package me.proton.core.crypto.android.keystore;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import bc.g0;
import bc.m;
import bc.o;
import bc.t;
import bc.u;
import ic.b;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.ProviderException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import kc.a;
import kotlin.collections.l;
import kotlin.jvm.internal.k;
import kotlin.jvm.internal.s;
import kotlin.text.v;
import me.proton.core.crypto.common.keystore.EncryptedByteArray;
import me.proton.core.crypto.common.keystore.KeyStoreCrypto;
import me.proton.core.crypto.common.keystore.LogTag;
import me.proton.core.crypto.common.keystore.PlainByteArray;
import me.proton.core.util.kotlin.CoreLogger;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: AndroidKeyStoreCrypto.kt */
/* loaded from: classes3.dex */
public final class AndroidKeyStoreCrypto implements KeyStoreCrypto {

    @NotNull
    private static final String androidKeyStore = "AndroidKeyStore";
    private static final int cipherGCMTagBits = 128;
    private static final int cipherIvBytes = 12;

    @NotNull
    private static final String cipherTransformation = "AES/GCM/NoPadding";

    @NotNull
    private static final m<AndroidKeyStoreCrypto> default$delegate;

    @NotNull
    private static final String defaultMasterKeyAlias = "_me_proton_core_data_crypto_master_key_";

    @NotNull
    private static final String keyAlgorithm = "AES";

    @NotNull
    private static final String keyBlockMode = "GCM";

    @NotNull
    private static final String keyEncryptionPadding = "NoPadding";
    private static final int keyPurpose = 3;
    private static final int keySize = 256;
    private static final double maxWaitTimeMillisecondsBeforeRetry = 100.0d;

    @NotNull
    private final a<Cipher> cipherFactory;

    @NotNull
    private final a<KeyGenerator> keyGeneratorFactory;

    @NotNull
    private final a<KeyStore> keyStoreFactory;

    @NotNull
    private final String masterKeyAlias;

    @Nullable
    private volatile Key secretKey;
    private volatile boolean secretKeyInitialized;

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private static final Object lock = new Object();

    /* compiled from: AndroidKeyStoreCrypto.kt */
    /* loaded from: classes3.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(k kVar) {
            this();
        }

        @NotNull
        public final AndroidKeyStoreCrypto getDefault() {
            return (AndroidKeyStoreCrypto) AndroidKeyStoreCrypto.default$delegate.getValue();
        }
    }

    static {
        m<AndroidKeyStoreCrypto> a10;
        a10 = o.a(AndroidKeyStoreCrypto$Companion$default$2.INSTANCE);
        default$delegate = a10;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public AndroidKeyStoreCrypto(@NotNull String masterKeyAlias, @NotNull a<? extends KeyStore> keyStoreFactory, @NotNull a<? extends KeyGenerator> keyGeneratorFactory, @NotNull a<? extends Cipher> cipherFactory) {
        s.e(masterKeyAlias, "masterKeyAlias");
        s.e(keyStoreFactory, "keyStoreFactory");
        s.e(keyGeneratorFactory, "keyGeneratorFactory");
        s.e(cipherFactory, "cipherFactory");
        this.masterKeyAlias = masterKeyAlias;
        this.keyStoreFactory = keyStoreFactory;
        this.keyGeneratorFactory = keyGeneratorFactory;
        this.cipherFactory = cipherFactory;
    }

    private final String decryptOrRetry(String str, Key key) {
        String s10;
        byte[] encryptedByteArray = Base64.decode(str, 2);
        s.d(encryptedByteArray, "encryptedByteArray");
        PlainByteArray decryptOrRetry = decryptOrRetry(new EncryptedByteArray(encryptedByteArray), key);
        try {
            s10 = v.s(decryptOrRetry.getArray());
            b.a(decryptOrRetry, null);
            return s10;
        } finally {
        }
    }

    private final PlainByteArray decryptOrRetry(EncryptedByteArray encryptedByteArray, Key key) {
        return (PlainByteArray) runOrRetryOnce(LogTag.KEYSTORE_DECRYPT_RETRY, new AndroidKeyStoreCrypto$decryptOrRetry$1(this, encryptedByteArray, key));
    }

    private final String encryptOrRetry(String str, Key key) {
        byte[] t10;
        t10 = v.t(str);
        PlainByteArray plainByteArray = new PlainByteArray(t10);
        try {
            String encodeToString = Base64.encodeToString(encryptOrRetry(plainByteArray, key).getArray(), 2);
            b.a(plainByteArray, null);
            s.d(encodeToString, "value.encodeToByteArray(…Base64.NO_WRAP)\n        }");
            return encodeToString;
        } finally {
        }
    }

    private final EncryptedByteArray encryptOrRetry(PlainByteArray plainByteArray, Key key) {
        return (EncryptedByteArray) runOrRetryOnce(LogTag.KEYSTORE_ENCRYPT_RETRY, new AndroidKeyStoreCrypto$encryptOrRetry$1(this, plainByteArray, key));
    }

    private final <T> T runOrRetryOnce(String str, a<? extends T> aVar) {
        try {
            return aVar.invoke();
        } catch (GeneralSecurityException e10) {
            return (T) logAndRetry$crypto_android_release(str, e10, aVar);
        } catch (ProviderException e11) {
            return (T) logAndRetry$crypto_android_release(str, e11, aVar);
        }
    }

    private final void sleep() {
        try {
            Thread.sleep((long) (Math.random() * maxWaitTimeMillisecondsBeforeRetry));
        } catch (InterruptedException unused) {
        }
    }

    public final void clearKeySync$crypto_android_release() {
        synchronized (lock) {
            this.secretKey = null;
            this.secretKeyInitialized = false;
            g0 g0Var = g0.f6362a;
        }
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    @NotNull
    public String decrypt(@NotNull String value) {
        String decryptOrRetry;
        s.e(value, "value");
        Key secretKeySync$crypto_android_release = getSecretKeySync$crypto_android_release();
        return (secretKeySync$crypto_android_release == null || (decryptOrRetry = decryptOrRetry(value, secretKeySync$crypto_android_release)) == null) ? value : decryptOrRetry;
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    @NotNull
    public PlainByteArray decrypt(@NotNull EncryptedByteArray value) {
        s.e(value, "value");
        Key secretKeySync$crypto_android_release = getSecretKeySync$crypto_android_release();
        PlainByteArray decryptOrRetry = secretKeySync$crypto_android_release == null ? null : decryptOrRetry(value, secretKeySync$crypto_android_release);
        if (decryptOrRetry != null) {
            return decryptOrRetry;
        }
        byte[] array = value.getArray();
        byte[] copyOf = Arrays.copyOf(array, array.length);
        s.d(copyOf, "copyOf(this, size)");
        return new PlainByteArray(copyOf);
    }

    @NotNull
    public final PlainByteArray decryptInternal$crypto_android_release(@NotNull EncryptedByteArray value, @NotNull Key key) {
        byte[] i10;
        s.e(value, "value");
        s.e(key, "key");
        Cipher invoke = this.cipherFactory.invoke();
        byte[] copyOf = Arrays.copyOf(value.getArray(), 12);
        s.d(copyOf, "copyOf(this, newSize)");
        i10 = l.i(value.getArray(), 12, value.getArray().length);
        invoke.init(2, key, new GCMParameterSpec(128, copyOf));
        byte[] doFinal = invoke.doFinal(i10);
        s.d(doFinal, "cipher.doFinal(cipherByteArray)");
        return new PlainByteArray(doFinal);
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    @NotNull
    public String encrypt(@NotNull String value) {
        String encryptOrRetry;
        s.e(value, "value");
        Key secretKeySync$crypto_android_release = getSecretKeySync$crypto_android_release();
        return (secretKeySync$crypto_android_release == null || (encryptOrRetry = encryptOrRetry(value, secretKeySync$crypto_android_release)) == null) ? value : encryptOrRetry;
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    @NotNull
    public EncryptedByteArray encrypt(@NotNull PlainByteArray value) {
        s.e(value, "value");
        Key secretKeySync$crypto_android_release = getSecretKeySync$crypto_android_release();
        EncryptedByteArray encryptOrRetry = secretKeySync$crypto_android_release == null ? null : encryptOrRetry(value, secretKeySync$crypto_android_release);
        if (encryptOrRetry != null) {
            return encryptOrRetry;
        }
        byte[] array = value.getArray();
        byte[] copyOf = Arrays.copyOf(array, array.length);
        s.d(copyOf, "copyOf(this, size)");
        return new EncryptedByteArray(copyOf);
    }

    @NotNull
    public final EncryptedByteArray encryptInternal$crypto_android_release(@NotNull PlainByteArray value, @NotNull Key key) {
        byte[] q10;
        s.e(value, "value");
        s.e(key, "key");
        Cipher invoke = this.cipherFactory.invoke();
        invoke.init(1, key);
        byte[] cipherByteArray = invoke.doFinal(value.getArray());
        byte[] iv = invoke.getIV();
        s.d(iv, "cipher.iv");
        s.d(cipherByteArray, "cipherByteArray");
        q10 = l.q(iv, cipherByteArray);
        return new EncryptedByteArray(q10);
    }

    @NotNull
    public final Key generateNewKey$crypto_android_release(@NotNull KeyStore keyStore) {
        s.e(keyStore, "keyStore");
        if (keyStore.containsAlias(this.masterKeyAlias)) {
            keyStore.deleteEntry(this.masterKeyAlias);
            g0 g0Var = g0.f6362a;
            CoreLogger.INSTANCE.i(LogTag.KEYSTORE_INIT_DELETE_KEY, "Deleted '" + this.masterKeyAlias + "' entry from this keystore.");
        }
        KeyGenerator invoke = this.keyGeneratorFactory.invoke();
        invoke.init(new KeyGenParameterSpec.Builder(this.masterKeyAlias, 3).setBlockModes(keyBlockMode).setEncryptionPaddings(keyEncryptionPadding).setKeySize(keySize).build());
        SecretKey generateKey = invoke.generateKey();
        CoreLogger.INSTANCE.i(LogTag.KEYSTORE_INIT_ADD_KEY, "Added '" + this.masterKeyAlias + "' entry in this keystore.");
        s.d(generateKey, "keyGeneratorFactory.invo…)\n            }\n        }");
        return generateKey;
    }

    @Nullable
    public final Key getKey$crypto_android_release(@NotNull KeyStore keyStore) {
        s.e(keyStore, "keyStore");
        if (keyStore.containsAlias(this.masterKeyAlias)) {
            return keyStore.getKey(this.masterKeyAlias, null);
        }
        return null;
    }

    @Nullable
    public final Key getKeyOrRetryOrNull$crypto_android_release(@NotNull KeyStore keyStore) {
        Object b10;
        s.e(keyStore, "keyStore");
        try {
            t.a aVar = t.f6374j;
            b10 = t.b((Key) runOrRetryOnce(LogTag.KEYSTORE_INIT_RETRY, new AndroidKeyStoreCrypto$getKeyOrRetryOrNull$1$1(this, keyStore)));
        } catch (Throwable th) {
            t.a aVar2 = t.f6374j;
            b10 = t.b(u.a(th));
        }
        if (t.g(b10)) {
            b10 = null;
        }
        return (Key) b10;
    }

    @Nullable
    public final Key getSecretKeySync$crypto_android_release() {
        Key key;
        synchronized (lock) {
            if (!this.secretKeyInitialized) {
                setSecretKeySync$crypto_android_release(initKey$crypto_android_release());
            }
            key = this.secretKey;
        }
        return key;
    }

    @Nullable
    public final Key initKey$crypto_android_release() {
        KeyStore invoke = this.keyStoreFactory.invoke();
        invoke.load(null);
        Key keyOrRetryOrNull$crypto_android_release = getKeyOrRetryOrNull$crypto_android_release(invoke);
        if (keyOrRetryOrNull$crypto_android_release == null) {
            keyOrRetryOrNull$crypto_android_release = generateNewKey$crypto_android_release(invoke);
        }
        if (isUsableKey$crypto_android_release(keyOrRetryOrNull$crypto_android_release)) {
            return keyOrRetryOrNull$crypto_android_release;
        }
        return null;
    }

    public final boolean isUsableKey$crypto_android_release(@NotNull Key key) {
        Object b10;
        s.e(key, "key");
        try {
            t.a aVar = t.f6374j;
        } catch (Throwable th) {
            t.a aVar2 = t.f6374j;
            b10 = t.b(u.a(th));
        }
        if (!s.a("message", decryptOrRetry(encryptOrRetry("message", key), key))) {
            throw new IllegalStateException("Check failed.".toString());
        }
        b10 = t.b(Boolean.TRUE);
        Throwable e10 = t.e(b10);
        if (e10 != null) {
            CoreLogger.INSTANCE.e(LogTag.KEYSTORE_INIT, e10);
            b10 = Boolean.FALSE;
        }
        return ((Boolean) b10).booleanValue();
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    public boolean isUsingKeyStore() {
        return getSecretKeySync$crypto_android_release() != null;
    }

    public final <T> T logAndRetry$crypto_android_release(@NotNull String logTag, @NotNull Throwable error, @NotNull a<? extends T> block) {
        s.e(logTag, "logTag");
        s.e(error, "error");
        s.e(block, "block");
        CoreLogger.INSTANCE.e(logTag, error);
        sleep();
        return block.invoke();
    }

    public final void setSecretKeySync$crypto_android_release(@Nullable Key key) {
        synchronized (lock) {
            this.secretKey = key;
            this.secretKeyInitialized = true;
            g0 g0Var = g0.f6362a;
        }
    }
}
