package com.microsoft.skype.teams.storage.cipherStorage;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import com.microsoft.skype.teams.storage.exceptions.CryptoFailedException;
import com.microsoft.skype.teams.storage.exceptions.KeyStoreAccessException;
import com.microsoft.teams.androidutils.AndroidUtils;
import com.microsoft.teams.nativecore.logger.ILogger;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes10.dex */
public class CipherStorage {
    private static final String AES_MODE = "AES/CBC/PKCS7Padding";
    private static final String ALGORITHM_AES = "AES";
    private static final String ALGORITHM_RSA = "RSA";
    private static final String DEFAULT_SERVICE = "CIPHER_STORAGE_DEFAULT_ALIAS";
    private static final int ENCRYPTION_KEY_SIZE = 256;
    private static final String KEYSTORE_TYPE = "AndroidKeyStore";
    private static final int KEY_BYTES_LENGTH = 256;
    private static final String LOG_TAG = "CipherStorage";
    private static final int RANDOM_KEY_LENGTH = 16;
    private static final String RSA_MODE = "RSA/ECB/PKCS1Padding";
    private volatile Cipher mCachedCipher;
    private volatile KeyStore mCachedKeyStore;
    private Context mContext;
    private transient AtomicBoolean mIsStrongboxAvailable;
    private final Object mSyncStrongbox = new Object();
    private static final Charset UTF8 = Charset.forName("UTF-8");
    private static final Object CIPHER_LOCK = new Object();

    /* loaded from: classes10.dex */
    public static final class IV {
        public static final int IV_LENGTH = 16;

        public static IvParameterSpec readIv(byte[] bArr) throws IOException {
            byte[] bArr2 = new byte[16];
            if (16 >= bArr.length) {
                throw new IOException("Insufficient length of input data for IV extracting.");
            }
            System.arraycopy(bArr, 0, bArr2, 0, 16);
            return new IvParameterSpec(bArr2);
        }
    }

    public CipherStorage(Context context) {
        this.mContext = context;
    }

    private String decryptBytes(Key key, byte[] bArr, ILogger iLogger) throws GeneralSecurityException, IOException {
        String str;
        synchronized (CIPHER_LOCK) {
            Cipher cachedCipherInstance = getCachedCipherInstance();
            try {
                String str2 = LOG_TAG;
                iLogger.log(5, str2, "While decrypting, bytes length:" + bArr.length, new Object[0]);
                cachedCipherInstance.init(2, key, IV.readIv(bArr));
                byte[] doFinal = cachedCipherInstance.doFinal(bArr, 16, bArr.length - 16);
                iLogger.log(5, str2, "While decrypting, decryptedBytes length:" + doFinal.length, new Object[0]);
                str = new String(doFinal, UTF8);
            } catch (Exception e2) {
                iLogger.log(7, LOG_TAG, e2, e2.getMessage(), new Object[0]);
                throw e2;
            }
        }
        return str;
    }

    private String decryptBytesForPreAndroidM(KeyStore.PrivateKeyEntry privateKeyEntry, byte[] bArr, ILogger iLogger) throws GeneralSecurityException, IOException {
        if (bArr.length <= 256) {
            throw new IOException("Invalid length of input data for secret key extraction.");
        }
        byte[] bArr2 = new byte[bArr.length - 256];
        byte[] bArr3 = new byte[256];
        System.arraycopy(bArr, 0, bArr3, 0, 256);
        System.arraycopy(bArr, 256, bArr2, 0, bArr.length - 256);
        byte[] decryptSecretKeyForPreAndroidM = decryptSecretKeyForPreAndroidM(privateKeyEntry, bArr3, iLogger);
        if (decryptSecretKeyForPreAndroidM != null) {
            return decryptBytes(new SecretKeySpec(decryptSecretKeyForPreAndroidM, ALGORITHM_AES), bArr2, iLogger);
        }
        throw new GeneralSecurityException("Empty key extracted!");
    }

    private byte[] decryptSecretKeyForPreAndroidM(KeyStore.PrivateKeyEntry privateKeyEntry, byte[] bArr, ILogger iLogger) throws GeneralSecurityException, IOException {
        Cipher cipher = Cipher.getInstance(RSA_MODE, "AndroidOpenSSL");
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                cipher.init(2, privateKeyEntry.getPrivateKey());
                CipherInputStream cipherInputStream = new CipherInputStream(byteArrayInputStream, cipher);
                try {
                    ArrayList arrayList = new ArrayList();
                    while (true) {
                        int read = cipherInputStream.read();
                        if (read == -1) {
                            break;
                        }
                        arrayList.add(Byte.valueOf((byte) read));
                    }
                    int size = arrayList.size();
                    byte[] bArr2 = new byte[size];
                    for (int i2 = 0; i2 < size; i2++) {
                        bArr2[i2] = ((Byte) arrayList.get(i2)).byteValue();
                    }
                    cipherInputStream.close();
                    byteArrayInputStream.close();
                    return bArr2;
                } finally {
                }
            } finally {
            }
        } catch (Exception e2) {
            iLogger.log(7, LOG_TAG, e2, e2.getMessage(), new Object[0]);
            throw e2;
        }
    }

    private byte[] encryptSecretKeyPreAndroidM(KeyStore.PrivateKeyEntry privateKeyEntry, byte[] bArr, ILogger iLogger) throws GeneralSecurityException, IOException {
        Cipher cipher = Cipher.getInstance(RSA_MODE, "AndroidOpenSSL");
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                cipher.init(1, privateKeyEntry.getCertificate().getPublicKey());
                CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
                try {
                    cipherOutputStream.write(bArr);
                    cipherOutputStream.close();
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    byteArrayOutputStream.close();
                    return byteArray;
                } finally {
                }
            } finally {
            }
        } catch (Exception e2) {
            iLogger.log(7, LOG_TAG, e2, e2.getMessage(), new Object[0]);
            throw e2;
        }
    }

    private byte[] encryptString(Key key, String str, ILogger iLogger) throws IOException, GeneralSecurityException {
        byte[] byteArray;
        synchronized (CIPHER_LOCK) {
            Cipher cachedCipherInstance = getCachedCipherInstance();
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    cachedCipherInstance.init(1, key);
                    byte[] iv = cachedCipherInstance.getIV();
                    byteArrayOutputStream.write(iv, 0, iv.length);
                    byteArrayOutputStream.flush();
                    CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cachedCipherInstance);
                    try {
                        byte[] bytes = str.getBytes(UTF8);
                        iLogger.log(5, LOG_TAG, "While encrypting, value bytes length:" + bytes.length, new Object[0]);
                        cipherOutputStream.write(bytes);
                        cipherOutputStream.close();
                        byteArray = byteArrayOutputStream.toByteArray();
                        byteArrayOutputStream.close();
                    } finally {
                    }
                } catch (Throwable th) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (Exception e2) {
                iLogger.log(7, LOG_TAG, e2, e2.getMessage(), new Object[0]);
                throw e2;
            }
        }
        return byteArray;
    }

    private byte[] encryptStringForPreAndroidM(KeyStore.PrivateKeyEntry privateKeyEntry, String str, ILogger iLogger) throws GeneralSecurityException, IOException {
        byte[] secretKey = getSecretKey();
        byte[] encryptSecretKeyPreAndroidM = encryptSecretKeyPreAndroidM(privateKeyEntry, secretKey, iLogger);
        byte[] encryptString = encryptString(new SecretKeySpec(secretKey, ALGORITHM_AES), str, iLogger);
        if (encryptSecretKeyPreAndroidM == null) {
            throw new GeneralSecurityException("Empty key extracted!");
        }
        byte[] bArr = new byte[encryptSecretKeyPreAndroidM.length + encryptString.length];
        System.arraycopy(encryptSecretKeyPreAndroidM, 0, bArr, 0, encryptSecretKeyPreAndroidM.length);
        System.arraycopy(encryptString, 0, bArr, encryptSecretKeyPreAndroidM.length, encryptString.length);
        return bArr;
    }

    @Deprecated
    private KeyStore.PrivateKeyEntry extractGenerateKeyForPreAndroidM(String str) throws GeneralSecurityException {
        KeyStore keyStoreAndLoad = getKeyStoreAndLoad();
        if (!keyStoreAndLoad.containsAlias(str)) {
            synchronized (this) {
                if (!keyStoreAndLoad.containsAlias(str)) {
                    Calendar calendar = Calendar.getInstance();
                    Calendar calendar2 = Calendar.getInstance();
                    calendar2.add(1, 30);
                    KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.mContext).setAlias(str).setSubject(new X500Principal("CN=" + str)).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM_RSA, KEYSTORE_TYPE);
                    keyPairGenerator.initialize(build);
                    keyPairGenerator.generateKeyPair();
                }
            }
        }
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStoreAndLoad.getEntry(str, null);
        if (privateKeyEntry != null) {
            return privateKeyEntry;
        }
        throw new KeyStoreAccessException("Empty key extracted!");
    }

    private Key extractGeneratedKey(String str, AtomicInteger atomicInteger, ILogger iLogger) throws GeneralSecurityException {
        Key extractKey;
        do {
            KeyStore keyStoreAndLoad = getKeyStoreAndLoad();
            if (!keyStoreAndLoad.containsAlias(str)) {
                synchronized (this) {
                    if (!keyStoreAndLoad.containsAlias(str)) {
                        generateKeyAndStoreUnderAlias(str, iLogger);
                    }
                }
            }
            extractKey = extractKey(keyStoreAndLoad, str, atomicInteger);
        } while (extractKey == null);
        return extractKey;
    }

    private Key extractKey(KeyStore keyStore, String str, AtomicInteger atomicInteger) throws GeneralSecurityException {
        try {
            Key key = keyStore.getKey(str, null);
            if (key != null) {
                return key;
            }
            throw new KeyStoreAccessException("Empty key extracted!");
        } catch (UnrecoverableKeyException e2) {
            if (atomicInteger.getAndDecrement() <= 0) {
                throw e2;
            }
            keyStore.deleteEntry(str);
            return null;
        }
    }

    private Key generateKey(KeyGenParameterSpec keyGenParameterSpec) throws GeneralSecurityException {
        if (AndroidUtils.isMarshmallowOrHigher()) {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(ALGORITHM_AES, KEYSTORE_TYPE);
            keyGenerator.init(keyGenParameterSpec);
            return keyGenerator.generateKey();
        }
        throw new KeyStoreAccessException("Unsupported API" + Build.VERSION.SDK_INT + " version detected.");
    }

    private void generateKeyAndStoreUnderAlias(String str, ILogger iLogger) throws GeneralSecurityException {
        Key key;
        synchronized (this.mSyncStrongbox) {
            AtomicBoolean atomicBoolean = this.mIsStrongboxAvailable;
            key = null;
            if (atomicBoolean == null || atomicBoolean.get()) {
                if (this.mIsStrongboxAvailable == null) {
                    this.mIsStrongboxAvailable = new AtomicBoolean(false);
                }
                try {
                    key = tryGenerateStrongBoxSecurityKey(str);
                    this.mIsStrongboxAvailable.set(true);
                } catch (GeneralSecurityException | ProviderException e2) {
                    iLogger.log(6, LOG_TAG, e2, "StrongBox security storage is not available.", new Object[0]);
                }
            }
        }
        if (key == null || !this.mIsStrongboxAvailable.get()) {
            try {
                tryGenerateRegularSecurityKey(str);
            } catch (GeneralSecurityException e3) {
                iLogger.log(7, LOG_TAG, e3, "Regular security storage is not available.", new Object[0]);
                throw e3;
            }
        }
    }

    private Cipher getCachedCipherInstance() throws GeneralSecurityException {
        if (this.mCachedCipher == null) {
            synchronized (this) {
                if (this.mCachedCipher == null) {
                    this.mCachedCipher = Cipher.getInstance(getEncryptionTransformation());
                }
            }
        }
        return this.mCachedCipher;
    }

    private String getDefaultAliasServiceName() {
        return DEFAULT_SERVICE;
    }

    private String getEncryptionTransformation() {
        return AES_MODE;
    }

    private KeyGenParameterSpec.Builder getKeyGenSpecBuilder(String str) throws GeneralSecurityException {
        if (AndroidUtils.isMarshmallowOrHigher()) {
            return new KeyGenParameterSpec.Builder(str, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setRandomizedEncryptionRequired(true).setKeySize(256);
        }
        throw new KeyStoreAccessException("Unsupported API" + Build.VERSION.SDK_INT + " version detected.");
    }

    private KeyStore getKeyStoreAndLoad() throws KeyStoreAccessException {
        if (this.mCachedKeyStore == null) {
            synchronized (this) {
                if (this.mCachedKeyStore == null) {
                    try {
                        KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
                        keyStore.load(null);
                        this.mCachedKeyStore = keyStore;
                    } catch (Exception e2) {
                        throw new KeyStoreAccessException("Could not access Keystore", e2);
                    }
                }
            }
        }
        return this.mCachedKeyStore;
    }

    private byte[] getSecretKey() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private Key tryGenerateRegularSecurityKey(String str) throws GeneralSecurityException {
        if (AndroidUtils.isMarshmallowOrHigher()) {
            return generateKey(getKeyGenSpecBuilder(str).build());
        }
        throw new KeyStoreAccessException("Regular security keystore is not supported for old API" + Build.VERSION.SDK_INT + ".");
    }

    private Key tryGenerateStrongBoxSecurityKey(String str) throws GeneralSecurityException {
        if (AndroidUtils.isPOrHigher()) {
            return generateKey(getKeyGenSpecBuilder(str).setIsStrongBoxBacked(true).build());
        }
        throw new KeyStoreAccessException("Strong box security keystore is not supported for old API" + Build.VERSION.SDK_INT + ".");
    }

    public String decrypt(byte[] bArr, ILogger iLogger) throws CryptoFailedException {
        String defaultAliasServiceName = getDefaultAliasServiceName();
        try {
            return AndroidUtils.isMarshmallowOrHigher() ? decryptBytes(extractGeneratedKey(defaultAliasServiceName, new AtomicInteger(1), iLogger), bArr, iLogger) : decryptBytesForPreAndroidM(extractGenerateKeyForPreAndroidM(defaultAliasServiceName), bArr, iLogger);
        } catch (GeneralSecurityException e2) {
            throw new CryptoFailedException("Could not decrypt data", e2);
        } catch (Exception e3) {
            throw new CryptoFailedException("Unknown error: " + e3.getMessage(), e3);
        }
    }

    public byte[] encrypt(String str, ILogger iLogger) throws CryptoFailedException {
        String defaultAliasServiceName = getDefaultAliasServiceName();
        try {
            return AndroidUtils.isMarshmallowOrHigher() ? encryptString(extractGeneratedKey(defaultAliasServiceName, new AtomicInteger(1), iLogger), str, iLogger) : encryptStringForPreAndroidM(extractGenerateKeyForPreAndroidM(defaultAliasServiceName), str, iLogger);
        } catch (GeneralSecurityException e2) {
            throw new CryptoFailedException("Could not encrypt data", e2);
        } catch (Exception e3) {
            throw new CryptoFailedException("Unknown error: " + e3.getMessage(), e3);
        }
    }
}
