package com.oblador.keychain.a;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.text.TextUtils;
import android.util.Log;
import com.oblador.keychain.SecurityLevel;
import com.oblador.keychain.a.f;
import com.oblador.keychain.exceptions.CryptoFailedException;
import com.oblador.keychain.exceptions.KeyStoreAccessException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.UnrecoverableKeyException;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;

/* compiled from: CipherStorageBase.java */
/* loaded from: classes.dex */
public abstract class f implements com.oblador.keychain.a.e {

    /* renamed from: a, reason: collision with root package name */
    protected static final String f7734a = "f";

    /* renamed from: b, reason: collision with root package name */
    public static final Charset f7735b = Charset.forName("UTF-8");
    protected transient AtomicBoolean d;
    protected transient AtomicBoolean f;
    protected transient Cipher g;
    protected transient KeyStore h;

    /* renamed from: c, reason: collision with root package name */
    protected final Object f7736c = new Object();
    protected final Object e = new Object();

    /* compiled from: CipherStorageBase.java */
    /* loaded from: classes.dex */
    public interface a {
        void a(Cipher cipher, Key key, InputStream inputStream) throws GeneralSecurityException, IOException;
    }

    /* compiled from: CipherStorageBase.java */
    /* loaded from: classes.dex */
    public static final class b {

        /* renamed from: a, reason: collision with root package name */
        public static final c f7737a = new c() { // from class: com.oblador.keychain.a.b
            @Override // com.oblador.keychain.a.f.c
            public final void a(Cipher cipher, Key key, OutputStream outputStream) {
                cipher.init(1, key);
            }
        };

        /* renamed from: b, reason: collision with root package name */
        public static final a f7738b = new a() { // from class: com.oblador.keychain.a.a
            @Override // com.oblador.keychain.a.f.a
            public final void a(Cipher cipher, Key key, InputStream inputStream) {
                cipher.init(2, key);
            }
        };
    }

    /* compiled from: CipherStorageBase.java */
    /* loaded from: classes.dex */
    public interface c {
        void a(Cipher cipher, Key key, OutputStream outputStream) throws GeneralSecurityException, IOException;
    }

    /* compiled from: CipherStorageBase.java */
    /* loaded from: classes.dex */
    public static final class d {

        /* renamed from: a, reason: collision with root package name */
        public static final c f7739a = new c() { // from class: com.oblador.keychain.a.c
            @Override // com.oblador.keychain.a.f.c
            public final void a(Cipher cipher, Key key, OutputStream outputStream) {
                f.d.a(cipher, key, outputStream);
            }
        };

        /* renamed from: b, reason: collision with root package name */
        public static final a f7740b = new a() { // from class: com.oblador.keychain.a.d
            @Override // com.oblador.keychain.a.f.a
            public final void a(Cipher cipher, Key key, InputStream inputStream) {
                cipher.init(2, key, f.d.a(inputStream));
            }
        };

        public static IvParameterSpec a(InputStream inputStream) throws IOException {
            byte[] bArr = new byte[16];
            if (inputStream.read(bArr, 0, 16) == 16) {
                return new IvParameterSpec(bArr);
            }
            throw new IOException("Input stream has insufficient data.");
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static /* synthetic */ void a(Cipher cipher, Key key, OutputStream outputStream) throws GeneralSecurityException, IOException {
            cipher.init(1, key);
            byte[] iv = cipher.getIV();
            outputStream.write(iv, 0, iv.length);
        }
    }

    /* compiled from: CipherStorageBase.java */
    /* loaded from: classes.dex */
    public class e implements Closeable {

        /* renamed from: a, reason: collision with root package name */
        public final String f7741a;

        /* renamed from: b, reason: collision with root package name */
        public final Key f7742b;

        public e(f fVar, String str) throws GeneralSecurityException {
            this(str, fVar.c(str));
        }

        public e(String str, Key key) {
            this.f7741a = str;
            this.f7742b = key;
        }

        @Override // java.io.Closeable, java.lang.AutoCloseable
        public void close() {
            try {
                f.this.a(this.f7741a);
            } catch (KeyStoreAccessException e) {
                Log.w(f.f7734a, "AutoClose remove key failed. Error: " + e.getMessage(), e);
            }
        }
    }

    public static String a(String str, String str2) {
        return TextUtils.isEmpty(str) ? str2 : str;
    }

    public static void a(InputStream inputStream, OutputStream outputStream) throws IOException {
        byte[] bArr = new byte[16384];
        while (true) {
            int read = inputStream.read(bArr);
            if (read <= 0) {
                return;
            } else {
                outputStream.write(bArr, 0, read);
            }
        }
    }

    protected abstract KeyInfo a(Key key) throws GeneralSecurityException;

    @Override // com.oblador.keychain.a.e
    public SecurityLevel a() {
        return SecurityLevel.SECURE_HARDWARE;
    }

    public String a(Key key, byte[] bArr) throws IOException, GeneralSecurityException {
        return a(key, bArr, b.f7738b);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String a(Key key, byte[] bArr, a aVar) throws GeneralSecurityException, IOException {
        Cipher g = g();
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                if (aVar != null) {
                    try {
                        aVar.a(g, key, byteArrayInputStream);
                    } finally {
                    }
                }
                CipherInputStream cipherInputStream = new CipherInputStream(byteArrayInputStream, g);
                try {
                    a(cipherInputStream, byteArrayOutputStream);
                    cipherInputStream.close();
                    String str = new String(byteArrayOutputStream.toByteArray(), f7735b);
                    byteArrayOutputStream.close();
                    byteArrayInputStream.close();
                    return str;
                } finally {
                }
            } finally {
            }
        } catch (Throwable th) {
            Log.w(f7734a, th.getMessage(), th);
            throw th;
        }
    }

    protected abstract Key a(KeyGenParameterSpec keyGenParameterSpec) throws GeneralSecurityException;

    /* JADX INFO: Access modifiers changed from: protected */
    public Key a(String str, SecurityLevel securityLevel, AtomicInteger atomicInteger) throws GeneralSecurityException {
        Key a2;
        do {
            KeyStore j = j();
            if (!j.containsAlias(str)) {
                a(str, securityLevel);
            }
            a2 = a(j, str, atomicInteger);
        } while (a2 == null);
        return a2;
    }

    protected Key a(KeyStore keyStore, String str, AtomicInteger atomicInteger) throws GeneralSecurityException {
        try {
            Key key = keyStore.getKey(str, null);
            if (key != null) {
                return key;
            }
            throw new KeyStoreAccessException("Empty key extracted!");
        } catch (UnrecoverableKeyException e2) {
            if (atomicInteger.getAndDecrement() <= 0) {
                throw e2;
            }
            keyStore.deleteEntry(str);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void a(SecurityLevel securityLevel) throws CryptoFailedException {
        if (!a().satisfiesSafetyThreshold(securityLevel)) {
            throw new CryptoFailedException(String.format("Insufficient security level (wants %s; got %s)", securityLevel, a()));
        }
    }

    @Override // com.oblador.keychain.a.e
    public void a(String str) throws KeyStoreAccessException {
        String a2 = a(str, h());
        KeyStore j = j();
        try {
            if (j.containsAlias(a2)) {
                j.deleteEntry(a2);
            }
        } catch (GeneralSecurityException unused) {
        }
    }

    public void a(String str, SecurityLevel securityLevel) throws GeneralSecurityException {
        Key key;
        synchronized (this.e) {
            key = null;
            if (this.f == null || this.f.get()) {
                if (this.f == null) {
                    this.f = new AtomicBoolean(false);
                }
                try {
                    key = d(str);
                    this.f.set(true);
                } catch (GeneralSecurityException | ProviderException e2) {
                    Log.w(f7734a, "StrongBox security storage is not available.", e2);
                }
            }
        }
        if (key == null || !this.f.get()) {
            try {
                key = c(str);
            } catch (GeneralSecurityException e3) {
                Log.e(f7734a, "Regular security storage is not available.", e3);
                throw e3;
            }
        }
        if (!a(securityLevel, key)) {
            throw new CryptoFailedException("Cannot generate keys with required security guarantees");
        }
    }

    protected boolean a(SecurityLevel securityLevel, Key key) throws GeneralSecurityException {
        return b(key).satisfiesSafetyThreshold(securityLevel);
    }

    public byte[] a(Key key, String str) throws IOException, GeneralSecurityException {
        return a(key, str, b.f7737a);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] a(Key key, String str, c cVar) throws IOException, GeneralSecurityException {
        Cipher g = g();
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            if (cVar != null) {
                try {
                    cVar.a(g, key, byteArrayOutputStream);
                    byteArrayOutputStream.flush();
                } finally {
                }
            }
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, g);
            try {
                cipherOutputStream.write(str.getBytes(f7735b));
                cipherOutputStream.close();
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                byteArrayOutputStream.close();
                return byteArray;
            } finally {
            }
        } catch (Throwable th) {
            Log.e(f7734a, th.getMessage(), th);
            throw th;
        }
    }

    protected abstract KeyGenParameterSpec.Builder b(String str) throws GeneralSecurityException;

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityLevel b(Key key) throws GeneralSecurityException {
        return (Build.VERSION.SDK_INT < 23 || !a(key).isInsideSecureHardware()) ? SecurityLevel.SECURE_SOFTWARE : SecurityLevel.SECURE_HARDWARE;
    }

    @Override // com.oblador.keychain.a.e
    public final int c() {
        return ((e() ? 1 : 0) * 1000) + ((f() ? 1 : 0) * 100) + d();
    }

    protected Key c(String str) throws GeneralSecurityException {
        if (Build.VERSION.SDK_INT >= 23) {
            return a(b(str).build());
        }
        throw new KeyStoreAccessException("Regular security keystore is not supported for old API" + Build.VERSION.SDK_INT + ".");
    }

    protected Key d(String str) throws GeneralSecurityException {
        if (Build.VERSION.SDK_INT >= 28) {
            return a(b(str).setIsStrongBoxBacked(true).build());
        }
        throw new KeyStoreAccessException("Strong box security keystore is not supported for old API" + Build.VERSION.SDK_INT + ".");
    }

    @Override // com.oblador.keychain.a.e
    public boolean f() {
        e eVar;
        Throwable th;
        AtomicBoolean atomicBoolean = this.d;
        if (atomicBoolean != null) {
            return atomicBoolean.get();
        }
        synchronized (this.f7736c) {
            if (this.d != null) {
                return this.d.get();
            }
            this.d = new AtomicBoolean(false);
            try {
                eVar = new e(this, "AndroidKeyStore#supportsSecureHardware");
                try {
                    this.d.set(a(SecurityLevel.SECURE_HARDWARE, eVar.f7742b));
                } catch (Throwable th2) {
                    th = th2;
                    if (eVar == null) {
                        throw th;
                    }
                    eVar.close();
                    throw th;
                }
            } catch (Throwable th3) {
                eVar = null;
                th = th3;
            }
            eVar.close();
            return this.d.get();
        }
    }

    public Cipher g() throws NoSuchAlgorithmException, NoSuchPaddingException {
        if (this.g == null) {
            synchronized (this) {
                if (this.g == null) {
                    this.g = Cipher.getInstance(i());
                }
            }
        }
        return this.g;
    }

    public String h() {
        return b();
    }

    protected abstract String i();

    public KeyStore j() throws KeyStoreAccessException {
        if (this.h == null) {
            synchronized (this) {
                if (this.h == null) {
                    try {
                        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                        keyStore.load(null);
                        this.h = keyStore;
                    } catch (Throwable th) {
                        throw new KeyStoreAccessException("Could not access Keystore", th);
                    }
                }
            }
        }
        return this.h;
    }
}
