package com.sap.cloud.mobile.foundation.common;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import androidx.appcompat.widget.p0;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.EnumMap;
import java.util.Iterator;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.PBEKeySpec;

/* loaded from: classes.dex */
public final class b {

    /* renamed from: l, reason: collision with root package name */
    public static final ne.b f8517l = ne.c.c(b.class);

    /* renamed from: m, reason: collision with root package name */
    public static final KeyStore f8518m;

    /* renamed from: a, reason: collision with root package name */
    public final String f8519a;

    /* renamed from: b, reason: collision with root package name */
    public final String f8520b;

    /* renamed from: c, reason: collision with root package name */
    public final SharedPreferences f8521c;

    /* renamed from: d, reason: collision with root package name */
    public final boolean f8522d;
    public final a e;

    /* renamed from: f, reason: collision with root package name */
    public final a f8523f;

    /* renamed from: g, reason: collision with root package name */
    public final a f8524g;

    /* renamed from: h, reason: collision with root package name */
    public final a f8525h;

    /* renamed from: i, reason: collision with root package name */
    public final a f8526i;

    /* renamed from: j, reason: collision with root package name */
    public final String f8527j;

    /* renamed from: k, reason: collision with root package name */
    public final EnumMap<EncryptionState, a> f8528k = new EnumMap<>(EncryptionState.class);

    /* loaded from: classes.dex */
    public class a {

        /* renamed from: a, reason: collision with root package name */
        public final ArrayList f8529a;

        /* renamed from: b, reason: collision with root package name */
        public final String f8530b;

        /* renamed from: c, reason: collision with root package name */
        public final String f8531c;

        /* renamed from: d, reason: collision with root package name */
        public final a[] f8532d;

        public a(String str, EncryptionState encryptionState, a... aVarArr) {
            ArrayList arrayList = new ArrayList();
            this.f8529a = arrayList;
            this.f8530b = str;
            this.f8532d = (a[]) aVarArr.clone();
            String i10 = p0.i(str, "_i_v");
            this.f8531c = i10;
            arrayList.add(str);
            arrayList.add(i10);
            if (encryptionState != null) {
                b.this.f8528k.put((EnumMap<EncryptionState, a>) encryptionState, (EncryptionState) this);
            }
        }

        public static byte[] a(a aVar) {
            aVar.getClass();
            try {
                Cipher f10 = aVar.f(false);
                ne.b bVar = b.f8517l;
                return f10.doFinal(b.this.n(aVar.f8530b));
            } catch (BadPaddingException | IllegalBlockSizeException e) {
                throw new EncryptionError("Failed to decrypt", e);
            }
        }

        public static byte[] b(a aVar, SecretKey secretKey) {
            aVar.getClass();
            try {
                Cipher e = aVar.e(secretKey, false);
                ne.b bVar = b.f8517l;
                return e.doFinal(b.this.n(aVar.f8530b));
            } catch (BadPaddingException | IllegalBlockSizeException e2) {
                throw new EncryptionError("Failed to decrypt with a secret key", e2);
            }
        }

        public final void c() {
            if (d()) {
                SharedPreferences.Editor edit = b.this.f8521c.edit();
                Iterator it = this.f8529a.iterator();
                while (it.hasNext()) {
                    edit.remove((String) it.next());
                }
                edit.apply();
                for (a aVar : this.f8532d) {
                    aVar.c();
                }
            }
        }

        public final boolean d() {
            Iterator it = this.f8529a.iterator();
            boolean z9 = false;
            while (it.hasNext()) {
                if (b.this.f8521c.contains((String) it.next())) {
                    z9 = true;
                }
            }
            return z9;
        }

        public final Cipher e(SecretKey secretKey, boolean z9) {
            byte[] n10;
            ne.b bVar = b.f8517l;
            b bVar2 = b.this;
            bVar2.getClass();
            Cipher i10 = b.i();
            String str = this.f8531c;
            if (z9) {
                n10 = bVar2.n(str);
                if (n10.length == 0) {
                    n10 = b.f(12);
                    bVar2.q(str, n10);
                }
            } else {
                n10 = bVar2.n(str);
            }
            try {
                i10.init(z9 ? 1 : 2, secretKey, new GCMParameterSpec(128, n10));
                return i10;
            } catch (InvalidAlgorithmParameterException | InvalidKeyException e) {
                throw new EncryptionError("Failed to get AES cipher with a secret key", e);
            }
        }

        public final Cipher f(boolean z9) {
            byte[] n10;
            ne.b bVar = b.f8517l;
            b bVar2 = b.this;
            bVar2.getClass();
            Cipher i10 = b.i();
            String str = this.f8531c;
            if (z9) {
                n10 = bVar2.n(str);
                if (n10.length == 0) {
                    n10 = b.f(12);
                    bVar2.q(str, n10);
                }
            } else {
                n10 = bVar2.n(str);
            }
            try {
                i10.init(z9 ? 1 : 2, bVar2.m(false, z9), new GCMParameterSpec(128, n10));
                return i10;
            } catch (InvalidAlgorithmParameterException | InvalidKeyException e) {
                throw new EncryptionError("Failed to get AES cipher", e);
            }
        }
    }

    static {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            f8518m = keyStore;
            keyStore.load(null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            f8517l.n(" key store initialization", e, "Unexpected Exception in {}");
        }
    }

    public b(Context context, String str) {
        if (str.isEmpty()) {
            throw new IllegalArgumentException("Empty alias.");
        }
        this.f8520b = str;
        this.f8527j = str.concat("_ci_iv");
        this.f8521c = context.getSharedPreferences(str.concat("_sharedPreference##"), 0);
        a aVar = new a(str.concat("_s"), null, new a[0]);
        this.e = aVar;
        a aVar2 = new a(str.concat("p_chk"), null, new a[0]);
        this.f8523f = aVar2;
        new a(str.concat("init_iv_verifier"), EncryptionState.INIT, new a[0]);
        this.f8524g = new a(str.concat("_auto_key"), EncryptionState.NO_PASSCODE, new a[0]);
        a aVar3 = new a(str.concat("_pCode_key"), EncryptionState.PASSCODE_ONLY, aVar, aVar2);
        this.f8525h = aVar3;
        this.f8526i = new a(str.concat("_b_m_pCode_key"), EncryptionState.PASSCODE_BIOMETRIC, aVar3);
        this.f8519a = str.concat("_biometric");
        this.f8522d = false;
        this.f8522d = context.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore");
    }

    public static int a(byte[] bArr) {
        int length = bArr.length - 4;
        return (bArr[length + 3] & 255) | (bArr[length] << 24) | ((bArr[length + 1] & 255) << 16) | ((bArr[length + 2] & 255) << 8);
    }

    public static byte[] f(int i10) {
        if (i10 <= 0) {
            throw new IllegalArgumentException("generateRandom: invalid length.");
        }
        byte[] bArr = new byte[i10];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    public static SecretKey g(char[] cArr, int i10, byte[] bArr) {
        try {
            return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(cArr, bArr, i10, 256));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new EncryptionError("Error generating secret key", e);
        }
    }

    public static Cipher i() {
        try {
            return Cipher.getInstance("AES/GCM/NoPadding");
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new EncryptionError("Failed to get cipher instance", e);
        }
    }

    public final void b() {
        for (EncryptionState encryptionState : EncryptionState.values()) {
            this.f8528k.get(encryptionState).c();
        }
        try {
            f8518m.deleteEntry(this.f8520b);
        } catch (KeyStoreException e) {
            throw new EncryptionError("Failed to delete Android Key Store entry." + e.getLocalizedMessage(), e);
        }
    }

    public final void c(char[] cArr) {
        o(true, EncryptionState.INIT, EncryptionState.NO_PASSCODE, EncryptionState.PASSCODE_ONLY);
        byte[] b10 = a.b(this.f8525h, r(cArr));
        this.f8526i.c();
        p(b10, cArr);
    }

    public final void d(char[] cArr, Cipher cipher) {
        byte[] b10;
        o(true, EncryptionState.PASSCODE_BIOMETRIC);
        a aVar = this.f8524g;
        if (aVar.d()) {
            b10 = a.a(aVar);
        } else {
            a aVar2 = this.f8525h;
            b10 = aVar2.d() ? a.b(aVar2, r(cArr)) : f(32);
        }
        a aVar3 = this.f8526i;
        aVar3.getClass();
        try {
            b.this.q(aVar3.f8530b, cipher.doFinal(b10));
            p(b10, cArr);
            aVar.c();
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            throw new EncryptionError("Failed to encrypt with the provided cipher", e);
        }
    }

    public final byte[] e(char[] cArr, boolean z9) {
        o(z9, EncryptionState.PASSCODE_ONLY, EncryptionState.PASSCODE_BIOMETRIC);
        a aVar = this.f8524g;
        byte[] a9 = aVar.d() ? a.a(aVar) : f(32);
        p(a9, cArr);
        aVar.c();
        return a9;
    }

    public final Cipher h() {
        byte[] n10;
        boolean z9 = j() != EncryptionState.PASSCODE_BIOMETRIC;
        Cipher i10 = i();
        try {
            String str = this.f8527j;
            if (z9) {
                n10 = f(12);
                q(str, n10);
            } else {
                n10 = n(str);
            }
            i10.init(z9 ? 1 : 2, m(true, z9), new GCMParameterSpec(128, n10));
            return i10;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e) {
            throw new EncryptionError("Failed to get AES cipher", e);
        }
    }

    public final EncryptionState j() {
        EncryptionState encryptionState = EncryptionState.INIT;
        for (EncryptionState encryptionState2 : EncryptionState.values()) {
            if (this.f8528k.get(encryptionState2).d()) {
                encryptionState = encryptionState2;
            }
        }
        return encryptionState;
    }

    public final byte[] k(Cipher cipher) {
        o(true, EncryptionState.INIT, EncryptionState.NO_PASSCODE, EncryptionState.PASSCODE_ONLY);
        a aVar = this.f8526i;
        aVar.getClass();
        try {
            return cipher.doFinal(b.this.n(aVar.f8530b));
        } catch (IllegalStateException e) {
            throw new EncryptionError("Encryption cipher is used for decryption.", e);
        } catch (BadPaddingException e2) {
            e = e2;
            throw new EncryptionError("Failed to decrypt with the provided cipher", e);
        } catch (IllegalBlockSizeException e5) {
            e = e5;
            throw new EncryptionError("Failed to decrypt with the provided cipher", e);
        }
    }

    public final byte[] l(char[] cArr, boolean z9) {
        o(z9, EncryptionState.NO_PASSCODE);
        a aVar = this.f8525h;
        return !aVar.d() ? e(cArr, z9) : a.b(aVar, r(cArr));
    }

    public final SecretKey m(boolean z9, boolean z10) {
        String str = !z9 ? this.f8520b : this.f8519a;
        if (!z10) {
            try {
                KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) f8518m.getEntry(str, null);
                if (secretKeyEntry != null) {
                    return secretKeyEntry.getSecretKey();
                }
                throw new EncryptionError("KeyStore entry does not exist.");
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
                throw new EncryptionError("Failed to get key from key store.", e);
            }
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(str, 3);
            if (z9) {
                builder.setUserAuthenticationRequired(true);
            }
            builder.setBlockModes("GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false);
            builder.setIsStrongBoxBacked(this.f8522d);
            keyGenerator.init(builder.build());
            return keyGenerator.generateKey();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e2) {
            throw new EncryptionError("Failed to generate key from key store.", e2);
        }
    }

    public final byte[] n(String str) {
        SharedPreferences sharedPreferences = this.f8521c;
        return !sharedPreferences.contains(str) ? new byte[0] : Base64.decode(sharedPreferences.getString(str, null), 0);
    }

    public final void o(boolean z9, EncryptionState... encryptionStateArr) {
        if (!z9) {
            f8517l.g("Skipping State check.");
            return;
        }
        List asList = Arrays.asList(encryptionStateArr);
        EncryptionState j10 = j();
        if (asList.contains(j10)) {
            throw new IllegalStateException(j10 + " is not allowed");
        }
    }

    public final void p(byte[] bArr, char[] cArr) {
        byte[] copyOfRange;
        a aVar = this.e;
        boolean d10 = aVar.d();
        String str = aVar.f8531c;
        b bVar = b.this;
        int i10 = 1000;
        if (d10) {
            copyOfRange = bVar.n(str);
            if (copyOfRange.length == 36) {
                i10 = a(copyOfRange);
                copyOfRange = Arrays.copyOfRange(copyOfRange, 0, 32);
            }
        } else {
            byte[] f10 = f(36);
            int length = f10.length - 4;
            byte b10 = (byte) 0;
            f10[length] = b10;
            f10[length + 1] = b10;
            f10[length + 2] = (byte) 3;
            f10[length + 3] = (byte) 1000;
            bVar.q(str, f10);
            copyOfRange = Arrays.copyOfRange(f10, 0, 32);
        }
        SecretKey g10 = g(cArr, i10, copyOfRange);
        a aVar2 = this.f8523f;
        aVar2.getClass();
        try {
            b.this.q(aVar2.f8530b, aVar2.e(g10, true).doFinal(copyOfRange));
            a aVar3 = this.f8525h;
            aVar3.getClass();
            try {
                b.this.q(aVar3.f8530b, aVar3.e(g10, true).doFinal(bArr));
            } catch (BadPaddingException | IllegalBlockSizeException e) {
                throw new EncryptionError("Failed to encrypt with a secret key.", e);
            }
        } catch (BadPaddingException | IllegalBlockSizeException e2) {
            throw new EncryptionError("Failed to encrypt with a secret key.", e2);
        }
    }

    public final void q(String str, byte[] bArr) {
        this.f8521c.edit().putString(str, Base64.encodeToString(bArr, 0)).apply();
    }

    public final SecretKey r(char[] cArr) {
        int i10;
        a aVar = this.e;
        aVar.getClass();
        byte[] n10 = b.this.n(aVar.f8531c);
        if (n10.length == 36) {
            i10 = a(n10);
            n10 = Arrays.copyOfRange(n10, 0, 32);
        } else {
            i10 = 1000;
        }
        SecretKey g10 = g(cArr, i10, n10);
        if (Arrays.equals(n10, a.b(this.f8523f, g10))) {
            return g10;
        }
        throw new EncryptionError("Incorrect passcode.");
    }
}
