package com.auth0.android.authentication.storage;

import android.app.KeyguardManager;
import android.content.Context;
import android.content.Intent;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.RequiresApi;
import androidx.annotation.VisibleForTesting;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Calendar;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

@RequiresApi(api = 19)
/* loaded from: classes2.dex */
class c {

    /* renamed from: a, reason: collision with root package name */
    private final String f17604a;
    private final String b;

    /* renamed from: c, reason: collision with root package name */
    private final Storage f17605c;
    private final Context d;

    public c(@NonNull Context context, @NonNull Storage storage, @NonNull String str) {
        String trim = str.trim();
        if (TextUtils.isEmpty(trim)) {
            throw new IllegalArgumentException("RSA and AES Key alias must be valid.");
        }
        this.f17604a = context.getPackageName() + "." + trim;
        this.b = context.getPackageName() + "." + trim + "_iv";
        this.d = context;
        this.f17605c = storage;
    }

    private void d() {
        this.f17605c.remove(this.f17604a);
        this.f17605c.remove(this.b);
    }

    private void e() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry(this.f17604a);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException unused) {
        }
    }

    private KeyStore.PrivateKeyEntry h(KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        PrivateKey privateKey;
        if (Build.VERSION.SDK_INT >= 28 && (privateKey = (PrivateKey) keyStore.getKey(this.f17604a, null)) != null) {
            Certificate certificate = keyStore.getCertificate(this.f17604a);
            if (certificate == null) {
                return null;
            }
            return new KeyStore.PrivateKeyEntry(privateKey, new Certificate[]{certificate});
        }
        return (KeyStore.PrivateKeyEntry) keyStore.getEntry(this.f17604a, null);
    }

    @VisibleForTesting
    byte[] a(byte[] bArr) throws d, CryptoException {
        try {
            PrivateKey privateKey = i().getPrivateKey();
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(2, privateKey);
            return cipher.doFinal(bArr);
        } catch (IllegalArgumentException e) {
            e = e;
            d();
            throw new CryptoException("The RSA encrypted input is corrupted and cannot be recovered. Please discard it.", e);
        } catch (InvalidKeyException e2) {
            e = e2;
            throw new d(e);
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            throw new d(e);
        } catch (BadPaddingException e4) {
            e = e4;
            d();
            throw new CryptoException("The RSA encrypted input is corrupted and cannot be recovered. Please discard it.", e);
        } catch (IllegalBlockSizeException e5) {
            e = e5;
            d();
            throw new CryptoException("The RSA encrypted input is corrupted and cannot be recovered. Please discard it.", e);
        } catch (NoSuchPaddingException e6) {
            e = e6;
            throw new d(e);
        }
    }

    @VisibleForTesting
    byte[] b(byte[] bArr) throws d, CryptoException {
        try {
            Certificate certificate = i().getCertificate();
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, certificate);
            return cipher.doFinal(bArr);
        } catch (InvalidKeyException e) {
            e = e;
            throw new d(e);
        } catch (NoSuchAlgorithmException e2) {
            e = e2;
            throw new d(e);
        } catch (BadPaddingException e3) {
            e = e3;
            d();
            throw new CryptoException("The RSA decrypted input is invalid.", e);
        } catch (IllegalBlockSizeException e4) {
            e = e4;
            d();
            throw new CryptoException("The RSA decrypted input is invalid.", e);
        } catch (NoSuchPaddingException e5) {
            e = e5;
            throw new d(e);
        }
    }

    public byte[] c(byte[] bArr) throws CryptoException, d {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(g(), "AES");
            Cipher cipher = Cipher.getInstance("AES/GCM/NOPADDING");
            String retrieveString = this.f17605c.retrieveString(this.b);
            if (TextUtils.isEmpty(retrieveString)) {
                throw new CryptoException("The encryption keys changed recently. You need to re-encrypt something first.", null);
            }
            cipher.init(2, secretKeySpec, new IvParameterSpec(Base64.decode(retrieveString, 0)));
            return cipher.doFinal(bArr);
        } catch (InvalidAlgorithmParameterException e) {
            e = e;
            throw new d(e);
        } catch (InvalidKeyException e2) {
            e = e2;
            throw new d(e);
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            throw new d(e);
        } catch (BadPaddingException e4) {
            e = e4;
            throw new CryptoException("The AES encrypted input is corrupted and cannot be recovered. Please discard it.", e);
        } catch (IllegalBlockSizeException e5) {
            e = e5;
            throw new CryptoException("The AES encrypted input is corrupted and cannot be recovered. Please discard it.", e);
        } catch (NoSuchPaddingException e6) {
            e = e6;
            throw new d(e);
        }
    }

    public byte[] f(byte[] bArr) throws CryptoException, d {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(g(), "AES");
            Cipher cipher = Cipher.getInstance("AES/GCM/NOPADDING");
            cipher.init(1, secretKeySpec);
            byte[] doFinal = cipher.doFinal(bArr);
            this.f17605c.store(this.b, new String(Base64.encode(cipher.getIV(), 0)));
            return doFinal;
        } catch (InvalidKeyException e) {
            e = e;
            throw new d(e);
        } catch (NoSuchAlgorithmException e2) {
            e = e2;
            throw new d(e);
        } catch (BadPaddingException e3) {
            e = e3;
            throw new CryptoException("The AES decrypted input is invalid.", e);
        } catch (IllegalBlockSizeException e4) {
            e = e4;
            throw new CryptoException("The AES decrypted input is invalid.", e);
        } catch (NoSuchPaddingException e5) {
            e = e5;
            throw new d(e);
        }
    }

    @VisibleForTesting
    byte[] g() throws d, CryptoException {
        byte[] a2;
        String retrieveString = this.f17605c.retrieveString(this.f17604a);
        if (retrieveString != null && (a2 = a(Base64.decode(retrieveString, 0))) != null && a2.length == 32) {
            return a2;
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            byte[] encoded = keyGenerator.generateKey().getEncoded();
            this.f17605c.store(this.f17604a, new String(Base64.encode(b(encoded), 0)));
            return encoded;
        } catch (NoSuchAlgorithmException e) {
            throw new d(e);
        }
    }

    @VisibleForTesting
    KeyStore.PrivateKeyEntry i() throws CryptoException, d {
        AlgorithmParameterSpec build;
        KeyStore.PrivateKeyEntry h;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (keyStore.containsAlias(this.f17604a) && (h = h(keyStore)) != null) {
                return h;
            }
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            boolean z2 = true;
            calendar2.add(1, 25);
            X500Principal x500Principal = new X500Principal("CN=Auth0.Android,O=Auth0");
            int i = Build.VERSION.SDK_INT;
            if (i >= 23) {
                build = new KeyGenParameterSpec.Builder(this.f17604a, 3).setCertificateSubject(x500Principal).setCertificateSerialNumber(BigInteger.ONE).setCertificateNotBefore(calendar.getTime()).setCertificateNotAfter(calendar2.getTime()).setKeySize(2048).setEncryptionPaddings("PKCS1Padding").setBlockModes("ECB").build();
            } else {
                KeyPairGeneratorSpec.Builder endDate = new KeyPairGeneratorSpec.Builder(this.d).setAlias(this.f17604a).setSubject(x500Principal).setKeySize(2048).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime());
                KeyguardManager keyguardManager = (KeyguardManager) this.d.getSystemService("keyguard");
                if (i >= 21) {
                    Intent createConfirmDeviceCredentialIntent = keyguardManager.createConfirmDeviceCredentialIntent(null, null);
                    if (!keyguardManager.isKeyguardSecure() || createConfirmDeviceCredentialIntent == null) {
                        z2 = false;
                    }
                    if (z2) {
                        endDate.setEncryptionRequired();
                    }
                }
                build = endDate.build();
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
            return h(keyStore);
        } catch (IOException e) {
            e = e;
            e();
            d();
            throw new CryptoException("The existing RSA key pair could not be recovered and has been deleted. This occasionally happens when the Lock Screen settings are changed. You can safely retry this operation.", e);
        } catch (InvalidAlgorithmParameterException e2) {
            e = e2;
            throw new d(e);
        } catch (KeyStoreException e3) {
            e = e3;
            throw new d(e);
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            throw new d(e);
        } catch (NoSuchProviderException e5) {
            e = e5;
            throw new d(e);
        } catch (ProviderException e6) {
            e = e6;
            throw new d(e);
        } catch (UnrecoverableEntryException e7) {
            e = e7;
            e();
            d();
            throw new CryptoException("The existing RSA key pair could not be recovered and has been deleted. This occasionally happens when the Lock Screen settings are changed. You can safely retry this operation.", e);
        } catch (CertificateException e8) {
            e = e8;
            throw new d(e);
        }
    }
}
