package com.oblador.keychain.cipherStorage;

import android.content.Context;
import android.os.Build;
import android.security.KeyStoreException;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Log;
import com.oblador.keychain.SecurityLevel;
import com.oblador.keychain.cipherStorage.CipherStorageBase;
import com.oblador.keychain.exceptions.CryptoFailedException;
import com.oblador.keychain.exceptions.KeyStoreAccessException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.AEADBadTagException;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.NoSuchPaddingException;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.io.ByteStreamsKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;

/* compiled from: CipherStorageBase.kt */
@Metadata(d1 = {"\u0000\u0086\u0001\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u000e\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0010\"\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000b\n\u0002\b\u0003\n\u0002\u0010\u0012\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u000b\b&\u0018\u0000 F2\u00020\u0001:\u0004FGHIB\u000f\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0004\b\u0004\u0010\u0005J\b\u0010\u0014\u001a\u00020\u0015H\u0016J\b\u0010\u0016\u001a\u00020\u0017H\u0016J\b\u0010\u0018\u001a\u00020\tH\u0016J\u0010\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\tH\u0016J\u000e\u0010\u001c\u001a\b\u0012\u0004\u0012\u00020\t0\u001dH\u0016J\u0010\u0010\u001e\u001a\u00020\u001f2\u0006\u0010\u001b\u001a\u00020\tH$J\u0010\u0010 \u001a\u00020!2\u0006\u0010\"\u001a\u00020#H$J\u0010\u0010$\u001a\u00020#2\u0006\u0010%\u001a\u00020&H$J\b\u0010'\u001a\u00020\tH$J\b\u0010(\u001a\u00020\tH$J\u0006\u0010)\u001a\u00020*J\u0010\u0010+\u001a\u00020\u001a2\u0006\u0010,\u001a\u00020\u0015H\u0004J \u0010-\u001a\u00020#2\u0006\u0010.\u001a\u00020\t2\u0006\u0010,\u001a\u00020\u00152\u0006\u0010/\u001a\u000200H\u0004J\"\u00101\u001a\u0004\u0018\u00010#2\u0006\u00102\u001a\u00020\u000f2\u0006\u0010.\u001a\u00020\t2\u0006\u00103\u001a\u000200H\u0004J\u0018\u00104\u001a\u0002052\u0006\u0010,\u001a\u00020\u00152\u0006\u0010\"\u001a\u00020#H\u0004J\u0010\u00106\u001a\u00020\u00152\u0006\u0010\"\u001a\u00020#H\u0004J\u0006\u00107\u001a\u00020\u000fJ\u0018\u00108\u001a\u0002092\u0006\u0010\"\u001a\u00020#2\u0006\u0010:\u001a\u00020\tH\u0016J\u0018\u0010;\u001a\u00020\t2\u0006\u0010\"\u001a\u00020#2\u0006\u0010<\u001a\u000209H\u0016J\"\u00108\u001a\u0002092\u0006\u0010\"\u001a\u00020#2\u0006\u0010:\u001a\u00020\t2\b\u0010=\u001a\u0004\u0018\u00010>H\u0004J\"\u0010;\u001a\u00020\t2\u0006\u0010\"\u001a\u00020#2\u0006\u0010<\u001a\u0002092\b\u0010=\u001a\u0004\u0018\u00010?H\u0015J\u0016\u0010@\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\t2\u0006\u0010A\u001a\u00020\u0015J\u0018\u0010B\u001a\u0002052\u0006\u0010\"\u001a\u00020#2\u0006\u0010C\u001a\u00020\tH\u0004J\u0010\u0010D\u001a\u00020#2\u0006\u0010\u001b\u001a\u00020\tH\u0004J\u0010\u0010E\u001a\u00020#2\u0006\u0010\u001b\u001a\u00020\tH\u0004R\u0014\u0010\u0002\u001a\u00020\u0003X\u0084\u0004¢\u0006\b\n\u0000\u001a\u0004\b\u0006\u0010\u0007R\u001e\u0010\b\u001a\n \n*\u0004\u0018\u00010\t0\tX\u0084\u0004¢\u0006\n\n\u0002\u0010\r\u001a\u0004\b\u000b\u0010\fR\u001c\u0010\u000e\u001a\u0004\u0018\u00010\u000fX\u0084\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u0010\u0010\u0011\"\u0004\b\u0012\u0010\u0013¨\u0006J"}, d2 = {"Lcom/oblador/keychain/cipherStorage/CipherStorageBase;", "Lcom/oblador/keychain/cipherStorage/CipherStorage;", "applicationContext", "Landroid/content/Context;", "<init>", "(Landroid/content/Context;)V", "getApplicationContext", "()Landroid/content/Context;", "LOG_TAG", "", "kotlin.jvm.PlatformType", "getLOG_TAG", "()Ljava/lang/String;", "Ljava/lang/String;", "cachedKeyStore", "Ljava/security/KeyStore;", "getCachedKeyStore", "()Ljava/security/KeyStore;", "setCachedKeyStore", "(Ljava/security/KeyStore;)V", "securityLevel", "Lcom/oblador/keychain/SecurityLevel;", "getCapabilityLevel", "", "getDefaultAliasServiceName", "removeKey", "", "alias", "getAllKeys", "", "getKeyGenSpecBuilder", "Landroid/security/keystore/KeyGenParameterSpec$Builder;", "getKeyInfo", "Landroid/security/keystore/KeyInfo;", "key", "Ljava/security/Key;", "generateKey", "spec", "Landroid/security/keystore/KeyGenParameterSpec;", "getEncryptionAlgorithm", "getEncryptionTransformation", "getCachedInstance", "Ljavax/crypto/Cipher;", "throwIfInsufficientLevel", "level", "extractGeneratedKey", "safeAlias", "retries", "Ljava/util/concurrent/atomic/AtomicInteger;", "extractKey", "keyStore", "retry", "validateKeySecurityLevel", "", "getSecurityLevel", "getKeyStoreAndLoad", "encryptString", "", "value", "decryptBytes", "bytes", "handler", "Lcom/oblador/keychain/cipherStorage/CipherStorageBase$EncryptStringHandler;", "Lcom/oblador/keychain/cipherStorage/CipherStorageBase$DecryptBytesHandler;", "generateKeyAndStoreUnderAlias", "requiredLevel", "isKeyAlgorithmSupported", "expectedAlgorithm", "tryGenerateRegularSecurityKey", "tryGenerateStrongBoxSecurityKey", "Companion", "Defaults", "EncryptStringHandler", "DecryptBytesHandler", "react-native-keychain_release"}, k = 1, mv = {2, 0, 0}, xi = 48)
/* loaded from: classes2.dex */
public abstract class CipherStorageBase implements CipherStorage {
    private static final int BUFFER_READ_WRITE_SIZE = 16384;
    private static final int BUFFER_SIZE = 4096;

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);
    public static final String KEYSTORE_TYPE = "AndroidKeyStore";
    private static final Charset UTF8;
    private final String LOG_TAG;
    private final Context applicationContext;
    private transient KeyStore cachedKeyStore;

    /* compiled from: CipherStorageBase.kt */
    @Metadata(d1 = {"\u00004\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0003\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\b\u0086\u0003\u0018\u00002\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003J\u0018\u0010\r\u001a\u00020\u00052\b\u0010\u000e\u001a\u0004\u0018\u00010\u00052\u0006\u0010\u000f\u001a\u00020\u0005J\u0016\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u0015R\u000e\u0010\u0004\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0007X\u0082T¢\u0006\u0002\n\u0000R\u0011\u0010\t\u001a\u00020\n¢\u0006\b\n\u0000\u001a\u0004\b\u000b\u0010\f¨\u0006\u0016"}, d2 = {"Lcom/oblador/keychain/cipherStorage/CipherStorageBase$Companion;", "", "<init>", "()V", "KEYSTORE_TYPE", "", "BUFFER_SIZE", "", "BUFFER_READ_WRITE_SIZE", "UTF8", "Ljava/nio/charset/Charset;", "getUTF8", "()Ljava/nio/charset/Charset;", "getDefaultAliasIfEmpty", "service", "fallback", "copy", "", "input", "Ljava/io/InputStream;", "output", "Ljava/io/OutputStream;", "react-native-keychain_release"}, k = 1, mv = {2, 0, 0}, xi = 48)
    /* loaded from: classes2.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final void copy(InputStream input, OutputStream output) throws IOException {
            Intrinsics.checkNotNullParameter(input, "input");
            Intrinsics.checkNotNullParameter(output, "output");
            byte[] bArr = new byte[16384];
            while (true) {
                int read = input.read(bArr);
                if (read <= 0) {
                    return;
                } else {
                    output.write(bArr, 0, read);
                }
            }
        }

        public final String getDefaultAliasIfEmpty(String service, String fallback) {
            Intrinsics.checkNotNullParameter(fallback, "fallback");
            String str = service;
            return (str == null || str.length() == 0) ? fallback : service;
        }

        public final Charset getUTF8() {
            return CipherStorageBase.UTF8;
        }
    }

    /* compiled from: CipherStorageBase.kt */
    @Metadata(d1 = {"\u0000\"\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\bæ\u0080\u0001\u0018\u00002\u00020\u0001J \u0010\u0002\u001a\u00020\u00032\u0006\u0010\u0004\u001a\u00020\u00052\u0006\u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\tH&¨\u0006\n"}, d2 = {"Lcom/oblador/keychain/cipherStorage/CipherStorageBase$DecryptBytesHandler;", "", "initialize", "", "cipher", "Ljavax/crypto/Cipher;", "key", "Ljava/security/Key;", "input", "Ljava/io/InputStream;", "react-native-keychain_release"}, k = 1, mv = {2, 0, 0}, xi = 48)
    /* loaded from: classes2.dex */
    public interface DecryptBytesHandler {
        void initialize(Cipher cipher, Key key, InputStream input) throws GeneralSecurityException, IOException;
    }

    /* compiled from: CipherStorageBase.kt */
    @Metadata(d1 = {"\u0000\u001c\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\bÆ\u0002\u0018\u00002\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003R\u0011\u0010\u0004\u001a\u00020\u0005¢\u0006\b\n\u0000\u001a\u0004\b\u0006\u0010\u0007R\u0011\u0010\b\u001a\u00020\t¢\u0006\b\n\u0000\u001a\u0004\b\n\u0010\u000b¨\u0006\f"}, d2 = {"Lcom/oblador/keychain/cipherStorage/CipherStorageBase$Defaults;", "", "<init>", "()V", "encrypt", "Lcom/oblador/keychain/cipherStorage/CipherStorageBase$EncryptStringHandler;", "getEncrypt", "()Lcom/oblador/keychain/cipherStorage/CipherStorageBase$EncryptStringHandler;", "decrypt", "Lcom/oblador/keychain/cipherStorage/CipherStorageBase$DecryptBytesHandler;", "getDecrypt", "()Lcom/oblador/keychain/cipherStorage/CipherStorageBase$DecryptBytesHandler;", "react-native-keychain_release"}, k = 1, mv = {2, 0, 0}, xi = 48)
    /* loaded from: classes2.dex */
    public static final class Defaults {
        public static final Defaults INSTANCE = new Defaults();
        private static final EncryptStringHandler encrypt = new EncryptStringHandler() { // from class: com.oblador.keychain.cipherStorage.CipherStorageBase$Defaults$$ExternalSyntheticLambda0
            @Override // com.oblador.keychain.cipherStorage.CipherStorageBase.EncryptStringHandler
            public final void initialize(Cipher cipher, Key key, OutputStream outputStream) {
                CipherStorageBase.Defaults.encrypt$lambda$0(cipher, key, outputStream);
            }
        };
        private static final DecryptBytesHandler decrypt = new DecryptBytesHandler() { // from class: com.oblador.keychain.cipherStorage.CipherStorageBase$Defaults$$ExternalSyntheticLambda1
            @Override // com.oblador.keychain.cipherStorage.CipherStorageBase.DecryptBytesHandler
            public final void initialize(Cipher cipher, Key key, InputStream inputStream) {
                CipherStorageBase.Defaults.decrypt$lambda$1(cipher, key, inputStream);
            }
        };

        private Defaults() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static final void decrypt$lambda$1(Cipher cipher, Key key, InputStream inputStream) {
            Intrinsics.checkNotNullParameter(cipher, "cipher");
            Intrinsics.checkNotNullParameter(key, "key");
            Intrinsics.checkNotNullParameter(inputStream, "<unused var>");
            cipher.init(2, key);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static final void encrypt$lambda$0(Cipher cipher, Key key, OutputStream outputStream) {
            Intrinsics.checkNotNullParameter(cipher, "cipher");
            Intrinsics.checkNotNullParameter(key, "key");
            Intrinsics.checkNotNullParameter(outputStream, "<unused var>");
            cipher.init(1, key);
        }

        public final DecryptBytesHandler getDecrypt() {
            return decrypt;
        }

        public final EncryptStringHandler getEncrypt() {
            return encrypt;
        }
    }

    /* compiled from: CipherStorageBase.kt */
    @Metadata(d1 = {"\u0000\"\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\bæ\u0080\u0001\u0018\u00002\u00020\u0001J \u0010\u0002\u001a\u00020\u00032\u0006\u0010\u0004\u001a\u00020\u00052\u0006\u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\tH&¨\u0006\n"}, d2 = {"Lcom/oblador/keychain/cipherStorage/CipherStorageBase$EncryptStringHandler;", "", "initialize", "", "cipher", "Ljavax/crypto/Cipher;", "key", "Ljava/security/Key;", "output", "Ljava/io/OutputStream;", "react-native-keychain_release"}, k = 1, mv = {2, 0, 0}, xi = 48)
    /* loaded from: classes2.dex */
    public interface EncryptStringHandler {
        void initialize(Cipher cipher, Key key, OutputStream output) throws GeneralSecurityException, IOException;
    }

    static {
        Charset forName = Charset.forName(com.bumptech.glide.load.Key.STRING_CHARSET_NAME);
        Intrinsics.checkNotNullExpressionValue(forName, "forName(...)");
        UTF8 = forName;
    }

    public CipherStorageBase(Context applicationContext) {
        Intrinsics.checkNotNullParameter(applicationContext, "applicationContext");
        this.applicationContext = applicationContext;
        this.LOG_TAG = "CipherStorageBase";
    }

    public String decryptBytes(Key key, byte[] bytes) throws IOException, GeneralSecurityException {
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(bytes, "bytes");
        return decryptBytes(key, bytes, Defaults.INSTANCE.getDecrypt());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String decryptBytes(Key key, byte[] bytes, DecryptBytesHandler handler) throws GeneralSecurityException, IOException, CryptoFailedException {
        Throwable cause;
        String message;
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(bytes, "bytes");
        Cipher cachedInstance = getCachedInstance();
        try {
            ByteArrayOutputStream byteArrayInputStream = new ByteArrayInputStream(bytes);
            try {
                ByteArrayInputStream byteArrayInputStream2 = byteArrayInputStream;
                byteArrayInputStream = new ByteArrayOutputStream();
                try {
                    ByteArrayOutputStream byteArrayOutputStream = byteArrayInputStream;
                    if (handler != null) {
                        handler.initialize(cachedInstance, key, byteArrayInputStream2);
                    }
                    try {
                        byteArrayOutputStream.write(cachedInstance.doFinal(ByteStreamsKt.readBytes(byteArrayInputStream2)));
                        byte[] byteArray = byteArrayOutputStream.toByteArray();
                        Intrinsics.checkNotNullExpressionValue(byteArray, "toByteArray(...)");
                        String str = new String(byteArray, UTF8);
                        CloseableKt.closeFinally(byteArrayInputStream, null);
                        CloseableKt.closeFinally(byteArrayInputStream, null);
                        return str;
                    } catch (Exception e) {
                        if (e instanceof UserNotAuthenticatedException) {
                            throw e;
                        }
                        if ((e.getCause() instanceof KeyStoreException) && (cause = e.getCause()) != null && (message = cause.getMessage()) != null && StringsKt.contains$default((CharSequence) message, (CharSequence) "Key user not authenticated", false, 2, (Object) null)) {
                            throw new UserNotAuthenticatedException();
                        }
                        if (e instanceof AEADBadTagException) {
                            throw new CryptoFailedException("Decryption failed: Authentication tag verification failed. This usually indicates that the encrypted data was modified, corrupted, or is being decrypted with the wrong key.", e);
                        }
                        throw e;
                    }
                } finally {
                }
            } finally {
            }
        } catch (Throwable th) {
            Log.w(this.LOG_TAG, th.getMessage(), th);
            throw th;
        }
    }

    public byte[] encryptString(Key key, String value) throws IOException, GeneralSecurityException {
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(value, "value");
        return encryptString(key, value, Defaults.INSTANCE.getEncrypt());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final byte[] encryptString(Key key, String value, EncryptStringHandler handler) throws IOException, GeneralSecurityException {
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(value, "value");
        Cipher cachedInstance = getCachedInstance();
        try {
            CipherOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                ByteArrayOutputStream byteArrayOutputStream2 = byteArrayOutputStream;
                if (handler != null) {
                    handler.initialize(cachedInstance, key, byteArrayOutputStream2);
                    byteArrayOutputStream2.flush();
                }
                byteArrayOutputStream = new CipherOutputStream(byteArrayOutputStream2, cachedInstance);
                try {
                    byte[] bytes = value.getBytes(UTF8);
                    Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
                    byteArrayOutputStream.write(bytes);
                    Unit unit = Unit.INSTANCE;
                    CloseableKt.closeFinally(byteArrayOutputStream, null);
                    byte[] byteArray = byteArrayOutputStream2.toByteArray();
                    Intrinsics.checkNotNullExpressionValue(byteArray, "toByteArray(...)");
                    CloseableKt.closeFinally(byteArrayOutputStream, null);
                    return byteArray;
                } finally {
                }
            } finally {
            }
        } catch (Throwable th) {
            Log.e(this.LOG_TAG, th.getMessage(), th);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final Key extractGeneratedKey(String safeAlias, SecurityLevel level, AtomicInteger retries) throws GeneralSecurityException {
        Key key;
        Intrinsics.checkNotNullParameter(safeAlias, "safeAlias");
        Intrinsics.checkNotNullParameter(level, "level");
        Intrinsics.checkNotNullParameter(retries, "retries");
        do {
            KeyStore keyStoreAndLoad = getKeyStoreAndLoad();
            if (keyStoreAndLoad.containsAlias(safeAlias)) {
                key = null;
                Key key2 = keyStoreAndLoad.getKey(safeAlias, null);
                if (key2 != null && !isKeyAlgorithmSupported(key2, getEncryptionAlgorithm())) {
                    Log.w(this.LOG_TAG, "Incompatible key found for alias: " + safeAlias + ". Expected cipher: " + getEncryptionTransformation() + ". This can happen if you try to overwrite credentials that were previously saved with a different encryption algorithm.");
                    keyStoreAndLoad.deleteEntry(safeAlias);
                    generateKeyAndStoreUnderAlias(safeAlias, level);
                }
            } else {
                generateKeyAndStoreUnderAlias(safeAlias, level);
            }
            key = extractKey(keyStoreAndLoad, safeAlias, retries);
        } while (key == null);
        return key;
    }

    protected final Key extractKey(KeyStore keyStore, String safeAlias, AtomicInteger retry) throws GeneralSecurityException {
        Intrinsics.checkNotNullParameter(keyStore, "keyStore");
        Intrinsics.checkNotNullParameter(safeAlias, "safeAlias");
        Intrinsics.checkNotNullParameter(retry, "retry");
        try {
            Key key = keyStore.getKey(safeAlias, null);
            if (key != null) {
                return key;
            }
            throw new KeyStoreAccessException("Empty key extracted!");
        } catch (UnrecoverableKeyException e) {
            if (retry.getAndDecrement() <= 0) {
                throw e;
            }
            keyStore.deleteEntry(safeAlias);
            return null;
        }
    }

    protected abstract Key generateKey(KeyGenParameterSpec spec) throws GeneralSecurityException;

    /* JADX WARN: Removed duplicated region for block: B:10:0x003f  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x003e A[RETURN] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void generateKeyAndStoreUnderAlias(java.lang.String r5, com.oblador.keychain.SecurityLevel r6) throws java.security.GeneralSecurityException {
        /*
            r4 = this;
            java.lang.String r0 = "StrongBox security storage is not available."
            java.lang.String r1 = "alias"
            kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r5, r1)
            java.lang.String r1 = "requiredLevel"
            kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r6, r1)
            com.oblador.keychain.DeviceAvailability r1 = com.oblador.keychain.DeviceAvailability.INSTANCE
            android.content.Context r2 = r4.applicationContext
            boolean r1 = r1.isStrongboxAvailable(r2)
            if (r1 == 0) goto L2c
            java.security.Key r0 = r4.tryGenerateStrongBoxSecurityKey(r5)     // Catch: java.security.ProviderException -> L1b java.security.GeneralSecurityException -> L24
            goto L2d
        L1b:
            r2 = move-exception
            java.lang.String r3 = r4.LOG_TAG
            java.lang.Throwable r2 = (java.lang.Throwable) r2
            android.util.Log.w(r3, r0, r2)
            goto L2c
        L24:
            r2 = move-exception
            java.lang.String r3 = r4.LOG_TAG
            java.lang.Throwable r2 = (java.lang.Throwable) r2
            android.util.Log.w(r3, r0, r2)
        L2c:
            r0 = 0
        L2d:
            if (r0 == 0) goto L31
            if (r1 != 0) goto L35
        L31:
            java.security.Key r0 = r4.tryGenerateRegularSecurityKey(r5)     // Catch: java.security.GeneralSecurityException -> L47
        L35:
            kotlin.jvm.internal.Intrinsics.checkNotNull(r0)
            boolean r5 = r4.validateKeySecurityLevel(r6, r0)
            if (r5 == 0) goto L3f
            return
        L3f:
            com.oblador.keychain.exceptions.CryptoFailedException r5 = new com.oblador.keychain.exceptions.CryptoFailedException
            java.lang.String r6 = "Cannot generate keys with required security guarantees"
            r5.<init>(r6)
            throw r5
        L47:
            r5 = move-exception
            java.lang.String r6 = r4.LOG_TAG
            java.lang.String r0 = "Regular security storage is not available."
            r1 = r5
            java.lang.Throwable r1 = (java.lang.Throwable) r1
            android.util.Log.e(r6, r0, r1)
            throw r5
        */
        throw new UnsupportedOperationException("Method not decompiled: com.oblador.keychain.cipherStorage.CipherStorageBase.generateKeyAndStoreUnderAlias(java.lang.String, com.oblador.keychain.SecurityLevel):void");
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public Set<String> getAllKeys() {
        KeyStore keyStoreAndLoad = getKeyStoreAndLoad();
        try {
            return new HashSet(Collections.list(keyStoreAndLoad.aliases()));
        } catch (java.security.KeyStoreException e) {
            throw new KeyStoreAccessException("Error accessing aliases in keystore " + keyStoreAndLoad, e);
        }
    }

    protected final Context getApplicationContext() {
        return this.applicationContext;
    }

    public final Cipher getCachedInstance() throws NoSuchAlgorithmException, NoSuchPaddingException {
        return CipherCache.INSTANCE.getCipher(getEncryptionTransformation());
    }

    protected final KeyStore getCachedKeyStore() {
        return this.cachedKeyStore;
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public int getCapabilityLevel() {
        return ((isAuthSupported() ? 1 : 0) * 1000) + getMinSupportedApiLevel();
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public String getDefaultAliasServiceName() {
        return getCipherStorageName();
    }

    protected abstract String getEncryptionAlgorithm();

    protected abstract String getEncryptionTransformation();

    protected abstract KeyGenParameterSpec.Builder getKeyGenSpecBuilder(String alias) throws GeneralSecurityException;

    protected abstract KeyInfo getKeyInfo(Key key) throws GeneralSecurityException;

    public final KeyStore getKeyStoreAndLoad() throws KeyStoreAccessException {
        if (this.cachedKeyStore == null) {
            synchronized (this) {
                if (this.cachedKeyStore == null) {
                    try {
                        KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
                        keyStore.load(null);
                        this.cachedKeyStore = keyStore;
                    } catch (Throwable th) {
                        throw new KeyStoreAccessException("Could not access Keystore", th);
                    }
                }
                Unit unit = Unit.INSTANCE;
            }
        }
        KeyStore keyStore2 = this.cachedKeyStore;
        Intrinsics.checkNotNull(keyStore2);
        return keyStore2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final String getLOG_TAG() {
        return this.LOG_TAG;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final SecurityLevel getSecurityLevel(Key key) throws GeneralSecurityException {
        Intrinsics.checkNotNullParameter(key, "key");
        return getKeyInfo(key).isInsideSecureHardware() ? SecurityLevel.SECURE_HARDWARE : SecurityLevel.SECURE_SOFTWARE;
    }

    protected final boolean isKeyAlgorithmSupported(Key key, String expectedAlgorithm) throws GeneralSecurityException {
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(expectedAlgorithm, "expectedAlgorithm");
        if (!StringsKt.equals(key.getAlgorithm(), expectedAlgorithm, true)) {
            return false;
        }
        try {
            KeyInfo keyInfo = getKeyInfo(key);
            String[] blockModes = keyInfo.getBlockModes();
            Intrinsics.checkNotNullExpressionValue(blockModes, "getBlockModes(...)");
            if (keyInfo.isUserAuthenticationRequired() != isAuthSupported()) {
                return false;
            }
            String str = (String) StringsKt.split$default((CharSequence) getEncryptionTransformation(), new String[]{"/"}, false, 0, 6, (Object) null).get(1);
            for (String str2 : blockModes) {
                if (StringsKt.equals(str2, str, true)) {
                    return true;
                }
            }
            return false;
        } catch (GeneralSecurityException e) {
            Log.w(this.LOG_TAG, "Failed to check cipher configuration: " + e.getMessage());
            return false;
        }
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public void removeKey(String alias) {
        Intrinsics.checkNotNullParameter(alias, "alias");
        String defaultAliasIfEmpty = INSTANCE.getDefaultAliasIfEmpty(alias, getDefaultAliasServiceName());
        KeyStore keyStoreAndLoad = getKeyStoreAndLoad();
        try {
            if (keyStoreAndLoad.containsAlias(defaultAliasIfEmpty)) {
                keyStoreAndLoad.deleteEntry(defaultAliasIfEmpty);
            }
        } catch (GeneralSecurityException unused) {
        }
    }

    @Override // com.oblador.keychain.cipherStorage.CipherStorage
    public SecurityLevel securityLevel() {
        return SecurityLevel.SECURE_HARDWARE;
    }

    protected final void setCachedKeyStore(KeyStore keyStore) {
        this.cachedKeyStore = keyStore;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void throwIfInsufficientLevel(SecurityLevel level) throws CryptoFailedException {
        Intrinsics.checkNotNullParameter(level, "level");
        if (securityLevel().satisfiesSafetyThreshold(level)) {
            return;
        }
        throw new CryptoFailedException("Insufficient security level (wants " + level + "; got " + securityLevel() + ")");
    }

    protected final Key tryGenerateRegularSecurityKey(String alias) throws GeneralSecurityException {
        Intrinsics.checkNotNullParameter(alias, "alias");
        KeyGenParameterSpec build = getKeyGenSpecBuilder(alias).build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        return generateKey(build);
    }

    protected final Key tryGenerateStrongBoxSecurityKey(String alias) throws GeneralSecurityException {
        Intrinsics.checkNotNullParameter(alias, "alias");
        if (Build.VERSION.SDK_INT < 28) {
            throw new KeyStoreAccessException("Strong box security keystore is not supported for old API" + Build.VERSION.SDK_INT + ".");
        }
        KeyGenParameterSpec build = getKeyGenSpecBuilder(alias).setIsStrongBoxBacked(true).build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        return generateKey(build);
    }

    protected final boolean validateKeySecurityLevel(SecurityLevel level, Key key) throws GeneralSecurityException {
        Intrinsics.checkNotNullParameter(level, "level");
        Intrinsics.checkNotNullParameter(key, "key");
        return getSecurityLevel(key).satisfiesSafetyThreshold(level);
    }
}
