package com.ca.mas.core.util;

import android.annotation.TargetApi;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyProtection;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Log;
import androidx.annotation.RequiresApi;
import com.ca.mas.foundation.MAS;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Destroyable;

/* loaded from: classes.dex */
public class KeyUtilsSymmetric {
    private static final String AES_GCM_NO_PADDING = "AES/GCM/NoPadding";
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String DEFAULT_ALGORITHM = "AES";
    private static final int DEFAULT_KEY_LENGTH = 256;
    private static final String HMAC_SHA256 = "HmacSHA256";
    private static final int IV_LENGTH = 12;

    protected KeyUtilsSymmetric() {
    }

    @RequiresApi(23)
    private static void checkDeleteKeys(String str, Exception exc) {
        if (exc instanceof UserNotAuthenticatedException) {
            return;
        }
        deleteKey(str);
        if (MAS.DEBUG) {
            Log.e(MAS.TAG, "deleted key " + str + " since User not authenticated");
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:16:0x0034 A[Catch: all -> 0x0027, TRY_ENTER, TryCatch #1 {all -> 0x0027, blocks: (B:3:0x0003, B:13:0x002e, B:16:0x0034, B:17:0x0039, B:18:0x003e), top: B:2:0x0003 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static byte[] computeMac(java.lang.String r5, byte[] r6) {
        /*
            java.lang.String r0 = "HmacSHA256"
            r1 = 0
            javax.crypto.Mac r2 = javax.crypto.Mac.getInstance(r0)     // Catch: java.lang.Throwable -> L27 java.io.UnsupportedEncodingException -> L29 java.security.InvalidKeyException -> L2b java.security.NoSuchAlgorithmException -> L2d
            javax.crypto.spec.SecretKeySpec r3 = new javax.crypto.spec.SecretKeySpec     // Catch: java.lang.Throwable -> L27 java.io.UnsupportedEncodingException -> L29 java.security.InvalidKeyException -> L2b java.security.NoSuchAlgorithmException -> L2d
            java.lang.String r4 = "UTF-8"
            byte[] r5 = r5.getBytes(r4)     // Catch: java.lang.Throwable -> L27 java.io.UnsupportedEncodingException -> L29 java.security.InvalidKeyException -> L2b java.security.NoSuchAlgorithmException -> L2d
            r3.<init>(r5, r0)     // Catch: java.lang.Throwable -> L27 java.io.UnsupportedEncodingException -> L29 java.security.InvalidKeyException -> L2b java.security.NoSuchAlgorithmException -> L2d
            r2.init(r3)     // Catch: java.lang.Throwable -> L1d java.io.UnsupportedEncodingException -> L20 java.security.InvalidKeyException -> L22 java.security.NoSuchAlgorithmException -> L24
            byte[] r5 = r2.doFinal(r6)     // Catch: java.lang.Throwable -> L1d java.io.UnsupportedEncodingException -> L20 java.security.InvalidKeyException -> L22 java.security.NoSuchAlgorithmException -> L24
            destroyKey(r3)
            return r5
        L1d:
            r5 = move-exception
            r1 = r3
            goto L3f
        L20:
            r5 = move-exception
            goto L25
        L22:
            r5 = move-exception
            goto L25
        L24:
            r5 = move-exception
        L25:
            r1 = r3
            goto L2e
        L27:
            r5 = move-exception
            goto L3f
        L29:
            r5 = move-exception
            goto L2e
        L2b:
            r5 = move-exception
            goto L2e
        L2d:
            r5 = move-exception
        L2e:
            boolean r6 = com.ca.mas.foundation.MAS.DEBUG     // Catch: java.lang.Throwable -> L27
            java.lang.String r0 = "Error while calculating signature"
            if (r6 == 0) goto L39
            java.lang.String r6 = "MAS"
            android.util.Log.e(r6, r0, r5)     // Catch: java.lang.Throwable -> L27
        L39:
            java.lang.RuntimeException r6 = new java.lang.RuntimeException     // Catch: java.lang.Throwable -> L27
            r6.<init>(r0, r5)     // Catch: java.lang.Throwable -> L27
            throw r6     // Catch: java.lang.Throwable -> L27
        L3f:
            destroyKey(r1)
            throw r5
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ca.mas.core.util.KeyUtilsSymmetric.computeMac(java.lang.String, byte[]):byte[]");
    }

    private static byte[] concatArrays(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        int length = bArr.length;
        int length2 = bArr2.length;
        int length3 = bArr3.length;
        int i = length + length2;
        byte[] bArr4 = new byte[i + length3];
        System.arraycopy(bArr, 0, bArr4, 0, length);
        System.arraycopy(bArr2, 0, bArr4, length, length2);
        System.arraycopy(bArr3, 0, bArr4, i, length3);
        return bArr4;
    }

    public static byte[] decrypt(byte[] bArr, SecretKey secretKey, String str) {
        try {
            Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING);
            try {
                int macLength = Mac.getInstance(HMAC_SHA256).getMacLength();
                int length = (bArr.length - 12) - macLength;
                byte[] arraySubset = getArraySubset(bArr, 0, macLength);
                byte[] arraySubset2 = getArraySubset(bArr, macLength, 12);
                byte[] arraySubset3 = getArraySubset(bArr, macLength + 12, length);
                if (!Arrays.equals(computeMac(str, arraySubset3), arraySubset)) {
                    if (MAS.DEBUG) {
                        Log.e(MAS.TAG, "MAC signature could not be verified");
                    }
                    throw new RuntimeException("MAC signature could not be verified");
                }
                try {
                    cipher.init(2, secretKey, Build.VERSION.SDK_INT >= 21 ? new GCMParameterSpec(128, arraySubset2) : new IvParameterSpec(arraySubset2));
                    return cipher.doFinal(arraySubset3);
                } catch (Exception e) {
                    if (Build.VERSION.SDK_INT >= 23) {
                        checkDeleteKeys(str, e);
                    }
                    if (MAS.DEBUG) {
                        Log.i(MAS.TAG, "Error while decrypting an cipher instance", e);
                    }
                    throw new RuntimeException(e.getMessage(), e);
                }
            } catch (NoSuchAlgorithmException e2) {
                if (MAS.DEBUG) {
                    Log.e(MAS.TAG, "Error while instantiating MAC", e2);
                }
                throw new RuntimeException("Error while instantiating MAC", e2);
            }
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e3) {
            if (MAS.DEBUG) {
                Log.e(MAS.TAG, "Error while getting an cipher instance", e3);
            }
            throw new RuntimeException("Error while getting an cipher instance", e3);
        }
    }

    public static void deleteKey(String str) {
        if (Build.VERSION.SDK_INT >= 23) {
            deleteKeyAndroidM(str);
        }
    }

    @RequiresApi(23)
    private static void deleteKeyAndroidM(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            try {
                keyStore.load(null);
                try {
                    keyStore.deleteEntry(str);
                } catch (KeyStoreException e) {
                    if (MAS.DEBUG) {
                        Log.e(MAS.TAG, "Error deleting Android keyStore");
                    }
                    throw new RuntimeException("Error deleting Android keyStore", e);
                }
            } catch (IOException | NoSuchAlgorithmException | CertificateException e2) {
                if (MAS.DEBUG) {
                    Log.e(MAS.TAG, "Error loading Android keyStore");
                }
                throw new RuntimeException("Error loading Android keyStore", e2);
            }
        } catch (KeyStoreException e3) {
            if (MAS.DEBUG) {
                Log.e(MAS.TAG, "Error instantiating Android keyStore");
            }
            throw new RuntimeException("Error instantiating Android keyStore", e3);
        }
    }

    private static void destroyKey(SecretKey secretKey) {
        if (secretKey instanceof Destroyable) {
            try {
                secretKey.destroy();
            } catch (DestroyFailedException unused) {
                if (MAS.DEBUG) {
                    Log.w(MAS.TAG, "Could not destroy key");
                }
            }
        }
    }

    public static byte[] encrypt(byte[] bArr, SecretKey secretKey, String str) {
        byte[] bArr2;
        if (bArr == null) {
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING);
            if (Build.VERSION.SDK_INT >= 23) {
                cipher.init(1, secretKey);
                bArr2 = cipher.getIV();
            } else {
                byte[] bArr3 = new byte[12];
                new SecureRandom().nextBytes(bArr3);
                cipher.init(1, secretKey, Build.VERSION.SDK_INT >= 21 ? new GCMParameterSpec(128, bArr3) : new IvParameterSpec(bArr3));
                bArr2 = bArr3;
            }
            byte[] doFinal = cipher.doFinal(bArr);
            return concatArrays(computeMac(str, doFinal), bArr2, doFinal);
        } catch (Exception e) {
            if (MAS.DEBUG) {
                Log.e(MAS.TAG, "inside exception of encrypt function: ", e);
            }
            if (Build.VERSION.SDK_INT >= 23) {
                checkDeleteKeys(str, e);
            }
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    public static SecretKey generateKey(String str, String str2, int i, boolean z, boolean z2, int i2, boolean z3) {
        String str3;
        int i3;
        if (str2 == null || str2.trim().length() == 0) {
            if (MAS.DEBUG) {
                Log.d(MAS.TAG, "Algorithm (" + str2 + ") is either null or zero length, assigning default: " + DEFAULT_ALGORITHM);
            }
            str3 = DEFAULT_ALGORITHM;
        } else {
            str3 = str2;
        }
        if (i < 256) {
            if (MAS.DEBUG) {
                Log.d(MAS.TAG, "key length (" + i + ") is less than zero, assigning default: 256");
            }
            i3 = 256;
        } else {
            i3 = i;
        }
        if (Build.VERSION.SDK_INT < 23) {
            return generateKeyInMemory(str3, i3);
        }
        if (!z) {
            return Build.VERSION.SDK_INT >= 24 ? generateKeyInAndroidKeyStoreAndroidN(str, str3, i3, z2, i2, z3) : generateKeyInAndroidKeyStoreAndroidM(str, str3, i3, z2, i2);
        }
        SecretKey generateKeyInMemory = generateKeyInMemory(str3, i3);
        if (Build.VERSION.SDK_INT >= 24) {
            storeKeyAndroidN(str, generateKeyInMemory, z2, i2, z3);
            return generateKeyInMemory;
        }
        storeKeyAndroidM(str, generateKeyInMemory, z2, i2);
        return generateKeyInMemory;
    }

    @TargetApi(23)
    private static SecretKey generateKeyInAndroidKeyStoreAndroidM(String str, String str2, int i, boolean z, int i2) {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str2, ANDROID_KEY_STORE);
            KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(str, 3);
            int i3 = 256;
            if (i >= 256) {
                i3 = i;
            }
            KeyGenParameterSpec.Builder userAuthenticationRequired = builder.setKeySize(i3).setBlockModes("CBC", "CTR", "GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(true).setUserAuthenticationRequired(z);
            if (z && i2 > 0) {
                userAuthenticationRequired.setUserAuthenticationValidityDurationSeconds(i2);
            }
            keyGenerator.init(userAuthenticationRequired.build());
            return keyGenerator.generateKey();
        } catch (Exception e) {
            if (MAS.DEBUG) {
                Log.e(MAS.TAG, "Error generateKeyInAndroidKeyStore", e);
            }
            throw new RuntimeException("Error generateKeyInAndroidKeyStore", e);
        }
    }

    @TargetApi(24)
    private static SecretKey generateKeyInAndroidKeyStoreAndroidN(String str, String str2, int i, boolean z, int i2, boolean z2) {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str2, ANDROID_KEY_STORE);
            KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(str, 3);
            int i3 = 256;
            if (i >= 256) {
                i3 = i;
            }
            KeyGenParameterSpec.Builder invalidatedByBiometricEnrollment = builder.setKeySize(i3).setBlockModes("CBC", "CTR", "GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(true).setUserAuthenticationRequired(z).setInvalidatedByBiometricEnrollment(z2);
            if (z && i2 > 0) {
                invalidatedByBiometricEnrollment.setUserAuthenticationValidityDurationSeconds(i2);
            }
            keyGenerator.init(invalidatedByBiometricEnrollment.build());
            return keyGenerator.generateKey();
        } catch (Exception e) {
            if (MAS.DEBUG) {
                Log.e(MAS.TAG, "Error generateKeyInAndroidKeyStore", e);
            }
            throw new RuntimeException("Error generateKeyInAndroidKeyStore", e);
        }
    }

    private static SecretKey generateKeyInMemory(String str, int i) {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str);
            keyGenerator.init(i);
            return keyGenerator.generateKey();
        } catch (Exception e) {
            if (MAS.DEBUG) {
                Log.e(MAS.TAG, "Error generateKeyInMemory", e);
            }
            throw new RuntimeException("Error generateKeyInMemory", e);
        }
    }

    private static byte[] getArraySubset(byte[] bArr, int i, int i2) {
        byte[] bArr2 = new byte[i2];
        System.arraycopy(bArr, i, bArr2, 0, i2);
        return bArr2;
    }

    public static SecretKey retrieveKey(String str) {
        if (Build.VERSION.SDK_INT >= 23) {
            return retrieveKeyAndroidM(str);
        }
        return null;
    }

    @TargetApi(23)
    private static SecretKey retrieveKeyAndroidM(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            try {
                keyStore.load(null);
                try {
                    KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore.getEntry(str, null);
                    if (secretKeyEntry == null) {
                        return null;
                    }
                    return secretKeyEntry.getSecretKey();
                } catch (NullPointerException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
                    if (MAS.DEBUG) {
                        Log.e(MAS.TAG, "Error while getting entry from Android KeyStore", e);
                    }
                    throw new RuntimeException("Error while getting entry from Android KeyStore", e);
                }
            } catch (IOException | NoSuchAlgorithmException | CertificateException e2) {
                if (MAS.DEBUG) {
                    Log.e(MAS.TAG, "Error while loading Android KeyStore instance", e2);
                }
                throw new RuntimeException("Error while loading Android KeyStore instance", e2);
            }
        } catch (KeyStoreException e3) {
            if (MAS.DEBUG) {
                Log.e(MAS.TAG, "Error while instantiating Android KeyStore instance", e3);
            }
            throw new RuntimeException("Error while instantiating Android KeyStore instance", e3);
        }
    }

    @TargetApi(23)
    public static boolean storeKeyAndroidM(String str, SecretKey secretKey, boolean z, int i) {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore.load(null);
            KeyProtection.Builder userAuthenticationRequired = new KeyProtection.Builder(3).setBlockModes("CBC", "CTR", "GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(true).setUserAuthenticationRequired(z);
            if (z && i > 0) {
                userAuthenticationRequired.setUserAuthenticationValidityDurationSeconds(i);
            }
            try {
                keyStore.setEntry(str, new KeyStore.SecretKeyEntry(secretKey), userAuthenticationRequired.build());
                return true;
            } catch (KeyStoreException e) {
                if (MAS.DEBUG) {
                    Log.e(MAS.TAG, "Error setting entry into Android keyStore");
                }
                throw new RuntimeException("Error setting entry into Android keyStore", e);
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            if (MAS.DEBUG) {
                Log.e(MAS.TAG, "Error instantiating Android keyStore");
            }
            throw new RuntimeException("Error instantiating Android keyStore", e2);
        }
    }

    @RequiresApi(24)
    public static boolean storeKeyAndroidN(String str, SecretKey secretKey, boolean z, int i, boolean z2) {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore.load(null);
            KeyProtection.Builder invalidatedByBiometricEnrollment = new KeyProtection.Builder(3).setBlockModes("CBC", "CTR", "GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(true).setUserAuthenticationRequired(z).setInvalidatedByBiometricEnrollment(z2);
            if (z && i > 0) {
                invalidatedByBiometricEnrollment.setUserAuthenticationValidityDurationSeconds(i);
            }
            try {
                keyStore.setEntry(str, new KeyStore.SecretKeyEntry(secretKey), invalidatedByBiometricEnrollment.build());
                return true;
            } catch (KeyStoreException e) {
                if (MAS.DEBUG) {
                    Log.e(MAS.TAG, "Error setting entry into Android keyStore");
                }
                throw new RuntimeException("Error setting entry into Android keyStore", e);
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            if (MAS.DEBUG) {
                Log.e(MAS.TAG, "Error instantiating Android keyStore");
            }
            throw new RuntimeException("Error instantiating Android keyStore", e2);
        }
    }
}
