package com.oblador.keychain.cipherStorage;

import a.a;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.text.TextUtils;
import apptentive.com.android.encryption.KeyResolver23;
import com.facebook.ads.AdError;
import com.oblador.keychain.SecurityLevel;
import com.oblador.keychain.cipherStorage.CipherStorageBase;
import com.oblador.keychain.exceptions.CryptoFailedException;
import com.oblador.keychain.exceptions.KeyStoreAccessException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.UnrecoverableKeyException;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.spec.IvParameterSpec;
import okhttp3.internal.http2.Http2;

/* loaded from: classes3.dex */
public abstract class CipherStorageBase implements CipherStorage {
    protected static final String LOG_TAG = "CipherStorageBase";
    public static final Charset UTF8 = Charset.forName("UTF-8");
    protected final Object _sync = new Object();
    protected final Object _syncStrongbox = new Object();
    protected transient Cipher cachedCipher;
    protected transient KeyStore cachedKeyStore;
    protected transient AtomicBoolean isStrongboxAvailable;
    protected transient AtomicBoolean isSupportsSecureHardware;

    /* loaded from: classes3.dex */
    public interface DecryptBytesHandler {
        void initialize(Cipher cipher, Key key, InputStream inputStream);
    }

    /* loaded from: classes3.dex */
    public static final class Defaults {
        public static final EncryptStringHandler encrypt = new EncryptStringHandler() { // from class: com.oblador.keychain.cipherStorage.CipherStorageBase$Defaults$$ExternalSyntheticLambda1
            @Override // com.oblador.keychain.cipherStorage.CipherStorageBase.EncryptStringHandler
            public final void initialize(Cipher cipher, Key key, OutputStream outputStream) {
                cipher.init(1, key);
            }
        };
        public static final DecryptBytesHandler decrypt = new DecryptBytesHandler() { // from class: com.oblador.keychain.cipherStorage.CipherStorageBase$Defaults$$ExternalSyntheticLambda0
            @Override // com.oblador.keychain.cipherStorage.CipherStorageBase.DecryptBytesHandler
            public final void initialize(Cipher cipher, Key key, InputStream inputStream) {
                cipher.init(2, key);
            }
        };
    }

    /* loaded from: classes3.dex */
    public interface EncryptStringHandler {
        void initialize(Cipher cipher, Key key, OutputStream outputStream);
    }

    /* loaded from: classes3.dex */
    public static final class IV {
        public static final EncryptStringHandler encrypt = new EncryptStringHandler() { // from class: com.oblador.keychain.cipherStorage.CipherStorageBase$IV$$ExternalSyntheticLambda1
            @Override // com.oblador.keychain.cipherStorage.CipherStorageBase.EncryptStringHandler
            public final void initialize(Cipher cipher, Key key, OutputStream outputStream) {
                CipherStorageBase.IV.lambda$static$0(cipher, key, outputStream);
            }
        };
        public static final DecryptBytesHandler decrypt = new DecryptBytesHandler() { // from class: com.oblador.keychain.cipherStorage.CipherStorageBase$IV$$ExternalSyntheticLambda0
            @Override // com.oblador.keychain.cipherStorage.CipherStorageBase.DecryptBytesHandler
            public final void initialize(Cipher cipher, Key key, InputStream inputStream) {
                CipherStorageBase.IV.lambda$static$1(cipher, key, inputStream);
            }
        };

        /* JADX INFO: Access modifiers changed from: private */
        public static /* synthetic */ void lambda$static$0(Cipher cipher, Key key, OutputStream outputStream) {
            cipher.init(1, key);
            byte[] iv = cipher.getIV();
            outputStream.write(iv, 0, iv.length);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static /* synthetic */ void lambda$static$1(Cipher cipher, Key key, InputStream inputStream) {
            cipher.init(2, key, readIv(inputStream));
        }

        public static IvParameterSpec readIv(InputStream inputStream) {
            byte[] bArr = new byte[16];
            if (inputStream.read(bArr, 0, 16) == 16) {
                return new IvParameterSpec(bArr);
            }
            throw new IOException("Input stream has insufficient data.");
        }

        public static IvParameterSpec readIv(byte[] bArr) {
            byte[] bArr2 = new byte[16];
            if (16 >= bArr.length) {
                throw new IOException("Insufficient length of input data for IV extracting.");
            }
            System.arraycopy(bArr, 0, bArr2, 0, 16);
            return new IvParameterSpec(bArr2);
        }
    }

    /* loaded from: classes3.dex */
    public class SelfDestroyKey implements Closeable {
        public final Key key;
        public final String name;

        public SelfDestroyKey(CipherStorageBase cipherStorageBase, String str) {
            this(str, cipherStorageBase.tryGenerateRegularSecurityKey(str));
        }

        public SelfDestroyKey(String str, Key key) {
            this.name = str;
            this.key = key;
        }

        @Override // java.io.Closeable, java.lang.AutoCloseable
        public void close() {
            try {
                CipherStorageBase.this.removeKey(this.name);
            } catch (KeyStoreAccessException e) {
                Charset charset = CipherStorageBase.UTF8;
                e.getMessage();
            }
        }
    }

    public static void copy(InputStream inputStream, OutputStream outputStream) {
        byte[] bArr = new byte[Http2.INITIAL_MAX_FRAME_SIZE];
        while (true) {
            int read = inputStream.read(bArr);
            if (read <= 0) {
                return;
            } else {
                outputStream.write(bArr, 0, read);
            }
        }
    }

    public static String getDefaultAliasIfEmpty(String str, String str2) {
        return TextUtils.isEmpty(str) ? str2 : str;
    }

    public String decryptBytes(Key key, byte[] bArr) {
        return decryptBytes(key, bArr, Defaults.decrypt);
    }

    public String decryptBytes(Key key, byte[] bArr, DecryptBytesHandler decryptBytesHandler) {
        Cipher cachedInstance = getCachedInstance();
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                if (decryptBytesHandler != null) {
                    try {
                        decryptBytesHandler.initialize(cachedInstance, key, byteArrayInputStream);
                    } finally {
                    }
                }
                CipherInputStream cipherInputStream = new CipherInputStream(byteArrayInputStream, cachedInstance);
                try {
                    copy(cipherInputStream, byteArrayOutputStream);
                    cipherInputStream.close();
                    String str = new String(byteArrayOutputStream.toByteArray(), UTF8);
                    byteArrayOutputStream.close();
                    byteArrayInputStream.close();
                    return str;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    byteArrayInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (Throwable th3) {
            th3.getMessage();
            throw th3;
        }
    }

    public byte[] encryptString(Key key, String str) {
        return encryptString(key, str, Defaults.encrypt);
    }

    public byte[] encryptString(Key key, String str, EncryptStringHandler encryptStringHandler) {
        Cipher cachedInstance = getCachedInstance();
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            if (encryptStringHandler != null) {
                try {
                    encryptStringHandler.initialize(cachedInstance, key, byteArrayOutputStream);
                    byteArrayOutputStream.flush();
                } finally {
                }
            }
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cachedInstance);
            try {
                cipherOutputStream.write(str.getBytes(UTF8));
                cipherOutputStream.close();
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                byteArrayOutputStream.close();
                return byteArray;
            } finally {
            }
        } catch (Throwable th) {
            th.getMessage();
            throw th;
        }
    }

    public Key extractGeneratedKey(String str, SecurityLevel securityLevel, AtomicInteger atomicInteger) {
        Key extractKey;
        do {
            KeyStore keyStoreAndLoad = getKeyStoreAndLoad();
            if (!keyStoreAndLoad.containsAlias(str)) {
                generateKeyAndStoreUnderAlias(str, securityLevel);
            }
            extractKey = extractKey(keyStoreAndLoad, str, atomicInteger);
        } while (extractKey == null);
        return extractKey;
    }

    public Key extractKey(KeyStore keyStore, String str, AtomicInteger atomicInteger) {
        try {
            Key key = keyStore.getKey(str, null);
            if (key != null) {
                return key;
            }
            throw new KeyStoreAccessException("Empty key extracted!");
        } catch (UnrecoverableKeyException e) {
            if (atomicInteger.getAndDecrement() <= 0) {
                throw e;
            }
            keyStore.deleteEntry(str);
            return null;
        }
    }

    public abstract Key generateKey(KeyGenParameterSpec keyGenParameterSpec);

    /* JADX WARN: Can't wrap try/catch for region: R(10:3|4|(4:6|(1:8)|9|10)|22|(1:24)|25|26|27|28|10) */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void generateKeyAndStoreUnderAlias(java.lang.String r5, com.oblador.keychain.SecurityLevel r6) {
        /*
            r4 = this;
            java.lang.Object r0 = r4._syncStrongbox
            monitor-enter(r0)
            java.util.concurrent.atomic.AtomicBoolean r1 = r4.isStrongboxAvailable     // Catch: java.lang.Throwable -> Le
            if (r1 == 0) goto L10
            boolean r1 = r1.get()     // Catch: java.lang.Throwable -> Le
            if (r1 == 0) goto L27
            goto L10
        Le:
            r5 = move-exception
            goto L46
        L10:
            java.util.concurrent.atomic.AtomicBoolean r1 = r4.isStrongboxAvailable     // Catch: java.lang.Throwable -> Le
            if (r1 != 0) goto L1c
            java.util.concurrent.atomic.AtomicBoolean r1 = new java.util.concurrent.atomic.AtomicBoolean     // Catch: java.lang.Throwable -> Le
            r2 = 0
            r1.<init>(r2)     // Catch: java.lang.Throwable -> Le
            r4.isStrongboxAvailable = r1     // Catch: java.lang.Throwable -> Le
        L1c:
            java.security.Key r1 = r4.tryGenerateStrongBoxSecurityKey(r5)     // Catch: java.lang.Throwable -> Le java.lang.Throwable -> L27
            java.util.concurrent.atomic.AtomicBoolean r2 = r4.isStrongboxAvailable     // Catch: java.lang.Throwable -> Le java.lang.Throwable -> L28
            r3 = 1
            r2.set(r3)     // Catch: java.lang.Throwable -> Le java.lang.Throwable -> L28
            goto L28
        L27:
            r1 = 0
        L28:
            monitor-exit(r0)     // Catch: java.lang.Throwable -> Le
            if (r1 == 0) goto L33
            java.util.concurrent.atomic.AtomicBoolean r0 = r4.isStrongboxAvailable
            boolean r0 = r0.get()
            if (r0 != 0) goto L37
        L33:
            java.security.Key r1 = r4.tryGenerateRegularSecurityKey(r5)
        L37:
            boolean r5 = r4.validateKeySecurityLevel(r6, r1)
            if (r5 == 0) goto L3e
            return
        L3e:
            com.oblador.keychain.exceptions.CryptoFailedException r5 = new com.oblador.keychain.exceptions.CryptoFailedException
            java.lang.String r6 = "Cannot generate keys with required security guarantees"
            r5.<init>(r6)
            throw r5
        L46:
            monitor-exit(r0)     // Catch: java.lang.Throwable -> Le
            throw r5
        */
        throw new UnsupportedOperationException("Method not decompiled: com.oblador.keychain.cipherStorage.CipherStorageBase.generateKeyAndStoreUnderAlias(java.lang.String, com.oblador.keychain.SecurityLevel):void");
    }

    public Cipher getCachedInstance() {
        if (this.cachedCipher == null) {
            synchronized (this) {
                try {
                    if (this.cachedCipher == null) {
                        this.cachedCipher = Cipher.getInstance(getEncryptionTransformation());
                    }
                } finally {
                }
            }
        }
        return this.cachedCipher;
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public final int getCapabilityLevel() {
        return getMinSupportedApiLevel() + ((supportsSecureHardware() ? 1 : 0) * 100) + ((isBiometrySupported() ? 1 : 0) * AdError.NETWORK_ERROR_CODE);
    }

    public String getDefaultAliasServiceName() {
        return getCipherStorageName();
    }

    public abstract String getEncryptionTransformation();

    public abstract KeyGenParameterSpec.Builder getKeyGenSpecBuilder(String str);

    public abstract KeyInfo getKeyInfo(Key key);

    public KeyStore getKeyStoreAndLoad() {
        if (this.cachedKeyStore == null) {
            synchronized (this) {
                try {
                    if (this.cachedKeyStore == null) {
                        try {
                            KeyStore keyStore = KeyStore.getInstance(KeyResolver23.KEYSTORE_PROVIDER);
                            keyStore.load(null);
                            this.cachedKeyStore = keyStore;
                        } catch (Throwable th) {
                            throw new KeyStoreAccessException("Could not access Keystore", th);
                        }
                    }
                } finally {
                }
            }
        }
        return this.cachedKeyStore;
    }

    public SecurityLevel getSecurityLevel(Key key) {
        return getKeyInfo(key).isInsideSecureHardware() ? SecurityLevel.SECURE_HARDWARE : SecurityLevel.SECURE_SOFTWARE;
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public void removeKey(String str) {
        String defaultAliasIfEmpty = getDefaultAliasIfEmpty(str, getDefaultAliasServiceName());
        KeyStore keyStoreAndLoad = getKeyStoreAndLoad();
        try {
            if (keyStoreAndLoad.containsAlias(defaultAliasIfEmpty)) {
                keyStoreAndLoad.deleteEntry(defaultAliasIfEmpty);
            }
        } catch (GeneralSecurityException unused) {
        }
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public SecurityLevel securityLevel() {
        return SecurityLevel.SECURE_HARDWARE;
    }

    /* JADX WARN: Code restructure failed: missing block: B:26:0x0036, code lost:
    
        if (r1 == null) goto L22;
     */
    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean supportsSecureHardware() {
        /*
            r4 = this;
            java.util.concurrent.atomic.AtomicBoolean r0 = r4.isSupportsSecureHardware
            if (r0 == 0) goto L9
            boolean r0 = r0.get()
            return r0
        L9:
            java.lang.Object r0 = r4._sync
            monitor-enter(r0)
            java.util.concurrent.atomic.AtomicBoolean r1 = r4.isSupportsSecureHardware     // Catch: java.lang.Throwable -> L16
            if (r1 == 0) goto L18
            boolean r1 = r1.get()     // Catch: java.lang.Throwable -> L16
            monitor-exit(r0)     // Catch: java.lang.Throwable -> L16
            return r1
        L16:
            r1 = move-exception
            goto L43
        L18:
            java.util.concurrent.atomic.AtomicBoolean r1 = new java.util.concurrent.atomic.AtomicBoolean     // Catch: java.lang.Throwable -> L16
            r2 = 0
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L16
            r4.isSupportsSecureHardware = r1     // Catch: java.lang.Throwable -> L16
            com.oblador.keychain.cipherStorage.CipherStorageBase$SelfDestroyKey r1 = new com.oblador.keychain.cipherStorage.CipherStorageBase$SelfDestroyKey     // Catch: java.lang.Throwable -> L35
            java.lang.String r2 = "AndroidKeyStore#supportsSecureHardware"
            r1.<init>(r4, r2)     // Catch: java.lang.Throwable -> L35
            com.oblador.keychain.SecurityLevel r2 = com.oblador.keychain.SecurityLevel.SECURE_HARDWARE     // Catch: java.lang.Throwable -> L36
            java.security.Key r3 = r1.key     // Catch: java.lang.Throwable -> L36
            boolean r2 = r4.validateKeySecurityLevel(r2, r3)     // Catch: java.lang.Throwable -> L36
            java.util.concurrent.atomic.AtomicBoolean r3 = r4.isSupportsSecureHardware     // Catch: java.lang.Throwable -> L36
            r3.set(r2)     // Catch: java.lang.Throwable -> L36
            goto L38
        L35:
            r1 = 0
        L36:
            if (r1 == 0) goto L3b
        L38:
            r1.close()     // Catch: java.lang.Throwable -> L16
        L3b:
            monitor-exit(r0)     // Catch: java.lang.Throwable -> L16
            java.util.concurrent.atomic.AtomicBoolean r0 = r4.isSupportsSecureHardware
            boolean r0 = r0.get()
            return r0
        L43:
            monitor-exit(r0)     // Catch: java.lang.Throwable -> L16
            throw r1
        */
        throw new UnsupportedOperationException("Method not decompiled: com.oblador.keychain.cipherStorage.CipherStorageBase.supportsSecureHardware():boolean");
    }

    public void throwIfInsufficientLevel(SecurityLevel securityLevel) {
        if (securityLevel().satisfiesSafetyThreshold(securityLevel)) {
            return;
        }
        throw new CryptoFailedException("Insufficient security level (wants " + securityLevel + "; got " + securityLevel() + ")");
    }

    public Key tryGenerateRegularSecurityKey(String str) {
        return generateKey(getKeyGenSpecBuilder(str).build());
    }

    public Key tryGenerateStrongBoxSecurityKey(String str) {
        int i = Build.VERSION.SDK_INT;
        if (i >= 28) {
            return generateKey(getKeyGenSpecBuilder(str).setIsStrongBoxBacked(true).build());
        }
        throw new KeyStoreAccessException(a.g("Strong box security keystore is not supported for old API", i, "."));
    }

    public boolean validateKeySecurityLevel(SecurityLevel securityLevel, Key key) {
        return getSecurityLevel(key).satisfiesSafetyThreshold(securityLevel);
    }
}
