package com.readdle.spark.security;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.annotation.NonNull;
import com.readdle.spark.core.utils.RSMKeyChainStoreProtocol;
import d2.C0857a;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import l2.C0986d;
import l2.InterfaceC0985c;

/* loaded from: classes3.dex */
public final class k implements RSMKeyChainStoreProtocol {

    /* renamed from: e, reason: collision with root package name */
    public static final byte[] f8924e = {87, 99, -94, 23, -17, 26, 84, -117, 59, -59, 25, -88, -66, 86, -42, 78};

    /* renamed from: f, reason: collision with root package name */
    public static final InterfaceC0985c f8925f = C0986d.b(k.class);

    /* renamed from: a, reason: collision with root package name */
    public final Object f8926a = new Object();

    /* renamed from: b, reason: collision with root package name */
    public final Object f8927b = new Object();

    /* renamed from: c, reason: collision with root package name */
    public KeyStore f8928c = null;

    /* renamed from: d, reason: collision with root package name */
    @NonNull
    public final SharedPreferences f8929d;

    public k(@NonNull Context context) {
        this.f8929d = context.getSharedPreferences("keystore", 0);
    }

    @NonNull
    public static KeyPair b(@NonNull String str, @NonNull Integer num) {
        KeyGenParameterSpec.Builder unlockedDeviceRequired;
        KeyGenParameterSpec.Builder userConfirmationRequired;
        String str2 = "Generating RSA key pair for alias, alias hash = " + str.hashCode();
        InterfaceC0985c interfaceC0985c = f8925f;
        interfaceC0985c.b(str2);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        KeyGenParameterSpec.Builder randomizedEncryptionRequired = new KeyGenParameterSpec.Builder(str, 2).setEncryptionPaddings("PKCS1Padding").setKeySize(num.intValue()).setRandomizedEncryptionRequired(false);
        if (Build.VERSION.SDK_INT >= 28) {
            unlockedDeviceRequired = randomizedEncryptionRequired.setInvalidatedByBiometricEnrollment(false).setUnlockedDeviceRequired(false);
            userConfirmationRequired = unlockedDeviceRequired.setUserAuthenticationValidWhileOnBody(false).setUserConfirmationRequired(false);
            userConfirmationRequired.setUserPresenceRequired(false);
        }
        keyPairGenerator.initialize(randomizedEncryptionRequired.build());
        interfaceC0985c.b("RSA key pair was successfully generated, alias hash = " + str.hashCode());
        return keyPairGenerator.generateKeyPair();
    }

    public static String f(@NonNull String str) {
        return D2.c.j(str, "_iv");
    }

    public final void a() {
        KeyStore i4 = i();
        try {
            if (((SecretKey) i().getKey("BIOMETRIC_KEY", null)) != null) {
                i4.deleteEntry("BIOMETRIC_KEY");
            }
        } catch (Exception e4) {
            e4.printStackTrace();
        }
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("BIOMETRIC_KEY", 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setUserAuthenticationRequired(true).setInvalidatedByBiometricEnrollment(true).setUserAuthenticationValidityDurationSeconds(-1).build();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(build);
        keyGenerator.generateKey();
    }

    @NonNull
    public final PublicKey c(@NonNull String str, @NonNull Integer num) {
        PublicKey publicKey;
        synchronized (this.f8926a) {
            try {
                KeyStore keyStore = this.f8928c;
                KeyStore.PrivateKeyEntry privateKeyEntry = null;
                if (keyStore != null) {
                    KeyStore.Entry entry = keyStore.getEntry(str, null);
                    if (entry instanceof KeyStore.PrivateKeyEntry) {
                        privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
                    }
                }
                if (privateKeyEntry != null) {
                    String str2 = "Incorrect request to generate key pair: key with alias = " + str + " already exists and will be at first deleted from AndroidKeyStore and after that regenerated";
                    C0857a.f("SparkKeyStore", str2);
                    f8925f.c(str2);
                    invalidateKeyPair(str);
                }
                publicKey = b(str, num).getPublic();
            } catch (Throwable th) {
                throw th;
            }
        }
        return publicKey;
    }

    public final SecretKey d() {
        KeyGenParameterSpec.Builder unlockedDeviceRequired;
        KeyGenParameterSpec.Builder userConfirmationRequired;
        InterfaceC0985c interfaceC0985c = f8925f;
        interfaceC0985c.b("Generating key for keystore data encryption");
        KeyGenParameterSpec.Builder randomizedEncryptionRequired = new KeyGenParameterSpec.Builder("SparkSymmetricKey", 3).setKeySize(256).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setRandomizedEncryptionRequired(false);
        if (Build.VERSION.SDK_INT >= 28) {
            unlockedDeviceRequired = randomizedEncryptionRequired.setInvalidatedByBiometricEnrollment(false).setUnlockedDeviceRequired(false);
            userConfirmationRequired = unlockedDeviceRequired.setUserAuthenticationValidWhileOnBody(false).setUserConfirmationRequired(false);
            userConfirmationRequired.setUserPresenceRequired(false);
        }
        KeyGenParameterSpec build = randomizedEncryptionRequired.build();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(build);
        SecretKey generateKey = keyGenerator.generateKey();
        k("Version", "23");
        interfaceC0985c.b("Key for keystore data encryption generated");
        return generateKey;
    }

    public final byte[] e(@NonNull String str) {
        f8925f.b(C2.c.d("Getting IV for key = ", str));
        return Base64.decode(this.f8929d.getString(str, ""), 2);
    }

    public final SecretKey g() {
        String string = this.f8929d.getString("Version", "");
        if (!string.isEmpty()) {
            return h(string);
        }
        synchronized (this.f8927b) {
            try {
                String string2 = this.f8929d.getString("Version", "");
                if (string2.isEmpty()) {
                    return d();
                }
                return h(string2);
            } catch (Throwable th) {
                throw th;
            }
        }
    }

    @Override // com.readdle.spark.core.utils.RSMKeyChainStoreProtocol
    @NonNull
    public final ArrayList<String> getAllKeys() {
        InterfaceC0985c interfaceC0985c = f8925f;
        try {
            Map<String, ?> all = this.f8929d.getAll();
            if (all == null) {
                interfaceC0985c.b("No keys found");
                return new ArrayList<>();
            }
            interfaceC0985c.b("Get keys count = " + all.size());
            return new ArrayList<>(all.keySet());
        } catch (Exception e4) {
            interfaceC0985c.c("Error receiving all keys, exception type = ".concat(e4.getClass().getName()));
            throw e4;
        }
    }

    public final SecretKey h(@NonNull String str) {
        if (!str.equals("23")) {
            C0857a.f("KeyStore", "Bad keystore version = ".concat(str));
        }
        return (SecretKey) i().getKey("SparkSymmetricKey", null);
    }

    @NonNull
    public final synchronized KeyStore i() {
        try {
            if (this.f8928c == null) {
                InterfaceC0985c interfaceC0985c = f8925f;
                interfaceC0985c.b("Loading keystore");
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                this.f8928c = keyStore;
                keyStore.load(null);
                interfaceC0985c.b("Keystore loaded");
            }
        } catch (Throwable th) {
            throw th;
        }
        return this.f8928c;
    }

    @Override // com.readdle.spark.core.utils.RSMKeyChainStoreProtocol
    public final void invalidateKeyPair(@NonNull String str) {
        synchronized (this.f8926a) {
            try {
                try {
                    i().deleteEntry(str);
                } catch (Exception e4) {
                    f8925f.c("Error in invalidateKeyPair(), alias = " + str + ", exception = " + e4.getClass().getName());
                    throw e4;
                }
            } catch (Throwable th) {
                throw th;
            }
        }
    }

    public final void j(@NonNull String str, @NonNull byte[] bArr) {
        f8925f.b(C2.c.d("Saving IV for key = ", str));
        this.f8929d.edit().putString(str, Base64.encodeToString(bArr, 2)).commit();
    }

    public final void k(@NonNull String str, @NonNull String str2) {
        f8925f.b(C2.c.d("Saving value for key = ", str));
        this.f8929d.edit().putString(str, str2).commit();
    }

    public final String l(@NonNull String str) {
        try {
            ByteBuffer tryGetData = tryGetData(str);
            if (tryGetData != null) {
                return new String(tryGetData.array(), StandardCharsets.UTF_8);
            }
            return null;
        } catch (Exception e4) {
            StringBuilder e5 = A0.a.e("Error tryGetString() for key = ", str, " exception type = ");
            e5.append(e4.getClass().getName());
            f8925f.c(e5.toString());
            throw e4;
        }
    }

    @Override // com.readdle.spark.core.utils.RSMKeyChainStoreProtocol
    public final ByteBuffer tryDecryptRSAData(@NonNull String str, @NonNull ByteBuffer byteBuffer) {
        PrivateKey privateKey;
        InterfaceC0985c interfaceC0985c = f8925f;
        try {
            byte[] array = byteBuffer.array();
            interfaceC0985c.b("Trying to decrypt data, size = " + array.length + ", with alias, alias hash = " + str.hashCode());
            Key key = i().getKey(str, null);
            if (key instanceof PrivateKey) {
                interfaceC0985c.b("RSA key is found");
                privateKey = (PrivateKey) key;
            } else {
                interfaceC0985c.g("RSA entry is not found");
                privateKey = null;
            }
            if (privateKey == null) {
                interfaceC0985c.g("RSA entry is not found");
                return null;
            }
            Cipher cipher = Cipher.getInstance("RSA/ECB/Pkcs1Padding");
            cipher.init(2, privateKey);
            byte[] doFinal = cipher.doFinal(array);
            interfaceC0985c.b("Data decrypted, size = " + doFinal.length);
            return ByteBuffer.wrap(doFinal);
        } catch (Exception e4) {
            StringBuilder e5 = A0.a.e("Error in tryDecryptRSAData(), alias = ", str, ", exception = ");
            e5.append(e4.getClass().getName());
            interfaceC0985c.c(e5.toString());
            throw e4;
        }
    }

    @Override // com.readdle.spark.core.utils.RSMKeyChainStoreProtocol
    @NonNull
    public final String tryGeneratePEMPackedRSAPublicKey(@NonNull String str, int i4) {
        InterfaceC0985c interfaceC0985c = f8925f;
        try {
            interfaceC0985c.b("Trying to generate RSA key pair with alias, alias hash = " + str.hashCode());
            return "-----BEGIN RSA PUBLIC KEY-----\n" + Base64.encodeToString(c(str, Integer.valueOf(i4)).getEncoded(), 0) + "\n-----END RSA PUBLIC KEY-----";
        } catch (Exception e4) {
            StringBuilder e5 = A0.a.e("Error in tryGeneratePEMPackedRSAPublicKey(), alias = ", str, ", exception = ");
            e5.append(e4.getClass().getName());
            interfaceC0985c.c(e5.toString());
            throw e4;
        }
    }

    @Override // com.readdle.spark.core.utils.RSMKeyChainStoreProtocol
    public final ByteBuffer tryGetData(@NonNull String str) {
        InterfaceC0985c interfaceC0985c = f8925f;
        try {
            interfaceC0985c.b("Try to read data from SparkKeyStore: Key: " + str);
            String string = this.f8929d.getString(str, "");
            byte[] e4 = e(f(str));
            if (e4.length == 0) {
                e4 = f8924e;
            }
            if (string.isEmpty()) {
                interfaceC0985c.b("No data for key: " + str);
                return null;
            }
            byte[] decode = Base64.decode(string, 0);
            SecretKey g = g();
            Cipher cipher = Cipher.getInstance("AES/CBC/Pkcs7Padding");
            cipher.init(2, g, new IvParameterSpec(e4));
            byte[] doFinal = cipher.doFinal(decode);
            interfaceC0985c.b("Successfully read data from SparkKeyStore: dataCount = " + doFinal.length);
            return ByteBuffer.wrap(doFinal);
        } catch (Exception e5) {
            StringBuilder e6 = A0.a.e("Error in tryGetData(), key = ", str, ", exception = ");
            e6.append(e5.getClass().getName());
            interfaceC0985c.c(e6.toString());
            throw e5;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x0030 A[Catch: all -> 0x0040, TryCatch #0 {all -> 0x0040, blocks: (B:6:0x001d, B:8:0x0022, B:10:0x002a, B:12:0x0030, B:14:0x003c, B:15:0x003e, B:22:0x0042), top: B:5:0x001d, outer: #1 }] */
    @Override // com.readdle.spark.core.utils.RSMKeyChainStoreProtocol
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.lang.String tryGetPEMPackedRSAPublicKey(@androidx.annotation.NonNull java.lang.String r5) {
        /*
            r4 = this;
            java.lang.String r0 = "Trying to get RSA public key, alias hash = "
            l2.c r1 = com.readdle.spark.security.k.f8925f     // Catch: java.lang.Exception -> L66
            java.lang.StringBuilder r2 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> L66
            r2.<init>(r0)     // Catch: java.lang.Exception -> L66
            int r0 = r5.hashCode()     // Catch: java.lang.Exception -> L66
            r2.append(r0)     // Catch: java.lang.Exception -> L66
            java.lang.String r0 = r2.toString()     // Catch: java.lang.Exception -> L66
            r1.b(r0)     // Catch: java.lang.Exception -> L66
            r4.i()     // Catch: java.lang.Exception -> L66
            java.lang.Object r0 = r4.f8926a     // Catch: java.lang.Exception -> L66
            monitor-enter(r0)     // Catch: java.lang.Exception -> L66
            java.security.KeyStore r1 = r4.f8928c     // Catch: java.lang.Throwable -> L40
            r2 = 0
            if (r1 == 0) goto L2d
            java.security.KeyStore$Entry r1 = r1.getEntry(r5, r2)     // Catch: java.lang.Throwable -> L40
            boolean r3 = r1 instanceof java.security.KeyStore.PrivateKeyEntry     // Catch: java.lang.Throwable -> L40
            if (r3 == 0) goto L2d
            java.security.KeyStore$PrivateKeyEntry r1 = (java.security.KeyStore.PrivateKeyEntry) r1     // Catch: java.lang.Throwable -> L40
            goto L2e
        L2d:
            r1 = r2
        L2e:
            if (r1 == 0) goto L42
            java.security.cert.Certificate r1 = r1.getCertificate()     // Catch: java.lang.Throwable -> L40
            java.security.PublicKey r1 = r1.getPublicKey()     // Catch: java.lang.Throwable -> L40
            boolean r3 = r1 instanceof java.security.interfaces.RSAPublicKey     // Catch: java.lang.Throwable -> L40
            if (r3 == 0) goto L42
            java.security.interfaces.RSAPublicKey r1 = (java.security.interfaces.RSAPublicKey) r1     // Catch: java.lang.Throwable -> L40
            monitor-exit(r0)     // Catch: java.lang.Throwable -> L40
            goto L44
        L40:
            r1 = move-exception
            goto L64
        L42:
            monitor-exit(r0)     // Catch: java.lang.Throwable -> L40
            r1 = r2
        L44:
            if (r1 == 0) goto L63
            byte[] r0 = r1.getEncoded()     // Catch: java.lang.Exception -> L66
            r1 = 0
            java.lang.String r0 = android.util.Base64.encodeToString(r0, r1)     // Catch: java.lang.Exception -> L66
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> L66
            java.lang.String r2 = "-----BEGIN RSA PUBLIC KEY-----\n"
            r1.<init>(r2)     // Catch: java.lang.Exception -> L66
            r1.append(r0)     // Catch: java.lang.Exception -> L66
            java.lang.String r0 = "\n-----END RSA PUBLIC KEY-----"
            r1.append(r0)     // Catch: java.lang.Exception -> L66
            java.lang.String r5 = r1.toString()     // Catch: java.lang.Exception -> L66
            return r5
        L63:
            return r2
        L64:
            monitor-exit(r0)     // Catch: java.lang.Throwable -> L40
            throw r1     // Catch: java.lang.Exception -> L66
        L66:
            r0 = move-exception
            l2.c r1 = com.readdle.spark.security.k.f8925f
            java.lang.String r2 = "Error in tryGetPEMPackedRSAPublicKey(), alias = "
            java.lang.String r3 = ", exception = "
            java.lang.StringBuilder r5 = A0.a.e(r2, r5, r3)
            java.lang.Class r2 = r0.getClass()
            java.lang.String r2 = r2.getName()
            r5.append(r2)
            java.lang.String r5 = r5.toString()
            r1.c(r5)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.readdle.spark.security.k.tryGetPEMPackedRSAPublicKey(java.lang.String):java.lang.String");
    }

    @Override // com.readdle.spark.core.utils.RSMKeyChainStoreProtocol
    public final void tryRemoveItem(@NonNull String str) {
        f8925f.b(C2.c.d("Remove data from SparkKeyStore with key = ", str));
        this.f8929d.edit().remove(str).commit();
    }

    @Override // com.readdle.spark.core.utils.RSMKeyChainStoreProtocol
    public final void trySetData(@NonNull ByteBuffer byteBuffer, @NonNull String str) {
        InterfaceC0985c interfaceC0985c = f8925f;
        try {
            byte[] array = byteBuffer.array();
            interfaceC0985c.b("Add data to SparkKeyStore with key = " + str + " dataCount: " + array.length);
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            SecretKey g = g();
            Cipher cipher = Cipher.getInstance("AES/CBC/Pkcs7Padding");
            cipher.init(1, g, new IvParameterSpec(bArr));
            String encodeToString = Base64.encodeToString(cipher.doFinal(array), 0);
            j(f(str), bArr);
            k(str, encodeToString);
        } catch (Exception e4) {
            StringBuilder e5 = A0.a.e("Error in trySetData(), key = ", str, ", data bytes count = ");
            e5.append(byteBuffer.array().length);
            e5.append(", exception = ");
            e5.append(e4.getClass().getName());
            interfaceC0985c.c(e5.toString());
            throw e4;
        }
    }
}
