package com.microsoft.rightsmanagement.streams.crypto;

import android.annotation.SuppressLint;
import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.util.Base64;
import com.microsoft.identity.common.internal.platform.DevicePopManager;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Calendar;
import java.util.Date;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import junit.framework.Assert;

/* loaded from: classes3.dex */
public final class i extends h {
    public boolean e;
    public final SecureRandom i;
    public Context f = null;
    public SecretKey g = null;
    public Object h = new Object();
    public KeyPair j = null;

    @SuppressLint({"TrulyRandom"})
    public i() throws GeneralSecurityException {
        this.e = Build.VERSION.SDK_INT >= 23;
        if (Build.VERSION.SDK_INT < 18) {
            throw new GeneralSecurityException("Cannot instantiate this class when API is less than 18");
        }
        this.i = new SecureRandom();
    }

    @TargetApi(18)
    public final Object a(X500Principal x500Principal, Date date, Date date2) throws GeneralSecurityException {
        try {
            Class<?> cls = Class.forName("android.security.KeyPairGeneratorSpec$Builder");
            Constructor<?> declaredConstructor = cls.getDeclaredConstructor(Context.class);
            declaredConstructor.setAccessible(true);
            Object newInstance = declaredConstructor.newInstance(this.f);
            Method declaredMethod = cls.getDeclaredMethod("setAlias", String.class);
            Method declaredMethod2 = cls.getDeclaredMethod("setSubject", X500Principal.class);
            Method declaredMethod3 = cls.getDeclaredMethod("setSerialNumber", BigInteger.class);
            Method declaredMethod4 = cls.getDeclaredMethod("setStartDate", Date.class);
            return cls.getDeclaredMethod("build", new Class[0]).invoke(cls.getDeclaredMethod("setEndDate", Date.class).invoke(declaredMethod4.invoke(declaredMethod3.invoke(declaredMethod2.invoke(declaredMethod.invoke(newInstance, "MsipKeysRootCert"), x500Principal), BigInteger.ONE), date), date2), new Object[0]);
        } catch (ClassNotFoundException e) {
            throw new GeneralSecurityException("android.security.KeyPairGeneratorSpec.Builder is not found", e);
        } catch (IllegalAccessException e2) {
            throw new GeneralSecurityException("android.security.KeyPairGeneratorSpec.Builder is not accessible", e2);
        } catch (IllegalArgumentException e3) {
            throw new GeneralSecurityException("android.security.KeyPairGeneratorSpec.Builder argument is not valid", e3);
        } catch (InstantiationException e4) {
            throw new GeneralSecurityException("android.security.KeyPairGeneratorSpec.Builder is not instantiated", e4);
        } catch (NoSuchMethodException e5) {
            throw new GeneralSecurityException("android.security.KeyPairGeneratorSpec.Builder is not found", e5);
        } catch (InvocationTargetException e6) {
            throw new GeneralSecurityException("android.security.KeyPairGeneratorSpec.Builder's method invoke failed", e6);
        }
    }

    @TargetApi(18)
    public final KeyPairGenerator a(String str, Calendar calendar, Calendar calendar2) throws GeneralSecurityException {
        AlgorithmParameterSpec algorithmParameterSpec = (AlgorithmParameterSpec) a(new X500Principal(str), calendar.getTime(), calendar2.getTime());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(DevicePopManager.KeyPairGeneratorAlgorithms.RSA, "AndroidKeyStore");
        keyPairGenerator.initialize(algorithmParameterSpec);
        keyPairGenerator.generateKeyPair();
        return keyPairGenerator;
    }

    public final SecretKey a(SharedPreferences sharedPreferences) throws GeneralSecurityException {
        com.microsoft.rightsmanagement.logger.f.c("OfflineKeyManagerV2", "#backwardsCompatibleRetrieveKey");
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        SecretKey secretKey = null;
        String string = sharedPreferences.getString(e(), null);
        if (string == null) {
            return null;
        }
        if (this.e) {
            Cipher cipher2 = Cipher.getInstance("RSA/ECB/OAEPPadding");
            try {
                secretKey = a(cipher2, string);
            } catch (InvalidKeyException unused) {
            }
            if (secretKey != null) {
                return secretKey;
            }
            SecretKey a = a(cipher, string);
            if (a != null) {
                com.microsoft.rightsmanagement.logger.f.b("OfflineKeyManagerV2", "An offline key using an old key wrap algorithm was detected; upgrading to new key wrap algorithm");
                a(cipher2, a, e());
                return a;
            }
        }
        return a(cipher, string);
    }

    public final SecretKey a(Cipher cipher, String str) throws GeneralSecurityException {
        byte[] decode = Base64.decode(str, 0);
        cipher.init(4, this.j.getPrivate());
        try {
            return (SecretKey) cipher.unwrap(decode, "AES", 3);
        } catch (IllegalArgumentException e) {
            com.microsoft.rightsmanagement.logger.f.b("OfflineKeyManagerV2", "cipher cannot be unwrapped from key store, rethrowing InvalidKeySpecException be deleted. same as corrupt key spec");
            throw new InvalidKeySpecException(e);
        }
    }

    public final void a(SharedPreferences sharedPreferences, String str) throws GeneralSecurityException {
        if (sharedPreferences.contains(str)) {
            SharedPreferences.Editor edit = sharedPreferences.edit();
            edit.remove(str);
            if (edit.commit()) {
                return;
            }
            String str2 = "Unable to remove " + str;
            com.microsoft.rightsmanagement.logger.f.b("OfflineKeyManagerV2", str2);
            throw new GeneralSecurityException(str2);
        }
    }

    public final void a(Cipher cipher, SecretKey secretKey, String str) throws GeneralSecurityException {
        com.microsoft.rightsmanagement.logger.f.c("OfflineKeyManagerV2", "#saveOfflineKey");
        Assert.assertNotNull(secretKey);
        cipher.init(3, this.j.getPublic());
        String encodeToString = Base64.encodeToString(cipher.wrap(secretKey), 0);
        SharedPreferences.Editor edit = this.f.getSharedPreferences("SHARED_PREFS_NAME", 0).edit();
        edit.putString(str, encodeToString);
        if (edit.commit()) {
            return;
        }
        String str2 = "Unable to save key " + str;
        com.microsoft.rightsmanagement.logger.f.b("OfflineKeyManagerV2", str2);
        throw new GeneralSecurityException(str2);
    }

    @Override // com.microsoft.rightsmanagement.streams.crypto.h
    public boolean a(Context context) {
        return context.getSharedPreferences("SHARED_PREFS_NAME", 0).contains("BASE_KEY_NAME_V2");
    }

    @Override // com.microsoft.rightsmanagement.streams.crypto.h
    @TargetApi(18)
    public void b(Context context) throws GeneralSecurityException, IOException {
        com.microsoft.rightsmanagement.logger.f.c("OfflineKeyManagerV2", "deleteOfflineKey");
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        try {
            if (keyStore.containsAlias("MsipKeysRootCert")) {
                keyStore.deleteEntry("MsipKeysRootCert");
            }
        } catch (NullPointerException unused) {
            com.microsoft.rightsmanagement.logger.f.b("OfflineKeyManagerV2", "Keystore locked and nullexception was triggered, cannot delete key entry");
        }
        a(this.f.getSharedPreferences("SHARED_PREFS_NAME", 0), e());
        this.g = null;
        this.j = null;
    }

    public final void c() throws GeneralSecurityException {
        if (super.c(this.f)) {
            com.microsoft.rightsmanagement.logger.f.c("OfflineKeyManagerV2", "#checkAndUpdateKeyManagementToCurrentVersion");
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            this.g = new SecretKeySpec(super.f(this.f), "AES");
            a(cipher, this.g, e());
            super.d(this.f);
        }
    }

    public final SecretKey d() throws NoSuchAlgorithmException, InvalidKeySpecException {
        com.microsoft.rightsmanagement.logger.f.c("OfflineKeyManagerV2", "#generateSecretKey");
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256, this.i);
        return keyGenerator.generateKey();
    }

    public final String e() {
        return "BASE_KEY_NAME_V2";
    }

    @TargetApi(18)
    public final synchronized KeyPair f() throws IOException, GeneralSecurityException {
        KeyStore.PrivateKeyEntry privateKeyEntry;
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        try {
            if (keyStore.containsAlias("MsipKeysRootCert")) {
                com.microsoft.rightsmanagement.logger.f.c("OfflineKeyManagerV2", "KeyStore alias is available");
            } else {
                com.microsoft.rightsmanagement.logger.f.c("OfflineKeyManagerV2", "KeyStore alias is not available");
                Calendar calendar = Calendar.getInstance();
                Calendar calendar2 = Calendar.getInstance();
                calendar2.add(1, 100);
                String format = String.format("CN=%s, OU=%s", "MsipKeysRootCert", this.f.getPackageName());
                a(format, calendar, calendar2);
                com.microsoft.rightsmanagement.logger.f.c("OfflineKeyManagerV2", "Key entry is generated for cert " + format);
            }
            try {
                com.microsoft.rightsmanagement.logger.f.c("OfflineKeyManagerV2", "Reading Key entry");
                privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("MsipKeysRootCert", null);
            } catch (NullPointerException e) {
                com.microsoft.rightsmanagement.logger.f.b("OfflineKeyManagerV2", "Key entry cannot be retrieved from key store");
                throw new InvalidKeySpecException(e);
            }
        } catch (NullPointerException e2) {
            com.microsoft.rightsmanagement.logger.f.b("OfflineKeyManagerV2", "Key entry cannot be retrieved from key store, rethrowing InvalidKeySpecException be deleted. same as corrupt key spec");
            throw new InvalidKeySpecException(e2);
        }
        return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
    }

    @Override // com.microsoft.rightsmanagement.streams.crypto.h
    public byte[] f(Context context) throws GeneralSecurityException {
        com.microsoft.rightsmanagement.logger.f.c("OfflineKeyManagerV2", "#retrieveOfflineKey");
        this.f = context;
        SecretKey secretKey = this.g;
        return secretKey != null ? secretKey.getEncoded() : g(context);
    }

    public final void g() throws IOException, GeneralSecurityException {
        if (this.j == null) {
            this.j = f();
        }
    }

    public final byte[] g(Context context) throws GeneralSecurityException {
        synchronized (this.h) {
            this.f = context;
            if (this.g != null) {
                return this.g.getEncoded();
            }
            try {
                g();
                c();
                Cipher cipher = Cipher.getInstance(this.e ? "RSA/ECB/OAEPPadding" : "RSA/ECB/PKCS1Padding");
                SharedPreferences sharedPreferences = this.f.getSharedPreferences("SHARED_PREFS_NAME", 0);
                String e = e();
                SecretKey a = a(sharedPreferences);
                if (a != null) {
                    this.g = a;
                } else {
                    this.g = d();
                    a(cipher, this.g, e);
                }
                return this.g.getEncoded();
            } catch (IOException e2) {
                com.microsoft.rightsmanagement.logger.f.a("OfflineKeyManagerV2", e2, "IOException during loading keypair from Android KeyStore");
                throw new GeneralSecurityException("IOException during loading keypair from Android KeyStore. " + e2.getMessage());
            }
        }
    }
}
