package com.thefloow.b1;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.aaa.android.discounts.nativecode.implementations.AAAPreferences;
import com.aaa.ccmframework.configuration.AppConfig;
import com.aaa.ccmframework.network.api.DeviceInfoApi;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Enumeration;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* compiled from: AndroidKeyStore.java */
/* loaded from: classes2.dex */
public class a {
    public static boolean a = true;

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: AndroidKeyStore.java */
    /* renamed from: com.thefloow.b1.a$a, reason: collision with other inner class name */
    /* loaded from: classes2.dex */
    public static class C0091a {
        private String a;
        private String b;

        C0091a(String str, String str2) {
            this.a = str;
            this.b = str2;
        }

        public String a() {
            return this.a;
        }

        public String b() {
            return this.b;
        }
    }

    public static synchronized String a(String str, String str2) throws GeneralSecurityException, com.thefloow.l1.c, IOException {
        String str3;
        synchronized (a.class) {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            C0091a c = c(str, str2);
            String a2 = c.a();
            String b = c.b();
            byte[] c2 = c(a(a2));
            if (c2 == null) {
                throw new GeneralSecurityException();
            }
            cipher.init(2, c(), new GCMParameterSpec(128, a(b)));
            str3 = new String(cipher.doFinal(c2));
        }
        return str3;
    }

    private static boolean a() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("k2", 3).setKeySize(256).setBlockModes(DeviceInfoApi.GCM_TYPE).setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(true).build();
        KeyGenerator keyGenerator = KeyGenerator.getInstance(AAAPreferences.encryptionAlgorithm, AppConfig.ANDROID_KEYSTORE);
        keyGenerator.init(build);
        keyGenerator.generateKey();
        return true;
    }

    private static byte[] a(String str) {
        return str == null ? new byte[0] : Base64.decode(str, 2);
    }

    private static byte[] a(byte[] bArr) {
        byte[] copyOfRange = Arrays.copyOfRange(bArr, bArr.length - 16, bArr.length);
        int length = bArr.length + copyOfRange.length;
        byte[] bArr2 = new byte[length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        System.arraycopy(copyOfRange, 0, bArr2, bArr.length, copyOfRange.length);
        if (com.thefloow.u.a.a(8)) {
            com.thefloow.u.a.e(AppConfig.ANDROID_KEYSTORE, "appendMAC cipherByteLen: " + bArr.length + " cipherBytesTaggedLen:" + length + " mac:" + copyOfRange.length);
        }
        return bArr2;
    }

    public static synchronized String b(String str, String str2) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, CertificateException, KeyStoreException, NoSuchProviderException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnrecoverableKeyException, com.thefloow.l1.c, IOException {
        String d;
        synchronized (a.class) {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, c());
            c.a(com.thefloow.k1.b.a(str + c.b()), d(cipher.getIV()));
            d = d(a(cipher.doFinal(str2.getBytes())));
        }
        return d;
    }

    public static void b(String str) throws com.thefloow.l1.c {
        c.c(com.thefloow.k1.b.a(str + c.b()));
    }

    private static boolean b() throws com.thefloow.l1.c, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException {
        if (e()) {
            return false;
        }
        a();
        g();
        return true;
    }

    private static boolean b(byte[] bArr) {
        int length = bArr.length - 16;
        if (length < 0) {
            length = 0;
        }
        byte[] bArr2 = new byte[length];
        if (bArr.length >= length) {
            System.arraycopy(bArr, 0, bArr2, 0, length);
            byte[] bArr3 = new byte[16];
            if (bArr.length >= 16) {
                System.arraycopy(bArr, length, bArr3, 0, 16);
                int i = length - 16;
                if (i >= 0 && Arrays.equals(bArr3, Arrays.copyOfRange(bArr2, i, length))) {
                    return true;
                }
            }
        }
        return false;
    }

    private static C0091a c(String str, String str2) throws com.thefloow.l1.c, InvalidAlgorithmParameterException, UnrecoverableKeyException, NoSuchPaddingException, IllegalBlockSizeException, CertificateException, NoSuchAlgorithmException, KeyStoreException, BadPaddingException, NoSuchProviderException, InvalidKeyException, IOException {
        byte[] bArr;
        try {
            bArr = a(str2);
        } catch (Exception e) {
            com.thefloow.u.a.d(AppConfig.ANDROID_KEYSTORE, "aks err", e);
            bArr = null;
        }
        String b = c.b(com.thefloow.k1.b.a(str + c.b()));
        if (b == null || b.trim().isEmpty() || bArr == null || !b(bArr)) {
            str2 = b(str, str2);
            b = c.b(com.thefloow.k1.b.a(str + c.b()));
            c.a(str, str2);
        }
        return new C0091a(str2, b);
    }

    private static SecretKey c() throws InvalidAlgorithmParameterException, CertificateException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, UnrecoverableKeyException, IOException {
        UnrecoverableKeyException e = null;
        for (int i = 0; i < 5; i++) {
            try {
                return (SecretKey) d().getKey("k2", null);
            } catch (UnrecoverableKeyException e2) {
                e = e2;
            }
        }
        throw e;
    }

    private static byte[] c(byte[] bArr) {
        int length = bArr.length - 16;
        if (length < 0) {
            length = 0;
        }
        byte[] bArr2 = new byte[length];
        if (bArr.length >= length) {
            System.arraycopy(bArr, 0, bArr2, 0, length);
        }
        byte[] bArr3 = new byte[16];
        if (bArr.length >= 16) {
            System.arraycopy(bArr, length, bArr3, 0, 16);
        }
        int i = length - 16;
        byte[] copyOfRange = i >= 0 ? Arrays.copyOfRange(bArr2, i, length) : null;
        if (com.thefloow.u.a.a(8)) {
            StringBuilder sb = new StringBuilder();
            sb.append("popValidEncrypted: cipherBytesWithMACLen:");
            sb.append(bArr.length);
            sb.append(" cipherBytesLen:");
            sb.append(length);
            sb.append(" storedMac:");
            sb.append(16);
            sb.append(" macLen:");
            sb.append(copyOfRange == null ? "NULL" : Integer.valueOf(copyOfRange.length));
            com.thefloow.u.a.e(AppConfig.ANDROID_KEYSTORE, sb.toString());
        }
        if (Arrays.equals(bArr3, copyOfRange)) {
            return bArr2;
        }
        return null;
    }

    private static String d(byte[] bArr) {
        return bArr == null ? "" : Base64.encodeToString(bArr, 2);
    }

    public static KeyStore d() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, KeyStoreException, CertificateException, IOException {
        KeyStore keyStore = null;
        try {
            if (!c.b(AppConfig.ANDROID_KEYSTORE).equals("AES/GCM/NoPadding")) {
                a();
                c.a(AppConfig.ANDROID_KEYSTORE, "AES/GCM/NoPadding");
            }
            KeyStore keyStore2 = KeyStore.getInstance(AppConfig.ANDROID_KEYSTORE);
            if (keyStore2 == null) {
                return keyStore2;
            }
            try {
                keyStore2.load(null);
                return keyStore2;
            } catch (com.thefloow.l1.c e) {
                keyStore = keyStore2;
                e = e;
                com.thefloow.u.a.b(AppConfig.ANDROID_KEYSTORE, "aks gs err", e);
                return keyStore;
            }
        } catch (com.thefloow.l1.c e2) {
            e = e2;
        }
    }

    private static boolean e() throws com.thefloow.l1.c {
        return c.b(AppConfig.ANDROID_KEYSTORE).equals("AES/GCM/NoPadding");
    }

    public static boolean f() throws com.thefloow.l1.c {
        boolean z;
        try {
            if (b()) {
                com.thefloow.u.a.c(AppConfig.ANDROID_KEYSTORE, "self:generated");
                z = false;
            } else {
                com.thefloow.u.a.c(AppConfig.ANDROID_KEYSTORE, "self:maybe_exists");
                z = true;
            }
            try {
                Enumeration<String> aliases = d().aliases();
                while (aliases.hasMoreElements()) {
                    if (aliases.nextElement().equals("k2")) {
                        com.thefloow.v.e.a("aks_exists");
                        com.thefloow.u.a.c(AppConfig.ANDROID_KEYSTORE, "self:confirmed_exists");
                        if (z) {
                            com.thefloow.u.a.c(AppConfig.ANDROID_KEYSTORE, "self:disable_plaintext");
                            com.thefloow.v.e.a("aks_forced");
                            a = false;
                        }
                    }
                }
                try {
                    SecretKey c = c();
                    try {
                        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                        cipher.init(1, c);
                        byte[] iv = cipher.getIV();
                        byte[] doFinal = cipher.doFinal("input".getBytes());
                        Cipher cipher2 = Cipher.getInstance("AES/GCM/NoPadding");
                        cipher2.init(2, c, new GCMParameterSpec(128, iv));
                        boolean equals = new String(cipher2.doFinal(doFinal)).equals("input");
                        com.thefloow.u.a.b(AppConfig.ANDROID_KEYSTORE, "AndroidKeyStore decryptor state: " + equals);
                        if (equals) {
                            return true;
                        }
                        com.thefloow.u.a.b(AppConfig.ANDROID_KEYSTORE, "final check failed");
                        throw new com.thefloow.l1.c();
                    } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
                        com.thefloow.u.a.b(AppConfig.ANDROID_KEYSTORE, "Failed to do something with encryption / decryption", e);
                        com.thefloow.v.e.a(e);
                        throw new com.thefloow.l1.c();
                    }
                } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableKeyException | CertificateException e2) {
                    com.thefloow.v.e.a(e2);
                    com.thefloow.u.a.b(AppConfig.ANDROID_KEYSTORE, "Could not retrieve an existing key for AndroidKeyStore, uh oh!", e2);
                    throw new com.thefloow.l1.c();
                }
            } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException e3) {
                com.thefloow.u.a.b(AppConfig.ANDROID_KEYSTORE, "failed to fetch store", e3);
                throw new RuntimeException(e3);
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e4) {
            com.thefloow.v.e.a(e4);
            com.thefloow.u.a.b(AppConfig.ANDROID_KEYSTORE, "Could not generate an AES key via AndroidKeyStore, permanently disabled", e4);
            return false;
        }
    }

    private static void g() throws com.thefloow.l1.c {
        c.a(AppConfig.ANDROID_KEYSTORE, "AES/GCM/NoPadding");
    }
}
