package com.amazon.identity.auth.device.framework.crypto;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import com.amazon.identity.auth.device.bc;
import com.amazon.identity.auth.device.framework.ar;
import com.amazon.identity.auth.device.framework.crypto.AESCipher;
import com.amazon.identity.auth.device.storage.LocalDataStorage;
import com.amazon.identity.auth.device.storage.o;
import com.amazon.identity.auth.device.storage.u;
import com.amazon.identity.auth.device.utils.aq;
import com.amazon.identity.auth.device.utils.y;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.security.auth.x500.X500Principal;

/* compiled from: DCP */
/* loaded from: classes.dex */
public class d implements b {
    private static d mw;
    private final u mA;
    private final Context mContext;
    private final byte[] mx;
    private final AESCipher my;
    private final KeyStore mz;

    private d(Context context) throws Exception {
        byte[] a;
        ar bE = ar.bE("LocalDataStorageEncryptor:InitiatingLocalDataStorageEncryptor");
        try {
            try {
                this.mContext = context;
                this.mA = u.l(this.mContext, "LOCAL_DS_ENCRYPTION_KEY_NAMESPACE");
                this.mz = KeyStore.getInstance("AndroidKeyStore");
                this.mz.load(null);
                bE.bG("generateRSAKeyIfNotExists");
                if (this.mz == null) {
                    bE.bG("NullKeystore");
                    throw new IllegalArgumentException("Keystore is null! This should not happen");
                }
                if (this.mz.containsAlias("IDENTITY_MAP_KEYSTORE_ALIAS")) {
                    y.i("LocalDataStorageEncryptor", "RSA keypair exists, fast return.");
                    bE.bG("RSAKeyPairGenerated");
                } else {
                    y.i("LocalDataStorageEncryptor", "Generating RSA keypair");
                    if (!TextUtils.isEmpty(this.mA.cB("AES_ENCRYPTION_KEY"))) {
                        y.i("LocalDataStorageEncryptor", "AES key generated, deleting it and clearing db before generating new RSA keys");
                        this.mA.fL();
                        LocalDataStorage.ab(this.mContext);
                        o.Y(this.mContext);
                        bE.bG("DeleteExistAESKeyRegenerateRSAKey");
                    }
                    AlgorithmParameterSpec build = Build.VERSION.SDK_INT <= 23 ? new KeyPairGeneratorSpec.Builder(context).setAlias("IDENTITY_MAP_KEYSTORE_ALIAS").setSubject(new X500Principal("CN=IDENTITY_MAP_KEYSTORE_ALIAS")).setSerialNumber(BigInteger.TEN).setKeySize(2048).build() : new KeyGenParameterSpec.Builder("IDENTITY_MAP_KEYSTORE_ALIAS", 3).setCertificateSubject(new X500Principal("CN=IDENTITY_MAP_KEYSTORE_ALIAS")).setCertificateSerialNumber(BigInteger.TEN).setKeySize(2048).setEncryptionPaddings("PKCS1Padding").build();
                    try {
                        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                        keyPairGenerator.initialize(build);
                        keyPairGenerator.generateKeyPair();
                        bE.bG("RSAKeyPairGeneration:Success");
                    } catch (Exception unused) {
                        bE.bG("RSAKeyPairGeneration:Retry");
                        y.w("LocalDataStorageEncryptor", "Generating RSA key pair failed, retry once");
                        KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                        keyPairGenerator2.initialize(build);
                        keyPairGenerator2.generateKeyPair();
                        bE.bG("RSAKeyPairGeneration:Retry:Success");
                    }
                    bc.incrementCounterAndRecord("RSAKeyPairGeneration:Success:Overall");
                }
                String cB = this.mA.cB("AES_ENCRYPTION_KEY");
                if (TextUtils.isEmpty(cB)) {
                    y.i("LocalDataStorageEncryptor", "Generating AES encryption key");
                    a = AESCipher.a(AESCipher.KeySize.KEY_SIZE_256_BITS);
                    y.i("LocalDataStorageEncryptor", "Encrypting AES Key");
                    this.mA.T("AES_ENCRYPTION_KEY", aq.m(a(1, "RSA/ECB/PKCS1Padding", this.mz.getCertificate("IDENTITY_MAP_KEYSTORE_ALIAS").getPublicKey()).doFinal(a)));
                    bE.bG("AESKeyGeneration:Success");
                } else {
                    y.i("LocalDataStorageEncryptor", "AES key generated, decrypting");
                    y.i("LocalDataStorageEncryptor", "Decrypting existed AES Key");
                    a = a(2, "RSA/ECB/PKCS1Padding", (PrivateKey) this.mz.getKey("IDENTITY_MAP_KEYSTORE_ALIAS", null)).doFinal(aq.dP(cB));
                }
                this.mx = a;
                this.my = new AESCipher(this.mx);
                bE.c(true);
                bc.incrementCounterAndRecord("LocalDataStorageEncryptor:Initiation:Success");
            } catch (Exception e) {
                bE.bG("CreateFail:" + e.getClass().getSimpleName());
                bE.c(false);
                bc.incrementCounterAndRecord("LocalDataStorageEncryptor:Initiation:Failed:" + e.getClass().getSimpleName());
                throw e;
            }
        } finally {
            bE.ec();
        }
    }

    public static synchronized d Q(Context context) throws Exception {
        d dVar;
        synchronized (d.class) {
            if (mw == null) {
                y.i("LocalDataStorageEncryptor", "Generating LocalDataStorageEncryptor instance");
                mw = new d(context);
                y.i("LocalDataStorageEncryptor", "Finish generating LocalDataStorageEncryptor instance");
            }
            dVar = mw;
        }
        return dVar;
    }

    private static Cipher a(int i, String str, Key key) {
        try {
            Cipher cipher = Cipher.getInstance(str);
            cipher.init(i, key);
            return cipher;
        } catch (Exception e) {
            y.e("LocalDataStorageEncryptor", "Unable to create RSA cipher, this seems to be a system bug.", e);
            throw new IllegalStateException("Unable to create RSA cipher.");
        }
    }

    @Override // com.amazon.identity.auth.device.framework.crypto.b
    public String bP(String str) {
        if (str == null) {
            return null;
        }
        "Data to be encrypted ".concat(String.valueOf(str));
        y.dv("LocalDataStorageEncryptor");
        String m = aq.m(this.my.g(aq.dO(str)));
        "Data after encryption is ".concat(String.valueOf(m));
        y.dv("LocalDataStorageEncryptor");
        return "AES-GCM+".concat(String.valueOf(m));
    }

    @Override // com.amazon.identity.auth.device.framework.crypto.b
    public String bQ(String str) {
        if (str == null) {
            return null;
        }
        "Decrypting data ".concat(String.valueOf(str));
        y.dv("LocalDataStorageEncryptor");
        if (!str.startsWith("AES-GCM+")) {
            return str;
        }
        try {
            String l = aq.l(this.my.h(aq.dP(str.substring(8))));
            "Data after decryption is ".concat(String.valueOf(l));
            y.dv("LocalDataStorageEncryptor");
            return l;
        } catch (BadPaddingException unused) {
            y.e("LocalDataStorageEncryptor", "Bad padding shouldn't happen, just return null.");
            bc.incrementCounterAndRecord("LocalDataStorageEncryptor:decryptData:BadPadding");
            return null;
        }
    }
}
