package com.sonos.acr.security;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.support.annotation.NonNull;
import android.util.Base64;
import com.google.gson.Gson;
import com.sonos.acr.util.SLog;
import com.sonos.acr.util.StringUtils;
import com.sonos.sclib.SCIPropertyBag;
import com.sonos.sclib.sclib;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Calendar;
import java.util.Enumeration;
import java.util.GregorianCalendar;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class SecureStore {
    private static final int AES_AUTHENTICATION_TAG_LENGTH = 128;
    private static final int AES_KEY_SIZE = 256;
    private static final String ALGORITHM_AES = "AES";
    private static final String LOG_ERROR = "An error occurred, code ";
    private static final String METRICS_CATEGORY = "application";
    private static final String METRICS_EVENT_NAME = "secureStore";
    private static final String METRICS_EVENT_PROPERTY_ERROR_STRING = "error";
    public static final String PROVIDER = "AndroidKeyStore";
    private static final String TRANSFORMATION_AES_CBC_PKCS7_PADDING = "AES/CBC/PKCS7Padding";
    private static final String TRANSFORMATION_AES_GCM_NO_PADDING = "AES/GCM/NoPadding";
    private static final String TRANSFORMATION_RSA_ECB_PKCS1_PADDING = "RSA/ECB/PKCS1Padding";
    private Context applicationContext;
    private Gson gson;
    private boolean isInitialized = false;
    private KeyStore keyStore;
    private SharedPreferences sharedPreferences;
    public static final String LOG_TAG = SecureStore.class.getSimpleName();
    public static final String KEY_ALIAS_AES = LOG_TAG + ".KeyStoreSecretKeyAlias";
    private static final String KEY_ALIAS = ".KeyAlias.";
    private static final String ALGORITHM_RSA = "RSA";
    public static final String KEY_ALIAS_RSA = LOG_TAG + KEY_ALIAS + ALGORITHM_RSA;
    private static SecureStore instance = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public enum Algorithm {
        AES,
        AES_GCM,
        AES_CBC,
        UNKNOWN
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class SecureEntry {
        private Algorithm algorithm;
        private byte[] entry;
        private byte[] initializationVector;

        private SecureEntry(@NonNull byte[] bArr, Algorithm algorithm, @NonNull byte[] bArr2) {
            this.entry = bArr;
            this.algorithm = algorithm;
            this.initializationVector = bArr2;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Algorithm getAlgorithm() {
            return this.algorithm;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public byte[] getInitializationVector() {
            return this.initializationVector;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public byte[] retrieveEntry() {
            return this.entry;
        }
    }

    private SecureStore() {
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:6:0x0010. Please report as an issue. */
    private byte[] decryptEntry(@NonNull SecureEntry secureEntry, @NonNull String str) {
        Algorithm algorithm;
        try {
            algorithm = secureEntry.getAlgorithm();
            if (algorithm == null) {
                algorithm = Algorithm.UNKNOWN;
            }
        } catch (InvalidAlgorithmParameterException e) {
            SLog.e(LOG_TAG, "An error occurred, code 10");
        } catch (InvalidKeyException e2) {
            SLog.e(LOG_TAG, "An error occurred, code 7");
        } catch (NoSuchAlgorithmException e3) {
            SLog.e(LOG_TAG, "An error occurred, code 5");
        } catch (BadPaddingException e4) {
            SLog.e(LOG_TAG, "An error occurred, code 9");
        } catch (IllegalBlockSizeException e5) {
            SLog.e(LOG_TAG, "An error occurred, code 8");
        } catch (NoSuchPaddingException e6) {
            SLog.e(LOG_TAG, "An error occurred, code 6");
        }
        switch (algorithm) {
            case AES:
            case AES_GCM:
                Cipher cipher = Cipher.getInstance(TRANSFORMATION_AES_GCM_NO_PADDING);
                cipher.init(2, getSecretKey(), new GCMParameterSpec(128, secureEntry.getInitializationVector()));
                return cipher.doFinal(secureEntry.retrieveEntry());
            case AES_CBC:
                Cipher cipher2 = Cipher.getInstance(TRANSFORMATION_AES_CBC_PKCS7_PADDING);
                cipher2.init(2, getSecretKey(), new IvParameterSpec(secureEntry.getInitializationVector()));
                return cipher2.doFinal(secureEntry.retrieveEntry());
            case UNKNOWN:
                SLog.e(LOG_TAG, "An error occurred, code 21");
            default:
                removeEntry(str);
                return null;
        }
    }

    private SecureEntry encryptEntry(@NonNull byte[] bArr) {
        SecureEntry secureEntry;
        try {
            if (Build.VERSION.SDK_INT >= 23) {
                Cipher cipher = Cipher.getInstance(TRANSFORMATION_AES_GCM_NO_PADDING);
                cipher.init(1, getSecretKey());
                secureEntry = new SecureEntry(cipher.doFinal(bArr), Algorithm.AES_GCM, cipher.getIV());
            } else {
                Cipher cipher2 = Cipher.getInstance(TRANSFORMATION_AES_CBC_PKCS7_PADDING);
                cipher2.init(1, getSecretKey());
                secureEntry = new SecureEntry(cipher2.doFinal(bArr), Algorithm.AES_CBC, cipher2.getIV());
            }
            return secureEntry;
        } catch (InvalidKeyException e) {
            SLog.e(LOG_TAG, "An error occurred, code 7");
            return null;
        } catch (NoSuchAlgorithmException e2) {
            SLog.e(LOG_TAG, "An error occurred, code 5");
            return null;
        } catch (BadPaddingException e3) {
            SLog.e(LOG_TAG, "An error occurred, code 9");
            return null;
        } catch (IllegalBlockSizeException e4) {
            SLog.e(LOG_TAG, "An error occurred, code 8");
            return null;
        } catch (NoSuchPaddingException e5) {
            SLog.e(LOG_TAG, "An error occurred, code 6");
            return null;
        }
    }

    public static SecureStore getInstance(@NonNull Context context) {
        if (instance == null) {
            instance = new SecureStore();
            instance.init(context);
        }
        return instance;
    }

    private SecretKey getSecretKey() {
        try {
            if (Build.VERSION.SDK_INT >= 23) {
                if (this.keyStore.containsAlias(KEY_ALIAS_AES)) {
                    if (this.keyStore.getKey(KEY_ALIAS_AES, null) instanceof SecretKey) {
                        return (SecretKey) this.keyStore.getKey(KEY_ALIAS_AES, null);
                    }
                    SLog.e(LOG_TAG, "An error occurred, code 19");
                }
                legacyCleanup();
                KeyGenerator keyGenerator = KeyGenerator.getInstance(ALGORITHM_AES, PROVIDER);
                keyGenerator.init(new KeyGenParameterSpec.Builder(KEY_ALIAS_AES, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(true).setKeySize(256).build());
                return keyGenerator.generateKey();
            }
            if (this.keyStore.containsAlias(KEY_ALIAS_RSA) && this.sharedPreferences.contains(KEY_ALIAS_AES)) {
                String string = this.sharedPreferences.getString(KEY_ALIAS_AES, null);
                if (StringUtils.isEmptyOrNull(string)) {
                    SLog.e(LOG_TAG, "An error occurred, code 18");
                } else {
                    Key key = null;
                    boolean z = false;
                    try {
                        key = this.keyStore.getKey(KEY_ALIAS_RSA, null);
                    } catch (RuntimeException e) {
                        z = true;
                        SCIPropertyBag createPropertyBag = sclib.createPropertyBag();
                        createPropertyBag.setStrProp("error", e.toString());
                        sclib.getAppReportingInstance().reportEventWithProps("application", METRICS_EVENT_NAME, createPropertyBag);
                        SLog.e(LOG_TAG, "An error occurred, code 23");
                    }
                    if (key instanceof PrivateKey) {
                        byte[] decode = Base64.decode(string, 0);
                        Cipher cipher = Cipher.getInstance(TRANSFORMATION_RSA_ECB_PKCS1_PADDING);
                        cipher.init(2, key);
                        byte[] doFinal = cipher.doFinal(decode);
                        if (doFinal != null && doFinal.length == 32) {
                            return new SecretKeySpec(doFinal, 0, doFinal.length, ALGORITHM_AES);
                        }
                        SLog.e(LOG_TAG, "An error occurred, code 16");
                    } else if (!z) {
                        SLog.e(LOG_TAG, "An error occurred, code 17");
                    }
                }
            }
            legacyCleanup();
            Calendar gregorianCalendar = GregorianCalendar.getInstance();
            Calendar gregorianCalendar2 = GregorianCalendar.getInstance();
            gregorianCalendar2.add(1, 10);
            KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.applicationContext).setAlias(KEY_ALIAS_RSA).setSubject(new X500Principal("CN=SecureStore, O=Sonos")).setSerialNumber(BigInteger.ONE).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM_RSA, PROVIDER);
            keyPairGenerator.initialize(build);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            KeyGenerator keyGenerator2 = KeyGenerator.getInstance(ALGORITHM_AES);
            keyGenerator2.init(256);
            SecretKey generateKey = keyGenerator2.generateKey();
            Cipher cipher2 = Cipher.getInstance(TRANSFORMATION_RSA_ECB_PKCS1_PADDING);
            cipher2.init(1, generateKeyPair.getPublic());
            String encodeToString = Base64.encodeToString(cipher2.doFinal(generateKey.getEncoded()), 0);
            SharedPreferences.Editor edit = this.sharedPreferences.edit();
            edit.putString(KEY_ALIAS_AES, encodeToString);
            edit.apply();
            return generateKey;
        } catch (IllegalStateException e2) {
            SLog.e(LOG_TAG, "An error occurred, code 22");
            return null;
        } catch (InvalidAlgorithmParameterException e3) {
            SLog.e(LOG_TAG, "An error occurred, code 15");
            return null;
        } catch (InvalidKeyException e4) {
            SLog.e(LOG_TAG, "An error occurred, code 7");
            return null;
        } catch (KeyStoreException e5) {
            SLog.e(LOG_TAG, "An error occurred, code 11");
            return null;
        } catch (NoSuchAlgorithmException e6) {
            SLog.e(LOG_TAG, "An error occurred, code 12");
            return null;
        } catch (NoSuchProviderException e7) {
            SLog.e(LOG_TAG, "An error occurred, code 14");
            return null;
        } catch (UnrecoverableKeyException e8) {
            SLog.e(LOG_TAG, "An error occurred, code 13");
            return null;
        } catch (BadPaddingException e9) {
            SLog.e(LOG_TAG, "An error occurred, code 9");
            return null;
        } catch (IllegalBlockSizeException e10) {
            SLog.e(LOG_TAG, "An error occurred, code 8");
            return null;
        } catch (NoSuchPaddingException e11) {
            SLog.e(LOG_TAG, "An error occurred, code 6");
            return null;
        }
    }

    private void init(@NonNull Context context) {
        this.applicationContext = context;
        this.gson = new Gson();
        this.sharedPreferences = context.getSharedPreferences(context.getPackageName() + "." + LOG_TAG, 0);
        if (this.sharedPreferences == null) {
            SLog.e(LOG_TAG, "An error occurred, code 20");
            return;
        }
        try {
            this.keyStore = KeyStore.getInstance(PROVIDER);
            this.keyStore.load(null);
            this.isInitialized = true;
        } catch (IOException e) {
            SLog.e(LOG_TAG, "An error occurred, code 2");
        } catch (KeyStoreException e2) {
            SLog.e(LOG_TAG, "An error occurred, code 1");
        } catch (NoSuchAlgorithmException e3) {
            SLog.e(LOG_TAG, "An error occurred, code 3");
        } catch (CertificateException e4) {
            SLog.e(LOG_TAG, "An error occurred, code 4");
        }
    }

    private void legacyCleanup() {
        SharedPreferences.Editor edit = this.sharedPreferences.edit();
        edit.clear();
        edit.apply();
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                this.keyStore.deleteEntry(aliases.nextElement());
            }
        } catch (KeyStoreException e) {
            SLog.e(LOG_TAG, "An error occurred, code 1");
        }
    }

    public boolean isInitialized() {
        return this.isInitialized;
    }

    public void removeEntry(@NonNull String str) {
        SharedPreferences.Editor edit = this.sharedPreferences.edit();
        edit.remove(str);
        edit.apply();
    }

    public byte[] retrieveEntry(@NonNull String str) {
        SecureEntry secureEntry = (SecureEntry) this.gson.fromJson(this.sharedPreferences.getString(str, null), SecureEntry.class);
        if (secureEntry != null) {
            return decryptEntry(secureEntry, str);
        }
        return null;
    }

    public boolean storeEntry(@NonNull String str, @NonNull byte[] bArr) {
        SecureEntry encryptEntry = encryptEntry(bArr);
        if (encryptEntry == null) {
            return false;
        }
        SharedPreferences.Editor edit = this.sharedPreferences.edit();
        edit.putString(str, this.gson.toJson(encryptEntry));
        edit.apply();
        return true;
    }
}
