String str, @NonNull byte[] bArr, @NonNull byte[] bArr2) throws CryptoFailedException {
        try {
            Key key = d().getKey(b(str), null);
            if (key != null) {
                return new a.b(a(key, bArr), a(key, bArr2), a((SecretKey) key));
            }
            throw new CryptoFailedException("The provided service/key could not be found in the Keystore");
        } catch (KeyStoreAccessException e) {
            throw new CryptoFailedException("Could not access Keystore", e);
        } catch (KeyStoreException e2) {
            e = e2;
            throw new CryptoFailedException("Could not get key from Keystore", e);
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            throw new CryptoFailedException("Could not get key from Keystore", e);
        } catch (UnrecoverableKeyException e4) {
            e = e4;
            throw new CryptoFailedException("Could not get key from Keystore", e);
        } catch (Exception e5) {
            StringBuilder a = f.b.a.a.a.a("Unknown error: ");
            a.append(e5.getMessage());
            throw new CryptoFailedException(a.toString(), e5);
        }
    }

    @Override // f.a.a.m.e.a
    @TargetApi(23)
    public a.c a(@NonNull String str, @NonNull String str2, @NonNull String str3, d dVar) throws CryptoFailedException {
        String b = b(str);
        try {
            try {
                KeyStore d = d();
                if (!d.containsAlias(b)) {
                    a(b, dVar);
                }
                try {
                    Key key = d.getKey(b, null);
                    byte[] a = a(key, b, str2);
                    byte[] a2 = a(key, b, str3);
                    this.a = true;
                    return new a.c(a, a2, this);
                } catch (UnrecoverableKeyException e) {
                    e.printStackTrace();
                    if (!this.a) {
                        throw e;
                    }
                    this.a = false;
                    d.deleteEntry(b);
                    return a(b, str2, str3, dVar);
                }
            } catch (UnrecoverableKeyException e2) {
                e = e2;
                throw new CryptoFailedException(f.b.a.a.a.a("Could not encrypt data for service ", b), e);
            }
        } catch (KeyStoreAccessException e3) {
            e = e3;
            throw new CryptoFailedException(f.b.a.a.a.a("Could not access Keystore for service ", b), e);
        } catch (InvalidAlgorithmParameterException e4) {
            e = e4;
            throw new CryptoFailedException(f.b.a.a.a.a("Could not encrypt data for service ", b), e);
        } catch (KeyStoreException e5) {
            e = e5;
            throw new CryptoFailedException(f.b.a.a.a.a("Could not access Keystore for service ", b), e);
        } catch (NoSuchAlgorithmException e6) {
            e = e6;
            throw new CryptoFailedException(f.b.a.a.a.a("Could not encrypt data for service ", b), e);
        } catch (NoSuchProviderException e7) {
            e = e7;
            throw new CryptoFailedException(f.b.a.a.a.a("Could not encrypt data for service ", b), e);
        } catch (Exception e8) {
            StringBuilder a3 = f.b.a.a.a.a("Unknown error: ");
            a3.append(e8.getMessage());
            throw new CryptoFailedException(a3.toString(), e8);
        }
    }

    public final String a(Key key, byte[] bArr) throws CryptoFailedException {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            byte[] bArr2 = new byte[16];
            byteArrayInputStream.read(bArr2, 0, bArr2.length);
            cipher.init(2, key, new IvParameterSpec(bArr2));
            CipherInputStream cipherInputStream = new CipherInputStream(byteArrayInputStream, cipher);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr3 = new byte[1024];
            while (true) {
                int read = cipherInputStream.read(bArr3, 0, bArr3.length);
                if (read <= 0) {
                    return new String(byteArrayOutputStream.toByteArray(), Charset.forName(Utf8Charset.NAME));
                }
                byteArrayOutputStream.write(bArr3, 0, read);
            }
        } catch (Exception e) {
            StringBuilder a = f.b.a.a.a.a("Could not decrypt bytes: ");
            a.append(e.getMessage());
            throw new CryptoFailedException(a.toString(), e);
        }
    }

    @TargetApi(23)
    public final SecretKey a(KeyGenParameterSpec keyGenParameterSpec) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(keyGenParameterSpec);
        return keyGenerator.generateKey();
    }

    @Override // f.a.a.m.e.a
    public void a(@NonNull String str) throws KeyStoreAccessException {
        String b = b(str);
        try {
            KeyStore d = d();
            if (d.containsAlias(b)) {
                d.deleteEntry(b);
            }
        } catch (KeyStoreException e) {
            throw new KeyStoreAccessException("Failed to access Keystore", e);
        } catch (Exception e2) {
            StringBuilder a = f.b.a.a.a.a("Unknown error ");
            a.append(e2.getMessage());
            throw new KeyStoreAccessException(a.toString(), e2);
        }
    }

    public final void a(@NonNull String str, d dVar) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, CryptoFailedException {
        SecretKey secretKey = null;
        if (Build.VERSION.SDK_INT >= 28) {
            try {
                secretKey = a(c(str).setIsStrongBoxBacked(true).build());
            } catch (Exception e) {
                if (e instanceof StrongBoxUnavailableException) {
                    Log.i("KeystoreAESCBC", "StrongBox is unavailable on this device");
                } else {
                    StringBuilder a = f.b.a.a.a.a("An error occurred when trying to generate a StrongBoxSecurityKey: ");
                    a.append(e.getMessage());
                    Log.e("KeystoreAESCBC", a.toString());
                }
            }
        }
        if (secretKey == null) {
            secretKey = a(c(str).build());
        }
        if (!a(secretKey).a(dVar)) {
            throw new CryptoFailedException("Cannot generate keys with required security guarantees");
        }
    }

    public final byte[] a(Key key, String str, String str2) throws CryptoFailedException {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            cipher.init(1, key);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] iv = cipher.getIV();
            byteArrayOutputStream.write(iv, 0, iv.length);
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            cipherOutputStream.write(str2.getBytes(Utf8Charset.NAME));
            cipherOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            StringBuilder b = f.b.a.a.a.b("Could not encrypt value for service ", str, ", message: ");
            b.append(e.getMessage());
            throw new CryptoFailedException(b.toString(), e);
        }
    }

    @Override // f.a.a.m.e.a
    public String b() {
        return "KeystoreAESCBC";
    }

    @NonNull
    public final String b(@NonNull String str) {
        return str.isEmpty() ? "RN_KEYCHAIN_DEFAULT_ALIAS" : str;
    }

    @Override // f.a.a.m.e.a
    public int c() {
        return 23;
    }

    @TargetApi(23)
    public final KeyGenParameterSpec.Builder c(String str) {
        return new KeyGenParameterSpec.Builder(str, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setRandomizedEncryptionRequired(true).setKeySize(256);
    }

    public final KeyStore d() throws KeyStoreException, KeyStoreAccessException {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore;
        } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
            throw new KeyStoreAccessException("Could not access Keystore", e);
        }
    }
}
