package x0;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import asp.lockmail.core.common.models.EncryptedData;
import asp.lockmail.framework.preferences.LockmailPreferences;
import com.arenim.crypttalk.logging.AppLogger;
import java.io.IOException;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.util.Calendar;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import o.g;

@Metadata(bv = {}, d1 = {"\u0000j\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0000\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0016\n\u0002\u0018\u0002\n\u0002\b\u0004\u0018\u00002\u00020\u00012\u00020\u0002B\u0017\u0012\u0006\u0010:\u001a\u000209\u0012\u0006\u0010$\u001a\u00020\"¢\u0006\u0004\b;\u0010<J\u001c\u0010\u0007\u001a\u0004\u0018\u00010\u00062\u0006\u0010\u0004\u001a\u00020\u00032\b\u0010\u0005\u001a\u0004\u0018\u00010\u0003H\u0016J\u0012\u0010\b\u001a\u0004\u0018\u00010\u00032\u0006\u0010\u0004\u001a\u00020\u0006H\u0016J\b\u0010\n\u001a\u00020\tH\u0016J\u0010\u0010\r\u001a\u00020\t2\u0006\u0010\f\u001a\u00020\u000bH\u0016J\b\u0010\u000f\u001a\u00020\u000eH\u0016J%\u0010\u0013\u001a\u00020\u000e\"\f\b\u0000\u0010\u0012*\u00060\u0010j\u0002`\u00112\u0006\u0010\b\u001a\u00028\u0000H\u0000¢\u0006\u0004\b\u0013\u0010\u0014J&\u0010\u0019\u001a\u00020\u000e2\n\u0010\b\u001a\u00060\u0010j\u0002`\u00112\b\u0010\u0016\u001a\u0004\u0018\u00010\u00152\u0006\u0010\u0018\u001a\u00020\u0017H\u0016J\u001c\u0010\u001d\u001a\u0004\u0018\u00010\u001c2\u0006\u0010\u001a\u001a\u00020\u000b2\b\u0010\u001b\u001a\u0004\u0018\u00010\u0003H\u0002J\u0012\u0010 \u001a\u0004\u0018\u00010\u001f2\u0006\u0010\u001e\u001a\u00020\u0017H\u0002J\b\u0010!\u001a\u00020\u000eH\u0002R\u0014\u0010$\u001a\u00020\"8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\n\u0010#R\u0014\u0010&\u001a\u00020\u00178\u0002X\u0082D¢\u0006\u0006\n\u0004\b\u0007\u0010%R\u0014\u0010'\u001a\u00020\u00178\u0002X\u0082D¢\u0006\u0006\n\u0004\b\u000f\u0010%R\u0014\u0010(\u001a\u00020\u00178\u0002X\u0082D¢\u0006\u0006\n\u0004\b\r\u0010%R\u0014\u0010)\u001a\u00020\u00178\u0002X\u0082D¢\u0006\u0006\n\u0004\b\b\u0010%R$\u0010/\u001a\u0004\u0018\u00010\u00028\u0004@\u0004X\u0084\u000e¢\u0006\u0012\n\u0004\b\u0019\u0010*\u001a\u0004\b+\u0010,\"\u0004\b-\u0010.R\u0018\u00101\u001a\u0004\u0018\u00010\u00158\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b!\u00100R\u0018\u00103\u001a\u0004\u0018\u00010\u001f8\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b\u001d\u00102R\u0018\u00105\u001a\u0004\u0018\u00010\u001c8\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b \u00104R\u0016\u00107\u001a\u00020\u000b8\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b\u0013\u00106R\u0016\u0010\u0018\u001a\u00020\u00178\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b8\u0010%¨\u0006="}, d2 = {"Lx0/b;", "Lr/a;", "Lr/b;", "", "data", "IV", "Lasp/lockmail/core/common/models/EncryptedData;", "b", "e", "", "a", "", "secs", "d", "", "c", "Ljava/lang/Exception;", "Lkotlin/Exception;", "T", "j", "(Ljava/lang/Exception;)Z", "Ljava/security/KeyStore;", "keyStore", "", "keyAlias", "f", "mode", "iv", "Ljavax/crypto/Cipher;", "h", "alias", "Ljava/security/Key;", "i", "g", "Lo/g;", "Lo/g;", "buildConfigDataSource", "Ljava/lang/String;", "KEYSTORE_PROVIDER", "OLD_ALIAS", "PASSCODE_KEY_ALIAS", "RSA_CIPHER", "Lr/b;", "getRecoveryHandler", "()Lr/b;", "setRecoveryHandler", "(Lr/b;)V", "recoveryHandler", "Ljava/security/KeyStore;", "store", "Ljava/security/Key;", "key", "Ljavax/crypto/Cipher;", "cipher", "I", "validitySecs", "k", "Lasp/lockmail/framework/preferences/LockmailPreferences;", "preferences", "<init>", "(Lasp/lockmail/framework/preferences/LockmailPreferences;Lo/g;)V", "framework_release"}, k = 1, mv = {1, 6, 0})
/* loaded from: classes.dex */
public final class b implements r.a, r.b {

    /* renamed from: a, reason: collision with root package name and from kotlin metadata */
    public final g buildConfigDataSource;

    /* renamed from: b, reason: collision with root package name and from kotlin metadata */
    public final String KEYSTORE_PROVIDER;

    /* renamed from: c, reason: collision with root package name and from kotlin metadata */
    public final String OLD_ALIAS;

    /* renamed from: d, reason: collision with root package name and from kotlin metadata */
    public final String PASSCODE_KEY_ALIAS;

    /* renamed from: e, reason: collision with root package name and from kotlin metadata */
    public final String RSA_CIPHER;

    /* renamed from: f, reason: collision with root package name and from kotlin metadata */
    public r.b recoveryHandler;

    /* renamed from: g, reason: collision with root package name and from kotlin metadata */
    public KeyStore store;

    /* renamed from: h, reason: collision with root package name and from kotlin metadata */
    public Key key;

    /* renamed from: i, reason: collision with root package name and from kotlin metadata */
    public Cipher cipher;

    /* renamed from: j, reason: collision with root package name and from kotlin metadata */
    public int validitySecs;

    /* renamed from: k, reason: collision with root package name and from kotlin metadata */
    public String keyAlias;

    public b(LockmailPreferences preferences, g buildConfigDataSource) {
        Intrinsics.checkNotNullParameter(preferences, "preferences");
        Intrinsics.checkNotNullParameter(buildConfigDataSource, "buildConfigDataSource");
        this.buildConfigDataSource = buildConfigDataSource;
        this.KEYSTORE_PROVIDER = "AndroidKeyStore";
        this.OLD_ALIAS = "com.arenim.crypttalk.security.passcode.rsa.key";
        this.PASSCODE_KEY_ALIAS = "asp.lockmail.security.passcode.key";
        this.RSA_CIPHER = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
        this.validitySecs = 30;
        this.keyAlias = "asp.lockmail.security.passcode.key";
        this.recoveryHandler = this;
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        this.store = keyStore;
        if (keyStore != null) {
            keyStore.load(null);
        }
        boolean z10 = false;
        if (preferences.a()) {
            KeyStore keyStore2 = this.store;
            if (keyStore2 != null && keyStore2.containsAlias("com.arenim.crypttalk.security.passcode.rsa.key")) {
                this.keyAlias = "com.arenim.crypttalk.security.passcode.rsa.key";
            }
        } else {
            a();
        }
        try {
            g();
            this.key = i(this.keyAlias);
        } catch (Exception e10) {
            if (!(e10 instanceof CertificateException ? true : e10 instanceof NoSuchAlgorithmException)) {
                if (!(e10 instanceof IOException)) {
                    z10 = j(e10);
                } else if (e10.getCause() instanceof BadPaddingException) {
                    z10 = j(e10);
                }
            }
        }
        if (z10) {
            g();
            this.key = i(this.keyAlias);
        }
    }

    @Override // r.a
    public void a() {
        KeyStore keyStore = this.store;
        if (keyStore != null) {
            if (keyStore.containsAlias(this.OLD_ALIAS)) {
                keyStore.deleteEntry(this.OLD_ALIAS);
            }
            if (keyStore.containsAlias(this.PASSCODE_KEY_ALIAS)) {
                keyStore.deleteEntry(this.PASSCODE_KEY_ALIAS);
            }
        }
        this.key = null;
    }

    @Override // r.a
    public EncryptedData b(byte[] data, byte[] IV) {
        Intrinsics.checkNotNullParameter(data, "data");
        if (this.key == null) {
            KeyStore keyStore = this.store;
            boolean z10 = false;
            if (keyStore != null && keyStore.containsAlias(this.OLD_ALIAS)) {
                z10 = true;
            }
            if (z10) {
                AppLogger.INSTANCE.a().h("Deleting passcode rsa key entry with old alias...");
                KeyStore keyStore2 = this.store;
                if (keyStore2 != null) {
                    keyStore2.deleteEntry(this.OLD_ALIAS);
                }
            }
            this.keyAlias = this.PASSCODE_KEY_ALIAS;
            g();
            this.key = i(this.keyAlias);
        }
        Cipher h10 = h(1, IV);
        if (h10 == null) {
            return null;
        }
        byte[] doFinal = h10.doFinal(data);
        Intrinsics.checkNotNullExpressionValue(doFinal, "it.doFinal(data)");
        return new EncryptedData(IV, doFinal, null);
    }

    @Override // r.a
    public boolean c() {
        KeyStore keyStore = this.store;
        boolean containsAlias = keyStore == null ? false : keyStore.containsAlias(this.OLD_ALIAS);
        if (containsAlias) {
            this.key = null;
        }
        return containsAlias;
    }

    @Override // r.a
    public void d(int secs) {
        if (secs < 5) {
            secs = 5;
        }
        this.validitySecs = secs;
        a();
        this.key = null;
    }

    @Override // r.a
    public byte[] e(EncryptedData data) {
        Intrinsics.checkNotNullParameter(data, "data");
        if (this.key == null) {
            KeyStore keyStore = this.store;
            boolean z10 = false;
            if (keyStore != null && keyStore.containsAlias(this.OLD_ALIAS)) {
                z10 = true;
            }
            if (z10) {
                AppLogger.INSTANCE.a().h("Deleting passcode rsa key entry with old alias...");
                KeyStore keyStore2 = this.store;
                if (keyStore2 != null) {
                    keyStore2.deleteEntry(this.OLD_ALIAS);
                }
            }
            this.keyAlias = this.PASSCODE_KEY_ALIAS;
            g();
            this.key = i(this.keyAlias);
        }
        Cipher h10 = h(2, data.getIV());
        if (h10 == null) {
            return null;
        }
        return h10.doFinal(data.getData());
    }

    @Override // r.b
    public boolean f(Exception e10, KeyStore keyStore, String keyAlias) {
        Intrinsics.checkNotNullParameter(e10, "e");
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        if (!Intrinsics.areEqual(this.keyAlias, keyAlias)) {
            return false;
        }
        if (keyStore != null) {
            try {
                keyStore.deleteEntry(keyAlias);
            } catch (KeyStoreException unused) {
                return false;
            }
        }
        this.keyAlias = this.PASSCODE_KEY_ALIAS;
        return true;
    }

    public final boolean g() {
        KeyStore keyStore = this.store;
        if (keyStore == null) {
            return false;
        }
        try {
            Calendar calendar = Calendar.getInstance();
            calendar.add(6, -1);
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 25);
            if (keyStore.containsAlias(this.keyAlias)) {
                return false;
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", this.KEYSTORE_PROVIDER);
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(this.keyAlias, 2).setCertificateSubject(new X500Principal("CN = " + this.buildConfigDataSource.h() + " Secured Preferences, O = " + this.buildConfigDataSource.b() + ' ')).setCertificateSerialNumber(BigInteger.ONE).setKeyValidityEnd(calendar2.getTime()).setKeyValidityStart(calendar.getTime()).setBlockModes("ECB").setDigests("SHA-256").setEncryptionPaddings("OAEPPadding").setRandomizedEncryptionRequired(false).setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(this.validitySecs).build();
            Intrinsics.checkNotNullExpressionValue(build, "Builder(\n               …                 .build()");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:23:0x0038  */
    /* JADX WARN: Removed duplicated region for block: B:26:0x0046  */
    /* JADX WARN: Removed duplicated region for block: B:29:0x0048 A[Catch: Exception -> 0x0066, TryCatch #1 {Exception -> 0x0066, blocks: (B:18:0x0021, B:21:0x0034, B:24:0x003e, B:27:0x004c, B:29:0x0048, B:30:0x003a, B:31:0x0027, B:34:0x0030), top: B:17:0x0021, outer: #0 }] */
    /* JADX WARN: Removed duplicated region for block: B:30:0x003a A[Catch: Exception -> 0x0066, TryCatch #1 {Exception -> 0x0066, blocks: (B:18:0x0021, B:21:0x0034, B:24:0x003e, B:27:0x004c, B:29:0x0048, B:30:0x003a, B:31:0x0027, B:34:0x0030), top: B:17:0x0021, outer: #0 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final javax.crypto.Cipher h(int r8, byte[] r9) {
        /*
            r7 = this;
            r9 = 0
            java.security.KeyStore r0 = r7.store     // Catch: java.lang.Exception -> L7e
            if (r0 != 0) goto L6
            return r9
        L6:
            java.security.Key r0 = r7.key     // Catch: java.lang.Exception -> L7e
            if (r0 != 0) goto L15
            r7.g()     // Catch: java.lang.Exception -> L7e
            java.lang.String r0 = r7.keyAlias     // Catch: java.lang.Exception -> L7e
            java.security.Key r0 = r7.i(r0)     // Catch: java.lang.Exception -> L7e
            r7.key = r0     // Catch: java.lang.Exception -> L7e
        L15:
            java.lang.String r0 = r7.RSA_CIPHER     // Catch: java.lang.Exception -> L7e
            javax.crypto.Cipher r0 = javax.crypto.Cipher.getInstance(r0)     // Catch: java.lang.Exception -> L7e
            if (r0 != 0) goto L1e
            goto L7d
        L1e:
            r1 = 1
            if (r8 != r1) goto L75
            java.security.KeyStore r1 = r7.store     // Catch: java.lang.Exception -> L66
            if (r1 != 0) goto L27
        L25:
            r1 = r9
            goto L34
        L27:
            java.lang.String r2 = r7.keyAlias     // Catch: java.lang.Exception -> L66
            java.security.cert.Certificate r1 = r1.getCertificate(r2)     // Catch: java.lang.Exception -> L66
            if (r1 != 0) goto L30
            goto L25
        L30:
            java.security.PublicKey r1 = r1.getPublicKey()     // Catch: java.lang.Exception -> L66
        L34:
            java.security.Key r2 = r7.key     // Catch: java.lang.Exception -> L66
            if (r2 != 0) goto L3a
            r2 = r9
            goto L3e
        L3a:
            java.lang.String r2 = r2.getAlgorithm()     // Catch: java.lang.Exception -> L66
        L3e:
            java.security.KeyFactory r2 = java.security.KeyFactory.getInstance(r2)     // Catch: java.lang.Exception -> L66
            java.security.spec.X509EncodedKeySpec r3 = new java.security.spec.X509EncodedKeySpec     // Catch: java.lang.Exception -> L66
            if (r1 != 0) goto L48
            r1 = r9
            goto L4c
        L48:
            byte[] r1 = r1.getEncoded()     // Catch: java.lang.Exception -> L66
        L4c:
            r3.<init>(r1)     // Catch: java.lang.Exception -> L66
            java.security.PublicKey r1 = r2.generatePublic(r3)     // Catch: java.lang.Exception -> L66
            javax.crypto.spec.OAEPParameterSpec r2 = new javax.crypto.spec.OAEPParameterSpec     // Catch: java.lang.Exception -> L66
            java.lang.String r3 = "SHA-256"
            java.lang.String r4 = "MGF1"
            java.security.spec.MGF1ParameterSpec r5 = java.security.spec.MGF1ParameterSpec.SHA1     // Catch: java.lang.Exception -> L66
            javax.crypto.spec.PSource$PSpecified r6 = javax.crypto.spec.PSource.PSpecified.DEFAULT     // Catch: java.lang.Exception -> L66
            r2.<init>(r3, r4, r5, r6)     // Catch: java.lang.Exception -> L66
            r0.init(r8, r1, r2)     // Catch: java.lang.Exception -> L66
            r7.cipher = r0     // Catch: java.lang.Exception -> L66
            goto L7c
        L66:
            r8 = move-exception
            com.arenim.crypttalk.logging.AppLogger$a r0 = com.arenim.crypttalk.logging.AppLogger.INSTANCE     // Catch: java.lang.Exception -> L7e
            com.arenim.crypttalk.logging.AppLogger r0 = r0.a()     // Catch: java.lang.Exception -> L7e
            java.lang.String r8 = s.e.a(r8)     // Catch: java.lang.Exception -> L7e
            r0.d(r8)     // Catch: java.lang.Exception -> L7e
            return r9
        L75:
            java.security.Key r1 = r7.key     // Catch: java.lang.Exception -> L7e
            r0.init(r8, r1)     // Catch: java.lang.Exception -> L7e
            r7.cipher = r0     // Catch: java.lang.Exception -> L7e
        L7c:
            r9 = r0
        L7d:
            return r9
        L7e:
            r8 = move-exception
            com.arenim.crypttalk.logging.AppLogger$a r0 = com.arenim.crypttalk.logging.AppLogger.INSTANCE
            com.arenim.crypttalk.logging.AppLogger r0 = r0.a()
            java.lang.String r8 = s.e.a(r8)
            r0.d(r8)
            return r9
        */
        throw new UnsupportedOperationException("Method not decompiled: x0.b.h(int, byte[]):javax.crypto.Cipher");
    }

    public final Key i(String alias) {
        PrivateKey privateKey;
        KeyStore keyStore = this.store;
        if (keyStore == null || !keyStore.containsAlias(alias) || !keyStore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) {
            return null;
        }
        if (Build.VERSION.SDK_INT >= 28) {
            Key key = keyStore.getKey(alias, null);
            if (key == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.PrivateKey");
            }
            privateKey = (PrivateKey) key;
        } else {
            KeyStore.Entry entry = keyStore.getEntry(alias, null);
            if (entry == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
            }
            privateKey = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
        }
        return privateKey;
    }

    public final <T extends Exception> boolean j(T e10) {
        Intrinsics.checkNotNullParameter(e10, "e");
        r.b bVar = this.recoveryHandler;
        if (bVar != null) {
            return bVar == null ? false : bVar.f(e10, this.store, this.keyAlias);
        }
        return false;
    }
}
