package defpackage;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import defpackage.qa1;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Calendar;
import java.util.Date;
import java.util.Objects;
import java.util.UUID;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public final class ja1 implements qa1 {

    /* renamed from: for, reason: not valid java name */
    private final ReentrantLock f2655for;
    private final sa1 g;
    private KeyStore n;
    private final Date o;
    private Cipher q;
    private final Context r;
    private final ReentrantReadWriteLock t;

    /* renamed from: try, reason: not valid java name */
    private final Date f2656try;
    private CountDownLatch w;

    /* loaded from: classes.dex */
    static final class r implements Runnable {

        /* renamed from: for, reason: not valid java name */
        final /* synthetic */ oz2 f2657for;
        final /* synthetic */ zz2 q;

        r(zz2 zz2Var, oz2 oz2Var) {
            this.q = zz2Var;
            this.f2657for = oz2Var;
        }

        @Override // java.lang.Runnable
        public final void run() {
            ja1.this.u(this.q, this.f2657for);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static final class t extends z03 implements oz2<yv2> {
        public static final t n = new t();

        t() {
            super(0);
        }

        @Override // defpackage.oz2
        public yv2 t() {
            return yv2.t;
        }
    }

    public ja1(Context context, Executor executor, zz2<? super Exception, yv2> zz2Var, sa1 sa1Var, oz2<yv2> oz2Var) {
        y03.w(context, "context");
        y03.w(executor, "initExecutor");
        y03.w(zz2Var, "exceptionHandler");
        y03.w(sa1Var, "keyStorage");
        y03.w(oz2Var, "masterKeyCreationCallback");
        this.g = sa1Var;
        this.t = new ReentrantReadWriteLock();
        this.r = context.getApplicationContext();
        this.w = new CountDownLatch(1);
        this.f2655for = new ReentrantLock();
        Calendar calendar = Calendar.getInstance();
        y03.o(calendar, "calendar");
        Date time = calendar.getTime();
        y03.o(time, "calendar.time");
        this.f2656try = time;
        calendar.add(1, 30);
        Date time2 = calendar.getTime();
        y03.o(time2, "calendar.time");
        this.o = time2;
        executor.execute(new r(zz2Var, oz2Var));
    }

    public /* synthetic */ ja1(Context context, Executor executor, zz2 zz2Var, sa1 sa1Var, oz2 oz2Var, int i, u03 u03Var) {
        this(context, executor, zz2Var, sa1Var, (i & 16) != 0 ? t.n : oz2Var);
    }

    /* renamed from: for, reason: not valid java name */
    private final byte[] m2610for(String str) {
        byte[] t2 = this.g.t(str);
        if (t2 == null) {
            ke1.g("No key with alias " + str);
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding");
            KeyStore keyStore = this.n;
            if (keyStore == null) {
                y03.a("keyStore");
                throw null;
            }
            cipher.init(2, keyStore.getKey("ALIAS_MASTER_KEY", null));
            byte[] doFinal = cipher.doFinal(t2);
            y03.o(doFinal, "cipher.doFinal(data)");
            y03.w(doFinal, "encodedKey");
            return doFinal;
        } catch (Exception e) {
            throw new pa1("Failed to decrypt with master key", e);
        }
    }

    private final boolean g() {
        KeyStore keyStore;
        try {
            keyStore = this.n;
        } catch (Exception e) {
            ke1.u(e, "Failed to retrieve master key");
        }
        if (keyStore == null) {
            y03.a("keyStore");
            throw null;
        }
        if (keyStore.getKey("ALIAS_MASTER_KEY", null) != null) {
            return true;
        }
        return false;
    }

    private final byte[] n(String str) {
        String j;
        String uuid = UUID.randomUUID().toString();
        y03.o(uuid, "UUID.randomUUID().toString()");
        Objects.requireNonNull(uuid, "null cannot be cast to non-null type java.lang.String");
        String lowerCase = uuid.toLowerCase();
        y03.o(lowerCase, "(this as java.lang.String).toLowerCase()");
        j = x33.j(lowerCase, "-", "", false, 4, null);
        Objects.requireNonNull(j, "null cannot be cast to non-null type java.lang.String");
        char[] charArray = j.toCharArray();
        y03.o(charArray, "(this as java.lang.String).toCharArray()");
        UUID randomUUID = UUID.randomUUID();
        y03.o(randomUUID, "UUID.randomUUID()");
        try {
            SecretKey generateSecret = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(charArray, ra1.t(randomUUID), 10000, 256));
            y03.o(generateSecret, "skf.generateSecret(spec)");
            byte[] encoded = generateSecret.getEncoded();
            y03.o(encoded, "generatedKey");
            try {
                Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding");
                KeyStore keyStore = this.n;
                if (keyStore == null) {
                    y03.a("keyStore");
                    throw null;
                }
                Certificate certificate = keyStore.getCertificate("ALIAS_MASTER_KEY");
                y03.o(certificate, "keyStore.getCertificate(MASTER_KEY_ALIAS)");
                cipher.init(1, certificate.getPublicKey());
                byte[] doFinal = cipher.doFinal(encoded);
                y03.o(doFinal, "cipher.doFinal(data)");
                this.g.r(str, doFinal);
                y03.w(encoded, "encodedKey");
                return encoded;
            } catch (Exception e) {
                throw new pa1("Failed to encrypt with master key", e);
            }
        } catch (Exception e2) {
            throw new pa1("Failed to generate key", e2);
        }
    }

    private final AlgorithmParameterSpec q() {
        AlgorithmParameterSpec build;
        String str;
        if (Build.VERSION.SDK_INT >= 23) {
            build = new KeyGenParameterSpec.Builder("ALIAS_MASTER_KEY", 3).setKeySize(2048).setEncryptionPaddings("PKCS1Padding").setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4)).setCertificateSubject(new X500Principal("CN=ALIAS_MASTER_KEY")).setCertificateSerialNumber(BigInteger.valueOf(Math.abs(1301899345))).build();
            str = "KeyGenParameterSpec.Buil…()))\n            .build()";
        } else {
            build = new KeyPairGeneratorSpec.Builder(this.r).setAlias("ALIAS_MASTER_KEY").setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4)).setKeySize(2048).setSubject(new X500Principal("CN=ALIAS_MASTER_KEY")).setSerialNumber(BigInteger.valueOf(Math.abs(1301899345))).setStartDate(this.f2656try).setEndDate(this.o).build();
            str = "KeyPairGeneratorSpec.Bui…ate)\n            .build()";
        }
        y03.o(build, str);
        return build;
    }

    private final void w() {
        if (this.w.getCount() > 0) {
            throw new pa1("Manager is not initialized");
        }
        if (!g()) {
            throw new pa1("Cannot perform operations without master key");
        }
    }

    @Override // defpackage.qa1
    public qa1.t o(String str, byte[] bArr) {
        y03.w(str, "keyAlias");
        y03.w(bArr, "data");
        ReentrantReadWriteLock.ReadLock readLock = this.t.readLock();
        readLock.lock();
        try {
            w();
            readLock.unlock();
            byte[] m2610for = m2610for(str);
            if (m2610for == null) {
                m2610for = n(str);
            }
            try {
                SecretKeySpec secretKeySpec = new SecretKeySpec(m2610for, "AES");
                ReentrantLock reentrantLock = this.f2655for;
                reentrantLock.lock();
                try {
                    Cipher cipher = this.q;
                    if (cipher == null) {
                        y03.a("aesCipher");
                        throw null;
                    }
                    cipher.init(1, secretKeySpec);
                    Cipher cipher2 = this.q;
                    if (cipher2 == null) {
                        y03.a("aesCipher");
                        throw null;
                    }
                    byte[] doFinal = cipher2.doFinal(bArr);
                    y03.o(doFinal, "encrypted");
                    Cipher cipher3 = this.q;
                    if (cipher3 == null) {
                        y03.a("aesCipher");
                        throw null;
                    }
                    byte[] iv = cipher3.getIV();
                    y03.o(iv, "aesCipher.iv");
                    return new qa1.t(doFinal, iv);
                } finally {
                    reentrantLock.unlock();
                }
            } catch (Exception e) {
                throw new pa1("Failed to encrypt with raw aes key", e);
            }
        } catch (Throwable th) {
            readLock.unlock();
            throw th;
        }
    }

    @Override // defpackage.qa1
    public void r(String str) {
        y03.w(str, "keyAlias");
        this.g.r(str, null);
    }

    @Override // defpackage.qa1
    public boolean t(long j) {
        return this.w.await(j, TimeUnit.MILLISECONDS);
    }

    @Override // defpackage.qa1
    /* renamed from: try, reason: not valid java name */
    public byte[] mo2611try(String str, qa1.t tVar) {
        y03.w(str, "keyAlias");
        y03.w(tVar, "data");
        ReentrantReadWriteLock.ReadLock readLock = this.t.readLock();
        readLock.lock();
        try {
            w();
            readLock.unlock();
            byte[] m2610for = m2610for(str);
            if (m2610for == null) {
                throw new pa1("No key with alias " + str);
            }
            try {
                ReentrantLock reentrantLock = this.f2655for;
                reentrantLock.lock();
                try {
                    SecretKeySpec secretKeySpec = new SecretKeySpec(m2610for, "AES");
                    Cipher cipher = this.q;
                    if (cipher == null) {
                        y03.a("aesCipher");
                        throw null;
                    }
                    cipher.init(2, secretKeySpec, new IvParameterSpec(tVar.r()));
                    Cipher cipher2 = this.q;
                    if (cipher2 == null) {
                        y03.a("aesCipher");
                        throw null;
                    }
                    byte[] doFinal = cipher2.doFinal(tVar.t());
                    reentrantLock.unlock();
                    y03.o(doFinal, "cipherLock.withLock {\n  …(data.data)\n            }");
                    return doFinal;
                } catch (Throwable th) {
                    reentrantLock.unlock();
                    throw th;
                }
            } catch (Exception e) {
                throw new pa1("Failed to decrypt with aes key", e);
            }
        } catch (Throwable th2) {
            readLock.unlock();
            throw th2;
        }
    }

    public final void u(zz2<? super Exception, yv2> zz2Var, oz2<yv2> oz2Var) throws pa1 {
        KeyStore keyStore;
        y03.w(zz2Var, "exceptionHandler");
        y03.w(oz2Var, "masterKeyCreationCallback");
        ReentrantReadWriteLock reentrantReadWriteLock = this.t;
        ReentrantReadWriteLock.ReadLock readLock = reentrantReadWriteLock.readLock();
        int i = 0;
        int readHoldCount = reentrantReadWriteLock.getWriteHoldCount() == 0 ? reentrantReadWriteLock.getReadHoldCount() : 0;
        for (int i2 = 0; i2 < readHoldCount; i2++) {
            readLock.unlock();
        }
        ReentrantReadWriteLock.WriteLock writeLock = reentrantReadWriteLock.writeLock();
        writeLock.lock();
        try {
            try {
                if (this.w.getCount() == 0) {
                    return;
                }
                try {
                    keyStore = KeyStore.getInstance("AndroidKeyStore");
                    y03.o(keyStore, "KeyStore.getInstance(\"AndroidKeyStore\")");
                    this.n = keyStore;
                } catch (Exception e) {
                    zz2Var.invoke(new pa1("Failed to run init", e));
                }
                if (keyStore == null) {
                    y03.a("keyStore");
                    throw null;
                }
                keyStore.load(null);
                Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
                y03.o(cipher, "Cipher.getInstance(AES_CIPHER_SUIT)");
                this.q = cipher;
                if (!g()) {
                    try {
                        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                        keyPairGenerator.initialize(q());
                        keyPairGenerator.generateKeyPair();
                        oz2Var.t();
                    } catch (Exception e2) {
                        throw new pa1("Failed to generate master key", e2);
                    }
                }
                this.w.countDown();
                while (i < readHoldCount) {
                    readLock.lock();
                    i++;
                }
                writeLock.unlock();
            } catch (Throwable th) {
                this.w.countDown();
                throw th;
            }
        } finally {
            while (i < readHoldCount) {
                readLock.lock();
                i++;
            }
            writeLock.unlock();
        }
    }
}
