package com.airwatch.crypto;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import com.airwatch.agent.thirdparty.vpn.f5.F5EdgeClientCommands;
import com.airwatch.app.OpenForTesting;
import com.airwatch.storage.PreferenceErrorListener;
import com.airwatch.util.Logger;
import com.airwatch.util.ReportAdapterUtil;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import kotlin.Metadata;
import kotlin.ResultKt;
import kotlin.Unit;
import kotlin.coroutines.Continuation;
import kotlin.coroutines.intrinsics.IntrinsicsKt;
import kotlin.coroutines.jvm.internal.DebugMetadata;
import kotlin.coroutines.jvm.internal.SuspendLambda;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlinx.coroutines.CoroutineScope;
import kotlinx.coroutines.CoroutineScopeKt;
import kotlinx.coroutines.Dispatchers;
import kotlinx.coroutines.Job;
import kotlinx.coroutines.d;
import kotlinx.coroutines.e;

@OpenForTesting
@Metadata(d1 = {"\u0000P\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\b\u0011\u0018\u0000 !2\u00020\u0001:\u0001!B\u000f\b\u0002\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\b\u0010\u000b\u001a\u00020\fH\u0002J\u0010\u0010\r\u001a\u00020\f2\u0006\u0010\u000e\u001a\u00020\u000fH\u0016J\u0010\u0010\u0010\u001a\u00020\f2\u0006\u0010\u0011\u001a\u00020\u000fH\u0017J\u0010\u0010\u0012\u001a\u00020\f2\u0006\u0010\u000e\u001a\u00020\u000fH\u0016J\u0014\u0010\u0013\u001a\u00020\u00142\n\u0010\u0015\u001a\u00060\u0016j\u0002`\u0017H\u0017J\u0010\u0010\u0018\u001a\u00020\u00142\u0006\u0010\u000e\u001a\u00020\u000fH\u0016J\u0015\u0010\u0019\u001a\u00020\f2\u0006\u0010\u001a\u001a\u00020\u001bH\u0011¢\u0006\u0002\b\u001cJ\u0010\u0010\u001d\u001a\u00020\u001e2\u0006\u0010\u000e\u001a\u00020\u000fH\u0016J\b\u0010\u001f\u001a\u00020\fH\u0002J\u0010\u0010 \u001a\u00020\u00142\u0006\u0010\u000e\u001a\u00020\u000fH\u0016R\u0014\u0010\u0002\u001a\u00020\u0003X\u0096\u0004¢\u0006\b\n\u0000\u001a\u0004\b\u0005\u0010\u0006R\u000e\u0010\u0007\u001a\u00020\bX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\nX\u0082.¢\u0006\u0002\n\u0000¨\u0006\""}, d2 = {"Lcom/airwatch/crypto/SDKAndroidKeystore;", "", "context", "Landroid/content/Context;", "(Landroid/content/Context;)V", "getContext", "()Landroid/content/Context;", "initJob", "Lkotlinx/coroutines/Job;", F5EdgeClientCommands.Keystore, "Ljava/security/KeyStore;", "blockTillInit", "", "createAESKey", "alias", "", "createBiometricKey", "keyAlias", "deleteKey", "exceptionIsKeystoreOrNoSuchAlgorithm", "", "e", "Ljava/lang/Exception;", "Lkotlin/Exception;", "exists", "generateKey", "keyGenerator", "Ljavax/crypto/KeyGenerator;", "generateKey$AWFramework_release", "getKey", "Ljava/security/Key;", "initKeystore", "isInSecureHardware", "Companion", "AWFramework_release"}, k = 1, mv = {1, 5, 1}, xi = 48)
/* loaded from: classes3.dex */
public class SDKAndroidKeystore {

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);
    private static SDKAndroidKeystore hwKeystoreInstance;
    private final Context context;
    private final Job initJob;
    private KeyStore keystore;

    @Metadata(d1 = {"\u0000\n\n\u0000\n\u0002\u0010\u0002\n\u0002\u0018\u0002\u0010\u0000\u001a\u00020\u0001*\u00020\u0002H\u008a@"}, d2 = {"<anonymous>", "", "Lkotlinx/coroutines/CoroutineScope;"}, k = 3, mv = {1, 5, 1}, xi = 48)
    @DebugMetadata(c = "com.airwatch.crypto.SDKAndroidKeystore$1", f = "SDKAndroidKeystore.kt", i = {}, l = {}, m = "invokeSuspend", n = {}, s = {})
    /* renamed from: com.airwatch.crypto.SDKAndroidKeystore$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    static final class AnonymousClass1 extends SuspendLambda implements Function2<CoroutineScope, Continuation<? super Unit>, Object> {
        int a;

        AnonymousClass1(Continuation<? super AnonymousClass1> continuation) {
            super(2, continuation);
        }

        @Override // kotlin.jvm.functions.Function2
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final Object invoke(CoroutineScope coroutineScope, Continuation<? super Unit> continuation) {
            return ((AnonymousClass1) create(coroutineScope, continuation)).invokeSuspend(Unit.INSTANCE);
        }

        @Override // kotlin.coroutines.jvm.internal.BaseContinuationImpl
        public final Continuation<Unit> create(Object obj, Continuation<?> continuation) {
            return new AnonymousClass1(continuation);
        }

        @Override // kotlin.coroutines.jvm.internal.BaseContinuationImpl
        public final Object invokeSuspend(Object obj) {
            IntrinsicsKt.getCOROUTINE_SUSPENDED();
            if (this.a != 0) {
                throw new IllegalStateException("call to 'resume' before 'invoke' with coroutine");
            }
            ResultKt.throwOnFailure(obj);
            SDKAndroidKeystore.this.initKeystore();
            return Unit.INSTANCE;
        }
    }

    @Metadata(d1 = {"\u0000\u001a\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0010\u0010\u0005\u001a\u00020\u00042\u0006\u0010\u0006\u001a\u00020\u0007H\u0007R\u0010\u0010\u0003\u001a\u0004\u0018\u00010\u0004X\u0082\u000e¢\u0006\u0002\n\u0000¨\u0006\b"}, d2 = {"Lcom/airwatch/crypto/SDKAndroidKeystore$Companion;", "", "()V", "hwKeystoreInstance", "Lcom/airwatch/crypto/SDKAndroidKeystore;", "getInstance", "context", "Landroid/content/Context;", "AWFramework_release"}, k = 1, mv = {1, 5, 1}, xi = 48)
    /* loaded from: classes3.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        @JvmStatic
        public final SDKAndroidKeystore getInstance(Context context) throws SDKAndroidKeystoreException {
            Intrinsics.checkNotNullParameter(context, "context");
            if (SDKAndroidKeystore.hwKeystoreInstance == null) {
                synchronized (Reflection.getOrCreateKotlinClass(SDKAndroidKeystore.class)) {
                    if (SDKAndroidKeystore.hwKeystoreInstance == null) {
                        Companion companion = SDKAndroidKeystore.INSTANCE;
                        SDKAndroidKeystore.hwKeystoreInstance = new SDKAndroidKeystore(context, null);
                    }
                    Unit unit = Unit.INSTANCE;
                }
            }
            SDKAndroidKeystore sDKAndroidKeystore = SDKAndroidKeystore.hwKeystoreInstance;
            Intrinsics.checkNotNull(sDKAndroidKeystore);
            return sDKAndroidKeystore;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Metadata(d1 = {"\u0000\n\n\u0000\n\u0002\u0010\u0002\n\u0002\u0018\u0002\u0010\u0000\u001a\u00020\u0001*\u00020\u0002H\u008a@"}, d2 = {"<anonymous>", "", "Lkotlinx/coroutines/CoroutineScope;"}, k = 3, mv = {1, 5, 1}, xi = 48)
    @DebugMetadata(c = "com.airwatch.crypto.SDKAndroidKeystore$blockTillInit$1", f = "SDKAndroidKeystore.kt", i = {}, l = {220}, m = "invokeSuspend", n = {}, s = {})
    /* loaded from: classes3.dex */
    public static final class a extends SuspendLambda implements Function2<CoroutineScope, Continuation<? super Unit>, Object> {
        int a;

        a(Continuation<? super a> continuation) {
            super(2, continuation);
        }

        @Override // kotlin.jvm.functions.Function2
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final Object invoke(CoroutineScope coroutineScope, Continuation<? super Unit> continuation) {
            return ((a) create(coroutineScope, continuation)).invokeSuspend(Unit.INSTANCE);
        }

        @Override // kotlin.coroutines.jvm.internal.BaseContinuationImpl
        public final Continuation<Unit> create(Object obj, Continuation<?> continuation) {
            return new a(continuation);
        }

        @Override // kotlin.coroutines.jvm.internal.BaseContinuationImpl
        public final Object invokeSuspend(Object obj) {
            Object coroutine_suspended = IntrinsicsKt.getCOROUTINE_SUSPENDED();
            int i = this.a;
            if (i == 0) {
                ResultKt.throwOnFailure(obj);
                this.a = 1;
                if (SDKAndroidKeystore.this.initJob.join(this) == coroutine_suspended) {
                    return coroutine_suspended;
                }
            } else {
                if (i != 1) {
                    throw new IllegalStateException("call to 'resume' before 'invoke' with coroutine");
                }
                ResultKt.throwOnFailure(obj);
            }
            return Unit.INSTANCE;
        }
    }

    private SDKAndroidKeystore(Context context) {
        Job a2;
        this.context = context;
        a2 = e.a(CoroutineScopeKt.CoroutineScope(Dispatchers.getDefault()), null, null, new AnonymousClass1(null), 3, null);
        this.initJob = a2;
    }

    public /* synthetic */ SDKAndroidKeystore(Context context, DefaultConstructorMarker defaultConstructorMarker) {
        this(context);
    }

    private final void blockTillInit() {
        if (this.initJob.isActive()) {
            d.a(null, new a(null), 1, null);
        }
    }

    @JvmStatic
    public static final SDKAndroidKeystore getInstance(Context context) throws SDKAndroidKeystoreException {
        return INSTANCE.getInstance(context);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void initKeystore() throws SDKAndroidKeystoreException {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Unit unit = Unit.INSTANCE;
            Intrinsics.checkNotNullExpressionValue(keyStore, "getInstance(ANDROID_KEYSTORE).apply { load(null) }");
            this.keystore = keyStore;
        } catch (Exception e) {
            if (!(e instanceof KeyStoreException ? true : e instanceof IOException ? true : e instanceof NoSuchAlgorithmException ? true : e instanceof CertificateException)) {
                throw e;
            }
            throw new SDKAndroidKeystoreException("Failed to initialize SessionKeyStore", e);
        }
    }

    public void createAESKey(String alias) throws SDKAndroidKeystoreException {
        Intrinsics.checkNotNullParameter(alias, "alias");
        blockTillInit();
        KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder(alias, 3).setKeySize(256).setBlockModes("GCM").setEncryptionPaddings("NoPadding");
        Intrinsics.checkNotNullExpressionValue(encryptionPaddings, "Builder(alias, KeyProper….ENCRYPTION_PADDING_NONE)");
        if (Build.VERSION.SDK_INT >= 28) {
            encryptionPaddings.setIsStrongBoxBacked(getContext().getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore"));
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            keyGenerator.init(encryptionPaddings.build());
            Intrinsics.checkNotNullExpressionValue(keyGenerator, "keyGenerator");
            generateKey$AWFramework_release(keyGenerator);
        } catch (Exception e) {
            if (e instanceof KeyStoreException ? true : e instanceof NoSuchAlgorithmException) {
                throw new SDKAndroidKeystoreException("Failed to store key in AndroidKeyStore", e);
            }
            if (Build.VERSION.SDK_INT < 28) {
                throw e;
            }
            encryptionPaddings.setIsStrongBoxBacked(false);
            try {
                KeyGenerator keyGenerator2 = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                keyGenerator2.init(encryptionPaddings.build());
                Unit unit = Unit.INSTANCE;
                Intrinsics.checkNotNullExpressionValue(keyGenerator2, "getInstance(KeyPropertie…{ init(keySpec.build()) }");
                generateKey$AWFramework_release(keyGenerator2);
            } catch (Exception e2) {
                exceptionIsKeystoreOrNoSuchAlgorithm(e2);
            }
        }
    }

    public void createBiometricKey(String keyAlias) throws SDKAndroidKeystoreException {
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        KeyGenParameterSpec.Builder invalidatedByBiometricEnrollment = new KeyGenParameterSpec.Builder(keyAlias, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).setUserAuthenticationRequired(true).setInvalidatedByBiometricEnrollment(true);
        Intrinsics.checkNotNullExpressionValue(invalidatedByBiometricEnrollment, "Builder(keyAlias, KeyPro…BiometricEnrollment(true)");
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            keyGenerator.init(invalidatedByBiometricEnrollment.build());
            Unit unit = Unit.INSTANCE;
            Intrinsics.checkNotNullExpressionValue(keyGenerator, "getInstance(KeyPropertie…(paramsBuilder.build()) }");
            generateKey$AWFramework_release(keyGenerator);
        } catch (Exception e) {
            if (!(e instanceof KeyStoreException ? true : e instanceof NoSuchAlgorithmException)) {
                throw e;
            }
            throw new SDKAndroidKeystoreException("Failed to store key in AndroidKeyStore", e);
        }
    }

    public void deleteKey(String alias) throws SDKAndroidKeystoreException {
        Intrinsics.checkNotNullParameter(alias, "alias");
        blockTillInit();
        try {
            KeyStore keyStore = this.keystore;
            if (keyStore == null) {
                Intrinsics.throwUninitializedPropertyAccessException(F5EdgeClientCommands.Keystore);
                keyStore = null;
            }
            keyStore.deleteEntry(alias);
        } catch (KeyStoreException e) {
            throw new SDKAndroidKeystoreException("Failed to delete key entry", e);
        }
    }

    public boolean exceptionIsKeystoreOrNoSuchAlgorithm(Exception e) throws SDKAndroidKeystoreException {
        Intrinsics.checkNotNullParameter(e, "e");
        if ((e instanceof KeyStoreException) || (e instanceof NoSuchAlgorithmException)) {
            throw new SDKAndroidKeystoreException("Failed to store key in AndroidKeyStore", e);
        }
        throw e;
    }

    public boolean exists(String alias) throws SDKAndroidKeystoreException {
        Intrinsics.checkNotNullParameter(alias, "alias");
        blockTillInit();
        try {
            KeyStore keyStore = this.keystore;
            if (keyStore == null) {
                Intrinsics.throwUninitializedPropertyAccessException(F5EdgeClientCommands.Keystore);
                keyStore = null;
            }
            return keyStore.getKey(alias, null) != null;
        } catch (Exception e) {
            if (e instanceof KeyStoreException ? true : e instanceof NoSuchAlgorithmException ? true : e instanceof UnrecoverableKeyException) {
                throw new SDKAndroidKeystoreException("Failed to get session key from AndroidKeyStore while checking exists", e);
            }
            throw e;
        }
    }

    public void generateKey$AWFramework_release(KeyGenerator keyGenerator) throws KeyStoreException {
        Intrinsics.checkNotNullParameter(keyGenerator, "keyGenerator");
        keyGenerator.generateKey();
    }

    public Context getContext() {
        return this.context;
    }

    public Key getKey(String alias) throws SDKAndroidKeystoreException {
        Intrinsics.checkNotNullParameter(alias, "alias");
        blockTillInit();
        try {
            KeyStore keyStore = this.keystore;
            if (keyStore == null) {
                Intrinsics.throwUninitializedPropertyAccessException(F5EdgeClientCommands.Keystore);
                keyStore = null;
            }
            Key key = keyStore.getKey(alias, null);
            Intrinsics.checkNotNullExpressionValue(key, "keystore.getKey(alias, null)");
            return key;
        } catch (Exception e) {
            if (e instanceof KeyStoreException ? true : e instanceof NoSuchAlgorithmException ? true : e instanceof UnrecoverableKeyException) {
                throw new SDKAndroidKeystoreException("Failed to get session key from AndroidKeyStore", e);
            }
            throw e;
        }
    }

    public boolean isInSecureHardware(String alias) throws SDKAndroidKeystoreException {
        Intrinsics.checkNotNullParameter(alias, "alias");
        blockTillInit();
        try {
            KeyStore keyStore = this.keystore;
            if (keyStore == null) {
                Intrinsics.throwUninitializedPropertyAccessException(F5EdgeClientCommands.Keystore);
                keyStore = null;
            }
            Key key = keyStore.getKey(alias, null);
            SecretKey secretKey = key instanceof SecretKey ? (SecretKey) key : null;
            if (secretKey == null) {
                Logger.e$default("HWBackedKeystore", "Keystore doesn't have the Key. Cannot determine if backed by device's hardware", null, 4, null);
                ReportAdapterUtil.reportAsHandledException(getContext(), PreferenceErrorListener.PreferenceErrorCode.HW_KEYSTORE_KEY_UNAVAILABLE, "Keystore doesn't have the Key. Cannot determine if backed by device's hardware");
                throw new SDKAndroidKeystoreException("Failed to determine if device has hardware backed keystore");
            }
            KeySpec keySpec = SecretKeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(secretKey, KeyInfo.class);
            if (keySpec != null) {
                return ((KeyInfo) keySpec).isInsideSecureHardware();
            }
            throw new NullPointerException("null cannot be cast to non-null type android.security.keystore.KeyInfo");
        } catch (Exception e) {
            if (e instanceof KeyStoreException ? true : e instanceof NoSuchAlgorithmException ? true : e instanceof NoSuchProviderException ? true : e instanceof InvalidKeySpecException ? true : e instanceof UnrecoverableKeyException) {
                throw new SDKAndroidKeystoreException("Failed to read key property", e);
            }
            throw e;
        }
    }
}
