package com.microsoft.authenticator.core.encryption;

import android.annotation.SuppressLint;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Base64;
import ch.qos.logback.core.joran.action.Action;
import com.google.firebase.messaging.Constants;
import com.microsoft.authenticator.core.common.Strings;
import com.microsoft.authenticator.core.logging.BaseLogger;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.KeySpec;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt__StringsJVMKt;

/* compiled from: IEncryptionManager.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000@\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\b\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\t\bf\u0018\u0000 '2\u00020\u0001:\u0002&'J\b\u0010\f\u001a\u00020\u0003H\u0016J\u0012\u0010\r\u001a\u0004\u0018\u00010\u000e2\u0006\u0010\u000f\u001a\u00020\u0010H\u0016J\u0010\u0010\u0011\u001a\u00020\t2\u0006\u0010\u0012\u001a\u00020\tH\u0016J\u0018\u0010\u0011\u001a\u00020\t2\u0006\u0010\u0012\u001a\u00020\t2\u0006\u0010\u0013\u001a\u00020\tH\u0016J\u0010\u0010\u0014\u001a\u00020\t2\u0006\u0010\u0015\u001a\u00020\tH\u0016J\u0018\u0010\u0016\u001a\u00020\t2\u0006\u0010\u0015\u001a\u00020\t2\u0006\u0010\u000f\u001a\u00020\u0010H\u0016J \u0010\u0017\u001a\u00020\u000e2\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u001a\u001a\u00020\u0010H\u0002J\u0010\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u000f\u001a\u00020\u0010H\u0016J\u0010\u0010\u001d\u001a\u00020\u00102\u0006\u0010\u000f\u001a\u00020\u0010H\u0017J\u0010\u0010\u001e\u001a\u00020\u001f2\u0006\u0010 \u001a\u00020\u000eH\u0002J\b\u0010!\u001a\u00020\tH&J\b\u0010\"\u001a\u00020\u001fH\u0016J\u0010\u0010#\u001a\u00020\u001f2\u0006\u0010\b\u001a\u00020\tH&J\u0010\u0010$\u001a\u00020\u001f2\u0006\u0010%\u001a\u00020\tH&R\u001a\u0010\u0002\u001a\u0004\u0018\u00010\u0003X¦\u000e¢\u0006\f\u001a\u0004\b\u0004\u0010\u0005\"\u0004\b\u0006\u0010\u0007R\u0012\u0010\b\u001a\u00020\tX¦\u0004¢\u0006\u0006\u001a\u0004\b\n\u0010\u000b¨\u0006("}, d2 = {"Lcom/microsoft/authenticator/core/encryption/IEncryptionManager;", "", "cipherIv", "Ljavax/crypto/Cipher;", "getCipherIv", "()Ljavax/crypto/Cipher;", "setCipherIv", "(Ljavax/crypto/Cipher;)V", "keyAlias", "", "getKeyAlias", "()Ljava/lang/String;", "createCipherIv", "createKey", "Ljavax/crypto/SecretKey;", "isAuthenticationRequired", "", "decrypt", "encryptedData", "expectedDecryptedData", "encrypt", Constants.ScionAnalytics.MessageType.DATA_MESSAGE, "encryptData", "getGeneratedKey", "keyGenerator", "Ljavax/crypto/KeyGenerator;", "useStrongBoxKeymaster", "initCipherForDecryption", "Lcom/microsoft/authenticator/core/encryption/IEncryptionManager$CipherIvInitiationResult;", "initCipherForEncryption", "logSecretKeyBacker", "", Action.KEY_ATTRIBUTE, "readCipherIvString", "removeCipherIvAndDeleteKey", "removeCipherIvString", "writeCipherIvString", "cipherIvString", "CipherIvInitiationResult", "Companion", "SharedCoreLibrary_release"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes2.dex */
public interface IEncryptionManager {
    public static final String ANDROID_KEY_STORE_PROVIDER_NAME = "AndroidKeyStore";

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = Companion.$$INSTANCE;

    /* compiled from: IEncryptionManager.kt */
    @Metadata(bv = {1, 0, 3}, d1 = {"\u0000\f\n\u0002\u0018\u0002\n\u0002\u0010\u0010\n\u0002\b\u0005\b\u0086\u0001\u0018\u00002\b\u0012\u0004\u0012\u00020\u00000\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002j\u0002\b\u0003j\u0002\b\u0004j\u0002\b\u0005¨\u0006\u0006"}, d2 = {"Lcom/microsoft/authenticator/core/encryption/IEncryptionManager$CipherIvInitiationResult;", "", "(Ljava/lang/String;I)V", "SUCCEEDED", "KEY_INVALIDATED", "FAILED", "SharedCoreLibrary_release"}, k = 1, mv = {1, 4, 0})
    /* loaded from: classes2.dex */
    public enum CipherIvInitiationResult {
        SUCCEEDED,
        KEY_INVALIDATED,
        FAILED
    }

    /* compiled from: IEncryptionManager.kt */
    @Metadata(bv = {1, 0, 3}, d1 = {"\u0000\u0012\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000¨\u0006\u0005"}, d2 = {"Lcom/microsoft/authenticator/core/encryption/IEncryptionManager$Companion;", "", "()V", "ANDROID_KEY_STORE_PROVIDER_NAME", "", "SharedCoreLibrary_release"}, k = 1, mv = {1, 4, 0})
    /* loaded from: classes2.dex */
    public static final class Companion {
        static final /* synthetic */ Companion $$INSTANCE = new Companion();
        public static final String ANDROID_KEY_STORE_PROVIDER_NAME = "AndroidKeyStore";

        private Companion() {
        }
    }

    /* compiled from: IEncryptionManager.kt */
    @Metadata(bv = {1, 0, 3}, k = 3, mv = {1, 4, 0})
    /* loaded from: classes2.dex */
    public static final class DefaultImpls {
        public static Cipher createCipherIv(IEncryptionManager iEncryptionManager) throws NoSuchAlgorithmException, NoSuchPaddingException {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            Intrinsics.checkNotNullExpressionValue(cipher, "Cipher.getInstance(\n    …N_PADDING_PKCS7\n        )");
            return cipher;
        }

        /* JADX WARN: Removed duplicated region for block: B:13:0x0036 A[Catch: Exception -> 0x004a, TryCatch #0 {Exception -> 0x004a, blocks: (B:3:0x0003, B:8:0x001a, B:10:0x0021, B:13:0x0036, B:15:0x003f, B:18:0x0044, B:22:0x002b), top: B:2:0x0003 }] */
        /* JADX WARN: Removed duplicated region for block: B:15:0x003f A[Catch: Exception -> 0x004a, TryCatch #0 {Exception -> 0x004a, blocks: (B:3:0x0003, B:8:0x001a, B:10:0x0021, B:13:0x0036, B:15:0x003f, B:18:0x0044, B:22:0x002b), top: B:2:0x0003 }] */
        /* JADX WARN: Removed duplicated region for block: B:18:0x0044 A[Catch: Exception -> 0x004a, TRY_LEAVE, TryCatch #0 {Exception -> 0x004a, blocks: (B:3:0x0003, B:8:0x001a, B:10:0x0021, B:13:0x0036, B:15:0x003f, B:18:0x0044, B:22:0x002b), top: B:2:0x0003 }] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public static javax.crypto.SecretKey createKey(com.microsoft.authenticator.core.encryption.IEncryptionManager r8, boolean r9) {
            /*
                java.lang.String r0 = "AndroidKeyStore"
                r1 = 0
                java.security.KeyStore r2 = java.security.KeyStore.getInstance(r0)     // Catch: java.lang.Exception -> L4a
                r2.load(r1)     // Catch: java.lang.Exception -> L4a
                java.lang.String r2 = "AES"
                javax.crypto.KeyGenerator r0 = javax.crypto.KeyGenerator.getInstance(r2, r0)     // Catch: java.lang.Exception -> L4a
                int r2 = android.os.Build.VERSION.SDK_INT     // Catch: java.lang.Exception -> L4a
                r3 = 28
                java.lang.String r4 = "keyGenerator"
                r5 = 0
                if (r2 < r3) goto L33
                r2 = 1
                kotlin.jvm.internal.Intrinsics.checkNotNullExpressionValue(r0, r4)     // Catch: android.security.keystore.StrongBoxUnavailableException -> L2a java.lang.Exception -> L4a
                javax.crypto.SecretKey r3 = getGeneratedKey(r8, r0, r9, r2)     // Catch: android.security.keystore.StrongBoxUnavailableException -> L2a java.lang.Exception -> L4a
                com.microsoft.authenticator.core.logging.BaseLogger$Companion r6 = com.microsoft.authenticator.core.logging.BaseLogger.INSTANCE     // Catch: android.security.keystore.StrongBoxUnavailableException -> L2b java.lang.Exception -> L4a
                java.lang.String r7 = "utilize StrongBox Keymaster"
                r6.i(r7)     // Catch: android.security.keystore.StrongBoxUnavailableException -> L2b java.lang.Exception -> L4a
                r5 = r2
                goto L34
            L2a:
                r3 = r1
            L2b:
                com.microsoft.authenticator.core.logging.BaseLogger$Companion r2 = com.microsoft.authenticator.core.logging.BaseLogger.INSTANCE     // Catch: java.lang.Exception -> L4a
                java.lang.String r6 = "StrongBox Keymaster unavailable"
                r2.i(r6)     // Catch: java.lang.Exception -> L4a
                goto L34
            L33:
                r3 = r1
            L34:
                if (r5 != 0) goto L3d
                kotlin.jvm.internal.Intrinsics.checkNotNullExpressionValue(r0, r4)     // Catch: java.lang.Exception -> L4a
                javax.crypto.SecretKey r3 = getGeneratedKey(r8, r0, r9, r5)     // Catch: java.lang.Exception -> L4a
            L3d:
                if (r3 == 0) goto L44
                logSecretKeyBacker(r8, r3)     // Catch: java.lang.Exception -> L4a
                r1 = r3
                goto L52
            L44:
                java.lang.String r8 = "key"
                kotlin.jvm.internal.Intrinsics.throwUninitializedPropertyAccessException(r8)     // Catch: java.lang.Exception -> L4a
                throw r1
            L4a:
                r8 = move-exception
                com.microsoft.authenticator.core.logging.BaseLogger$Companion r9 = com.microsoft.authenticator.core.logging.BaseLogger.INSTANCE
                java.lang.String r0 = "Failed to create key."
                r9.e(r0, r8)
            L52:
                return r1
            */
            throw new UnsupportedOperationException("Method not decompiled: com.microsoft.authenticator.core.encryption.IEncryptionManager.DefaultImpls.createKey(com.microsoft.authenticator.core.encryption.IEncryptionManager, boolean):javax.crypto.SecretKey");
        }

        public static String decrypt(IEncryptionManager iEncryptionManager, String encryptedData) throws IllegalBlockSizeException {
            Intrinsics.checkNotNullParameter(encryptedData, "encryptedData");
            return iEncryptionManager.decrypt(encryptedData, "");
        }

        public static String decrypt(IEncryptionManager iEncryptionManager, String encryptedData, String expectedDecryptedData) throws IllegalBlockSizeException {
            byte[] bArr;
            boolean equals;
            Intrinsics.checkNotNullParameter(encryptedData, "encryptedData");
            Intrinsics.checkNotNullParameter(expectedDecryptedData, "expectedDecryptedData");
            if (encryptedData.length() == 0) {
                BaseLogger.INSTANCE.i("Data hasn't been encrypted.");
                return "";
            }
            try {
                byte[] decode = Base64.decode(encryptedData, 2);
                Cipher cipherIv = iEncryptionManager.getCipherIv();
                if (cipherIv == null || (bArr = cipherIv.doFinal(decode)) == null) {
                    bArr = new byte[0];
                }
                Charset charset = Strings.Utf8Charset;
                Intrinsics.checkNotNullExpressionValue(charset, "Strings.Utf8Charset");
                String str = new String(bArr, charset);
                if (expectedDecryptedData.length() > 0) {
                    equals = StringsKt__StringsJVMKt.equals(str, expectedDecryptedData, true);
                    if (!equals) {
                        return "";
                    }
                }
                return str;
            } catch (IllegalBlockSizeException e) {
                BaseLogger.INSTANCE.e("Decryption failed for IllegalBlockSizeException", e);
                throw e;
            } catch (Exception e2) {
                BaseLogger.INSTANCE.e("Failed to decrypt the data with the generated key.", e2);
                return "";
            }
        }

        public static String encrypt(IEncryptionManager iEncryptionManager, String data) throws IllegalBlockSizeException {
            byte[] bArr;
            Intrinsics.checkNotNullParameter(data, "data");
            try {
                Cipher cipherIv = iEncryptionManager.getCipherIv();
                if (cipherIv != null) {
                    Charset charset = Strings.Utf8Charset;
                    Intrinsics.checkNotNullExpressionValue(charset, "Strings.Utf8Charset");
                    byte[] bytes = data.getBytes(charset);
                    Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
                    bArr = cipherIv.doFinal(bytes);
                } else {
                    bArr = null;
                }
                String encodeToString = Base64.encodeToString(bArr, 2);
                Intrinsics.checkNotNullExpressionValue(encodeToString, "Base64.encodeToString(en…ptedData, Base64.NO_WRAP)");
                return encodeToString;
            } catch (IllegalBlockSizeException e) {
                BaseLogger.INSTANCE.e("Encryption failed for IllegalBlockSizeException", e);
                throw e;
            } catch (Exception e2) {
                BaseLogger.INSTANCE.e("Failed to encrypt the data with the generated key.", e2);
                return "";
            }
        }

        public static String encryptData(IEncryptionManager iEncryptionManager, String data, boolean z) {
            String str = "";
            Intrinsics.checkNotNullParameter(data, "data");
            try {
                boolean z2 = true;
                if (iEncryptionManager.initCipherForEncryption(z)) {
                    String encrypt = iEncryptionManager.encrypt(data);
                    if (encrypt.length() != 0) {
                        z2 = false;
                    }
                    if (!z2) {
                        return encrypt;
                    }
                    str = iEncryptionManager.encrypt(data);
                } else if (iEncryptionManager.initCipherForEncryption(z)) {
                    String encrypt2 = iEncryptionManager.encrypt(data);
                    if (encrypt2.length() != 0) {
                        z2 = false;
                    }
                    if (!z2) {
                        return encrypt2;
                    }
                    str = iEncryptionManager.encrypt(data);
                }
            } catch (IllegalBlockSizeException e) {
                BaseLogger.INSTANCE.e("Cannot encrypt data.", e);
            }
            return str;
        }

        private static SecretKey getGeneratedKey(IEncryptionManager iEncryptionManager, KeyGenerator keyGenerator, boolean z, boolean z2) {
            KeyGenParameterSpec.Builder randomizedEncryptionRequired = new KeyGenParameterSpec.Builder(iEncryptionManager.getKeyAlias(), 3).setBlockModes("CBC").setUserAuthenticationRequired(z).setEncryptionPaddings("PKCS7Padding").setRandomizedEncryptionRequired(false);
            Intrinsics.checkNotNullExpressionValue(randomizedEncryptionRequired, "KeyGenParameterSpec.Buil…EncryptionRequired(false)");
            if (z2 && Build.VERSION.SDK_INT >= 28) {
                randomizedEncryptionRequired.setIsStrongBoxBacked(true);
            }
            keyGenerator.init(randomizedEncryptionRequired.build());
            SecretKey generateKey = keyGenerator.generateKey();
            Intrinsics.checkNotNullExpressionValue(generateKey, "keyGenerator.generateKey()");
            return generateKey;
        }

        public static CipherIvInitiationResult initCipherForDecryption(IEncryptionManager iEncryptionManager, boolean z) {
            String readCipherIvString = iEncryptionManager.readCipherIvString();
            if (readCipherIvString.length() == 0) {
                return CipherIvInitiationResult.FAILED;
            }
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                Key key = null;
                keyStore.load(null);
                Key key2 = keyStore.getKey(iEncryptionManager.getKeyAlias(), null);
                if (key2 instanceof SecretKey) {
                    key = key2;
                }
                SecretKey secretKey = (SecretKey) key;
                if (secretKey == null) {
                    BaseLogger.INSTANCE.e("Failed to initialize cipher for decryption since Android keystore key disappeared.");
                    return CipherIvInitiationResult.FAILED;
                }
                Cipher createCipherIv = iEncryptionManager.createCipherIv();
                createCipherIv.init(2, secretKey, new IvParameterSpec(Base64.decode(readCipherIvString, 2)));
                Unit unit = Unit.INSTANCE;
                iEncryptionManager.setCipherIv(createCipherIv);
                return CipherIvInitiationResult.SUCCEEDED;
            } catch (Exception e) {
                BaseLogger.INSTANCE.e("Failed to initialize cipher for decryption.", e);
                return ((e instanceof KeyPermanentlyInvalidatedException) && z) ? CipherIvInitiationResult.KEY_INVALIDATED : CipherIvInitiationResult.FAILED;
            }
        }

        @SuppressLint({"TrulyRandom"})
        public static boolean initCipherForEncryption(IEncryptionManager iEncryptionManager, boolean z) {
            try {
                String readCipherIvString = iEncryptionManager.readCipherIvString();
                if (readCipherIvString.length() > 0) {
                    if (iEncryptionManager.getKeyAlias().length() > 0) {
                        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                        Key key = null;
                        keyStore.load(null);
                        Key key2 = keyStore.getKey(iEncryptionManager.getKeyAlias(), null);
                        if (key2 instanceof SecretKey) {
                            key = key2;
                        }
                        SecretKey secretKey = (SecretKey) key;
                        if (secretKey != null) {
                            try {
                                Cipher createCipherIv = iEncryptionManager.createCipherIv();
                                createCipherIv.init(1, secretKey, new IvParameterSpec(Base64.decode(readCipherIvString, 2)));
                                Unit unit = Unit.INSTANCE;
                                iEncryptionManager.setCipherIv(createCipherIv);
                                return true;
                            } catch (KeyPermanentlyInvalidatedException unused) {
                                keyStore.deleteEntry(iEncryptionManager.getKeyAlias());
                            }
                        } else {
                            BaseLogger.INSTANCE.e("Android keystore key disappeared during cipher initialization for encryption.");
                        }
                    }
                }
                SecretKey createKey = iEncryptionManager.createKey(z);
                if (createKey != null) {
                    Cipher createCipherIv2 = iEncryptionManager.createCipherIv();
                    createCipherIv2.init(1, createKey);
                    AlgorithmParameterSpec parameterSpec = createCipherIv2.getParameters().getParameterSpec(IvParameterSpec.class);
                    Intrinsics.checkNotNullExpressionValue(parameterSpec, "parameters.getParameterS…arameterSpec::class.java)");
                    String encodeToString = Base64.encodeToString(((IvParameterSpec) parameterSpec).getIV(), 2);
                    Intrinsics.checkNotNullExpressionValue(encodeToString, "Base64.encodeToString(\n …RAP\n                    )");
                    Unit unit2 = Unit.INSTANCE;
                    iEncryptionManager.setCipherIv(createCipherIv2);
                    iEncryptionManager.writeCipherIvString(encodeToString);
                    return true;
                }
            } catch (Exception e) {
                BaseLogger.INSTANCE.e("Failed to initialize cipher for encryption.", e);
            }
            return false;
        }

        private static void logSecretKeyBacker(IEncryptionManager iEncryptionManager, SecretKey secretKey) {
            KeySpec keySpec = SecretKeyFactory.getInstance("AES", "AndroidKeyStore").getKeySpec(secretKey, KeyInfo.class);
            if (keySpec == null) {
                throw new NullPointerException("null cannot be cast to non-null type android.security.keystore.KeyInfo");
            }
            if (((KeyInfo) keySpec).isInsideSecureHardware()) {
                BaseLogger.INSTANCE.i("Secret key hardware backed.");
            } else {
                BaseLogger.INSTANCE.i("Secret key software backed.");
            }
        }

        public static void removeCipherIvAndDeleteKey(IEncryptionManager iEncryptionManager) {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                keyStore.deleteEntry(iEncryptionManager.getKeyAlias());
                iEncryptionManager.removeCipherIvString(iEncryptionManager.getKeyAlias());
            } catch (Exception e) {
                BaseLogger.INSTANCE.e("Failed to delete key.", e);
            }
        }
    }

    Cipher createCipherIv() throws NoSuchAlgorithmException, NoSuchPaddingException;

    SecretKey createKey(boolean isAuthenticationRequired);

    String decrypt(String encryptedData) throws IllegalBlockSizeException;

    String decrypt(String encryptedData, String expectedDecryptedData) throws IllegalBlockSizeException;

    String encrypt(String data) throws IllegalBlockSizeException;

    String encryptData(String data, boolean isAuthenticationRequired);

    Cipher getCipherIv();

    String getKeyAlias();

    CipherIvInitiationResult initCipherForDecryption(boolean isAuthenticationRequired);

    @SuppressLint({"TrulyRandom"})
    boolean initCipherForEncryption(boolean isAuthenticationRequired);

    String readCipherIvString();

    void removeCipherIvAndDeleteKey();

    void removeCipherIvString(String keyAlias);

    void setCipherIv(Cipher cipher);

    void writeCipherIvString(String cipherIvString);
}
