package com.amazon.identity.auth.device.framework.crypto;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import com.amazon.identity.auth.device.c6;
import com.amazon.identity.auth.device.framework.crypto.AESCipher;
import com.amazon.identity.auth.device.ka;
import com.amazon.identity.auth.device.q6;
import com.amazon.identity.auth.device.storage.i;
import com.amazon.identity.auth.device.v6;
import com.amazon.identity.auth.device.xa;
import com.amazon.identity.auth.device.z3;
import com.amazonaws.services.s3.internal.crypto.JceEncryptionConstants;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.security.auth.x500.X500Principal;

@TargetApi(19)
/* loaded from: classes3.dex */
public final class a implements z3 {

    /* renamed from: e, reason: collision with root package name */
    private static a f38815e;

    /* renamed from: a, reason: collision with root package name */
    private final Context f38816a;

    /* renamed from: b, reason: collision with root package name */
    private final AESCipher f38817b;

    /* renamed from: c, reason: collision with root package name */
    private final KeyStore f38818c;

    /* renamed from: d, reason: collision with root package name */
    private final c6 f38819d;

    private a(Context context) {
        xa b3 = xa.b("LocalDataStorageEncryptor:InitiatingLocalDataStorageEncryptor");
        try {
            try {
                this.f38816a = context;
                this.f38819d = c6.a(context, "LOCAL_DS_ENCRYPTION_KEY_NAMESPACE");
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                this.f38818c = keyStore;
                keyStore.load(null);
                b(context, b3);
                this.f38817b = new AESCipher(e(b3));
                b3.h(true);
                v6.h("LocalDataStorageEncryptor:Initiation:Success");
            } catch (Exception e3) {
                b3.j("CreateFail:".concat(e3.getClass().getSimpleName()));
                b3.h(false);
                v6.h("LocalDataStorageEncryptor:Initiation:Failed:".concat(e3.getClass().getSimpleName()));
                throw e3;
            }
        } finally {
            b3.d();
        }
    }

    public static synchronized a a(Context context) {
        a aVar;
        synchronized (a.class) {
            try {
                if (f38815e == null) {
                    q6.l("LocalDataStorageEncryptor", "Generating LocalDataStorageEncryptor instance");
                    f38815e = new a(context);
                    q6.l("LocalDataStorageEncryptor", "Finish generating LocalDataStorageEncryptor instance");
                }
                aVar = f38815e;
            } catch (Throwable th) {
                throw th;
            }
        }
        return aVar;
    }

    private void b(Context context, xa xaVar) {
        xaVar.g("generateRSAKeyIfNotExists", 1.0d);
        KeyStore keyStore = this.f38818c;
        if (keyStore == null) {
            xaVar.g("NullKeystore", 1.0d);
            throw new IllegalArgumentException("Keystore is null! This should not happen");
        }
        if (keyStore.containsAlias("IDENTITY_MAP_KEYSTORE_ALIAS")) {
            q6.l("LocalDataStorageEncryptor", "RSA keypair exists, fast return.");
            xaVar.g("RSAKeyPairGenerated", 1.0d);
            return;
        }
        q6.l("LocalDataStorageEncryptor", "Generating RSA keypair");
        if (!TextUtils.isEmpty(this.f38819d.m("AES_ENCRYPTION_KEY"))) {
            q6.l("LocalDataStorageEncryptor", "AES key generated, deleting it and clearing db before generating new RSA keys");
            this.f38819d.c();
            Context context2 = this.f38816a;
            if (context2 != null) {
                context2.deleteDatabase("map_data_storage.db");
            }
            Context context3 = this.f38816a;
            int i2 = i.f39442i;
            new c6(context3, "distributed.datastore.info.store").f("distributed.datastore.init.key", Boolean.FALSE);
            xaVar.g("DeleteExistAESKeyRegenerateRSAKey", 1.0d);
        }
        AlgorithmParameterSpec build = Build.VERSION.SDK_INT <= 23 ? new KeyPairGeneratorSpec.Builder(context).setAlias("IDENTITY_MAP_KEYSTORE_ALIAS").setSubject(new X500Principal("CN=IDENTITY_MAP_KEYSTORE_ALIAS")).setSerialNumber(BigInteger.TEN).setKeySize(2048).build() : new KeyGenParameterSpec.Builder("IDENTITY_MAP_KEYSTORE_ALIAS", 3).setCertificateSubject(new X500Principal("CN=IDENTITY_MAP_KEYSTORE_ALIAS")).setCertificateSerialNumber(BigInteger.TEN).setKeySize(2048).setEncryptionPaddings("PKCS1Padding").build();
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
            xaVar.g("RSAKeyPairGeneration:Success", 1.0d);
        } catch (Exception unused) {
            xaVar.g("RSAKeyPairGeneration:Retry", 1.0d);
            q6.p("LocalDataStorageEncryptor", "Generating RSA key pair failed, retry once");
            KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator2.initialize(build);
            keyPairGenerator2.generateKeyPair();
            xaVar.g("RSAKeyPairGeneration:Retry:Success", 1.0d);
        }
        v6.h("RSAKeyPairGeneration:Success:Overall");
    }

    private byte[] e(xa xaVar) {
        String m2 = this.f38819d.m("AES_ENCRYPTION_KEY");
        byte[] bArr = null;
        if (!TextUtils.isEmpty(m2)) {
            q6.l("LocalDataStorageEncryptor", "AES key generated, decrypting");
            q6.l("LocalDataStorageEncryptor", "Decrypting existed AES Key");
            PrivateKey privateKey = (PrivateKey) this.f38818c.getKey("IDENTITY_MAP_KEYSTORE_ALIAS", null);
            try {
                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                cipher.init(2, privateKey);
                return cipher.doFinal(ka.b(m2));
            } catch (Exception e3) {
                q6.g("LocalDataStorageEncryptor", "Unable to create RSA cipher, this seems to be a system bug.", e3);
                throw new IllegalStateException("Unable to create RSA cipher.");
            }
        }
        q6.l("LocalDataStorageEncryptor", "Generating AES encryption key");
        AESCipher.KeySize keySize = AESCipher.KeySize.KEY_SIZE_256_BITS;
        int i2 = AESCipher.f38813c;
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(JceEncryptionConstants.SYMMETRIC_KEY_ALGORITHM);
            keyGenerator.init(keySize.getKeySizeInBit());
            bArr = keyGenerator.generateKey().getEncoded();
        } catch (NoSuchAlgorithmException e4) {
            q6.g("com.amazon.identity.auth.device.framework.crypto.AESCipher", "Could not generate AES key for algorithm AES, this shouldn't happen", e4);
        }
        q6.l("LocalDataStorageEncryptor", "Encrypting AES Key");
        PublicKey publicKey = this.f38818c.getCertificate("IDENTITY_MAP_KEYSTORE_ALIAS").getPublicKey();
        try {
            Cipher cipher2 = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher2.init(1, publicKey);
            this.f38819d.g("AES_ENCRYPTION_KEY", ka.a(cipher2.doFinal(bArr)));
            xaVar.g("AESKeyGeneration:Success", 1.0d);
            return bArr;
        } catch (Exception e5) {
            q6.g("LocalDataStorageEncryptor", "Unable to create RSA cipher, this seems to be a system bug.", e5);
            throw new IllegalStateException("Unable to create RSA cipher.");
        }
    }

    @Override // com.amazon.identity.auth.device.z3
    public final String c(String str) {
        if (str == null) {
            return null;
        }
        "Data to be encrypted ".concat(str);
        q6.k("LocalDataStorageEncryptor");
        String a3 = ka.a(this.f38817b.j(ka.c(str)));
        q6.k("LocalDataStorageEncryptor");
        return "AES-GCM+" + a3;
    }

    @Override // com.amazon.identity.auth.device.z3
    public final String d(String str) {
        String str2;
        if (str == null) {
            return null;
        }
        "Decrypting data ".concat(str);
        q6.k("LocalDataStorageEncryptor");
        if (!str.startsWith("AES-GCM+")) {
            return str;
        }
        try {
            byte[] g3 = this.f38817b.g(ka.b(str.substring(8)));
            if (g3 != null) {
                try {
                    str2 = new String(g3, "UTF-8");
                } catch (UnsupportedEncodingException e3) {
                    q6.g("StringUtil", "System failure! UTF-8 unsupported from byte to String! This shouldn't happen!", e3);
                }
                q6.k("LocalDataStorageEncryptor");
                return str2;
            }
            str2 = null;
            q6.k("LocalDataStorageEncryptor");
            return str2;
        } catch (BadPaddingException unused) {
            q6.f("LocalDataStorageEncryptor", "Bad padding shouldn't happen, just return null.");
            v6.h("LocalDataStorageEncryptor:decryptData:BadPadding");
            return null;
        }
    }
}
