package me.proton.core.crypto.android.keystore;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import ch.qos.logback.core.AsyncAppenderBase;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.ProviderException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import kotlin.Lazy;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.Result;
import kotlin.ResultKt;
import kotlin.Unit;
import kotlin.collections.ArraysKt___ArraysJvmKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt__StringsJVMKt;
import me.proton.core.crypto.common.keystore.EncryptedByteArray;
import me.proton.core.crypto.common.keystore.KeyStoreCrypto;
import me.proton.core.crypto.common.keystore.PlainByteArray;
import me.proton.core.util.kotlin.CoreLogger;

/* compiled from: AndroidKeyStoreCrypto.kt */
/* loaded from: classes3.dex */
public final class AndroidKeyStoreCrypto implements KeyStoreCrypto {
    private static final Lazy default$delegate;
    private final Function0 cipherFactory;
    private final Function0 keyGeneratorFactory;
    private final Function0 keyStoreFactory;
    private final String masterKeyAlias;
    private volatile Key secretKey;
    private volatile boolean secretKeyInitialized;
    public static final Companion Companion = new Companion(null);
    private static final Object lock = new Object();

    /* compiled from: AndroidKeyStoreCrypto.kt */
    /* loaded from: classes3.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final AndroidKeyStoreCrypto getDefault() {
            return (AndroidKeyStoreCrypto) AndroidKeyStoreCrypto.default$delegate.getValue();
        }
    }

    static {
        Lazy lazy;
        lazy = LazyKt__LazyJVMKt.lazy(new Function0() { // from class: me.proton.core.crypto.android.keystore.AndroidKeyStoreCrypto$Companion$default$2
            @Override // kotlin.jvm.functions.Function0
            public final AndroidKeyStoreCrypto invoke() {
                return new AndroidKeyStoreCrypto("_me_proton_core_data_crypto_master_key_", new Function0() { // from class: me.proton.core.crypto.android.keystore.AndroidKeyStoreCrypto$Companion$default$2.1
                    @Override // kotlin.jvm.functions.Function0
                    public final KeyStore invoke() {
                        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                        Intrinsics.checkNotNullExpressionValue(keyStore, "getInstance(...)");
                        return keyStore;
                    }
                }, new Function0() { // from class: me.proton.core.crypto.android.keystore.AndroidKeyStoreCrypto$Companion$default$2.2
                    @Override // kotlin.jvm.functions.Function0
                    public final KeyGenerator invoke() {
                        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                        Intrinsics.checkNotNullExpressionValue(keyGenerator, "getInstance(...)");
                        return keyGenerator;
                    }
                }, new Function0() { // from class: me.proton.core.crypto.android.keystore.AndroidKeyStoreCrypto$Companion$default$2.3
                    @Override // kotlin.jvm.functions.Function0
                    public final Cipher invoke() {
                        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                        Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(...)");
                        return cipher;
                    }
                });
            }
        });
        default$delegate = lazy;
    }

    public AndroidKeyStoreCrypto(String masterKeyAlias, Function0 keyStoreFactory, Function0 keyGeneratorFactory, Function0 cipherFactory) {
        Intrinsics.checkNotNullParameter(masterKeyAlias, "masterKeyAlias");
        Intrinsics.checkNotNullParameter(keyStoreFactory, "keyStoreFactory");
        Intrinsics.checkNotNullParameter(keyGeneratorFactory, "keyGeneratorFactory");
        Intrinsics.checkNotNullParameter(cipherFactory, "cipherFactory");
        this.masterKeyAlias = masterKeyAlias;
        this.keyStoreFactory = keyStoreFactory;
        this.keyGeneratorFactory = keyGeneratorFactory;
        this.cipherFactory = cipherFactory;
    }

    private final String decryptOrRetry(String str, Key key) {
        String decodeToString;
        byte[] decode = Base64.decode(str, 2);
        Intrinsics.checkNotNull(decode);
        PlainByteArray decryptOrRetry = decryptOrRetry(new EncryptedByteArray(decode), key);
        try {
            decodeToString = StringsKt__StringsJVMKt.decodeToString(decryptOrRetry.getArray());
            CloseableKt.closeFinally(decryptOrRetry, null);
            return decodeToString;
        } finally {
        }
    }

    private final PlainByteArray decryptOrRetry(final EncryptedByteArray encryptedByteArray, final Key key) {
        return (PlainByteArray) runOrRetryOnce("core.crypto.common.keystore.decrypt.retry", new Function0() { // from class: me.proton.core.crypto.android.keystore.AndroidKeyStoreCrypto$decryptOrRetry$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final PlainByteArray invoke() {
                return AndroidKeyStoreCrypto.this.decryptSync$crypto_android_release(encryptedByteArray, key);
            }
        });
    }

    private final String encryptOrRetry(String str, Key key) {
        byte[] encodeToByteArray;
        encodeToByteArray = StringsKt__StringsJVMKt.encodeToByteArray(str);
        PlainByteArray plainByteArray = new PlainByteArray(encodeToByteArray);
        try {
            String encodeToString = Base64.encodeToString(encryptOrRetry(plainByteArray, key).getArray(), 2);
            CloseableKt.closeFinally(plainByteArray, null);
            Intrinsics.checkNotNullExpressionValue(encodeToString, "use(...)");
            return encodeToString;
        } finally {
        }
    }

    private final EncryptedByteArray encryptOrRetry(final PlainByteArray plainByteArray, final Key key) {
        return (EncryptedByteArray) runOrRetryOnce("core.crypto.common.keystore.encrypt.retry", new Function0() { // from class: me.proton.core.crypto.android.keystore.AndroidKeyStoreCrypto$encryptOrRetry$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final EncryptedByteArray invoke() {
                return AndroidKeyStoreCrypto.this.encryptSync$crypto_android_release(plainByteArray, key);
            }
        });
    }

    private final Object runOrRetryOnce(String str, Function0 function0) {
        try {
            return function0.invoke();
        } catch (GeneralSecurityException e) {
            return logAndRetry$crypto_android_release(str, e, function0);
        } catch (ProviderException e2) {
            return logAndRetry$crypto_android_release(str, e2, function0);
        }
    }

    private final void sleep() {
        try {
            Thread.sleep((long) (Math.random() * 100.0d));
        } catch (InterruptedException unused) {
        }
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    public String decrypt(String value) {
        String decryptOrRetry;
        Intrinsics.checkNotNullParameter(value, "value");
        Key secretKeySync$crypto_android_release = getSecretKeySync$crypto_android_release();
        return (secretKeySync$crypto_android_release == null || (decryptOrRetry = decryptOrRetry(value, secretKeySync$crypto_android_release)) == null) ? value : decryptOrRetry;
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    public PlainByteArray decrypt(EncryptedByteArray value) {
        PlainByteArray decryptOrRetry;
        Intrinsics.checkNotNullParameter(value, "value");
        Key secretKeySync$crypto_android_release = getSecretKeySync$crypto_android_release();
        if (secretKeySync$crypto_android_release != null && (decryptOrRetry = decryptOrRetry(value, secretKeySync$crypto_android_release)) != null) {
            return decryptOrRetry;
        }
        byte[] array = value.getArray();
        byte[] copyOf = Arrays.copyOf(array, array.length);
        Intrinsics.checkNotNullExpressionValue(copyOf, "copyOf(...)");
        return new PlainByteArray(copyOf);
    }

    public final PlainByteArray decryptSync$crypto_android_release(EncryptedByteArray value, Key key) {
        byte[] copyOfRange;
        PlainByteArray plainByteArray;
        Intrinsics.checkNotNullParameter(value, "value");
        Intrinsics.checkNotNullParameter(key, "key");
        synchronized (lock) {
            Cipher cipher = (Cipher) this.cipherFactory.invoke();
            byte[] copyOf = Arrays.copyOf(value.getArray(), 12);
            Intrinsics.checkNotNullExpressionValue(copyOf, "copyOf(...)");
            copyOfRange = ArraysKt___ArraysJvmKt.copyOfRange(value.getArray(), 12, value.getArray().length);
            cipher.init(2, key, new GCMParameterSpec(128, copyOf));
            byte[] doFinal = cipher.doFinal(copyOfRange);
            Intrinsics.checkNotNullExpressionValue(doFinal, "doFinal(...)");
            plainByteArray = new PlainByteArray(doFinal);
        }
        return plainByteArray;
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    public String encrypt(String value) {
        String encryptOrRetry;
        Intrinsics.checkNotNullParameter(value, "value");
        Key secretKeySync$crypto_android_release = getSecretKeySync$crypto_android_release();
        return (secretKeySync$crypto_android_release == null || (encryptOrRetry = encryptOrRetry(value, secretKeySync$crypto_android_release)) == null) ? value : encryptOrRetry;
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    public EncryptedByteArray encrypt(PlainByteArray value) {
        EncryptedByteArray encryptOrRetry;
        Intrinsics.checkNotNullParameter(value, "value");
        Key secretKeySync$crypto_android_release = getSecretKeySync$crypto_android_release();
        if (secretKeySync$crypto_android_release != null && (encryptOrRetry = encryptOrRetry(value, secretKeySync$crypto_android_release)) != null) {
            return encryptOrRetry;
        }
        byte[] array = value.getArray();
        byte[] copyOf = Arrays.copyOf(array, array.length);
        Intrinsics.checkNotNullExpressionValue(copyOf, "copyOf(...)");
        return new EncryptedByteArray(copyOf);
    }

    public final EncryptedByteArray encryptSync$crypto_android_release(PlainByteArray value, Key key) {
        EncryptedByteArray encryptedByteArray;
        byte[] plus;
        Intrinsics.checkNotNullParameter(value, "value");
        Intrinsics.checkNotNullParameter(key, "key");
        synchronized (lock) {
            Cipher cipher = (Cipher) this.cipherFactory.invoke();
            cipher.init(1, key);
            byte[] doFinal = cipher.doFinal(value.getArray());
            byte[] iv = cipher.getIV();
            Intrinsics.checkNotNullExpressionValue(iv, "getIV(...)");
            Intrinsics.checkNotNull(doFinal);
            plus = ArraysKt___ArraysJvmKt.plus(iv, doFinal);
            encryptedByteArray = new EncryptedByteArray(plus);
        }
        return encryptedByteArray;
    }

    public final Key generateKeyOrRetryOrNull$crypto_android_release(final KeyStore keyStore) {
        Object m3826constructorimpl;
        Intrinsics.checkNotNullParameter(keyStore, "keyStore");
        try {
            Result.Companion companion = Result.Companion;
            m3826constructorimpl = Result.m3826constructorimpl((Key) runOrRetryOnce("core.crypto.common.keystore.init.retry", new Function0() { // from class: me.proton.core.crypto.android.keystore.AndroidKeyStoreCrypto$generateKeyOrRetryOrNull$1$1
                /* JADX INFO: Access modifiers changed from: package-private */
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(0);
                }

                @Override // kotlin.jvm.functions.Function0
                public final Key invoke() {
                    return AndroidKeyStoreCrypto.this.generateNewKey$crypto_android_release(keyStore);
                }
            }));
        } catch (Throwable th) {
            Result.Companion companion2 = Result.Companion;
            m3826constructorimpl = Result.m3826constructorimpl(ResultKt.createFailure(th));
        }
        if (Result.m3831isFailureimpl(m3826constructorimpl)) {
            m3826constructorimpl = null;
        }
        return (Key) m3826constructorimpl;
    }

    public final Key generateNewKey$crypto_android_release(KeyStore keyStore) {
        Intrinsics.checkNotNullParameter(keyStore, "keyStore");
        if (keyStore.containsAlias(this.masterKeyAlias)) {
            keyStore.deleteEntry(this.masterKeyAlias);
            Unit unit = Unit.INSTANCE;
            CoreLogger.INSTANCE.i("core.crypto.common.keystore.init.delete.key", "Deleted '" + this.masterKeyAlias + "' entry from this keystore.");
        }
        KeyGenerator keyGenerator = (KeyGenerator) this.keyGeneratorFactory.invoke();
        keyGenerator.init(new KeyGenParameterSpec.Builder(this.masterKeyAlias, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(AsyncAppenderBase.DEFAULT_QUEUE_SIZE).build());
        SecretKey generateKey = keyGenerator.generateKey();
        CoreLogger.INSTANCE.i("core.crypto.common.keystore.init.add.key", "Added '" + this.masterKeyAlias + "' entry in this keystore.");
        Intrinsics.checkNotNullExpressionValue(generateKey, "run(...)");
        return generateKey;
    }

    public final Key getKey$crypto_android_release(KeyStore keyStore) {
        Intrinsics.checkNotNullParameter(keyStore, "keyStore");
        if (keyStore.containsAlias(this.masterKeyAlias)) {
            return keyStore.getKey(this.masterKeyAlias, null);
        }
        return null;
    }

    public final Key getKeyOrRetryOrNull$crypto_android_release(final KeyStore keyStore) {
        Object m3826constructorimpl;
        Intrinsics.checkNotNullParameter(keyStore, "keyStore");
        try {
            Result.Companion companion = Result.Companion;
            m3826constructorimpl = Result.m3826constructorimpl((Key) runOrRetryOnce("core.crypto.common.keystore.init.retry", new Function0() { // from class: me.proton.core.crypto.android.keystore.AndroidKeyStoreCrypto$getKeyOrRetryOrNull$1$1
                /* JADX INFO: Access modifiers changed from: package-private */
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(0);
                }

                @Override // kotlin.jvm.functions.Function0
                public final Key invoke() {
                    return AndroidKeyStoreCrypto.this.getKey$crypto_android_release(keyStore);
                }
            }));
        } catch (Throwable th) {
            Result.Companion companion2 = Result.Companion;
            m3826constructorimpl = Result.m3826constructorimpl(ResultKt.createFailure(th));
        }
        if (Result.m3831isFailureimpl(m3826constructorimpl)) {
            m3826constructorimpl = null;
        }
        return (Key) m3826constructorimpl;
    }

    public final Key getSecretKeySync$crypto_android_release() {
        Key key;
        synchronized (lock) {
            try {
                if (!this.secretKeyInitialized) {
                    setSecretKeySync$crypto_android_release(initKey$crypto_android_release());
                }
                key = this.secretKey;
            } catch (Throwable th) {
                throw th;
            }
        }
        return key;
    }

    public final Key initKey$crypto_android_release() {
        KeyStore keyStore = (KeyStore) this.keyStoreFactory.invoke();
        keyStore.load(null);
        Key keyOrRetryOrNull$crypto_android_release = getKeyOrRetryOrNull$crypto_android_release(keyStore);
        if (keyOrRetryOrNull$crypto_android_release == null) {
            keyOrRetryOrNull$crypto_android_release = generateKeyOrRetryOrNull$crypto_android_release(keyStore);
        }
        if (keyOrRetryOrNull$crypto_android_release == null || !isUsableKey$crypto_android_release(keyOrRetryOrNull$crypto_android_release)) {
            return null;
        }
        return keyOrRetryOrNull$crypto_android_release;
    }

    public final boolean isUsableKey$crypto_android_release(Key key) {
        Object m3826constructorimpl;
        Intrinsics.checkNotNullParameter(key, "key");
        try {
            Result.Companion companion = Result.Companion;
        } catch (Throwable th) {
            Result.Companion companion2 = Result.Companion;
            m3826constructorimpl = Result.m3826constructorimpl(ResultKt.createFailure(th));
        }
        if (!Intrinsics.areEqual("message", decryptOrRetry(encryptOrRetry("message", key), key))) {
            throw new IllegalStateException("Check failed.".toString());
        }
        m3826constructorimpl = Result.m3826constructorimpl(Boolean.TRUE);
        Throwable m3829exceptionOrNullimpl = Result.m3829exceptionOrNullimpl(m3826constructorimpl);
        if (m3829exceptionOrNullimpl != null) {
            CoreLogger.INSTANCE.e("core.crypto.common.keystore.init", m3829exceptionOrNullimpl);
            m3826constructorimpl = Boolean.FALSE;
        }
        return ((Boolean) m3826constructorimpl).booleanValue();
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    public boolean isUsingKeyStore() {
        return getSecretKeySync$crypto_android_release() != null;
    }

    public final Object logAndRetry$crypto_android_release(String logTag, Throwable error, Function0 block) {
        Intrinsics.checkNotNullParameter(logTag, "logTag");
        Intrinsics.checkNotNullParameter(error, "error");
        Intrinsics.checkNotNullParameter(block, "block");
        CoreLogger.INSTANCE.e(logTag, error);
        sleep();
        return block.invoke();
    }

    public final void setSecretKeySync$crypto_android_release(Key key) {
        synchronized (lock) {
            this.secretKey = key;
            this.secretKeyInitialized = true;
            Unit unit = Unit.INSTANCE;
        }
    }
}
