package com.microsoft.identity.internal.device;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.microsoft.identity.internal.EccKeyResponse;
import com.microsoft.identity.internal.StatusInternal;
import com.microsoft.identity.internal.TempError;
import defpackage.AbstractC5265o;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidParameterSpecException;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* loaded from: classes2.dex */
public class NoKeyStoreEccKeyFactoryImplV2 extends NoKeyStoreEccKeyFactoryImpl {
    static final String AES_GCM_MODE = "AES/GCM/NoPadding";
    private KeyStore mKeyStore;

    public NoKeyStoreEccKeyFactoryImplV2(Context context, Provider provider) {
        super(context, provider);
    }

    private HashMap<String, Serializable> deserializeEccKey(String str, SecretKey secretKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, IOException, ClassNotFoundException {
        byte[] decode = Base64.decode(str, 2);
        int i2 = ((decode[0] << 24) & (-16777216)) | ((decode[1] << 16) & 16711680) | ((decode[2] << 8) & 65280) | (decode[3] & 255);
        int i10 = ((-16777216) & (decode[5] << 24)) | ((decode[6] << 16) & 16711680) | ((decode[7] << 8) & 65280) | (decode[8] & 255);
        byte[] copyOfRange = Arrays.copyOfRange(decode, 9, i2);
        byte[] copyOfRange2 = Arrays.copyOfRange(decode, i2, decode.length);
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(i10, copyOfRange);
        Cipher cipher = Cipher.getInstance(AES_GCM_MODE);
        cipher.init(2, secretKey, gCMParameterSpec);
        cipher.updateAAD(decode, 0, 9);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(cipher.doFinal(copyOfRange2));
        try {
            ObjectInputStream objectInputStream = new ObjectInputStream(byteArrayInputStream);
            try {
                Object readObject = objectInputStream.readObject();
                if (readObject instanceof HashMap) {
                    HashMap<String, Serializable> hashMap = new HashMap<>();
                    HashMap hashMap2 = (HashMap) readObject;
                    Object obj = hashMap2.get("Key");
                    if (obj instanceof KeyPair) {
                        hashMap.put("Key", (KeyPair) obj);
                        Object obj2 = hashMap2.get("CreationDate");
                        if (obj2 instanceof Date) {
                            hashMap.put("CreationDate", (Date) obj2);
                            objectInputStream.close();
                            byteArrayInputStream.close();
                            return hashMap;
                        }
                    }
                }
                objectInputStream.close();
                byteArrayInputStream.close();
                return null;
            } catch (Throwable th) {
                try {
                    objectInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (Throwable th3) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }

    private SecretKey generateSingleUseEncryptionKey(String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setKeySize(256).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(true).setUserAuthenticationRequired(false).build());
        return keyGenerator.generateKey();
    }

    private String getEncryptedEccKeyId(String str) {
        return AbstractC5265o.o(str, ".v2");
    }

    private String getEncryptionKeyId(String str) {
        return AbstractC5265o.s(new StringBuilder(), getEncryptedEccKeyId(str), ".ek");
    }

    private String serializeEccKey(KeyPair keyPair, Date date, SecretKey secretKey) throws IOException, NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidParameterSpecException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
            try {
                HashMap hashMap = new HashMap();
                hashMap.put("Key", keyPair);
                hashMap.put("CreationDate", date);
                objectOutputStream.writeObject(hashMap);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                objectOutputStream.close();
                byteArrayOutputStream.close();
                Cipher cipher = Cipher.getInstance(AES_GCM_MODE);
                cipher.init(1, secretKey);
                GCMParameterSpec gCMParameterSpec = (GCMParameterSpec) cipher.getParameters().getParameterSpec(GCMParameterSpec.class);
                byte[] iv = gCMParameterSpec.getIV();
                int tLen = gCMParameterSpec.getTLen();
                int length = iv.length + 9;
                byte[] bArr = new byte[length];
                bArr[0] = (byte) (length >> 24);
                bArr[1] = (byte) (length >> 16);
                bArr[2] = (byte) (length >> 8);
                bArr[3] = (byte) length;
                bArr[4] = 1;
                bArr[5] = (byte) (tLen >> 24);
                bArr[6] = (byte) (tLen >> 16);
                bArr[7] = (byte) (tLen >> 8);
                bArr[8] = (byte) tLen;
                System.arraycopy(iv, 0, bArr, 9, iv.length);
                cipher.updateAAD(bArr, 0, 9);
                byte[] doFinal = cipher.doFinal(byteArray);
                byte[] bArr2 = new byte[doFinal.length + length];
                System.arraycopy(bArr, 0, bArr2, 0, length);
                System.arraycopy(doFinal, 0, bArr2, length, doFinal.length);
                return Base64.encodeToString(bArr2, 2);
            } finally {
            }
        } catch (Throwable th) {
            try {
                byteArrayOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Override // com.microsoft.identity.internal.device.NoKeyStoreEccKeyFactoryImpl, com.microsoft.identity.internal.EccKeyFactory
    public TempError deleteEccKey(String str) {
        TempError deleteEccKey = super.deleteEccKey(str);
        if (deleteEccKey != null) {
            return deleteEccKey;
        }
        String encryptedEccKeyId = getEncryptedEccKeyId(str);
        this.mApplicationContext.getSharedPreferences("com.microsoft.identity.msa.device.keystore", 0).edit().remove(encryptedEccKeyId).commit();
        try {
            KeyStore systemKeyStore = getSystemKeyStore();
            if (systemKeyStore == null) {
                Diagnostics.logError(507377753, "KeyStore is null");
                return ErrorUtils.createError(507377752, StatusInternal.UNEXPECTED, "Failed to initialize KeyStore", null);
            }
            try {
                if (systemKeyStore.containsAlias(encryptedEccKeyId)) {
                    systemKeyStore.deleteEntry(encryptedEccKeyId);
                }
                return null;
            } catch (KeyStoreException e10) {
                Diagnostics.logException(507377751, e10);
                return ErrorUtils.createError(507377750, StatusInternal.UNEXPECTED, "Failed to delete encryption key from the store", e10);
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e11) {
            Diagnostics.logException(507377755, e11);
            return ErrorUtils.createError(507377754, StatusInternal.UNEXPECTED, "Failed to initialize KeyStore", e11);
        }
    }

    public SecretKey getEncryptionKey(String str) throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, UnrecoverableKeyException {
        KeyStore systemKeyStore = getSystemKeyStore();
        if (systemKeyStore != null) {
            return (SecretKey) systemKeyStore.getKey(str, null);
        }
        Diagnostics.logError(507377749, "Failed to load keystore");
        return null;
    }

    public KeyStore getSystemKeyStore() throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        if (this.mKeyStore == null) {
            synchronized (this) {
                try {
                    if (this.mKeyStore == null) {
                        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                        this.mKeyStore = keyStore;
                        if (keyStore != null) {
                            keyStore.load(null);
                        }
                    }
                } finally {
                }
            }
        }
        return this.mKeyStore;
    }

    @Override // com.microsoft.identity.internal.device.NoKeyStoreEccKeyFactoryImpl, com.microsoft.identity.internal.EccKeyFactory
    public EccKeyResponse loadEccKey(String str) {
        if (str.isEmpty()) {
            return fail(507377804, StatusInternal.UNEXPECTED, "Key id is empty.", null);
        }
        SharedPreferences sharedPreferences = this.mApplicationContext.getSharedPreferences("com.microsoft.identity.msa.device.keystore", 0);
        String string = sharedPreferences.getString(getEncryptedEccKeyId(str), "");
        if (!string.isEmpty()) {
            try {
                SecretKey encryptionKey = getEncryptionKey(getEncryptionKeyId(str));
                if (encryptionKey == null) {
                    return fail(507377802, StatusInternal.UNEXPECTED, "Failed to read encryption key", null);
                }
                try {
                    HashMap<String, Serializable> deserializeEccKey = deserializeEccKey(string, encryptionKey);
                    return deserializeEccKey == null ? fail(507377796, StatusInternal.UNEXPECTED, "Failed to deserialize device key", null) : new EccKeyResponse(new EccKeyImpl(str, (KeyPair) deserializeEccKey.get("Key"), this.mProvider, (Date) deserializeEccKey.get("CreationDate")), null);
                } catch (IOException e10) {
                    e = e10;
                    return fail(507377798, StatusInternal.UNEXPECTED, "Failed to deserialize device key", e);
                } catch (ClassNotFoundException e11) {
                    e = e11;
                    return fail(507377798, StatusInternal.UNEXPECTED, "Failed to deserialize device key", e);
                } catch (InvalidAlgorithmParameterException e12) {
                    e = e12;
                    return fail(507377801, StatusInternal.UNEXPECTED, "We must be running in unsupported environment", e);
                } catch (InvalidKeyException e13) {
                    return fail(507377800, StatusInternal.UNEXPECTED, "Encryption key is invalid", e13);
                } catch (NoSuchAlgorithmException e14) {
                    e = e14;
                    return fail(507377801, StatusInternal.UNEXPECTED, "We must be running in unsupported environment", e);
                } catch (BadPaddingException e15) {
                    e = e15;
                    return fail(507377799, StatusInternal.UNEXPECTED, "Failed to decrypt device key", e);
                } catch (IllegalBlockSizeException e16) {
                    e = e16;
                    return fail(507377799, StatusInternal.UNEXPECTED, "Failed to decrypt device key", e);
                } catch (NoSuchPaddingException e17) {
                    e = e17;
                    return fail(507377801, StatusInternal.UNEXPECTED, "We must be running in unsupported environment", e);
                } catch (Throwable th) {
                    return fail(507377797, StatusInternal.UNEXPECTED, "Unexpected error while deserializing device key", th);
                }
            } catch (Throwable th2) {
                return fail(507377803, StatusInternal.UNEXPECTED, "Failed to read encryption key", th2);
            }
        }
        String string2 = sharedPreferences.getString(str, "");
        if (string2.isEmpty()) {
            return new EccKeyResponse(null, null);
        }
        Diagnostics.logInfo(507377795, "Re-encrypting the device key");
        try {
            HashMap<String, Serializable> deserializeEccKey2 = super.deserializeEccKey(string2);
            if (deserializeEccKey2 == null) {
                return fail(507377792, StatusInternal.UNEXPECTED, "Failed to deserialize device key", null);
            }
            KeyPair keyPair = (KeyPair) deserializeEccKey2.get("Key");
            Date date = (Date) deserializeEccKey2.get("CreationDate");
            try {
                SecretKey generateSingleUseEncryptionKey = generateSingleUseEncryptionKey(getEncryptionKeyId(str));
                if (generateSingleUseEncryptionKey == null) {
                    return fail(507377762, StatusInternal.UNEXPECTED, "Failed to read encryption key", null);
                }
                try {
                    sharedPreferences.edit().putString(getEncryptedEccKeyId(str), serializeEccKey(keyPair, date, generateSingleUseEncryptionKey)).commit();
                    Diagnostics.logInfo(507377756, "Successfully re-encrypted the device key");
                    super.deleteEccKey(str);
                    return new EccKeyResponse(new EccKeyImpl(str, keyPair, this.mProvider, date), null);
                } catch (IOException e18) {
                    return fail(507377761, StatusInternal.UNEXPECTED, "Failed to serialize device key", e18);
                } catch (InvalidAlgorithmParameterException e19) {
                    e = e19;
                    return fail(507377760, StatusInternal.UNEXPECTED, "We must be running in unsupported environment", e);
                } catch (InvalidKeyException e20) {
                    return fail(507377758, StatusInternal.UNEXPECTED, "Encryption key is invalid", e20);
                } catch (NoSuchAlgorithmException e21) {
                    e = e21;
                    return fail(507377760, StatusInternal.UNEXPECTED, "We must be running in unsupported environment", e);
                } catch (BadPaddingException e22) {
                    e = e22;
                    return fail(507377759, StatusInternal.UNEXPECTED, "Failed to decrypt device key", e);
                } catch (IllegalBlockSizeException e23) {
                    e = e23;
                    return fail(507377759, StatusInternal.UNEXPECTED, "Failed to decrypt device key", e);
                } catch (NoSuchPaddingException e24) {
                    e = e24;
                    return fail(507377760, StatusInternal.UNEXPECTED, "We must be running in unsupported environment", e);
                } catch (Throwable th3) {
                    return fail(507377757, StatusInternal.UNEXPECTED, "Unexpected error while serializing device key", th3);
                }
            } catch (Throwable th4) {
                return fail(507377763, StatusInternal.UNEXPECTED, "Failed to read encryption key", th4);
            }
        } catch (Throwable th5) {
            Diagnostics.logException(507377794, th5);
            return fail(507377793, StatusInternal.UNEXPECTED, "Failed to deserialize encrypted key", th5);
        }
    }

    @Override // com.microsoft.identity.internal.device.NoKeyStoreEccKeyFactoryImpl
    public void storeEccKey(String str, KeyPair keyPair) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, IOException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidParameterSpecException {
        Diagnostics.logInfo(507377748, "Encrypting and storing device key into shared preferences");
        this.mApplicationContext.getSharedPreferences("com.microsoft.identity.msa.device.keystore", 0).edit().putString(getEncryptedEccKeyId(str), serializeEccKey(keyPair, new Date(), generateSingleUseEncryptionKey(getEncryptionKeyId(str)))).commit();
    }
}
