package com.microsoft.identity.internal.device;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.microsoft.identity.internal.EccKeyFactory;
import com.microsoft.identity.internal.EccKeyResponse;
import com.microsoft.identity.internal.StatusInternal;
import com.microsoft.identity.internal.TempError;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.util.Date;
import java.util.HashMap;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: classes4.dex */
public class NoKeyStoreEccKeyFactoryImpl extends EccKeyFactory {
    static final int CIPHER_BLOCK_SIZE = 16;
    static final String CIPHER_TRANSFORM = "AES/CBC/PKCS7Padding";
    static final String CREATION_DATE_KEY = "CreationDate";
    static final String DEVICE_KEYSTORE = "com.microsoft.identity.msa.device.keystore";
    static final String ENCRYPTION_KEY_ID = "com.microsoft.identity.msa.device.keystore.key";
    static final int ENCRYPTION_KEY_SIZE = 256;
    static final String KEY_KEY = "Key";
    final Context mApplicationContext;
    private SecretKey mEncryptionKey;
    final Provider mProvider;

    public NoKeyStoreEccKeyFactoryImpl(Context context, Provider provider) {
        this.mApplicationContext = context;
        this.mProvider = provider;
    }

    private void generateEncryptionKey() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder(ENCRYPTION_KEY_ID, 3).setKeySize(256).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setUserAuthenticationRequired(false).build());
        this.mEncryptionKey = keyGenerator.generateKey();
    }

    private void initializeEncryptionKey() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, KeyStoreException, CertificateException, IOException, UnrecoverableKeyException {
        if (this.mEncryptionKey == null) {
            synchronized (this) {
                try {
                    if (this.mEncryptionKey == null) {
                        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                        keyStore.load(null);
                        if (keyStore.containsAlias(ENCRYPTION_KEY_ID)) {
                            if (!(keyStore.getKey(ENCRYPTION_KEY_ID, null) instanceof SecretKey)) {
                                keyStore.deleteEntry(ENCRYPTION_KEY_ID);
                                generateEncryptionKey();
                            }
                            this.mEncryptionKey = (SecretKey) keyStore.getKey(ENCRYPTION_KEY_ID, null);
                        } else {
                            generateEncryptionKey();
                        }
                    }
                } finally {
                }
            }
        }
    }

    @Override // com.microsoft.identity.internal.EccKeyFactory
    public TempError deleteEccKey(String str) {
        if (str.isEmpty()) {
            return ErrorUtils.createError(507822214, StatusInternal.UNEXPECTED, "Key id is empty.", null);
        }
        this.mApplicationContext.getSharedPreferences(DEVICE_KEYSTORE, 0).edit().remove(str).commit();
        return null;
    }

    public HashMap<String, Serializable> deserializeEccKey(String str) throws InvalidAlgorithmParameterException, UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, ClassNotFoundException {
        initializeEncryptionKey();
        byte[] decode = Base64.decode(str, 0);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(decode, 0, 16);
        Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORM);
        cipher.init(2, this.mEncryptionKey, ivParameterSpec);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(cipher.doFinal(decode, 16, decode.length - 16));
        try {
            ObjectInputStream objectInputStream = new ObjectInputStream(byteArrayInputStream);
            try {
                Object readObject = objectInputStream.readObject();
                if (readObject instanceof HashMap) {
                    HashMap<String, Serializable> hashMap = new HashMap<>();
                    HashMap hashMap2 = (HashMap) readObject;
                    Object obj = hashMap2.get(KEY_KEY);
                    if (obj instanceof KeyPair) {
                        hashMap.put(KEY_KEY, (KeyPair) obj);
                        Object obj2 = hashMap2.get(CREATION_DATE_KEY);
                        if (obj2 instanceof Date) {
                            hashMap.put(CREATION_DATE_KEY, (Date) obj2);
                            objectInputStream.close();
                            byteArrayInputStream.close();
                            return hashMap;
                        }
                    }
                }
                objectInputStream.close();
                byteArrayInputStream.close();
                return null;
            } catch (Throwable th2) {
                try {
                    objectInputStream.close();
                } catch (Throwable th3) {
                    th2.addSuppressed(th3);
                }
                throw th2;
            }
        } catch (Throwable th4) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th5) {
                th4.addSuppressed(th5);
            }
            throw th4;
        }
    }

    public EccKeyResponse fail(int i10, StatusInternal statusInternal, String str, Throwable th2) {
        return new EccKeyResponse(null, ErrorUtils.createError(i10, statusInternal, str, th2));
    }

    @Override // com.microsoft.identity.internal.EccKeyFactory
    public EccKeyResponse generateEccKey(String str, boolean z3) {
        if (str.isEmpty()) {
            return fail(507822172, StatusInternal.UNEXPECTED, "Key id is empty.", null);
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", this.mProvider);
            keyPairGenerator.initialize(new ECGenParameterSpec("prime256v1"));
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            if (generateKeyPair == null) {
                return fail(507822171, StatusInternal.UNEXPECTED, "Failed to generate device keys.", null);
            }
            try {
                storeEccKey(str, generateKeyPair);
                return new EccKeyResponse(new EccKeyImpl(str, generateKeyPair, this.mProvider, new Date()), null);
            } catch (IOException e8) {
                e = e8;
                return fail(507822167, StatusInternal.UNEXPECTED, "Failed to serialize encrypted device key value.", e);
            } catch (IllegalStateException e10) {
                return fail(507377747, StatusInternal.API_CONTRACT_VIOLATION, "Unsupported environment state", e10);
            } catch (InvalidAlgorithmParameterException e11) {
                e = e11;
                return fail(507822168, StatusInternal.UNEXPECTED, "We must be running with an unsupported API level.", e);
            } catch (InvalidKeyException e12) {
                return fail(507822165, StatusInternal.UNEXPECTED, "Failed to encrypt device key.", e12);
            } catch (KeyStoreException e13) {
                e = e13;
                return fail(507822166, StatusInternal.UNEXPECTED, "Failed to load the encryption key.", e);
            } catch (NoSuchAlgorithmException e14) {
                e = e14;
                return fail(507822168, StatusInternal.UNEXPECTED, "We must be running with an unsupported API level.", e);
            } catch (NoSuchProviderException e15) {
                e = e15;
                return fail(507822168, StatusInternal.UNEXPECTED, "We must be running with an unsupported API level.", e);
            } catch (UnrecoverableKeyException e16) {
                e = e16;
                return fail(507822166, StatusInternal.UNEXPECTED, "Failed to load the encryption key.", e);
            } catch (CertificateException e17) {
                e = e17;
                return fail(507822166, StatusInternal.UNEXPECTED, "Failed to load the encryption key.", e);
            } catch (BadPaddingException e18) {
                e = e18;
                return fail(507822167, StatusInternal.UNEXPECTED, "Failed to serialize encrypted device key value.", e);
            } catch (IllegalBlockSizeException e19) {
                e = e19;
                return fail(507822167, StatusInternal.UNEXPECTED, "Failed to serialize encrypted device key value.", e);
            } catch (NoSuchPaddingException e20) {
                e = e20;
                return fail(507822168, StatusInternal.UNEXPECTED, "We must be running with an unsupported API level.", e);
            } catch (Throwable unused) {
                return fail(507377746, StatusInternal.UNEXPECTED, "Unexpected exception caught", null);
            }
        } catch (InvalidAlgorithmParameterException e21) {
            return fail(507822169, StatusInternal.UNEXPECTED, "Failed to initialize the key generator.", e21);
        } catch (NoSuchAlgorithmException e22) {
            return fail(507822170, StatusInternal.UNEXPECTED, this.mProvider.getName() + " does not implement EC algorithm", e22);
        }
    }

    @Override // com.microsoft.identity.internal.EccKeyFactory
    public EccKeyResponse loadEccKey(String str) {
        if (str.isEmpty()) {
            return fail(507822163, StatusInternal.UNEXPECTED, "Key id is empty.", null);
        }
        String string = this.mApplicationContext.getSharedPreferences(DEVICE_KEYSTORE, 0).getString(str, "");
        if (string.isEmpty()) {
            return new EccKeyResponse(null, null);
        }
        try {
            HashMap<String, Serializable> deserializeEccKey = deserializeEccKey(string);
            return deserializeEccKey == null ? fail(507822162, StatusInternal.UNEXPECTED, "Failed to deserialize the key with id ".concat(str), null) : new EccKeyResponse(new EccKeyImpl(str, (KeyPair) deserializeEccKey.get(KEY_KEY), this.mProvider, (Date) deserializeEccKey.get(CREATION_DATE_KEY)), null);
        } catch (IOException e8) {
            e = e8;
            return fail(507822158, StatusInternal.UNEXPECTED, "Failed to deserialize encrypted device key value.", e);
        } catch (ClassNotFoundException e10) {
            e = e10;
            return fail(507822158, StatusInternal.UNEXPECTED, "Failed to deserialize encrypted device key value.", e);
        } catch (InvalidAlgorithmParameterException e11) {
            e = e11;
            return fail(507822161, StatusInternal.UNEXPECTED, "We must be running with an unsupported API level.", e);
        } catch (InvalidKeyException e12) {
            return fail(507822159, StatusInternal.UNEXPECTED, "Failed to decrypt device key.", e12);
        } catch (KeyStoreException e13) {
            e = e13;
            return fail(507822160, StatusInternal.UNEXPECTED, "Failed to load the encryption key.", e);
        } catch (NoSuchAlgorithmException e14) {
            e = e14;
            return fail(507822161, StatusInternal.UNEXPECTED, "We must be running with an unsupported API level.", e);
        } catch (NoSuchProviderException e15) {
            e = e15;
            return fail(507822161, StatusInternal.UNEXPECTED, "We must be running with an unsupported API level.", e);
        } catch (UnrecoverableKeyException e16) {
            e = e16;
            return fail(507822160, StatusInternal.UNEXPECTED, "Failed to load the encryption key.", e);
        } catch (CertificateException e17) {
            e = e17;
            return fail(507822160, StatusInternal.UNEXPECTED, "Failed to load the encryption key.", e);
        } catch (BadPaddingException e18) {
            e = e18;
            return fail(507822158, StatusInternal.UNEXPECTED, "Failed to deserialize encrypted device key value.", e);
        } catch (IllegalBlockSizeException e19) {
            e = e19;
            return fail(507822158, StatusInternal.UNEXPECTED, "Failed to deserialize encrypted device key value.", e);
        } catch (NoSuchPaddingException e20) {
            e = e20;
            return fail(507822161, StatusInternal.UNEXPECTED, "We must be running with an unsupported API level.", e);
        }
    }

    public void storeEccKey(String str, KeyPair keyPair) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, IOException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnrecoverableKeyException, CertificateException, KeyStoreException, InvalidParameterSpecException {
        initializeEncryptionKey();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
            try {
                HashMap hashMap = new HashMap();
                hashMap.put(KEY_KEY, keyPair);
                hashMap.put(CREATION_DATE_KEY, new Date());
                objectOutputStream.writeObject(hashMap);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                objectOutputStream.close();
                byteArrayOutputStream.close();
                Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORM);
                cipher.init(1, this.mEncryptionKey);
                byte[] doFinal = cipher.doFinal(byteArray);
                byte[] iv = cipher.getIV();
                byte[] bArr = new byte[iv.length + doFinal.length];
                System.arraycopy(iv, 0, bArr, 0, iv.length);
                System.arraycopy(doFinal, 0, bArr, 16, doFinal.length);
                this.mApplicationContext.getSharedPreferences(DEVICE_KEYSTORE, 0).edit().putString(str, Base64.encodeToString(bArr, 2)).commit();
            } finally {
            }
        } catch (Throwable th2) {
            try {
                byteArrayOutputStream.close();
            } catch (Throwable th3) {
                th2.addSuppressed(th3);
            }
            throw th2;
        }
    }
}
