package com.vk.core.preference.crypto;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.WorkerThread;
import com.vk.core.preference.crypto.AesEncryptionManager;
import com.vk.log.L;
import f.v.h0.k0.b.e;
import f.v.h0.k0.b.f;
import f.v.h0.k0.b.g;
import f.v.h0.k0.b.h;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Calendar;
import java.util.Date;
import java.util.Objects;
import java.util.UUID;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import l.k;
import l.q.b.l;
import l.q.c.j;
import l.q.c.o;
import l.x.s;

/* compiled from: EncryptionManager.kt */
/* loaded from: classes3.dex */
public final class AesEncryptionManager implements e {

    /* renamed from: a, reason: collision with root package name */
    public static final a f12986a = new a(null);

    /* renamed from: b, reason: collision with root package name */
    public final h f12987b;

    /* renamed from: c, reason: collision with root package name */
    public final ReentrantReadWriteLock f12988c;

    /* renamed from: d, reason: collision with root package name */
    public final Context f12989d;

    /* renamed from: e, reason: collision with root package name */
    public final Date f12990e;

    /* renamed from: f, reason: collision with root package name */
    public final Date f12991f;

    /* renamed from: g, reason: collision with root package name */
    public CountDownLatch f12992g;

    /* renamed from: h, reason: collision with root package name */
    public KeyStore f12993h;

    /* renamed from: i, reason: collision with root package name */
    public Cipher f12994i;

    /* renamed from: j, reason: collision with root package name */
    public final ReentrantLock f12995j;

    /* compiled from: EncryptionManager.kt */
    /* loaded from: classes3.dex */
    public static final class a {
        public a() {
        }

        public /* synthetic */ a(j jVar) {
            this();
        }
    }

    public AesEncryptionManager(Context context, Executor executor, final l<? super Exception, k> lVar, h hVar, final l.q.b.a<k> aVar) {
        o.h(context, "context");
        o.h(executor, "initExecutor");
        o.h(lVar, "exceptionHandler");
        o.h(hVar, "keyStorage");
        o.h(aVar, "masterKeyCreationCallback");
        this.f12987b = hVar;
        this.f12988c = new ReentrantReadWriteLock();
        this.f12989d = context.getApplicationContext();
        this.f12992g = new CountDownLatch(1);
        this.f12995j = new ReentrantLock();
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        o.g(time, "calendar.time");
        this.f12990e = time;
        calendar.add(1, 30);
        Date time2 = calendar.getTime();
        o.g(time2, "calendar.time");
        this.f12991f = time2;
        executor.execute(new Runnable() { // from class: f.v.h0.k0.b.a
            @Override // java.lang.Runnable
            public final void run() {
                AesEncryptionManager.e(AesEncryptionManager.this, lVar, aVar);
            }
        });
    }

    public /* synthetic */ AesEncryptionManager(Context context, Executor executor, l lVar, h hVar, l.q.b.a aVar, int i2, j jVar) {
        this(context, executor, lVar, hVar, (i2 & 16) != 0 ? new l.q.b.a<k>() { // from class: com.vk.core.preference.crypto.AesEncryptionManager.1
            @Override // l.q.b.a
            public /* bridge */ /* synthetic */ k invoke() {
                invoke2();
                return k.f105087a;
            }

            /* renamed from: invoke, reason: avoid collision after fix types in other method */
            public final void invoke2() {
            }
        } : aVar);
    }

    public static final void e(AesEncryptionManager aesEncryptionManager, l lVar, l.q.b.a aVar) {
        o.h(aesEncryptionManager, "this$0");
        o.h(lVar, "$exceptionHandler");
        o.h(aVar, "$masterKeyCreationCallback");
        aesEncryptionManager.r(lVar, aVar);
    }

    @Override // f.v.h0.k0.b.e
    public void a(String str) {
        o.h(str, "keyAlias");
        this.f12987b.a(str, null);
    }

    @Override // f.v.h0.k0.b.e
    public e.a b(String str, byte[] bArr) {
        o.h(str, "keyAlias");
        o.h(bArr, "data");
        ReentrantReadWriteLock.ReadLock readLock = this.f12988c.readLock();
        readLock.lock();
        try {
            f();
            k kVar = k.f105087a;
            readLock.unlock();
            byte[] p2 = p(str);
            if (p2 == null) {
                p2 = g(str);
            }
            return n(p2, bArr);
        } catch (Throwable th) {
            readLock.unlock();
            throw th;
        }
    }

    @Override // f.v.h0.k0.b.e
    public boolean c(long j2) {
        return this.f12992g.await(j2, TimeUnit.MILLISECONDS);
    }

    @Override // f.v.h0.k0.b.e
    public byte[] d(String str, e.a aVar) {
        o.h(str, "keyAlias");
        o.h(aVar, "data");
        ReentrantReadWriteLock.ReadLock readLock = this.f12988c.readLock();
        readLock.lock();
        try {
            f();
            k kVar = k.f105087a;
            readLock.unlock();
            byte[] p2 = p(str);
            if (p2 != null) {
                return l(p2, aVar);
            }
            throw new EncryptionException(o.o("No key with alias ", str));
        } catch (Throwable th) {
            readLock.unlock();
            throw th;
        }
    }

    public final void f() {
        if (this.f12992g.getCount() > 0) {
            throw new EncryptionException("Manager is not initialized");
        }
        if (!q()) {
            throw new EncryptionException("Cannot perform operations without master key");
        }
    }

    public final byte[] g(String str) {
        byte[] b2;
        String uuid = UUID.randomUUID().toString();
        o.g(uuid, "randomUUID().toString()");
        String lowerCase = uuid.toLowerCase();
        o.g(lowerCase, "(this as java.lang.String).toLowerCase()");
        String L = s.L(lowerCase, "-", "", false, 4, null);
        Objects.requireNonNull(L, "null cannot be cast to non-null type java.lang.String");
        char[] charArray = L.toCharArray();
        o.g(charArray, "(this as java.lang.String).toCharArray()");
        UUID randomUUID = UUID.randomUUID();
        o.g(randomUUID, "randomUUID()");
        b2 = f.b(randomUUID);
        try {
            byte[] encoded = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(charArray, b2, 10000, 256)).getEncoded();
            o.g(encoded, "generatedKey");
            this.f12987b.a(str, o(encoded));
            return g.a(encoded);
        } catch (Exception e2) {
            throw new EncryptionException("Failed to generate key", e2);
        }
    }

    public final void h() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(i());
            keyPairGenerator.generateKeyPair();
        } catch (Exception e2) {
            throw new EncryptionException("Failed to generate master key", e2);
        }
    }

    public final AlgorithmParameterSpec i() {
        return Build.VERSION.SDK_INT >= 23 ? j() : k();
    }

    @TargetApi(23)
    public final AlgorithmParameterSpec j() {
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("ALIAS_MASTER_KEY", 3).setKeySize(2048).setEncryptionPaddings("PKCS1Padding").setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4)).setCertificateSubject(new X500Principal("CN=ALIAS_MASTER_KEY")).setCertificateSerialNumber(BigInteger.valueOf(Math.abs(1301899345))).build();
        o.g(build, "Builder(MASTER_KEY_ALIAS, KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT)\n            .setKeySize(KEY_SIZE)\n            .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1)\n            .setAlgorithmParameterSpec(RSAKeyGenParameterSpec(KEY_SIZE, RSAKeyGenParameterSpec.F4))\n            // key validity start & end explicitly not set as they caused KeyNotYetValidException @ api 27\n            .setCertificateSubject(X500Principal(\"CN=$MASTER_KEY_ALIAS\"))\n            .setCertificateSerialNumber(BigInteger.valueOf(abs(MASTER_KEY_ALIAS.hashCode()).toLong()))\n            .build()");
        return build;
    }

    public final AlgorithmParameterSpec k() {
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.f12989d).setAlias("ALIAS_MASTER_KEY").setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4)).setKeySize(2048).setSubject(new X500Principal("CN=ALIAS_MASTER_KEY")).setSerialNumber(BigInteger.valueOf(Math.abs(1301899345))).setStartDate(this.f12990e).setEndDate(this.f12991f).build();
        o.g(build, "Builder(appContext)\n            .setAlias(MASTER_KEY_ALIAS)\n            .setAlgorithmParameterSpec(RSAKeyGenParameterSpec(KEY_SIZE, RSAKeyGenParameterSpec.F4))\n            .setKeySize(KEY_SIZE)\n            .setSubject(X500Principal(\"CN=$MASTER_KEY_ALIAS\"))\n            .setSerialNumber(BigInteger.valueOf(abs(MASTER_KEY_ALIAS.hashCode()).toLong()))\n            .setStartDate(masterKeyValidityStartDate)\n            .setEndDate(masterKeyValidityEndDate)\n            .build()");
        return build;
    }

    public final byte[] l(byte[] bArr, e.a aVar) {
        try {
            ReentrantLock reentrantLock = this.f12995j;
            reentrantLock.lock();
            try {
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
                Cipher cipher = this.f12994i;
                if (cipher == null) {
                    o.v("aesCipher");
                    throw null;
                }
                cipher.init(2, secretKeySpec, new IvParameterSpec(aVar.b()));
                Cipher cipher2 = this.f12994i;
                if (cipher2 == null) {
                    o.v("aesCipher");
                    throw null;
                }
                byte[] doFinal = cipher2.doFinal(aVar.a());
                reentrantLock.unlock();
                o.g(doFinal, "{\n            cipherLock.withLock {\n                val keySpec = SecretKeySpec(key.encodedKey, AES_KEY_SPEC)\n                aesCipher.init(Cipher.DECRYPT_MODE, keySpec, IvParameterSpec(data.initVector))\n                aesCipher.doFinal(data.data)\n            }\n        }");
                return doFinal;
            } catch (Throwable th) {
                reentrantLock.unlock();
                throw th;
            }
        } catch (Exception e2) {
            throw new EncryptionException("Failed to decrypt with aes key", e2);
        }
    }

    public final byte[] m(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding");
            KeyStore keyStore = this.f12993h;
            if (keyStore == null) {
                o.v("keyStore");
                throw null;
            }
            cipher.init(2, keyStore.getKey("ALIAS_MASTER_KEY", null));
            byte[] doFinal = cipher.doFinal(bArr);
            o.g(doFinal, "{\n            val cipher = Cipher.getInstance(RSA_KEY_SUIT)\n            val key = keyStore.getKey(MASTER_KEY_ALIAS, null)\n            cipher.init(Cipher.DECRYPT_MODE, key)\n            cipher.doFinal(data)\n        }");
            return doFinal;
        } catch (Exception e2) {
            throw new EncryptionException("Failed to decrypt with master key", e2);
        }
    }

    public final e.a n(byte[] bArr, byte[] bArr2) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
            ReentrantLock reentrantLock = this.f12995j;
            reentrantLock.lock();
            try {
                Cipher cipher = this.f12994i;
                if (cipher == null) {
                    o.v("aesCipher");
                    throw null;
                }
                cipher.init(1, secretKeySpec);
                Cipher cipher2 = this.f12994i;
                if (cipher2 == null) {
                    o.v("aesCipher");
                    throw null;
                }
                byte[] doFinal = cipher2.doFinal(bArr2);
                o.g(doFinal, "encrypted");
                Cipher cipher3 = this.f12994i;
                if (cipher3 == null) {
                    o.v("aesCipher");
                    throw null;
                }
                byte[] iv = cipher3.getIV();
                o.g(iv, "aesCipher.iv");
                return new e.a(doFinal, iv);
            } finally {
                reentrantLock.unlock();
            }
        } catch (Exception e2) {
            throw new EncryptionException("Failed to encrypt with raw aes key", e2);
        }
    }

    public final byte[] o(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding");
            KeyStore keyStore = this.f12993h;
            if (keyStore == null) {
                o.v("keyStore");
                throw null;
            }
            cipher.init(1, keyStore.getCertificate("ALIAS_MASTER_KEY").getPublicKey());
            byte[] doFinal = cipher.doFinal(bArr);
            o.g(doFinal, "{\n            val cipher = Cipher.getInstance(RSA_KEY_SUIT)\n            val key = keyStore.getCertificate(MASTER_KEY_ALIAS).publicKey\n            cipher.init(Cipher.ENCRYPT_MODE, key)\n            cipher.doFinal(data)\n        }");
            return doFinal;
        } catch (Exception e2) {
            throw new EncryptionException("Failed to encrypt with master key", e2);
        }
    }

    public final byte[] p(String str) {
        byte[] bArr = this.f12987b.get(str);
        if (bArr != null) {
            return g.a(m(bArr));
        }
        L.p(o.o("No key with alias ", str));
        return null;
    }

    public final boolean q() {
        boolean z = true;
        try {
            KeyStore keyStore = this.f12993h;
            if (keyStore == null) {
                o.v("keyStore");
                throw null;
            }
            if (keyStore.getKey("ALIAS_MASTER_KEY", null) == null) {
                z = false;
            }
            return z;
        } catch (Exception e2) {
            L.N(e2, "Failed to retrieve master key");
            return false;
        }
    }

    @WorkerThread
    public final void r(l<? super Exception, k> lVar, l.q.b.a<k> aVar) throws EncryptionException {
        CountDownLatch countDownLatch;
        KeyStore keyStore;
        o.h(lVar, "exceptionHandler");
        o.h(aVar, "masterKeyCreationCallback");
        ReentrantReadWriteLock reentrantReadWriteLock = this.f12988c;
        ReentrantReadWriteLock.ReadLock readLock = reentrantReadWriteLock.readLock();
        int i2 = 0;
        int readHoldCount = reentrantReadWriteLock.getWriteHoldCount() == 0 ? reentrantReadWriteLock.getReadHoldCount() : 0;
        for (int i3 = 0; i3 < readHoldCount; i3++) {
            readLock.unlock();
        }
        ReentrantReadWriteLock.WriteLock writeLock = reentrantReadWriteLock.writeLock();
        writeLock.lock();
        try {
            try {
                if (this.f12992g.getCount() == 0) {
                    return;
                }
                try {
                    keyStore = KeyStore.getInstance("AndroidKeyStore");
                    o.g(keyStore, "getInstance(\"AndroidKeyStore\")");
                    this.f12993h = keyStore;
                } catch (Exception e2) {
                    lVar.invoke(new EncryptionException("Failed to run init", e2));
                    countDownLatch = this.f12992g;
                }
                if (keyStore == null) {
                    o.v("keyStore");
                    throw null;
                }
                keyStore.load(null);
                Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
                o.g(cipher, "getInstance(AES_CIPHER_SUIT)");
                this.f12994i = cipher;
                if (!q()) {
                    h();
                    aVar.invoke();
                }
                countDownLatch = this.f12992g;
                countDownLatch.countDown();
                k kVar = k.f105087a;
                while (i2 < readHoldCount) {
                    readLock.lock();
                    i2++;
                }
                writeLock.unlock();
            } catch (Throwable th) {
                this.f12992g.countDown();
                throw th;
            }
        } finally {
            while (i2 < readHoldCount) {
                readLock.lock();
                i2++;
            }
            writeLock.unlock();
        }
    }
}
