package com.oblador.keychain.cipherStorage;

import android.annotation.TargetApi;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Log;
import com.facebook.react.bridge.ReactApplicationContext;
import com.oblador.keychain.SecurityLevel;
import com.oblador.keychain.cipherStorage.CipherStorageBase;
import com.oblador.keychain.cipherStorage.a;
import com.oblador.keychain.cipherStorage.s;
import com.oblador.keychain.exceptions.CryptoFailedException;
import com.oblador.keychain.exceptions.KeyStoreAccessException;
import com.oblador.keychain.resultHandler.CryptoOperation;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.spec.KeySpec;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import kotlin.NoWhenBranchMatchedException;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.e0;

@TargetApi(23)
/* loaded from: classes3.dex */
public final class s extends CipherStorageBase {

    /* renamed from: o, reason: collision with root package name */
    @wa.k
    public static final a f57611o = new a(null);

    /* renamed from: p, reason: collision with root package name */
    @wa.k
    public static final String f57612p = "AES";

    /* renamed from: q, reason: collision with root package name */
    @wa.k
    public static final String f57613q = "GCM";

    /* renamed from: r, reason: collision with root package name */
    @wa.k
    public static final String f57614r = "NoPadding";

    /* renamed from: s, reason: collision with root package name */
    @wa.k
    public static final String f57615s = "AES/GCM/NoPadding";

    /* renamed from: t, reason: collision with root package name */
    public static final int f57616t = 256;

    /* renamed from: n, reason: collision with root package name */
    private final boolean f57617n;

    /* loaded from: classes3.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* loaded from: classes3.dex */
    public static final class b {

        /* renamed from: b, reason: collision with root package name */
        public static final int f57619b = 12;

        /* renamed from: c, reason: collision with root package name */
        public static final int f57620c = 128;

        /* renamed from: a, reason: collision with root package name */
        @wa.k
        public static final b f57618a = new b();

        /* renamed from: d, reason: collision with root package name */
        @wa.k
        private static final CipherStorageBase.d f57621d = new CipherStorageBase.d() { // from class: com.oblador.keychain.cipherStorage.t
            @Override // com.oblador.keychain.cipherStorage.CipherStorageBase.d
            public final void a(Cipher cipher, Key key, OutputStream outputStream) {
                s.b.d(cipher, key, outputStream);
            }
        };

        /* renamed from: e, reason: collision with root package name */
        @wa.k
        private static final CipherStorageBase.b f57622e = new CipherStorageBase.b() { // from class: com.oblador.keychain.cipherStorage.u
            @Override // com.oblador.keychain.cipherStorage.CipherStorageBase.b
            public final void a(Cipher cipher, Key key, InputStream inputStream) {
                s.b.c(cipher, key, inputStream);
            }
        };

        private b() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static final void c(Cipher cipher, Key key, InputStream input) {
            e0.p(cipher, "cipher");
            e0.p(key, "key");
            e0.p(input, "input");
            byte[] bArr = new byte[12];
            if (input.read(bArr, 0, 12) != 12) {
                throw new IOException("Input stream has insufficient data.");
            }
            cipher.init(2, key, new GCMParameterSpec(128, bArr));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static final void d(Cipher cipher, Key key, OutputStream output) {
            e0.p(cipher, "cipher");
            e0.p(key, "key");
            e0.p(output, "output");
            cipher.init(1, key);
            byte[] iv = cipher.getIV();
            output.write(iv, 0, iv.length);
        }

        @wa.k
        public final CipherStorageBase.b e() {
            return f57622e;
        }

        @wa.k
        public final CipherStorageBase.d f() {
            return f57621d;
        }
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public s(@wa.k ReactApplicationContext reactContext, boolean z10) {
        super(reactContext);
        e0.p(reactContext, "reactContext");
        this.f57617n = z10;
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    @wa.k
    protected KeyGenParameterSpec.Builder A(@wa.k String alias) throws GeneralSecurityException {
        e0.p(alias, "alias");
        return B(alias, false);
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    @wa.k
    protected KeyGenParameterSpec.Builder B(@wa.k String alias, boolean z10) throws GeneralSecurityException {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder randomizedEncryptionRequired;
        KeyGenParameterSpec.Builder keySize;
        e0.p(alias, "alias");
        int i10 = Build.VERSION.SDK_INT;
        if (i10 < 23) {
            throw new KeyStoreAccessException("Unsupported API" + i10 + " version detected.");
        }
        blockModes = br.com.classapp.RNSensitiveInfo.g.a(alias, 3).setBlockModes("GCM");
        encryptionPaddings = blockModes.setEncryptionPaddings(f57614r);
        randomizedEncryptionRequired = encryptionPaddings.setRandomizedEncryptionRequired(true);
        keySize = randomizedEncryptionRequired.setKeySize(256);
        e0.o(keySize, "setKeySize(...)");
        if (this.f57617n) {
            keySize.setUserAuthenticationRequired(true);
            if (i10 >= 30) {
                keySize.setUserAuthenticationParameters(5, 2);
            } else {
                keySize.setUserAuthenticationValidityDurationSeconds(5);
            }
        }
        return keySize;
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    @wa.k
    protected KeyInfo C(@wa.k Key key) throws GeneralSecurityException {
        e0.p(key, "key");
        int i10 = Build.VERSION.SDK_INT;
        if (i10 >= 23) {
            KeySpec keySpec = SecretKeyFactory.getInstance(key.getAlgorithm(), CipherStorageBase.f57575i).getKeySpec((SecretKey) key, br.com.classapp.RNSensitiveInfo.q.a());
            e0.o(keySpec, "getKeySpec(...)");
            return br.com.classapp.RNSensitiveInfo.r.a(keySpec);
        }
        throw new KeyStoreAccessException("Unsupported API" + i10 + " version detected.");
    }

    @Override // com.oblador.keychain.cipherStorage.a
    public int b() {
        return 23;
    }

    @Override // com.oblador.keychain.cipherStorage.a
    public boolean d() {
        return this.f57617n;
    }

    @Override // com.oblador.keychain.cipherStorage.a
    public void f(@wa.k com.oblador.keychain.resultHandler.b handler, @wa.k String alias, @wa.k byte[] username, @wa.k byte[] password, @wa.k SecurityLevel level) throws CryptoFailedException {
        Key key;
        String message;
        Key q10;
        e0.p(handler, "handler");
        e0.p(alias, "alias");
        e0.p(username, "username");
        e0.p(password, "password");
        e0.p(level, "level");
        P(level);
        String b10 = CipherStorageBase.f57574h.b(alias, c());
        try {
            try {
                q10 = q(b10, level, new AtomicInteger(1));
            } catch (UserNotAuthenticatedException e10) {
                e = e10;
                key = null;
            }
            try {
                handler.e(new a.b(m(q10, username), m(q10, password), null, 4, null), null);
            } catch (UserNotAuthenticatedException e11) {
                e = e11;
                key = q10;
                String E = E();
                message = e.getMessage();
                Log.d(E, "Unlock of keystore is needed. Error: " + message, e);
                e0.m(key);
                handler.c(new com.oblador.keychain.resultHandler.a(b10, key, password, username, CryptoOperation.DECRYPT));
            }
        } catch (Throwable th) {
            handler.e(null, th);
        }
    }

    @Override // com.oblador.keychain.cipherStorage.a
    public void g(@wa.k com.oblador.keychain.resultHandler.b handler, @wa.k String alias, @wa.k String username, @wa.k String password, @wa.k SecurityLevel level) throws CryptoFailedException {
        Key key;
        String message;
        Key q10;
        e0.p(handler, "handler");
        e0.p(alias, "alias");
        e0.p(username, "username");
        e0.p(password, "password");
        e0.p(level, "level");
        P(level);
        String b10 = CipherStorageBase.f57574h.b(alias, c());
        try {
            try {
                q10 = q(b10, level, new AtomicInteger(1));
            } catch (Throwable th) {
                handler.g(null, th);
                return;
            }
        } catch (UserNotAuthenticatedException e10) {
            e = e10;
            key = null;
        }
        try {
            handler.g(new a.c(o(q10, username), o(q10, password), this), null);
        } catch (UserNotAuthenticatedException e11) {
            e = e11;
            key = q10;
            String E = E();
            message = e.getMessage();
            Log.d(E, "Unlock of keystore is needed. Error: " + message, e);
            e0.m(key);
            Charset charset = kotlin.text.d.f72628b;
            byte[] bytes = password.getBytes(charset);
            e0.o(bytes, "getBytes(...)");
            byte[] bytes2 = username.getBytes(charset);
            e0.o(bytes2, "getBytes(...)");
            handler.c(new com.oblador.keychain.resultHandler.a(b10, key, bytes, bytes2, CryptoOperation.ENCRYPT));
        }
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase, com.oblador.keychain.cipherStorage.a
    @wa.k
    public SecurityLevel h() {
        return SecurityLevel.SECURE_HARDWARE;
    }

    @Override // com.oblador.keychain.cipherStorage.a
    @wa.k
    public String i() {
        boolean z10 = this.f57617n;
        if (z10) {
            return "KeystoreAESGCM";
        }
        if (z10) {
            throw new NoWhenBranchMatchedException();
        }
        return "KeystoreAESGCM_NoAuth";
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    @wa.k
    public String m(@wa.k Key key, @wa.k byte[] bytes) throws GeneralSecurityException, IOException {
        e0.p(key, "key");
        e0.p(bytes, "bytes");
        return n(key, bytes, b.f57618a.e());
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    @wa.k
    public byte[] o(@wa.k Key key, @wa.k String value) throws GeneralSecurityException, IOException {
        e0.p(key, "key");
        e0.p(value, "value");
        return p(key, value, b.f57618a.f());
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    @wa.k
    protected Key s(@wa.k KeyGenParameterSpec spec) throws GeneralSecurityException {
        e0.p(spec, "spec");
        int i10 = Build.VERSION.SDK_INT;
        if (i10 >= 23) {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(y(), CipherStorageBase.f57575i);
            keyGenerator.init(spec);
            SecretKey generateKey = keyGenerator.generateKey();
            e0.o(generateKey, "generateKey(...)");
            return generateKey;
        }
        throw new KeyStoreAccessException("Unsupported API" + i10 + " version detected.");
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    @wa.k
    protected String y() {
        return "AES";
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorageBase
    @wa.k
    protected String z() {
        return f57615s;
    }
}
