package cz.acrobits.ali.crypto;

import android.content.Context;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.util.Arrays;
import javax.crypto.Cipher;

/* loaded from: classes4.dex */
public class KeyMasterKeyStoreStrategy implements KeyStoreStrategy {
    private static final KeyGenerator KEY_GENERATOR = KeyGeneratorFactory.createKeyGenerator();
    private static final String RSA_ENCRYPTION_ALGORITHM = "RSA/ECB/PKCS1Padding";
    private static final int RSA_KEY_MODULUS_LENGTH = 4096;
    private static final String RSA_SIGNATURE_ALGORITHM = "SHA256withRSA";

    private static byte[] decryptAndVerify(KeyPair keyPair, byte[] bArr) throws Throwable {
        byte[] bArr2;
        byte[] bArr3 = null;
        try {
            byte[] bArr4 = new byte[512];
            try {
                int length = bArr.length - 512;
                bArr2 = new byte[length];
                try {
                    System.arraycopy(bArr, 0, bArr4, 0, 512);
                    System.arraycopy(bArr, 512, bArr2, 0, length);
                    Cipher cipher = Cipher.getInstance(RSA_ENCRYPTION_ALGORITHM);
                    cipher.init(2, keyPair.getPrivate());
                    byte[] doFinal = cipher.doFinal(bArr4);
                    if (doFinal.length != 32) {
                        Arrays.fill(bArr4, (byte) 0);
                        Arrays.fill(bArr2, (byte) 0);
                        return null;
                    }
                    Signature signature = Signature.getInstance(RSA_SIGNATURE_ALGORITHM);
                    signature.initVerify(keyPair.getPublic());
                    signature.update(doFinal);
                    if (signature.verify(bArr2)) {
                        Arrays.fill(bArr4, (byte) 0);
                        Arrays.fill(bArr2, (byte) 0);
                        return doFinal;
                    }
                    Arrays.fill(bArr4, (byte) 0);
                    Arrays.fill(bArr2, (byte) 0);
                    return null;
                } catch (Throwable th) {
                    th = th;
                    bArr3 = bArr4;
                    if (bArr3 != null) {
                        Arrays.fill(bArr3, (byte) 0);
                    }
                    if (bArr2 != null) {
                        Arrays.fill(bArr2, (byte) 0);
                    }
                    throw th;
                }
            } catch (Throwable th2) {
                th = th2;
                bArr2 = null;
            }
        } catch (Throwable th3) {
            th = th3;
            bArr2 = null;
        }
    }

    private static KeyPair generateKeyPair(Context context) throws Throwable {
        return KEY_GENERATOR.generateKeyPair(context, KeyStoreConstants.ANDROID_KEY_STORE, KeyStoreConstants.KEY_ALIAS, 4096);
    }

    private static KeyPair loadKeyPairFromAndroidKeyStore() throws Throwable {
        Certificate certificate;
        PublicKey publicKey;
        KeyStore keyStore = KeyStore.getInstance(KeyStoreConstants.ANDROID_KEY_STORE);
        keyStore.load(null);
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(KeyStoreConstants.KEY_ALIAS, null);
        if (privateKey == null || (certificate = keyStore.getCertificate(KeyStoreConstants.KEY_ALIAS)) == null || (publicKey = certificate.getPublicKey()) == null) {
            return null;
        }
        return new KeyPair(publicKey, privateKey);
    }

    private static byte[] loadPersistedEncryptedKey(Context context) throws Throwable {
        try {
            FileInputStream openFileInput = context.openFileInput(KeyStoreConstants.KEY_FILE_NAME);
            if (openFileInput == null) {
                if (openFileInput != null) {
                    openFileInput.close();
                }
                return null;
            }
            try {
                int available = openFileInput.available();
                if (available > 4096) {
                    if (openFileInput != null) {
                        openFileInput.close();
                    }
                    return null;
                }
                byte[] bArr = new byte[available];
                if (openFileInput.read(bArr) != available) {
                    if (openFileInput != null) {
                        openFileInput.close();
                    }
                    return null;
                }
                if (openFileInput != null) {
                    openFileInput.close();
                }
                return bArr;
            } finally {
            }
        } catch (FileNotFoundException unused) {
            return null;
        }
    }

    private static void persistEncryptedKey(Context context, byte[] bArr) throws Throwable {
        FileOutputStream openFileOutput = context.openFileOutput(KeyStoreConstants.KEY_FILE_NAME, 0);
        try {
            openFileOutput.write(bArr);
            if (openFileOutput != null) {
                openFileOutput.close();
            }
        } catch (Throwable th) {
            if (openFileOutput != null) {
                try {
                    openFileOutput.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static byte[] signAndEncrypt(KeyPair keyPair, byte[] bArr) throws Throwable {
        byte[] bArr2;
        byte[] doFinal;
        byte[] bArr3 = null;
        try {
            Cipher cipher = Cipher.getInstance(RSA_ENCRYPTION_ALGORITHM);
            cipher.init(1, keyPair.getPublic());
            doFinal = cipher.doFinal(bArr);
        } catch (Throwable th) {
            th = th;
            bArr2 = null;
        }
        try {
            if (doFinal.length != 512) {
                if (doFinal != null) {
                    Arrays.fill(doFinal, (byte) 0);
                }
                return null;
            }
            Signature signature = Signature.getInstance(RSA_SIGNATURE_ALGORITHM);
            signature.initSign(keyPair.getPrivate());
            signature.update(bArr);
            bArr3 = signature.sign();
            byte[] bArr4 = new byte[doFinal.length + bArr3.length];
            System.arraycopy(doFinal, 0, bArr4, 0, doFinal.length);
            System.arraycopy(bArr3, 0, bArr4, doFinal.length, bArr3.length);
            if (doFinal != null) {
                Arrays.fill(doFinal, (byte) 0);
            }
            if (bArr3 != null) {
                Arrays.fill(bArr3, (byte) 0);
            }
            return bArr4;
        } catch (Throwable th2) {
            th = th2;
            bArr2 = bArr3;
            bArr3 = doFinal;
            if (bArr3 != null) {
                Arrays.fill(bArr3, (byte) 0);
            }
            if (bArr2 != null) {
                Arrays.fill(bArr2, (byte) 0);
            }
            throw th;
        }
    }

    @Override // cz.acrobits.ali.crypto.KeyStoreStrategy
    public void createMainEncryptionKey(Context context) throws Throwable {
        byte[] bArr;
        try {
            bArr = tryLoadMainEncryptionKey(context);
            if (bArr != null) {
                if (bArr != null) {
                    Arrays.fill(bArr, (byte) 0);
                    return;
                }
                return;
            }
            try {
                KeyPair generateKeyPair = generateKeyPair(context);
                bArr = RandomBytesGenerator.generateAESKey(32);
                persistEncryptedKey(context, signAndEncrypt(generateKeyPair, bArr));
                if (bArr != null) {
                    Arrays.fill(bArr, (byte) 0);
                }
            } catch (Throwable th) {
                th = th;
                if (bArr != null) {
                    Arrays.fill(bArr, (byte) 0);
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
            bArr = null;
        }
    }

    @Override // cz.acrobits.ali.crypto.KeyStoreStrategy
    public byte[] tryLoadMainEncryptionKey(Context context) throws Throwable {
        byte[] loadPersistedEncryptedKey;
        KeyPair loadKeyPairFromAndroidKeyStore = loadKeyPairFromAndroidKeyStore();
        if (loadKeyPairFromAndroidKeyStore == null || (loadPersistedEncryptedKey = loadPersistedEncryptedKey(context)) == null) {
            return null;
        }
        return decryptAndVerify(loadKeyPairFromAndroidKeyStore, loadPersistedEncryptedKey);
    }
}
