package com.azure.authenticator.encryption;

import android.annotation.TargetApi;
import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.text.TextUtils;
import android.util.Base64;
import com.azure.authenticator.PhoneFactorApplication;
import com.azure.authenticator.encryption.IEncryptionManager;
import com.azure.authenticator.logging.ExternalLogger;
import com.azure.authenticator.storage.Storage;
import com.azure.authenticator.storage.database.LocalAccounts;
import com.azure.authenticator.telemetry.AppTelemetryConstants;
import com.microsoft.authenticator.core.common.Strings;
import com.microsoft.onlineid.sts.Cryptography;
import java.security.KeyStore;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: classes.dex */
public abstract class AbstractEncryptionManager implements IEncryptionManager {
    public static final String ANDROID_KEY_STORE_PROVIDER_NAME = "AndroidKeyStore";
    public static final String MFA_PIN_KEY_AND_CIPHER_ALIAS = "MS_Authenticator_Mfa_Pin";
    protected Context _applicationContext;
    protected Storage _storage;
    protected String _keyAlias = "";
    protected Cipher _cipherIv = null;
    protected String _cipherIvString = "";
    protected boolean _isAuthenticationRequired = false;
    protected final Map<String, String> _telemetryProperties = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    public AbstractEncryptionManager(Context context) {
        this._applicationContext = context;
        this._storage = new Storage(context);
    }

    @TargetApi(23)
    private SecretKey createKey(boolean z) {
        PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.CreateEncryptionKeyInitiated, this._telemetryProperties);
        try {
            KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER_NAME).load(null);
            KeyGenerator keyGenerator = KeyGenerator.getInstance(Cryptography.AesAlgorithm, ANDROID_KEY_STORE_PROVIDER_NAME);
            keyGenerator.init(new KeyGenParameterSpec.Builder(this._keyAlias, 3).setBlockModes("CBC").setUserAuthenticationRequired(z).setEncryptionPaddings("PKCS7Padding").setRandomizedEncryptionRequired(false).build());
            SecretKey generateKey = keyGenerator.generateKey();
            if (((KeyInfo) SecretKeyFactory.getInstance(Cryptography.AesAlgorithm, ANDROID_KEY_STORE_PROVIDER_NAME).getKeySpec(generateKey, KeyInfo.class)).isInsideSecureHardware()) {
                ExternalLogger.i("Secret key encryption is hardware backed");
                this._telemetryProperties.put(AppTelemetryConstants.Properties.Encryption, AppTelemetryConstants.Properties.SecretKeyEncryptionHardwareBacked);
            } else {
                ExternalLogger.i("Secret key encryption is software backed");
                this._telemetryProperties.put(AppTelemetryConstants.Properties.Encryption, AppTelemetryConstants.Properties.SecretKeyEncryptionSoftwareBacked);
            }
            PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.CreateEncryptionKeySucceeded, this._telemetryProperties);
            return generateKey;
        } catch (Exception e) {
            ExternalLogger.e("Failed to create key.", e);
            PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.CreateEncryptionKeyFailed, this._telemetryProperties, e);
            return null;
        }
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    public String decrypt(String str) throws IllegalBlockSizeException {
        return decrypt(str, null);
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    public String decrypt(String str, String str2) throws IllegalBlockSizeException {
        ExternalLogger.i("Decryption initiated");
        PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.DecryptionInitiated, this._telemetryProperties);
        if (TextUtils.isEmpty(str)) {
            ExternalLogger.i("Data hasn't been encrypted.");
            this._telemetryProperties.put(AppTelemetryConstants.Properties.Decryption, AppTelemetryConstants.Properties.DataNotEncrypted);
            PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.DecryptionFailed, this._telemetryProperties);
            return "";
        }
        try {
            String str3 = new String(this._cipherIv.doFinal(Base64.decode(str, 2)), Strings.Utf8Charset);
            if (TextUtils.isEmpty(str2) || str3.equalsIgnoreCase(str2)) {
                ExternalLogger.i("Decryption succeeded");
                PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.DecryptionSucceeded, this._telemetryProperties);
                return str3;
            }
            this._telemetryProperties.put(AppTelemetryConstants.Properties.Decryption, AppTelemetryConstants.Properties.DecryptedDataMismatch);
            PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.DecryptionFailed, this._telemetryProperties);
            return "";
        } catch (IllegalBlockSizeException e) {
            ExternalLogger.e("Decryption failed for IllegalBlockSizeException", e);
            throw e;
        } catch (Exception e2) {
            ExternalLogger.e("Failed to decrypt the data with the generated key.", e2);
            PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.DecryptionFailed, this._telemetryProperties, e2);
            return "";
        }
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    public String encrypt(String str) throws IllegalBlockSizeException {
        try {
            byte[] doFinal = this._cipherIv.doFinal(str.getBytes(Strings.Utf8Charset));
            ExternalLogger.i("Encryption succeeded");
            PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.EncryptionSucceeded, this._telemetryProperties);
            return Base64.encodeToString(doFinal, 2);
        } catch (IllegalBlockSizeException e) {
            ExternalLogger.e("Encryption failed for IllegalBlockSizeException", e);
            throw e;
        } catch (Exception e2) {
            ExternalLogger.e("Failed to encrypt the data with the generated key.", e2);
            PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.EncryptionFailed, this._telemetryProperties, e2);
            return "";
        }
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    public String encryptData(String str) {
        try {
            String str2 = "";
            if (initCipherForEncryption()) {
                this._telemetryProperties.put(AppTelemetryConstants.Properties.CipherInitiationAttempts, AppTelemetryConstants.Properties.FirstAttemptSucceeded);
                String encrypt = encrypt(str);
                if (!TextUtils.isEmpty(encrypt)) {
                    PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.EncryptionAttemptsFirstAttemptSucceeded, this._telemetryProperties);
                    return encrypt;
                }
                PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.EncryptionAttemptsFirstAttemptFailed, this._telemetryProperties);
                str2 = encrypt(str);
            } else if (initCipherForEncryption()) {
                this._telemetryProperties.put(AppTelemetryConstants.Properties.CipherInitiationAttempts, AppTelemetryConstants.Properties.SecondAttemptSucceeded);
                String encrypt2 = encrypt(str);
                if (!TextUtils.isEmpty(encrypt2)) {
                    PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.EncryptionAttemptsFirstAttemptSucceeded, this._telemetryProperties);
                    return encrypt2;
                }
                PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.EncryptionAttemptsFirstAttemptFailed, this._telemetryProperties);
                str2 = encrypt(str);
            } else {
                PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.EncryptionAttemptsCipherInitiationFailed, this._telemetryProperties);
            }
            if (TextUtils.isEmpty(str2)) {
                PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.EncryptionAttemptsSecondAttemptFailed, this._telemetryProperties);
            } else {
                PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.EncryptionAttemptsSecondAttemptSucceeded, this._telemetryProperties);
            }
            return str2;
        } catch (IllegalBlockSizeException e) {
            ExternalLogger.e("Cannot encrypt data.", e);
            return "";
        }
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    public Cipher getCipherIv() {
        return this._cipherIv;
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    public String getKeyAlias() {
        return this._keyAlias;
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    @TargetApi(23)
    public IEncryptionManager.CipherIvInitiationResult initCipherForDecryption() {
        String readCipherIvString = readCipherIvString();
        if (TextUtils.isEmpty(readCipherIvString)) {
            return IEncryptionManager.CipherIvInitiationResult.FAILED;
        }
        ExternalLogger.i("Init cipher initiated");
        PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.InitializeDecryptionCipherInitiated, this._telemetryProperties);
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER_NAME);
            keyStore.load(null);
            SecretKey secretKey = (SecretKey) keyStore.getKey(this._keyAlias, null);
            if (secretKey == null) {
                ExternalLogger.e("Failed to initialize cipher for decryption since Android keystore key disappeared.");
                PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.DecryptionKeystoreKeyDisappeared, this._telemetryProperties);
                PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.InitializeDecryptionCipherFailed, this._telemetryProperties);
                return IEncryptionManager.CipherIvInitiationResult.FAILED;
            }
            this._cipherIv = Cipher.getInstance("AES/CBC/PKCS7Padding");
            this._cipherIv.init(2, secretKey, new IvParameterSpec(Base64.decode(readCipherIvString, 2)));
            ExternalLogger.i("Init cipher succeeded");
            PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.InitializeDecryptionCipherSucceeded, this._telemetryProperties);
            return IEncryptionManager.CipherIvInitiationResult.SUCCEEDED;
        } catch (Exception e) {
            ExternalLogger.e("Failed to initialize cipher for decryption.", e);
            PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.InitializeDecryptionCipherFailed, this._telemetryProperties, e);
            return ((e instanceof KeyPermanentlyInvalidatedException) && this._isAuthenticationRequired) ? IEncryptionManager.CipherIvInitiationResult.KEY_INVALIDATED : IEncryptionManager.CipherIvInitiationResult.FAILED;
        }
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    @TargetApi(23)
    public boolean initCipherForEncryption() {
        ExternalLogger.i("Encryption initiated");
        PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.EncryptionInitiated, this._telemetryProperties);
        try {
            String readCipherIvString = readCipherIvString();
            if (!TextUtils.isEmpty(readCipherIvString) && !TextUtils.isEmpty(this._keyAlias)) {
                KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER_NAME);
                keyStore.load(null);
                SecretKey secretKey = (SecretKey) keyStore.getKey(this._keyAlias, null);
                if (secretKey != null) {
                    this._cipherIv = Cipher.getInstance("AES/CBC/PKCS7Padding");
                    this._cipherIv.init(1, secretKey, new IvParameterSpec(Base64.decode(readCipherIvString, 2)));
                    return true;
                }
                ExternalLogger.e("Android keystore key disappeared during cipher initialization for encryption.");
                PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.EncryptionKeystoreKeyDisappeared, this._telemetryProperties);
            }
            SecretKey createKey = createKey(this._isAuthenticationRequired);
            if (createKey == null) {
                return false;
            }
            this._cipherIv = Cipher.getInstance("AES/CBC/PKCS7Padding");
            this._cipherIv.init(1, createKey);
            this._cipherIvString = Base64.encodeToString(((IvParameterSpec) this._cipherIv.getParameters().getParameterSpec(IvParameterSpec.class)).getIV(), 2);
            this._storage.writeCipherIv(this._keyAlias, this._cipherIvString);
            return true;
        } catch (Exception e) {
            ExternalLogger.e("Failed to initialize cipher for encryption.", e);
            PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.EncryptionFailed, this._telemetryProperties, e);
            return false;
        }
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    public String readCipherIvString() {
        return this._storage.readCipherIv(this._keyAlias);
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    @TargetApi(23)
    public void removeAllCipherIvsAndDeleteKeys() {
        List<String> allAadMfaAccountPinAliases = LocalAccounts.getAllAadMfaAccountPinAliases(this._applicationContext);
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER_NAME);
            keyStore.load(null);
            for (String str : allAadMfaAccountPinAliases) {
                keyStore.deleteEntry(str);
                this._storage.removeCipherIv(str);
            }
            LocalAccounts.removeAllAadMfaAccountPinAliases(this._applicationContext);
        } catch (Exception e) {
            ExternalLogger.e("Failed to delete key.", e);
            PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.DeleteEncryptionKeyFailed, this._telemetryProperties, e);
        }
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    @TargetApi(23)
    public void removeCipherIvAndDeleteKey() {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER_NAME);
            keyStore.load(null);
            keyStore.deleteEntry(this._keyAlias);
            this._storage.removeCipherIv(this._keyAlias);
        } catch (Exception e) {
            ExternalLogger.e("Failed to delete key.", e);
            PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.DeleteEncryptionKeyFailed, this._telemetryProperties, e);
        }
    }

    @Override // com.azure.authenticator.encryption.IEncryptionManager
    public String tryDecrypt(String str) throws BadPaddingException, IllegalBlockSizeException {
        ExternalLogger.i("Decryption initiated");
        PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.DecryptionForEncryptionMigrationFixInitiated, this._telemetryProperties);
        if (TextUtils.isEmpty(str)) {
            ExternalLogger.i("Data hasn't been encrypted.");
            this._telemetryProperties.put(AppTelemetryConstants.Properties.Decryption, AppTelemetryConstants.Properties.DataNotEncrypted);
            PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.DecryptionForEncryptionMigrationFixFailed, this._telemetryProperties);
            return "";
        }
        try {
            String str2 = new String(this._cipherIv.doFinal(Base64.decode(str, 2)), Strings.Utf8Charset);
            ExternalLogger.i("Decryption succeeded");
            PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.DecryptionForEncryptionMigrationFixSucceeded, this._telemetryProperties);
            return str2;
        } catch (Exception e) {
            ExternalLogger.e("Failed to decrypt the data with the generated key.", e);
            PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.DecryptionForEncryptionMigrationFixFailed, this._telemetryProperties, e);
            throw e;
        }
    }
}
