package com.azure.authenticator.encryption;

import android.annotation.SuppressLint;
import android.annotation.TargetApi;
import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.text.TextUtils;
import android.util.Base64;
import com.azure.authenticator.accounts.AadAccount;
import com.azure.authenticator.encryption.IEncryptionManager;
import com.azure.authenticator.storage.Storage;
import com.azure.authenticator.storage.database.AccountStorage;
import com.azure.authenticator.storage.database.AccountWriter;
import com.microsoft.authenticator.core.common.Strings;
import com.microsoft.authenticator.core.logging.BaseLogger;
import com.microsoft.onlineid.sts.Cryptography;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: classes.dex */
public abstract class AbstractEncryptionManager implements IEncryptionManager {
    public static final String ANDROID_KEY_STORE_PROVIDER_NAME = "AndroidKeyStore";
    public static final String MFA_PIN_KEY_AND_CIPHER_ALIAS = "MS_Authenticator_Mfa_Pin";
    protected Context _applicationContext;
    protected Storage _storage;
    protected String _keyAlias = "";
    protected Cipher _cipherIv = null;
    protected String _cipherIvString = "";
    protected boolean _isAuthenticationRequired = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AbstractEncryptionManager(Context context) {
        this._applicationContext = context;
        this._storage = new Storage(context);
    }

    @TargetApi(23)
    private SecretKey createKey(boolean z) {
        try {
            KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER_NAME).load(null);
            KeyGenerator keyGenerator = KeyGenerator.getInstance(Cryptography.AesAlgorithm, ANDROID_KEY_STORE_PROVIDER_NAME);
            keyGenerator.init(new KeyGenParameterSpec.Builder(this._keyAlias, 3).setBlockModes("CBC").setUserAuthenticationRequired(z).setEncryptionPaddings("PKCS7Padding").setRandomizedEncryptionRequired(false).build());
            SecretKey generateKey = keyGenerator.generateKey();
            if (((KeyInfo) SecretKeyFactory.getInstance(Cryptography.AesAlgorithm, ANDROID_KEY_STORE_PROVIDER_NAME).getKeySpec(generateKey, KeyInfo.class)).isInsideSecureHardware()) {
                BaseLogger.i("Secret key hardware backed.");
            } else {
                BaseLogger.i("Secret key software backed.");
            }
            return generateKey;
        } catch (Exception e) {
            BaseLogger.e("Failed to create key.", e);
            return null;
        }
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    public String decrypt(String str) throws IllegalBlockSizeException {
        return decrypt(str, null);
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    public String decrypt(String str, String str2) throws IllegalBlockSizeException {
        if (TextUtils.isEmpty(str)) {
            BaseLogger.i("Data hasn't been encrypted.");
            return "";
        }
        try {
            String str3 = new String(this._cipherIv.doFinal(Base64.decode(str, 2)), Strings.Utf8Charset);
            if (!TextUtils.isEmpty(str2)) {
                if (!str3.equalsIgnoreCase(str2)) {
                    return "";
                }
            }
            return str3;
        } catch (IllegalBlockSizeException e) {
            BaseLogger.e("Decryption failed for IllegalBlockSizeException", e);
            throw e;
        } catch (Exception e2) {
            BaseLogger.e("Failed to decrypt the data with the generated key.", e2);
            return "";
        }
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    public String encrypt(String str) throws IllegalBlockSizeException {
        try {
            return Base64.encodeToString(this._cipherIv.doFinal(str.getBytes(Strings.Utf8Charset)), 2);
        } catch (IllegalBlockSizeException e) {
            BaseLogger.e("Encryption failed for IllegalBlockSizeException", e);
            throw e;
        } catch (Exception e2) {
            BaseLogger.e("Failed to encrypt the data with the generated key.", e2);
            return "";
        }
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    public String encryptData(String str) {
        try {
            if (initCipherForEncryption()) {
                String encrypt = encrypt(str);
                return TextUtils.isEmpty(encrypt) ? encrypt(str) : encrypt;
            }
            if (!initCipherForEncryption()) {
                return "";
            }
            String encrypt2 = encrypt(str);
            return TextUtils.isEmpty(encrypt2) ? encrypt(str) : encrypt2;
        } catch (IllegalBlockSizeException e) {
            BaseLogger.e("Cannot encrypt data.", e);
            return "";
        }
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    public Cipher getCipherIv() {
        return this._cipherIv;
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    public String getKeyAlias() {
        return this._keyAlias;
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    @TargetApi(23)
    public IEncryptionManager.CipherIvInitiationResult initCipherForDecryption() {
        String readCipherIvString = readCipherIvString();
        if (TextUtils.isEmpty(readCipherIvString)) {
            return IEncryptionManager.CipherIvInitiationResult.FAILED;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER_NAME);
            keyStore.load(null);
            SecretKey secretKey = (SecretKey) keyStore.getKey(this._keyAlias, null);
            if (secretKey == null) {
                BaseLogger.e("Failed to initialize cipher for decryption since Android keystore key disappeared.");
                return IEncryptionManager.CipherIvInitiationResult.FAILED;
            }
            this._cipherIv = Cipher.getInstance("AES/CBC/PKCS7Padding");
            this._cipherIv.init(2, secretKey, new IvParameterSpec(Base64.decode(readCipherIvString, 2)));
            return IEncryptionManager.CipherIvInitiationResult.SUCCEEDED;
        } catch (Exception e) {
            BaseLogger.e("Failed to initialize cipher for decryption.", e);
            return ((e instanceof KeyPermanentlyInvalidatedException) && this._isAuthenticationRequired) ? IEncryptionManager.CipherIvInitiationResult.KEY_INVALIDATED : IEncryptionManager.CipherIvInitiationResult.FAILED;
        }
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    @SuppressLint({"TrulyRandom"})
    @TargetApi(23)
    public boolean initCipherForEncryption() {
        try {
            String readCipherIvString = readCipherIvString();
            if (!TextUtils.isEmpty(readCipherIvString) && !TextUtils.isEmpty(this._keyAlias)) {
                KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER_NAME);
                keyStore.load(null);
                SecretKey secretKey = (SecretKey) keyStore.getKey(this._keyAlias, null);
                if (secretKey != null) {
                    this._cipherIv = Cipher.getInstance("AES/CBC/PKCS7Padding");
                    this._cipherIv.init(1, secretKey, new IvParameterSpec(Base64.decode(readCipherIvString, 2)));
                    return true;
                }
                BaseLogger.e("Android keystore key disappeared during cipher initialization for encryption.");
            }
            SecretKey createKey = createKey(this._isAuthenticationRequired);
            if (createKey == null) {
                return false;
            }
            this._cipherIv = Cipher.getInstance("AES/CBC/PKCS7Padding");
            this._cipherIv.init(1, createKey);
            this._cipherIvString = Base64.encodeToString(((IvParameterSpec) this._cipherIv.getParameters().getParameterSpec(IvParameterSpec.class)).getIV(), 2);
            this._storage.writeCipherIv(this._keyAlias, this._cipherIvString);
            return true;
        } catch (Exception e) {
            BaseLogger.e("Failed to initialize cipher for encryption.", e);
            return false;
        }
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    public String readCipherIvString() {
        return this._storage.readCipherIv(this._keyAlias);
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    @TargetApi(23)
    public void removeAllCipherIvsAndDeleteKeys() {
        List<AadAccount> allAadAccounts = new AccountStorage(this._applicationContext).getAllAadAccounts();
        ArrayList<String> arrayList = new ArrayList();
        for (AadAccount aadAccount : allAadAccounts) {
            if (aadAccount.getEncryptionKeyAlias() != null) {
                arrayList.add(aadAccount.getEncryptionKeyAlias());
            }
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER_NAME);
            keyStore.load(null);
            for (String str : arrayList) {
                keyStore.deleteEntry(str);
                this._storage.removeCipherIv(str);
            }
            AccountWriter accountWriter = new AccountWriter(this._applicationContext);
            for (AadAccount aadAccount2 : allAadAccounts) {
                aadAccount2.setEncryptionKeyAlias(null);
                accountWriter.save(aadAccount2);
            }
        } catch (Exception e) {
            BaseLogger.e("Failed to delete key.", e);
        }
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    @TargetApi(23)
    public void removeCipherIvAndDeleteKey() {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER_NAME);
            keyStore.load(null);
            keyStore.deleteEntry(this._keyAlias);
            this._storage.removeCipherIv(this._keyAlias);
        } catch (Exception e) {
            BaseLogger.e("Failed to delete key.", e);
        }
    }
}
