package com.microsoft.identity.internal.device;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.microsoft.identity.common.java.crypto.key.AES256KeyLoader;
import com.microsoft.identity.internal.EccKeyFactory;
import com.microsoft.identity.internal.EccKeyResponse;
import com.microsoft.identity.internal.StatusInternal;
import com.microsoft.identity.internal.TempError;
import com.microsoft.identity.internal.utils.DeviceErrorUtils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.ECGenParameterSpec;
import java.util.Date;
import java.util.HashMap;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: classes2.dex */
class NoKeyStoreEccKeyFactoryImpl extends EccKeyFactory {
    private static final int CIPHER_BLOCK_SIZE = 16;
    private static final String CIPHER_TRANSFORM = "AES/CBC/PKCS7Padding";
    private static final String CREATION_DATE_KEY = "CreationDate";
    private static final String DEVICE_KEYSTORE = "com.microsoft.identity.msa.device.keystore";
    private static final String ENCRYPTION_KEY_ID = "com.microsoft.identity.msa.device.keystore.key";
    private static final int ENCRYPTION_KEY_SIZE = 256;
    private static final String KEY_KEY = "Key";
    private final Context mApplicationContext;
    private SecretKey mEncryptionKey;
    private final Provider mProvider;

    public NoKeyStoreEccKeyFactoryImpl(Context context, Provider provider) {
        this.mApplicationContext = context;
        this.mProvider = provider;
    }

    private EccKeyResponse fail(StatusInternal statusInternal, String str, Exception exc, int i) {
        return new EccKeyResponse(null, DeviceErrorUtils.createError(statusInternal, str, exc, i));
    }

    private void generateEncryptionKey() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(AES256KeyLoader.AES_ALGORITHM, "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder(ENCRYPTION_KEY_ID, 3).setKeySize(ENCRYPTION_KEY_SIZE).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setUserAuthenticationRequired(false).build());
        this.mEncryptionKey = keyGenerator.generateKey();
    }

    private void initializeEncryptionKey() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, KeyStoreException, CertificateException, IOException, UnrecoverableKeyException {
        if (this.mEncryptionKey == null) {
            synchronized (this) {
                if (this.mEncryptionKey == null) {
                    KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                    keyStore.load(null);
                    if (keyStore.containsAlias(ENCRYPTION_KEY_ID)) {
                        if (!(keyStore.getKey(ENCRYPTION_KEY_ID, null) instanceof SecretKey)) {
                            keyStore.deleteEntry(ENCRYPTION_KEY_ID);
                            generateEncryptionKey();
                        }
                        this.mEncryptionKey = (SecretKey) keyStore.getKey(ENCRYPTION_KEY_ID, null);
                    } else {
                        generateEncryptionKey();
                    }
                }
            }
        }
    }

    private void storeEccKey(String str, KeyPair keyPair) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, IOException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnrecoverableKeyException, CertificateException, KeyStoreException {
        initializeEncryptionKey();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
            try {
                HashMap hashMap = new HashMap();
                hashMap.put(KEY_KEY, keyPair);
                hashMap.put("CreationDate", new Date());
                objectOutputStream.writeObject(hashMap);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                objectOutputStream.close();
                byteArrayOutputStream.close();
                Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORM);
                cipher.init(1, this.mEncryptionKey);
                byte[] doFinal = cipher.doFinal(byteArray);
                byte[] iv = cipher.getIV();
                byte[] bArr = new byte[iv.length + doFinal.length];
                System.arraycopy(iv, 0, bArr, 0, iv.length);
                System.arraycopy(doFinal, 0, bArr, 16, doFinal.length);
                this.mApplicationContext.getSharedPreferences(DEVICE_KEYSTORE, 0).edit().putString(str, Base64.encodeToString(bArr, 2)).commit();
            } finally {
            }
        } catch (Throwable th) {
            try {
                byteArrayOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Override // com.microsoft.identity.internal.EccKeyFactory
    public TempError deleteEccKey(String str) {
        if (str.isEmpty()) {
            return DeviceErrorUtils.createError(StatusInternal.UNEXPECTED, "Key id is empty.", null, 0);
        }
        this.mApplicationContext.getSharedPreferences(DEVICE_KEYSTORE, 0).edit().remove(str).commit();
        return null;
    }

    @Override // com.microsoft.identity.internal.EccKeyFactory
    public EccKeyResponse generateEccKey(String str, boolean z) {
        if (str.isEmpty()) {
            return fail(StatusInternal.UNEXPECTED, "Key id is empty.", null, 0);
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", this.mProvider);
            keyPairGenerator.initialize(new ECGenParameterSpec("prime256v1"));
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            if (generateKeyPair == null) {
                return fail(StatusInternal.UNEXPECTED, "Failed to generate device keys.", null, 0);
            }
            try {
                storeEccKey(str, generateKeyPair);
                return new EccKeyResponse(new EccKeyImpl(str, generateKeyPair, this.mProvider, new Date()), null);
            } catch (IOException | BadPaddingException | IllegalBlockSizeException e) {
                return fail(StatusInternal.UNEXPECTED, "Failed to serialize encrypted device key value.", e, 0);
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException e2) {
                return fail(StatusInternal.UNEXPECTED, "We must be running with an unsupported API level.", e2, 0);
            } catch (InvalidKeyException e3) {
                return fail(StatusInternal.UNEXPECTED, "Failed to encrypt device key.", e3, 0);
            } catch (KeyStoreException | UnrecoverableKeyException | CertificateException e4) {
                return fail(StatusInternal.UNEXPECTED, "Failed to load the encryption key.", e4, 0);
            }
        } catch (InvalidAlgorithmParameterException e5) {
            return this.fail(StatusInternal.UNEXPECTED, "Failed to initialize the key generator.", e5, 0);
        } catch (NoSuchAlgorithmException e6) {
            return this.fail(StatusInternal.UNEXPECTED, this.mProvider.getName() + " does not implement EC algorithm", e6, 0);
        }
    }

    @Override // com.microsoft.identity.internal.EccKeyFactory
    public EccKeyResponse loadEccKey(String str) {
        if (str.isEmpty()) {
            return fail(StatusInternal.UNEXPECTED, "Key id is empty.", null, 0);
        }
        String string = this.mApplicationContext.getSharedPreferences(DEVICE_KEYSTORE, 0).getString(str, "");
        if (string.isEmpty()) {
            return new EccKeyResponse(null, null);
        }
        try {
            try {
                try {
                    initializeEncryptionKey();
                    byte[] decode = Base64.decode(string, 0);
                    IvParameterSpec ivParameterSpec = new IvParameterSpec(decode, 0, 16);
                    Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORM);
                    cipher.init(2, this.mEncryptionKey, ivParameterSpec);
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(cipher.doFinal(decode, 16, decode.length - 16));
                    try {
                        ObjectInputStream objectInputStream = new ObjectInputStream(byteArrayInputStream);
                        try {
                            Object readObject = objectInputStream.readObject();
                            if (readObject instanceof HashMap) {
                                HashMap hashMap = (HashMap) readObject;
                                Object obj = hashMap.get(KEY_KEY);
                                if (obj instanceof KeyPair) {
                                    Object obj2 = hashMap.get("CreationDate");
                                    if (obj2 instanceof Date) {
                                        EccKeyResponse eccKeyResponse = new EccKeyResponse(new EccKeyImpl(str, (KeyPair) obj, this.mProvider, (Date) obj2), null);
                                        objectInputStream.close();
                                        byteArrayInputStream.close();
                                        return eccKeyResponse;
                                    }
                                }
                            }
                            EccKeyResponse fail = fail(StatusInternal.UNEXPECTED, "Failed to deserialize the key with id ".concat(str), null, 0);
                            objectInputStream.close();
                            byteArrayInputStream.close();
                            return fail;
                        } finally {
                        }
                    } catch (Throwable th) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } catch (KeyStoreException | UnrecoverableKeyException | CertificateException e) {
                    return fail(StatusInternal.UNEXPECTED, "Failed to load the encryption key.", e, 0);
                }
            } catch (InvalidKeyException e2) {
                return fail(StatusInternal.UNEXPECTED, "Failed to decrypt device key.", e2, 0);
            }
        } catch (IOException | ClassNotFoundException | BadPaddingException | IllegalBlockSizeException e3) {
            return fail(StatusInternal.UNEXPECTED, "Failed to deserialize encrypted device key value.", e3, 0);
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException e4) {
            return fail(StatusInternal.UNEXPECTED, "We must be running with an unsupported API level.", e4, 0);
        }
    }
}
