package com.amazon.identity.auth.device.framework.crypto;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import com.amazon.identity.auth.device.bc;
import com.amazon.identity.auth.device.framework.ar;
import com.amazon.identity.auth.device.framework.crypto.AESCipher;
import com.amazon.identity.auth.device.storage.LocalDataStorage;
import com.amazon.identity.auth.device.storage.o;
import com.amazon.identity.auth.device.storage.u;
import com.amazon.identity.auth.device.utils.aq;
import com.amazon.identity.auth.device.utils.y;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Date;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.security.auth.x500.X500Principal;

/* compiled from: DCP */
@TargetApi(19)
/* loaded from: classes2.dex */
public class d implements b {
    private static d f;

    /* renamed from: a, reason: collision with root package name */
    private final Context f20823a;

    /* renamed from: b, reason: collision with root package name */
    private final byte[] f20824b;
    private final AESCipher c;

    /* renamed from: d, reason: collision with root package name */
    private final KeyStore f20825d;
    private final u e;

    private d(Context context) throws Exception {
        byte[] d3;
        ar f2 = ar.f("LocalDataStorageEncryptor:InitiatingLocalDataStorageEncryptor");
        try {
            try {
                this.f20823a = context;
                u p2 = u.p(context, "LOCAL_DS_ENCRYPTION_KEY_NAMESPACE");
                this.e = p2;
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                this.f20825d = keyStore;
                keyStore.load(null);
                f2.h("generateRSAKeyIfNotExists");
                if (keyStore == null) {
                    f2.h("NullKeystore");
                    throw new IllegalArgumentException("Keystore is null! This should not happen");
                }
                if (keyStore.containsAlias("IDENTITY_MAP_KEYSTORE_ALIAS")) {
                    y.u("LocalDataStorageEncryptor", "RSA keypair exists, fast return.");
                    f2.h("RSAKeyPairGenerated");
                } else {
                    y.u("LocalDataStorageEncryptor", "Generating RSA keypair");
                    if (!TextUtils.isEmpty(p2.j("AES_ENCRYPTION_KEY"))) {
                        y.u("LocalDataStorageEncryptor", "AES key generated, deleting it and clearing db before generating new RSA keys");
                        p2.n();
                        LocalDataStorage.E(context);
                        o.C(context);
                        f2.h("DeleteExistAESKeyRegenerateRSAKey");
                    }
                    long currentTimeMillis = System.currentTimeMillis();
                    long currentTimeMillis2 = System.currentTimeMillis() + 946080000000L;
                    AlgorithmParameterSpec build = Build.VERSION.SDK_INT <= 23 ? new KeyPairGeneratorSpec.Builder(context).setAlias("IDENTITY_MAP_KEYSTORE_ALIAS").setSubject(new X500Principal("CN=IDENTITY_MAP_KEYSTORE_ALIAS")).setSerialNumber(BigInteger.TEN).setKeySize(2048).setStartDate(new Date(currentTimeMillis)).setEndDate(new Date(currentTimeMillis2)).build() : new KeyGenParameterSpec.Builder("IDENTITY_MAP_KEYSTORE_ALIAS", 3).setCertificateSubject(new X500Principal("CN=IDENTITY_MAP_KEYSTORE_ALIAS")).setCertificateSerialNumber(BigInteger.TEN).setKeySize(2048).setKeyValidityStart(new Date(currentTimeMillis)).setKeyValidityEnd(new Date(currentTimeMillis2)).setEncryptionPaddings("PKCS1Padding").build();
                    try {
                        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                        keyPairGenerator.initialize(build);
                        keyPairGenerator.generateKeyPair();
                        f2.h("RSAKeyPairGeneration:Success");
                    } catch (Exception unused) {
                        f2.h("RSAKeyPairGeneration:Retry");
                        y.x("LocalDataStorageEncryptor", "Generating RSA key pair failed, retry once");
                        KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                        keyPairGenerator2.initialize(build);
                        keyPairGenerator2.generateKeyPair();
                        f2.h("RSAKeyPairGeneration:Retry:Success");
                    }
                    bc.t("RSAKeyPairGeneration:Success:Overall");
                }
                String j2 = this.e.j("AES_ENCRYPTION_KEY");
                if (TextUtils.isEmpty(j2)) {
                    y.u("LocalDataStorageEncryptor", "Generating AES encryption key");
                    d3 = AESCipher.d(AESCipher.KeySize.KEY_SIZE_256_BITS);
                    y.u("LocalDataStorageEncryptor", "Encrypting AES Key");
                    this.e.a("AES_ENCRYPTION_KEY", aq.h(d(1, "RSA/ECB/PKCS1Padding", this.f20825d.getCertificate("IDENTITY_MAP_KEYSTORE_ALIAS").getPublicKey()).doFinal(d3)));
                    f2.h("AESKeyGeneration:Success");
                } else {
                    y.u("LocalDataStorageEncryptor", "AES key generated, decrypting");
                    y.u("LocalDataStorageEncryptor", "Decrypting existed AES Key");
                    d3 = d(2, "RSA/ECB/PKCS1Padding", (PrivateKey) this.f20825d.getKey("IDENTITY_MAP_KEYSTORE_ALIAS", null)).doFinal(aq.e(j2));
                }
                this.f20824b = d3;
                this.c = new AESCipher(d3);
                f2.k(true);
                bc.t("LocalDataStorageEncryptor:Initiation:Success");
            } catch (Exception e) {
                f2.h("CreateFail:" + e.getClass().getSimpleName());
                f2.k(false);
                bc.t("LocalDataStorageEncryptor:Initiation:Failed:" + e.getClass().getSimpleName());
                throw e;
            }
        } finally {
            f2.n();
        }
    }

    public static synchronized d c(Context context) throws Exception {
        d dVar;
        synchronized (d.class) {
            if (f == null) {
                y.u("LocalDataStorageEncryptor", "Generating LocalDataStorageEncryptor instance");
                f = new d(context);
                y.u("LocalDataStorageEncryptor", "Finish generating LocalDataStorageEncryptor instance");
            }
            dVar = f;
        }
        return dVar;
    }

    private static Cipher d(int i, String str, Key key) {
        try {
            Cipher cipher = Cipher.getInstance(str);
            cipher.init(i, key);
            return cipher;
        } catch (Exception e) {
            y.p("LocalDataStorageEncryptor", "Unable to create RSA cipher, this seems to be a system bug.", e);
            throw new IllegalStateException("Unable to create RSA cipher.");
        }
    }

    @Override // com.amazon.identity.auth.device.framework.crypto.b
    public String a(String str) {
        if (str == null) {
            return null;
        }
        "Decrypting data ".concat(str);
        y.j("LocalDataStorageEncryptor");
        if (!str.startsWith("AES-GCM+")) {
            return str;
        }
        try {
            String g2 = aq.g(this.c.n(aq.e(str.substring(8))));
            "Data after decryption is ".concat(String.valueOf(g2));
            y.j("LocalDataStorageEncryptor");
            return g2;
        } catch (BadPaddingException unused) {
            y.o("LocalDataStorageEncryptor", "Bad padding shouldn't happen, just return null.");
            bc.t("LocalDataStorageEncryptor:decryptData:BadPadding");
            return null;
        }
    }

    @Override // com.amazon.identity.auth.device.framework.crypto.b
    public String b(String str) {
        if (str == null) {
            return null;
        }
        "Data to be encrypted ".concat(str);
        y.j("LocalDataStorageEncryptor");
        String h2 = aq.h(this.c.m(aq.d(str)));
        "Data after encryption is ".concat(String.valueOf(h2));
        y.j("LocalDataStorageEncryptor");
        return "AES-GCM+".concat(String.valueOf(h2));
    }
}
