package com.couchbase.lite.auth;

import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import com.couchbase.lite.util.Base64;
import com.couchbase.lite.util.ConversionUtils;
import com.couchbase.lite.util.Log;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.URL;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Locale;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: classes.dex */
public class AESSecureTokenStore implements TokenStore {
    private static final String CIPHER_ALGORITHM = "AES/CBC/PKCS7Padding";
    public static final String TAG = "Sync";
    private static final String alias = "CouchbaseLiteTokenStoreAES";
    private static final boolean hasKeyGenerator;
    private static final boolean hasKeyStore;
    private static final String serviceName = "CouchbaseLite";
    private Context context;

    static {
        hasKeyStore = Build.VERSION.SDK_INT >= 18;
        hasKeyGenerator = Build.VERSION.SDK_INT >= 23;
    }

    public AESSecureTokenStore(Context context) {
        this.context = null;
        this.context = context;
        initializePrivateKey(context);
    }

    @TargetApi(23)
    private Map decrypt(String str, String str2) {
        try {
            byte[] decode = Base64.decode(str, 0);
            byte[] decode2 = Base64.decode(str2, 0);
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            SecretKey secretKey = (SecretKey) keyStore.getKey(alias, null);
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
            cipher.init(2, secretKey, new IvParameterSpec(decode2));
            CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(decode), cipher);
            try {
                ArrayList arrayList = new ArrayList();
                while (true) {
                    int read = cipherInputStream.read();
                    if (read == -1) {
                        break;
                    }
                    arrayList.add(Byte.valueOf((byte) read));
                }
                byte[] bArr = new byte[arrayList.size()];
                for (int i = 0; i < bArr.length; i++) {
                    bArr[i] = ((Byte) arrayList.get(i)).byteValue();
                }
                try {
                    return ConversionUtils.fromByteArray(bArr);
                } catch (IOException e) {
                    Log.e("Sync", "Unable to decrypt: value=<%s>", e, str);
                    return null;
                }
            } finally {
                cipherInputStream.close();
            }
        } catch (Exception e2) {
            Log.e("Sync", "Unable to open KeyStore", e2);
            return null;
        }
    }

    @TargetApi(23)
    private String[] encrypt(Map<String, String> map) {
        byte[] byteArray = ConversionUtils.toByteArray(map);
        if (byteArray == null) {
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            SecretKey secretKey = (SecretKey) keyStore.getKey(alias, null);
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
            cipher.init(1, secretKey);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            try {
                cipherOutputStream.write(byteArray);
                byte[] iv = cipher.getIV();
                cipherOutputStream.close();
                return new String[]{Base64.encodeToString(byteArrayOutputStream.toByteArray(), 0), Base64.encodeToString(iv, 0)};
            } catch (Throwable th) {
                cipherOutputStream.close();
                throw th;
            }
        } catch (Exception e) {
            Log.e("Sync", "Unable to open KeyStore", e);
            return null;
        }
    }

    private String getKey(URL url, String str) {
        String externalForm = url.toExternalForm();
        String format = String.format(Locale.ENGLISH, "%s OpenID Connect tokens", url.getHost());
        return str == null ? String.format(Locale.ENGLISH, "%s%s%s", alias, format, externalForm) : String.format(Locale.ENGLISH, "%s%s%s%s", alias, format, externalForm, str);
    }

    @TargetApi(23)
    private void initializePrivateKey(Context context) {
        if (hasKeyStore && hasKeyGenerator) {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                if (keyStore.containsAlias(alias)) {
                    return;
                }
                try {
                    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                    keyGenerator.init(new KeyGenParameterSpec.Builder(alias, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").build());
                    keyGenerator.generateKey();
                } catch (Exception e) {
                    Log.e("Sync", "Unable to create new key", e);
                }
            } catch (Exception e2) {
                Log.e("Sync", "Unable to open KeyStore", e2);
            }
        }
    }

    @Override // com.couchbase.lite.auth.TokenStore
    @TargetApi(23)
    public boolean deleteTokens(URL url, String str) {
        if (!hasKeyStore || !hasKeyGenerator) {
            return false;
        }
        SharedPreferences.Editor edit = this.context.getSharedPreferences("CouchbaseLite", 0).edit();
        edit.remove(getKey(url, str));
        return edit.commit();
    }

    @Override // com.couchbase.lite.auth.TokenStore
    @TargetApi(23)
    public Map<String, String> loadTokens(URL url, String str) throws Exception {
        SharedPreferences sharedPreferences;
        String key;
        String string;
        if (!hasKeyStore || !hasKeyGenerator || (string = (sharedPreferences = this.context.getSharedPreferences("CouchbaseLite", 0)).getString((key = getKey(url, str)), null)) == null) {
            return null;
        }
        String string2 = sharedPreferences.getString(key + "_iv", null);
        if (string2 == null) {
            return null;
        }
        return decrypt(string, string2);
    }

    @Override // com.couchbase.lite.auth.TokenStore
    @TargetApi(23)
    public boolean saveTokens(URL url, String str, Map<String, String> map) {
        String[] encrypt;
        if (!hasKeyStore || !hasKeyGenerator || (encrypt = encrypt(map)) == null) {
            return false;
        }
        SharedPreferences.Editor edit = this.context.getSharedPreferences("CouchbaseLite", 0).edit();
        String key = getKey(url, str);
        edit.putString(key, encrypt[0]);
        edit.putString(key + "_iv", encrypt[1]);
        return edit.commit();
    }
}
