package com.vk.superapp.j.c;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.WorkerThread;
import com.vk.superapp.core.preference.error.SuperappEncryptionException;
import com.vk.superapp.core.utils.WebLogger;
import com.vk.superapp.j.c.g;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Calendar;
import java.util.Date;
import java.util.UUID;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.TypeCastException;
import kotlin.jvm.internal.m;
import kotlin.text.t;

/* compiled from: SuperappEncryption.kt */
/* loaded from: classes5.dex */
public final class b implements g {

    /* renamed from: a, reason: collision with root package name */
    private final ReentrantReadWriteLock f45443a = new ReentrantReadWriteLock();

    /* renamed from: b, reason: collision with root package name */
    private final CountDownLatch f45444b = new CountDownLatch(1);

    /* renamed from: c, reason: collision with root package name */
    private final Context f45445c;

    /* renamed from: d, reason: collision with root package name */
    private final Date f45446d;

    /* renamed from: e, reason: collision with root package name */
    private final Date f45447e;

    /* renamed from: f, reason: collision with root package name */
    private volatile boolean f45448f;

    /* renamed from: g, reason: collision with root package name */
    private KeyStore f45449g;
    private Cipher h;
    private final h i;
    private final boolean j;

    /* compiled from: SuperappEncryption.kt */
    /* loaded from: classes5.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(kotlin.jvm.internal.i iVar) {
            this();
        }
    }

    static {
        new a(null);
    }

    public b(Context context, h hVar, boolean z) {
        this.i = hVar;
        this.j = z;
        this.f45445c = context.getApplicationContext();
        Calendar calendar = Calendar.getInstance();
        m.a((Object) calendar, "calendar");
        Date time = calendar.getTime();
        m.a((Object) time, "calendar.time");
        this.f45446d = time;
        calendar.add(1, 30);
        Date time2 = calendar.getTime();
        m.a((Object) time2, "calendar.time");
        this.f45447e = time2;
    }

    private final g.a a(byte[] bArr, byte[] bArr2) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
            Cipher cipher = this.h;
            if (cipher == null) {
                m.c("aesCipher");
                throw null;
            }
            cipher.init(1, secretKeySpec);
            Cipher cipher2 = this.h;
            if (cipher2 == null) {
                m.c("aesCipher");
                throw null;
            }
            byte[] doFinal = cipher2.doFinal(bArr2);
            m.a((Object) doFinal, "encrypted");
            Cipher cipher3 = this.h;
            if (cipher3 == null) {
                m.c("aesCipher");
                throw null;
            }
            byte[] iv = cipher3.getIV();
            m.a((Object) iv, "aesCipher.iv");
            return new g.a(doFinal, iv);
        } catch (Exception e2) {
            throw new SuperappEncryptionException("Failed to encrypt with raw aes key", e2);
        }
    }

    private final byte[] a(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding");
            KeyStore keyStore = this.f45449g;
            if (keyStore == null) {
                m.c("keyStore");
                throw null;
            }
            cipher.init(2, keyStore.getKey("ALIAS_MASTER_KEY", null));
            byte[] doFinal = cipher.doFinal(bArr);
            m.a((Object) doFinal, "cipher.doFinal(data)");
            return doFinal;
        } catch (Exception e2) {
            throw new SuperappEncryptionException("Failed to decrypt with master key", e2);
        }
    }

    private final byte[] a(byte[] bArr, g.a aVar) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
            Cipher cipher = this.h;
            if (cipher == null) {
                m.c("aesCipher");
                throw null;
            }
            cipher.init(2, secretKeySpec, new IvParameterSpec(aVar.b()));
            Cipher cipher2 = this.h;
            if (cipher2 == null) {
                m.c("aesCipher");
                throw null;
            }
            byte[] doFinal = cipher2.doFinal(aVar.a());
            m.a((Object) doFinal, "aesCipher.doFinal(data.data)");
            return doFinal;
        } catch (Exception e2) {
            throw new SuperappEncryptionException("Failed to decrypt with aes key", e2);
        }
    }

    private final void b() {
        if (!this.f45448f) {
            if (this.j) {
                throw new SuperappEncryptionException("Manager is not initialized");
            }
            h();
        }
        if (!g()) {
            throw new SuperappEncryptionException("Cannot perform operations without master key");
        }
    }

    private final byte[] b(String str) {
        String a2;
        byte[] b2;
        String uuid = UUID.randomUUID().toString();
        m.a((Object) uuid, "UUID.randomUUID().toString()");
        if (uuid == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        String lowerCase = uuid.toLowerCase();
        m.a((Object) lowerCase, "(this as java.lang.String).toLowerCase()");
        a2 = t.a(lowerCase, "-", "", false, 4, (Object) null);
        if (a2 == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        char[] charArray = a2.toCharArray();
        m.a((Object) charArray, "(this as java.lang.String).toCharArray()");
        UUID randomUUID = UUID.randomUUID();
        m.a((Object) randomUUID, "UUID.randomUUID()");
        b2 = f.b(randomUUID);
        try {
            SecretKey generateSecret = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(charArray, b2, 10000, 256));
            m.a((Object) generateSecret, "skf.generateSecret(spec)");
            byte[] encoded = generateSecret.getEncoded();
            m.a((Object) encoded, "generatedKey");
            this.i.a(str, b(encoded));
            com.vk.superapp.j.c.a.a(encoded);
            return encoded;
        } catch (Exception e2) {
            throw new SuperappEncryptionException("Failed to generate key", e2);
        }
    }

    private final byte[] b(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding");
            KeyStore keyStore = this.f45449g;
            if (keyStore == null) {
                m.c("keyStore");
                throw null;
            }
            Certificate certificate = keyStore.getCertificate("ALIAS_MASTER_KEY");
            m.a((Object) certificate, "keyStore.getCertificate(MASTER_KEY_ALIAS)");
            cipher.init(1, certificate.getPublicKey());
            byte[] doFinal = cipher.doFinal(bArr);
            m.a((Object) doFinal, "cipher.doFinal(data)");
            return doFinal;
        } catch (Exception e2) {
            throw new SuperappEncryptionException("Failed to encrypt with master key", e2);
        }
    }

    private final void c() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(d());
            keyPairGenerator.generateKeyPair();
        } catch (Exception e2) {
            throw new SuperappEncryptionException("Failed to generate master key", e2);
        }
    }

    private final byte[] c(String str) {
        byte[] a2 = this.i.a(str);
        if (a2 == null) {
            return null;
        }
        byte[] a3 = a(a2);
        com.vk.superapp.j.c.a.a(a3);
        return a3;
    }

    private final AlgorithmParameterSpec d() {
        return Build.VERSION.SDK_INT >= 23 ? e() : f();
    }

    @TargetApi(23)
    private final AlgorithmParameterSpec e() {
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("ALIAS_MASTER_KEY", 3).setKeySize(2048).setEncryptionPaddings("PKCS1Padding").setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4)).setKeyValidityStart(this.f45446d).setKeyValidityEnd(this.f45447e).setCertificateSubject(new X500Principal("CN=ALIAS_MASTER_KEY")).setCertificateSerialNumber(BigInteger.valueOf(Math.abs(1301899345))).build();
        m.a((Object) build, "KeyGenParameterSpec.Buil…()))\n            .build()");
        return build;
    }

    private final AlgorithmParameterSpec f() {
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.f45445c).setAlias("ALIAS_MASTER_KEY").setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4)).setKeySize(2048).setSubject(new X500Principal("CN=ALIAS_MASTER_KEY")).setSerialNumber(BigInteger.valueOf(Math.abs(1301899345))).setStartDate(this.f45446d).setEndDate(this.f45447e).build();
        m.a((Object) build, "KeyPairGeneratorSpec.Bui…ate)\n            .build()");
        return build;
    }

    private final boolean g() {
        try {
            KeyStore keyStore = this.f45449g;
            if (keyStore != null) {
                return keyStore.getKey("ALIAS_MASTER_KEY", null) != null;
            }
            m.c("keyStore");
            throw null;
        } catch (Exception unused) {
            return false;
        }
    }

    private final void h() {
        try {
            this.f45444b.await();
        } catch (Exception e2) {
            throw new SuperappEncryptionException("Manager is not initialized", e2);
        }
    }

    @Override // com.vk.superapp.j.c.g
    public g.a a(String str, byte[] bArr) {
        ReentrantReadWriteLock.ReadLock readLock = this.f45443a.readLock();
        readLock.lock();
        try {
            b();
            kotlin.m mVar = kotlin.m.f48354a;
            readLock.unlock();
            byte[] c2 = c(str);
            if (c2 == null) {
                c2 = b(str);
            }
            return a(c2, bArr);
        } catch (Throwable th) {
            readLock.unlock();
            throw th;
        }
    }

    @WorkerThread
    public final void a() throws SuperappEncryptionException {
        KeyStore keyStore;
        ReentrantReadWriteLock reentrantReadWriteLock = this.f45443a;
        ReentrantReadWriteLock.ReadLock readLock = reentrantReadWriteLock.readLock();
        int i = 0;
        int readHoldCount = reentrantReadWriteLock.getWriteHoldCount() == 0 ? reentrantReadWriteLock.getReadHoldCount() : 0;
        for (int i2 = 0; i2 < readHoldCount; i2++) {
            readLock.unlock();
        }
        ReentrantReadWriteLock.WriteLock writeLock = reentrantReadWriteLock.writeLock();
        writeLock.lock();
        try {
            if (this.f45448f) {
                return;
            }
            try {
                keyStore = KeyStore.getInstance("AndroidKeyStore");
                m.a((Object) keyStore, "KeyStore.getInstance(\"AndroidKeyStore\")");
                this.f45449g = keyStore;
            } catch (Exception e2) {
                WebLogger.f45228b.a(new SuperappEncryptionException("Failed to run init", e2));
            }
            if (keyStore == null) {
                m.c("keyStore");
                throw null;
            }
            keyStore.load(null);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            m.a((Object) cipher, "Cipher.getInstance(AES_CIPHER_SUIT)");
            this.h = cipher;
            if (!g()) {
                c();
            }
            this.f45448f = true;
            this.f45444b.countDown();
            kotlin.m mVar = kotlin.m.f48354a;
            while (i < readHoldCount) {
                readLock.lock();
                i++;
            }
            writeLock.unlock();
        } finally {
            while (i < readHoldCount) {
                readLock.lock();
                i++;
            }
            writeLock.unlock();
        }
    }

    @Override // com.vk.superapp.j.c.g
    public void a(String str) {
        this.i.a(str, null);
    }

    @Override // com.vk.superapp.j.c.g
    public byte[] a(String str, g.a aVar) {
        ReentrantReadWriteLock.ReadLock readLock = this.f45443a.readLock();
        readLock.lock();
        try {
            b();
            kotlin.m mVar = kotlin.m.f48354a;
            readLock.unlock();
            byte[] c2 = c(str);
            if (c2 != null) {
                return a(c2, aVar);
            }
            throw new SuperappEncryptionException("No key with alias " + str);
        } catch (Throwable th) {
            readLock.unlock();
            throw th;
        }
    }
}
