package com.samsung.android.service.health.security;

import android.content.Context;
import com.samsung.android.sdk.healthdata.privileged.util.LogUtil;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes8.dex */
public final class UksKeyRepository extends TimaKeystoreKeyRepository {
    private static final String TAG = LogUtil.makeTag("UksKeyRepository");
    private static final Object OP_LOCK = new Object();

    /* JADX INFO: Access modifiers changed from: package-private */
    public UksKeyRepository(Context context) {
        super(context);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public UksKeyRepository(Context context, KnoxTimaKeystoreManager knoxTimaKeystoreManager) {
        super(context, knoxTimaKeystoreManager);
    }

    private void checkKeyValidity(Key key) throws KeyException, IOException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, NoSuchPaddingException {
        byte[] cipherMessage = KeyOperation.cipherMessage(this.mContext, KeyOperation.getByteFromFile(this.mContext, "kx_uks_verify"), key, false);
        byte[] digest = MessageDigest.getInstance("SHA256").digest(Arrays.copyOf(cipherMessage, 256));
        byte[] bArr = new byte[digest.length];
        System.arraycopy(cipherMessage, cipherMessage.length - digest.length, bArr, 0, digest.length);
        if (!Arrays.equals(digest, bArr)) {
            throw new KeyException("invalid key");
        }
    }

    private byte[] getDbKeyFromUksWithValidityCheck() {
        byte[] byteFromFile;
        ServiceLogger.doKnoxWeeklyLogging(this.mContext);
        Key keyFromTima = getKeyFromTima();
        if (keyFromTima == null) {
            ServiceLogger.doKnoxLogging(this.mContext, "KX_TM_GETKEY_FAIL", this.mClassName, null);
            return null;
        }
        try {
            byte[] byteFromFile2 = KeyOperation.getByteFromFile(this.mContext, "uks");
            if (byteFromFile2 == null || byteFromFile2.length == 0) {
                ServiceLogger.doKnoxLogging(this.mContext, "KX_UKS_GETKEY_EMPTY", this.mClassName, null);
                return null;
            }
            try {
                byte[] cipherMessage = KeyOperation.cipherMessage(this.mContext, byteFromFile2, keyFromTima, false);
                if (checkKeyValidityWithDb(cipherMessage, "UksDiffKey")) {
                    return cipherMessage;
                }
            } catch (Exception e) {
                ServiceLogger.doKnoxLogging(this.mContext, "KX_UKS_GETKEY_FAIL2", e.getClass().getSimpleName() + ", " + e.getMessage(), null);
            }
            try {
                byteFromFile = KeyOperation.getByteFromFile(this.mContext, "kx_uks_verify_iv");
            } catch (Exception e2) {
                ServiceLogger.doKnoxLogging(this.mContext, "KX_UKS_GETKEY_INVALID", "MSG=" + e2.toString() + ", " + this.mClassName, null);
            }
            if (Arrays.equals(byteFromFile, MessageDigest.getInstance("SHA256").digest(KeyOperation.getIvFromAndroidId(this.mContext)))) {
                checkKeyValidity(keyFromTima);
                return null;
            }
            if (byteFromFile.length != 0) {
                throw new KeyException("invalid iv");
            }
            throw new KeyException("invalid iv(empty)");
        } catch (IOException e3) {
            ServiceLogger.doKnoxLogging(this.mContext, "KX_UKS_GETKEY_FAIL1", e3.getClass().getSimpleName() + ", " + e3.getMessage(), null);
            return null;
        }
    }

    private boolean leaveVerificationHint(Key key) {
        byte[] generateRandom = KeyOperation.generateRandom(256);
        try {
            byte[] digest = MessageDigest.getInstance("SHA256").digest(generateRandom);
            byte[] bArr = new byte[generateRandom.length + digest.length];
            System.arraycopy(generateRandom, 0, bArr, 0, generateRandom.length);
            System.arraycopy(digest, 0, bArr, generateRandom.length, digest.length);
            byte[] cipherMessage = KeyOperation.cipherMessage(this.mContext, bArr, key, true);
            if (KeyOperation.saveBytesToFile(this.mContext, MessageDigest.getInstance("SHA256").digest(KeyOperation.getIvFromAndroidId(this.mContext)), "kx_uks_verify_iv") && KeyOperation.saveBytesToFile(this.mContext, cipherMessage, "kx_uks_verify")) {
                checkKeyValidity(key);
                ServiceLogger.resetUksErrCount(this.mContext, "KX_KM_TM_SETUP_RESTORED");
                return true;
            }
        } catch (Exception e) {
            ServiceLogger.doKnoxLogging(this.mContext, "KX_TM_RECHK_FAIL", "MSG=" + e.toString() + ",1, " + this.mClassName, null);
        }
        return false;
    }

    private byte[] setKeyToUks() {
        if (!this.mKeystoreManager.enableTimaKeystore()) {
            return null;
        }
        try {
            Key createNewDbKey = KeyOperation.createNewDbKey();
            if (createNewDbKey == null) {
                LogUtil.LOGD(TAG, "Fail to create new key");
                ServiceLogger.doKnoxLogging(this.mContext, "KX_KM_NK_FAIL", this.mClassName, null);
                return null;
            }
            byte[] encoded = createNewDbKey.getEncoded();
            if (encoded != null && encoded.length != 0) {
                Key createAndStoreKey = createAndStoreKey();
                if (createAndStoreKey == null) {
                    return null;
                }
                byte[] cipherMessage = KeyOperation.cipherMessage(this.mContext, encoded, createAndStoreKey, true);
                if (cipherMessage != null && cipherMessage.length != 0) {
                    if (!KeyOperation.saveBytesToFile(this.mContext, cipherMessage, "uks")) {
                        if (this.mContext.getFileStreamPath("uks").delete()) {
                            throw new KeyException("fail to save");
                        }
                        throw new KeyException("fail to save and delete");
                    }
                    if (!Arrays.equals(cipherMessage, KeyOperation.getByteFromFile(this.mContext, "uks"))) {
                        throw new KeyException("fail to verify");
                    }
                    if (leaveVerificationHint(createAndStoreKey)) {
                        return encoded;
                    }
                    throw new KeyException("fail to store key verification hint");
                }
                throw new KeyException("empty");
            }
            throw new KeyException("empty db");
        } catch (Exception e) {
            ServiceLogger.doKnoxLogging(this.mContext, "KX_KM_NK_ERR", "MSG=" + e.getClass().getSimpleName() + e.getMessage() + ", " + this.mClassName, null);
            return null;
        }
    }

    @Override // com.samsung.android.service.health.security.TimaKeystoreKeyRepository
    final boolean isSameKey(Key key, Key key2) {
        byte[] bytes = "test_message123".getBytes();
        try {
            try {
                return Arrays.equals(bytes, KeyOperation.cipherMessage(this.mContext, KeyOperation.cipherMessage(this.mContext, bytes, key, true), key2, false));
            } catch (Exception e) {
                LogUtil.LOGE(TAG, "Key checking failure", e);
                ServiceLogger.doKnoxLogging(this.mContext, "KX_TM_RECHK_FAIL", "MSG=" + e.toString() + ",2, " + this.mClassName, null);
                return false;
            }
        } catch (Exception e2) {
            ServiceLogger.doKnoxLogging(this.mContext, "KX_TM_RECHK_FAIL", "MSG=" + e2.toString() + ",1, " + this.mClassName, null);
            return false;
        }
    }

    @Override // com.samsung.android.service.health.security.TimaKeystoreKeyRepository, com.samsung.android.service.health.security.KeyRepository
    public final byte[] retrieve() {
        synchronized (OP_LOCK) {
            if (this.mDbKey == null) {
                this.mDbKey = getDbKeyFromUksWithValidityCheck();
            }
        }
        return this.mDbKey;
    }

    @Override // com.samsung.android.service.health.security.TimaKeystoreKeyRepository
    public final byte[] setUp() {
        byte[] keyToUks;
        synchronized (OP_LOCK) {
            keyToUks = setKeyToUks();
        }
        return keyToUks;
    }

    @Override // com.samsung.android.service.health.security.TimaKeystoreKeyRepository
    public final byte[] setUp(byte[] bArr, KeyRetrievalMode keyRetrievalMode) {
        throw new UnsupportedOperationException();
    }

    @Override // com.samsung.android.service.health.security.TimaKeystoreKeyRepository
    public final byte[] setUpForKeyRestoration$3b9947f4() {
        synchronized (OP_LOCK) {
            byte[] up = setUp();
            if (up == null || !KeyRetrievalMode.set(this.mContext, KeyRetrievalMode.UKS_KEYSTORE)) {
                return null;
            }
            return up;
        }
    }
}
