package za;

import O9.LGJn.VTNtXov;
import android.content.Context;
import android.content.SharedPreferences;
import android.preference.PreferenceManager;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.DigestException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import k7.NPC.evilChOLihdL;
import ya.EnumC4669b;

/* renamed from: za.e, reason: case insensitive filesystem */
/* loaded from: classes5.dex */
public class C4786e implements InterfaceC4784c {

    /* renamed from: a, reason: collision with root package name */
    private final Context f59638a;

    /* renamed from: b, reason: collision with root package name */
    private final SecureRandom f59639b;

    /* renamed from: c, reason: collision with root package name */
    private KeyPair f59640c;

    /* renamed from: d, reason: collision with root package name */
    private String f59641d;

    /* renamed from: e, reason: collision with root package name */
    private SecretKey f59642e;

    /* renamed from: f, reason: collision with root package name */
    private SecretKey f59643f;

    /* renamed from: g, reason: collision with root package name */
    private SecretKey f59644g;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: za.e$a */
    /* loaded from: classes5.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f59645a;

        static {
            int[] iArr = new int[c.values().length];
            f59645a = iArr;
            try {
                iArr[c.LEGACY_AUTHENTICATOR_APP_KEY.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f59645a[c.LEGACY_COMPANY_PORTAL_KEY.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f59645a[c.ADAL_USER_DEFINED_KEY.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f59645a[c.KEYSTORE_ENCRYPTED_KEY.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    /* renamed from: za.e$b */
    /* loaded from: classes5.dex */
    public enum b {
        USER_DEFINED,
        ANDROID_KEY_STORE,
        UNENCRYPTED
    }

    /* renamed from: za.e$c */
    /* loaded from: classes5.dex */
    public enum c {
        LEGACY_AUTHENTICATOR_APP_KEY,
        LEGACY_COMPANY_PORTAL_KEY,
        ADAL_USER_DEFINED_KEY,
        KEYSTORE_ENCRYPTED_KEY
    }

    public C4786e(Context context) {
        this(context, null);
    }

    public C4786e(Context context, InterfaceC4785d interfaceC4785d) {
        this.f59642e = null;
        this.f59643f = null;
        this.f59644g = null;
        this.f59638a = context.getApplicationContext();
        this.f59639b = new SecureRandom();
    }

    private synchronized KeyPair A() {
        Ha.d.t("StorageHelper:readKeyPair", "Reading Key entry");
        try {
            try {
                x(":readKeyPair", "keychain_read_v2_start");
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                Certificate certificate = keyStore.getCertificate("AdalKey");
                Key key = keyStore.getKey("AdalKey", null);
                if (certificate != null && key != null) {
                    KeyPair keyPair = new KeyPair(certificate.getPublicKey(), (PrivateKey) key);
                    y(":readKeyPair", "keychain_read_v2_end", "KeyStore KeyPair is loaded.");
                    return keyPair;
                }
                y(":readKeyPair", "keychain_read_v2_end", "KeyStore is empty.");
                Ha.d.t("StorageHelper:readKeyPair", "Key entry doesn't exist.");
                return null;
            } catch (IOException | GeneralSecurityException e10) {
                w(":readKeyPair", "keychain_read_v2_end", e10.toString(), e10);
                throw e10;
            }
        } catch (RuntimeException e11) {
            w(":readKeyPair", "keychain_read_v2_end", e11.toString(), e11);
            throw new KeyStoreException(e11);
        }
    }

    private SecretKey E(byte[] bArr) {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(4, this.f59640c.getPrivate());
        try {
            return (SecretKey) cipher.unwrap(bArr, "AES", 3);
        } catch (IllegalArgumentException e10) {
            throw new KeyStoreException(e10);
        }
    }

    private void F(String str, int i10) {
        if (i10 <= 0) {
            throw new IllegalArgumentException(String.format("Encode version length: '%s' is not valid, it must be greater of equal to 0", Integer.valueOf(i10)));
        }
        if (!str.substring(1, i10 + 1).equals("E1")) {
            throw new IllegalArgumentException(String.format("Unsupported encode version received. Encode version supported is: '%s'", "E1"));
        }
    }

    private byte[] G(SecretKey secretKey) {
        Ha.d.t("StorageHelper:wrap", "Wrap secret key.");
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(3, this.f59640c.getPublic());
        return cipher.wrap(secretKey);
    }

    private void H(byte[] bArr) {
        Ha.d.t("StorageHelper:writeKeyData", "Writing key data to a file");
        FileOutputStream fileOutputStream = new FileOutputStream(new File(this.f59638a.getDir(p(), 0), "adalks"));
        try {
            fileOutputStream.write(bArr);
        } finally {
            fileOutputStream.close();
        }
    }

    private void c(byte[] bArr, int i10, int i11, byte[] bArr2) {
        if (bArr2.length != i11 - i10) {
            throw new IllegalArgumentException("Unexpected HMAC length");
        }
        byte b10 = 0;
        for (int i12 = i10; i12 < i11; i12++) {
            b10 = (byte) (b10 | (bArr2[i12 - i10] ^ bArr[i12]));
        }
        if (b10 != 0) {
            throw new DigestException();
        }
    }

    private String d(byte[] bArr, SecretKey secretKey) {
        SecretKey m10 = m(secretKey);
        int length = bArr.length;
        int i10 = length - 48;
        int length2 = bArr.length - 32;
        int i11 = length - 52;
        if (i10 < 0 || length2 < 0 || i11 < 0) {
            throw new IOException("Invalid byte array input for decryption.");
        }
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(m10);
        mac.update(bArr, 0, length2);
        c(bArr, length2, bArr.length, mac.doFinal());
        cipher.init(2, secretKey, new IvParameterSpec(bArr, i10, 16));
        return new String(cipher.doFinal(bArr, 4, i11), "UTF-8");
    }

    private void f(c cVar, Exception exc) {
        SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(this.f59638a);
        String string = defaultSharedPreferences.getString("current_active_broker", "");
        String packageName = this.f59638a.getPackageName();
        if (string.equalsIgnoreCase(packageName)) {
            return;
        }
        Ha.d.n("StorageHelper:emitDecryptionFailureTelemetryIfNeeded", "Decryption failed with key: " + cVar.name() + " Active broker: " + packageName + " Exception: " + exc.toString());
        defaultSharedPreferences.edit().putString("current_active_broker", packageName).apply();
    }

    private synchronized KeyPair g() {
        KeyPair generateKeyPair;
        try {
            x(":generateKeyPairFromAndroidKeyStore", "keychain_write_v2_start");
            KeyStore.getInstance("AndroidKeyStore").load(null);
            Ha.d.t("StorageHelper:generateKeyPairFromAndroidKeyStore", "Generate KeyPair from AndroidKeyStore");
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 100);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(n(this.f59638a, calendar.getTime(), calendar2.getTime()));
            generateKeyPair = keyPairGenerator.generateKeyPair();
            y(":generateKeyPairFromAndroidKeyStore", "keychain_write_v2_end", "");
        } catch (IOException | GeneralSecurityException e10) {
            w(":generateKeyPairFromAndroidKeyStore", VTNtXov.vJxMmQvbA, e10.toString(), e10);
            throw e10;
        } catch (IllegalStateException e11) {
            w(":generateKeyPairFromAndroidKeyStore", "keychain_write_v2_end", e11.toString(), e11);
            throw new KeyStoreException(e11);
        }
        return generateKeyPair;
    }

    private byte[] j(String str) {
        char charAt = str.charAt(0);
        F(str, charAt - 'a');
        return Base64.decode(str.substring(charAt - '`'), 0);
    }

    private char k() {
        return (char) 99;
    }

    private SecretKey m(SecretKey secretKey) {
        byte[] encoded = secretKey.getEncoded();
        return encoded != null ? new SecretKeySpec(MessageDigest.getInstance("SHA256").digest(encoded), "AES") : secretKey;
    }

    private AlgorithmParameterSpec n(Context context, Date date, Date date2) {
        return new KeyPairGeneratorSpec.Builder(context).setAlias("AdalKey").setSubject(new X500Principal(String.format(Locale.ROOT, "CN=%s, OU=%s", "AdalKey", p()))).setSerialNumber(BigInteger.ONE).setStartDate(date).setEndDate(date2).build();
    }

    private static SecretKey q(byte[] bArr) {
        if (bArr != null) {
            return new SecretKeySpec(bArr, "AES");
        }
        throw new IllegalArgumentException("rawBytes");
    }

    private synchronized SecretKey r() {
        Ha.d.t("StorageHelper:getUnwrappedSecretKey", "Reading SecretKey");
        byte[] z10 = z();
        if (z10 == null) {
            Ha.d.t("StorageHelper:getUnwrappedSecretKey", "Key data is null");
            return null;
        }
        KeyPair A10 = A();
        this.f59640c = A10;
        if (A10 == null) {
            return null;
        }
        SecretKey E10 = E(z10);
        Ha.d.t("StorageHelper:getUnwrappedSecretKey", "Finished reading SecretKey");
        return E10;
    }

    private synchronized SecretKey s() {
        SecretKey secretKey = this.f59644g;
        if (secretKey != null) {
            return secretKey;
        }
        try {
            SecretKey r10 = r();
            this.f59644g = r10;
            return r10;
        } catch (IOException | GeneralSecurityException e10) {
            Ha.d.h("StorageHelper:loadKeyStoreEncryptedKey", "android_keystore_failed", e10);
            this.f59640c = null;
            this.f59644g = null;
            e();
            B();
            throw e10;
        }
    }

    private void v(String str, String str2, boolean z10, String str3) {
        Ha.d.t("StorageHelper" + str, str2 + ": " + str3);
    }

    private void w(String str, String str2, String str3, Exception exc) {
        Ha.d.h("StorageHelper" + str, str2 + " failed: " + str3, exc);
    }

    private void x(String str, String str2) {
        Ha.d.t("StorageHelper" + str, str2 + " started.");
    }

    private void y(String str, String str2, String str3) {
        Ha.d.t("StorageHelper" + str, str2 + " successfully finished: " + str3);
    }

    private byte[] z() {
        File file = new File(this.f59638a.getDir(p(), 0), "adalks");
        if (!file.exists()) {
            return null;
        }
        Ha.d.t("StorageHelper:readKeyData", "Reading key data from a file");
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[1024];
            while (true) {
                int read = fileInputStream.read(bArr);
                if (read == -1) {
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    fileInputStream.close();
                    return byteArray;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    protected synchronized void B() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        keyStore.deleteEntry("AdalKey");
    }

    public void C(SecretKey secretKey) {
        if (this.f59640c == null) {
            this.f59640c = g();
        }
        H(G(secretKey));
    }

    protected void D(String str) {
        this.f59641d = str;
    }

    @Override // za.InterfaceC4784c
    public String a(String str) {
        if (Ba.d.g(str)) {
            throw new IllegalArgumentException("Input is empty or null");
        }
        Ha.d.t("StorageHelper:encrypt", "Starting encryption");
        SecretKey u10 = u();
        this.f59642e = u10;
        this.f59643f = m(u10);
        Ha.d.t("StorageHelper:encrypt", "Encrypt version:" + this.f59641d);
        byte[] bytes = this.f59641d.getBytes("UTF-8");
        byte[] bytes2 = str.getBytes("UTF-8");
        byte[] bArr = new byte[16];
        this.f59639b.nextBytes(bArr);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        Mac mac = Mac.getInstance("HmacSHA256");
        cipher.init(1, this.f59642e, ivParameterSpec);
        byte[] doFinal = cipher.doFinal(bytes2);
        mac.init(this.f59643f);
        mac.update(bytes);
        mac.update(doFinal);
        mac.update(bArr);
        byte[] doFinal2 = mac.doFinal();
        byte[] bArr2 = new byte[bytes.length + doFinal.length + 16 + doFinal2.length];
        System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
        System.arraycopy(doFinal, 0, bArr2, bytes.length, doFinal.length);
        System.arraycopy(bArr, 0, bArr2, bytes.length + doFinal.length, 16);
        System.arraycopy(doFinal2, 0, bArr2, bytes.length + doFinal.length + 16, doFinal2.length);
        String str2 = new String(Base64.encode(bArr2, 2), "UTF-8");
        Ha.d.t("StorageHelper:encrypt", "Finished encryption");
        return k() + "E1" + str2;
    }

    @Override // za.InterfaceC4784c
    public String b(String str) {
        SecretKey t10;
        Ha.d.t("StorageHelper:decrypt", "Starting decryption");
        if (Ba.d.g(str)) {
            throw new IllegalArgumentException("Input is empty or null");
        }
        if (l(str) == b.UNENCRYPTED) {
            Ha.d.x("StorageHelper:decrypt", "This string is not encrypted. Finished decryption.");
            return str;
        }
        List<c> o10 = o(str, p());
        byte[] j10 = j(str);
        for (c cVar : o10) {
            try {
                t10 = t(cVar);
            } catch (IOException | GeneralSecurityException e10) {
                f(cVar, e10);
            }
            if (t10 != null) {
                String d10 = d(j10, t10);
                Ha.d.t("StorageHelper:decrypt", "Finished decryption with keyType:" + cVar.name());
                return d10;
            }
        }
        Ha.d.n("StorageHelper:decrypt", "Tried all decryption keys and decryption still fails. Throw an exception.");
        throw new GeneralSecurityException("decryption_failed");
    }

    public void e() {
        File file = new File(this.f59638a.getDir(p(), 0), "adalks");
        if (file.exists()) {
            Ha.d.t("StorageHelper:deleteKeyFile", "Delete KeyFile");
            if (file.delete()) {
                return;
            }
            Ha.d.t("StorageHelper:deleteKeyFile", "Delete KeyFile failed");
        }
    }

    public synchronized SecretKey h() {
        SecretKey i10 = i();
        this.f59644g = i10;
        C(i10);
        v(":generateKeyStoreEncryptedKey", "key_created_v2", false, "New key is generated.");
        return this.f59644g;
    }

    protected SecretKey i() {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256, this.f59639b);
        return keyGenerator.generateKey();
    }

    public b l(String str) {
        try {
            try {
                String str2 = new String(j(str), 0, 4, "UTF-8");
                return "U001".equalsIgnoreCase(str2) ? b.USER_DEFINED : "A001".equalsIgnoreCase(str2) ? b.ANDROID_KEY_STORE : b.UNENCRYPTED;
            } catch (UnsupportedEncodingException e10) {
                Ha.d.h("StorageHelper:getEncryptionType", "Failed to extract keyVersion.", e10);
                throw e10;
            }
        } catch (Exception e11) {
            Ha.d.h("StorageHelper:getEncryptionType", evilChOLihdL.HBpaIRjKfPkSDy, e11);
            return b.UNENCRYPTED;
        }
    }

    public List o(String str, String str2) {
        ArrayList arrayList = new ArrayList();
        b l10 = l(str);
        if (l10 == b.USER_DEFINED) {
            if (EnumC4669b.INSTANCE.k() != null) {
                arrayList.add(c.ADAL_USER_DEFINED_KEY);
            } else if ("com.microsoft.windowsintune.companyportal".equalsIgnoreCase(str2)) {
                arrayList.add(c.LEGACY_COMPANY_PORTAL_KEY);
                arrayList.add(c.LEGACY_AUTHENTICATOR_APP_KEY);
            } else if ("com.azure.authenticator".equalsIgnoreCase(str2)) {
                arrayList.add(c.LEGACY_AUTHENTICATOR_APP_KEY);
                arrayList.add(c.LEGACY_COMPANY_PORTAL_KEY);
            }
        } else if (l10 == b.ANDROID_KEY_STORE) {
            arrayList.add(c.KEYSTORE_ENCRYPTED_KEY);
        }
        return arrayList;
    }

    protected String p() {
        return this.f59638a.getPackageName();
    }

    public SecretKey t(c cVar) {
        int i10 = a.f59645a[cVar.ordinal()];
        if (i10 == 1) {
            return q((byte[]) EnumC4669b.INSTANCE.c().get("com.azure.authenticator"));
        }
        if (i10 == 2) {
            return q((byte[]) EnumC4669b.INSTANCE.c().get("com.microsoft.windowsintune.companyportal"));
        }
        if (i10 == 3) {
            return q(EnumC4669b.INSTANCE.k());
        }
        if (i10 == 4) {
            return s();
        }
        Ha.d.t("StorageHelper:loadSecretKey", "Unknown KeyType. This code should never be reached.");
        throw new GeneralSecurityException("unknown_error");
    }

    public synchronized SecretKey u() {
        SecretKey secretKey = this.f59642e;
        if (secretKey != null && this.f59643f != null) {
            return secretKey;
        }
        EnumC4669b enumC4669b = EnumC4669b.INSTANCE;
        if (enumC4669b.c().containsKey(p())) {
            D("U001");
            if ("com.azure.authenticator".equalsIgnoreCase(p())) {
                return t(c.LEGACY_AUTHENTICATOR_APP_KEY);
            }
            return t(c.LEGACY_COMPANY_PORTAL_KEY);
        }
        if (enumC4669b.k() != null) {
            D("U001");
            return t(c.ADAL_USER_DEFINED_KEY);
        }
        D("A001");
        try {
            SecretKey t10 = t(c.KEYSTORE_ENCRYPTED_KEY);
            if (t10 != null) {
                return t10;
            }
        } catch (IOException | GeneralSecurityException unused) {
        }
        Ha.d.t("StorageHelper:loadSecretKeyForEncryption", "Keystore-encrypted key does not exist, try to generate new keys.");
        return h();
    }
}
