package eu.unicredit.ial.slc.security.keystore;

import android.content.ContextWrapper;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.UserNotAuthenticatedException;
import eu.unicredit.ial.slc.security.SecurityDeviceInfo;
import eu.unicredit.seg.core.SecLibCore;
import eu.unicredit.seg.core.inteface.output.ko.KoStatusCodes;
import eu.unicredit.seg.core.utils.Logger;
import eu.unicredit.seg.core.utils.SecLibException;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* loaded from: classes2.dex */
public class KeystoreManagerMfa {
    public static final String ALIAS = "UnicreditMfaSeeds";
    private static final Certificate[] CHAIN_CERT = null;
    public static final String CIPHER_ALGORITHM_SECURE_DATA = "AES/GCM/NoPadding";
    private static final char[] ENTRY_PASSWORD = null;
    private static final int GCM_TAG_LENGTH = 16;
    public static final int KEYSIZE = 256;
    private static final String KEYSTORE = "AndroidKeyStore";
    protected static final String TAG = "KeystoreManagerMfa, ";
    private static boolean reinit = false;

    public static synchronized void deleteEntry(ContextWrapper contextWrapper) throws KeyStoreException, SecLibException, CertificateException, IOException, NoSuchAlgorithmException {
        synchronized (KeystoreManagerMfa.class) {
            deleteEntry(contextWrapper, ALIAS);
        }
    }

    public static synchronized void deleteEntry(ContextWrapper contextWrapper, String str) throws KeyStoreException, SecLibException, CertificateException, IOException, NoSuchAlgorithmException {
        synchronized (KeystoreManagerMfa.class) {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE);
            keyStore.load(null);
            keyStore.deleteEntry(str);
            initialize(str, contextWrapper);
        }
    }

    public static synchronized void deleteEntry(ContextWrapper contextWrapper, KeyStore keyStore) throws KeyStoreException, SecLibException {
        synchronized (KeystoreManagerMfa.class) {
            deleteEntry(contextWrapper, keyStore, ALIAS);
        }
    }

    public static synchronized void deleteEntry(ContextWrapper contextWrapper, KeyStore keyStore, String str) throws KeyStoreException, SecLibException {
        synchronized (KeystoreManagerMfa.class) {
            keyStore.deleteEntry(str);
            initialize(str, contextWrapper);
        }
    }

    public static synchronized Cipher getDecryptionCipher(byte[] bArr, ContextWrapper contextWrapper) throws SecLibException {
        Cipher decryptionCipher;
        synchronized (KeystoreManagerMfa.class) {
            decryptionCipher = getDecryptionCipher(bArr, ALIAS, contextWrapper);
        }
        return decryptionCipher;
    }

    public static synchronized Cipher getDecryptionCipher(byte[] bArr, String str, ContextWrapper contextWrapper) throws SecLibException {
        Cipher cipher;
        synchronized (KeystoreManagerMfa.class) {
            Logger.info("KeystoreManagerMfa, getDecryptionCipher(" + str + ")");
            Logger.info("KeystoreManagerMfa, Version >= M");
            try {
                cipher = Cipher.getInstance(CIPHER_ALGORITHM_SECURE_DATA);
                Logger.info("Cipher, " + ("provider: " + cipher.getProvider().getName() + ", version: " + cipher.getProvider().getVersion() + ", info: " + cipher.getProvider().getInfo()));
                Logger.info("KeystoreManagerMfa, Cipher getInstance");
                cipher.init(2, getSecretKey(str, contextWrapper), new GCMParameterSpec(128, bArr));
                Logger.info("KeystoreManagerMfa, Cipher initialized, returning cipher");
            } catch (Exception e) {
                Logger.error("KeystoreManagerMfa, Error retrieving decryption cipher: " + e.getMessage());
                if (e instanceof UserNotAuthenticatedException) {
                    throw new SecLibException(KoStatusCodes.KO_KEYSTORE_USER_NOT_AUTHENTICATED, KoStatusCodes.KO_KEYSTORE_USER_NOT_AUTHENTICATED.getDefaultErrorMessage());
                }
                throw new SecLibException(KoStatusCodes.KO_KEYSTORE, KoStatusCodes.KO_KEYSTORE.getDefaultErrorMessage());
            }
        }
        return cipher;
    }

    public static synchronized Cipher getEncryptionCipher(ContextWrapper contextWrapper) throws SecLibException {
        Cipher encryptionCipher;
        synchronized (KeystoreManagerMfa.class) {
            encryptionCipher = getEncryptionCipher(ALIAS, contextWrapper);
        }
        return encryptionCipher;
    }

    public static synchronized Cipher getEncryptionCipher(String str, ContextWrapper contextWrapper) throws SecLibException {
        Cipher cipher;
        synchronized (KeystoreManagerMfa.class) {
            Logger.info("KeystoreManagerMfa, getEncryptionCipher(" + str + ")");
            Logger.info("KeystoreManagerMfa, Version >= M");
            try {
                cipher = Cipher.getInstance(CIPHER_ALGORITHM_SECURE_DATA);
                Logger.info("Cipher, " + ("provider: " + cipher.getProvider().getName() + ", version: " + cipher.getProvider().getVersion() + ", info: " + cipher.getProvider().getInfo()));
                Logger.info("KeystoreManagerMfa, Cipher getInstance");
                cipher.init(1, getSecretKey(str, contextWrapper));
                Logger.info("KeystoreManagerMfa, Cipher initialized");
            } catch (Exception e) {
                Logger.error("KeystoreManagerMfa, Error retrieving encryption cipher: " + e.getMessage());
                throw new SecLibException(KoStatusCodes.KO_KEYSTORE, KoStatusCodes.KO_KEYSTORE.getDefaultErrorMessage());
            }
        }
        return cipher;
    }

    private static synchronized Key getSecretKey(ContextWrapper contextWrapper) throws SecLibException {
        Key secretKey;
        synchronized (KeystoreManagerMfa.class) {
            secretKey = getSecretKey(ALIAS, contextWrapper);
        }
        return secretKey;
    }

    private static synchronized Key getSecretKey(String str, ContextWrapper contextWrapper) throws SecLibException {
        Key key;
        synchronized (KeystoreManagerMfa.class) {
            if (str == null) {
                Logger.error("KeystoreManagerMfa, alias is null");
                SecLibCore.exception("alias is null", contextWrapper);
                throw new SecLibException(KoStatusCodes.KO_KEYSTORE, KoStatusCodes.KO_KEYSTORE.getDefaultErrorMessage());
            }
            try {
                Logger.info("KeystoreManagerMfa, getSecretKey(" + str + ")");
                KeyStore keyStore = KeyStore.getInstance(KEYSTORE);
                Logger.info("KeystoreManagerMfa, keystore, " + ("provider: " + keyStore.getProvider().getName() + ", version: " + keyStore.getProvider().getVersion() + ", info: " + keyStore.getProvider().getInfo()));
                Logger.info("KeystoreManagerMfa, getSecretKey, getting Instance");
                key = null;
                keyStore.load(null);
                Logger.info("KeystoreManagerMfa, getSecretKey, loading keystore");
                if (keyStore.containsAlias(str)) {
                    Logger.info("KeystoreManagerMfa, getSecretKey, key present");
                    key = keyStore.getKey(str, ENTRY_PASSWORD);
                    Logger.info("KeystoreManagerMfa, getSecretKey, key retrieved");
                } else {
                    Logger.info("KeystoreManagerMfa, getSecretKey, key not present");
                }
                if (key == null) {
                    Logger.info("KeystoreManagerMfa, getSecretKey, reinit");
                    reinit = true;
                    deleteEntry(contextWrapper, keyStore, str);
                    key = keyStore.getKey(str, ENTRY_PASSWORD);
                    Logger.info("KeystoreManagerMfa, getSecretKey, reinit done");
                } else {
                    Logger.info("KeystoreManagerMfa, getSecretKey, key!=null");
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
                Logger.error("KeystoreManagerMfa, Error retrieving encKey: " + e.getMessage());
                throw new SecLibException(KoStatusCodes.KO_KEYSTORE, KoStatusCodes.KO_KEYSTORE.getDefaultErrorMessage());
            }
        }
        return key;
    }

    private static synchronized void initialize(ContextWrapper contextWrapper) throws SecLibException {
        synchronized (KeystoreManagerMfa.class) {
            initialize(ALIAS, contextWrapper);
        }
    }

    private static synchronized void initialize(String str, ContextWrapper contextWrapper) throws SecLibException {
        boolean z;
        synchronized (KeystoreManagerMfa.class) {
            Logger.info("KeystoreManagerMfa, initialize");
            try {
                Logger.info("KeystoreManagerMfa, initialize()");
                KeyStore keyStore = KeyStore.getInstance(KEYSTORE);
                Logger.info("KeystoreManagerMfa, keystore, " + ("provider: " + keyStore.getProvider().getName() + ", version: " + keyStore.getProvider().getVersion() + ", info: " + keyStore.getProvider().getInfo()));
                Logger.info("KeystoreManagerMfa, KeyStore.getInstance(KEYSTORE)");
                keyStore.load(null);
                Logger.info("KeystoreManagerMfa, keystore.load(null)");
                if (str == null) {
                    Logger.error("KeystoreManagerMfa, alias is null");
                    SecLibCore.exception("alias is null", contextWrapper);
                    throw new Exception("alias is null");
                }
                if (!keyStore.containsAlias(str) || reinit) {
                    Logger.info("KeystoreManagerMfa, Keystore=AndroidKeyStore doesn't contain alias=" + str + " or REINIT. Generating alias.");
                    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                    Logger.info("KeystoreManagerMfa, KeyGenerator.getInstance done");
                    if (Build.VERSION.SDK_INT >= 28) {
                        if (contextWrapper.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore")) {
                            z = true;
                        } else {
                            Logger.error("KeystoreManagerMfa, StringBox NOT available");
                            z = false;
                        }
                        if (!SecurityDeviceInfo.isDeviceSecure(contextWrapper)) {
                            Logger.error("KeystoreManagerMfa, the device is NOT secured with a PIN, pattern or password");
                            SecLibCore.exception("the device is NOT secured with a PIN, pattern or password", contextWrapper);
                            throw new Exception("the device is NOT secured with a PIN, pattern or password");
                        }
                        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 35).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).setUnlockedDeviceRequired(true).setIsStrongBoxBacked(z).setRandomizedEncryptionRequired(true).setUserAuthenticationRequired(false).setUserConfirmationRequired(false).setUserPresenceRequired(false).setUserAuthenticationValidityDurationSeconds(-1).build());
                    } else {
                        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).setRandomizedEncryptionRequired(true).setUserAuthenticationRequired(false).setUserAuthenticationValidityDurationSeconds(-1).build());
                    }
                    Logger.info("KeystoreManagerMfa, KeyGenerator.init done");
                    SecretKey generateKey = keyGenerator.generateKey();
                    Logger.info("KeystoreManagerMfa, KeyGenerator.generateKey done");
                    Logger.info("KeystoreManagerMfa, getSecretKey, key!=null");
                    keyStore.setKeyEntry(str, generateKey, ENTRY_PASSWORD, CHAIN_CERT);
                    Logger.info("KeystoreManagerMfa, saved entry to keystore");
                    reinit = false;
                    Logger.info("KeystoreManager: all has been set");
                }
            } catch (IOException e) {
                e = e;
                Logger.error("KeystoreManagerMfa, Problems initializing KeyStore: " + e.getMessage());
                throw new SecLibException(KoStatusCodes.KO_KEYSTORE, KoStatusCodes.KO_KEYSTORE.getDefaultErrorMessage());
            } catch (InvalidAlgorithmParameterException e2) {
                e = e2;
                Logger.error("KeystoreManagerMfa, Problems initializing KeyStore: " + e.getMessage());
                throw new SecLibException(KoStatusCodes.KO_KEYSTORE, KoStatusCodes.KO_KEYSTORE.getDefaultErrorMessage());
            } catch (KeyStoreException e3) {
                e = e3;
                Logger.error("KeystoreManagerMfa, Problems initializing KeyStore: " + e.getMessage());
                throw new SecLibException(KoStatusCodes.KO_KEYSTORE, KoStatusCodes.KO_KEYSTORE.getDefaultErrorMessage());
            } catch (NoSuchAlgorithmException e4) {
                e = e4;
                Logger.error("KeystoreManagerMfa, Problems initializing KeyStore: " + e.getMessage());
                throw new SecLibException(KoStatusCodes.KO_KEYSTORE, KoStatusCodes.KO_KEYSTORE.getDefaultErrorMessage());
            } catch (CertificateException e5) {
                e = e5;
                Logger.error("KeystoreManagerMfa, Problems initializing KeyStore: " + e.getMessage());
                throw new SecLibException(KoStatusCodes.KO_KEYSTORE, KoStatusCodes.KO_KEYSTORE.getDefaultErrorMessage());
            } catch (Exception e6) {
                Logger.error("KeystoreManagerMfa, Generic Exception: " + e6.getMessage());
                SecLibCore.exception(e6.getMessage(), contextWrapper);
                throw new SecLibException(KoStatusCodes.KO_KEYSTORE, KoStatusCodes.KO_KEYSTORE.getDefaultErrorMessage());
            }
        }
    }
}
