package a2;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import d2.r;
import d2.z;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.HashSet;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.security.auth.x500.X500Principal;
import l1.m0;
import org.objectweb.asm.Opcodes;
import z1.f0;

/* loaded from: classes.dex */
public final class f implements d {

    /* renamed from: d, reason: collision with root package name */
    public static f f671d;

    /* renamed from: a, reason: collision with root package name */
    public final b f672a;

    /* renamed from: b, reason: collision with root package name */
    public final KeyStore f673b;

    /* renamed from: c, reason: collision with root package name */
    public final z f674c;

    public f(Context context) {
        byte[] c4;
        f0 f0Var = new f0("LocalDataStorageEncryptor:InitiatingLocalDataStorageEncryptor");
        try {
            try {
                z k5 = z.k(context, "LOCAL_DS_ENCRYPTION_KEY_NAMESPACE");
                this.f674c = k5;
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                this.f673b = keyStore;
                String str = null;
                keyStore.load(null);
                f0Var.f("generateRSAKeyIfNotExists");
                if (keyStore.containsAlias("IDENTITY_MAP_KEYSTORE_ALIAS")) {
                    m0.c0("LocalDataStorageEncryptor", "RSA keypair exists, fast return.");
                    f0Var.f("RSAKeyPairGenerated");
                } else {
                    m0.c0("LocalDataStorageEncryptor", "Generating RSA keypair");
                    if (!TextUtils.isEmpty(k5.d("AES_ENCRYPTION_KEY"))) {
                        m0.c0("LocalDataStorageEncryptor", "AES key generated, deleting it and clearing db before generating new RSA keys");
                        k5.j();
                        context.deleteDatabase("map_data_storage.db");
                        HashSet hashSet = r.f7379f;
                        new z(context, "distributed.datastore.info.store").c("distributed.datastore.init.key", Boolean.FALSE);
                        f0Var.f("DeleteExistAESKeyRegenerateRSAKey");
                    }
                    KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("IDENTITY_MAP_KEYSTORE_ALIAS", 3).setCertificateSubject(new X500Principal("CN=IDENTITY_MAP_KEYSTORE_ALIAS")).setCertificateSerialNumber(BigInteger.TEN).setKeySize(Opcodes.ACC_STRICT).setEncryptionPaddings("PKCS1Padding").build();
                    try {
                        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                        keyPairGenerator.initialize(build);
                        keyPairGenerator.generateKeyPair();
                        f0Var.f("RSAKeyPairGeneration:Success");
                    } catch (Exception unused) {
                        f0Var.f("RSAKeyPairGeneration:Retry");
                        m0.z0("LocalDataStorageEncryptor", "Generating RSA key pair failed, retry once");
                        KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                        keyPairGenerator2.initialize(build);
                        keyPairGenerator2.generateKeyPair();
                        f0Var.f("RSAKeyPairGeneration:Retry:Success");
                    }
                    com.amazon.identity.auth.device.a.i("RSAKeyPairGeneration:Success:Overall");
                }
                String d5 = this.f674c.d("AES_ENCRYPTION_KEY");
                if (TextUtils.isEmpty(d5)) {
                    m0.c0("LocalDataStorageEncryptor", "Generating AES encryption key");
                    c4 = b.c();
                    m0.c0("LocalDataStorageEncryptor", "Encrypting AES Key");
                    PublicKey publicKey = this.f673b.getCertificate("IDENTITY_MAP_KEYSTORE_ALIAS").getPublicKey();
                    try {
                        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                        cipher.init(1, publicKey);
                        byte[] doFinal = cipher.doFinal(c4);
                        if (doFinal != null) {
                            str = Base64.encodeToString(doFinal, 2);
                        }
                        this.f674c.a("AES_ENCRYPTION_KEY", str);
                        f0Var.f("AESKeyGeneration:Success");
                    } catch (Exception e10) {
                        m0.P("LocalDataStorageEncryptor", "Unable to create RSA cipher, this seems to be a system bug.", e10);
                        throw new IllegalStateException("Unable to create RSA cipher.");
                    }
                } else {
                    m0.c0("LocalDataStorageEncryptor", "AES key generated, decrypting");
                    m0.c0("LocalDataStorageEncryptor", "Decrypting existed AES Key");
                    PrivateKey privateKey = (PrivateKey) this.f673b.getKey("IDENTITY_MAP_KEYSTORE_ALIAS", null);
                    try {
                        Cipher cipher2 = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                        cipher2.init(2, privateKey);
                        c4 = cipher2.doFinal(d5 != null ? Base64.decode(d5, 2) : null);
                    } catch (Exception e11) {
                        m0.P("LocalDataStorageEncryptor", "Unable to create RSA cipher, this seems to be a system bug.", e11);
                        throw new IllegalStateException("Unable to create RSA cipher.");
                    }
                }
                this.f672a = new b(c4);
                f0Var.g(true);
                com.amazon.identity.auth.device.a.i("LocalDataStorageEncryptor:Initiation:Success");
                f0Var.h();
            } catch (Throwable th) {
                f0Var.h();
                throw th;
            }
        } catch (Exception e12) {
            f0Var.f("CreateFail:".concat(e12.getClass().getSimpleName()));
            f0Var.g(false);
            com.amazon.identity.auth.device.a.i("LocalDataStorageEncryptor:Initiation:Failed:".concat(e12.getClass().getSimpleName()));
            throw e12;
        }
    }

    public static synchronized f a(Context context) {
        f fVar;
        synchronized (f.class) {
            if (f671d == null) {
                m0.c0("LocalDataStorageEncryptor", "Generating LocalDataStorageEncryptor instance");
                f671d = new f(context);
                m0.c0("LocalDataStorageEncryptor", "Finish generating LocalDataStorageEncryptor instance");
            }
            fVar = f671d;
        }
        return fVar;
    }

    /* JADX WARN: Removed duplicated region for block: B:17:0x0065  */
    @Override // a2.d
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.lang.String b(java.lang.String r10) {
        /*
            r9 = this;
            java.lang.String r0 = "a2.b"
            r1 = 0
            if (r10 != 0) goto L6
            return r1
        L6:
            java.lang.String r2 = "Data to be encrypted "
            r2.concat(r10)
            java.lang.String r2 = "LocalDataStorageEncryptor"
            l1.m0.N(r2)
            byte[] r10 = y8.u0.r(r10)
            a2.b r3 = r9.f672a
            r3.getClass()
            if (r10 == 0) goto L92
            java.lang.String r4 = "SHA-384"
            java.security.MessageDigest r4 = java.security.MessageDigest.getInstance(r4)     // Catch: java.security.NoSuchAlgorithmException -> L81
            byte[] r4 = r4.digest(r10)     // Catch: java.security.NoSuchAlgorithmException -> L81
            r5 = 12
            r6 = 0
            byte[] r4 = java.util.Arrays.copyOfRange(r4, r6, r5)     // Catch: java.security.NoSuchAlgorithmException -> L81
            javax.crypto.spec.GCMParameterSpec r5 = new javax.crypto.spec.GCMParameterSpec
            r7 = 128(0x80, float:1.8E-43)
            r5.<init>(r7, r4)
            r7 = 1
            java.lang.String r8 = "AES/GCM/NoPadding"
            javax.crypto.Cipher r3 = r3.b(r7, r8, r5)
            int r5 = r10.length     // Catch: javax.crypto.BadPaddingException -> L56
            byte[] r10 = a2.b.d(r3, r10, r6, r5)     // Catch: javax.crypto.BadPaddingException -> L56
            int r3 = r4.length     // Catch: java.lang.Exception -> L4e
            int r5 = r10.length     // Catch: java.lang.Exception -> L4e
            int r3 = r3 + r5
            byte[] r3 = new byte[r3]     // Catch: java.lang.Exception -> L4e
            int r5 = r4.length     // Catch: java.lang.Exception -> L4e
            java.lang.System.arraycopy(r4, r6, r3, r6, r5)     // Catch: java.lang.Exception -> L4e
            int r4 = r4.length     // Catch: java.lang.Exception -> L4e
            int r5 = r10.length     // Catch: java.lang.Exception -> L4e
            java.lang.System.arraycopy(r10, r6, r3, r4, r5)     // Catch: java.lang.Exception -> L4e
            goto L62
        L4e:
            r10 = move-exception
            java.lang.String r3 = "Exception happened during concatenating the initialization vectors and the cipher text"
            l1.m0.P(r0, r3, r10)
        L54:
            r3 = r1
            goto L62
        L56:
            r10 = move-exception
            java.lang.String r3 = "BadPaddingException in encryption, should never happen."
            l1.m0.P(r0, r3, r10)
            java.lang.String r10 = "AESCipher:BadPadding:GCMMode"
            com.amazon.identity.auth.device.a.i(r10)
            goto L54
        L62:
            if (r3 != 0) goto L65
            goto L6a
        L65:
            r10 = 2
            java.lang.String r1 = android.util.Base64.encodeToString(r3, r10)
        L6a:
            java.lang.String r10 = java.lang.String.valueOf(r1)
            java.lang.String r0 = "Data after encryption is "
            r0.concat(r10)
            l1.m0.N(r2)
            java.lang.String r10 = java.lang.String.valueOf(r1)
            java.lang.String r0 = "AES-GCM+"
            java.lang.String r10 = r0.concat(r10)
            return r10
        L81:
            r10 = move-exception
            java.lang.String r1 = "AESCipher:NoSHA-384"
            com.amazon.identity.auth.device.a.i(r1)
            java.lang.String r1 = "Couldn't find SHA-384 digest, which shouldn't happen!"
            l1.m0.P(r0, r1, r10)
            java.lang.UnsupportedOperationException r10 = new java.lang.UnsupportedOperationException
            r10.<init>(r1)
            throw r10
        L92:
            java.lang.IllegalArgumentException r10 = new java.lang.IllegalArgumentException
            java.lang.String r0 = "dataToEncrypt is null"
            r10.<init>(r0)
            throw r10
        */
        throw new UnsupportedOperationException("Method not decompiled: a2.f.b(java.lang.String):java.lang.String");
    }

    @Override // a2.d
    public final String c(String str) {
        String str2;
        if (str == null) {
            return null;
        }
        "Decrypting data ".concat(str);
        m0.N("LocalDataStorageEncryptor");
        if (!str.startsWith("AES-GCM+")) {
            return str;
        }
        try {
            b bVar = this.f672a;
            String substring = str.substring(8);
            byte[] decode = substring == null ? null : Base64.decode(substring, 2);
            bVar.getClass();
            if (decode == null) {
                throw new IllegalArgumentException("dataToDecrypt is null in GCMMode");
            }
            byte[] d5 = b.d(bVar.b(2, "AES/GCM/NoPadding", new GCMParameterSpec(128, decode, 0, 12)), decode, 12, decode.length - 12);
            if (d5 != null) {
                try {
                    str2 = new String(d5, "UTF-8");
                } catch (UnsupportedEncodingException e10) {
                    m0.P("StringUtil", "System failure! UTF-8 unsupported from byte to String! This shouldn't happen!", e10);
                }
                "Data after decryption is ".concat(String.valueOf(str2));
                m0.N("LocalDataStorageEncryptor");
                return str2;
            }
            str2 = null;
            "Data after decryption is ".concat(String.valueOf(str2));
            m0.N("LocalDataStorageEncryptor");
            return str2;
        } catch (BadPaddingException unused) {
            m0.O("LocalDataStorageEncryptor", "Bad padding shouldn't happen, just return null.");
            com.amazon.identity.auth.device.a.i("LocalDataStorageEncryptor:decryptData:BadPadding");
            return null;
        }
    }
}
