package com.vk.core.preference.crypto;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.WorkerThread;
import com.vk.core.preference.crypto.EncryptionManager;
import com.vk.log.L;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Calendar;
import java.util.Date;
import java.util.Locale;
import java.util.UUID;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Lambda;
import kotlin.text.StringsKt__StringsJVMKt;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import ru.mail.pin.KeyStore;

/* compiled from: ProGuard */
@Metadata(bv = {}, d1 = {"\u0000V\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\t\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\u0018\u0000 \u001e2\u00020\u0001:\u0001\u001eBG\u0012\u0006\u0010\u0017\u001a\u00020\u0016\u0012\u0006\u0010\u0019\u001a\u00020\u0018\u0012\u0016\u0010\u0006\u001a\u0012\u0012\b\u0012\u00060\u0003j\u0002`\u0004\u0012\u0004\u0012\u00020\u00050\u0002\u0012\u0006\u0010\u001b\u001a\u00020\u001a\u0012\u000e\b\u0002\u0010\b\u001a\b\u0012\u0004\u0012\u00020\u00050\u0007¢\u0006\u0004\b\u001c\u0010\u001dJ.\u0010\t\u001a\u00020\u00052\u0016\u0010\u0006\u001a\u0012\u0012\b\u0012\u00060\u0003j\u0002`\u0004\u0012\u0004\u0012\u00020\u00050\u00022\f\u0010\b\u001a\b\u0012\u0004\u0012\u00020\u00050\u0007H\u0007J\u001a\u0010\u000f\u001a\u0004\u0018\u00010\u000e2\u0006\u0010\u000b\u001a\u00020\n2\u0006\u0010\r\u001a\u00020\fH\u0016J\u001a\u0010\u0010\u001a\u0004\u0018\u00010\f2\u0006\u0010\u000b\u001a\u00020\n2\u0006\u0010\r\u001a\u00020\u000eH\u0016J\u0010\u0010\u0011\u001a\u00020\u00052\u0006\u0010\u000b\u001a\u00020\nH\u0016J\u0010\u0010\u0015\u001a\u00020\u00142\u0006\u0010\u0013\u001a\u00020\u0012H\u0016¨\u0006\u001f"}, d2 = {"Lcom/vk/core/preference/crypto/AesEncryptionManager;", "Lcom/vk/core/preference/crypto/EncryptionManager;", "Lkotlin/Function1;", "Ljava/lang/Exception;", "Lkotlin/Exception;", "", "exceptionHandler", "Lkotlin/Function0;", "masterKeyCreationCallback", "init", "", "keyAlias", "", "data", "Lcom/vk/core/preference/crypto/EncryptionManager$EncryptedData;", "encrypt", "decrypt", "removeKey", "", "maxTimeMs", "", "waitForInitialize", "Landroid/content/Context;", "context", "Ljava/util/concurrent/Executor;", "initExecutor", "Lcom/vk/core/preference/crypto/KeyStorage;", "keyStorage", "<init>", "(Landroid/content/Context;Ljava/util/concurrent/Executor;Lkotlin/jvm/functions/Function1;Lcom/vk/core/preference/crypto/KeyStorage;Lkotlin/jvm/functions/Function0;)V", "Companion", "pref_release"}, k = 1, mv = {1, 7, 1})
/* loaded from: classes5.dex */
public final class AesEncryptionManager implements EncryptionManager {

    @NotNull
    private final KeyStorage sakbwko;

    @NotNull
    private final ReentrantReadWriteLock sakbwkp;
    private final Context sakbwkq;

    @NotNull
    private final Date sakbwkr;

    @NotNull
    private final Date sakbwks;

    @NotNull
    private CountDownLatch sakbwkt;
    private KeyStore sakbwku;
    private Cipher sakbwkv;

    @NotNull
    private final ReentrantLock sakbwkw;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ProGuard */
    /* loaded from: classes5.dex */
    public static final class sakbwko extends Lambda implements Function0<Unit> {
        public static final sakbwko sakbwko = new sakbwko();

        sakbwko() {
            super(0);
        }

        @Override // kotlin.jvm.functions.Function0
        public final /* bridge */ /* synthetic */ Unit invoke() {
            return Unit.f29904a;
        }
    }

    public AesEncryptionManager(@NotNull Context context, @NotNull Executor initExecutor, @NotNull final Function1<? super Exception, Unit> exceptionHandler, @NotNull KeyStorage keyStorage, @NotNull final Function0<Unit> masterKeyCreationCallback) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(initExecutor, "initExecutor");
        Intrinsics.checkNotNullParameter(exceptionHandler, "exceptionHandler");
        Intrinsics.checkNotNullParameter(keyStorage, "keyStorage");
        Intrinsics.checkNotNullParameter(masterKeyCreationCallback, "masterKeyCreationCallback");
        this.sakbwko = keyStorage;
        this.sakbwkp = new ReentrantReadWriteLock();
        this.sakbwkq = context.getApplicationContext();
        this.sakbwkt = new CountDownLatch(1);
        this.sakbwkw = new ReentrantLock();
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        Intrinsics.checkNotNullExpressionValue(time, "calendar.time");
        this.sakbwkr = time;
        calendar.add(1, 30);
        Date time2 = calendar.getTime();
        Intrinsics.checkNotNullExpressionValue(time2, "calendar.time");
        this.sakbwks = time2;
        initExecutor.execute(new Runnable() { // from class: com.vk.core.preference.crypto.a
            @Override // java.lang.Runnable
            public final void run() {
                AesEncryptionManager.sakbwko(AesEncryptionManager.this, exceptionHandler, masterKeyCreationCallback);
            }
        });
    }

    public /* synthetic */ AesEncryptionManager(Context context, Executor executor, Function1 function1, KeyStorage keyStorage, Function0 function0, int i4, DefaultConstructorMarker defaultConstructorMarker) {
        this(context, executor, function1, keyStorage, (i4 & 16) != 0 ? sakbwko.sakbwko : function0);
    }

    private final void sakbwko() {
        if (this.sakbwkt.getCount() > 0) {
            throw new EncryptionException("Manager is not initialized");
        }
        if (!sakbwkr()) {
            throw new EncryptionException("Cannot perform operations without master key");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final void sakbwko(AesEncryptionManager this$0, Function1 exceptionHandler, Function0 masterKeyCreationCallback) {
        Intrinsics.checkNotNullParameter(this$0, "this$0");
        Intrinsics.checkNotNullParameter(exceptionHandler, "$exceptionHandler");
        Intrinsics.checkNotNullParameter(masterKeyCreationCallback, "$masterKeyCreationCallback");
        this$0.init(exceptionHandler, masterKeyCreationCallback);
    }

    private final byte[] sakbwko(String str) {
        byte[] bArr = this.sakbwko.get(str);
        if (bArr == null) {
            L.i("No key with alias " + str);
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding");
            KeyStore keyStore = this.sakbwku;
            if (keyStore == null) {
                Intrinsics.throwUninitializedPropertyAccessException("keyStore");
                keyStore = null;
            }
            cipher.init(2, keyStore.getKey("ALIAS_MASTER_KEY", null));
            byte[] encodedKey = cipher.doFinal(bArr);
            Intrinsics.checkNotNullExpressionValue(encodedKey, "{\n            val cipher…r.doFinal(data)\n        }");
            Intrinsics.checkNotNullParameter(encodedKey, "encodedKey");
            return encodedKey;
        } catch (Exception e2) {
            throw new EncryptionException("Failed to decrypt with master key", e2);
        }
    }

    private final void sakbwkp() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", KeyStore.AnonymousClass1.ANDROID_KEY_STORE);
            keyPairGenerator.initialize(sakbwkq());
            keyPairGenerator.generateKeyPair();
        } catch (Exception e2) {
            throw new EncryptionException("Failed to generate master key", e2);
        }
    }

    private final AlgorithmParameterSpec sakbwkq() {
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("ALIAS_MASTER_KEY", 3).setKeySize(2048).setEncryptionPaddings("PKCS1Padding").setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4)).setCertificateSubject(new X500Principal("CN=ALIAS_MASTER_KEY")).setCertificateSerialNumber(BigInteger.valueOf(Math.abs(1301899345))).build();
        Intrinsics.checkNotNullExpressionValue(build, "Builder(MASTER_KEY_ALIAS…()))\n            .build()");
        return build;
    }

    private final boolean sakbwkr() {
        try {
            java.security.KeyStore keyStore = this.sakbwku;
            if (keyStore == null) {
                Intrinsics.throwUninitializedPropertyAccessException("keyStore");
                keyStore = null;
            }
            if (keyStore.getKey("ALIAS_MASTER_KEY", null) != null) {
                return true;
            }
        } catch (Exception e2) {
            L.w(e2, "Failed to retrieve master key");
        }
        return false;
    }

    @Override // com.vk.core.preference.crypto.EncryptionManager
    @Nullable
    public byte[] decrypt(@NotNull String keyAlias, @NotNull EncryptionManager.EncryptedData data) {
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        Intrinsics.checkNotNullParameter(data, "data");
        ReentrantReadWriteLock.ReadLock readLock = this.sakbwkp.readLock();
        readLock.lock();
        try {
            sakbwko();
            Unit unit = Unit.f29904a;
            readLock.unlock();
            byte[] sakbwko2 = sakbwko(keyAlias);
            if (sakbwko2 == null) {
                throw new EncryptionException("No key with alias " + keyAlias);
            }
            try {
                ReentrantLock reentrantLock = this.sakbwkw;
                reentrantLock.lock();
                try {
                    SecretKeySpec secretKeySpec = new SecretKeySpec(sakbwko2, "AES");
                    Cipher cipher = this.sakbwkv;
                    Cipher cipher2 = null;
                    if (cipher == null) {
                        Intrinsics.throwUninitializedPropertyAccessException("aesCipher");
                        cipher = null;
                    }
                    cipher.init(2, secretKeySpec, new IvParameterSpec(data.getInitVector()));
                    Cipher cipher3 = this.sakbwkv;
                    if (cipher3 == null) {
                        Intrinsics.throwUninitializedPropertyAccessException("aesCipher");
                    } else {
                        cipher2 = cipher3;
                    }
                    byte[] doFinal = cipher2.doFinal(data.getData());
                    reentrantLock.unlock();
                    Intrinsics.checkNotNullExpressionValue(doFinal, "{\n            cipherLock…)\n            }\n        }");
                    return doFinal;
                } catch (Throwable th) {
                    reentrantLock.unlock();
                    throw th;
                }
            } catch (Exception e2) {
                throw new EncryptionException("Failed to decrypt with aes key", e2);
            }
        } catch (Throwable th2) {
            readLock.unlock();
            throw th2;
        }
    }

    @Override // com.vk.core.preference.crypto.EncryptionManager
    @Nullable
    public EncryptionManager.EncryptedData encrypt(@NotNull String keyAlias, @NotNull byte[] data) {
        String replace$default;
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        Intrinsics.checkNotNullParameter(data, "data");
        ReentrantReadWriteLock.ReadLock readLock = this.sakbwkp.readLock();
        readLock.lock();
        try {
            sakbwko();
            Unit unit = Unit.f29904a;
            readLock.unlock();
            byte[] encodedKey = sakbwko(keyAlias);
            Cipher cipher = null;
            if (encodedKey == null) {
                String uuid = UUID.randomUUID().toString();
                Intrinsics.checkNotNullExpressionValue(uuid, "randomUUID().toString()");
                String lowerCase = uuid.toLowerCase(Locale.ROOT);
                Intrinsics.checkNotNullExpressionValue(lowerCase, "this as java.lang.String).toLowerCase(Locale.ROOT)");
                replace$default = StringsKt__StringsJVMKt.replace$default(lowerCase, "-", "", false, 4, (Object) null);
                char[] charArray = replace$default.toCharArray();
                Intrinsics.checkNotNullExpressionValue(charArray, "this as java.lang.String).toCharArray()");
                UUID randomUUID = UUID.randomUUID();
                Intrinsics.checkNotNullExpressionValue(randomUUID, "randomUUID()");
                try {
                    encodedKey = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(charArray, EncryptionManagerKt.access$toByteArray(randomUUID), 10000, 256)).getEncoded();
                    Intrinsics.checkNotNullExpressionValue(encodedKey, "generatedKey");
                    try {
                        Cipher cipher2 = Cipher.getInstance("RSA/NONE/PKCS1Padding");
                        java.security.KeyStore keyStore = this.sakbwku;
                        if (keyStore == null) {
                            Intrinsics.throwUninitializedPropertyAccessException("keyStore");
                            keyStore = null;
                        }
                        cipher2.init(1, keyStore.getCertificate("ALIAS_MASTER_KEY").getPublicKey());
                        byte[] doFinal = cipher2.doFinal(encodedKey);
                        Intrinsics.checkNotNullExpressionValue(doFinal, "{\n            val cipher…r.doFinal(data)\n        }");
                        this.sakbwko.set(keyAlias, doFinal);
                        Intrinsics.checkNotNullParameter(encodedKey, "encodedKey");
                    } catch (Exception e2) {
                        throw new EncryptionException("Failed to encrypt with master key", e2);
                    }
                } catch (Exception e4) {
                    throw new EncryptionException("Failed to generate key", e4);
                }
            }
            try {
                SecretKeySpec secretKeySpec = new SecretKeySpec(encodedKey, "AES");
                ReentrantLock reentrantLock = this.sakbwkw;
                reentrantLock.lock();
                try {
                    Cipher cipher3 = this.sakbwkv;
                    if (cipher3 == null) {
                        Intrinsics.throwUninitializedPropertyAccessException("aesCipher");
                        cipher3 = null;
                    }
                    cipher3.init(1, secretKeySpec);
                    Cipher cipher4 = this.sakbwkv;
                    if (cipher4 == null) {
                        Intrinsics.throwUninitializedPropertyAccessException("aesCipher");
                        cipher4 = null;
                    }
                    byte[] encrypted = cipher4.doFinal(data);
                    Intrinsics.checkNotNullExpressionValue(encrypted, "encrypted");
                    Cipher cipher5 = this.sakbwkv;
                    if (cipher5 == null) {
                        Intrinsics.throwUninitializedPropertyAccessException("aesCipher");
                    } else {
                        cipher = cipher5;
                    }
                    byte[] iv = cipher.getIV();
                    Intrinsics.checkNotNullExpressionValue(iv, "aesCipher.iv");
                    return new EncryptionManager.EncryptedData(encrypted, iv);
                } finally {
                    reentrantLock.unlock();
                }
            } catch (Exception e5) {
                throw new EncryptionException("Failed to encrypt with raw aes key", e5);
            }
        } catch (Throwable th) {
            readLock.unlock();
            throw th;
        }
    }

    @WorkerThread
    public final void init(@NotNull Function1<? super Exception, Unit> exceptionHandler, @NotNull Function0<Unit> masterKeyCreationCallback) throws EncryptionException {
        CountDownLatch countDownLatch;
        Intrinsics.checkNotNullParameter(exceptionHandler, "exceptionHandler");
        Intrinsics.checkNotNullParameter(masterKeyCreationCallback, "masterKeyCreationCallback");
        ReentrantReadWriteLock reentrantReadWriteLock = this.sakbwkp;
        ReentrantReadWriteLock.ReadLock readLock = reentrantReadWriteLock.readLock();
        int i4 = 0;
        int readHoldCount = reentrantReadWriteLock.getWriteHoldCount() == 0 ? reentrantReadWriteLock.getReadHoldCount() : 0;
        for (int i5 = 0; i5 < readHoldCount; i5++) {
            readLock.unlock();
        }
        ReentrantReadWriteLock.WriteLock writeLock = reentrantReadWriteLock.writeLock();
        writeLock.lock();
        try {
            if (this.sakbwkt.getCount() == 0) {
                return;
            }
            try {
                try {
                    java.security.KeyStore keyStore = java.security.KeyStore.getInstance(KeyStore.AnonymousClass1.ANDROID_KEY_STORE);
                    Intrinsics.checkNotNullExpressionValue(keyStore, "getInstance(\"AndroidKeyStore\")");
                    this.sakbwku = keyStore;
                    if (keyStore == null) {
                        Intrinsics.throwUninitializedPropertyAccessException("keyStore");
                        keyStore = null;
                    }
                    keyStore.load(null);
                    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
                    Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(AES_CIPHER_SUIT)");
                    this.sakbwkv = cipher;
                    if (!sakbwkr()) {
                        sakbwkp();
                        masterKeyCreationCallback.invoke();
                    }
                    countDownLatch = this.sakbwkt;
                } catch (Exception e2) {
                    exceptionHandler.invoke(new EncryptionException("Failed to run init", e2));
                    countDownLatch = this.sakbwkt;
                }
                countDownLatch.countDown();
                Unit unit = Unit.f29904a;
                while (i4 < readHoldCount) {
                    readLock.lock();
                    i4++;
                }
                writeLock.unlock();
            } catch (Throwable th) {
                this.sakbwkt.countDown();
                throw th;
            }
        } finally {
            while (i4 < readHoldCount) {
                readLock.lock();
                i4++;
            }
            writeLock.unlock();
        }
    }

    @Override // com.vk.core.preference.crypto.EncryptionManager
    public void removeKey(@NotNull String keyAlias) {
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        this.sakbwko.set(keyAlias, null);
    }

    @Override // com.vk.core.preference.crypto.EncryptionManager
    public boolean waitForInitialize(long maxTimeMs) {
        return this.sakbwkt.await(maxTimeMs, TimeUnit.MILLISECONDS);
    }
}
