package com.microsoft.omadm.apppolicy;

import android.content.Context;
import android.os.Build;
import com.microsoft.omadm.connection.CertificateKeyStore;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.utils.DataEncryptionUtils;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes.dex */
public class EscrowedKeyProtector {
    private static final String CIPHER_ALGORITHM = "RSA/ECB/PKCS1Padding";
    private static final byte CRYPT_TYPE_ANDROID_KEYSTORE = 1;
    private static final byte CRYPT_TYPE_ENCRYPTION_UTILS = 2;
    private static final String KEY_ALIAS = "EscrowedKeyProtector";
    private static final long serialVersionUID = 3965721945633867088L;
    private final Context mContext;
    private static final Logger LOGGER = Logger.getLogger(EscrowedKeyProtector.class.getName());
    private static final byte[] CANARY_PREFIX = {77, 65, 77};
    private static Object sInitializeLock = new Object();

    /* loaded from: classes.dex */
    public static class KeyStoreResetException extends Exception {
        private static final long serialVersionUID = 1465821949633867122L;

        public KeyStoreResetException(String str) {
            super(str);
        }

        public KeyStoreResetException(String str, Throwable th) {
            super(str, th);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EscrowedKeyProtector(Context context) {
        this.mContext = context;
    }

    private byte[] crypt(byte[] bArr, int i, int i2, Key key) throws OMADMException {
        try {
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
            cipher.init(i2, key);
            return cipher.doFinal(bArr, i, bArr.length - i);
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            LOGGER.log(Level.SEVERE, "Cipher operation failed", e);
            throw new OMADMException(e);
        }
    }

    private KeyStore getAndroidKeyStore() throws OMADMException {
        try {
            KeyStore keyStore = KeyStore.getInstance(CertificateKeyStore.ANDROID_KEYSTORE_NAME);
            keyStore.load(null);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new OMADMException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public KeyStore.PrivateKeyEntry getKeyEntry() throws OMADMException {
        KeyStore androidKeyStore;
        synchronized (sInitializeLock) {
            androidKeyStore = getAndroidKeyStore();
        }
        try {
            try {
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) androidKeyStore.getEntry(KEY_ALIAS, null);
                if (privateKeyEntry != null) {
                    LOGGER.fine("KeyStore result found");
                    return privateKeyEntry;
                }
            } catch (Exception e) {
                LOGGER.log(Level.INFO, "Key was unrecoverable in store, will re-initialize", (Throwable) e);
            }
            initKeyInAndroidKeyStore();
            LOGGER.info("KeyStore searched second time");
            return (KeyStore.PrivateKeyEntry) androidKeyStore.getEntry(KEY_ALIAS, null);
        } catch (ClassCastException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e2) {
            LOGGER.info("getKeyEntry exception");
            throw new OMADMException(e2);
        }
    }

    private Key getPrivateKey() throws OMADMException {
        return getKeyEntry().getPrivateKey();
    }

    private Key getPublicKey() throws OMADMException {
        return getKeyEntry().getCertificate().getPublicKey();
    }

    private void initKeyInAndroidKeyStore() throws OMADMException {
        Throwable th;
        synchronized (sInitializeLock) {
            LOGGER.info("Initializing EscrowedKeyProtector key in Android KeyStore");
            try {
                KeyPair generateKeyPair = CertificateKeyStore.generateKeyPair();
                getAndroidKeyStore().setKeyEntry(KEY_ALIAS, generateKeyPair.getPrivate(), null, new X509Certificate[]{CertificateKeyStore.generateSelfSignedCertificate(generateKeyPair)});
                LOGGER.info("Initializing EscrowedKeyProtector key completed");
            } catch (IllegalArgumentException e) {
                th = e;
                LOGGER.warning("Initializing EscrowedKeyProtector key failed");
                throw new OMADMException(th);
            } catch (KeyStoreException e2) {
                th = e2;
                LOGGER.warning("Initializing EscrowedKeyProtector key failed");
                throw new OMADMException(th);
            }
        }
    }

    public void asyncInit() {
        if (isAndroidKeyStoreAvailable()) {
            new Thread(new Runnable() { // from class: com.microsoft.omadm.apppolicy.EscrowedKeyProtector.1
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        EscrowedKeyProtector.this.getKeyEntry();
                    } catch (OMADMException e) {
                        EscrowedKeyProtector.LOGGER.log(Level.SEVERE, "Async ExcrowedKeyProtector init failed.", (Throwable) e);
                    }
                }
            }).start();
        }
    }

    public byte[] decrypt(byte[] bArr) throws OMADMException, KeyStoreResetException {
        switch (bArr[0]) {
            case 1:
                try {
                    byte[] crypt = crypt(bArr, 1, 2, getPrivateKey());
                    if (crypt.length < CANARY_PREFIX.length) {
                        throw new OMADMException("Data was not encrypted by this class");
                    }
                    for (int i = 0; i < CANARY_PREFIX.length; i++) {
                        if (crypt[i] != CANARY_PREFIX[i]) {
                            LOGGER.warning("Could not decrypt successfully as canary does not match. Assuming key this data was encrypted with is no longer available");
                            throw new KeyStoreResetException("Could not decrypt successfully as canary does not match. Assuming key this data was encrypted with is no longer available");
                        }
                    }
                    return Arrays.copyOfRange(crypt, CANARY_PREFIX.length, crypt.length);
                } catch (OMADMException e) {
                    if (!(e.getCause() instanceof BadPaddingException) && !(e.getCause() instanceof IllegalBlockSizeException)) {
                        throw e;
                    }
                    LOGGER.log(Level.WARNING, "Could not decrypt due to exception, assuming key this data was encrypted with is no longer available", (Throwable) e);
                    throw new KeyStoreResetException("Could not decrypt due to exception, assuming key this data was encrypted with is no longer available", e);
                }
            case 2:
                return DataEncryptionUtils.decryptRawData(Arrays.copyOfRange(bArr, 1, bArr.length), this.mContext);
            default:
                throw new OMADMException("Data was not encrypted by this class");
        }
    }

    public byte[] encrypt(byte[] bArr) throws OMADMException {
        if (isAndroidKeyStoreAvailable()) {
            try {
                byte[] bArr2 = new byte[CANARY_PREFIX.length + bArr.length];
                System.arraycopy(CANARY_PREFIX, 0, bArr2, 0, CANARY_PREFIX.length);
                System.arraycopy(bArr, 0, bArr2, CANARY_PREFIX.length, bArr.length);
                byte[] crypt = crypt(bArr2, 0, 1, getPublicKey());
                ByteBuffer allocate = ByteBuffer.allocate(crypt.length + 1);
                allocate.put(CRYPT_TYPE_ANDROID_KEYSTORE);
                allocate.put(crypt);
                return allocate.array();
            } catch (OMADMException e) {
                LOGGER.log(Level.WARNING, "Failed to encrypt escrowed key using Android Key Store", (Throwable) e);
            }
        }
        byte[] encryptRawData = DataEncryptionUtils.encryptRawData(bArr, this.mContext);
        ByteBuffer allocate2 = ByteBuffer.allocate(encryptRawData.length + 1);
        allocate2.put(CRYPT_TYPE_ENCRYPTION_UTILS);
        allocate2.put(encryptRawData);
        return allocate2.array();
    }

    protected boolean isAndroidKeyStoreAvailable() {
        return Build.VERSION.SDK_INT >= 18;
    }
}
