package com.atlassian.mobilekit.module.datakit.security;

import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import com.atlassian.mobilekit.infrastructure.logging.SafeLogger;
import com.atlassian.mobilekit.infrastructure.logging.Sawyer;
import com.atlassian.mobilekit.model.Result;
import com.microsoft.identity.common.java.crypto.key.AES256KeyLoader;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.UnrecoverableEntryException;
import java.security.spec.KeySpec;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: CryptoKeyInventory.kt */
/* loaded from: classes2.dex */
public final class KeyStoreInventory implements CryptoKeyInventory {
    public static final Companion Companion = new Companion(null);
    private final String instanceKeyAlias;

    /* compiled from: CryptoKeyInventory.kt */
    /* loaded from: classes2.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public KeyStoreInventory(String str) {
        this.instanceKeyAlias = str;
    }

    public /* synthetic */ KeyStoreInventory(String str, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this((i & 1) != 0 ? null : str);
    }

    private final void debugKeyInfo(SecretKey secretKey) {
        KeySpec keySpec = SecretKeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(secretKey, KeyInfo.class);
        Intrinsics.checkNotNull(keySpec, "null cannot be cast to non-null type android.security.keystore.KeyInfo");
        KeyInfo keyInfo = (KeyInfo) keySpec;
        SafeLogger safeLogger = Sawyer.safe;
        safeLogger.d("KeyStoreInventory", CryptoKeyInventoryKt.residesInSecureHardware(keyInfo) ? "Secure Hardware used for Key" : "Secure Hardware not used for Key", new Object[0]);
        safeLogger.d("KeyStoreInventory", keyInfo.isUserAuthenticationRequirementEnforcedBySecureHardware() ? "User auth enforced by h/w" : "User auth not enforced by h/w", new Object[0]);
    }

    private final SecretKey generateKey(String str, String str2, String str3, String str4, int i) {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(str2, "AndroidKeyStore");
        SafeLogger safeLogger = Sawyer.safe;
        safeLogger.d("KeyStoreInventory", "KeyGenerator acquired", new Object[0]);
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(str, 3).setBlockModes(str3).setEncryptionPaddings(str4).setRandomizedEncryptionRequired(false).setKeySize(i).build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        keyGenerator.init(build);
        safeLogger.d("KeyStoreInventory", "KeyGenerator initialized", new Object[0]);
        SecretKey generateKey = keyGenerator.generateKey();
        Intrinsics.checkNotNull(generateKey);
        debugKeyInfo(generateKey);
        return generateKey;
    }

    static /* synthetic */ SecretKey generateKey$default(KeyStoreInventory keyStoreInventory, String str, String str2, String str3, String str4, int i, int i2, Object obj) {
        if ((i2 & 2) != 0) {
            str2 = AES256KeyLoader.AES_ALGORITHM;
        }
        String str5 = str2;
        if ((i2 & 4) != 0) {
            str3 = "CTR";
        }
        String str6 = str3;
        if ((i2 & 8) != 0) {
            str4 = "NoPadding";
        }
        String str7 = str4;
        if ((i2 & 16) != 0) {
            i = 256;
        }
        return keyStoreInventory.generateKey(str, str5, str6, str7, i);
    }

    private final Result getCryptoKey(String str, int i) {
        Result securityExceptionError;
        Result success;
        String keyAlias = getKeyAlias(str);
        SafeLogger safeLogger = Sawyer.safe;
        safeLogger.d("KeyStoreInventory", "Key requested for alias \"" + keyAlias + "\"", new Object[0]);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            safeLogger.d("KeyStoreInventory", "KeyStore loaded with provider \"AndroidKeyStore\"", new Object[0]);
            if (keyStore.containsAlias(keyAlias)) {
                safeLogger.d("KeyStoreInventory", "Key exists for alias \"" + keyAlias + "\"", new Object[0]);
                KeyStore.Entry entry = keyStore.getEntry(keyAlias, null);
                if (entry instanceof KeyStore.SecretKeyEntry) {
                    safeLogger.d("KeyStoreInventory", "Successfully retrieved for alias \"" + keyAlias + "\"", new Object[0]);
                    return new Result.Success(((KeyStore.SecretKeyEntry) entry).getSecretKey());
                }
                safeLogger.e("KeyStoreInventory", "Got entry, but wasn't a SecretKeyEntry", new Object[0]);
                success = new Result.Error(new IllegalStateException("Got entry, but wasn't a SecretKeyEntry"));
            } else {
                safeLogger.d("KeyStoreInventory", "No key exists for alias \"" + keyAlias + "\", generating a new one", new Object[0]);
                SecretKey generateKey$default = generateKey$default(this, keyAlias, null, null, null, 0, 30, null);
                safeLogger.d("KeyStoreInventory", "Key generated successfully", new Object[0]);
                success = new Result.Success(generateKey$default);
            }
            return success;
        } catch (IOException e) {
            Sawyer.safe.e("KeyStoreInventory", e, "Retrieving Key failed", new Object[0]);
            return new IOError(e);
        } catch (UnrecoverableEntryException e2) {
            if (i < 1) {
                Sawyer.safe.d("KeyStoreInventory", "UnrecoverableEntryException, retrying once", new Object[0]);
                securityExceptionError = getCryptoKey(keyAlias, i + 1);
            } else {
                Sawyer.safe.e("KeyStoreInventory", e2, "Retrieving Key failed", new Object[0]);
                securityExceptionError = new SecurityExceptionError(e2);
            }
            return securityExceptionError;
        } catch (GeneralSecurityException e3) {
            Sawyer.safe.e("KeyStoreInventory", e3, "Retrieving Key failed", new Object[0]);
            return new SecurityExceptionError(e3);
        }
    }

    private final String getKeyAlias(String str) {
        if (str != null) {
            return str;
        }
        String str2 = this.instanceKeyAlias;
        return str2 == null ? "DataKitSecurityKey" : str2;
    }

    @Override // com.atlassian.mobilekit.module.datakit.security.CryptoKeyInventory
    public synchronized Result getCryptoKey(String str) {
        return getCryptoKey(str, 0);
    }

    @Override // com.atlassian.mobilekit.module.datakit.security.CryptoKeyInventory
    public void removeCryptoKey(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry(getKeyAlias(str));
        } catch (IOException e) {
            Sawyer.safe.e("KeyStoreInventory", e, "Removing Key failed", new Object[0]);
        } catch (IllegalArgumentException e2) {
            Sawyer.safe.e("KeyStoreInventory", e2, "Removing Key failed", new Object[0]);
        } catch (GeneralSecurityException e3) {
            Sawyer.safe.e("KeyStoreInventory", e3, "Removing Key failed", new Object[0]);
        }
    }
}
