package me.proton.core.crypto.android.keystore;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.security.Key;
import java.security.KeyStore;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import kotlin.Lazy;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.Result;
import kotlin.ResultKt;
import kotlin.collections.ArraysKt___ArraysJvmKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt__StringsJVMKt;
import me.proton.core.crypto.common.keystore.EncryptedByteArray;
import me.proton.core.crypto.common.keystore.KeyStoreCrypto;
import me.proton.core.crypto.common.keystore.LogTag;
import me.proton.core.crypto.common.keystore.PlainByteArray;
import me.proton.core.util.kotlin.CoreLogger;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: AndroidKeyStoreCrypto.kt */
/* loaded from: classes4.dex */
public final class AndroidKeyStoreCrypto implements KeyStoreCrypto {

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private static final String DEFAULT_MASTER_KEY_ALIAS = "_me_proton_core_data_crypto_master_key_";

    @NotNull
    private static final Lazy<AndroidKeyStoreCrypto> default$delegate;

    @NotNull
    private final String androidKeyStore;
    private final int cipherGCMTagBits;
    private final int cipherIvBytes;

    @NotNull
    private final String cipherTransformation;
    private final int keySize;

    @NotNull
    private final Lazy secretKey$delegate;

    /* compiled from: AndroidKeyStoreCrypto.kt */
    /* loaded from: classes4.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        @NotNull
        public final AndroidKeyStoreCrypto getDefault() {
            return (AndroidKeyStoreCrypto) AndroidKeyStoreCrypto.default$delegate.getValue();
        }
    }

    static {
        Lazy<AndroidKeyStoreCrypto> lazy;
        lazy = LazyKt__LazyJVMKt.lazy(new Function0<AndroidKeyStoreCrypto>() { // from class: me.proton.core.crypto.android.keystore.AndroidKeyStoreCrypto$Companion$default$2
            /* JADX WARN: Multi-variable type inference failed */
            @Override // kotlin.jvm.functions.Function0
            @NotNull
            public final AndroidKeyStoreCrypto invoke() {
                return new AndroidKeyStoreCrypto(null, 1, 0 == true ? 1 : 0);
            }
        });
        default$delegate = lazy;
    }

    private AndroidKeyStoreCrypto(final String str) {
        Lazy lazy;
        this.androidKeyStore = "AndroidKeyStore";
        this.cipherTransformation = "AES/GCM/NoPadding";
        this.cipherIvBytes = 12;
        this.cipherGCMTagBits = 128;
        this.keySize = 256;
        lazy = LazyKt__LazyJVMKt.lazy(new Function0<Key>() { // from class: me.proton.core.crypto.android.keystore.AndroidKeyStoreCrypto$secretKey$2
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            @Nullable
            public final Key invoke() {
                String str2;
                String str3;
                int i;
                Key keyStoreKey;
                Object m389constructorimpl;
                String encrypt;
                String decrypt;
                str2 = AndroidKeyStoreCrypto.this.androidKeyStore;
                KeyStore keyStore = KeyStore.getInstance(str2);
                Object obj = null;
                keyStore.load(null);
                if (keyStore.containsAlias(str)) {
                    keyStoreKey = keyStore.getKey(str, null);
                } else {
                    str3 = AndroidKeyStoreCrypto.this.androidKeyStore;
                    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", str3);
                    String str4 = str;
                    AndroidKeyStoreCrypto androidKeyStoreCrypto = AndroidKeyStoreCrypto.this;
                    KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder(str4, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding");
                    i = androidKeyStoreCrypto.keySize;
                    keyGenerator.init(encryptionPaddings.setKeySize(i).build());
                    keyStoreKey = keyGenerator.generateKey();
                }
                AndroidKeyStoreCrypto androidKeyStoreCrypto2 = AndroidKeyStoreCrypto.this;
                try {
                    Result.Companion companion = Result.Companion;
                    Intrinsics.checkNotNullExpressionValue(keyStoreKey, "keyStoreKey");
                    encrypt = androidKeyStoreCrypto2.encrypt("message", keyStoreKey);
                    decrypt = androidKeyStoreCrypto2.decrypt(encrypt, keyStoreKey);
                } catch (Throwable th) {
                    Result.Companion companion2 = Result.Companion;
                    m389constructorimpl = Result.m389constructorimpl(ResultKt.createFailure(th));
                }
                if (!Intrinsics.areEqual("message", decrypt)) {
                    throw new IllegalStateException("Check failed.".toString());
                }
                m389constructorimpl = Result.m389constructorimpl(keyStoreKey);
                Throwable m392exceptionOrNullimpl = Result.m392exceptionOrNullimpl(m389constructorimpl);
                if (m392exceptionOrNullimpl == null) {
                    obj = m389constructorimpl;
                } else {
                    CoreLogger.INSTANCE.e(LogTag.KEYSTORE_INIT, m392exceptionOrNullimpl);
                }
                return (Key) obj;
            }
        });
        this.secretKey$delegate = lazy;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public /* synthetic */ AndroidKeyStoreCrypto(String str, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this((i & 1) != 0 ? DEFAULT_MASTER_KEY_ALIAS : str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final String decrypt(String str, Key key) {
        String decodeToString;
        byte[] encryptedByteArray = Base64.decode(str, 2);
        Intrinsics.checkNotNullExpressionValue(encryptedByteArray, "encryptedByteArray");
        PlainByteArray decrypt = decrypt(new EncryptedByteArray(encryptedByteArray), key);
        try {
            decodeToString = StringsKt__StringsJVMKt.decodeToString(decrypt.getArray());
            CloseableKt.closeFinally(decrypt, null);
            return decodeToString;
        } finally {
        }
    }

    private final PlainByteArray decrypt(EncryptedByteArray encryptedByteArray, Key key) {
        byte[] copyOfRange;
        Cipher cipher = Cipher.getInstance(this.cipherTransformation);
        byte[] copyOf = Arrays.copyOf(encryptedByteArray.getArray(), this.cipherIvBytes);
        Intrinsics.checkNotNullExpressionValue(copyOf, "copyOf(this, newSize)");
        copyOfRange = ArraysKt___ArraysJvmKt.copyOfRange(encryptedByteArray.getArray(), this.cipherIvBytes, encryptedByteArray.getArray().length);
        cipher.init(2, key, new GCMParameterSpec(this.cipherGCMTagBits, copyOf));
        byte[] doFinal = cipher.doFinal(copyOfRange);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(cipherByteArray)");
        return new PlainByteArray(doFinal);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final String encrypt(String str, Key key) {
        byte[] encodeToByteArray;
        encodeToByteArray = StringsKt__StringsJVMKt.encodeToByteArray(str);
        PlainByteArray plainByteArray = new PlainByteArray(encodeToByteArray);
        try {
            String encodeToString = Base64.encodeToString(encrypt(plainByteArray, key).getArray(), 2);
            CloseableKt.closeFinally(plainByteArray, null);
            Intrinsics.checkNotNullExpressionValue(encodeToString, "value.encodeToByteArray(…Base64.NO_WRAP)\n        }");
            return encodeToString;
        } finally {
        }
    }

    private final EncryptedByteArray encrypt(PlainByteArray plainByteArray, Key key) {
        byte[] plus;
        Cipher cipher = Cipher.getInstance(this.cipherTransformation);
        cipher.init(1, key);
        byte[] cipherByteArray = cipher.doFinal(plainByteArray.getArray());
        byte[] iv = cipher.getIV();
        Intrinsics.checkNotNullExpressionValue(iv, "cipher.iv");
        Intrinsics.checkNotNullExpressionValue(cipherByteArray, "cipherByteArray");
        plus = ArraysKt___ArraysJvmKt.plus(iv, cipherByteArray);
        return new EncryptedByteArray(plus);
    }

    private final Key getSecretKey() {
        return (Key) this.secretKey$delegate.getValue();
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    @NotNull
    public String decrypt(@NotNull String value) {
        String decrypt;
        Intrinsics.checkNotNullParameter(value, "value");
        Key secretKey = getSecretKey();
        return (secretKey == null || (decrypt = decrypt(value, secretKey)) == null) ? value : decrypt;
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    @NotNull
    public PlainByteArray decrypt(@NotNull EncryptedByteArray value) {
        Intrinsics.checkNotNullParameter(value, "value");
        Key secretKey = getSecretKey();
        PlainByteArray decrypt = secretKey == null ? null : decrypt(value, secretKey);
        if (decrypt != null) {
            return decrypt;
        }
        byte[] array = value.getArray();
        byte[] copyOf = Arrays.copyOf(array, array.length);
        Intrinsics.checkNotNullExpressionValue(copyOf, "copyOf(this, size)");
        return new PlainByteArray(copyOf);
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    @NotNull
    public String encrypt(@NotNull String value) {
        String encrypt;
        Intrinsics.checkNotNullParameter(value, "value");
        Key secretKey = getSecretKey();
        return (secretKey == null || (encrypt = encrypt(value, secretKey)) == null) ? value : encrypt;
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    @NotNull
    public EncryptedByteArray encrypt(@NotNull PlainByteArray value) {
        Intrinsics.checkNotNullParameter(value, "value");
        Key secretKey = getSecretKey();
        EncryptedByteArray encrypt = secretKey == null ? null : encrypt(value, secretKey);
        if (encrypt != null) {
            return encrypt;
        }
        byte[] array = value.getArray();
        byte[] copyOf = Arrays.copyOf(array, array.length);
        Intrinsics.checkNotNullExpressionValue(copyOf, "copyOf(this, size)");
        return new EncryptedByteArray(copyOf);
    }

    @Override // me.proton.core.crypto.common.keystore.KeyStoreCrypto
    public boolean isUsingKeyStore() {
        return getSecretKey() != null;
    }
}
