package com.amazon.identity.auth.device.framework.crypto;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec$Builder;
import android.text.TextUtils;
import com.amazon.identity.auth.device.bc;
import com.amazon.identity.auth.device.framework.ar;
import com.amazon.identity.auth.device.framework.crypto.AESCipher;
import com.amazon.identity.auth.device.storage.LocalDataStorage;
import com.amazon.identity.auth.device.storage.o;
import com.amazon.identity.auth.device.storage.u;
import com.amazon.identity.auth.device.utils.aq;
import com.amazon.identity.auth.device.utils.y;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.security.auth.x500.X500Principal;

/* compiled from: DCP */
@TargetApi(19)
/* loaded from: classes3.dex */
public class d implements b {
    private static d mo;
    private final Context mContext;
    private final byte[] mp;
    private final AESCipher mq;
    private final KeyStore mr;
    private final u ms;

    private d(Context context) throws Exception {
        byte[] a2;
        ar bC = ar.bC("LocalDataStorageEncryptor:InitiatingLocalDataStorageEncryptor");
        try {
            try {
                this.mContext = context;
                u l2 = u.l(context, "LOCAL_DS_ENCRYPTION_KEY_NAMESPACE");
                this.ms = l2;
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                this.mr = keyStore;
                keyStore.load(null);
                bC.bE("generateRSAKeyIfNotExists");
                if (keyStore == null) {
                    bC.bE("NullKeystore");
                    throw new IllegalArgumentException("Keystore is null! This should not happen");
                }
                if (keyStore.containsAlias("IDENTITY_MAP_KEYSTORE_ALIAS")) {
                    y.i("LocalDataStorageEncryptor", "RSA keypair exists, fast return.");
                    bC.bE("RSAKeyPairGenerated");
                } else {
                    y.i("LocalDataStorageEncryptor", "Generating RSA keypair");
                    if (!TextUtils.isEmpty(l2.cz("AES_ENCRYPTION_KEY"))) {
                        y.i("LocalDataStorageEncryptor", "AES key generated, deleting it and clearing db before generating new RSA keys");
                        l2.fI();
                        LocalDataStorage.ab(context);
                        o.Y(context);
                        bC.bE("DeleteExistAESKeyRegenerateRSAKey");
                    }
                    AlgorithmParameterSpec build = Build.VERSION.SDK_INT <= 23 ? new KeyPairGeneratorSpec.Builder(context).setAlias("IDENTITY_MAP_KEYSTORE_ALIAS").setSubject(new X500Principal("CN=IDENTITY_MAP_KEYSTORE_ALIAS")).setSerialNumber(BigInteger.TEN).setKeySize(2048).build() : new KeyGenParameterSpec$Builder("IDENTITY_MAP_KEYSTORE_ALIAS", 3).setCertificateSubject(new X500Principal("CN=IDENTITY_MAP_KEYSTORE_ALIAS")).setCertificateSerialNumber(BigInteger.TEN).setKeySize(2048).setEncryptionPaddings("PKCS1Padding").build();
                    try {
                        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                        keyPairGenerator.initialize(build);
                        keyPairGenerator.generateKeyPair();
                        bC.bE("RSAKeyPairGeneration:Success");
                    } catch (Exception unused) {
                        bC.bE("RSAKeyPairGeneration:Retry");
                        y.w("LocalDataStorageEncryptor", "Generating RSA key pair failed, retry once");
                        KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                        keyPairGenerator2.initialize(build);
                        keyPairGenerator2.generateKeyPair();
                        bC.bE("RSAKeyPairGeneration:Retry:Success");
                    }
                    bc.incrementCounterAndRecord("RSAKeyPairGeneration:Success:Overall");
                }
                String cz = this.ms.cz("AES_ENCRYPTION_KEY");
                if (TextUtils.isEmpty(cz)) {
                    y.i("LocalDataStorageEncryptor", "Generating AES encryption key");
                    a2 = AESCipher.a(AESCipher.KeySize.KEY_SIZE_256_BITS);
                    y.i("LocalDataStorageEncryptor", "Encrypting AES Key");
                    this.ms.T("AES_ENCRYPTION_KEY", aq.m(a(1, "RSA/ECB/PKCS1Padding", this.mr.getCertificate("IDENTITY_MAP_KEYSTORE_ALIAS").getPublicKey()).doFinal(a2)));
                    bC.bE("AESKeyGeneration:Success");
                } else {
                    y.i("LocalDataStorageEncryptor", "AES key generated, decrypting");
                    y.i("LocalDataStorageEncryptor", "Decrypting existed AES Key");
                    a2 = a(2, "RSA/ECB/PKCS1Padding", (PrivateKey) this.mr.getKey("IDENTITY_MAP_KEYSTORE_ALIAS", null)).doFinal(aq.dN(cz));
                }
                this.mp = a2;
                this.mq = new AESCipher(a2);
                bC.c(true);
                bc.incrementCounterAndRecord("LocalDataStorageEncryptor:Initiation:Success");
            } catch (Exception e2) {
                bC.bE("CreateFail:" + e2.getClass().getSimpleName());
                bC.c(false);
                bc.incrementCounterAndRecord("LocalDataStorageEncryptor:Initiation:Failed:" + e2.getClass().getSimpleName());
                throw e2;
            }
        } finally {
            bC.ea();
        }
    }

    public static synchronized d Q(Context context) throws Exception {
        d dVar;
        synchronized (d.class) {
            if (mo == null) {
                y.i("LocalDataStorageEncryptor", "Generating LocalDataStorageEncryptor instance");
                mo = new d(context);
                y.i("LocalDataStorageEncryptor", "Finish generating LocalDataStorageEncryptor instance");
            }
            dVar = mo;
        }
        return dVar;
    }

    private static Cipher a(int i2, String str, Key key) {
        try {
            Cipher cipher = Cipher.getInstance(str);
            cipher.init(i2, key);
            return cipher;
        } catch (Exception e2) {
            y.e("LocalDataStorageEncryptor", "Unable to create RSA cipher, this seems to be a system bug.", e2);
            throw new IllegalStateException("Unable to create RSA cipher.");
        }
    }

    @Override // com.amazon.identity.auth.device.framework.crypto.b
    public String bN(String str) {
        if (str == null) {
            return null;
        }
        "Data to be encrypted ".concat(str);
        y.dt("LocalDataStorageEncryptor");
        String m2 = aq.m(this.mq.g(aq.dM(str)));
        "Data after encryption is ".concat(String.valueOf(m2));
        y.dt("LocalDataStorageEncryptor");
        return "AES-GCM+".concat(String.valueOf(m2));
    }

    @Override // com.amazon.identity.auth.device.framework.crypto.b
    public String bO(String str) {
        if (str == null) {
            return null;
        }
        "Decrypting data ".concat(str);
        y.dt("LocalDataStorageEncryptor");
        if (!str.startsWith("AES-GCM+")) {
            return str;
        }
        try {
            String l2 = aq.l(this.mq.h(aq.dN(str.substring(8))));
            "Data after decryption is ".concat(String.valueOf(l2));
            y.dt("LocalDataStorageEncryptor");
            return l2;
        } catch (BadPaddingException unused) {
            y.e("LocalDataStorageEncryptor", "Bad padding shouldn't happen, just return null.");
            bc.incrementCounterAndRecord("LocalDataStorageEncryptor:decryptData:BadPadding");
            return null;
        }
    }
}
