package com.sap.cloud.mobile.foundation.common;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.EnumMap;
import java.util.Iterator;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.PBEKeySpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public final class h {

    /* renamed from: l, reason: collision with root package name */
    private static final rb.b f10165l = rb.c.i(h.class);

    /* renamed from: m, reason: collision with root package name */
    private static KeyStore f10166m;

    /* renamed from: a, reason: collision with root package name */
    private String f10167a;

    /* renamed from: b, reason: collision with root package name */
    private String f10168b;

    /* renamed from: c, reason: collision with root package name */
    private SharedPreferences f10169c;

    /* renamed from: d, reason: collision with root package name */
    private boolean f10170d;

    /* renamed from: e, reason: collision with root package name */
    private a f10171e;

    /* renamed from: f, reason: collision with root package name */
    private a f10172f;

    /* renamed from: g, reason: collision with root package name */
    private a f10173g;

    /* renamed from: h, reason: collision with root package name */
    private a f10174h;

    /* renamed from: i, reason: collision with root package name */
    private a f10175i;

    /* renamed from: j, reason: collision with root package name */
    private String f10176j;

    /* renamed from: k, reason: collision with root package name */
    private EnumMap<EncryptionState, a> f10177k = new EnumMap<>(EncryptionState.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class a {

        /* renamed from: a, reason: collision with root package name */
        private List<String> f10178a = new ArrayList();

        /* renamed from: b, reason: collision with root package name */
        private String f10179b;

        /* renamed from: c, reason: collision with root package name */
        private String f10180c;

        /* renamed from: d, reason: collision with root package name */
        private a[] f10181d;

        a(String str, EncryptionState encryptionState, a... aVarArr) {
            this.f10179b = str;
            this.f10181d = (a[]) aVarArr.clone();
            this.f10180c = str + "_i_v";
            this.f10178a.add(this.f10179b);
            this.f10178a.add(this.f10180c);
            if (encryptionState != null) {
                h.this.f10177k.put((EnumMap) encryptionState, (EncryptionState) this);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public byte[] h() {
            try {
                return p(false).doFinal(q());
            } catch (BadPaddingException | IllegalBlockSizeException e10) {
                throw new EncryptionError("Failed to decrypt", e10);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public byte[] i(Key key) {
            try {
                return o(key, false).doFinal(q());
            } catch (BadPaddingException | IllegalBlockSizeException e10) {
                throw new EncryptionError("Failed to decrypt with a secret key", e10);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public byte[] j(Cipher cipher) {
            try {
                return cipher.doFinal(q());
            } catch (IllegalStateException e10) {
                throw new EncryptionError("Encryption cipher is used for decryption.", e10);
            } catch (BadPaddingException e11) {
                e = e11;
                throw new EncryptionError("Failed to decrypt with the provided cipher", e);
            } catch (IllegalBlockSizeException e12) {
                e = e12;
                throw new EncryptionError("Failed to decrypt with the provided cipher", e);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void k(Key key, byte[] bArr) {
            try {
                t(o(key, true).doFinal(bArr));
            } catch (BadPaddingException | IllegalBlockSizeException e10) {
                throw new EncryptionError("Failed to encrypt with a secret key.", e10);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void l(Cipher cipher, byte[] bArr) {
            try {
                t(cipher.doFinal(bArr));
            } catch (BadPaddingException | IllegalBlockSizeException e10) {
                throw new EncryptionError("Failed to encrypt with the provided cipher", e10);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void m(byte[] bArr) {
            try {
                t(p(true).doFinal(bArr));
            } catch (BadPaddingException | IllegalBlockSizeException e10) {
                throw new EncryptionError("Failed to encrypt", e10);
            }
        }

        private Cipher o(Key key, boolean z10) {
            Cipher t10 = h.this.t();
            try {
                t10.init(z10 ? 1 : 2, key, new GCMParameterSpec(128, s(z10)));
                return t10;
            } catch (InvalidAlgorithmParameterException | InvalidKeyException e10) {
                throw new EncryptionError("Failed to get AES cipher with a secret key", e10);
            }
        }

        private Cipher p(boolean z10) {
            Cipher t10 = h.this.t();
            try {
                t10.init(z10 ? 1 : 2, h.this.A(false, z10), new GCMParameterSpec(128, s(z10)));
                return t10;
            } catch (InvalidAlgorithmParameterException | InvalidKeyException e10) {
                throw new EncryptionError("Failed to get AES cipher", e10);
            }
        }

        private byte[] q() {
            return h.this.B(this.f10179b);
        }

        private byte[] s(boolean z10) {
            if (!z10) {
                return r();
            }
            byte[] r10 = r();
            if (r10.length != 0) {
                return r10;
            }
            byte[] r11 = h.r(12);
            u(r11);
            return r11;
        }

        private void t(byte[] bArr) {
            h.this.H(this.f10179b, bArr);
        }

        void g() {
            if (n()) {
                SharedPreferences.Editor edit = h.this.f10169c.edit();
                Iterator<String> it = this.f10178a.iterator();
                while (it.hasNext()) {
                    edit.remove(it.next());
                }
                edit.apply();
                for (a aVar : this.f10181d) {
                    aVar.g();
                }
            }
        }

        boolean n() {
            Iterator<String> it = this.f10178a.iterator();
            boolean z10 = false;
            while (it.hasNext()) {
                if (h.this.f10169c.contains(it.next())) {
                    z10 = true;
                }
            }
            return z10;
        }

        byte[] r() {
            return h.this.B(this.f10180c);
        }

        void u(byte[] bArr) {
            h.this.H(this.f10180c, bArr);
        }
    }

    static {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            f10166m = keyStore;
            keyStore.load(null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e10) {
            f10165l.l("Unexpected Exception in {}", " key store initialization", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public h(Context context, String str) {
        if (str.isEmpty()) {
            throw new IllegalArgumentException("Empty alias.");
        }
        this.f10168b = str;
        this.f10176j = str + "_ci_iv";
        this.f10169c = context.getSharedPreferences(str + "_sharedPreference##", 0);
        this.f10171e = new a(str + "_s", null, new a[0]);
        this.f10172f = new a(str + "p_chk", null, new a[0]);
        new a(str + "init_iv_verifier", EncryptionState.INIT, new a[0]);
        this.f10173g = new a(str + "_auto_key", EncryptionState.NO_PASSCODE, new a[0]);
        this.f10174h = new a(str + "_pCode_key", EncryptionState.PASSCODE_ONLY, this.f10171e, this.f10172f);
        this.f10175i = new a(str + "_b_m_pCode_key", EncryptionState.PASSCODE_BIOMETRIC, this.f10174h);
        this.f10167a = str + "_biometric";
        this.f10170d = false;
        if (Build.VERSION.SDK_INT >= 28) {
            this.f10170d = context.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Key A(boolean z10, boolean z11) {
        String str = !z10 ? this.f10168b : this.f10167a;
        if (!z11) {
            try {
                KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) f10166m.getEntry(str, null);
                if (secretKeyEntry != null) {
                    return secretKeyEntry.getSecretKey();
                }
                throw new EncryptionError("KeyStore entry does not exist.");
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e10) {
                throw new EncryptionError("Failed to get key from key store.", e10);
            }
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(str, 3);
            if (z10) {
                builder.setUserAuthenticationRequired(true);
            }
            builder.setBlockModes("GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false);
            if (Build.VERSION.SDK_INT >= 28) {
                builder.setIsStrongBoxBacked(this.f10170d);
            }
            keyGenerator.init(builder.build());
            return keyGenerator.generateKey();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e11) {
            throw new EncryptionError("Failed to generate key from key store.", e11);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] B(String str) {
        return !C(str) ? new byte[0] : Base64.decode(this.f10169c.getString(str, null), 0);
    }

    private boolean C(String str) {
        return this.f10169c.contains(str);
    }

    private void D(boolean z10, EncryptionState... encryptionStateArr) {
        if (!z10) {
            f10165l.j("Skipping State check.");
            return;
        }
        List asList = Arrays.asList(encryptionStateArr);
        EncryptionState u10 = u();
        if (asList.contains(u10)) {
            throw new IllegalStateException(u10 + " is not allowed");
        }
    }

    private void E(EncryptionState... encryptionStateArr) {
        D(true, encryptionStateArr);
    }

    private void F(char[] cArr, boolean z10, int i10, byte[] bArr) {
        byte[] copyOfRange;
        if (this.f10171e.n()) {
            copyOfRange = this.f10171e.r();
            if (i(copyOfRange)) {
                if (!z10) {
                    i10 = j(copyOfRange);
                }
                copyOfRange = Arrays.copyOfRange(copyOfRange, 0, 32);
            }
        } else {
            byte[] r10 = r(36);
            p(r10, i10);
            this.f10171e.u(r10);
            copyOfRange = Arrays.copyOfRange(r10, 0, 32);
        }
        Key s10 = s(cArr, i10, copyOfRange);
        this.f10172f.k(s10, copyOfRange);
        this.f10174h.k(s10, bArr);
    }

    private void G(char[] cArr, byte[] bArr) {
        F(cArr, false, v(), bArr);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void H(String str, byte[] bArr) {
        this.f10169c.edit().putString(str, Base64.encodeToString(bArr, 0)).apply();
    }

    private Key I(char[] cArr) {
        byte[] r10 = this.f10171e.r();
        int v10 = v();
        if (i(r10)) {
            v10 = j(r10);
            r10 = Arrays.copyOfRange(r10, 0, 32);
        }
        Key s10 = s(cArr, v10, r10);
        if (Arrays.equals(r10, this.f10172f.i(s10))) {
            return s10;
        }
        throw new EncryptionError("Incorrect passcode.");
    }

    private boolean i(byte[] bArr) {
        return bArr.length == 36;
    }

    private int j(byte[] bArr) {
        int length = bArr.length - 4;
        return (bArr[length + 3] & 255) | (bArr[length] << 24) | ((bArr[length + 1] & 255) << 16) | ((bArr[length + 2] & 255) << 8);
    }

    private void p(byte[] bArr, int i10) {
        int length = bArr.length - 4;
        bArr[length] = (byte) (i10 >> 24);
        bArr[length + 1] = (byte) (i10 >> 16);
        bArr[length + 2] = (byte) (i10 >> 8);
        bArr[length + 3] = (byte) i10;
    }

    private static byte[] q() {
        return r(32);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] r(int i10) {
        if (i10 <= 0) {
            throw new IllegalArgumentException("generateRandom: invalid length.");
        }
        byte[] bArr = new byte[i10];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private Key s(char[] cArr, int i10, byte[] bArr) {
        try {
            return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(cArr, bArr, i10, 256));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e10) {
            throw new EncryptionError("Error generating secret key", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Cipher t() {
        try {
            return Cipher.getInstance("AES/GCM/NoPadding");
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e10) {
            throw new EncryptionError("Failed to get cipher instance", e10);
        }
    }

    private static int v() {
        return 1000;
    }

    private a w(EncryptionState encryptionState) {
        return this.f10177k.get(encryptionState);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void h(char[] cArr, char[] cArr2) {
        E(EncryptionState.INIT, EncryptionState.NO_PASSCODE);
        G(cArr2, this.f10174h.i(I(cArr)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void k() {
        for (EncryptionState encryptionState : EncryptionState.values()) {
            w(encryptionState).g();
        }
        l();
    }

    void l() {
        try {
            f10166m.deleteEntry(this.f10168b);
        } catch (KeyStoreException e10) {
            throw new EncryptionError("Failed to delete Android Key Store entry." + e10.getLocalizedMessage(), e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void m(char[] cArr) {
        E(EncryptionState.INIT, EncryptionState.NO_PASSCODE, EncryptionState.PASSCODE_ONLY);
        byte[] i10 = this.f10174h.i(I(cArr));
        this.f10175i.g();
        G(cArr, i10);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] n(char[] cArr, Cipher cipher) {
        E(EncryptionState.PASSCODE_BIOMETRIC);
        byte[] h10 = this.f10173g.n() ? this.f10173g.h() : this.f10174h.n() ? this.f10174h.i(I(cArr)) : q();
        this.f10175i.l(cipher, h10);
        G(cArr, h10);
        this.f10173g.g();
        return h10;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] o(char[] cArr, boolean z10) {
        D(z10, EncryptionState.PASSCODE_ONLY, EncryptionState.PASSCODE_BIOMETRIC);
        byte[] h10 = this.f10173g.n() ? this.f10173g.h() : q();
        G(cArr, h10);
        this.f10173g.g();
        return h10;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EncryptionState u() {
        EncryptionState encryptionState = EncryptionState.INIT;
        for (EncryptionState encryptionState2 : EncryptionState.values()) {
            if (w(encryptionState2).n()) {
                encryptionState = encryptionState2;
            }
        }
        return encryptionState;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] x() {
        E(EncryptionState.PASSCODE_ONLY, EncryptionState.PASSCODE_BIOMETRIC);
        if (this.f10173g.n()) {
            return this.f10173g.h();
        }
        byte[] q10 = q();
        this.f10173g.m(q10);
        return q10;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] y(Cipher cipher) {
        E(EncryptionState.INIT, EncryptionState.NO_PASSCODE, EncryptionState.PASSCODE_ONLY);
        return this.f10175i.j(cipher);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] z(char[] cArr, boolean z10) {
        D(z10, EncryptionState.NO_PASSCODE);
        return !this.f10174h.n() ? o(cArr, z10) : this.f10174h.i(I(cArr));
    }
}
