package com.ib.keystore;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.text.TextUtils;
import atws.shared.persistent.Config;
import com.ib.utils.BaseNamedLogger;
import com.ib.utils.StatDataNano;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.Enumeration;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import utils.BaseDeviceInfo;

/* loaded from: classes3.dex */
public abstract class BaseKeyStoreAccessor {
    public static IStoreKeyAlias m_simulateRetrieveKeyFailure;
    public final BaseNamedLogger LOG = createNamedLogger();
    public final boolean m_isHardwareBacked;
    public volatile KeyStore m_keyStore;
    public static final AtomicBoolean m_simulateEncryptError = new AtomicBoolean();
    public static final AtomicBoolean m_simulateDecryptError = new AtomicBoolean();

    public BaseKeyStoreAccessor() {
        KeyStore keyStore;
        boolean z = false;
        try {
            if (BaseDeviceInfo.instance().isDailyOrDevBuild() && Config.INSTANCE.noAndroidKeyStoreSimulation()) {
                logger().warning("MOBILEPLAT-4740: simulating no KeyStore");
                keyStore = KeyStore.getInstance("MOBILEPLAT-4740");
            } else {
                keyStore = KeyStore.getInstance("AndroidKeyStore");
            }
            if (keyStore != null) {
                keyStore.load(null);
                z = isHardwareBackedKeyStore();
                logKeys("Key store init done!");
            } else {
                logger().err(String.format("%s is missing", "AndroidKeyStore"));
            }
            this.m_keyStore = keyStore;
        } catch (Throwable th) {
            logger().err("Key store init failed.", th);
        }
        this.m_isHardwareBacked = z;
    }

    public abstract BaseNamedLogger createNamedLogger();

    public byte[] decryptData(Object obj, byte[] bArr) {
        return decryptData(keyAlias(obj), bArr);
    }

    public byte[] decryptData(String str, byte[] bArr) {
        if (m_simulateDecryptError.get()) {
            throw new KeyStoreException("Simulated Decryption Exception (BZ99573/99580)");
        }
        PrivateKey privateKey = keyEntry(str).getPrivateKey();
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, privateKey);
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        int size = arrayList.size();
        byte[] bArr2 = new byte[size];
        for (int i = 0; i < size; i++) {
            bArr2[i] = ((Byte) arrayList.get(i)).byteValue();
        }
        this.LOG.log("data decrypted", true);
        return bArr2;
    }

    public final synchronized void deleteStoreKey(String str) {
        KeyStore keyStore = this.m_keyStore;
        if (keyStore != null) {
            keyStore.deleteEntry(str);
            logKeys("Key deleted!");
        }
    }

    public byte[] encryptData(Object obj, byte[] bArr) {
        return encryptData(keyAlias(obj), bArr);
    }

    public byte[] encryptData(String str, byte[] bArr) {
        if (m_simulateEncryptError.get()) {
            throw new KeyStoreException("Simulated Encryption exception (BZ99573/99580)");
        }
        PublicKey publicKey = keyEntry(str).getCertificate().getPublicKey();
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(1, publicKey);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(bArr);
        cipherOutputStream.close();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        this.LOG.log("data encrypted", true);
        return byteArray;
    }

    public abstract void err(String str, Throwable th);

    public abstract String formatFixDateEng(Date date);

    public void generateGeneralKeysIfNecessary(Object obj, Context context) {
        String message;
        KeyStore.PrivateKeyEntry privateKeyEntry;
        try {
            privateKeyEntry = keyEntry(obj);
            message = null;
        } catch (Throwable th) {
            message = th.getMessage();
            if (message == null) {
                message = th.toString();
            }
            err(String.format("Failed read key for %s", obj), th);
            privateKeyEntry = null;
        }
        if (privateKeyEntry == null) {
            try {
                generateStoreKey(obj, 0L, true, context);
            } catch (Throwable th2) {
                err(String.format("Failed generate key for %s", obj), th2);
            }
            if (TextUtils.isEmpty(message)) {
                return;
            }
            err(String.format("Due error removed \"%s\" token:", obj) + message, null);
            onFatalError(obj);
        }
    }

    public boolean generateStoreKey(Object obj, long j, boolean z, Context context) {
        return generateStoreKey(obj, keyAlias(obj), j, z, context);
    }

    public final synchronized boolean generateStoreKey(Object obj, String str, long j, boolean z, Context context) {
        KeyStore keyStore = this.m_keyStore;
        boolean z2 = false;
        if (keyStore == null) {
            return false;
        }
        if (j == 0) {
            j = newKeyExpiration(obj);
        }
        try {
            if (keyStore.containsAlias(str)) {
                if (!z) {
                    return true;
                }
                deleteStoreKey(str);
            }
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 15);
            Date date = j > 0 ? new Date(j) : calendar2.getTime();
            Date time = calendar.getTime();
            this.LOG.log(String.format("KeyStoreAccessor.generateStoreKey for \"%s\" start date=\"%s\", end date=\"%s\"", obj, formatFixDateEng(time), formatFixDateEng(date)), true);
            StatDataNano statDataNano = new StatDataNano();
            statDataNano.enter();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 3).setDigests("SHA-256", "SHA-512").setEncryptionPaddings("PKCS1Padding").setCertificateSerialNumber(BigInteger.TEN).setCertificateNotBefore(time).setCertificateNotAfter(date).setKeySize(2048).build());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            statDataNano.exit();
            this.LOG.log("Generated " + str + " " + statDataNano.log(), true);
            if (logSecrets()) {
                this.LOG.log("\n prk=" + generateKeyPair.getPrivate() + "\n puk=" + generateKeyPair.getPublic(), true);
            }
            z2 = true;
        } catch (Exception e) {
            this.LOG.err("Failed to generate key store key!", e);
        }
        return z2;
    }

    public boolean isHardwareBacked() {
        return this.m_isHardwareBacked;
    }

    public final synchronized boolean isHardwareBackedKeyStore() {
        KeyStore keyStore = this.m_keyStore;
        boolean z = false;
        if (keyStore == null) {
            return false;
        }
        Enumeration<String> aliases = keyStore.aliases();
        if (aliases.hasMoreElements()) {
            try {
                PrivateKey privateKey = keyEntry(aliases.nextElement()).getPrivateKey();
                z = ((KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(privateKey, KeyInfo.class)).isInsideSecureHardware();
            } catch (Exception e) {
                err("isHardwareBackedKeyStore error: " + e, e);
            }
        }
        return z;
    }

    public abstract String keyAlias(Object obj);

    public KeyStore.PrivateKeyEntry keyEntry(Object obj) {
        String keyAlias = keyAlias(obj);
        IStoreKeyAlias iStoreKeyAlias = m_simulateRetrieveKeyFailure;
        if (iStoreKeyAlias == null || !TextUtils.equals(keyAlias, iStoreKeyAlias.alias())) {
            return keyEntry(keyAlias);
        }
        throw new KeyStoreException("Simulated KeyEntry Exception (MOBILEPLAT-163, MOBILEPLAT-11612)");
    }

    public final synchronized KeyStore.PrivateKeyEntry keyEntry(String str) {
        KeyStore keyStore = this.m_keyStore;
        if (keyStore == null) {
            return null;
        }
        return (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null);
    }

    public final synchronized void logKeys(String str) {
        try {
            ArrayList arrayList = new ArrayList();
            KeyStore keyStore = this.m_keyStore;
            if (keyStore != null && logSecrets()) {
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    arrayList.add(aliases.nextElement());
                }
            }
            this.LOG.log(str + "\n" + arrayList.toString(), true);
        } catch (Throwable th) {
            throw th;
        }
    }

    public abstract boolean logSecrets();

    public BaseNamedLogger logger() {
        return this.LOG;
    }

    public abstract long newKeyExpiration(Object obj);

    public abstract void onFatalError(Object obj);
}
