package com.vk.core.preference.crypto;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import androidx.recyclerview.widget.RecyclerView;
import com.vk.core.preference.crypto.c;
import fv0.g;
import fv0.h;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Calendar;
import java.util.Date;
import java.util.Locale;
import java.util.Objects;
import java.util.UUID;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.text.w;
import n71.b0;
import ru.webim.android.sdk.impl.backend.WebimService;
import w71.l;
import x71.k;
import x71.t;
import x71.u;

/* loaded from: classes6.dex */
public final class a implements c {

    /* renamed from: a, reason: collision with root package name */
    private final h f19918a;

    /* renamed from: b, reason: collision with root package name */
    private final ReentrantReadWriteLock f19919b;

    /* renamed from: c, reason: collision with root package name */
    private final Context f19920c;

    /* renamed from: d, reason: collision with root package name */
    private final Date f19921d;

    /* renamed from: e, reason: collision with root package name */
    private final Date f19922e;

    /* renamed from: f, reason: collision with root package name */
    private CountDownLatch f19923f;

    /* renamed from: g, reason: collision with root package name */
    private KeyStore f19924g;

    /* renamed from: h, reason: collision with root package name */
    private Cipher f19925h;

    /* renamed from: i, reason: collision with root package name */
    private final ReentrantLock f19926i;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.vk.core.preference.crypto.a$a, reason: collision with other inner class name */
    /* loaded from: classes6.dex */
    public static final class C0389a extends u implements w71.a<b0> {

        /* renamed from: a, reason: collision with root package name */
        public static final C0389a f19927a = new C0389a();

        C0389a() {
            super(0);
        }

        @Override // w71.a
        public /* bridge */ /* synthetic */ b0 invoke() {
            return b0.f40747a;
        }
    }

    /* loaded from: classes6.dex */
    public static final class b {
        private b() {
        }

        public /* synthetic */ b(k kVar) {
            this();
        }
    }

    static {
        new b(null);
    }

    public a(Context context, Executor executor, final l<? super Exception, b0> lVar, h hVar, final w71.a<b0> aVar) {
        t.h(context, "context");
        t.h(executor, "initExecutor");
        t.h(lVar, "exceptionHandler");
        t.h(hVar, "keyStorage");
        t.h(aVar, "masterKeyCreationCallback");
        this.f19918a = hVar;
        this.f19919b = new ReentrantReadWriteLock();
        this.f19920c = context.getApplicationContext();
        this.f19923f = new CountDownLatch(1);
        this.f19926i = new ReentrantLock();
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        t.g(time, "calendar.time");
        this.f19921d = time;
        calendar.add(1, 30);
        Date time2 = calendar.getTime();
        t.g(time2, "calendar.time");
        this.f19922e = time2;
        executor.execute(new Runnable() { // from class: fv0.a
            @Override // java.lang.Runnable
            public final void run() {
                com.vk.core.preference.crypto.a.g(com.vk.core.preference.crypto.a.this, lVar, aVar);
            }
        });
    }

    public /* synthetic */ a(Context context, Executor executor, l lVar, h hVar, w71.a aVar, int i12, k kVar) {
        this(context, executor, lVar, hVar, (i12 & 16) != 0 ? C0389a.f19927a : aVar);
    }

    private final void f() {
        if (this.f19923f.getCount() > 0) {
            throw new EncryptionException("Manager is not initialized");
        }
        if (!k()) {
            throw new EncryptionException("Cannot perform operations without master key");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final void g(a aVar, l lVar, w71.a aVar2) {
        t.h(aVar, "this$0");
        t.h(lVar, "$exceptionHandler");
        t.h(aVar2, "$masterKeyCreationCallback");
        aVar.l(lVar, aVar2);
    }

    private final byte[] h(String str) {
        byte[] a12 = this.f19918a.a(str);
        if (a12 == null) {
            jw0.b.q(t.q("No key with alias ", str));
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding");
            KeyStore keyStore = this.f19924g;
            if (keyStore == null) {
                t.y("keyStore");
                keyStore = null;
            }
            cipher.init(2, keyStore.getKey("ALIAS_MASTER_KEY", null));
            byte[] doFinal = cipher.doFinal(a12);
            t.g(doFinal, "{\n            val cipher…r.doFinal(data)\n        }");
            t.h(doFinal, "encodedKey");
            return doFinal;
        } catch (Exception e12) {
            throw new EncryptionException("Failed to decrypt with master key", e12);
        }
    }

    private final void i() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(j());
            keyPairGenerator.generateKeyPair();
        } catch (Exception e12) {
            throw new EncryptionException("Failed to generate master key", e12);
        }
    }

    private final AlgorithmParameterSpec j() {
        if (Build.VERSION.SDK_INT >= 23) {
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("ALIAS_MASTER_KEY", 3).setKeySize(RecyclerView.ItemAnimator.FLAG_MOVED).setEncryptionPaddings("PKCS1Padding").setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(RecyclerView.ItemAnimator.FLAG_MOVED, RSAKeyGenParameterSpec.F4)).setCertificateSubject(new X500Principal("CN=ALIAS_MASTER_KEY")).setCertificateSerialNumber(BigInteger.valueOf(Math.abs(1301899345))).build();
            t.g(build, "Builder(MASTER_KEY_ALIAS…()))\n            .build()");
            return build;
        }
        KeyPairGeneratorSpec build2 = new KeyPairGeneratorSpec.Builder(this.f19920c).setAlias("ALIAS_MASTER_KEY").setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(RecyclerView.ItemAnimator.FLAG_MOVED, RSAKeyGenParameterSpec.F4)).setKeySize(RecyclerView.ItemAnimator.FLAG_MOVED).setSubject(new X500Principal("CN=ALIAS_MASTER_KEY")).setSerialNumber(BigInteger.valueOf(Math.abs(1301899345))).setStartDate(this.f19921d).setEndDate(this.f19922e).build();
        t.g(build2, "Builder(appContext)\n    …ate)\n            .build()");
        return build2;
    }

    private final boolean k() {
        try {
            KeyStore keyStore = this.f19924g;
            if (keyStore == null) {
                t.y("keyStore");
                keyStore = null;
            }
            if (keyStore.getKey("ALIAS_MASTER_KEY", null) != null) {
                return true;
            }
        } catch (Exception e12) {
            jw0.b.x(e12, "Failed to retrieve master key");
        }
        return false;
    }

    @Override // com.vk.core.preference.crypto.c
    public void a(String str) {
        t.h(str, "keyAlias");
        this.f19918a.b(str, null);
    }

    @Override // com.vk.core.preference.crypto.c
    public c.a b(String str, byte[] bArr) {
        String F;
        t.h(str, "keyAlias");
        t.h(bArr, WebimService.PARAMETER_DATA);
        ReentrantReadWriteLock.ReadLock readLock = this.f19919b.readLock();
        readLock.lock();
        try {
            f();
            b0 b0Var = b0.f40747a;
            readLock.unlock();
            byte[] h12 = h(str);
            Cipher cipher = null;
            if (h12 == null) {
                String uuid = UUID.randomUUID().toString();
                t.g(uuid, "randomUUID().toString()");
                String lowerCase = uuid.toLowerCase(Locale.ROOT);
                t.g(lowerCase, "(this as java.lang.Strin….toLowerCase(Locale.ROOT)");
                F = w.F(lowerCase, "-", "", false, 4, null);
                Objects.requireNonNull(F, "null cannot be cast to non-null type java.lang.String");
                char[] charArray = F.toCharArray();
                t.g(charArray, "(this as java.lang.String).toCharArray()");
                UUID randomUUID = UUID.randomUUID();
                t.g(randomUUID, "randomUUID()");
                try {
                    h12 = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(charArray, g.a(randomUUID), 10000, 256)).getEncoded();
                    t.g(h12, "generatedKey");
                    try {
                        Cipher cipher2 = Cipher.getInstance("RSA/NONE/PKCS1Padding");
                        KeyStore keyStore = this.f19924g;
                        if (keyStore == null) {
                            t.y("keyStore");
                            keyStore = null;
                        }
                        cipher2.init(1, keyStore.getCertificate("ALIAS_MASTER_KEY").getPublicKey());
                        byte[] doFinal = cipher2.doFinal(h12);
                        t.g(doFinal, "{\n            val cipher…r.doFinal(data)\n        }");
                        this.f19918a.b(str, doFinal);
                        t.h(h12, "encodedKey");
                    } catch (Exception e12) {
                        throw new EncryptionException("Failed to encrypt with master key", e12);
                    }
                } catch (Exception e13) {
                    throw new EncryptionException("Failed to generate key", e13);
                }
            }
            try {
                SecretKeySpec secretKeySpec = new SecretKeySpec(h12, "AES");
                ReentrantLock reentrantLock = this.f19926i;
                reentrantLock.lock();
                try {
                    Cipher cipher3 = this.f19925h;
                    if (cipher3 == null) {
                        t.y("aesCipher");
                        cipher3 = null;
                    }
                    cipher3.init(1, secretKeySpec);
                    Cipher cipher4 = this.f19925h;
                    if (cipher4 == null) {
                        t.y("aesCipher");
                        cipher4 = null;
                    }
                    byte[] doFinal2 = cipher4.doFinal(bArr);
                    t.g(doFinal2, "encrypted");
                    Cipher cipher5 = this.f19925h;
                    if (cipher5 == null) {
                        t.y("aesCipher");
                    } else {
                        cipher = cipher5;
                    }
                    byte[] iv2 = cipher.getIV();
                    t.g(iv2, "aesCipher.iv");
                    return new c.a(doFinal2, iv2);
                } finally {
                    reentrantLock.unlock();
                }
            } catch (Exception e14) {
                throw new EncryptionException("Failed to encrypt with raw aes key", e14);
            }
        } catch (Throwable th2) {
            readLock.unlock();
            throw th2;
        }
    }

    @Override // com.vk.core.preference.crypto.c
    public boolean c(long j12) {
        return this.f19923f.await(j12, TimeUnit.MILLISECONDS);
    }

    @Override // com.vk.core.preference.crypto.c
    public byte[] d(String str, c.a aVar) {
        t.h(str, "keyAlias");
        t.h(aVar, WebimService.PARAMETER_DATA);
        ReentrantReadWriteLock.ReadLock readLock = this.f19919b.readLock();
        readLock.lock();
        try {
            f();
            b0 b0Var = b0.f40747a;
            readLock.unlock();
            byte[] h12 = h(str);
            if (h12 == null) {
                throw new EncryptionException(t.q("No key with alias ", str));
            }
            try {
                ReentrantLock reentrantLock = this.f19926i;
                reentrantLock.lock();
                try {
                    SecretKeySpec secretKeySpec = new SecretKeySpec(h12, "AES");
                    Cipher cipher = this.f19925h;
                    Cipher cipher2 = null;
                    if (cipher == null) {
                        t.y("aesCipher");
                        cipher = null;
                    }
                    cipher.init(2, secretKeySpec, new IvParameterSpec(aVar.b()));
                    Cipher cipher3 = this.f19925h;
                    if (cipher3 == null) {
                        t.y("aesCipher");
                    } else {
                        cipher2 = cipher3;
                    }
                    byte[] doFinal = cipher2.doFinal(aVar.a());
                    reentrantLock.unlock();
                    t.g(doFinal, "{\n            cipherLock…)\n            }\n        }");
                    return doFinal;
                } catch (Throwable th2) {
                    reentrantLock.unlock();
                    throw th2;
                }
            } catch (Exception e12) {
                throw new EncryptionException("Failed to decrypt with aes key", e12);
            }
        } catch (Throwable th3) {
            readLock.unlock();
            throw th3;
        }
    }

    public final void l(l<? super Exception, b0> lVar, w71.a<b0> aVar) throws EncryptionException {
        CountDownLatch countDownLatch;
        t.h(lVar, "exceptionHandler");
        t.h(aVar, "masterKeyCreationCallback");
        ReentrantReadWriteLock reentrantReadWriteLock = this.f19919b;
        ReentrantReadWriteLock.ReadLock readLock = reentrantReadWriteLock.readLock();
        int i12 = 0;
        int readHoldCount = reentrantReadWriteLock.getWriteHoldCount() == 0 ? reentrantReadWriteLock.getReadHoldCount() : 0;
        for (int i13 = 0; i13 < readHoldCount; i13++) {
            readLock.unlock();
        }
        ReentrantReadWriteLock.WriteLock writeLock = reentrantReadWriteLock.writeLock();
        writeLock.lock();
        try {
            if (this.f19923f.getCount() == 0) {
                return;
            }
            try {
                try {
                    KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                    t.g(keyStore, "getInstance(\"AndroidKeyStore\")");
                    this.f19924g = keyStore;
                    if (keyStore == null) {
                        t.y("keyStore");
                        keyStore = null;
                    }
                    keyStore.load(null);
                    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
                    t.g(cipher, "getInstance(AES_CIPHER_SUIT)");
                    this.f19925h = cipher;
                    if (!k()) {
                        i();
                        aVar.invoke();
                    }
                    countDownLatch = this.f19923f;
                } catch (Exception e12) {
                    lVar.invoke(new EncryptionException("Failed to run init", e12));
                    countDownLatch = this.f19923f;
                }
                countDownLatch.countDown();
                b0 b0Var = b0.f40747a;
                while (i12 < readHoldCount) {
                    readLock.lock();
                    i12++;
                }
                writeLock.unlock();
            } catch (Throwable th2) {
                this.f19923f.countDown();
                throw th2;
            }
        } finally {
            while (i12 < readHoldCount) {
                readLock.lock();
                i12++;
            }
            writeLock.unlock();
        }
    }
}
