package r7;

import android.annotation.TargetApi;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.StrongBoxUnavailableException;
import android.util.Log;
import com.sun.jna.Function;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import org.apache.commons.lang3.CharEncoding;
import r7.a;

@TargetApi(23)
/* loaded from: classes.dex */
public class e implements a {

    /* renamed from: a, reason: collision with root package name */
    private boolean f13971a = true;

    private String h(Key key, byte[] bArr) throws s7.a {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            cipher.init(2, key, new IvParameterSpec(bArr, 0, 16));
            return new String(cipher.doFinal(bArr, 16, bArr.length - 16), Charset.forName(CharEncoding.UTF_8));
        } catch (Exception e10) {
            throw new s7.a("Could not decrypt bytes: " + e10.getMessage(), e10);
        }
    }

    private byte[] i(Key key, String str, String str2) throws s7.a {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            cipher.init(1, key);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] iv = cipher.getIV();
            byteArrayOutputStream.write(iv, 0, iv.length);
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            cipherOutputStream.write(str2.getBytes(CharEncoding.UTF_8));
            cipherOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e10) {
            throw new s7.a("Could not encrypt value for service " + str + ", message: " + e10.getMessage(), e10);
        }
    }

    @TargetApi(23)
    private SecretKey j(KeyGenParameterSpec keyGenParameterSpec) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(keyGenParameterSpec);
        return keyGenerator.generateKey();
    }

    private void k(String str, q7.c cVar) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, s7.a {
        SecretKey q10 = q(str);
        if (q10 == null) {
            q10 = p(str);
        }
        if (r(cVar, q10)) {
            return;
        }
        try {
            f(str);
        } catch (s7.c e10) {
            Log.e("KeystoreAESCBC", "Unable to remove key from keychain", e10);
        }
        throw new s7.a("Cannot generate keys with required security guarantees");
    }

    private String l(String str) {
        return str.isEmpty() ? "RN_KEYCHAIN_DEFAULT_ALIAS" : str;
    }

    @TargetApi(23)
    private KeyGenParameterSpec.Builder m(String str) {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder randomizedEncryptionRequired;
        KeyGenParameterSpec.Builder keySize;
        blockModes = new KeyGenParameterSpec.Builder(str, 3).setBlockModes("CBC");
        encryptionPaddings = blockModes.setEncryptionPaddings("PKCS7Padding");
        randomizedEncryptionRequired = encryptionPaddings.setRandomizedEncryptionRequired(true);
        keySize = randomizedEncryptionRequired.setKeySize(Function.MAX_NARGS);
        return keySize;
    }

    private KeyStore n() throws KeyStoreException, s7.c {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore;
        } catch (IOException | NoSuchAlgorithmException | CertificateException e10) {
            throw new s7.c("Could not access Keystore", e10);
        }
    }

    @TargetApi(23)
    private q7.c o(SecretKey secretKey) {
        boolean isInsideSecureHardware;
        try {
            isInsideSecureHardware = ((KeyInfo) SecretKeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(secretKey, KeyInfo.class)).isInsideSecureHardware();
            return isInsideSecureHardware ? q7.c.SECURE_HARDWARE : q7.c.SECURE_SOFTWARE;
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException unused) {
            return q7.c.ANY;
        }
    }

    @TargetApi(23)
    private SecretKey p(String str) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, NoSuchProviderException {
        KeyGenParameterSpec build;
        build = m(str).build();
        return j(build);
    }

    @TargetApi(28)
    private SecretKey q(String str) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, NoSuchProviderException {
        KeyGenParameterSpec.Builder isStrongBoxBacked;
        KeyGenParameterSpec build;
        if (Build.VERSION.SDK_INT < 28) {
            return null;
        }
        try {
            isStrongBoxBacked = m(str).setIsStrongBoxBacked(true);
            build = isStrongBoxBacked.build();
            return j(build);
        } catch (Exception e10) {
            if (e10 instanceof StrongBoxUnavailableException) {
                Log.i("KeystoreAESCBC", "StrongBox is unavailable on this device");
            } else {
                Log.e("KeystoreAESCBC", "An error occurred when trying to generate a StrongBoxSecurityKey: " + e10.getMessage());
            }
            return null;
        }
    }

    @TargetApi(23)
    private boolean r(q7.c cVar, SecretKey secretKey) {
        return o(secretKey).c(cVar);
    }

    @Override // r7.a
    public a.b a(String str, byte[] bArr, byte[] bArr2) throws s7.a {
        try {
            Key key = n().getKey(l(str), null);
            if (key != null) {
                return new a.b(h(key, bArr), h(key, bArr2), o((SecretKey) key));
            }
            throw new s7.a("The provided service/key could not be found in the Keystore");
        } catch (KeyStoreException e10) {
            e = e10;
            throw new s7.a("Could not get key from Keystore", e);
        } catch (NoSuchAlgorithmException e11) {
            e = e11;
            throw new s7.a("Could not get key from Keystore", e);
        } catch (UnrecoverableKeyException e12) {
            e = e12;
            throw new s7.a("Could not get key from Keystore", e);
        } catch (s7.c e13) {
            throw new s7.a("Could not access Keystore", e13);
        } catch (Exception e14) {
            throw new s7.a("Unknown error: " + e14.getMessage(), e14);
        }
    }

    @Override // r7.a
    public q7.c b() {
        return q7.c.SECURE_HARDWARE;
    }

    @Override // r7.a
    public String c() {
        return "KeystoreAESCBC";
    }

    @Override // r7.a
    public int d() {
        return 23;
    }

    @Override // r7.a
    @TargetApi(23)
    public a.c e(String str, String str2, String str3, q7.c cVar) throws s7.a {
        String l10 = l(str);
        try {
            try {
                KeyStore n10 = n();
                if (!n10.containsAlias(l10)) {
                    k(l10, cVar);
                }
                try {
                    Key key = n10.getKey(l10, null);
                    byte[] i10 = i(key, l10, str2);
                    byte[] i11 = i(key, l10, str3);
                    this.f13971a = true;
                    return new a.c(i10, i11, this);
                } catch (UnrecoverableKeyException e10) {
                    e10.printStackTrace();
                    if (!this.f13971a) {
                        throw e10;
                    }
                    this.f13971a = false;
                    n10.deleteEntry(l10);
                    return e(l10, str2, str3, cVar);
                }
            } catch (UnrecoverableKeyException e11) {
                e = e11;
                throw new s7.a("Could not encrypt data for service " + l10, e);
            }
        } catch (InvalidAlgorithmParameterException e12) {
            e = e12;
            throw new s7.a("Could not encrypt data for service " + l10, e);
        } catch (KeyStoreException e13) {
            e = e13;
            throw new s7.a("Could not access Keystore for service " + l10, e);
        } catch (NoSuchAlgorithmException e14) {
            e = e14;
            throw new s7.a("Could not encrypt data for service " + l10, e);
        } catch (NoSuchProviderException e15) {
            e = e15;
            throw new s7.a("Could not encrypt data for service " + l10, e);
        } catch (s7.c e16) {
            e = e16;
            throw new s7.a("Could not access Keystore for service " + l10, e);
        } catch (Exception e17) {
            throw new s7.a("Unknown error: " + e17.getMessage(), e17);
        }
    }

    @Override // r7.a
    public void f(String str) throws s7.c {
        String l10 = l(str);
        try {
            KeyStore n10 = n();
            if (n10.containsAlias(l10)) {
                n10.deleteEntry(l10);
            }
        } catch (KeyStoreException e10) {
            throw new s7.c("Failed to access Keystore", e10);
        } catch (Exception e11) {
            throw new s7.c("Unknown error " + e11.getMessage(), e11);
        }
    }

    @Override // r7.a
    public boolean g() {
        try {
            try {
                boolean r10 = r(q7.c.SECURE_HARDWARE, p("AndroidKeyStore#supportsSecureHardware"));
                try {
                    f("AndroidKeyStore#supportsSecureHardware");
                } catch (s7.c e10) {
                    Log.e("KeystoreAESCBC", "Unable to remove temp key from keychain", e10);
                }
                return r10;
            } catch (s7.c e11) {
                Log.e("KeystoreAESCBC", "Unable to remove temp key from keychain", e11);
                return false;
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException unused) {
            f("AndroidKeyStore#supportsSecureHardware");
            return false;
        } catch (Throwable th) {
            try {
                f("AndroidKeyStore#supportsSecureHardware");
            } catch (s7.c e12) {
                Log.e("KeystoreAESCBC", "Unable to remove temp key from keychain", e12);
            }
            throw th;
        }
    }
}
