package com.microsoft.office.outlook.hx;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import com.microsoft.office.outlook.plat.ContextConnector;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Calendar;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes16.dex */
class HxSecureStringStore {
    private static final String AESKeyAlias = "HxCoreSecureStringSecretAES";
    private static final String AESKeyEntryName = "EncryptedKey";
    private static final String AESKeyVersionName = "KeyVersion";
    private static final String AESMode = "AES/CBC/PKCS5Padding";
    private static final String AndroidKeyStore = "AndroidKeyStore";
    private static final String RSAKeyAlias = "HxCoreSecureStringSecretRSA";
    private static final String RSAMode = "RSA/ECB/PKCS1Padding";
    private static int cbAESIV = 0;
    private static final int cbAESKey = 16;
    private static final byte currentSchemaVersion = 2;
    private static Boolean s_hasAttemptedKeyRecreate;
    private static Boolean s_legacyMode;
    private static SecretKey s_secretKey;

    static {
        try {
            cbAESIV = Cipher.getInstance(AESMode).getBlockSize();
        } catch (Throwable th2) {
            cbAESIV = 16;
            hxAssert(th2, 4);
        }
        Boolean bool = Boolean.FALSE;
        s_hasAttemptedKeyRecreate = bool;
        s_legacyMode = bool;
    }

    HxSecureStringStore() {
    }

    private static Boolean deleteKeyState() {
        try {
            KeyStore keyStore = KeyStore.getInstance(AndroidKeyStore);
            keyStore.load(null);
            if (keyStore.containsAlias(RSAKeyAlias)) {
                keyStore.deleteEntry(RSAKeyAlias);
            }
            SharedPreferences sharedPreferences = ContextConnector.getInstance().getContext().getSharedPreferences(AESKeyAlias, 0);
            if (sharedPreferences.contains(AESKeyEntryName)) {
                SharedPreferences.Editor edit = sharedPreferences.edit();
                edit.remove(AESKeyEntryName);
                if (!edit.commit()) {
                    throw new AssertionError("SecureString failed to delete keys");
                }
            }
            return Boolean.TRUE;
        } catch (Throwable th2) {
            hxAssert(th2, 5);
            return Boolean.FALSE;
        }
    }

    private static int getAESKeyVersion(SharedPreferences sharedPreferences) {
        return sharedPreferences.getInt(AESKeyVersionName, 1);
    }

    private static int getRandomKeyVersion() {
        Random random = new Random();
        int i10 = 0;
        while (true) {
            if (i10 != 0 && i10 != 1) {
                return i10;
            }
            i10 = random.nextInt();
        }
    }

    private static synchronized Key getSecretKey() {
        SecretKey secretKey;
        synchronized (HxSecureStringStore.class) {
            if (s_secretKey == null && !s_legacyMode.booleanValue()) {
                loadSecretKey();
            }
            secretKey = s_secretKey;
        }
        return secretKey;
    }

    public static native void hxAssert(Throwable th2, int i10);

    private static byte[] legacyProtectToBytes(String str) {
        return str == null ? new byte[0] : xorBytes(HxSerializationHelper.getSerializedNativeOrderByteFormat(str));
    }

    private static String legacyUnprotect(byte[] bArr) {
        if (bArr == null || bArr.length <= 0) {
            return new String();
        }
        byte[] xorBytes = xorBytes(bArr);
        int length = xorBytes.length / 2;
        char[] cArr = new char[length];
        ByteBuffer wrapByteArrayInBuffer = HxSerializationHelper.wrapByteArrayInBuffer(xorBytes);
        for (int i10 = 0; i10 < length; i10++) {
            cArr[i10] = wrapByteArrayInBuffer.getChar();
        }
        return new String(cArr);
    }

    private static void loadSecretKey() {
        try {
            KeyStore keyStore = KeyStore.getInstance(AndroidKeyStore);
            keyStore.load(null);
            if (!keyStore.containsAlias(RSAKeyAlias)) {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", AndroidKeyStore);
                Context context = ContextConnector.getInstance().getContext();
                keyPairGenerator.initialize(new KeyPairGeneratorSpec.Builder(context).setAlias(RSAKeyAlias).setSubject(new X500Principal("CN=HxCoreSecureStringSecretRSA")).setSerialNumber(BigInteger.ONE).setStartDate(Calendar.getInstance().getTime()).setEndDate(Calendar.getInstance().getTime()).build());
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                byte[] bArr = new byte[16];
                new SecureRandom().nextBytes(bArr);
                Cipher cipher = Cipher.getInstance(RSAMode);
                cipher.init(1, generateKeyPair.getPublic());
                String encodeToString = Base64.encodeToString(cipher.doFinal(bArr), 0);
                SharedPreferences.Editor edit = context.getSharedPreferences(AESKeyAlias, 0).edit();
                edit.putString(AESKeyEntryName, encodeToString);
                edit.putInt(AESKeyVersionName, getRandomKeyVersion());
                if (!edit.commit()) {
                    throw new AssertionError("SecureString failed to save AES key");
                }
            }
            byte[] decode = Base64.decode(ContextConnector.getInstance().getContext().getSharedPreferences(AESKeyAlias, 0).getString(AESKeyEntryName, null), 0);
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(RSAKeyAlias, null);
            Cipher cipher2 = Cipher.getInstance(RSAMode);
            cipher2.init(2, privateKeyEntry.getPrivateKey());
            s_secretKey = new SecretKeySpec(cipher2.doFinal(decode), "AES");
        } catch (Throwable th2) {
            if (!s_hasAttemptedKeyRecreate.booleanValue()) {
                s_hasAttemptedKeyRecreate = Boolean.TRUE;
                hxAssert(th2, 0);
                if (deleteKeyState().booleanValue()) {
                    loadSecretKey();
                    return;
                }
            }
            s_legacyMode = Boolean.TRUE;
            s_secretKey = new SecretKeySpec(new byte[16], "AES");
            hxAssert(th2, 6);
        }
    }

    public static byte[] protectToBytes(String str) {
        return protectToBytesInner(str, 2);
    }

    public static byte[] protectToBytesInner(String str, int i10) {
        if (str != null) {
            try {
                if (str.length() != 0) {
                    Key secretKey = getSecretKey();
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
                    dataOutputStream.writeByte(2);
                    dataOutputStream.writeInt(!s_legacyMode.booleanValue() ? getAESKeyVersion(ContextConnector.getInstance().getContext().getSharedPreferences(AESKeyAlias, 0)) : 0);
                    int i11 = cbAESIV;
                    byte[] bArr = new byte[i11];
                    new SecureRandom().nextBytes(bArr);
                    dataOutputStream.write(bArr, 0, i11);
                    if (s_legacyMode.booleanValue()) {
                        byte[] legacyProtectToBytes = legacyProtectToBytes(str);
                        dataOutputStream.write(legacyProtectToBytes, 0, legacyProtectToBytes.length);
                    } else {
                        Cipher cipher = Cipher.getInstance(AESMode);
                        cipher.init(1, secretKey, new IvParameterSpec(bArr));
                        byte[] doFinal = cipher.doFinal(str.getBytes());
                        dataOutputStream.write(doFinal, 0, doFinal.length);
                    }
                    dataOutputStream.flush();
                    return byteArrayOutputStream.toByteArray();
                }
            } catch (Throwable th2) {
                hxAssert(th2, 2);
                return new byte[0];
            }
        }
        return new byte[0];
    }

    public static String unprotectBytes(byte[] bArr) {
        if (bArr != null) {
            try {
                if (bArr.length != 0) {
                    ByteBuffer wrap = ByteBuffer.wrap(bArr);
                    Key secretKey = getSecretKey();
                    int i10 = wrap.get() >= 2 ? wrap.getInt() : 1;
                    byte[] bArr2 = new byte[cbAESIV];
                    wrap.get(bArr2);
                    byte[] bArr3 = new byte[wrap.remaining()];
                    wrap.get(bArr3);
                    SharedPreferences sharedPreferences = ContextConnector.getInstance().getContext().getSharedPreferences(AESKeyAlias, 0);
                    if (i10 == 0) {
                        return legacyUnprotect(bArr3);
                    }
                    if (i10 != 0 && s_legacyMode.booleanValue()) {
                        throw new AssertionError("Can't AES decrypt since we failed to initalize AES key");
                    }
                    if (i10 != getAESKeyVersion(sharedPreferences)) {
                        throw new AssertionError("AES key version mismatch");
                    }
                    Cipher cipher = Cipher.getInstance(AESMode);
                    cipher.init(2, secretKey, new IvParameterSpec(bArr2));
                    return new String(cipher.doFinal(bArr3));
                }
            } catch (Throwable th2) {
                hxAssert(th2, 3);
                return new String();
            }
        }
        return new String();
    }

    private static byte[] xorBytes(byte[] bArr) {
        int length = bArr.length;
        byte[] bArr2 = new byte[length];
        for (int i10 = 0; i10 < length; i10++) {
            bArr2[i10] = (byte) (~bArr[i10]);
        }
        return bArr2;
    }
}
