package com.unwire.ssg.signer.provider;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.keystore.KeyGenParameterSpec;
import com.unwire.ssg.signer.core.Credential;
import com.unwire.ssg.signer.provider.CredentialStore;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import nb.C7851b;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class AESEncryptedCredentialStore extends EncryptedCredentialStore {
    private static final String AES_MODE = "AES/GCM/NoPadding";
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String IV_PREF_KEY = "iv";
    private static final String UTF_8 = "UTF-8";
    private Cipher decCipher;
    private Cipher encCipher;
    private SecretKey secretKey;
    private final SharedPreferences sharedPreferences;
    private final CredentialStore storeDelegate;
    private final ReadWriteLock lock = new ReentrantReadWriteLock(true);
    private final CountDownLatch initDoneSignal = new CountDownLatch(1);

    public AESEncryptedCredentialStore(String str, CredentialStore credentialStore, Context context) {
        final String str2 = str + "_AES";
        this.storeDelegate = credentialStore;
        this.sharedPreferences = context.getSharedPreferences("iv_store_" + context.getPackageName(), 0);
        new Thread(new Runnable() { // from class: com.unwire.ssg.signer.provider.AESEncryptedCredentialStore.1
            @Override // java.lang.Runnable
            public void run() {
                String name = Thread.currentThread().getName();
                Thread.currentThread().setName("AESEncryptedCredentialStore_init");
                try {
                    try {
                        KeyStore keyStore = KeyStore.getInstance(AESEncryptedCredentialStore.ANDROID_KEY_STORE);
                        keyStore.load(null);
                        KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore.getEntry(str2, null);
                        if (secretKeyEntry == null) {
                            AESEncryptedCredentialStore aESEncryptedCredentialStore = AESEncryptedCredentialStore.this;
                            aESEncryptedCredentialStore.secretKey = aESEncryptedCredentialStore.createSecretKey(str2);
                        } else {
                            AESEncryptedCredentialStore.this.secretKey = secretKeyEntry.getSecretKey();
                        }
                        AESEncryptedCredentialStore.this.encCipher = Cipher.getInstance(AESEncryptedCredentialStore.AES_MODE);
                        AESEncryptedCredentialStore.this.decCipher = Cipher.getInstance(AESEncryptedCredentialStore.AES_MODE);
                    } catch (Exception e10) {
                        e10.printStackTrace();
                        AESEncryptedCredentialStore.this.encCipher = null;
                        AESEncryptedCredentialStore.this.decCipher = null;
                    }
                    AESEncryptedCredentialStore.this.initDoneSignal.countDown();
                    Thread.currentThread().setName(name);
                } catch (Throwable th2) {
                    AESEncryptedCredentialStore.this.initDoneSignal.countDown();
                    Thread.currentThread().setName(name);
                    throw th2;
                }
            }
        }).start();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SecretKey createSecretKey(String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEY_STORE);
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build());
        return keyGenerator.generateKey();
    }

    private String getIV() {
        return this.sharedPreferences.getString(IV_PREF_KEY, null);
    }

    private boolean setIV(String str) {
        return this.sharedPreferences.edit().putString(IV_PREF_KEY, str).commit();
    }

    @Override // com.unwire.ssg.signer.provider.CredentialStore
    public void clear() {
        try {
            this.lock.writeLock().lock();
            setIV(null);
            this.storeDelegate.clear();
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    @Override // com.unwire.ssg.signer.provider.CredentialStore
    public Credential load() {
        byte[] doFinal;
        try {
            try {
                this.lock.readLock().lock();
                Credential load = this.storeDelegate.load();
                Credential credential = null;
                if (load != null) {
                    String iv = getIV();
                    String secret = load.secret();
                    String appInstanceId = load.appInstanceId();
                    if (iv != null && appInstanceId != null && secret != null) {
                        try {
                            this.initDoneSignal.await();
                        } catch (InterruptedException e10) {
                            e10.printStackTrace();
                        }
                        if (this.decCipher == null) {
                            throw new CredentialStore.OperationFailedException("Cipher is not initialized");
                        }
                        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, C7851b.a(iv));
                        synchronized (this.lock) {
                            this.decCipher.init(2, this.secretKey, gCMParameterSpec);
                            doFinal = this.decCipher.doFinal(C7851b.a(secret));
                        }
                        credential = new Credential(appInstanceId, new String(doFinal, UTF_8));
                    }
                }
                return credential;
            } catch (Exception e11) {
                throw new CredentialStore.OperationFailedException(e11);
            }
        } finally {
            this.lock.readLock().unlock();
        }
    }

    @Override // com.unwire.ssg.signer.provider.CredentialStore
    public void save(Credential credential) {
        try {
            this.initDoneSignal.await();
        } catch (InterruptedException e10) {
            e10.printStackTrace();
        }
        try {
            try {
                this.lock.writeLock().lock();
                if (credential == null) {
                    this.storeDelegate.save(null);
                    return;
                }
                Cipher cipher = this.encCipher;
                if (cipher == null) {
                    throw new CredentialStore.OperationFailedException("Cipher is not initialized");
                }
                cipher.init(1, this.secretKey);
                byte[] iv = this.encCipher.getIV();
                this.storeDelegate.save(new Credential(credential.appInstanceId(), C7851b.c(this.encCipher.doFinal(credential.secret().getBytes(UTF_8)), false)));
                if (!setIV(C7851b.c(iv, false))) {
                    throw new IllegalStateException("Failed to save IV");
                }
            } catch (Exception e11) {
                setIV(null);
                throw new CredentialStore.OperationFailedException(e11);
            }
        } finally {
            this.lock.writeLock().unlock();
        }
    }
}
