package L7;

import R7.e;
import android.content.Context;
import android.content.SharedPreferences;
import android.preference.PreferenceManager;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import androidx.media3.extractor.metadata.dvbsi.BJ.FKeuGC;
import com.diune.pikture.photo_editor.imageshow.dEoy.SPOBWm;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.DigestException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.Iterator;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import s5.j;

/* loaded from: classes2.dex */
public final class d {

    /* renamed from: a, reason: collision with root package name */
    private final Context f5176a;

    /* renamed from: c, reason: collision with root package name */
    private KeyPair f5178c;

    /* renamed from: d, reason: collision with root package name */
    private String f5179d;

    /* renamed from: e, reason: collision with root package name */
    private SecretKey f5180e = null;

    /* renamed from: f, reason: collision with root package name */
    private SecretKey f5181f = null;

    /* renamed from: g, reason: collision with root package name */
    private SecretKey f5182g = null;

    /* renamed from: b, reason: collision with root package name */
    private final SecureRandom f5177b = new SecureRandom();

    public d(Context context) {
        this.f5176a = context.getApplicationContext();
    }

    private static String b(byte[] bArr, SecretKey secretKey) {
        byte[] encoded = secretKey.getEncoded();
        SecretKey secretKeySpec = encoded != null ? new SecretKeySpec(MessageDigest.getInstance("SHA256").digest(encoded), "AES") : secretKey;
        int length = (bArr.length - 16) - 32;
        int length2 = bArr.length - 32;
        int i5 = length - 4;
        if (length < 0 || length2 < 0 || i5 < 0) {
            throw new IOException("Invalid byte array input for decryption.");
        }
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(secretKeySpec);
        byte b10 = 0;
        mac.update(bArr, 0, length2);
        byte[] doFinal = mac.doFinal();
        int length3 = bArr.length;
        if (doFinal.length != length3 - length2) {
            throw new IllegalArgumentException("Unexpected HMAC length");
        }
        for (int i10 = length2; i10 < length3; i10++) {
            b10 = (byte) (b10 | (doFinal[i10 - length2] ^ bArr[i10]));
        }
        if (b10 != 0) {
            throw new DigestException();
        }
        cipher.init(2, secretKey, new IvParameterSpec(bArr, length, 16));
        return new String(cipher.doFinal(bArr, 4, i5), "UTF-8");
    }

    private static byte[] e(String str) {
        int charAt = str.charAt(0) - 'a';
        if (charAt <= 0) {
            throw new IllegalArgumentException(String.format("Encode version length: '%s' is not valid, it must be greater of equal to 0", Integer.valueOf(charAt)));
        }
        int i5 = 6 << 1;
        int i10 = charAt + 1;
        if (str.substring(1, i10).equals("E1")) {
            return Base64.decode(str.substring(i10), 0);
        }
        throw new IllegalArgumentException(String.format("Unsupported encode version received. Encode version supported is: '%s'", "E1"));
    }

    public static int f(String str) {
        try {
            try {
                String str2 = new String(e(str), 0, 4, "UTF-8");
                if ("U001".equalsIgnoreCase(str2)) {
                    return 1;
                }
                return "A001".equalsIgnoreCase(str2) ? 2 : 3;
            } catch (UnsupportedEncodingException e10) {
                e.b("StorageHelper:getEncryptionType", "Failed to extract keyVersion.", e10);
                throw e10;
            }
        } catch (Exception e11) {
            e.b("StorageHelper:getEncryptionType", "This data is not an encrypted blob. Treat as unencrypted data.", e11);
            return 3;
        }
    }

    private KeyPairGeneratorSpec g(Context context, Date date, Date date2) {
        return new KeyPairGeneratorSpec.Builder(context).setAlias("AdalKey").setSubject(new X500Principal(String.format(Locale.ROOT, "CN=%s, OU=%s", "AdalKey", h()))).setSerialNumber(BigInteger.ONE).setStartDate(date).setEndDate(date2).build();
    }

    private static SecretKeySpec i(byte[] bArr) {
        if (bArr != null) {
            return new SecretKeySpec(bArr, "AES");
        }
        throw new IllegalArgumentException("rawBytes");
    }

    private synchronized SecretKey j() {
        try {
            e.j("StorageHelper:getUnwrappedSecretKey", "Reading SecretKey");
            byte[] o10 = o();
            if (o10 == null) {
                e.j("StorageHelper:getUnwrappedSecretKey", "Key data is null");
                return null;
            }
            KeyPair p3 = p();
            this.f5178c = p3;
            if (p3 == null) {
                return null;
            }
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(4, this.f5178c.getPrivate());
            try {
                SecretKey secretKey = (SecretKey) cipher.unwrap(o10, "AES", 3);
                e.j("StorageHelper:getUnwrappedSecretKey", "Finished reading SecretKey");
                return secretKey;
            } catch (IllegalArgumentException e10) {
                throw new KeyStoreException(e10);
            }
        } catch (Throwable th) {
            throw th;
        }
    }

    private static void l(String str, String str2, String str3, Exception exc) {
        e.b("StorageHelper".concat(str), str2 + SPOBWm.EDPOMMRI + str3, exc);
    }

    private static void m(String str, String str2) {
        e.j("StorageHelper".concat(str), str2.concat(" started."));
    }

    private static void n(String str, String str2, String str3) {
        e.j("StorageHelper".concat(str), str2 + " successfully finished: " + str3);
    }

    private byte[] o() {
        boolean z5 = false;
        File file = new File(this.f5176a.getDir(h(), 0), "adalks");
        if (!file.exists()) {
            return null;
        }
        e.j("StorageHelper:readKeyData", "Reading key data from a file");
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[1024];
            while (true) {
                int read = fileInputStream.read(bArr);
                if (read == -1) {
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    fileInputStream.close();
                    return byteArray;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    private synchronized KeyPair p() {
        try {
            e.j("StorageHelper:readKeyPair", "Reading Key entry");
            try {
                try {
                    m(":readKeyPair", "keychain_read_v2_start");
                    KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                    keyStore.load(null);
                    Certificate certificate = keyStore.getCertificate("AdalKey");
                    Key key = keyStore.getKey("AdalKey", null);
                    if (certificate != null && key != null) {
                        KeyPair keyPair = new KeyPair(certificate.getPublicKey(), (PrivateKey) key);
                        n(":readKeyPair", "keychain_read_v2_end", "KeyStore KeyPair is loaded.");
                        return keyPair;
                    }
                    n(":readKeyPair", "keychain_read_v2_end", "KeyStore is empty.");
                    e.j("StorageHelper:readKeyPair", "Key entry doesn't exist.");
                    return null;
                } catch (IOException | GeneralSecurityException e10) {
                    l(":readKeyPair", "keychain_read_v2_end", e10.toString(), e10);
                    throw e10;
                }
            } catch (RuntimeException e11) {
                l(":readKeyPair", "keychain_read_v2_end", e11.toString(), e11);
                throw new KeyStoreException(e11);
            }
        } catch (Throwable th) {
            throw th;
        }
    }

    public final String a(String str) {
        SecretKey k10;
        e.j("StorageHelper:decrypt", "Starting decryption");
        if (j.t(str)) {
            throw new IllegalArgumentException("Input is empty or null");
        }
        if (f(str) == 3) {
            e.n("StorageHelper:decrypt", "This string is not encrypted. Finished decryption.");
            return str;
        }
        String h10 = h();
        ArrayList arrayList = new ArrayList();
        int f10 = f(str);
        if (f10 == 1) {
            if (K7.b.f4813q.h() != null) {
                arrayList.add(c.ADAL_USER_DEFINED_KEY);
            } else {
                boolean equalsIgnoreCase = "com.microsoft.windowsintune.companyportal".equalsIgnoreCase(h10);
                c cVar = c.LEGACY_AUTHENTICATOR_APP_KEY;
                c cVar2 = c.LEGACY_COMPANY_PORTAL_KEY;
                if (equalsIgnoreCase) {
                    arrayList.add(cVar2);
                    arrayList.add(cVar);
                } else if ("com.azure.authenticator".equalsIgnoreCase(h10)) {
                    arrayList.add(cVar);
                    arrayList.add(cVar2);
                }
            }
        } else if (f10 == 2) {
            arrayList.add(c.KEYSTORE_ENCRYPTED_KEY);
        }
        byte[] e10 = e(str);
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            c cVar3 = (c) it.next();
            try {
                k10 = k(cVar3);
            } catch (IOException | GeneralSecurityException e11) {
                Context context = this.f5176a;
                SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
                String string = defaultSharedPreferences.getString("current_active_broker", "");
                String packageName = context.getPackageName();
                if (!string.equalsIgnoreCase(packageName)) {
                    e.e("StorageHelper:emitDecryptionFailureTelemetryIfNeeded", "Decryption failed with key: " + cVar3.name() + " Active broker: " + packageName + " Exception: " + e11.toString());
                    defaultSharedPreferences.edit().putString("current_active_broker", packageName).apply();
                }
            }
            if (k10 != null) {
                String b10 = b(e10, k10);
                e.j("StorageHelper:decrypt", "Finished decryption with keyType:" + cVar3.name());
                return b10;
            }
        }
        e.e("StorageHelper:decrypt", "Tried all decryption keys and decryption still fails. Throw an exception.");
        throw new GeneralSecurityException("decryption_failed");
    }

    public final String c(String str) {
        SecretKey secretKey;
        if (j.t(str)) {
            throw new IllegalArgumentException("Input is empty or null");
        }
        e.j("StorageHelper:encrypt", FKeuGC.hAzExxteHb);
        synchronized (this) {
            try {
                secretKey = this.f5180e;
                if (secretKey == null || this.f5181f == null) {
                    K7.b bVar = K7.b.f4813q;
                    if (bVar.b().containsKey(h())) {
                        this.f5179d = "U001";
                        secretKey = "com.azure.authenticator".equalsIgnoreCase(h()) ? k(c.LEGACY_AUTHENTICATOR_APP_KEY) : k(c.LEGACY_COMPANY_PORTAL_KEY);
                    } else if (bVar.h() != null) {
                        this.f5179d = "U001";
                        secretKey = k(c.ADAL_USER_DEFINED_KEY);
                    } else {
                        this.f5179d = "A001";
                        try {
                            secretKey = k(c.KEYSTORE_ENCRYPTED_KEY);
                            if (secretKey != null) {
                            }
                        } catch (IOException | GeneralSecurityException unused) {
                        }
                        e.j("StorageHelper:loadSecretKeyForEncryption", "Keystore-encrypted key does not exist, try to generate new keys.");
                        secretKey = d();
                    }
                }
            } catch (Throwable th) {
                throw th;
            }
        }
        this.f5180e = secretKey;
        byte[] encoded = secretKey.getEncoded();
        if (encoded != null) {
            secretKey = new SecretKeySpec(MessageDigest.getInstance("SHA256").digest(encoded), "AES");
        }
        this.f5181f = secretKey;
        e.j("StorageHelper:encrypt", "Encrypt version:" + this.f5179d);
        byte[] bytes = this.f5179d.getBytes("UTF-8");
        byte[] bytes2 = str.getBytes("UTF-8");
        byte[] bArr = new byte[16];
        this.f5177b.nextBytes(bArr);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        Mac mac = Mac.getInstance("HmacSHA256");
        cipher.init(1, this.f5180e, ivParameterSpec);
        byte[] doFinal = cipher.doFinal(bytes2);
        mac.init(this.f5181f);
        mac.update(bytes);
        mac.update(doFinal);
        mac.update(bArr);
        byte[] doFinal2 = mac.doFinal();
        byte[] bArr2 = new byte[bytes.length + doFinal.length + 16 + doFinal2.length];
        System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
        System.arraycopy(doFinal, 0, bArr2, bytes.length, doFinal.length);
        System.arraycopy(bArr, 0, bArr2, bytes.length + doFinal.length, 16);
        System.arraycopy(doFinal2, 0, bArr2, bytes.length + doFinal.length + 16, doFinal2.length);
        String str2 = new String(Base64.encode(bArr2, 2), "UTF-8");
        e.j("StorageHelper:encrypt", "Finished encryption");
        return "cE1".concat(str2);
    }

    public final synchronized SecretKey d() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256, this.f5177b);
            SecretKey generateKey = keyGenerator.generateKey();
            this.f5182g = generateKey;
            q(generateKey);
            e.j("StorageHelper:generateKeyStoreEncryptedKey", "key_created_v2: New key is generated.");
        } catch (Throwable th) {
            throw th;
        }
        return this.f5182g;
    }

    protected final String h() {
        return this.f5176a.getPackageName();
    }

    /* JADX WARN: Finally extract failed */
    public final SecretKey k(c cVar) {
        SecretKey secretKey;
        int ordinal = cVar.ordinal();
        if (ordinal == 0) {
            return i((byte[]) K7.b.f4813q.b().get("com.azure.authenticator"));
        }
        if (ordinal == 1) {
            return i((byte[]) K7.b.f4813q.b().get("com.microsoft.windowsintune.companyportal"));
        }
        if (ordinal == 2) {
            return i(K7.b.f4813q.h());
        }
        if (ordinal != 3) {
            e.j("StorageHelper:loadSecretKey", "Unknown KeyType. This code should never be reached.");
            throw new GeneralSecurityException("unknown_error");
        }
        synchronized (this) {
            try {
                secretKey = this.f5182g;
                if (secretKey == null) {
                    try {
                        secretKey = j();
                        this.f5182g = secretKey;
                    } catch (IOException | GeneralSecurityException e10) {
                        e.b("StorageHelper:loadKeyStoreEncryptedKey", "android_keystore_failed", e10);
                        int i5 = 6 & 0;
                        this.f5178c = null;
                        this.f5182g = null;
                        File file = new File(this.f5176a.getDir(h(), 0), "adalks");
                        if (file.exists()) {
                            e.j("StorageHelper:deleteKeyFile", "Delete KeyFile");
                            if (!file.delete()) {
                                e.j("StorageHelper:deleteKeyFile", "Delete KeyFile failed");
                            }
                        }
                        synchronized (this) {
                            try {
                                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                                keyStore.load(null);
                                keyStore.deleteEntry("AdalKey");
                                throw e10;
                            } catch (Throwable th) {
                                throw th;
                            }
                        }
                    }
                }
            } catch (Throwable th2) {
                throw th2;
            }
        }
        return secretKey;
    }

    public final void q(SecretKey secretKey) {
        KeyPair generateKeyPair;
        if (this.f5178c == null) {
            synchronized (this) {
                try {
                    try {
                        try {
                            m(":generateKeyPairFromAndroidKeyStore", "keychain_write_v2_start");
                            KeyStore.getInstance("AndroidKeyStore").load(null);
                            e.j("StorageHelper:generateKeyPairFromAndroidKeyStore", "Generate KeyPair from AndroidKeyStore");
                            Calendar calendar = Calendar.getInstance();
                            Calendar calendar2 = Calendar.getInstance();
                            calendar2.add(1, 100);
                            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                            keyPairGenerator.initialize(g(this.f5176a, calendar.getTime(), calendar2.getTime()));
                            generateKeyPair = keyPairGenerator.generateKeyPair();
                            n(":generateKeyPairFromAndroidKeyStore", "keychain_write_v2_end", "");
                        } catch (IOException | GeneralSecurityException e10) {
                            l(":generateKeyPairFromAndroidKeyStore", "keychain_write_v2_end", e10.toString(), e10);
                            throw e10;
                        }
                    } catch (IllegalStateException e11) {
                        l(":generateKeyPairFromAndroidKeyStore", "keychain_write_v2_end", e11.toString(), e11);
                        throw new KeyStoreException(e11);
                    }
                } catch (Throwable th) {
                    throw th;
                }
            }
            this.f5178c = generateKeyPair;
        }
        e.j("StorageHelper:wrap", "Wrap secret key.");
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(3, this.f5178c.getPublic());
        byte[] wrap = cipher.wrap(secretKey);
        e.j("StorageHelper:writeKeyData", "Writing key data to a file");
        FileOutputStream fileOutputStream = new FileOutputStream(new File(this.f5176a.getDir(h(), 0), "adalks"));
        try {
            fileOutputStream.write(wrap);
            fileOutputStream.close();
        } catch (Throwable th2) {
            fileOutputStream.close();
            throw th2;
        }
    }
}
