package com.samsung.android.service.health.security;

import android.content.Context;
import android.security.keystore.KeyProtection;
import com.samsung.android.database.sqlite.SecSQLiteDatabase;
import com.samsung.android.sdk.healthdata.privileged.util.LogUtil;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;

/* loaded from: classes3.dex */
final class AksKeyRepository implements KeyRepository {
    private Context mContext;
    private byte[] mDbKey;
    private static final String TAG = LogUtil.makeTag("AksKeyRepository");
    private static final Object OP_LOCK = new Object();
    private static final Integer RECHECK_RETRY_COUNT = 3;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AksKeyRepository(Context context) {
        this.mContext = context;
    }

    private void checkKeyValidity(Key key) throws KeyException, IOException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, NoSuchPaddingException {
        byte[] cipherMessage = KeyOperation.cipherMessage(this.mContext, KeyOperation.getByteFromFile(this.mContext, "aks_verify"), key, false);
        byte[] digest = MessageDigest.getInstance("SHA256").digest(Arrays.copyOf(cipherMessage, SecSQLiteDatabase.OPEN_FULLMUTEX));
        byte[] bArr = new byte[digest.length];
        System.arraycopy(cipherMessage, cipherMessage.length - digest.length, bArr, 0, digest.length);
        if (!Arrays.equals(digest, bArr)) {
            throw new KeyException("invalid key");
        }
    }

    private Key createAndStoreKey() {
        LogUtil.LOGD(TAG, "At first time");
        try {
            Key createNewDbKeyForKeystore = KeyOperation.createNewDbKeyForKeystore();
            if (createNewDbKeyForKeystore == null) {
                LogUtil.LOGD(TAG, "Fail to create new key");
                AksLogger.doAksLogging(this.mContext, "AKS_KM_NK_FAIL", null, null);
                return null;
            }
            if (storeOnAks(createNewDbKeyForKeystore)) {
                return createNewDbKeyForKeystore;
            }
            LogUtil.LOGD(TAG, "Fail to store");
            return null;
        } catch (Exception e) {
            AksLogger.doAksLogging(this.mContext, "AKS_KM_NK_ERR", "MSG=" + e.getClass().getSimpleName() + " " + e.getMessage(), null);
            return null;
        }
    }

    private byte[] getDbKeyFromAksWithValidityCheck() {
        byte[] byteFromFile;
        Key keyFromAks = getKeyFromAks();
        if (keyFromAks == null) {
            AksLogger.doAksLogging(this.mContext, "AKS_GETKEY_FAIL", null, null);
            return null;
        }
        try {
            byte[] byteFromFile2 = KeyOperation.getByteFromFile(this.mContext, "aks");
            if (byteFromFile2 == null || byteFromFile2.length == 0) {
                AksLogger.doAksLogging(this.mContext, "AKS_GETKEY_EMPTY", null, null);
                return null;
            }
            try {
                boolean z = false;
                byte[] cipherMessage = KeyOperation.cipherMessage(this.mContext, byteFromFile2, keyFromAks, false);
                if (cipherMessage == null) {
                    AksLogger.doAksLogging(this.mContext, "AKS_GETKEY_EMPTY", null, null);
                } else if (DbChecker.isDbKeyValid(this.mContext, cipherMessage, "AksDiffKey")) {
                    AksLogger.resetAksErrCount(this.mContext, "AKS_RESOTRED");
                    z = true;
                }
                if (z) {
                    return cipherMessage;
                }
            } catch (Exception e) {
                AksLogger.doAksLogging(this.mContext, "AKS_GETKEY_FAIL2", e.getClass().getSimpleName() + ", " + e.getMessage(), null);
            }
            try {
                byteFromFile = KeyOperation.getByteFromFile(this.mContext, "aks_verify_iv");
            } catch (Exception e2) {
                AksLogger.doAksLogging(this.mContext, "AKS_GETKEY_INVALID", "MSG=" + e2.toString(), null);
            }
            if (Arrays.equals(byteFromFile, MessageDigest.getInstance("SHA256").digest(KeyOperation.getIvFromAndroidId(this.mContext)))) {
                checkKeyValidity(keyFromAks);
                return null;
            }
            if (byteFromFile.length != 0) {
                throw new KeyException("invalid iv");
            }
            throw new KeyException("invalid iv(empty)");
        } catch (IOException e3) {
            AksLogger.doAksLogging(this.mContext, "AKS_GETKEY_FAIL1", e3.getClass().getSimpleName() + ", " + e3.getMessage(), null);
            return null;
        }
    }

    private Key getKeyFromAks() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore.getKey("AKS_ALIAS", null);
        } catch (Exception e) {
            AksLogger.doAksLogging(this.mContext, "AKS_GETKEY_ERR", "MSG=" + e.getClass().getSimpleName() + " " + e.getMessage(), null);
            return null;
        }
    }

    private boolean isSameKey(Key key, Key key2) {
        byte[] bytes = "test_message123".getBytes();
        try {
            try {
                return Arrays.equals(bytes, KeyOperation.cipherMessage(this.mContext, KeyOperation.cipherMessage(this.mContext, bytes, key, true), key2, false));
            } catch (Exception e) {
                LogUtil.LOGE(TAG, "Key checking failure", e);
                AksLogger.doAksLogging(this.mContext, "AKS_RECHK_FAIL", "MSG=" + e.toString() + ",2", null);
                return false;
            }
        } catch (Exception e2) {
            AksLogger.doAksLogging(this.mContext, "AKS_RECHK_FAIL", "MSG=" + e2.toString() + ",1", null);
            return false;
        }
    }

    private boolean leaveVerificationHint(Key key) {
        byte[] generateRandom = KeyOperation.generateRandom(SecSQLiteDatabase.OPEN_FULLMUTEX);
        try {
            byte[] digest = MessageDigest.getInstance("SHA256").digest(generateRandom);
            byte[] bArr = new byte[generateRandom.length + digest.length];
            System.arraycopy(generateRandom, 0, bArr, 0, generateRandom.length);
            System.arraycopy(digest, 0, bArr, generateRandom.length, digest.length);
            byte[] cipherMessage = KeyOperation.cipherMessage(this.mContext, bArr, key, true);
            if (KeyOperation.saveBytesToFile(this.mContext, MessageDigest.getInstance("SHA256").digest(KeyOperation.getIvFromAndroidId(this.mContext)), "aks_verify_iv") && KeyOperation.saveBytesToFile(this.mContext, cipherMessage, "aks_verify")) {
                checkKeyValidity(key);
                AksLogger.resetAksErrCount(this.mContext, "AKS_KM_SETUP_RESTORED");
                return true;
            }
        } catch (Exception e) {
            AksLogger.doAksLogging(this.mContext, "AKS_RECHK_FAIL", "MSG=" + e.toString() + ",0", null);
        }
        return false;
    }

    private byte[] setKeyToAks(byte[] bArr) {
        if (bArr == null) {
            try {
                Key createNewDbKey = KeyOperation.createNewDbKey();
                if (createNewDbKey == null) {
                    LogUtil.LOGD(TAG, "Fail to create new key");
                    AksLogger.doAksLogging(this.mContext, "AKS_KM_NK_FAIL", null, null);
                    return null;
                }
                bArr = createNewDbKey.getEncoded();
            } catch (Exception e) {
                AksLogger.doAksLogging(this.mContext, "AKS_KM_NK_ERR", "MSG=" + e.getClass().getSimpleName() + e.getMessage(), null);
                return null;
            }
        }
        if (bArr == null || bArr.length == 0) {
            throw new KeyException("empty db");
        }
        Key createAndStoreKey = createAndStoreKey();
        if (createAndStoreKey == null) {
            return null;
        }
        byte[] cipherMessage = KeyOperation.cipherMessage(this.mContext, bArr, createAndStoreKey, true);
        if (cipherMessage == null || cipherMessage.length == 0) {
            throw new KeyException("empty");
        }
        if (!KeyOperation.saveBytesToFile(this.mContext, cipherMessage, "aks")) {
            if (this.mContext.getFileStreamPath("aks").delete()) {
                throw new KeyException("fail to save");
            }
            throw new KeyException("fail to save and delete");
        }
        if (!Arrays.equals(cipherMessage, KeyOperation.getByteFromFile(this.mContext, "aks"))) {
            throw new KeyException("fail to verify");
        }
        if (leaveVerificationHint(createAndStoreKey)) {
            return bArr;
        }
        throw new KeyException("fail to store key verification hint");
    }

    private byte[] storeKeyAndSetKrm(byte[] bArr) {
        byte[] keyToAks = setKeyToAks(bArr);
        if (keyToAks == null || KeyRetrievalMode.set(this.mContext, KeyRetrievalMode.AKS_KEYSTORE)) {
            return keyToAks;
        }
        return null;
    }

    private boolean storeKeyToAks(Key key) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.setEntry("AKS_ALIAS", new KeyStore.SecretKeyEntry((SecretKey) key), new KeyProtection.Builder(3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build());
            return true;
        } catch (Exception e) {
            AksLogger.doAksLogging(this.mContext, "AKS_SETKEY_ERR", "MSG=" + e.getClass().getSimpleName() + " " + e.getMessage(), null);
            e.printStackTrace();
            return false;
        }
    }

    private boolean storeOnAks(Key key) {
        int i = 0;
        while (i < RECHECK_RETRY_COUNT.intValue() && !storeOnAksInternal(key)) {
            try {
                Thread.sleep(500L);
            } catch (InterruptedException unused) {
            }
            i++;
        }
        if (i == 0) {
            return true;
        }
        AksLogger.doAksLogging(this.mContext, "AKS_RECHECK_FAIL", "ERRCOUNT=" + i, null);
        return i != RECHECK_RETRY_COUNT.intValue();
    }

    private boolean storeOnAksInternal(Key key) {
        Key key2;
        if (!storeKeyToAks(key)) {
            return false;
        }
        StringBuilder sb = new StringBuilder();
        int i = 0;
        while (true) {
            if (i >= RECHECK_RETRY_COUNT.intValue()) {
                key2 = null;
                break;
            }
            try {
                key2 = getKeyFromAks();
                break;
            } catch (Exception e) {
                sb.append(e.getClass().getSimpleName());
                sb.append(" ");
                sb.append(e.getMessage());
                sb.append("/");
                try {
                    Thread.sleep(500L);
                } catch (InterruptedException unused) {
                }
                i++;
            }
        }
        if (i != 0) {
            AksLogger.doAksLogging(this.mContext, "AKS_GETKEY_ERR", "MSG=" + sb.toString() + ",ERRCOUNT=" + i, null);
            if (i == RECHECK_RETRY_COUNT.intValue()) {
                return false;
            }
        }
        if (key2 == null) {
            AksLogger.doAksLogging(this.mContext, "AKS_RECHK_FAIL1", null, null);
            return false;
        }
        if (isSameKey(key, key2)) {
            LogUtil.LOGD(TAG, "Key is stored in AksKeyRepository successfully");
            return true;
        }
        AksLogger.doAksLogging(this.mContext, "AKS_RECHK_FAIL2", null, null);
        return false;
    }

    public final byte[] createAndStore() {
        byte[] storeKeyAndSetKrm;
        synchronized (OP_LOCK) {
            storeKeyAndSetKrm = storeKeyAndSetKrm(null);
        }
        return storeKeyAndSetKrm;
    }

    public final byte[] migrate$2abf6bd(byte[] bArr) {
        byte[] storeKeyAndSetKrm;
        synchronized (OP_LOCK) {
            storeKeyAndSetKrm = storeKeyAndSetKrm(bArr);
        }
        return storeKeyAndSetKrm;
    }

    @Override // com.samsung.android.service.health.security.KeyRepository
    public final byte[] retrieve() {
        synchronized (OP_LOCK) {
            if (this.mDbKey == null) {
                this.mDbKey = getDbKeyFromAksWithValidityCheck();
            }
        }
        return this.mDbKey;
    }
}
