package com.microsoft.skype.teams.storage.cipherStorage;

import a.a$$ExternalSyntheticOutline0;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import androidx.car.app.R$integer$$ExternalSyntheticOutline0;
import coil.size.Sizes;
import com.microsoft.identity.common.java.crypto.key.AES256KeyLoader;
import com.microsoft.identity.common.java.platform.AbstractDevicePopManager;
import com.microsoft.skype.teams.logger.Logger;
import com.microsoft.skype.teams.storage.exceptions.CryptoFailedException;
import com.microsoft.skype.teams.storage.exceptions.KeyStoreAccessException;
import com.microsoft.skype.teams.utilities.java.StringUtils;
import com.microsoft.teams.androidutils.AndroidUtils;
import com.microsoft.teams.nativecore.logger.ILogger;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes4.dex */
public final class CipherStorage {
    public volatile Cipher mCachedCipher;
    public volatile KeyStore mCachedKeyStore;
    public Context mContext;
    public transient AtomicBoolean mIsStrongboxAvailable;
    public final Object mSyncStrongbox = new Object();
    public static final Charset UTF8 = Charset.forName("UTF-8");
    public static final Object CIPHER_LOCK = new Object();

    public CipherStorage(Context context) {
        this.mContext = context;
    }

    public static SecretKey generateKey(KeyGenParameterSpec keyGenParameterSpec) {
        if (!AndroidUtils.isMarshmallowOrHigher()) {
            throw new KeyStoreAccessException(a$$ExternalSyntheticOutline0.m(a$$ExternalSyntheticOutline0.m("Unsupported API"), Build.VERSION.SDK_INT, " version detected."));
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance(AES256KeyLoader.AES_ALGORITHM, "AndroidKeyStore");
        keyGenerator.init(keyGenParameterSpec);
        return keyGenerator.generateKey();
    }

    public static KeyGenParameterSpec.Builder getKeyGenSpecBuilder() {
        if (AndroidUtils.isMarshmallowOrHigher()) {
            return new KeyGenParameterSpec.Builder("CIPHER_STORAGE_DEFAULT_ALIAS", 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setRandomizedEncryptionRequired(true).setKeySize(256);
        }
        throw new KeyStoreAccessException(a$$ExternalSyntheticOutline0.m(a$$ExternalSyntheticOutline0.m("Unsupported API"), Build.VERSION.SDK_INT, " version detected."));
    }

    public static void tryGenerateRegularSecurityKey() {
        if (!AndroidUtils.isMarshmallowOrHigher()) {
            throw new KeyStoreAccessException(a$$ExternalSyntheticOutline0.m(a$$ExternalSyntheticOutline0.m("Regular security keystore is not supported for old API"), Build.VERSION.SDK_INT, StringUtils.FULL_STOP));
        }
        generateKey(getKeyGenSpecBuilder().build());
    }

    public static SecretKey tryGenerateStrongBoxSecurityKey() {
        KeyGenParameterSpec.Builder isStrongBoxBacked;
        if (!AndroidUtils.isPOrHigher()) {
            throw new KeyStoreAccessException(a$$ExternalSyntheticOutline0.m(a$$ExternalSyntheticOutline0.m("Strong box security keystore is not supported for old API"), Build.VERSION.SDK_INT, StringUtils.FULL_STOP));
        }
        isStrongBoxBacked = getKeyGenSpecBuilder().setIsStrongBoxBacked(true);
        return generateKey(isStrongBoxBacked.build());
    }

    public final String decrypt(byte[] bArr, ILogger iLogger) {
        try {
            return AndroidUtils.isMarshmallowOrHigher() ? decryptBytes(extractGeneratedKey(new AtomicInteger(1), iLogger), bArr, iLogger) : decryptBytesForPreAndroidM(extractGenerateKeyForPreAndroidM(), bArr, iLogger);
        } catch (GeneralSecurityException e) {
            throw new CryptoFailedException("Could not decrypt data", e);
        } catch (Exception e2) {
            throw new CryptoFailedException(R$integer$$ExternalSyntheticOutline0.m(e2, a$$ExternalSyntheticOutline0.m("Unknown error: ")), e2);
        }
    }

    public final String decryptBytes(Key key, byte[] bArr, ILogger iLogger) {
        String str;
        synchronized (CIPHER_LOCK) {
            if (this.mCachedCipher == null) {
                synchronized (this) {
                    if (this.mCachedCipher == null) {
                        this.mCachedCipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
                    }
                }
            }
            Cipher cipher = this.mCachedCipher;
            try {
                Logger logger = (Logger) iLogger;
                logger.log(5, "CipherStorage", "While decrypting, bytes length:" + bArr.length, new Object[0]);
                cipher.init(2, key, Sizes.readIv(bArr));
                byte[] doFinal = cipher.doFinal(bArr, 16, bArr.length - 16);
                logger.log(5, "CipherStorage", "While decrypting, decryptedBytes length:" + doFinal.length, new Object[0]);
                str = new String(doFinal, UTF8);
            } catch (Exception e) {
                ((Logger) iLogger).log(7, "CipherStorage", e, e.getMessage(), new Object[0]);
                throw e;
            }
        }
        return str;
    }

    public final String decryptBytesForPreAndroidM(KeyStore.PrivateKeyEntry privateKeyEntry, byte[] bArr, ILogger iLogger) {
        if (bArr.length <= 256) {
            throw new IOException("Invalid length of input data for secret key extraction.");
        }
        byte[] bArr2 = new byte[bArr.length - 256];
        byte[] bArr3 = new byte[256];
        System.arraycopy(bArr, 0, bArr3, 0, 256);
        System.arraycopy(bArr, 256, bArr2, 0, bArr.length - 256);
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr3);
            try {
                cipher.init(2, privateKeyEntry.getPrivateKey());
                CipherInputStream cipherInputStream = new CipherInputStream(byteArrayInputStream, cipher);
                try {
                    ArrayList arrayList = new ArrayList();
                    while (true) {
                        int read = cipherInputStream.read();
                        if (read == -1) {
                            break;
                        }
                        arrayList.add(Byte.valueOf((byte) read));
                    }
                    int size = arrayList.size();
                    byte[] bArr4 = new byte[size];
                    for (int i = 0; i < size; i++) {
                        bArr4[i] = ((Byte) arrayList.get(i)).byteValue();
                    }
                    cipherInputStream.close();
                    byteArrayInputStream.close();
                    return decryptBytes(new SecretKeySpec(bArr4, AES256KeyLoader.AES_ALGORITHM), bArr2, iLogger);
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            ((Logger) iLogger).log(7, "CipherStorage", e, e.getMessage(), new Object[0]);
            throw e;
        }
    }

    public final byte[] encrypt(String str, ILogger iLogger) {
        try {
            return AndroidUtils.isMarshmallowOrHigher() ? encryptString(extractGeneratedKey(new AtomicInteger(1), iLogger), str, iLogger) : encryptStringForPreAndroidM(extractGenerateKeyForPreAndroidM(), str, iLogger);
        } catch (GeneralSecurityException e) {
            throw new CryptoFailedException("Could not encrypt data", e);
        } catch (Exception e2) {
            throw new CryptoFailedException(R$integer$$ExternalSyntheticOutline0.m(e2, a$$ExternalSyntheticOutline0.m("Unknown error: ")), e2);
        }
    }

    public final byte[] encryptString(Key key, String str, ILogger iLogger) {
        byte[] byteArray;
        synchronized (CIPHER_LOCK) {
            if (this.mCachedCipher == null) {
                synchronized (this) {
                    if (this.mCachedCipher == null) {
                        this.mCachedCipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
                    }
                }
            }
            Cipher cipher = this.mCachedCipher;
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    cipher.init(1, key);
                    byte[] iv = cipher.getIV();
                    byteArrayOutputStream.write(iv, 0, iv.length);
                    byteArrayOutputStream.flush();
                    CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
                    try {
                        byte[] bytes = str.getBytes(UTF8);
                        ((Logger) iLogger).log(5, "CipherStorage", "While encrypting, value bytes length:" + bytes.length, new Object[0]);
                        cipherOutputStream.write(bytes);
                        cipherOutputStream.close();
                        byteArray = byteArrayOutputStream.toByteArray();
                        byteArrayOutputStream.close();
                    } finally {
                    }
                } catch (Throwable th) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (Exception e) {
                ((Logger) iLogger).log(7, "CipherStorage", e, e.getMessage(), new Object[0]);
                throw e;
            }
        }
        return byteArray;
    }

    public final byte[] encryptStringForPreAndroidM(KeyStore.PrivateKeyEntry privateKeyEntry, String str, ILogger iLogger) {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                cipher.init(1, privateKeyEntry.getCertificate().getPublicKey());
                CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
                try {
                    cipherOutputStream.write(bArr);
                    cipherOutputStream.close();
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    byteArrayOutputStream.close();
                    byte[] encryptString = encryptString(new SecretKeySpec(bArr, AES256KeyLoader.AES_ALGORITHM), str, iLogger);
                    if (byteArray == null) {
                        throw new GeneralSecurityException("Empty key extracted!");
                    }
                    byte[] bArr2 = new byte[byteArray.length + encryptString.length];
                    System.arraycopy(byteArray, 0, bArr2, 0, byteArray.length);
                    System.arraycopy(encryptString, 0, bArr2, byteArray.length, encryptString.length);
                    return bArr2;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            ((Logger) iLogger).log(7, "CipherStorage", e, e.getMessage(), new Object[0]);
            throw e;
        }
    }

    public final KeyStore.PrivateKeyEntry extractGenerateKeyForPreAndroidM() {
        KeyStore keyStoreAndLoad = getKeyStoreAndLoad();
        if (!keyStoreAndLoad.containsAlias("CIPHER_STORAGE_DEFAULT_ALIAS")) {
            synchronized (this) {
                if (!keyStoreAndLoad.containsAlias("CIPHER_STORAGE_DEFAULT_ALIAS")) {
                    Calendar calendar = Calendar.getInstance();
                    Calendar calendar2 = Calendar.getInstance();
                    calendar2.add(1, 30);
                    KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.mContext).setAlias("CIPHER_STORAGE_DEFAULT_ALIAS").setSubject(new X500Principal("CN=CIPHER_STORAGE_DEFAULT_ALIAS")).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(AbstractDevicePopManager.KeyPairGeneratorAlgorithms.RSA, "AndroidKeyStore");
                    keyPairGenerator.initialize(build);
                    keyPairGenerator.generateKeyPair();
                }
            }
        }
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStoreAndLoad.getEntry("CIPHER_STORAGE_DEFAULT_ALIAS", null);
        if (privateKeyEntry != null) {
            return privateKeyEntry;
        }
        throw new KeyStoreAccessException("Empty key extracted!");
    }

    public final Key extractGeneratedKey(AtomicInteger atomicInteger, ILogger iLogger) {
        Key key;
        do {
            KeyStore keyStoreAndLoad = getKeyStoreAndLoad();
            if (!keyStoreAndLoad.containsAlias("CIPHER_STORAGE_DEFAULT_ALIAS")) {
                synchronized (this) {
                    if (!keyStoreAndLoad.containsAlias("CIPHER_STORAGE_DEFAULT_ALIAS")) {
                        generateKeyAndStoreUnderAlias(iLogger);
                    }
                }
            }
            key = null;
            try {
                key = keyStoreAndLoad.getKey("CIPHER_STORAGE_DEFAULT_ALIAS", null);
                if (key == null) {
                    throw new KeyStoreAccessException("Empty key extracted!");
                }
            } catch (UnrecoverableKeyException e) {
                if (atomicInteger.getAndDecrement() <= 0) {
                    throw e;
                }
                keyStoreAndLoad.deleteEntry("CIPHER_STORAGE_DEFAULT_ALIAS");
            }
        } while (key == null);
        return key;
    }

    public final void generateKeyAndStoreUnderAlias(ILogger iLogger) {
        SecretKey secretKey;
        synchronized (this.mSyncStrongbox) {
            AtomicBoolean atomicBoolean = this.mIsStrongboxAvailable;
            secretKey = null;
            if (atomicBoolean == null || atomicBoolean.get()) {
                if (this.mIsStrongboxAvailable == null) {
                    this.mIsStrongboxAvailable = new AtomicBoolean(false);
                }
                try {
                    secretKey = tryGenerateStrongBoxSecurityKey();
                    this.mIsStrongboxAvailable.set(true);
                } catch (GeneralSecurityException | ProviderException e) {
                    ((Logger) iLogger).log(6, "CipherStorage", e, "StrongBox security storage is not available.", new Object[0]);
                }
            }
        }
        if (secretKey == null || !this.mIsStrongboxAvailable.get()) {
            try {
                tryGenerateRegularSecurityKey();
            } catch (GeneralSecurityException e2) {
                ((Logger) iLogger).log(7, "CipherStorage", e2, "Regular security storage is not available.", new Object[0]);
                throw e2;
            }
        }
    }

    public final KeyStore getKeyStoreAndLoad() {
        if (this.mCachedKeyStore == null) {
            synchronized (this) {
                if (this.mCachedKeyStore == null) {
                    try {
                        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                        keyStore.load(null);
                        this.mCachedKeyStore = keyStore;
                    } catch (Exception e) {
                        throw new KeyStoreAccessException("Could not access Keystore", e);
                    }
                }
            }
        }
        return this.mCachedKeyStore;
    }
}
