package h7;

import android.annotation.TargetApi;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.StrongBoxUnavailableException;
import android.util.Log;
import h7.a;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;

@TargetApi(23)
/* loaded from: classes.dex */
public class g implements a {

    /* renamed from: a, reason: collision with root package name */
    private boolean f9807a = true;

    private String h(Key key, byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            cipher.init(2, key, new IvParameterSpec(bArr, 0, 16));
            return new String(cipher.doFinal(bArr, 16, bArr.length - 16), Charset.forName("UTF-8"));
        } catch (Exception e9) {
            throw new i7.a("Could not decrypt bytes: " + e9.getMessage(), e9);
        }
    }

    private byte[] i(Key key, String str, String str2) {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            cipher.init(1, key);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] iv = cipher.getIV();
            byteArrayOutputStream.write(iv, 0, iv.length);
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            cipherOutputStream.write(str2.getBytes("UTF-8"));
            cipherOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e9) {
            throw new i7.a("Could not encrypt value for service " + str + ", message: " + e9.getMessage(), e9);
        }
    }

    @TargetApi(23)
    private SecretKey j(KeyGenParameterSpec keyGenParameterSpec) {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(keyGenParameterSpec);
        return keyGenerator.generateKey();
    }

    private void k(String str, g7.c cVar) {
        SecretKey q9 = q(str);
        if (q9 == null) {
            q9 = p(str);
        }
        if (r(cVar, q9)) {
            return;
        }
        try {
            f(str);
        } catch (i7.c e9) {
            Log.e("KeystoreAESCBC", "Unable to remove key from keychain", e9);
        }
        throw new i7.a("Cannot generate keys with required security guarantees");
    }

    private String l(String str) {
        return str.isEmpty() ? "RN_KEYCHAIN_DEFAULT_ALIAS" : str;
    }

    @TargetApi(23)
    private KeyGenParameterSpec.Builder m(String str) {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder randomizedEncryptionRequired;
        KeyGenParameterSpec.Builder keySize;
        blockModes = new KeyGenParameterSpec.Builder(str, 3).setBlockModes("CBC");
        encryptionPaddings = blockModes.setEncryptionPaddings("PKCS7Padding");
        randomizedEncryptionRequired = encryptionPaddings.setRandomizedEncryptionRequired(true);
        keySize = randomizedEncryptionRequired.setKeySize(256);
        return keySize;
    }

    private KeyStore n() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore;
        } catch (IOException | NoSuchAlgorithmException | CertificateException e9) {
            throw new i7.c("Could not access Keystore", e9);
        }
    }

    @TargetApi(23)
    private g7.c o(SecretKey secretKey) {
        boolean isInsideSecureHardware;
        try {
            isInsideSecureHardware = ((KeyInfo) SecretKeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(secretKey, KeyInfo.class)).isInsideSecureHardware();
            return isInsideSecureHardware ? g7.c.SECURE_HARDWARE : g7.c.SECURE_SOFTWARE;
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException unused) {
            return g7.c.ANY;
        }
    }

    @TargetApi(23)
    private SecretKey p(String str) {
        KeyGenParameterSpec build;
        build = m(str).build();
        return j(build);
    }

    @TargetApi(28)
    private SecretKey q(String str) {
        KeyGenParameterSpec.Builder isStrongBoxBacked;
        KeyGenParameterSpec build;
        if (Build.VERSION.SDK_INT < 28) {
            return null;
        }
        try {
            isStrongBoxBacked = m(str).setIsStrongBoxBacked(true);
            build = isStrongBoxBacked.build();
            return j(build);
        } catch (Exception e9) {
            if (e9 instanceof StrongBoxUnavailableException) {
                Log.i("KeystoreAESCBC", "StrongBox is unavailable on this device");
            } else {
                Log.e("KeystoreAESCBC", "An error occurred when trying to generate a StrongBoxSecurityKey: " + e9.getMessage());
            }
            return null;
        }
    }

    @TargetApi(23)
    private boolean r(g7.c cVar, SecretKey secretKey) {
        return o(secretKey).b(cVar);
    }

    @Override // h7.a
    public a.b a(String str, byte[] bArr, byte[] bArr2) {
        try {
            Key key = n().getKey(l(str), null);
            if (key != null) {
                return new a.b(h(key, bArr), h(key, bArr2), o((SecretKey) key));
            }
            throw new i7.a("The provided service/key could not be found in the Keystore");
        } catch (i7.c e9) {
            throw new i7.a("Could not access Keystore", e9);
        } catch (KeyStoreException e10) {
            e = e10;
            throw new i7.a("Could not get key from Keystore", e);
        } catch (NoSuchAlgorithmException e11) {
            e = e11;
            throw new i7.a("Could not get key from Keystore", e);
        } catch (UnrecoverableKeyException e12) {
            e = e12;
            throw new i7.a("Could not get key from Keystore", e);
        } catch (Exception e13) {
            throw new i7.a("Unknown error: " + e13.getMessage(), e13);
        }
    }

    @Override // h7.a
    public g7.c b() {
        return g7.c.SECURE_HARDWARE;
    }

    @Override // h7.a
    public String c() {
        return "KeystoreAESCBC";
    }

    @Override // h7.a
    public int d() {
        return 23;
    }

    @Override // h7.a
    @TargetApi(23)
    public a.c e(String str, String str2, String str3, g7.c cVar) {
        String l9 = l(str);
        try {
            try {
                KeyStore n9 = n();
                if (!n9.containsAlias(l9)) {
                    k(l9, cVar);
                }
                try {
                    Key key = n9.getKey(l9, null);
                    byte[] i9 = i(key, l9, str2);
                    byte[] i10 = i(key, l9, str3);
                    this.f9807a = true;
                    return new a.c(i9, i10, this);
                } catch (UnrecoverableKeyException e9) {
                    e9.printStackTrace();
                    if (!this.f9807a) {
                        throw e9;
                    }
                    this.f9807a = false;
                    n9.deleteEntry(l9);
                    return e(l9, str2, str3, cVar);
                }
            } catch (UnrecoverableKeyException e10) {
                e = e10;
                throw new i7.a("Could not encrypt data for service " + l9, e);
            }
        } catch (i7.c e11) {
            e = e11;
            throw new i7.a("Could not access Keystore for service " + l9, e);
        } catch (InvalidAlgorithmParameterException e12) {
            e = e12;
            throw new i7.a("Could not encrypt data for service " + l9, e);
        } catch (KeyStoreException e13) {
            e = e13;
            throw new i7.a("Could not access Keystore for service " + l9, e);
        } catch (NoSuchAlgorithmException e14) {
            e = e14;
            throw new i7.a("Could not encrypt data for service " + l9, e);
        } catch (NoSuchProviderException e15) {
            e = e15;
            throw new i7.a("Could not encrypt data for service " + l9, e);
        } catch (Exception e16) {
            throw new i7.a("Unknown error: " + e16.getMessage(), e16);
        }
    }

    @Override // h7.a
    public void f(String str) {
        String l9 = l(str);
        try {
            KeyStore n9 = n();
            if (n9.containsAlias(l9)) {
                n9.deleteEntry(l9);
            }
        } catch (KeyStoreException e9) {
            throw new i7.c("Failed to access Keystore", e9);
        } catch (Exception e10) {
            throw new i7.c("Unknown error " + e10.getMessage(), e10);
        }
    }

    @Override // h7.a
    public boolean g() {
        try {
            try {
                boolean r9 = r(g7.c.SECURE_HARDWARE, p("AndroidKeyStore#supportsSecureHardware"));
                try {
                    f("AndroidKeyStore#supportsSecureHardware");
                } catch (i7.c e9) {
                    Log.e("KeystoreAESCBC", "Unable to remove temp key from keychain", e9);
                }
                return r9;
            } catch (i7.c e10) {
                Log.e("KeystoreAESCBC", "Unable to remove temp key from keychain", e10);
                return false;
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException unused) {
            f("AndroidKeyStore#supportsSecureHardware");
            return false;
        } catch (Throwable th) {
            try {
                f("AndroidKeyStore#supportsSecureHardware");
            } catch (i7.c e11) {
                Log.e("KeystoreAESCBC", "Unable to remove temp key from keychain", e11);
            }
            throw th;
        }
    }
}
