package de.quartettmobile.keychain;

import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import de.quartettmobile.keychain.Keychain;
import de.quartettmobile.logger.L;
import de.quartettmobile.utility.extensions.LExtensionsKt;
import de.quartettmobile.utility.result.Failure;
import de.quartettmobile.utility.result.Result;
import de.quartettmobile.utility.result.ResultKt;
import de.quartettmobile.utility.result.Success;
import de.quartettmobile.utility.worker.WorkerHandler;
import java.security.Key;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.Pair;
import kotlin.Unit;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt__StringsJVMKt;

@Metadata(bv = {1, 0, 3}, d1 = {"\u0000N\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\t\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u0012\n\u0002\b\u0004\n\u0002\u0010\u000b\n\u0002\b\r\n\u0002\u0010\b\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0000\u0018\u00002\u00020\u0001B\u0011\b\u0000\u0012\u0006\u0010,\u001a\u00020*¢\u0006\u0004\b-\u0010.JO\u0010\n\u001a\u001a\u0012\u0010\u0012\u000e\u0012\u0004\u0012\u00020\u0004\u0012\u0004\u0012\u00020\b0\u0003\u0012\u0004\u0012\u00020\u00060\u00022\u001e\u0010\u0007\u001a\u001a\u0012\u0010\u0012\u000e\u0012\u0004\u0012\u00020\u0004\u0012\u0004\u0012\u00020\u00050\u0003\u0012\u0004\u0012\u00020\u00060\u00022\u0006\u0010\t\u001a\u00020\bH\u0002¢\u0006\u0004\b\n\u0010\u000bJ/\u0010\u0010\u001a\u001a\u0012\u0010\u0012\u000e\u0012\u0004\u0012\u00020\u0004\u0012\u0004\u0012\u00020\b0\u0003\u0012\u0004\u0012\u00020\u00060\u00022\u0006\u0010\r\u001a\u00020\fH\u0000¢\u0006\u0004\b\u000e\u0010\u000fJ3\u0010\u0016\u001a\u000e\u0012\u0004\u0012\u00020\b\u0012\u0004\u0012\u00020\u00060\u00022\u0006\u0010\r\u001a\u00020\f2\u0006\u0010\u0011\u001a\u00020\u00042\u0006\u0010\u0013\u001a\u00020\u0012H\u0000¢\u0006\u0004\b\u0014\u0010\u0015J\u001f\u0010\u001a\u001a\u00020\u00172\u0006\u0010\r\u001a\u00020\f2\u0006\u0010\u0011\u001a\u00020\u0004H\u0000¢\u0006\u0004\b\u0018\u0010\u0019J/\u0010\u001c\u001a\u001a\u0012\u0010\u0012\u000e\u0012\u0004\u0012\u00020\u0004\u0012\u0004\u0012\u00020\u00050\u0003\u0012\u0004\u0012\u00020\u00060\u00022\u0006\u0010\r\u001a\u00020\fH\u0000¢\u0006\u0004\b\u001b\u0010\u000fJ/\u0010\u001e\u001a\u001a\u0012\u0010\u0012\u000e\u0012\u0004\u0012\u00020\u0004\u0012\u0004\u0012\u00020\u00050\u0003\u0012\u0004\u0012\u00020\u00060\u00022\u0006\u0010\r\u001a\u00020\fH\u0000¢\u0006\u0004\b\u001d\u0010\u000fJ+\u0010!\u001a\u000e\u0012\u0004\u0012\u00020\u0005\u0012\u0004\u0012\u00020\u00060\u00022\u0006\u0010\r\u001a\u00020\f2\u0006\u0010\u0011\u001a\u00020\u0004H\u0000¢\u0006\u0004\b\u001f\u0010 J\u000f\u0010$\u001a\u00020\bH\u0000¢\u0006\u0004\b\"\u0010#R\u001c\u0010)\u001a\u00020%8\u0000@\u0000X\u0080D¢\u0006\f\n\u0004\b\n\u0010&\u001a\u0004\b'\u0010(R\u0016\u0010,\u001a\u00020*8\u0002@\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\n\u0010+¨\u0006/"}, d2 = {"Lde/quartettmobile/keychain/CryptoProvider;", "", "Lde/quartettmobile/utility/result/Result;", "Lkotlin/Pair;", "", "Ljavax/crypto/SecretKey;", "Lde/quartettmobile/keychain/Keychain$Error;", "masterKeyPairResult", "Ljavax/crypto/Cipher;", "encryptCipherInstance", "a", "(Lde/quartettmobile/utility/result/Result;Ljavax/crypto/Cipher;)Lde/quartettmobile/utility/result/Result;", "Lde/quartettmobile/keychain/KeyAccessibility;", "accessibility", "getEncryptionCipherInstance$Keychain_release", "(Lde/quartettmobile/keychain/KeyAccessibility;)Lde/quartettmobile/utility/result/Result;", "getEncryptionCipherInstance", "masterKeyId", "", "initializationVector", "getDecryptionCipherInstance$Keychain_release", "(Lde/quartettmobile/keychain/KeyAccessibility;J[B)Lde/quartettmobile/utility/result/Result;", "getDecryptionCipherInstance", "", "isMasterKeyValid$Keychain_release", "(Lde/quartettmobile/keychain/KeyAccessibility;J)Z", "isMasterKeyValid", "regenerateMasterKey$Keychain_release", "regenerateMasterKey", "encryptionMasterKey$Keychain_release", "encryptionMasterKey", "decryptionMasterKey$Keychain_release", "(Lde/quartettmobile/keychain/KeyAccessibility;J)Lde/quartettmobile/utility/result/Result;", "decryptionMasterKey", "cipher$Keychain_release", "()Ljavax/crypto/Cipher;", "cipher", "", "I", "getCipherIVLength$Keychain_release", "()I", "cipherIVLength", "Ljava/security/KeyStore;", "Ljava/security/KeyStore;", "keyStore", "<init>", "(Ljava/security/KeyStore;)V", "Keychain_release"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes2.dex */
public final class CryptoProvider {

    /* renamed from: a, reason: from kotlin metadata */
    private final int cipherIVLength;

    /* renamed from: a, reason: collision with other field name and from kotlin metadata */
    private final KeyStore keyStore;

    public CryptoProvider(KeyStore keyStore) {
        Intrinsics.f(keyStore, "keyStore");
        this.keyStore = keyStore;
        this.cipherIVLength = 16;
    }

    private final Result<Pair<Long, Cipher>, Keychain.Error> a(Result<Pair<Long, SecretKey>, Keychain.Error> masterKeyPairResult, Cipher encryptCipherInstance) {
        if (masterKeyPairResult instanceof Success) {
            Success success = (Success) masterKeyPairResult;
            encryptCipherInstance.init(1, (Key) ((Pair) success.getResult()).d());
            return new Success(new Pair(((Pair) success.getResult()).c(), encryptCipherInstance));
        }
        if (masterKeyPairResult instanceof Failure) {
            return ResultKt.convert((Failure) masterKeyPairResult);
        }
        throw new NoWhenBranchMatchedException();
    }

    public final Cipher cipher$Keychain_release() {
        Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
        Intrinsics.e(cipher, "Cipher.getInstance(\"${Ke…NCRYPTION_PADDING_NONE}\")");
        return cipher;
    }

    public final Result<SecretKey, Keychain.Error> decryptionMasterKey$Keychain_release(KeyAccessibility accessibility, long masterKeyId) {
        Intrinsics.f(accessibility, "accessibility");
        final String str = KeyAccessibilityKt.masterKeyPrefix(accessibility) + masterKeyId;
        String str2 = "de.quartettmobile.keychain." + str;
        if (!this.keyStore.containsAlias(str)) {
            str = str2;
        }
        Result<SecretKey, Keychain.Error> secretKey = KeychainKt.secretKey(this.keyStore, str);
        if (!(secretKey instanceof Success)) {
            if (secretKey instanceof Failure) {
                return ResultKt.convert((Failure) secretKey);
            }
            throw new NoWhenBranchMatchedException();
        }
        final SecretKey secretKey2 = (SecretKey) ((Success) secretKey).getResult();
        if (secretKey2 != null) {
            SecretKey secretKey3 = !KeychainKt.getDestroyed(secretKey2) ? secretKey2 : null;
            if (secretKey3 != null) {
                return new Success(secretKey3);
            }
        }
        WorkerHandler.INSTANCE.post(new Function0<Unit>() { // from class: de.quartettmobile.keychain.CryptoProvider$decryptionMasterKey$$inlined$run$lambda$1
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public /* bridge */ /* synthetic */ Unit invoke() {
                invoke2();
                return Unit.a;
            }

            /* renamed from: invoke, reason: avoid collision after fix types in other method */
            public final void invoke2() {
                KeyStore keyStore;
                if (secretKey2 != null) {
                    keyStore = CryptoProvider.this.keyStore;
                    Result<Unit, Keychain.Error> nuke = KeychainKt.nuke(keyStore, str);
                    if (nuke instanceof Failure) {
                        LExtensionsKt.w(L.INSTANCE, KeychainKt.getMODULE_NAME(), (Failure<?, ?>) nuke, (Function0<? extends Object>) new Function0<Object>() { // from class: de.quartettmobile.keychain.CryptoProvider$decryptionMasterKey$$inlined$run$lambda$1.1
                            {
                                super(0);
                            }

                            @Override // kotlin.jvm.functions.Function0
                            public final Object invoke() {
                                return "decryptionMasterKey(): Failed to nuke already destroyed key for alias " + str + '.';
                            }
                        });
                    }
                }
            }
        });
        return new Failure(new Keychain.Error.KeyDestroyed(null, 1, null));
    }

    public final Result<Pair<Long, SecretKey>, Keychain.Error> encryptionMasterKey$Keychain_release(KeyAccessibility accessibility) {
        boolean z;
        Success success;
        Object obj;
        SecretKey secretKey;
        SecretKey secretKey2;
        Intrinsics.f(accessibility, "accessibility");
        String str = "de.quartettmobile.keychain." + KeyAccessibilityKt.masterKeyPrefix(accessibility);
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            Intrinsics.e(aliases, "keyStore.aliases()");
            ArrayList list = Collections.list(aliases);
            Intrinsics.e(list, "java.util.Collections.list(this)");
            Iterator it = list.iterator();
            while (true) {
                z = false;
                success = null;
                if (!it.hasNext()) {
                    obj = null;
                    break;
                }
                obj = it.next();
                String it2 = (String) obj;
                Intrinsics.e(it2, "it");
                if (StringsKt__StringsJVMKt.K(it2, str, false, 2, null)) {
                    break;
                }
            }
            String str2 = (String) obj;
            if (str2 != null) {
                Result<SecretKey, Keychain.Error> secretKey3 = KeychainKt.secretKey(this.keyStore, str2);
                if ((secretKey3 instanceof Success) && (secretKey2 = (SecretKey) ((Success) secretKey3).getResult()) != null && !KeychainKt.getDestroyed(secretKey2)) {
                    z = true;
                }
                if (!z) {
                    secretKey3 = null;
                }
                if (!(secretKey3 instanceof Success)) {
                    secretKey3 = null;
                }
                Success success2 = (Success) secretKey3;
                if (success2 != null && (secretKey = (SecretKey) success2.getResult()) != null) {
                    success = new Success(new Pair(Long.valueOf(Long.parseLong(StringsKt__StringsJVMKt.E(str2, str, "", false, 4, null))), secretKey));
                }
                if (success != null) {
                    return success;
                }
            }
            return regenerateMasterKey$Keychain_release(accessibility);
        } catch (Exception unused) {
            return regenerateMasterKey$Keychain_release(accessibility);
        }
    }

    /* renamed from: getCipherIVLength$Keychain_release, reason: from getter */
    public final int getCipherIVLength() {
        return this.cipherIVLength;
    }

    public final Result<Cipher, Keychain.Error> getDecryptionCipherInstance$Keychain_release(KeyAccessibility accessibility, long masterKeyId, byte[] initializationVector) {
        Intrinsics.f(accessibility, "accessibility");
        Intrinsics.f(initializationVector, "initializationVector");
        try {
            IvParameterSpec ivParameterSpec = new IvParameterSpec(initializationVector);
            Cipher cipher$Keychain_release = cipher$Keychain_release();
            Result<SecretKey, Keychain.Error> decryptionMasterKey$Keychain_release = decryptionMasterKey$Keychain_release(accessibility, masterKeyId);
            if (decryptionMasterKey$Keychain_release instanceof Success) {
                cipher$Keychain_release.init(2, (Key) ((Success) decryptionMasterKey$Keychain_release).getResult(), ivParameterSpec);
                return new Success(cipher$Keychain_release);
            }
            if (decryptionMasterKey$Keychain_release instanceof Failure) {
                return ResultKt.convert((Failure) decryptionMasterKey$Keychain_release);
            }
            throw new NoWhenBranchMatchedException();
        } catch (Exception e) {
            return new Failure(new Keychain.Error.Decryption(e));
        }
    }

    public final Result<Pair<Long, Cipher>, Keychain.Error> getEncryptionCipherInstance$Keychain_release(KeyAccessibility accessibility) {
        Failure failure;
        Intrinsics.f(accessibility, "accessibility");
        try {
            try {
                return a(encryptionMasterKey$Keychain_release(accessibility), cipher$Keychain_release());
            } catch (Exception e) {
                if (!(e instanceof KeyPermanentlyInvalidatedException)) {
                    return new Failure(new Keychain.Error.Encryption(null, e, 1, null));
                }
                try {
                    return a(regenerateMasterKey$Keychain_release(accessibility), cipher$Keychain_release());
                } catch (Exception e2) {
                    failure = new Failure(new Keychain.Error.Encryption(null, e2, 1, null));
                    return failure;
                }
            }
        } catch (Exception e3) {
            failure = new Failure(new Keychain.Error.Encryption(null, e3, 1, null));
        }
    }

    public final boolean isMasterKeyValid$Keychain_release(KeyAccessibility accessibility, long masterKeyId) {
        SecretKey secretKey;
        Intrinsics.f(accessibility, "accessibility");
        String str = KeyAccessibilityKt.masterKeyPrefix(accessibility) + masterKeyId;
        String str2 = "de.quartettmobile.keychain." + str;
        if (!this.keyStore.containsAlias(str)) {
            str = str2;
        }
        Result<SecretKey, Keychain.Error> secretKey2 = KeychainKt.secretKey(this.keyStore, str);
        return (!(secretKey2 instanceof Success) || (secretKey = (SecretKey) ((Success) secretKey2).getResult()) == null || KeychainKt.getDestroyed(secretKey)) ? false : true;
    }

    public final Result<Pair<Long, SecretKey>, Keychain.Error> regenerateMasterKey$Keychain_release(KeyAccessibility accessibility) {
        Intrinsics.f(accessibility, "accessibility");
        try {
            String masterKeyPrefix = KeyAccessibilityKt.masterKeyPrefix(accessibility);
            long currentTimeMillis = System.currentTimeMillis();
            KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder("de.quartettmobile.keychain." + masterKeyPrefix + currentTimeMillis, 3);
            builder.setKeySize(256).setBlockModes("CTR").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(true);
            accessibility.updateKeyGenSpec$Keychain_release(builder);
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", this.keyStore.getProvider());
            keyGenerator.init(builder.build());
            return new Success(new Pair(Long.valueOf(currentTimeMillis), keyGenerator.generateKey()));
        } catch (Exception e) {
            return new Failure(new Keychain.Error.KeyGeneration(e));
        }
    }
}
