package com.amazon.identity.auth.device;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Log;
import com.amazon.identity.auth.device.framework.crypto.AESCipher$KeySize;
import com.amazon.mShop.voiceX.search.VoiceXSearchExecutor;
import com.amazonaws.event.ProgressEvent;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import javax.crypto.BadPaddingException;
import javax.security.auth.x500.X500Principal;
import org.npci.upi.security.pinactivitycomponent.CLConstants;

/* compiled from: DCP */
/* loaded from: classes2.dex */
public final class cc implements x8 {
    public static cc e;

    /* renamed from: a, reason: collision with root package name */
    public final Context f360a;

    /* renamed from: b, reason: collision with root package name */
    public final com.amazon.identity.auth.device.framework.crypto.a f361b;

    /* renamed from: c, reason: collision with root package name */
    public final KeyStore f362c;
    public final oc d;

    public cc(Context context) {
        pm a2 = pm.a("LocalDataStorageEncryptor:InitiatingLocalDataStorageEncryptor");
        try {
            try {
                this.f360a = context;
                this.d = oc.a(context, "LOCAL_DS_ENCRYPTION_KEY_NAMESPACE");
                KeyStore keyStore = KeyStore.getInstance(CLConstants.FIELD_ANDROID_KEY_STORE);
                this.f362c = keyStore;
                keyStore.load(null);
                a(context, a2);
                this.f361b = new com.amazon.identity.auth.device.framework.crypto.a(a(a2));
                a2.a(true);
                fe.a("LocalDataStorageEncryptor:Initiation:Success");
            } catch (Exception e2) {
                a2.b("CreateFail:".concat(e2.getClass().getSimpleName()));
                a2.a(false);
                fe.a("LocalDataStorageEncryptor:Initiation:Failed:".concat(e2.getClass().getSimpleName()));
                throw e2;
            }
        } finally {
            a2.a();
        }
    }

    public static synchronized cc a(Context context) {
        cc ccVar;
        synchronized (cc.class) {
            if (e == null) {
                Log.i(xd.a("LocalDataStorageEncryptor"), "Generating LocalDataStorageEncryptor instance");
                e = new cc(context);
                Log.i(xd.a("LocalDataStorageEncryptor"), "Finish generating LocalDataStorageEncryptor instance");
            }
            ccVar = e;
        }
        return ccVar;
    }

    @Override // com.amazon.identity.auth.device.x8
    public final String a(String str) {
        if (str == null) {
            return null;
        }
        xd.a("LocalDataStorageEncryptor");
        String str2 = Build.TYPE;
        "user".equalsIgnoreCase(str2);
        String a2 = sk.a(this.f361b.b(sk.b(str)));
        xd.a("LocalDataStorageEncryptor");
        "user".equalsIgnoreCase(str2);
        return p0.a("AES-GCM+", a2);
    }

    public final void a(Context context, pm pmVar) {
        pmVar.b("generateRSAKeyIfNotExists");
        KeyStore keyStore = this.f362c;
        if (keyStore == null) {
            pmVar.b("NullKeystore");
            throw new IllegalArgumentException("Keystore is null! This should not happen");
        }
        if (keyStore.containsAlias("IDENTITY_MAP_KEYSTORE_ALIAS")) {
            Log.i(xd.a("LocalDataStorageEncryptor"), "RSA keypair exists, fast return.");
            pmVar.b("RSAKeyPairGenerated");
            return;
        }
        Log.i(xd.a("LocalDataStorageEncryptor"), "Generating RSA keypair");
        if (!TextUtils.isEmpty(this.d.a("AES_ENCRYPTION_KEY"))) {
            Log.i(xd.a("LocalDataStorageEncryptor"), "AES key generated, deleting it and clearing db before generating new RSA keys");
            this.d.a();
            Context context2 = this.f360a;
            if (context2 != null) {
                context2.deleteDatabase("map_data_storage.db");
            }
            ea.b(this.f360a);
            pmVar.b("DeleteExistAESKeyRegenerateRSAKey");
        }
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("IDENTITY_MAP_KEYSTORE_ALIAS", 3).setCertificateSubject(new X500Principal("CN=IDENTITY_MAP_KEYSTORE_ALIAS")).setCertificateSerialNumber(BigInteger.TEN).setKeySize(ProgressEvent.PART_COMPLETED_EVENT_CODE).setEncryptionPaddings("PKCS1Padding").build();
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", CLConstants.FIELD_ANDROID_KEY_STORE);
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
            pmVar.b("RSAKeyPairGeneration:Success");
        } catch (Exception unused) {
            pmVar.b("RSAKeyPairGeneration:Retry");
            Log.w(xd.a("LocalDataStorageEncryptor"), "Generating RSA key pair failed, retry once");
            KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", CLConstants.FIELD_ANDROID_KEY_STORE);
            keyPairGenerator2.initialize(build);
            keyPairGenerator2.generateKeyPair();
            pmVar.b("RSAKeyPairGeneration:Retry:Success");
        }
        fe.a("RSAKeyPairGeneration:Success:Overall");
    }

    public final byte[] a(pm pmVar) {
        String a2 = this.d.a("AES_ENCRYPTION_KEY");
        if (!TextUtils.isEmpty(a2)) {
            Log.i(xd.a("LocalDataStorageEncryptor"), "AES key generated, decrypting");
            Log.i(xd.a("LocalDataStorageEncryptor"), "Decrypting existed AES Key");
            return ji.a(2, "RSA/ECB/PKCS1Padding", (PrivateKey) this.f362c.getKey("IDENTITY_MAP_KEYSTORE_ALIAS", null)).doFinal(sk.a(a2));
        }
        Log.i(xd.a("LocalDataStorageEncryptor"), "Generating AES encryption key");
        byte[] a3 = com.amazon.identity.auth.device.framework.crypto.a.a(AESCipher$KeySize.KEY_SIZE_256_BITS);
        Log.i(xd.a("LocalDataStorageEncryptor"), "Encrypting AES Key");
        this.d.a("AES_ENCRYPTION_KEY", sk.a(ji.a(1, "RSA/ECB/PKCS1Padding", this.f362c.getCertificate("IDENTITY_MAP_KEYSTORE_ALIAS").getPublicKey()).doFinal(a3)));
        pmVar.b("AESKeyGeneration:Success");
        return a3;
    }

    @Override // com.amazon.identity.auth.device.x8
    public final String b(String str) {
        String str2;
        if (str == null) {
            return null;
        }
        xd.a("LocalDataStorageEncryptor");
        "user".equalsIgnoreCase(Build.TYPE);
        if (!str.startsWith("AES-GCM+")) {
            return str;
        }
        try {
            byte[] a2 = this.f361b.a(sk.a(str.substring(8)));
            if (a2 != null) {
                try {
                    str2 = new String(a2, VoiceXSearchExecutor.URL_ENCODING);
                } catch (UnsupportedEncodingException e2) {
                    Log.e(xd.a("StringUtil"), "System failure! UTF-8 unsupported from byte to String! This shouldn't happen!", e2);
                }
                xd.a("LocalDataStorageEncryptor");
                "user".equalsIgnoreCase(Build.TYPE);
                return str2;
            }
            str2 = null;
            xd.a("LocalDataStorageEncryptor");
            "user".equalsIgnoreCase(Build.TYPE);
            return str2;
        } catch (BadPaddingException unused) {
            xd.a("LocalDataStorageEncryptor", "Bad padding shouldn't happen, just return null.", "LocalDataStorageEncryptor:decryptData:BadPadding");
            return null;
        }
    }
}
