package de.tutao.tutanota;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Log;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes.dex */
public class AndroidKeyStoreFacade {
    private final Crypto crypto;
    private volatile KeyStore keyStore;

    public AndroidKeyStoreFacade(Context context) {
        this.crypto = new Crypto(context);
    }

    private Cipher createRSACipher(Key key, int i) throws CryptoError {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
            cipher.init(i, key);
            return cipher;
        } catch (InvalidKeyException e) {
            throw new CryptoError(e);
        } catch (NoSuchAlgorithmException e2) {
            e = e2;
            throw new RuntimeException(e);
        } catch (NoSuchProviderException e3) {
            e = e3;
            throw new RuntimeException(e);
        } catch (NoSuchPaddingException e4) {
            e = e4;
            throw new RuntimeException(e);
        }
    }

    private void generateSymmetricKey() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder("TutanotaAppDeviceKey", 3).setBlockModes("CBC").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build());
        keyGenerator.generateKey();
    }

    private Key getSymmetricKey() throws KeyStoreException {
        try {
            return this.keyStore.getKey("TutanotaAppDeviceKey", null);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        } catch (UnrecoverableKeyException e2) {
            throw new KeyStoreException(e2);
        }
    }

    private synchronized void initialize() throws CryptoError, KeyStoreException {
        if (this.keyStore != null) {
            return;
        }
        try {
            this.keyStore = KeyStore.getInstance("AndroidKeyStore");
            this.keyStore.load(null);
            if (!this.keyStore.containsAlias("TutanotaAppDeviceKey") && !this.keyStore.containsAlias("TutanotaAppDeviceAsymmetricKey")) {
                generateSymmetricKey();
            }
        } catch (IOException | InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException e) {
            Log.w("AndroidKeyStoreFacade", "Keystore could not be initialized", e);
            throw new CryptoError(e);
        }
    }

    public byte[] decryptKey(byte[] bArr) throws UnrecoverableEntryException, KeyStoreException, CryptoError {
        initialize();
        if (!this.keyStore.containsAlias("TutanotaAppDeviceAsymmetricKey")) {
            return this.crypto.decryptKey(getSymmetricKey(), bArr);
        }
        try {
            return createRSACipher((PrivateKey) this.keyStore.getKey("TutanotaAppDeviceAsymmetricKey", null), 2).doFinal(bArr);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        } catch (BadPaddingException e2) {
            e = e2;
            throw new CryptoError(e);
        } catch (IllegalBlockSizeException e3) {
            e = e3;
            throw new CryptoError(e);
        }
    }

    public byte[] encryptKey(byte[] bArr) throws KeyStoreException, CryptoError {
        initialize();
        if (!this.keyStore.containsAlias("TutanotaAppDeviceAsymmetricKey")) {
            return this.crypto.encryptKey(getSymmetricKey(), bArr);
        }
        try {
            return createRSACipher(this.keyStore.getCertificate("TutanotaAppDeviceAsymmetricKey").getPublicKey(), 1).doFinal(bArr);
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            throw new CryptoError(e);
        }
    }
}
