package com.microsoft.aad.adal;

import android.content.Context;
import android.os.Build;
import android.util.Base64;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.security.DigestException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Calendar;
import java.util.Date;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes3.dex */
public class ta {

    /* renamed from: a, reason: collision with root package name */
    private static final String f43352a = "SHA256";

    /* renamed from: b, reason: collision with root package name */
    private static final String f43353b = "AdalKey";

    /* renamed from: c, reason: collision with root package name */
    private static final String f43354c = "adalks";

    /* renamed from: d, reason: collision with root package name */
    private static final String f43355d = "AES";

    /* renamed from: e, reason: collision with root package name */
    private static final String f43356e = "RSA/ECB/PKCS1Padding";

    /* renamed from: f, reason: collision with root package name */
    private static final String f43357f = "StorageHelper";

    /* renamed from: g, reason: collision with root package name */
    private static final String f43358g = "AES/CBC/PKCS5Padding";

    /* renamed from: h, reason: collision with root package name */
    private static final String f43359h = "HmacSHA256";

    /* renamed from: i, reason: collision with root package name */
    private static final int f43360i = 256;

    /* renamed from: j, reason: collision with root package name */
    public static final int f43361j = 16;

    /* renamed from: k, reason: collision with root package name */
    public static final int f43362k = 32;

    /* renamed from: l, reason: collision with root package name */
    public static final String f43363l = "A001";

    /* renamed from: m, reason: collision with root package name */
    public static final String f43364m = "U001";

    /* renamed from: n, reason: collision with root package name */
    private static final int f43365n = 4;
    private static final String o = "E1";
    private static String q;
    private final SecureRandom u = new SecureRandom();
    private KeyPair v;
    private Context w;
    private static final Object p = new Object();
    private static SecretKey r = null;
    private static SecretKey s = null;
    private static SecretKey t = null;

    public ta(Context context) {
        this.w = context;
    }

    @a.a.b(18)
    private Object a(X500Principal x500Principal, Date date, Date date2) {
        try {
            Class<?> cls = Class.forName("android.security.KeyPairGeneratorSpec$Builder");
            Constructor<?> declaredConstructor = cls.getDeclaredConstructor(Context.class);
            declaredConstructor.setAccessible(true);
            Object[] objArr = new Object[1];
            try {
                objArr[0] = this.w;
                Object newInstance = declaredConstructor.newInstance(objArr);
                Method declaredMethod = cls.getDeclaredMethod("setAlias", String.class);
                Method declaredMethod2 = cls.getDeclaredMethod("setSubject", X500Principal.class);
                Method declaredMethod3 = cls.getDeclaredMethod("setSerialNumber", BigInteger.class);
                Method declaredMethod4 = cls.getDeclaredMethod("setStartDate", Date.class);
                return cls.getDeclaredMethod("build", new Class[0]).invoke(cls.getDeclaredMethod("setEndDate", Date.class).invoke(declaredMethod4.invoke(declaredMethod3.invoke(declaredMethod2.invoke(declaredMethod.invoke(newInstance, f43353b), x500Principal), BigInteger.ONE), date), date2), new Object[0]);
            } catch (ClassNotFoundException e2) {
                e = e2;
                ma.a(f43357f, "android.security.KeyPairGeneratorSpec.Builder is not found", "", EnumC4624a.ANDROIDKEYSTORE_KEYPAIR_GENERATOR_FAILED, e);
                return null;
            } catch (IllegalAccessException e3) {
                e = e3;
                ma.a(f43357f, "android.security.KeyPairGeneratorSpec.Builder is not accessible", "", EnumC4624a.ANDROIDKEYSTORE_KEYPAIR_GENERATOR_FAILED, e);
                return null;
            } catch (IllegalArgumentException e4) {
                e = e4;
                ma.a(f43357f, "android.security.KeyPairGeneratorSpec.Builder argument is not valid", "", EnumC4624a.ANDROIDKEYSTORE_KEYPAIR_GENERATOR_FAILED, e);
                return null;
            } catch (InstantiationException e5) {
                e = e5;
                ma.a(f43357f, "android.security.KeyPairGeneratorSpec.Builder is not instantiated", "", EnumC4624a.ANDROIDKEYSTORE_KEYPAIR_GENERATOR_FAILED, e);
                return null;
            } catch (NoSuchMethodException e6) {
                e = e6;
                ma.a(f43357f, "android.security.KeyPairGeneratorSpec.Builder is not found", "", EnumC4624a.ANDROIDKEYSTORE_KEYPAIR_GENERATOR_FAILED, e);
                return null;
            } catch (InvocationTargetException e7) {
                e = e7;
                ma.a(f43357f, "android.security.KeyPairGeneratorSpec.Builder's method invoke failed", "", EnumC4624a.ANDROIDKEYSTORE_KEYPAIR_GENERATOR_FAILED, e);
                return null;
            }
        } catch (ClassNotFoundException e8) {
            e = e8;
        } catch (IllegalAccessException e9) {
            e = e9;
        } catch (IllegalArgumentException e10) {
            e = e10;
        } catch (InstantiationException e11) {
            e = e11;
        } catch (NoSuchMethodException e12) {
            e = e12;
        } catch (InvocationTargetException e13) {
            e = e13;
        }
    }

    @a.a.b(18)
    private SecretKey a(Cipher cipher, byte[] bArr) {
        cipher.init(4, this.v.getPrivate());
        return (SecretKey) cipher.unwrap(bArr, f43355d, 3);
    }

    private SecretKey a(SecretKey secretKey) {
        byte[] encoded = secretKey.getEncoded();
        return encoded != null ? new SecretKeySpec(MessageDigest.getInstance(f43352a).digest(encoded), f43355d) : secretKey;
    }

    private SecretKey a(byte[] bArr) {
        if (bArr != null) {
            return new SecretKeySpec(bArr, f43355d);
        }
        throw new IllegalArgumentException("rawBytes");
    }

    private void a() {
        Context context = this.w;
        File file = new File(context.getDir(context.getPackageName(), 0), f43354c);
        if (file.exists()) {
            ma.c(f43357f, "Delete KeyFile");
            file.delete();
        }
    }

    private static void a(File file, byte[] bArr) {
        ma.c(f43357f, "Writing key data to a file");
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        try {
            fileOutputStream.write(bArr);
        } finally {
            fileOutputStream.close();
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void a(byte[] bArr, int i2, int i3, byte[] bArr2) {
        if (bArr2.length != i3 - i2) {
            throw new IllegalArgumentException("Unexpected MAC length");
        }
        byte b2 = 0;
        for (int i4 = i2; i4 < i3; i4++) {
            b2 = (byte) (b2 | (bArr2[i4 - i2] ^ bArr[i4]));
        }
        if (b2 != 0) {
            throw new DigestException();
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private static byte[] a(File file) {
        ma.c(f43357f, "Reading key data from a file");
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[1024];
            while (true) {
                int read = fileInputStream.read(bArr);
                if (read == -1) {
                    return byteArrayOutputStream.toByteArray();
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
        } finally {
            fileInputStream.close();
        }
    }

    @a.a.b(18)
    private byte[] a(Cipher cipher, SecretKey secretKey) {
        cipher.init(3, this.v.getPublic());
        return cipher.wrap(secretKey);
    }

    private final SecretKey b() {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(f43355d);
        keyGenerator.init(256, this.u);
        return keyGenerator.generateKey();
    }

    private char c() {
        return (char) 99;
    }

    private SecretKey c(String str) {
        if (str.equals(f43364m)) {
            return a(B.INSTANCE.h());
        }
        if (str.equals(f43363l)) {
            if (Build.VERSION.SDK_INT < 18) {
                throw new IllegalArgumentException(String.format("keyVersion '%s' is not supported in this SDK. AndroidKeyStore is supported API18 and above.", str));
            }
            try {
                return e();
            } catch (Exception e2) {
                ma.a(f43357f, "Failed to get private key from AndroidKeyStore", "", EnumC4624a.ANDROIDKEYSTORE_FAILED, e2);
            }
        }
        throw new IllegalArgumentException("keyVersion");
    }

    @a.a.b(18)
    private synchronized KeyPair d() {
        KeyStore.PrivateKeyEntry privateKeyEntry;
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (keyStore.containsAlias(f43353b)) {
            ma.c(f43357f, "Key entry is available");
        } else {
            ma.c(f43357f, "Key entry is not available");
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 100);
            String format = String.format("CN=%s, OU=%s", f43353b, this.w.getPackageName());
            AlgorithmParameterSpec algorithmParameterSpec = (AlgorithmParameterSpec) a(new X500Principal(format), calendar.getTime(), calendar2.getTime());
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(algorithmParameterSpec);
            keyPairGenerator.generateKeyPair();
            ma.c(f43357f, "Key entry is generated for cert " + format);
        }
        ma.c(f43357f, "Reading Key entry");
        privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(f43353b, null);
        return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
    }

    @a.a.b(18)
    private final synchronized SecretKey e() {
        if (t != null) {
            return t;
        }
        File file = new File(this.w.getDir(this.w.getPackageName(), 0), f43354c);
        if (this.v == null) {
            this.v = d();
            ma.c(f43357f, "Retrived keypair from androidKeyStore");
        }
        Cipher cipher = Cipher.getInstance(f43356e);
        if (!file.exists()) {
            ma.c(f43357f, "Key file does not exists");
            SecretKey b2 = b();
            ma.c(f43357f, "Wrapping SecretKey");
            byte[] a2 = a(cipher, b2);
            ma.c(f43357f, "Writing SecretKey");
            a(file, a2);
            ma.c(f43357f, "Finished writing SecretKey");
        }
        ma.c(f43357f, "Reading SecretKey");
        try {
            t = a(cipher, a(file));
            ma.c(f43357f, "Finished reading SecretKey");
        } catch (Exception unused) {
            ma.a(f43357f, "Unwrap failed for AndroidKeyStore", "", EnumC4624a.ANDROIDKEYSTORE_FAILED);
            this.v = null;
            t = null;
            a();
            g();
            ma.c(f43357f, "Removed previous key pair info.");
        }
        return t;
    }

    private final void f() {
        if (r == null || s == null) {
            synchronized (p) {
                if (Build.VERSION.SDK_INT >= 18 && B.INSTANCE.h() == null) {
                    try {
                        r = e();
                        s = a(r);
                        q = f43363l;
                        return;
                    } catch (Exception e2) {
                        ma.a(f43357f, "Failed to get private key from AndroidKeyStore", "", EnumC4624a.ANDROIDKEYSTORE_FAILED, e2);
                    }
                }
                ma.c(f43357f, "Encryption will use secret key from Settings");
                r = a(B.INSTANCE.h());
                s = a(r);
                q = f43364m;
            }
        }
    }

    @a.a.b(18)
    private synchronized void g() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        keyStore.deleteEntry(f43353b);
    }

    public String a(String str) {
        ma.c(f43357f, "Starting decryption");
        if (ua.a(str)) {
            throw new IllegalArgumentException("Input is empty or null");
        }
        int charAt = str.charAt(0) - 'a';
        if (charAt <= 0) {
            throw new IllegalArgumentException(String.format("Encode version length: '%s' is not valid, it must be greater of equal to 0", Integer.valueOf(charAt)));
        }
        int i2 = charAt + 1;
        if (!str.substring(1, i2).equals(o)) {
            throw new IllegalArgumentException(String.format("Encode version received was: '%s', Encode version supported is: '%s'", str, o));
        }
        byte[] decode = Base64.decode(str.substring(i2), 0);
        SecretKey c2 = c(new String(decode, 0, 4, "UTF_8"));
        SecretKey a2 = a(c2);
        int length = (decode.length - 16) - 32;
        int length2 = decode.length - 32;
        int i3 = length - 4;
        if (length < 0 || length2 < 0 || i3 < 0) {
            throw new IllegalArgumentException("Given value is smaller than the IV vector and MAC length");
        }
        Cipher cipher = Cipher.getInstance(f43358g);
        Mac mac = Mac.getInstance(f43359h);
        mac.init(a2);
        mac.update(decode, 0, length2);
        a(decode, length2, decode.length, mac.doFinal());
        cipher.init(2, c2, new IvParameterSpec(decode, length, 16));
        String str2 = new String(cipher.doFinal(decode, 4, i3), "UTF_8");
        ma.c(f43357f, "Finished decryption");
        return str2;
    }

    public String b(String str) {
        ma.c(f43357f, "Starting encryption");
        if (ua.a(str)) {
            throw new IllegalArgumentException("Input is empty or null");
        }
        f();
        ma.c(f43357f, "Encrypt version:" + q);
        byte[] bytes = q.getBytes("UTF_8");
        byte[] bytes2 = str.getBytes("UTF_8");
        byte[] bArr = new byte[16];
        this.u.nextBytes(bArr);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
        Cipher cipher = Cipher.getInstance(f43358g);
        Mac mac = Mac.getInstance(f43359h);
        cipher.init(1, r, ivParameterSpec);
        byte[] doFinal = cipher.doFinal(bytes2);
        mac.init(s);
        mac.update(bytes);
        mac.update(doFinal);
        mac.update(bArr);
        byte[] doFinal2 = mac.doFinal();
        byte[] bArr2 = new byte[bytes.length + doFinal.length + bArr.length + doFinal2.length];
        System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
        System.arraycopy(doFinal, 0, bArr2, bytes.length, doFinal.length);
        System.arraycopy(bArr, 0, bArr2, bytes.length + doFinal.length, bArr.length);
        System.arraycopy(doFinal2, 0, bArr2, bytes.length + doFinal.length + bArr.length, doFinal2.length);
        String str2 = new String(Base64.encode(bArr2, 2), "UTF_8");
        ma.c(f43357f, "Finished encryption");
        return c() + o + str2;
    }
}
