package com.vk.core.preference.crypto;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import com.vk.core.preference.crypto.g;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Calendar;
import java.util.Date;
import java.util.Objects;
import java.util.UUID;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.a0.d.n;
import kotlin.h0.v;
import kotlin.u;
import me.zhanghai.android.materialprogressbar.BuildConfig;

/* loaded from: classes2.dex */
public final class a implements g {
    public static final c a = new c(null);

    /* renamed from: b, reason: collision with root package name */
    private final ReentrantReadWriteLock f14999b;

    /* renamed from: c, reason: collision with root package name */
    private final Context f15000c;

    /* renamed from: d, reason: collision with root package name */
    private final Date f15001d;

    /* renamed from: e, reason: collision with root package name */
    private final Date f15002e;

    /* renamed from: f, reason: collision with root package name */
    private CountDownLatch f15003f;

    /* renamed from: g, reason: collision with root package name */
    private KeyStore f15004g;

    /* renamed from: h, reason: collision with root package name */
    private Cipher f15005h;

    /* renamed from: i, reason: collision with root package name */
    private final ReentrantLock f15006i;

    /* renamed from: j, reason: collision with root package name */
    private final i f15007j;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.vk.core.preference.crypto.a$a, reason: collision with other inner class name */
    /* loaded from: classes2.dex */
    public static final class C0368a extends n implements kotlin.a0.c.a<u> {
        public static final C0368a p = new C0368a();

        C0368a() {
            super(0);
        }

        @Override // kotlin.a0.c.a
        public u c() {
            return u.a;
        }
    }

    /* loaded from: classes2.dex */
    static final class b implements Runnable {
        final /* synthetic */ kotlin.a0.c.l p;
        final /* synthetic */ kotlin.a0.c.a q;

        b(kotlin.a0.c.l lVar, kotlin.a0.c.a aVar) {
            this.p = lVar;
            this.q = aVar;
        }

        @Override // java.lang.Runnable
        public final void run() {
            a.this.j(this.p, this.q);
        }
    }

    /* loaded from: classes2.dex */
    public static final class c {
        private c() {
        }

        public /* synthetic */ c(kotlin.a0.d.g gVar) {
            this();
        }
    }

    public a(Context context, Executor executor, kotlin.a0.c.l<? super Exception, u> lVar, i iVar, kotlin.a0.c.a<u> aVar) {
        kotlin.a0.d.m.e(context, "context");
        kotlin.a0.d.m.e(executor, "initExecutor");
        kotlin.a0.d.m.e(lVar, "exceptionHandler");
        kotlin.a0.d.m.e(iVar, "keyStorage");
        kotlin.a0.d.m.e(aVar, "masterKeyCreationCallback");
        this.f15007j = iVar;
        this.f14999b = new ReentrantReadWriteLock();
        this.f15000c = context.getApplicationContext();
        this.f15003f = new CountDownLatch(1);
        this.f15006i = new ReentrantLock();
        Calendar calendar = Calendar.getInstance();
        kotlin.a0.d.m.d(calendar, "calendar");
        Date time = calendar.getTime();
        kotlin.a0.d.m.d(time, "calendar.time");
        this.f15001d = time;
        calendar.add(1, 30);
        Date time2 = calendar.getTime();
        kotlin.a0.d.m.d(time2, "calendar.time");
        this.f15002e = time2;
        executor.execute(new b(lVar, aVar));
    }

    public /* synthetic */ a(Context context, Executor executor, kotlin.a0.c.l lVar, i iVar, kotlin.a0.c.a aVar, int i2, kotlin.a0.d.g gVar) {
        this(context, executor, lVar, iVar, (i2 & 16) != 0 ? C0368a.p : aVar);
    }

    private final void e() {
        if (this.f15003f.getCount() > 0) {
            throw new EncryptionException("Manager is not initialized");
        }
        if (!i()) {
            throw new EncryptionException("Cannot perform operations without master key");
        }
    }

    private final byte[] f(String str) {
        String C;
        String uuid = UUID.randomUUID().toString();
        kotlin.a0.d.m.d(uuid, "UUID.randomUUID().toString()");
        Objects.requireNonNull(uuid, "null cannot be cast to non-null type java.lang.String");
        String lowerCase = uuid.toLowerCase();
        kotlin.a0.d.m.d(lowerCase, "(this as java.lang.String).toLowerCase()");
        C = v.C(lowerCase, "-", BuildConfig.FLAVOR, false, 4, null);
        Objects.requireNonNull(C, "null cannot be cast to non-null type java.lang.String");
        char[] charArray = C.toCharArray();
        kotlin.a0.d.m.d(charArray, "(this as java.lang.String).toCharArray()");
        UUID randomUUID = UUID.randomUUID();
        kotlin.a0.d.m.d(randomUUID, "UUID.randomUUID()");
        try {
            SecretKey generateSecret = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(charArray, h.a(randomUUID), 10000, 256));
            kotlin.a0.d.m.d(generateSecret, "skf.generateSecret(spec)");
            byte[] encoded = generateSecret.getEncoded();
            kotlin.a0.d.m.d(encoded, "generatedKey");
            try {
                Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding");
                KeyStore keyStore = this.f15004g;
                if (keyStore == null) {
                    kotlin.a0.d.m.q("keyStore");
                }
                Certificate certificate = keyStore.getCertificate("ALIAS_MASTER_KEY");
                kotlin.a0.d.m.d(certificate, "keyStore.getCertificate(MASTER_KEY_ALIAS)");
                cipher.init(1, certificate.getPublicKey());
                byte[] doFinal = cipher.doFinal(encoded);
                kotlin.a0.d.m.d(doFinal, "cipher.doFinal(data)");
                this.f15007j.b(str, doFinal);
                kotlin.a0.d.m.e(encoded, "encodedKey");
                return encoded;
            } catch (Exception e2) {
                throw new EncryptionException("Failed to encrypt with master key", e2);
            }
        } catch (Exception e3) {
            throw new EncryptionException("Failed to generate key", e3);
        }
    }

    private final AlgorithmParameterSpec g() {
        if (Build.VERSION.SDK_INT >= 23) {
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("ALIAS_MASTER_KEY", 3).setKeySize(2048).setEncryptionPaddings("PKCS1Padding").setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4)).setCertificateSubject(new X500Principal("CN=ALIAS_MASTER_KEY")).setCertificateSerialNumber(BigInteger.valueOf(Math.abs(1301899345))).build();
            kotlin.a0.d.m.d(build, "KeyGenParameterSpec.Buil…()))\n            .build()");
            return build;
        }
        KeyPairGeneratorSpec build2 = new KeyPairGeneratorSpec.Builder(this.f15000c).setAlias("ALIAS_MASTER_KEY").setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4)).setKeySize(2048).setSubject(new X500Principal("CN=ALIAS_MASTER_KEY")).setSerialNumber(BigInteger.valueOf(Math.abs(1301899345))).setStartDate(this.f15001d).setEndDate(this.f15002e).build();
        kotlin.a0.d.m.d(build2, "KeyPairGeneratorSpec.Bui…ate)\n            .build()");
        return build2;
    }

    private final byte[] h(String str) {
        byte[] a2 = this.f15007j.a(str);
        if (a2 == null) {
            d.h.i.a.p("No key with alias " + str);
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding");
            KeyStore keyStore = this.f15004g;
            if (keyStore == null) {
                kotlin.a0.d.m.q("keyStore");
            }
            cipher.init(2, keyStore.getKey("ALIAS_MASTER_KEY", null));
            byte[] doFinal = cipher.doFinal(a2);
            kotlin.a0.d.m.d(doFinal, "cipher.doFinal(data)");
            kotlin.a0.d.m.e(doFinal, "encodedKey");
            return doFinal;
        } catch (Exception e2) {
            throw new EncryptionException("Failed to decrypt with master key", e2);
        }
    }

    private final boolean i() {
        KeyStore keyStore;
        try {
            keyStore = this.f15004g;
            if (keyStore == null) {
                kotlin.a0.d.m.q("keyStore");
            }
        } catch (Exception e2) {
            d.h.i.a.w(e2, "Failed to retrieve master key");
        }
        return keyStore.getKey("ALIAS_MASTER_KEY", null) != null;
    }

    @Override // com.vk.core.preference.crypto.g
    public void a(String str) {
        kotlin.a0.d.m.e(str, "keyAlias");
        this.f15007j.b(str, null);
    }

    @Override // com.vk.core.preference.crypto.g
    public g.a b(String str, byte[] bArr) {
        kotlin.a0.d.m.e(str, "keyAlias");
        kotlin.a0.d.m.e(bArr, "data");
        ReentrantReadWriteLock.ReadLock readLock = this.f14999b.readLock();
        readLock.lock();
        try {
            e();
            readLock.unlock();
            byte[] h2 = h(str);
            if (h2 == null) {
                h2 = f(str);
            }
            try {
                SecretKeySpec secretKeySpec = new SecretKeySpec(h2, "AES");
                ReentrantLock reentrantLock = this.f15006i;
                reentrantLock.lock();
                try {
                    Cipher cipher = this.f15005h;
                    if (cipher == null) {
                        kotlin.a0.d.m.q("aesCipher");
                    }
                    cipher.init(1, secretKeySpec);
                    Cipher cipher2 = this.f15005h;
                    if (cipher2 == null) {
                        kotlin.a0.d.m.q("aesCipher");
                    }
                    byte[] doFinal = cipher2.doFinal(bArr);
                    kotlin.a0.d.m.d(doFinal, "encrypted");
                    Cipher cipher3 = this.f15005h;
                    if (cipher3 == null) {
                        kotlin.a0.d.m.q("aesCipher");
                    }
                    byte[] iv = cipher3.getIV();
                    kotlin.a0.d.m.d(iv, "aesCipher.iv");
                    return new g.a(doFinal, iv);
                } finally {
                    reentrantLock.unlock();
                }
            } catch (Exception e2) {
                throw new EncryptionException("Failed to encrypt with raw aes key", e2);
            }
        } catch (Throwable th) {
            readLock.unlock();
            throw th;
        }
    }

    @Override // com.vk.core.preference.crypto.g
    public boolean c(long j2) {
        return this.f15003f.await(j2, TimeUnit.MILLISECONDS);
    }

    @Override // com.vk.core.preference.crypto.g
    public byte[] d(String str, g.a aVar) {
        kotlin.a0.d.m.e(str, "keyAlias");
        kotlin.a0.d.m.e(aVar, "data");
        ReentrantReadWriteLock.ReadLock readLock = this.f14999b.readLock();
        readLock.lock();
        try {
            e();
            readLock.unlock();
            byte[] h2 = h(str);
            if (h2 == null) {
                throw new EncryptionException("No key with alias " + str);
            }
            try {
                ReentrantLock reentrantLock = this.f15006i;
                reentrantLock.lock();
                try {
                    SecretKeySpec secretKeySpec = new SecretKeySpec(h2, "AES");
                    Cipher cipher = this.f15005h;
                    if (cipher == null) {
                        kotlin.a0.d.m.q("aesCipher");
                    }
                    cipher.init(2, secretKeySpec, new IvParameterSpec(aVar.b()));
                    Cipher cipher2 = this.f15005h;
                    if (cipher2 == null) {
                        kotlin.a0.d.m.q("aesCipher");
                    }
                    byte[] doFinal = cipher2.doFinal(aVar.a());
                    reentrantLock.unlock();
                    kotlin.a0.d.m.d(doFinal, "cipherLock.withLock {\n  …(data.data)\n            }");
                    return doFinal;
                } catch (Throwable th) {
                    reentrantLock.unlock();
                    throw th;
                }
            } catch (Exception e2) {
                throw new EncryptionException("Failed to decrypt with aes key", e2);
            }
        } catch (Throwable th2) {
            readLock.unlock();
            throw th2;
        }
    }

    public final void j(kotlin.a0.c.l<? super Exception, u> lVar, kotlin.a0.c.a<u> aVar) throws EncryptionException {
        CountDownLatch countDownLatch;
        kotlin.a0.d.m.e(lVar, "exceptionHandler");
        kotlin.a0.d.m.e(aVar, "masterKeyCreationCallback");
        ReentrantReadWriteLock reentrantReadWriteLock = this.f14999b;
        ReentrantReadWriteLock.ReadLock readLock = reentrantReadWriteLock.readLock();
        int i2 = 0;
        int readHoldCount = reentrantReadWriteLock.getWriteHoldCount() == 0 ? reentrantReadWriteLock.getReadHoldCount() : 0;
        for (int i3 = 0; i3 < readHoldCount; i3++) {
            readLock.unlock();
        }
        ReentrantReadWriteLock.WriteLock writeLock = reentrantReadWriteLock.writeLock();
        writeLock.lock();
        try {
            try {
                if (this.f15003f.getCount() == 0) {
                    return;
                }
                try {
                    KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                    kotlin.a0.d.m.d(keyStore, "KeyStore.getInstance(\"AndroidKeyStore\")");
                    this.f15004g = keyStore;
                    if (keyStore == null) {
                        kotlin.a0.d.m.q("keyStore");
                    }
                    keyStore.load(null);
                    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
                    kotlin.a0.d.m.d(cipher, "Cipher.getInstance(AES_CIPHER_SUIT)");
                    this.f15005h = cipher;
                    if (!i()) {
                        try {
                            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                            keyPairGenerator.initialize(g());
                            keyPairGenerator.generateKeyPair();
                            aVar.c();
                        } catch (Exception e2) {
                            throw new EncryptionException("Failed to generate master key", e2);
                        }
                    }
                    countDownLatch = this.f15003f;
                } catch (Exception e3) {
                    lVar.i(new EncryptionException("Failed to run init", e3));
                    countDownLatch = this.f15003f;
                }
                countDownLatch.countDown();
                while (i2 < readHoldCount) {
                    readLock.lock();
                    i2++;
                }
                writeLock.unlock();
            } catch (Throwable th) {
                this.f15003f.countDown();
                throw th;
            }
        } finally {
            while (i2 < readHoldCount) {
                readLock.lock();
                i2++;
            }
            writeLock.unlock();
        }
    }
}
