package com.microsoft.aad.adal;

import android.annotation.SuppressLint;
import android.annotation.TargetApi;
import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import com.fos.sdk.EventID;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.DigestException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Calendar;
import java.util.Date;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class ah {

    /* renamed from: a, reason: collision with root package name */
    private final Context f8916a;

    /* renamed from: c, reason: collision with root package name */
    private KeyPair f8918c;

    /* renamed from: d, reason: collision with root package name */
    private String f8919d;
    private SecretKey e = null;
    private SecretKey f = null;
    private SecretKey g = null;

    /* renamed from: b, reason: collision with root package name */
    private final SecureRandom f8917b = new SecureRandom();

    public ah(Context context) {
        this.f8916a = context;
    }

    @TargetApi(18)
    private AlgorithmParameterSpec a(Context context, Date date, Date date2) {
        return new KeyPairGeneratorSpec.Builder(context).setAlias("AdalKey").setSubject(new X500Principal(String.format(Locale.ROOT, "CN=%s, OU=%s", "AdalKey", context.getPackageName()))).setSerialNumber(BigInteger.ONE).setStartDate(date).setEndDate(date2).build();
    }

    private SecretKey a(SecretKey secretKey) {
        byte[] encoded = secretKey.getEncoded();
        return encoded != null ? new SecretKeySpec(MessageDigest.getInstance("SHA256").digest(encoded), "AES") : secretKey;
    }

    private SecretKey a(byte[] bArr) {
        if (bArr == null) {
            throw new IllegalArgumentException("rawBytes");
        }
        return new SecretKeySpec(bArr, "AES");
    }

    private void a(byte[] bArr, int i, int i2, byte[] bArr2) {
        if (bArr2.length != i2 - i) {
            throw new IllegalArgumentException("Unexpected HMAC length");
        }
        byte b2 = 0;
        for (int i3 = i; i3 < i2; i3++) {
            b2 = (byte) (b2 | (bArr2[i3 - i] ^ bArr[i3]));
        }
        if (b2 != 0) {
            throw new DigestException();
        }
    }

    @TargetApi(18)
    private synchronized KeyPair b() {
        KeyPairGenerator keyPairGenerator;
        KeyStore.getInstance("AndroidKeyStore").load(null);
        ab.a("StorageHelper", "Generate KeyPair from AndroidKeyStore");
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 100);
        keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        keyPairGenerator.initialize(a(this.f8916a, calendar.getTime(), calendar2.getTime()));
        try {
        } catch (IllegalStateException e) {
            throw new KeyStoreException(e);
        }
        return keyPairGenerator.generateKeyPair();
    }

    @SuppressLint({"GetInstance"})
    @TargetApi(18)
    private SecretKey b(byte[] bArr) {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(4, this.f8918c.getPrivate());
        try {
            return (SecretKey) cipher.unwrap(bArr, "AES", 3);
        } catch (IllegalArgumentException e) {
            throw new KeyStoreException(e);
        }
    }

    @SuppressLint({"GetInstance"})
    @TargetApi(18)
    private byte[] b(SecretKey secretKey) {
        ab.a("StorageHelper", "Wrap secret key.");
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(3, this.f8918c.getPublic());
        return cipher.wrap(secretKey);
    }

    private synchronized KeyPair c() {
        KeyStore.PrivateKeyEntry privateKeyEntry;
        if (!d()) {
            throw new KeyStoreException("KeyPair entry does not exist.");
        }
        ab.a("StorageHelper", "Reading Key entry");
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        try {
            privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("AdalKey", null);
        } catch (RuntimeException e) {
            throw new KeyStoreException(e);
        }
        return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
    }

    private synchronized SecretKey c(String str) {
        SecretKey secretKey;
        if ("U001".equals(str)) {
            secretKey = a(g.INSTANCE.a());
        } else {
            try {
                this.g = d(str);
            } catch (IOException | GeneralSecurityException e) {
                ab.a("StorageHelper", "Key does not exist in AndroidKeyStore, try to generate new keys.");
            }
            if (this.g == null) {
                this.f8918c = b();
                this.g = f();
                c(b(this.g));
            }
            secretKey = this.g;
        }
        return secretKey;
    }

    private void c(byte[] bArr) {
        ab.a("StorageHelper", "Writing key data to a file");
        FileOutputStream fileOutputStream = new FileOutputStream(new File(this.f8916a.getDir(this.f8916a.getPackageName(), 0), "adalks"));
        try {
            fileOutputStream.write(bArr);
        } finally {
            fileOutputStream.close();
        }
    }

    private synchronized SecretKey d(String str) {
        SecretKey secretKey;
        char c2 = 65535;
        switch (str.hashCode()) {
            case 1984080:
                if (str.equals("A001")) {
                    c2 = 1;
                    break;
                }
                break;
            case 2579900:
                if (str.equals("U001")) {
                    c2 = 0;
                    break;
                }
                break;
        }
        switch (c2) {
            case 0:
                secretKey = a(g.INSTANCE.a());
                break;
            case 1:
                if (this.g == null) {
                    this.f8918c = c();
                    this.g = g();
                    secretKey = this.g;
                    break;
                } else {
                    secretKey = this.g;
                    break;
                }
            default:
                throw new IOException("Unknown keyVersion.");
        }
        return secretKey;
    }

    private synchronized boolean d() {
        KeyStore keyStore;
        keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        try {
        } catch (NullPointerException e) {
            throw new KeyStoreException(e);
        }
        return keyStore.containsAlias("AdalKey");
    }

    private char e() {
        return (char) ("E1".length() + 97);
    }

    private SecretKey f() {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(EventID.RECORD_ACHIEVE_FILE_MAXSIZE, this.f8917b);
        return keyGenerator.generateKey();
    }

    @TargetApi(18)
    private synchronized SecretKey g() {
        SecretKey b2;
        ab.a("StorageHelper", "Reading SecretKey");
        try {
            b2 = b(j());
            ab.a("StorageHelper", "Finished reading SecretKey");
        } catch (IOException | GeneralSecurityException e) {
            ab.b("StorageHelper", "Unwrap failed for AndroidKeyStore", "", a.ANDROIDKEYSTORE_FAILED, e);
            this.f8918c = null;
            h();
            i();
            ab.a("StorageHelper", "Removed previous key pair info.");
            throw e;
        }
        return b2;
    }

    private void h() {
        File file = new File(this.f8916a.getDir(this.f8916a.getPackageName(), 0), "adalks");
        if (file.exists()) {
            ab.a("StorageHelper", "Delete KeyFile");
            if (file.delete()) {
                return;
            }
            ab.a("StorageHelper", "Delete KeyFile failed");
        }
    }

    @TargetApi(18)
    private synchronized void i() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        keyStore.deleteEntry("AdalKey");
    }

    private byte[] j() {
        File file = new File(this.f8916a.getDir(this.f8916a.getPackageName(), 0), "adalks");
        if (!file.exists()) {
            throw new IOException("Key file to read does not exist");
        }
        ab.a("StorageHelper", "Reading key data from a file");
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[EventID.INIT_INFO_FIN];
            while (true) {
                int read = fileInputStream.read(bArr);
                if (read == -1) {
                    return byteArrayOutputStream.toByteArray();
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
        } finally {
            fileInputStream.close();
        }
    }

    public String a(String str) {
        ab.a("StorageHelper", "Starting encryption");
        if (ai.a(str)) {
            throw new IllegalArgumentException("Input is empty or null");
        }
        this.e = a();
        this.f = a(this.e);
        ab.a("StorageHelper", "Encrypt version:" + this.f8919d);
        byte[] bytes = this.f8919d.getBytes("UTF_8");
        byte[] bytes2 = str.getBytes("UTF_8");
        byte[] bArr = new byte[16];
        this.f8917b.nextBytes(bArr);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        Mac mac = Mac.getInstance("HmacSHA256");
        cipher.init(1, this.e, ivParameterSpec);
        byte[] doFinal = cipher.doFinal(bytes2);
        mac.init(this.f);
        mac.update(bytes);
        mac.update(doFinal);
        mac.update(bArr);
        byte[] doFinal2 = mac.doFinal();
        byte[] bArr2 = new byte[bytes.length + doFinal.length + bArr.length + doFinal2.length];
        System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
        System.arraycopy(doFinal, 0, bArr2, bytes.length, doFinal.length);
        System.arraycopy(bArr, 0, bArr2, bytes.length + doFinal.length, bArr.length);
        System.arraycopy(doFinal2, 0, bArr2, bytes.length + doFinal.length + bArr.length, doFinal2.length);
        String str2 = new String(Base64.encode(bArr2, 2), "UTF_8");
        ab.a("StorageHelper", "Finished encryption");
        return e() + "E1" + str2;
    }

    synchronized SecretKey a() {
        SecretKey c2;
        if (this.e == null || this.f == null) {
            if (g.INSTANCE.a() == null) {
                this.f8919d = "A001";
            } else {
                this.f8919d = "U001";
            }
            c2 = c(this.f8919d);
        } else {
            c2 = this.e;
        }
        return c2;
    }

    public String b(String str) {
        ab.a("StorageHelper", "Starting decryption");
        if (ai.a(str)) {
            throw new IllegalArgumentException("Input is empty or null");
        }
        int charAt = str.charAt(0) - 'a';
        if (charAt <= 0) {
            throw new IllegalArgumentException(String.format("Encode version length: '%s' is not valid, it must be greater of equal to 0", Integer.valueOf(charAt)));
        }
        if (!str.substring(1, charAt + 1).equals("E1")) {
            throw new IllegalArgumentException(String.format("Encode version received was: '%s', Encode version supported is: '%s'", str, "E1"));
        }
        byte[] decode = Base64.decode(str.substring(charAt + 1), 0);
        String str2 = new String(decode, 0, 4, "UTF_8");
        ab.a("StorageHelper", "Encrypt version:" + str2);
        SecretKey d2 = d(str2);
        SecretKey a2 = a(d2);
        int length = (decode.length - 16) - 32;
        int length2 = decode.length - 32;
        int i = length - 4;
        if (length < 0 || length2 < 0 || i < 0) {
            throw new IOException("Invalid byte array input for decryption.");
        }
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(a2);
        mac.update(decode, 0, length2);
        a(decode, length2, decode.length, mac.doFinal());
        cipher.init(2, d2, new IvParameterSpec(decode, length, 16));
        String str3 = new String(cipher.doFinal(decode, 4, i), "UTF_8");
        ab.a("StorageHelper", "Finished decryption");
        return str3;
    }
}
