package com.vk.core.preference.crypto;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import com.vk.core.preference.crypto.c;
import com.vk.log.L;
import en.g;
import en.h;
import en.i;
import fh0.f;
import io.requery.android.database.sqlite.SQLiteDatabase;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Calendar;
import java.util.Date;
import java.util.Locale;
import java.util.UUID;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.jvm.internal.Lambda;
import oh0.s;
import ru.ok.android.onelog.ItemDumper;
import tg0.l;

/* compiled from: EncryptionManager.kt */
/* loaded from: classes2.dex */
public final class a implements c {

    /* renamed from: a, reason: collision with root package name */
    public final i f18248a;

    /* renamed from: b, reason: collision with root package name */
    public final ReentrantReadWriteLock f18249b;

    /* renamed from: c, reason: collision with root package name */
    public final Context f18250c;

    /* renamed from: d, reason: collision with root package name */
    public final Date f18251d;

    /* renamed from: e, reason: collision with root package name */
    public final Date f18252e;

    /* renamed from: f, reason: collision with root package name */
    public CountDownLatch f18253f;

    /* renamed from: g, reason: collision with root package name */
    public KeyStore f18254g;

    /* renamed from: h, reason: collision with root package name */
    public Cipher f18255h;

    /* renamed from: i, reason: collision with root package name */
    public final ReentrantLock f18256i;

    /* compiled from: EncryptionManager.kt */
    /* renamed from: com.vk.core.preference.crypto.a$a, reason: collision with other inner class name */
    /* loaded from: classes2.dex */
    public static final class C0265a extends Lambda implements eh0.a<l> {

        /* renamed from: a, reason: collision with root package name */
        public static final C0265a f18257a = new C0265a();

        public C0265a() {
            super(0);
        }

        @Override // eh0.a
        public /* bridge */ /* synthetic */ l c() {
            d();
            return l.f52125a;
        }

        public final void d() {
        }
    }

    /* compiled from: EncryptionManager.kt */
    /* loaded from: classes2.dex */
    public static final class b {
        public b() {
        }

        public /* synthetic */ b(f fVar) {
            this();
        }
    }

    static {
        new b(null);
    }

    public a(Context context, Executor executor, final eh0.l<? super Exception, l> lVar, i iVar, final eh0.a<l> aVar) {
        fh0.i.g(context, "context");
        fh0.i.g(executor, "initExecutor");
        fh0.i.g(lVar, "exceptionHandler");
        fh0.i.g(iVar, "keyStorage");
        fh0.i.g(aVar, "masterKeyCreationCallback");
        this.f18248a = iVar;
        this.f18249b = new ReentrantReadWriteLock();
        this.f18250c = context.getApplicationContext();
        this.f18253f = new CountDownLatch(1);
        this.f18256i = new ReentrantLock();
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        fh0.i.f(time, "calendar.time");
        this.f18251d = time;
        calendar.add(1, 30);
        Date time2 = calendar.getTime();
        fh0.i.f(time2, "calendar.time");
        this.f18252e = time2;
        executor.execute(new Runnable() { // from class: en.a
            @Override // java.lang.Runnable
            public final void run() {
                com.vk.core.preference.crypto.a.f(com.vk.core.preference.crypto.a.this, lVar, aVar);
            }
        });
    }

    public /* synthetic */ a(Context context, Executor executor, eh0.l lVar, i iVar, eh0.a aVar, int i11, f fVar) {
        this(context, executor, lVar, iVar, (i11 & 16) != 0 ? C0265a.f18257a : aVar);
    }

    public static final void f(a aVar, eh0.l lVar, eh0.a aVar2) {
        fh0.i.g(aVar, "this$0");
        fh0.i.g(lVar, "$exceptionHandler");
        fh0.i.g(aVar2, "$masterKeyCreationCallback");
        aVar.s(lVar, aVar2);
    }

    @Override // com.vk.core.preference.crypto.c
    public void a(String str) {
        fh0.i.g(str, "keyAlias");
        this.f18248a.b(str, null);
    }

    @Override // com.vk.core.preference.crypto.c
    public c.a b(String str, byte[] bArr) {
        fh0.i.g(str, "keyAlias");
        fh0.i.g(bArr, ItemDumper.DATA);
        ReentrantReadWriteLock.ReadLock readLock = this.f18249b.readLock();
        readLock.lock();
        try {
            g();
            l lVar = l.f52125a;
            readLock.unlock();
            byte[] q11 = q(str);
            if (q11 == null) {
                q11 = h(str);
            }
            return o(q11, bArr);
        } catch (Throwable th2) {
            readLock.unlock();
            throw th2;
        }
    }

    @Override // com.vk.core.preference.crypto.c
    public boolean c(long j11) {
        return this.f18253f.await(j11, TimeUnit.MILLISECONDS);
    }

    @Override // com.vk.core.preference.crypto.c
    public byte[] d(String str, c.a aVar) {
        fh0.i.g(str, "keyAlias");
        fh0.i.g(aVar, ItemDumper.DATA);
        ReentrantReadWriteLock.ReadLock readLock = this.f18249b.readLock();
        readLock.lock();
        try {
            g();
            l lVar = l.f52125a;
            readLock.unlock();
            byte[] q11 = q(str);
            if (q11 != null) {
                return m(q11, aVar);
            }
            throw new EncryptionException("No key with alias " + str);
        } catch (Throwable th2) {
            readLock.unlock();
            throw th2;
        }
    }

    public final void g() {
        if (this.f18253f.getCount() > 0) {
            throw new EncryptionException("Manager is not initialized");
        }
        if (!r()) {
            throw new EncryptionException("Cannot perform operations without master key");
        }
    }

    public final byte[] h(String str) {
        byte[] b11;
        String uuid = UUID.randomUUID().toString();
        fh0.i.f(uuid, "randomUUID().toString()");
        String lowerCase = uuid.toLowerCase(Locale.ROOT);
        fh0.i.f(lowerCase, "this as java.lang.String).toLowerCase(Locale.ROOT)");
        char[] charArray = s.F(lowerCase, "-", "", false, 4, null).toCharArray();
        fh0.i.f(charArray, "this as java.lang.String).toCharArray()");
        UUID randomUUID = UUID.randomUUID();
        fh0.i.f(randomUUID, "randomUUID()");
        b11 = g.b(randomUUID);
        try {
            byte[] encoded = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(charArray, b11, v8.a.DEFAULT_MIN_DURATION_FOR_QUALITY_INCREASE_MS, 256)).getEncoded();
            fh0.i.f(encoded, "generatedKey");
            this.f18248a.b(str, p(encoded));
            return h.a(encoded);
        } catch (Exception e11) {
            throw new EncryptionException("Failed to generate key", e11);
        }
    }

    public final void i() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(j());
            keyPairGenerator.generateKeyPair();
        } catch (Exception e11) {
            throw new EncryptionException("Failed to generate master key", e11);
        }
    }

    public final AlgorithmParameterSpec j() {
        return Build.VERSION.SDK_INT >= 23 ? k() : l();
    }

    @TargetApi(23)
    public final AlgorithmParameterSpec k() {
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("ALIAS_MASTER_KEY", 3).setKeySize(SQLiteDatabase.Function.FLAG_DETERMINISTIC).setEncryptionPaddings("PKCS1Padding").setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(SQLiteDatabase.Function.FLAG_DETERMINISTIC, RSAKeyGenParameterSpec.F4)).setCertificateSubject(new X500Principal("CN=ALIAS_MASTER_KEY")).setCertificateSerialNumber(BigInteger.valueOf(Math.abs(1301899345))).build();
        fh0.i.f(build, "Builder(MASTER_KEY_ALIAS…()))\n            .build()");
        return build;
    }

    public final AlgorithmParameterSpec l() {
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.f18250c).setAlias("ALIAS_MASTER_KEY").setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(SQLiteDatabase.Function.FLAG_DETERMINISTIC, RSAKeyGenParameterSpec.F4)).setKeySize(SQLiteDatabase.Function.FLAG_DETERMINISTIC).setSubject(new X500Principal("CN=ALIAS_MASTER_KEY")).setSerialNumber(BigInteger.valueOf(Math.abs(1301899345))).setStartDate(this.f18251d).setEndDate(this.f18252e).build();
        fh0.i.f(build, "Builder(appContext)\n    …ate)\n            .build()");
        return build;
    }

    public final byte[] m(byte[] bArr, c.a aVar) {
        try {
            ReentrantLock reentrantLock = this.f18256i;
            reentrantLock.lock();
            try {
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
                Cipher cipher = this.f18255h;
                Cipher cipher2 = null;
                if (cipher == null) {
                    fh0.i.q("aesCipher");
                    cipher = null;
                }
                cipher.init(2, secretKeySpec, new IvParameterSpec(aVar.b()));
                Cipher cipher3 = this.f18255h;
                if (cipher3 == null) {
                    fh0.i.q("aesCipher");
                } else {
                    cipher2 = cipher3;
                }
                byte[] doFinal = cipher2.doFinal(aVar.a());
                reentrantLock.unlock();
                fh0.i.f(doFinal, "{\n            cipherLock…)\n            }\n        }");
                return doFinal;
            } catch (Throwable th2) {
                reentrantLock.unlock();
                throw th2;
            }
        } catch (Exception e11) {
            throw new EncryptionException("Failed to decrypt with aes key", e11);
        }
    }

    public final byte[] n(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding");
            KeyStore keyStore = this.f18254g;
            if (keyStore == null) {
                fh0.i.q("keyStore");
                keyStore = null;
            }
            cipher.init(2, keyStore.getKey("ALIAS_MASTER_KEY", null));
            byte[] doFinal = cipher.doFinal(bArr);
            fh0.i.f(doFinal, "{\n            val cipher…r.doFinal(data)\n        }");
            return doFinal;
        } catch (Exception e11) {
            throw new EncryptionException("Failed to decrypt with master key", e11);
        }
    }

    public final c.a o(byte[] bArr, byte[] bArr2) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
            ReentrantLock reentrantLock = this.f18256i;
            reentrantLock.lock();
            try {
                Cipher cipher = this.f18255h;
                Cipher cipher2 = null;
                if (cipher == null) {
                    fh0.i.q("aesCipher");
                    cipher = null;
                }
                cipher.init(1, secretKeySpec);
                Cipher cipher3 = this.f18255h;
                if (cipher3 == null) {
                    fh0.i.q("aesCipher");
                    cipher3 = null;
                }
                byte[] doFinal = cipher3.doFinal(bArr2);
                fh0.i.f(doFinal, "encrypted");
                Cipher cipher4 = this.f18255h;
                if (cipher4 == null) {
                    fh0.i.q("aesCipher");
                } else {
                    cipher2 = cipher4;
                }
                byte[] iv2 = cipher2.getIV();
                fh0.i.f(iv2, "aesCipher.iv");
                return new c.a(doFinal, iv2);
            } finally {
                reentrantLock.unlock();
            }
        } catch (Exception e11) {
            throw new EncryptionException("Failed to encrypt with raw aes key", e11);
        }
    }

    public final byte[] p(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding");
            KeyStore keyStore = this.f18254g;
            if (keyStore == null) {
                fh0.i.q("keyStore");
                keyStore = null;
            }
            cipher.init(1, keyStore.getCertificate("ALIAS_MASTER_KEY").getPublicKey());
            byte[] doFinal = cipher.doFinal(bArr);
            fh0.i.f(doFinal, "{\n            val cipher…r.doFinal(data)\n        }");
            return doFinal;
        } catch (Exception e11) {
            throw new EncryptionException("Failed to encrypt with master key", e11);
        }
    }

    public final byte[] q(String str) {
        byte[] a11 = this.f18248a.a(str);
        if (a11 != null) {
            return h.a(n(a11));
        }
        L.n("No key with alias " + str);
        return null;
    }

    public final boolean r() {
        try {
            KeyStore keyStore = this.f18254g;
            if (keyStore == null) {
                fh0.i.q("keyStore");
                keyStore = null;
            }
            return keyStore.getKey("ALIAS_MASTER_KEY", null) != null;
        } catch (Exception e11) {
            L.H(e11, "Failed to retrieve master key");
            return false;
        }
    }

    public final void s(eh0.l<? super Exception, l> lVar, eh0.a<l> aVar) throws EncryptionException {
        CountDownLatch countDownLatch;
        fh0.i.g(lVar, "exceptionHandler");
        fh0.i.g(aVar, "masterKeyCreationCallback");
        ReentrantReadWriteLock reentrantReadWriteLock = this.f18249b;
        ReentrantReadWriteLock.ReadLock readLock = reentrantReadWriteLock.readLock();
        int i11 = 0;
        int readHoldCount = reentrantReadWriteLock.getWriteHoldCount() == 0 ? reentrantReadWriteLock.getReadHoldCount() : 0;
        int i12 = 0;
        while (i12 < readHoldCount) {
            i12++;
            readLock.unlock();
        }
        ReentrantReadWriteLock.WriteLock writeLock = reentrantReadWriteLock.writeLock();
        writeLock.lock();
        try {
            if (this.f18253f.getCount() == 0) {
                return;
            }
            try {
                try {
                    KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                    fh0.i.f(keyStore, "getInstance(\"AndroidKeyStore\")");
                    this.f18254g = keyStore;
                    if (keyStore == null) {
                        fh0.i.q("keyStore");
                        keyStore = null;
                    }
                    keyStore.load(null);
                    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
                    fh0.i.f(cipher, "getInstance(AES_CIPHER_SUIT)");
                    this.f18255h = cipher;
                    if (!r()) {
                        i();
                        aVar.c();
                    }
                    countDownLatch = this.f18253f;
                } catch (Exception e11) {
                    lVar.b(new EncryptionException("Failed to run init", e11));
                    countDownLatch = this.f18253f;
                }
                countDownLatch.countDown();
                l lVar2 = l.f52125a;
                while (i11 < readHoldCount) {
                    i11++;
                    readLock.lock();
                }
                writeLock.unlock();
            } catch (Throwable th2) {
                this.f18253f.countDown();
                throw th2;
            }
        } finally {
            while (i11 < readHoldCount) {
                i11++;
                readLock.lock();
            }
            writeLock.unlock();
        }
    }
}
