package com.blackberry.pimbase.b.b;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.blackberry.common.utils.o;
import com.blackberry.pimbase.b.b.f;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.Locale;
import javax.crypto.AEADBadTagException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* compiled from: PIMCrypt2.java */
/* loaded from: classes.dex */
public class g {
    private final a cad;

    /* compiled from: PIMCrypt2.java */
    /* loaded from: classes.dex */
    static class a {
        private static final Object cae = new Object();
        private KeyStore mKeyStore = null;

        a() {
        }

        SecretKey a(KeyStore keyStore, String str, boolean z) {
            try {
                Key key = keyStore.getKey(str, null);
                if (key == null) {
                    return null;
                }
                if (key instanceof SecretKey) {
                    return (SecretKey) key;
                }
                o.d("PIMCrypt", "Stored key was of unexpected class %s", key.getClass());
                return null;
            } catch (GeneralSecurityException e) {
                if (!z) {
                    throw e;
                }
                o.d("PIMCrypt", e, "Unable to recover key while encrypting.", new Object[0]);
                return null;
            }
        }

        KeyStore getKeyStore() {
            if (this.mKeyStore == null) {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                try {
                    keyStore.load(null);
                    this.mKeyStore = keyStore;
                } catch (IOException e) {
                    throw new GeneralSecurityException("Unable to load the AndroidKeyStore", e);
                }
            }
            return this.mKeyStore;
        }

        SecretKey gz(String str) {
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(str, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).build();
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            keyGenerator.init(build);
            return keyGenerator.generateKey();
        }

        public SecretKey p(String str, boolean z) {
            KeyStore keyStore = getKeyStore();
            SecretKey a2 = a(keyStore, str, z);
            if (a2 != null) {
                o.b("PIMCrypt", "Returning existing crypto key", new Object[0]);
                return a2;
            }
            o.d("PIMCrypt", "No crypto key generated yet, or the wrong type.", new Object[0]);
            synchronized (cae) {
                if (keyStore.containsAlias(str)) {
                    SecretKey a3 = a(keyStore, str, true);
                    if (a3 != null) {
                        return a3;
                    }
                    keyStore.deleteEntry(str);
                }
                gz(str);
                SecretKey a4 = a(keyStore, str, false);
                if (a4 != null) {
                    return a4;
                }
                throw new GeneralSecurityException("Couldn't generate and get key back");
            }
        }
    }

    public g() {
        this(new a());
    }

    g(a aVar) {
        this.cad = aVar;
    }

    private static byte gy(String str) {
        try {
            byte parseByte = Byte.parseByte(str);
            if (parseByte == 2) {
                return parseByte;
            }
        } catch (NumberFormatException e) {
            o.b("PIMCrypt", e, "Can't parse version info", new Object[0]);
        }
        o.d("PIMCrypt", "Unrecoverable password: invalid version", new Object[0]);
        throw new f.a("invalid version");
    }

    private static byte[] l(byte[] bArr) {
        int length = bArr.length - 1;
        if (bArr[length] != 0) {
            return bArr;
        }
        while (length >= 0 && bArr[length] == 0) {
            length--;
        }
        byte[] copyOf = Arrays.copyOf(bArr, length + 1);
        m(bArr);
        return copyOf;
    }

    private static void m(byte[] bArr) {
        if (bArr != null) {
            Arrays.fill(bArr, (byte) 0);
        }
    }

    public String decrypt(String str) {
        String[] split = str.split("\\$", 4);
        if (split.length != 4) {
            o.d("PIMCrypt", "Unrecoverable password: invalid format", new Object[0]);
            throw new f.a("invalid format");
        }
        byte gy = gy(split[1]);
        try {
            byte[] decode = Base64.decode(split[2], 3);
            byte[] decode2 = Base64.decode(split[3], 3);
            SecretKey p = this.cad.p("com.blackberry.pimbase.provider.utilities.PIMCrypt2", false);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, p, new GCMParameterSpec(128, decode));
            cipher.updateAAD(new byte[]{gy});
            byte[] bArr = null;
            try {
                try {
                    bArr = l(cipher.doFinal(decode2));
                    return new String(bArr, StandardCharsets.UTF_8);
                } catch (AEADBadTagException e) {
                    o.d("PIMCrypt", "Unrecoverable password: invalid tag", new Object[0]);
                    throw new f.a("invalid tag", e);
                }
            } finally {
                m(bArr);
            }
        } catch (IllegalArgumentException unused) {
            o.d("PIMCrypt", "Unrecoverable password: invalid Base64", new Object[0]);
            throw new f.a("invalid base64");
        }
    }

    public String encrypt(String str) {
        SecretKey p = this.cad.p("com.blackberry.pimbase.provider.utilities.PIMCrypt2", true);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, p);
        cipher.updateAAD(new byte[]{2});
        if (str == null) {
            o.b("PIMCrypt", "Unexpected null for encryption.", new Object[0]);
            str = "";
        }
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        if (bytes.length < 64) {
            byte[] copyOf = Arrays.copyOf(bytes, 64);
            m(bytes);
            bytes = copyOf;
        }
        try {
            byte[] doFinal = cipher.doFinal(bytes);
            m(bytes);
            return String.format(Locale.US, "$%d$%s$%s", 2, Base64.encodeToString(cipher.getIV(), 3), Base64.encodeToString(doFinal, 3));
        } catch (Throwable th) {
            m(bytes);
            throw th;
        }
    }
}
