package me.proton.core.crypto.android.keystore;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.ProviderException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import kotlin.Result;
import kotlin.ResultKt;
import kotlin.SynchronizedLazyImpl;
import kotlin.Unit;
import kotlin.io.CloseableKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import me.proton.core.crypto.android.keystore.AndroidKeyStoreCrypto$Companion$default$2;
import me.proton.core.crypto.common.keystore.EncryptedByteArray;
import me.proton.core.crypto.common.keystore.KeyStoreCrypto;
import me.proton.core.crypto.common.keystore.PlainByteArray;
import me.proton.core.util.kotlin.CoreLogger;
import me.proton.core.util.kotlin.Logger;

/* compiled from: AndroidKeyStoreCrypto.kt */
/* loaded from: classes2.dex */
public final class AndroidKeyStoreCrypto implements KeyStoreCrypto {
    public final Function0<Cipher> cipherFactory;
    public final Function0<KeyGenerator> keyGeneratorFactory;
    public final Function0<KeyStore> keyStoreFactory;
    public final String masterKeyAlias;
    public volatile Key secretKey;
    public volatile boolean secretKeyInitialized;
    public static final Object lock = new Object();
    public static final SynchronizedLazyImpl default$delegate = new SynchronizedLazyImpl(new Function0<AndroidKeyStoreCrypto>() { // from class: me.proton.core.crypto.android.keystore.AndroidKeyStoreCrypto$Companion$default$2
        @Override // kotlin.jvm.functions.Function0
        public final AndroidKeyStoreCrypto invoke() {
            return new AndroidKeyStoreCrypto();
        }
    });

    public AndroidKeyStoreCrypto() {
        AndroidKeyStoreCrypto$Companion$default$2.AnonymousClass1 anonymousClass1 = new Function0<KeyStore>() { // from class: me.proton.core.crypto.android.keystore.AndroidKeyStoreCrypto$Companion$default$2.1
            @Override // kotlin.jvm.functions.Function0
            public final KeyStore invoke() {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                Intrinsics.checkNotNullExpressionValue(keyStore, "getInstance(androidKeyStore)");
                return keyStore;
            }
        };
        AndroidKeyStoreCrypto$Companion$default$2.AnonymousClass2 anonymousClass2 = new Function0<KeyGenerator>() { // from class: me.proton.core.crypto.android.keystore.AndroidKeyStoreCrypto$Companion$default$2.2
            @Override // kotlin.jvm.functions.Function0
            public final KeyGenerator invoke() {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                Intrinsics.checkNotNullExpressionValue(keyGenerator, "getInstance(keyAlgorithm, androidKeyStore)");
                return keyGenerator;
            }
        };
        AndroidKeyStoreCrypto$Companion$default$2.AnonymousClass3 anonymousClass3 = new Function0<Cipher>() { // from class: me.proton.core.crypto.android.keystore.AndroidKeyStoreCrypto$Companion$default$2.3
            @Override // kotlin.jvm.functions.Function0
            public final Cipher invoke() {
                Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(cipherTransformation)");
                return cipher;
            }
        };
        this.masterKeyAlias = "_me_proton_core_data_crypto_master_key_";
        this.keyStoreFactory = anonymousClass1;
        this.keyGeneratorFactory = anonymousClass2;
        this.cipherFactory = anonymousClass3;
    }

    public static Object logAndRetry$crypto_android_release(String str, Exception exc, Function0 function0) {
        Logger logger = CoreLogger.logger;
        if (logger != null) {
            logger.e(str, exc);
        }
        try {
            Thread.sleep((long) (Math.random() * 100.0d));
        } catch (InterruptedException unused) {
        }
        return function0.invoke();
    }

    public static Object runOrRetryOnce(String str, Function0 function0) {
        try {
            return function0.invoke();
        } catch (GeneralSecurityException e) {
            return logAndRetry$crypto_android_release(str, e, function0);
        } catch (ProviderException e2) {
            return logAndRetry$crypto_android_release(str, e2, function0);
        }
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    public final String decrypt(String value) {
        Intrinsics.checkNotNullParameter(value, "value");
        Key secretKeySync$crypto_android_release = getSecretKeySync$crypto_android_release();
        return secretKeySync$crypto_android_release != null ? decryptOrRetry(value, secretKeySync$crypto_android_release) : value;
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    public final PlainByteArray decrypt(EncryptedByteArray value) {
        PlainByteArray plainByteArray;
        Intrinsics.checkNotNullParameter(value, "value");
        Key secretKeySync$crypto_android_release = getSecretKeySync$crypto_android_release();
        if (secretKeySync$crypto_android_release != null && (plainByteArray = (PlainByteArray) runOrRetryOnce("core.crypto.common.keystore.decrypt.retry", new AndroidKeyStoreCrypto$decryptOrRetry$1(this, value, secretKeySync$crypto_android_release))) != null) {
            return plainByteArray;
        }
        byte[] bArr = value.array;
        byte[] copyOf = Arrays.copyOf(bArr, bArr.length);
        Intrinsics.checkNotNullExpressionValue(copyOf, "copyOf(this, size)");
        return new PlainByteArray(copyOf);
    }

    public final String decryptOrRetry(String str, Key key) {
        byte[] encryptedByteArray = Base64.decode(str, 2);
        Intrinsics.checkNotNullExpressionValue(encryptedByteArray, "encryptedByteArray");
        PlainByteArray plainByteArray = (PlainByteArray) runOrRetryOnce("core.crypto.common.keystore.decrypt.retry", new AndroidKeyStoreCrypto$decryptOrRetry$1(this, new EncryptedByteArray(encryptedByteArray), key));
        try {
            byte[] bArr = plainByteArray.array;
            Intrinsics.checkNotNullParameter(bArr, "<this>");
            String str2 = new String(bArr, Charsets.UTF_8);
            CloseableKt.closeFinally(plainByteArray, null);
            return str2;
        } finally {
        }
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    public final String encrypt(String value) {
        Intrinsics.checkNotNullParameter(value, "value");
        Key secretKeySync$crypto_android_release = getSecretKeySync$crypto_android_release();
        return secretKeySync$crypto_android_release != null ? encryptOrRetry(value, secretKeySync$crypto_android_release) : value;
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    public final EncryptedByteArray encrypt(PlainByteArray value) {
        EncryptedByteArray encryptedByteArray;
        Intrinsics.checkNotNullParameter(value, "value");
        Key secretKeySync$crypto_android_release = getSecretKeySync$crypto_android_release();
        if (secretKeySync$crypto_android_release != null && (encryptedByteArray = (EncryptedByteArray) runOrRetryOnce("core.crypto.common.keystore.encrypt.retry", new AndroidKeyStoreCrypto$encryptOrRetry$1(this, value, secretKeySync$crypto_android_release))) != null) {
            return encryptedByteArray;
        }
        byte[] bArr = value.array;
        byte[] copyOf = Arrays.copyOf(bArr, bArr.length);
        Intrinsics.checkNotNullExpressionValue(copyOf, "copyOf(this, size)");
        return new EncryptedByteArray(copyOf);
    }

    public final String encryptOrRetry(String str, Key key) {
        Intrinsics.checkNotNullParameter(str, "<this>");
        byte[] bytes = str.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        PlainByteArray plainByteArray = new PlainByteArray(bytes);
        try {
            String encodeToString = Base64.encodeToString(((EncryptedByteArray) runOrRetryOnce("core.crypto.common.keystore.encrypt.retry", new AndroidKeyStoreCrypto$encryptOrRetry$1(this, plainByteArray, key))).array, 2);
            CloseableKt.closeFinally(plainByteArray, null);
            Intrinsics.checkNotNullExpressionValue(encodeToString, "value.encodeToByteArray(…Base64.NO_WRAP)\n        }");
            return encodeToString;
        } finally {
        }
    }

    public final Key getSecretKeySync$crypto_android_release() {
        Key key;
        Object obj = lock;
        synchronized (obj) {
            if (!this.secretKeyInitialized) {
                Key initKey$crypto_android_release = initKey$crypto_android_release();
                synchronized (obj) {
                    this.secretKey = initKey$crypto_android_release;
                    this.secretKeyInitialized = true;
                    Unit unit = Unit.INSTANCE;
                }
            }
            key = this.secretKey;
        }
        return key;
    }

    public final Key initKey$crypto_android_release() {
        Object createFailure;
        Object createFailure2;
        Object createFailure3;
        final KeyStore invoke = this.keyStoreFactory.invoke();
        invoke.load(null);
        try {
            createFailure = (Key) runOrRetryOnce("core.crypto.common.keystore.init.retry", new Function0<Key>() { // from class: me.proton.core.crypto.android.keystore.AndroidKeyStoreCrypto$getKeyOrRetryOrNull$1$1
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(0);
                }

                @Override // kotlin.jvm.functions.Function0
                public final Key invoke() {
                    AndroidKeyStoreCrypto androidKeyStoreCrypto = AndroidKeyStoreCrypto.this;
                    androidKeyStoreCrypto.getClass();
                    KeyStore keyStore = invoke;
                    Intrinsics.checkNotNullParameter(keyStore, "keyStore");
                    String str = androidKeyStoreCrypto.masterKeyAlias;
                    if (keyStore.containsAlias(str)) {
                        return keyStore.getKey(str, null);
                    }
                    return null;
                }
            });
        } catch (Throwable th) {
            createFailure = ResultKt.createFailure(th);
        }
        if (createFailure instanceof Result.Failure) {
            createFailure = null;
        }
        Key key = (Key) createFailure;
        if (key == null) {
            try {
                createFailure2 = (Key) runOrRetryOnce("core.crypto.common.keystore.init.retry", new Function0<Key>() { // from class: me.proton.core.crypto.android.keystore.AndroidKeyStoreCrypto$generateKeyOrRetryOrNull$1$1
                    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                    {
                        super(0);
                    }

                    @Override // kotlin.jvm.functions.Function0
                    public final Key invoke() {
                        AndroidKeyStoreCrypto androidKeyStoreCrypto = AndroidKeyStoreCrypto.this;
                        androidKeyStoreCrypto.getClass();
                        KeyStore keyStore = invoke;
                        Intrinsics.checkNotNullParameter(keyStore, "keyStore");
                        String str = androidKeyStoreCrypto.masterKeyAlias;
                        if (keyStore.containsAlias(str)) {
                            keyStore.deleteEntry(str);
                            Unit unit = Unit.INSTANCE;
                            String message = "Deleted '" + str + "' entry from this keystore.";
                            Intrinsics.checkNotNullParameter(message, "message");
                            Logger logger = CoreLogger.logger;
                            if (logger != null) {
                                logger.i("core.crypto.common.keystore.init.delete.key", message);
                            }
                        }
                        KeyGenerator invoke2 = androidKeyStoreCrypto.keyGeneratorFactory.invoke();
                        invoke2.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).build());
                        SecretKey generateKey = invoke2.generateKey();
                        String message2 = "Added '" + str + "' entry in this keystore.";
                        Intrinsics.checkNotNullParameter(message2, "message");
                        Logger logger2 = CoreLogger.logger;
                        if (logger2 != null) {
                            logger2.i("core.crypto.common.keystore.init.add.key", message2);
                        }
                        Intrinsics.checkNotNullExpressionValue(generateKey, "keyGeneratorFactory.invo…)\n            }\n        }");
                        return generateKey;
                    }
                });
            } catch (Throwable th2) {
                createFailure2 = ResultKt.createFailure(th2);
            }
            if (createFailure2 instanceof Result.Failure) {
                createFailure2 = null;
            }
            key = (Key) createFailure2;
        }
        if (key == null) {
            return null;
        }
        try {
        } catch (Throwable th3) {
            createFailure3 = ResultKt.createFailure(th3);
        }
        if (!Intrinsics.areEqual("message", decryptOrRetry(encryptOrRetry("message", key), key))) {
            throw new IllegalStateException("Check failed.".toString());
        }
        createFailure3 = Boolean.TRUE;
        Throwable m1026exceptionOrNullimpl = Result.m1026exceptionOrNullimpl(createFailure3);
        if (m1026exceptionOrNullimpl != null) {
            Logger logger = CoreLogger.logger;
            if (logger != null) {
                logger.e("core.crypto.common.keystore.init", m1026exceptionOrNullimpl);
            }
            createFailure3 = Boolean.FALSE;
        }
        if (((Boolean) createFailure3).booleanValue()) {
            return key;
        }
        return null;
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    public final boolean isUsingKeyStore() {
        return getSecretKeySync$crypto_android_release() != null;
    }
}
