package org.matrix.android.sdk.api.securestorage;

import android.annotation.SuppressLint;
import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.support.v4.media.MediaBrowserCompat$MediaBrowserImplBase$$ExternalSyntheticOutline0;
import androidx.annotation.RequiresApi;
import androidx.browser.trusted.TrustedWebActivityServiceConnection$$ExternalSyntheticOutline0;
import com.posthog.android.payloads.AliasPayload;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.SecureRandom;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.inject.Inject;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.Triple;
import kotlin.Unit;
import kotlin.io.ByteStreamsKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import org.apache.commons.codec.language.bm.Languages;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.matrix.android.sdk.api.util.BuildVersionSdkIntProvider;
import org.matrix.android.sdk.internal.crypto.secrets.DefaultSharedSecretStorageService;
import timber.log.Timber;

/* compiled from: SecretStoringUtils.kt */
@Metadata(d1 = {"\u0000z\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\f\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0007\u0018\u0000 @2\u00020\u0001:\u0001@B)\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\b\b\u0002\u0010\b\u001a\u00020\t¢\u0006\u0002\u0010\nJ\u0018\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0012H\u0002J\u0018\u0010\u0013\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0012H\u0003J\u0018\u0010\u0014\u001a\u00020\u000e2\u0006\u0010\u0015\u001a\u00020\u000e2\u0006\u0010\u0011\u001a\u00020\u0012H\u0002J\u0018\u0010\u0016\u001a\u00020\u000e2\u0006\u0010\u0015\u001a\u00020\u000e2\u0006\u0010\u0011\u001a\u00020\u0012H\u0003J\u0010\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u0012H\u0007J\"\u0010\u001a\u001a\u0014\u0012\u0004\u0012\u00020\u000e\u0012\u0004\u0012\u00020\u000e\u0012\u0004\u0012\u00020\u000e0\u001b2\u0006\u0010\u001c\u001a\u00020\u0010H\u0002J \u0010\u001d\u001a\u00020\u000e2\u0006\u0010\u001e\u001a\u00020\u000e2\u0006\u0010\u001f\u001a\u00020\u000e2\u0006\u0010 \u001a\u00020\u000eH\u0002J\u001c\u0010!\u001a\u000e\u0012\u0004\u0012\u00020\u000e\u0012\u0004\u0012\u00020\u000e0\"2\u0006\u0010\u001c\u001a\u00020\u0010H\u0002J\u0018\u0010#\u001a\u00020\u000e2\u0006\u0010\u001f\u001a\u00020\u000e2\u0006\u0010$\u001a\u00020\u000eH\u0002J\u000e\u0010%\u001a\u00020&2\u0006\u0010\u0019\u001a\u00020\u0012J\u0010\u0010'\u001a\u00020(2\u0006\u0010\u0019\u001a\u00020\u0012H\u0002J\u0010\u0010)\u001a\u00020*2\u0006\u0010\u0019\u001a\u00020\u0012H\u0003J%\u0010+\u001a\u0004\u0018\u0001H,\"\u0004\b\u0000\u0010,2\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u000f\u001a\u00020\u0010H\u0002¢\u0006\u0002\u0010-J%\u0010.\u001a\u0004\u0018\u0001H,\"\u0004\b\u0000\u0010,2\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u000f\u001a\u00020\u0010H\u0003¢\u0006\u0002\u0010-J%\u0010/\u001a\u0004\u0018\u0001H,\"\u0004\b\u0000\u0010,2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0012H\u0007¢\u0006\u0002\u00100J\u0018\u00101\u001a\u00020\u000e2\u0006\u00102\u001a\u00020\u000e2\u0006\u0010\u0011\u001a\u00020\u0012H\u0007J\u0018\u00103\u001a\u00020\u000e2\u0006\u0010\u0019\u001a\u00020\u00122\u0006\u00102\u001a\u00020\u0010H\u0002J\u0018\u00104\u001a\u00020\u000e2\u0006\u0010\u0019\u001a\u00020\u00122\u0006\u00105\u001a\u00020\u000eH\u0002J\u000e\u00106\u001a\u0002072\u0006\u0010\u0011\u001a\u00020\u0012J \u00108\u001a\u0002072\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u00109\u001a\u00020:2\u0006\u0010;\u001a\u00020\u0001H\u0002J \u0010<\u001a\u0002072\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u00109\u001a\u00020:2\u0006\u0010;\u001a\u00020\u0001H\u0003J\u0016\u0010=\u001a\u00020\u000e2\u0006\u00105\u001a\u00020\u000e2\u0006\u0010\u0011\u001a\u00020\u0012J\u001e\u0010>\u001a\u0002072\u0006\u0010?\u001a\u00020\u00012\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u00109\u001a\u00020:R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u000b\u001a\u00020\fX\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006A"}, d2 = {"Lorg/matrix/android/sdk/api/securestorage/SecretStoringUtils;", "", "context", "Landroid/content/Context;", "keyStore", "Ljava/security/KeyStore;", "buildVersionSdkIntProvider", "Lorg/matrix/android/sdk/api/util/BuildVersionSdkIntProvider;", "keyNeedsUserAuthentication", "", "(Landroid/content/Context;Ljava/security/KeyStore;Lorg/matrix/android/sdk/api/util/BuildVersionSdkIntProvider;Z)V", "secureRandom", "Ljava/security/SecureRandom;", "decryptBytes", "", "inputStream", "Ljava/io/InputStream;", "keyAlias", "", "decryptBytesM", "encryptBytes", "byteArray", "encryptBytesM", "ensureKey", "Ljava/security/KeyStore$Entry;", AliasPayload.ALIAS_KEY, "format1Extract", "Lkotlin/Triple;", "bis", "format1Make", "encryptedKey", "iv", "encryptedBytes", "formatMExtract", "Lkotlin/Pair;", "formatMMake", "data", "getEncryptCipher", "Ljavax/crypto/Cipher;", "getOrGenerateKeyPairForAlias", "Ljava/security/KeyStore$PrivateKeyEntry;", "getOrGenerateSymmetricKeyForAliasM", "Ljavax/crypto/SecretKey;", "loadSecureObject", "T", "(Ljava/lang/String;Ljava/io/InputStream;)Ljava/lang/Object;", "loadSecureObjectM", "loadSecureSecret", "(Ljava/io/InputStream;Ljava/lang/String;)Ljava/lang/Object;", "loadSecureSecretBytes", DefaultSharedSecretStorageService.ENCRYPTED, "rsaDecrypt", "rsaEncrypt", "secret", "safeDeleteKey", "", "saveSecureObject", "output", "Ljava/io/OutputStream;", "writeObject", "saveSecureObjectM", "securelyStoreBytes", "securelyStoreObject", Languages.ANY, "Companion", "matrix-sdk-android_rustCryptoRelease"}, k = 1, mv = {1, 8, 0}, xi = 48)
@SourceDebugExtension({"SMAP\nSecretStoringUtils.kt\nKotlin\n*S Kotlin\n*F\n+ 1 SecretStoringUtils.kt\norg/matrix/android/sdk/api/securestorage/SecretStoringUtils\n+ 2 fake.kt\nkotlin/jvm/internal/FakeKt\n*L\n1#1,461:1\n1#2:462\n*E\n"})
/* loaded from: classes7.dex */
public final class SecretStoringUtils {

    @NotNull
    public static final String AES_MODE = "AES/GCM/NoPadding";

    @NotNull
    public static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    public static final byte FORMAT_1 = 1;
    public static final byte FORMAT_API_M = 0;

    @NotNull
    public static final String RSA_MODE = "RSA/ECB/PKCS1Padding";

    @NotNull
    public final BuildVersionSdkIntProvider buildVersionSdkIntProvider;

    @NotNull
    public final Context context;
    public final boolean keyNeedsUserAuthentication;

    @NotNull
    public final KeyStore keyStore;

    @NotNull
    public final SecureRandom secureRandom;

    @Inject
    public SecretStoringUtils(@NotNull Context context, @NotNull KeyStore keyStore, @NotNull BuildVersionSdkIntProvider buildVersionSdkIntProvider, boolean z) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(keyStore, "keyStore");
        Intrinsics.checkNotNullParameter(buildVersionSdkIntProvider, "buildVersionSdkIntProvider");
        this.context = context;
        this.keyStore = keyStore;
        this.buildVersionSdkIntProvider = buildVersionSdkIntProvider;
        this.keyNeedsUserAuthentication = z;
        this.secureRandom = new SecureRandom();
    }

    public /* synthetic */ SecretStoringUtils(Context context, KeyStore keyStore, BuildVersionSdkIntProvider buildVersionSdkIntProvider, boolean z, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this(context, keyStore, buildVersionSdkIntProvider, (i & 8) != 0 ? false : z);
    }

    public final byte[] decryptBytes(InputStream inputStream, String keyAlias) {
        Triple<byte[], byte[], byte[]> format1Extract = format1Extract(inputStream);
        byte[] component1 = format1Extract.component1();
        byte[] component2 = format1Extract.component2();
        byte[] component3 = format1Extract.component3();
        byte[] rsaDecrypt = rsaDecrypt(keyAlias, new ByteArrayInputStream(component1));
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, new SecretKeySpec(rsaDecrypt, "AES"), new GCMParameterSpec(128, component2));
        byte[] doFinal = cipher.doFinal(component3);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(encrypted)");
        return doFinal;
    }

    @RequiresApi(23)
    public final byte[] decryptBytesM(InputStream inputStream, String keyAlias) {
        Pair<byte[], byte[]> formatMExtract = formatMExtract(inputStream);
        byte[] component1 = formatMExtract.component1();
        byte[] component2 = formatMExtract.component2();
        SecretKey orGenerateSymmetricKeyForAliasM = getOrGenerateSymmetricKeyForAliasM(keyAlias);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, orGenerateSymmetricKeyForAliasM, new GCMParameterSpec(128, component1));
        byte[] doFinal = cipher.doFinal(component2);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(encryptedText)");
        return doFinal;
    }

    public final byte[] encryptBytes(byte[] byteArray, String keyAlias) {
        byte[] bArr = new byte[16];
        this.secureRandom.nextBytes(bArr);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        byte[] rsaEncrypt = rsaEncrypt(keyAlias, bArr);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, secretKeySpec);
        byte[] iv = cipher.getIV();
        byte[] doFinal = cipher.doFinal(byteArray);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(byteArray)");
        Intrinsics.checkNotNullExpressionValue(iv, "iv");
        return format1Make(rsaEncrypt, iv, doFinal);
    }

    @RequiresApi(23)
    public final byte[] encryptBytesM(byte[] byteArray, String keyAlias) {
        Cipher encryptCipher = getEncryptCipher(keyAlias);
        byte[] iv = encryptCipher.getIV();
        byte[] doFinal = encryptCipher.doFinal(byteArray);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(byteArray)");
        Intrinsics.checkNotNullExpressionValue(iv, "iv");
        return formatMMake(iv, doFinal);
    }

    @SuppressLint({"NewApi"})
    @NotNull
    public final KeyStore.Entry ensureKey(@NotNull String alias) {
        Intrinsics.checkNotNullParameter(alias, "alias");
        if (this.buildVersionSdkIntProvider.get() >= 23) {
            getOrGenerateSymmetricKeyForAliasM(alias);
        } else {
            getOrGenerateKeyPairForAlias(alias).getPrivateKey();
        }
        KeyStore.Entry entry = this.keyStore.getEntry(alias, null);
        Intrinsics.checkNotNullExpressionValue(entry, "keyStore.getEntry(alias, null)");
        return entry;
    }

    public final Triple<byte[], byte[], byte[]> format1Extract(InputStream bis) {
        byte[] bArr = new byte[(bis.read() << 8) + bis.read()];
        bis.read(bArr);
        byte[] bArr2 = new byte[bis.read()];
        bis.read(bArr2);
        return new Triple<>(bArr, bArr2, ByteStreamsKt.readBytes(bis));
    }

    public final byte[] format1Make(byte[] encryptedKey, byte[] iv, byte[] encryptedBytes) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(encryptedKey.length + 4 + iv.length + encryptedBytes.length);
        byteArrayOutputStream.write(1);
        byteArrayOutputStream.write((encryptedKey.length & 65280) >> 8);
        byteArrayOutputStream.write(encryptedKey.length & 255);
        byteArrayOutputStream.write(encryptedKey);
        byteArrayOutputStream.write(iv.length);
        byteArrayOutputStream.write(iv);
        byteArrayOutputStream.write(encryptedBytes);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        Intrinsics.checkNotNullExpressionValue(byteArray, "bos.toByteArray()");
        return byteArray;
    }

    public final Pair<byte[], byte[]> formatMExtract(InputStream bis) {
        int read = bis.read();
        byte[] bArr = new byte[read];
        bis.read(bArr, 0, read);
        return new Pair<>(bArr, ByteStreamsKt.readBytes(bis));
    }

    public final byte[] formatMMake(byte[] iv, byte[] data) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(iv.length + 2 + data.length);
        byteArrayOutputStream.write(0);
        byteArrayOutputStream.write(iv.length);
        byteArrayOutputStream.write(iv);
        byteArrayOutputStream.write(data);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        Intrinsics.checkNotNullExpressionValue(byteArray, "bos.toByteArray()");
        return byteArray;
    }

    @NotNull
    public final Cipher getEncryptCipher(@NotNull String alias) {
        Key publicKey;
        Intrinsics.checkNotNullParameter(alias, "alias");
        KeyStore.Entry ensureKey = ensureKey(alias);
        if (ensureKey instanceof KeyStore.SecretKeyEntry) {
            publicKey = ((KeyStore.SecretKeyEntry) ensureKey).getSecretKey();
        } else {
            if (!(ensureKey instanceof KeyStore.PrivateKeyEntry)) {
                throw new IllegalStateException("Unknown KeyEntry type.");
            }
            publicKey = ((KeyStore.PrivateKeyEntry) ensureKey).getCertificate().getPublicKey();
        }
        Cipher cipher = Cipher.getInstance(this.buildVersionSdkIntProvider.get() >= 23 ? "AES/GCM/NoPadding" : RSA_MODE);
        cipher.init(1, publicKey);
        Intrinsics.checkNotNullExpressionValue(cipher, "cipher");
        return cipher;
    }

    public final KeyStore.PrivateKeyEntry getOrGenerateKeyPairForAlias(String alias) {
        KeyStore.Entry entry = this.keyStore.getEntry(alias, null);
        KeyStore.PrivateKeyEntry privateKeyEntry = entry instanceof KeyStore.PrivateKeyEntry ? (KeyStore.PrivateKeyEntry) entry : null;
        if (privateKeyEntry != null) {
            return privateKeyEntry;
        }
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 30);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.context).setAlias(alias).setSubject(new X500Principal(TrustedWebActivityServiceConnection$$ExternalSyntheticOutline0.m("CN=", alias))).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        Intrinsics.checkNotNullExpressionValue(build, "Builder(context)\n       …\n                .build()");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
        KeyStore.Entry entry2 = this.keyStore.getEntry(alias, null);
        Intrinsics.checkNotNull(entry2, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
        return (KeyStore.PrivateKeyEntry) entry2;
    }

    @RequiresApi(23)
    public final SecretKey getOrGenerateSymmetricKeyForAliasM(String alias) {
        KeyStore.Entry entry = this.keyStore.getEntry(alias, null);
        KeyStore.SecretKeyEntry secretKeyEntry = entry instanceof KeyStore.SecretKeyEntry ? (KeyStore.SecretKeyEntry) entry : null;
        SecretKey secretKey = secretKeyEntry != null ? secretKeyEntry.getSecretKey() : null;
        if (secretKey != null) {
            return secretKey;
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        final KeyGenParameterSpec.Builder userAuthenticationRequired = new KeyGenParameterSpec.Builder(alias, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(128).setUserAuthenticationRequired(this.keyNeedsUserAuthentication);
        if (this.keyNeedsUserAuthentication) {
            this.buildVersionSdkIntProvider.whenAtLeast(24, new Function0<KeyGenParameterSpec.Builder>() { // from class: org.matrix.android.sdk.api.securestorage.SecretStoringUtils$getOrGenerateSymmetricKeyForAliasM$keyGenSpec$1$1
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(0);
                }

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // kotlin.jvm.functions.Function0
                @NotNull
                public final KeyGenParameterSpec.Builder invoke() {
                    KeyGenParameterSpec.Builder invalidatedByBiometricEnrollment;
                    invalidatedByBiometricEnrollment = userAuthenticationRequired.setInvalidatedByBiometricEnrollment(true);
                    return invalidatedByBiometricEnrollment;
                }
            });
            this.buildVersionSdkIntProvider.whenAtLeast(28, new Function0<KeyGenParameterSpec.Builder>() { // from class: org.matrix.android.sdk.api.securestorage.SecretStoringUtils$getOrGenerateSymmetricKeyForAliasM$keyGenSpec$1$2
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(0);
                }

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // kotlin.jvm.functions.Function0
                @NotNull
                public final KeyGenParameterSpec.Builder invoke() {
                    KeyGenParameterSpec.Builder unlockedDeviceRequired;
                    unlockedDeviceRequired = userAuthenticationRequired.setUnlockedDeviceRequired(true);
                    return unlockedDeviceRequired;
                }
            });
        }
        KeyGenParameterSpec build = userAuthenticationRequired.build();
        Intrinsics.checkNotNullExpressionValue(build, "Builder(\n               …                 .build()");
        keyGenerator.init(build);
        SecretKey generateKey = keyGenerator.generateKey();
        Intrinsics.checkNotNullExpressionValue(generateKey, "generator.generateKey()");
        return generateKey;
    }

    public final <T> T loadSecureObject(String keyAlias, InputStream inputStream) throws IOException {
        Triple<byte[], byte[], byte[]> format1Extract = format1Extract(inputStream);
        byte[] component1 = format1Extract.component1();
        byte[] component2 = format1Extract.component2();
        byte[] component3 = format1Extract.component3();
        byte[] rsaDecrypt = rsaDecrypt(keyAlias, new ByteArrayInputStream(component1));
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, new SecretKeySpec(rsaDecrypt, "AES"), new GCMParameterSpec(128, component2));
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(component3), cipher);
        try {
            ObjectInputStream objectInputStream = new ObjectInputStream(cipherInputStream);
            try {
                T t = (T) objectInputStream.readObject();
                if (t == null) {
                    t = null;
                }
                CloseableKt.closeFinally(objectInputStream, null);
                CloseableKt.closeFinally(cipherInputStream, null);
                return t;
            } finally {
            }
        } finally {
        }
    }

    @RequiresApi(23)
    public final <T> T loadSecureObjectM(String keyAlias, InputStream inputStream) throws IOException {
        SecretKey orGenerateSymmetricKeyForAliasM = getOrGenerateSymmetricKeyForAliasM(keyAlias);
        int read = inputStream.read();
        byte[] bArr = new byte[read];
        inputStream.read(bArr, 0, read);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, orGenerateSymmetricKeyForAliasM, new GCMParameterSpec(128, bArr));
        CipherInputStream cipherInputStream = new CipherInputStream(inputStream, cipher);
        try {
            ObjectInputStream objectInputStream = new ObjectInputStream(cipherInputStream);
            try {
                T t = (T) objectInputStream.readObject();
                if (t == null) {
                    t = null;
                }
                CloseableKt.closeFinally(objectInputStream, null);
                CloseableKt.closeFinally(cipherInputStream, null);
                return t;
            } finally {
            }
        } finally {
        }
    }

    @SuppressLint({"NewApi"})
    @Nullable
    public final <T> T loadSecureSecret(@NotNull InputStream inputStream, @NotNull String keyAlias) {
        Intrinsics.checkNotNullParameter(inputStream, "inputStream");
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        byte read = (byte) inputStream.read();
        if (read == 0) {
            return (T) loadSecureObjectM(keyAlias, inputStream);
        }
        if (read == 1) {
            return (T) loadSecureObject(keyAlias, inputStream);
        }
        throw new IllegalArgumentException(MediaBrowserCompat$MediaBrowserImplBase$$ExternalSyntheticOutline0.m("Unknown format ", read));
    }

    @SuppressLint({"NewApi"})
    @NotNull
    public final byte[] loadSecureSecretBytes(@NotNull byte[] encrypted, @NotNull String keyAlias) throws Exception {
        byte[] decryptBytes;
        Intrinsics.checkNotNullParameter(encrypted, "encrypted");
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(encrypted);
        try {
            byte read = (byte) byteArrayInputStream.read();
            if (read == 0) {
                decryptBytes = decryptBytesM(byteArrayInputStream, keyAlias);
            } else {
                if (read != 1) {
                    throw new IllegalArgumentException("Unknown format " + ((int) read));
                }
                decryptBytes = decryptBytes(byteArrayInputStream, keyAlias);
            }
            CloseableKt.closeFinally(byteArrayInputStream, null);
            return decryptBytes;
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                CloseableKt.closeFinally(byteArrayInputStream, th);
                throw th2;
            }
        }
    }

    public final byte[] rsaDecrypt(String alias, InputStream encrypted) throws Exception {
        KeyStore.PrivateKeyEntry orGenerateKeyPairForAlias = getOrGenerateKeyPairForAlias(alias);
        Cipher cipher = Cipher.getInstance(RSA_MODE);
        cipher.init(2, orGenerateKeyPairForAlias.getPrivateKey());
        CipherInputStream cipherInputStream = new CipherInputStream(encrypted, cipher);
        try {
            byte[] readBytes = ByteStreamsKt.readBytes(cipherInputStream);
            CloseableKt.closeFinally(cipherInputStream, null);
            return readBytes;
        } finally {
        }
    }

    public final byte[] rsaEncrypt(String alias, byte[] secret) throws Exception {
        Cipher encryptCipher = getEncryptCipher(alias);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, encryptCipher);
        try {
            cipherOutputStream.write(secret);
            Unit unit = Unit.INSTANCE;
            CloseableKt.closeFinally(cipherOutputStream, null);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            Intrinsics.checkNotNullExpressionValue(byteArray, "outputStream.toByteArray()");
            return byteArray;
        } finally {
        }
    }

    public final void safeDeleteKey(@NotNull String keyAlias) {
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        try {
            this.keyStore.deleteEntry(keyAlias);
        } catch (KeyStoreException e) {
            Timber.INSTANCE.e(e);
        }
    }

    public final void saveSecureObject(String keyAlias, OutputStream output, Object writeObject) {
        byte[] bArr = new byte[16];
        this.secureRandom.nextBytes(bArr);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        byte[] rsaEncrypt = rsaEncrypt(keyAlias, bArr);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, secretKeySpec);
        byte[] iv = cipher.getIV();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(new CipherOutputStream(byteArrayOutputStream, cipher));
        try {
            objectOutputStream.writeObject(writeObject);
            Unit unit = Unit.INSTANCE;
            CloseableKt.closeFinally(objectOutputStream, null);
            output.write(1);
            output.write((rsaEncrypt.length & 65280) >> 8);
            output.write(rsaEncrypt.length & 255);
            output.write(rsaEncrypt);
            output.write(iv.length);
            output.write(iv);
            output.write(byteArrayOutputStream.toByteArray());
        } finally {
        }
    }

    @RequiresApi(23)
    public final void saveSecureObjectM(String keyAlias, OutputStream output, Object writeObject) throws IOException {
        Cipher encryptCipher = getEncryptCipher(keyAlias);
        byte[] iv = encryptCipher.getIV();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
        try {
            objectOutputStream.writeObject(writeObject);
            Unit unit = Unit.INSTANCE;
            CloseableKt.closeFinally(objectOutputStream, null);
            byte[] doFinal = encryptCipher.doFinal(byteArrayOutputStream.toByteArray());
            output.write(0);
            output.write(iv.length);
            output.write(iv);
            output.write(doFinal);
        } finally {
        }
    }

    @NotNull
    public final byte[] securelyStoreBytes(@NotNull byte[] secret, @NotNull String keyAlias) throws Exception {
        Intrinsics.checkNotNullParameter(secret, "secret");
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        return this.buildVersionSdkIntProvider.isAtLeast(23) ? encryptBytesM(secret, keyAlias) : encryptBytes(secret, keyAlias);
    }

    public final void securelyStoreObject(@NotNull Object any, @NotNull String keyAlias, @NotNull OutputStream output) {
        Intrinsics.checkNotNullParameter(any, "any");
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        Intrinsics.checkNotNullParameter(output, "output");
        if (this.buildVersionSdkIntProvider.isAtLeast(23)) {
            saveSecureObjectM(keyAlias, output, any);
        } else {
            saveSecureObject(keyAlias, output, any);
        }
    }
}
