package com.auth0.android.authentication.storage;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import androidx.annotation.O;
import androidx.annotation.m0;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Calendar;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
class g {

    /* renamed from: g, reason: collision with root package name */
    private static final String f34985g = "g";

    /* renamed from: h, reason: collision with root package name */
    private static final String f34986h = "RSA/ECB/PKCS1Padding";

    /* renamed from: i, reason: collision with root package name */
    private static final String f34987i = "AES/GCM/NOPADDING";

    /* renamed from: j, reason: collision with root package name */
    private static final String f34988j = "AndroidKeyStore";

    /* renamed from: k, reason: collision with root package name */
    private static final String f34989k = "RSA";

    /* renamed from: l, reason: collision with root package name */
    private static final String f34990l = "AES";

    /* renamed from: m, reason: collision with root package name */
    private static final int f34991m = 256;

    /* renamed from: n, reason: collision with root package name */
    private static final int f34992n = 2048;

    /* renamed from: a, reason: collision with root package name */
    private final String f34993a;

    /* renamed from: b, reason: collision with root package name */
    private final String f34994b;

    /* renamed from: c, reason: collision with root package name */
    private final String f34995c;

    /* renamed from: d, reason: collision with root package name */
    private final String f34996d;

    /* renamed from: e, reason: collision with root package name */
    private final n f34997e;

    /* renamed from: f, reason: collision with root package name */
    private final Context f34998f;

    public g(@O Context context, @O n nVar, @O String str) {
        String trim = str.trim();
        if (TextUtils.isEmpty(trim)) {
            throw new IllegalArgumentException("RSA and AES Key alias must be valid.");
        }
        this.f34993a = trim;
        this.f34994b = trim + "_iv";
        this.f34995c = context.getPackageName() + "." + trim;
        this.f34996d = context.getPackageName() + "." + trim + "_iv";
        this.f34998f = context;
        this.f34997e = nVar;
    }

    private void d() {
        this.f34997e.remove(this.f34995c);
        this.f34997e.remove(this.f34996d);
    }

    private void e() {
        try {
            KeyStore keyStore = KeyStore.getInstance(f34988j);
            keyStore.load(null);
            keyStore.deleteEntry(this.f34995c);
            Log.d(f34985g, "Deleting the existing RSA key pair from the KeyStore.");
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e6) {
            Log.e(f34985g, "Failed to remove the RSA KeyEntry from the Android KeyStore.", e6);
        }
    }

    private KeyStore.PrivateKeyEntry h(KeyStore keyStore, String str) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, null);
        if (privateKey == null) {
            return (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null);
        }
        Certificate certificate = keyStore.getCertificate(str);
        if (certificate == null) {
            return null;
        }
        return new KeyStore.PrivateKeyEntry(privateKey, new Certificate[]{certificate});
    }

    @m0
    byte[] a(byte[] bArr) throws h, f {
        try {
            PrivateKey privateKey = i().getPrivateKey();
            Cipher cipher = Cipher.getInstance(f34986h);
            cipher.init(2, privateKey);
            return cipher.doFinal(bArr);
        } catch (IllegalArgumentException e6) {
            e = e6;
            d();
            throw new f("The RSA encrypted input is corrupted and cannot be recovered. Please discard it.", e);
        } catch (InvalidKeyException e7) {
            e = e7;
            Log.e(f34985g, "The device can't decrypt input using a RSA Key.", e);
            throw new h(e);
        } catch (NoSuchAlgorithmException e8) {
            e = e8;
            Log.e(f34985g, "The device can't decrypt input using a RSA Key.", e);
            throw new h(e);
        } catch (BadPaddingException e9) {
            e = e9;
            d();
            throw new f("The RSA encrypted input is corrupted and cannot be recovered. Please discard it.", e);
        } catch (IllegalBlockSizeException e10) {
            e = e10;
            d();
            throw new f("The RSA encrypted input is corrupted and cannot be recovered. Please discard it.", e);
        } catch (NoSuchPaddingException e11) {
            e = e11;
            Log.e(f34985g, "The device can't decrypt input using a RSA Key.", e);
            throw new h(e);
        }
    }

    @m0
    byte[] b(byte[] bArr) throws h, f {
        try {
            Certificate certificate = i().getCertificate();
            Cipher cipher = Cipher.getInstance(f34986h);
            cipher.init(1, certificate);
            return cipher.doFinal(bArr);
        } catch (InvalidKeyException e6) {
            e = e6;
            Log.e(f34985g, "The device can't encrypt input using a RSA Key.", e);
            throw new h(e);
        } catch (NoSuchAlgorithmException e7) {
            e = e7;
            Log.e(f34985g, "The device can't encrypt input using a RSA Key.", e);
            throw new h(e);
        } catch (BadPaddingException e8) {
            e = e8;
            d();
            throw new f("The RSA decrypted input is invalid.", e);
        } catch (IllegalBlockSizeException e9) {
            e = e9;
            d();
            throw new f("The RSA decrypted input is invalid.", e);
        } catch (NoSuchPaddingException e10) {
            e = e10;
            Log.e(f34985g, "The device can't encrypt input using a RSA Key.", e);
            throw new h(e);
        }
    }

    public byte[] c(byte[] bArr) throws f, h {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(g(), f34990l);
            Cipher cipher = Cipher.getInstance(f34987i);
            String f6 = this.f34997e.f(this.f34996d);
            if (TextUtils.isEmpty(f6)) {
                f6 = this.f34997e.f(this.f34994b);
                if (TextUtils.isEmpty(f6)) {
                    throw new f("The encryption keys changed recently. You need to re-encrypt something first.", null);
                }
            }
            cipher.init(2, secretKeySpec, new IvParameterSpec(Base64.decode(f6, 0)));
            return cipher.doFinal(bArr);
        } catch (InvalidAlgorithmParameterException e6) {
            e = e6;
            Log.e(f34985g, "Error while decrypting the input.", e);
            throw new h(e);
        } catch (InvalidKeyException e7) {
            e = e7;
            Log.e(f34985g, "Error while decrypting the input.", e);
            throw new h(e);
        } catch (NoSuchAlgorithmException e8) {
            e = e8;
            Log.e(f34985g, "Error while decrypting the input.", e);
            throw new h(e);
        } catch (BadPaddingException e9) {
            e = e9;
            throw new f("The AES encrypted input is corrupted and cannot be recovered. Please discard it.", e);
        } catch (IllegalBlockSizeException e10) {
            e = e10;
            throw new f("The AES encrypted input is corrupted and cannot be recovered. Please discard it.", e);
        } catch (NoSuchPaddingException e11) {
            e = e11;
            Log.e(f34985g, "Error while decrypting the input.", e);
            throw new h(e);
        }
    }

    public byte[] f(byte[] bArr) throws f, h {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(g(), f34990l);
            Cipher cipher = Cipher.getInstance(f34987i);
            cipher.init(1, secretKeySpec);
            byte[] doFinal = cipher.doFinal(bArr);
            this.f34997e.c(this.f34996d, new String(Base64.encode(cipher.getIV(), 0), StandardCharsets.UTF_8));
            return doFinal;
        } catch (InvalidKeyException e6) {
            e = e6;
            Log.e(f34985g, "Error while encrypting the input.", e);
            throw new h(e);
        } catch (NoSuchAlgorithmException e7) {
            e = e7;
            Log.e(f34985g, "Error while encrypting the input.", e);
            throw new h(e);
        } catch (BadPaddingException e8) {
            e = e8;
            throw new f("The AES decrypted input is invalid.", e);
        } catch (IllegalBlockSizeException e9) {
            e = e9;
            throw new f("The AES decrypted input is invalid.", e);
        } catch (NoSuchPaddingException e10) {
            e = e10;
            Log.e(f34985g, "Error while encrypting the input.", e);
            throw new h(e);
        }
    }

    @m0
    byte[] g() throws h, f {
        byte[] a6;
        String f6 = this.f34997e.f(this.f34995c);
        if (TextUtils.isEmpty(f6)) {
            f6 = this.f34997e.f(this.f34993a);
        }
        if (f6 != null && (a6 = a(Base64.decode(f6, 0))) != null && a6.length == 32) {
            return a6;
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(f34990l);
            keyGenerator.init(256);
            byte[] encoded = keyGenerator.generateKey().getEncoded();
            this.f34997e.c(this.f34995c, new String(Base64.encode(b(encoded), 0), StandardCharsets.UTF_8));
            return encoded;
        } catch (NoSuchAlgorithmException e6) {
            Log.e(f34985g, "Error while creating the AES key.", e6);
            throw new h(e6);
        }
    }

    @m0
    KeyStore.PrivateKeyEntry i() throws f, h {
        KeyStore.PrivateKeyEntry h6;
        try {
            KeyStore keyStore = KeyStore.getInstance(f34988j);
            keyStore.load(null);
            if (keyStore.containsAlias(this.f34993a)) {
                KeyStore.PrivateKeyEntry h7 = h(keyStore, this.f34993a);
                if (h7 != null) {
                    return h7;
                }
            } else if (keyStore.containsAlias(this.f34995c) && (h6 = h(keyStore, this.f34995c)) != null) {
                return h6;
            }
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 25);
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(this.f34995c, 3).setCertificateSubject(new X500Principal("CN=Auth0.Android,O=Auth0")).setCertificateSerialNumber(BigInteger.ONE).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).setKeySize(2048).setEncryptionPaddings("PKCS1Padding").setBlockModes("ECB").build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(f34989k, f34988j);
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
            return h(keyStore, this.f34995c);
        } catch (IOException e6) {
            e = e6;
            e();
            d();
            throw new f("The existing RSA key pair could not be recovered and has been deleted. This occasionally happens when the Lock Screen settings are changed. You can safely retry this operation.", e);
        } catch (InvalidAlgorithmParameterException e7) {
            e = e7;
            Log.e(f34985g, "The device can't generate a new RSA Key pair.", e);
            throw new h(e);
        } catch (KeyStoreException e8) {
            e = e8;
            Log.e(f34985g, "The device can't generate a new RSA Key pair.", e);
            throw new h(e);
        } catch (NoSuchAlgorithmException e9) {
            e = e9;
            Log.e(f34985g, "The device can't generate a new RSA Key pair.", e);
            throw new h(e);
        } catch (NoSuchProviderException e10) {
            e = e10;
            Log.e(f34985g, "The device can't generate a new RSA Key pair.", e);
            throw new h(e);
        } catch (ProviderException e11) {
            e = e11;
            Log.e(f34985g, "The device can't generate a new RSA Key pair.", e);
            throw new h(e);
        } catch (UnrecoverableEntryException e12) {
            e = e12;
            e();
            d();
            throw new f("The existing RSA key pair could not be recovered and has been deleted. This occasionally happens when the Lock Screen settings are changed. You can safely retry this operation.", e);
        } catch (CertificateException e13) {
            e = e13;
            Log.e(f34985g, "The device can't generate a new RSA Key pair.", e);
            throw new h(e);
        }
    }
}
