package g.h.b.a.e.a.d;

import android.annotation.SuppressLint;
import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.preference.PreferenceManager;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import g.f.b.u1.j0;
import g.h.b.a.h.m.e;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.DigestException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.Iterator;
import java.util.Locale;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* compiled from: StorageHelper.java */
@Deprecated
/* loaded from: classes.dex */
public class c {

    /* renamed from: i, reason: collision with root package name */
    public static final AtomicReference<String> f10055i = new AtomicReference<>("");

    /* renamed from: j, reason: collision with root package name */
    public static final AtomicBoolean f10056j = new AtomicBoolean(false);

    /* renamed from: a, reason: collision with root package name */
    public final Context f10057a;
    public KeyPair d;

    /* renamed from: e, reason: collision with root package name */
    public String f10058e;

    /* renamed from: f, reason: collision with root package name */
    public SecretKey f10059f = null;

    /* renamed from: g, reason: collision with root package name */
    public SecretKey f10060g = null;

    /* renamed from: h, reason: collision with root package name */
    public SecretKey f10061h = null;
    public final SecureRandom b = new SecureRandom();
    public g.h.b.a.h.q.b c = null;

    /* compiled from: StorageHelper.java */
    /* loaded from: classes.dex */
    public enum a {
        USER_DEFINED,
        ANDROID_KEY_STORE,
        UNENCRYPTED
    }

    /* compiled from: StorageHelper.java */
    /* loaded from: classes.dex */
    public enum b {
        LEGACY_AUTHENTICATOR_APP_KEY,
        LEGACY_COMPANY_PORTAL_KEY,
        ADAL_USER_DEFINED_KEY,
        KEYSTORE_ENCRYPTED_KEY
    }

    public c(Context context) {
        this.f10057a = context.getApplicationContext();
    }

    public static SecretKey k(byte[] bArr) {
        if (bArr != null) {
            return new SecretKeySpec(bArr, "AES");
        }
        throw new IllegalArgumentException("rawBytes");
    }

    public String a(String str) {
        SecretKey m2;
        b bVar = b.KEYSTORE_ENCRYPTED_KEY;
        g.h.b.a.i.b.h("StorageHelper:decrypt", "Starting decryption");
        if (g.h.b.a.e.a.f.b.g(str)) {
            throw new IllegalArgumentException("Input is empty or null");
        }
        if (g(str) == a.UNENCRYPTED) {
            e.l("StorageHelper:decrypt", "This string is not encrypted. Finished decryption.");
            return str;
        }
        if (this.c != null) {
            try {
                if (m(bVar) == null) {
                    this.c.a("StorageHelper:decrypt", Boolean.FALSE, "KEY_DECRYPTION_KEYSTORE_KEY_NOT_INITIALIZED");
                }
            } catch (Exception unused) {
                this.c.a("StorageHelper:decrypt", Boolean.FALSE, "KEY_DECRYPTION_KEYSTORE_KEY_FAILED_TO_LOAD");
            }
        }
        String j2 = j();
        b bVar2 = b.LEGACY_AUTHENTICATOR_APP_KEY;
        b bVar3 = b.LEGACY_COMPANY_PORTAL_KEY;
        ArrayList arrayList = new ArrayList();
        a g2 = g(str);
        if (g2 == a.USER_DEFINED) {
            if (!j0.C(this.f10057a)) {
                arrayList.add(b.ADAL_USER_DEFINED_KEY);
            } else if ("com.microsoft.windowsintune.companyportal".equalsIgnoreCase(j2) || "com.microsoft.identity.testuserapp".equalsIgnoreCase(j2)) {
                arrayList.add(bVar3);
                arrayList.add(bVar2);
            } else {
                if (!"com.azure.authenticator".equalsIgnoreCase(j2)) {
                    throw new IllegalStateException("Unexpected Broker package name.");
                }
                arrayList.add(bVar2);
                arrayList.add(bVar3);
            }
        } else if (g2 == a.ANDROID_KEY_STORE) {
            arrayList.add(bVar);
        }
        byte[] f2 = f(str);
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            b bVar4 = (b) it.next();
            try {
                m2 = m(bVar4);
            } catch (IOException | GeneralSecurityException e2) {
                SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(this.f10057a);
                String string = defaultSharedPreferences.getString("current_active_broker", "");
                String packageName = this.f10057a.getPackageName();
                if (!string.equalsIgnoreCase(packageName)) {
                    StringBuilder u = g.a.c.a.a.u("Decryption failed with key: ");
                    u.append(bVar4.name());
                    u.append(" Active broker: ");
                    u.append(packageName);
                    u.append(" Exception: ");
                    u.append(e2.toString());
                    String sb = u.toString();
                    e.f("StorageHelper:emitDecryptionFailureTelemetryIfNeeded", sb);
                    g.h.b.a.h.q.b bVar5 = this.c;
                    if (bVar5 != null) {
                        bVar5.a("decryption_error_v2", Boolean.TRUE, sb);
                    }
                    defaultSharedPreferences.edit().putString("current_active_broker", packageName).apply();
                }
            }
            if (m2 != null) {
                String b2 = b(f2, m2);
                e.j("StorageHelper:decrypt", "Finished decryption with keyType:" + bVar4.name());
                return b2;
            }
        }
        e.f("StorageHelper:decrypt", "Tried all decryption keys and decryption still fails. Throw an exception.");
        throw new GeneralSecurityException("decryption_failed");
    }

    public final String b(byte[] bArr, SecretKey secretKey) {
        SecretKey h2 = h(secretKey);
        int length = (bArr.length - 16) - 32;
        int length2 = bArr.length - 32;
        int i2 = length - 4;
        if (length < 0 || length2 < 0 || i2 < 0) {
            throw new IOException("Invalid byte array input for decryption.");
        }
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(h2);
        byte b2 = 0;
        mac.update(bArr, 0, length2);
        byte[] doFinal = mac.doFinal();
        q(h2);
        int length3 = bArr.length;
        if (doFinal.length != length3 - length2) {
            throw new IllegalArgumentException("Unexpected HMAC length");
        }
        for (int i3 = length2; i3 < length3; i3++) {
            b2 = (byte) (b2 | (doFinal[i3 - length2] ^ bArr[i3]));
        }
        if (b2 != 0) {
            throw new DigestException();
        }
        cipher.init(2, secretKey, new IvParameterSpec(bArr, length, 16));
        return new String(cipher.doFinal(bArr, 4, i2), g.h.b.a.e.a.a.f10038a);
    }

    public String c(String str) {
        SecretKey e2;
        if (g.h.b.a.e.a.f.b.g(str)) {
            throw new IllegalArgumentException("Input is empty or null");
        }
        g.h.b.a.i.b.h("StorageHelper:encrypt", "Starting encryption");
        b bVar = b.KEYSTORE_ENCRYPTED_KEY;
        synchronized (this) {
            if (this.f10059f != null && this.f10060g != null) {
                e2 = this.f10059f;
            } else if (j0.C(this.f10057a)) {
                if (this.c != null) {
                    try {
                        if (m(bVar) == null) {
                            this.c.a("StorageHelper:loadSecretKeyForEncryption", Boolean.FALSE, "KEY_ENCRYPTION_KEYSTORE_KEY_NOT_INITIALIZED");
                        }
                    } catch (Exception unused) {
                        this.c.a("StorageHelper:loadSecretKeyForEncryption", Boolean.FALSE, "KEY_ENCRYPTION_KEYSTORE_KEY_FAILED_TO_LOAD");
                    }
                }
                this.f10058e = "U001";
                e2 = "com.azure.authenticator".equalsIgnoreCase(j()) ? m(b.LEGACY_AUTHENTICATOR_APP_KEY) : m(b.LEGACY_COMPANY_PORTAL_KEY);
            } else if (g.h.b.a.e.a.b.INSTANCE.f() != null) {
                this.f10058e = "U001";
                e2 = m(b.ADAL_USER_DEFINED_KEY);
            } else {
                this.f10058e = "A001";
                try {
                    e2 = m(bVar);
                    if (e2 != null) {
                    }
                } catch (IOException | GeneralSecurityException unused2) {
                }
                g.h.b.a.i.b.h("StorageHelper:loadSecretKeyForEncryption", "Keystore-encrypted key does not exist, try to generate new keys.");
                e2 = e();
            }
        }
        this.f10059f = e2;
        SecretKey h2 = h(e2);
        this.f10060g = h2;
        q(h2);
        e.j("StorageHelper:encrypt", "Encrypt version:" + this.f10058e);
        byte[] bytes = this.f10058e.getBytes(g.h.b.a.e.a.a.f10038a);
        byte[] bytes2 = str.getBytes(g.h.b.a.e.a.a.f10038a);
        byte[] bArr = new byte[16];
        this.b.nextBytes(bArr);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        Mac mac = Mac.getInstance("HmacSHA256");
        cipher.init(1, this.f10059f, ivParameterSpec);
        byte[] doFinal = cipher.doFinal(bytes2);
        mac.init(this.f10060g);
        mac.update(bytes);
        mac.update(doFinal);
        mac.update(bArr);
        byte[] doFinal2 = mac.doFinal();
        byte[] bArr2 = new byte[bytes.length + doFinal.length + 16 + doFinal2.length];
        System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
        System.arraycopy(doFinal, 0, bArr2, bytes.length, doFinal.length);
        System.arraycopy(bArr, 0, bArr2, bytes.length + doFinal.length, 16);
        System.arraycopy(doFinal2, 0, bArr2, bytes.length + doFinal.length + 16, doFinal2.length);
        String str2 = new String(Base64.encode(bArr2, 2), g.h.b.a.e.a.a.f10038a);
        e.j("StorageHelper:encrypt", "Finished encryption");
        return ((char) 99) + "E1" + str2;
    }

    @TargetApi(18)
    public final synchronized KeyPair d() {
        synchronized ((g.h.b.a.h.s.i.a.a(Locale.getDefault()) ? g.h.b.a.h.s.i.a.f10345a : new Object())) {
            Locale locale = Locale.getDefault();
            synchronized (c.class) {
                if (Build.VERSION.SDK_INT <= 23 && g.h.b.a.h.s.i.a.a(locale)) {
                    Locale.setDefault(Locale.ENGLISH);
                }
            }
            KeyPair s = s();
            try {
                if (s != null) {
                    g.h.b.a.i.b.h("StorageHelper:generateKeyPairFromAndroidKeyStore", "Existing keypair was found.  Returning existing key rather than generating new one.");
                    return s;
                }
                try {
                    o("StorageHelper:generateKeyPairFromAndroidKeyStore", "keychain_write_v2_start");
                    KeyStore.getInstance("AndroidKeyStore").load(null);
                    e.j("StorageHelper:generateKeyPairFromAndroidKeyStore", "Generate KeyPair from AndroidKeyStore");
                    Calendar calendar = Calendar.getInstance();
                    Calendar calendar2 = Calendar.getInstance();
                    calendar2.add(1, 100);
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                    keyPairGenerator.initialize(i(this.f10057a, calendar.getTime(), calendar2.getTime()));
                    KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                    p("StorageHelper:generateKeyPairFromAndroidKeyStore", "keychain_write_v2_end", "");
                    return generateKeyPair;
                } catch (IOException e2) {
                    e = e2;
                    n("StorageHelper:generateKeyPairFromAndroidKeyStore", "keychain_write_v2_end", e.toString(), e);
                    throw e;
                } catch (IllegalStateException e3) {
                    n("StorageHelper:generateKeyPairFromAndroidKeyStore", "keychain_write_v2_end", e3.toString(), e3);
                    throw new KeyStoreException(e3);
                } catch (GeneralSecurityException e4) {
                    e = e4;
                    n("StorageHelper:generateKeyPairFromAndroidKeyStore", "keychain_write_v2_end", e.toString(), e);
                    throw e;
                }
            } finally {
                Locale.setDefault(locale);
            }
        }
    }

    public synchronized SecretKey e() {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256, this.b);
        SecretKey generateKey = keyGenerator.generateKey();
        this.f10061h = generateKey;
        t(generateKey);
        g.h.b.a.i.b.h("StorageHelper:generateKeyStoreEncryptedKey", "key_created_v2: New key is generated.");
        g.h.b.a.h.q.b bVar = this.c;
        if (bVar != null) {
            bVar.a("key_created_v2", Boolean.FALSE, "New key is generated.");
        }
        return this.f10061h;
    }

    public final byte[] f(String str) {
        int charAt = str.charAt(0) - 'a';
        if (charAt <= 0) {
            throw new IllegalArgumentException(String.format("Encode version length: '%s' is not valid, it must be greater of equal to 0", Integer.valueOf(charAt)));
        }
        int i2 = charAt + 1;
        if (str.substring(1, i2).equals("E1")) {
            return Base64.decode(str.substring(i2), 0);
        }
        throw new IllegalArgumentException(String.format("Unsupported encode version received. Encode version supported is: '%s'", "E1"));
    }

    public a g(String str) {
        String str2;
        a aVar = a.UNENCRYPTED;
        try {
            str2 = new String(f(str), 0, 4, g.h.b.a.e.a.a.f10038a);
        } catch (Exception unused) {
        }
        if ("U001".equalsIgnoreCase(str2)) {
            return a.USER_DEFINED;
        }
        if ("A001".equalsIgnoreCase(str2)) {
            return a.ANDROID_KEY_STORE;
        }
        return aVar;
    }

    public final SecretKey h(SecretKey secretKey) {
        byte[] encoded = secretKey.getEncoded();
        return encoded != null ? new SecretKeySpec(MessageDigest.getInstance("SHA256").digest(encoded), "AES") : secretKey;
    }

    @TargetApi(18)
    public final AlgorithmParameterSpec i(Context context, Date date, Date date2) {
        return new KeyPairGeneratorSpec.Builder(context).setAlias("AdalKey").setSubject(new X500Principal(String.format(Locale.ROOT, "CN=%s, OU=%s", "AdalKey", j()))).setSerialNumber(BigInteger.ONE).setStartDate(date).setEndDate(date2).build();
    }

    public String j() {
        return this.f10057a.getPackageName();
    }

    @TargetApi(18)
    public final synchronized SecretKey l() {
        g.h.b.a.i.b.h("StorageHelper:getUnwrappedSecretKey", "Reading SecretKey");
        byte[] r = r();
        if (r == null) {
            e.j("StorageHelper:getUnwrappedSecretKey", "Key data is null");
            return null;
        }
        KeyPair s = s();
        this.d = s;
        if (s == null) {
            return null;
        }
        SecretKey u = u(r);
        e.j("StorageHelper:getUnwrappedSecretKey", "Finished reading SecretKey");
        return u;
    }

    public SecretKey m(b bVar) {
        SecretKey l2;
        int ordinal = bVar.ordinal();
        if (ordinal == 0) {
            return k(g.h.b.a.e.a.b.INSTANCE.d().get("com.azure.authenticator"));
        }
        if (ordinal == 1) {
            return k(g.h.b.a.e.a.b.INSTANCE.d().get("com.microsoft.windowsintune.companyportal"));
        }
        if (ordinal == 2) {
            return k(g.h.b.a.e.a.b.INSTANCE.f());
        }
        if (ordinal != 3) {
            g.h.b.a.i.b.h("StorageHelper:loadSecretKey", "Unknown KeyType. This code should never be reached.");
            throw new GeneralSecurityException("unknown_error");
        }
        synchronized (this) {
            if (this.f10061h != null) {
                l2 = this.f10061h;
            } else {
                try {
                    l2 = l();
                    this.f10061h = l2;
                } catch (IOException | GeneralSecurityException e2) {
                    g.h.b.a.i.b.b("StorageHelper:loadKeyStoreEncryptedKey", "android_keystore_failed", e2);
                    this.d = null;
                    this.f10061h = null;
                    File file = new File(this.f10057a.getDir(j(), 0), "adalks");
                    if (file.exists()) {
                        g.h.b.a.i.b.h("StorageHelper:deleteKeyFile", "Delete KeyFile");
                        if (!file.delete()) {
                            e.j("StorageHelper:deleteKeyFile", "Delete KeyFile failed");
                        }
                    }
                    synchronized (this) {
                        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                        keyStore.load(null);
                        keyStore.deleteEntry("AdalKey");
                        throw e2;
                    }
                }
            }
            return l2;
        }
    }

    public final void n(String str, String str2, String str3, Exception exc) {
        g.h.b.a.i.b.b(str, str2 + " failed: " + str3, exc);
        g.h.b.a.h.q.b bVar = this.c;
        if (bVar != null) {
            bVar.a(str2, Boolean.TRUE, str3);
        }
    }

    public final void o(String str, String str2) {
        g.h.b.a.i.b.h(str, str2 + " started.");
        g.h.b.a.h.q.b bVar = this.c;
        if (bVar != null) {
            bVar.a(str2, Boolean.FALSE, "");
        }
    }

    public final void p(String str, String str2, String str3) {
        g.h.b.a.i.b.h(str, str2 + " successfully finished: " + str3);
        g.h.b.a.h.q.b bVar = this.c;
        if (bVar != null) {
            bVar.a(str2, Boolean.FALSE, str3);
        }
    }

    public final boolean q(SecretKey secretKey) {
        String d = g.h.b.a.h.j.g.c.d(secretKey);
        if (!f10055i.get().equals(d)) {
            f10055i.set(d);
            if (!f10056j.compareAndSet(false, true)) {
                g.h.b.a.i.b.d("StorageHelper:logIfKeyHasChanged", "Using key with thumbprint that has changed " + d);
                return true;
            }
        }
        return false;
    }

    public final byte[] r() {
        File file = new File(this.f10057a.getDir(j(), 0), "adalks");
        if (!file.exists()) {
            return null;
        }
        g.h.b.a.i.b.h("StorageHelper:readKeyData", "Reading key data from a file");
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[1024];
            while (true) {
                int read = fileInputStream.read(bArr);
                if (read == -1) {
                    return byteArrayOutputStream.toByteArray();
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
        } finally {
            fileInputStream.close();
        }
    }

    public final synchronized KeyPair s() {
        g.h.b.a.i.b.h("StorageHelper:readKeyPair", "Reading Key entry");
        try {
            o("StorageHelper:readKeyPair", "keychain_read_v2_start");
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Certificate certificate = keyStore.getCertificate("AdalKey");
            Key key = keyStore.getKey("AdalKey", null);
            if (certificate != null && key != null) {
                KeyPair keyPair = new KeyPair(certificate.getPublicKey(), (PrivateKey) key);
                p("StorageHelper:readKeyPair", "keychain_read_v2_end", "KeyStore KeyPair is loaded.");
                return keyPair;
            }
            p("StorageHelper:readKeyPair", "keychain_read_v2_end", "KeyStore is empty.");
            e.j("StorageHelper:readKeyPair", "Key entry doesn't exist.");
            return null;
        } catch (IOException e2) {
            e = e2;
            n("StorageHelper:readKeyPair", "keychain_read_v2_end", e.toString(), e);
            throw e;
        } catch (RuntimeException e3) {
            n("StorageHelper:readKeyPair", "keychain_read_v2_end", e3.toString(), e3);
            throw new KeyStoreException(e3);
        } catch (GeneralSecurityException e4) {
            e = e4;
            n("StorageHelper:readKeyPair", "keychain_read_v2_end", e.toString(), e);
            throw e;
        }
    }

    public synchronized void t(SecretKey secretKey) {
        Cipher cipher;
        if (this.d == null) {
            this.d = d();
        }
        synchronized (this) {
            g.h.b.a.i.b.h("StorageHelper:wrap", "Wrap secret key.");
            cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(3, this.d.getPublic());
        }
        v(cipher.wrap(secretKey));
    }

    @SuppressLint({"GetInstance"})
    @TargetApi(18)
    public final synchronized SecretKey u(byte[] bArr) {
        Cipher cipher;
        cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(4, this.d.getPrivate());
        try {
        } catch (IllegalArgumentException e2) {
            throw new KeyStoreException(e2);
        }
        return (SecretKey) cipher.unwrap(bArr, "AES", 3);
    }

    public final void v(byte[] bArr) {
        g.h.b.a.i.b.h("StorageHelper:writeKeyData", "Writing key data to a file");
        FileOutputStream fileOutputStream = new FileOutputStream(new File(this.f10057a.getDir(j(), 0), "adalks"));
        try {
            fileOutputStream.write(bArr);
        } finally {
            fileOutputStream.close();
        }
    }
}
