package com.microsoft.office.lync.platform.security;

import android.content.Context;
import android.provider.Settings;
import android.support.annotation.NonNull;
import android.telephony.TelephonyManager;
import android.text.TextUtils;
import android.util.Base64;
import com.microsoft.office.lync.instrumentation.SSAStrings;
import com.microsoft.office.lync.instrumentation.telemetry.aira.CryptoTelemetry;
import com.microsoft.office.lync.platform.ContextProvider;
import com.microsoft.office.lync.platform.CredentialStoreException;
import com.microsoft.office.lync.platform.CredentialsStoreManager;
import com.microsoft.office.lync.platform.UUIDCreator;
import com.microsoft.office.lync.proxy.enums.IDigestHelper;
import com.microsoft.office.lync.proxy.enums.NativeErrorCodes;
import com.microsoft.office.lync.tracing.Trace;
import com.microsoft.office.lync.utility.errors.ErrorMessage;
import com.microsoft.office.lync.utility.errors.ErrorUtils;
import com.microsoft.office.lync.utility.errors.LyncIllegalArgumentException;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;

/* loaded from: classes2.dex */
public class CryptoUtils {
    private static final String CryptoAlgorithm = "AES/CBC/PKCS5Padding";
    private static final int IV_SIZE = 16;
    private static final int IterationCount = 100;
    private static final String KeyDerivationAlgorithm = "PBKDF2WithHmacSHA1";
    private static final int KeyLength = 128;
    private static final String LOG_TAG = "CryptoUtils";
    private static final String LegacyCryptoAlgorithm = "AES";
    private static final int NUM_DECRYPT_RETIRES = 1;
    private static final String RSA_ALGORITHM = "RSA";
    private static final String RSA_SIGNING_ENCRYPTION = "RSA/NONE/PKCS1Padding";
    private static final String RandomNumberAlgorithm = "SHA1PRNG";
    private static final String SALT_FILE_NAME = "salt";
    private static final int SALT_LENGTH = 16;
    private static final Charset defaultCharset = Charset.forName("UTF-8");
    private static String mLegacySaltFileSystemRoot;

    /* loaded from: classes2.dex */
    public static class NativeHelper {
        private static byte[] sEncryptedText;

        public static Digest computeDigest(String str, IDigestHelper.DigestType digestType) {
            return CryptoUtils.computeDigest(str, digestType);
        }

        public static HMAC computeHMACDigest(byte[] bArr, byte[] bArr2, IDigestHelper.DigestType digestType) {
            return CryptoUtils.computeHMACDigest(bArr, bArr2, digestType);
        }

        public static Signature createSignature(String str, String str2, IDigestHelper.DigestType digestType) {
            return CryptoUtils.createSignature(str, str2, digestType);
        }

        public static String decrypt(String str) {
            try {
                return CryptoUtils.decrypt(str, "NativeHelper");
            } catch (SfbCryptoException e) {
                return "";
            }
        }

        public static String encrypt(String str) {
            return CryptoUtils.encrypt(str, "NativeHelper");
        }

        public static String encrypt(byte[] bArr) {
            sEncryptedText = CryptoUtils.encrypt(bArr, "NativeHelper");
            return "";
        }

        public static CertificateSigningRequest generateCSR(int i) {
            return CryptoUtils.generateCSR(i);
        }

        public static byte[] getEncryptedBytes() {
            return sEncryptedText;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class StoredSaltData {
        byte[] mStoredSalt = null;
        boolean mIsSaltUpgrade = false;

        StoredSaltData() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class StoredSeedData {
        String mStoredSeed = null;
        boolean mIsNewSeed = false;

        StoredSeedData() {
        }
    }

    private static String argsLog(String str, String str2, byte[] bArr, boolean z, boolean z2, String str3) {
        return String.format("[seed.length: %s], [data.length: %s], [salt.length: %s], [isNewSalt: %s], [isNewSeed: %s], [why: %s]", getLengthOrNull(str), getLengthOrNull(str2), getLengthOrNull(bArr), Boolean.valueOf(z), Boolean.valueOf(z2), str3);
    }

    private static byte[] combineIV(IvParameterSpec ivParameterSpec, byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length + 16];
        for (int i = 0; i < 16; i++) {
            bArr2[i] = ivParameterSpec.getIV()[i];
        }
        for (int i2 = 0; i2 < bArr.length; i2++) {
            bArr2[i2 + 16] = bArr[i2];
        }
        return bArr2;
    }

    public static Digest computeDigest(String str, IDigestHelper.DigestType digestType) {
        MessageDigest messageDigest;
        byte[] bytes;
        String str2 = "";
        NativeErrorCodes nativeErrorCodes = NativeErrorCodes.S_OK;
        try {
            messageDigest = MessageDigest.getInstance(digestType.name());
            bytes = str.getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            Trace.e(LOG_TAG, "Failure while encoding digest", e);
        } catch (NoSuchAlgorithmException e2) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            Trace.e(LOG_TAG, "Invalid algorithm while computing digest", e2);
        }
        if (bytes.length > 65535) {
            return new Digest("", NativeErrorCodes.E_InvalidArgument);
        }
        messageDigest.update(bytes);
        str2 = Base64.encodeToString(messageDigest.digest(), 2);
        return new Digest(str2, nativeErrorCodes);
    }

    public static HMAC computeHMACDigest(byte[] bArr, byte[] bArr2, IDigestHelper.DigestType digestType) {
        Mac mac;
        byte[] bArr3 = null;
        NativeErrorCodes nativeErrorCodes = NativeErrorCodes.S_OK;
        if (bArr2.length > 65535) {
            return new HMAC(null, NativeErrorCodes.E_InvalidArgument);
        }
        try {
            mac = Mac.getInstance("HMAC" + digestType.name());
            mac.init(new SecretKeySpec(bArr2, mac.getAlgorithm()));
        } catch (InvalidKeyException e) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            Trace.e(LOG_TAG, "Invalid private key bytes while creating HMAC", e);
        } catch (NoSuchAlgorithmException e2) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            Trace.e(LOG_TAG, "Invalid digest algorithm while computing HMAC", e2);
        }
        if (bArr.length > 65535) {
            return new HMAC(null, NativeErrorCodes.E_InvalidArgument);
        }
        bArr3 = mac.doFinal(bArr);
        return new HMAC(bArr3, nativeErrorCodes);
    }

    private static byte[] createNewSalt() {
        Trace.w(LOG_TAG, "Creating a new crypto salt and storing in account manager.");
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        if (storeSalt(bArr)) {
            return bArr;
        }
        Trace.e(LOG_TAG, "Could not store new salt");
        return null;
    }

    public static Signature createSignature(String str, String str2, IDigestHelper.DigestType digestType) {
        Cipher cipher;
        SecureRandom secureRandom;
        byte[] decode;
        NativeErrorCodes nativeErrorCodes = NativeErrorCodes.S_OK;
        String str3 = "";
        String str4 = null;
        Trace.v(LOG_TAG, String.format("RSA signing data with %s and digest type %s", RSA_SIGNING_ENCRYPTION, digestType.toString()));
        try {
            cipher = Cipher.getInstance(RSA_SIGNING_ENCRYPTION, BouncyCastleProvider.PROVIDER_NAME);
            secureRandom = new SecureRandom();
            decode = Base64.decode(str2, 2);
        } catch (InvalidKeyException e) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            str4 = "Invalid private key in signature creation " + e;
        } catch (NoSuchAlgorithmException e2) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            str4 = "Invalid algorithm in signature creation " + e2;
        } catch (NoSuchProviderException e3) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            str4 = "Bad provider " + e3;
        } catch (InvalidKeySpecException e4) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            str4 = "Invalid private Key in signature creation " + e4;
        } catch (BadPaddingException e5) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            str4 = "Bad padding " + e5;
        } catch (IllegalBlockSizeException e6) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            str4 = "Illegal block size " + e6;
        } catch (NoSuchPaddingException e7) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            str4 = "Failed to create signing cipher, bad padding specification " + e7;
        }
        if (decode.length > 65535) {
            return new Signature("", NativeErrorCodes.E_InvalidArgument);
        }
        cipher.init(1, privateKeyFromBytes(decode), secureRandom);
        MessageDigest messageDigest = MessageDigest.getInstance(digestType.name());
        messageDigest.reset();
        messageDigest.update(str.getBytes());
        str3 = Base64.encodeToString(cipher.doFinal(messageDigest.digest()), 2);
        if (str4 != null) {
            CryptoTelemetry.getInstance().reportRsaSigningError(str4);
            Trace.e(LOG_TAG, str4);
        }
        return new Signature(str3, nativeErrorCodes);
    }

    public static String decrypt(String str, String str2) throws SfbCryptoException {
        StoredSeedData defaultSeed = getDefaultSeed();
        return decryptInternal(defaultSeed.mStoredSeed, str, defaultCharset, defaultSeed.mIsNewSeed, str2);
    }

    public static String decrypt(String str, Charset charset, String str2) throws SfbCryptoException {
        StoredSeedData defaultSeed = getDefaultSeed();
        return decryptInternal(defaultSeed.mStoredSeed, str, charset, defaultSeed.mIsNewSeed, str2);
    }

    public static byte[] decrypt(byte[] bArr, String str) throws SfbCryptoException {
        StoredSeedData defaultSeed = getDefaultSeed();
        return decryptInternal(defaultSeed.mStoredSeed, bArr, defaultSeed.mIsNewSeed, str);
    }

    private static byte[] decrypt(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, LegacyCryptoAlgorithm);
        Cipher cipher = Cipher.getInstance(LegacyCryptoAlgorithm);
        cipher.init(2, secretKeySpec);
        return cipher.doFinal(bArr2);
    }

    private static String decryptInternal(String str, String str2, Charset charset, boolean z, String str3) throws SfbCryptoException {
        if (charset == null) {
            throw new IllegalArgumentException("charset is null.");
        }
        StoredSaltData storedSaltData = new StoredSaltData();
        boolean z2 = false;
        try {
            storedSaltData = getStoredSalt();
        } catch (SfbCryptoSaltNotFoundException e) {
            z2 = true;
            storedSaltData.mStoredSalt = createNewSalt();
        }
        Trace.d(LOG_TAG, String.format("decryptInternal called with %s", argsLog(str, str2, storedSaltData.mStoredSalt, z2, z, str3)));
        Exception exc = null;
        for (int i = 0; i <= 1; i++) {
            boolean z3 = exc != null;
            try {
                if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2)) {
                    throw new LyncIllegalArgumentException("Either seed or encryptedText are empty");
                }
                String str4 = new String(decryptSecure(getDecryptionKey(str, storedSaltData.mStoredSalt, z3), Base64.decode(str2, 0)), charset);
                Trace.d(LOG_TAG, String.format("ecryptInternal return[decryptedString.%d] for charset[%s], retry[%d] with %s", Integer.valueOf(str4.length()), String.valueOf(charset), Integer.valueOf(i), argsLog(str, str2, storedSaltData.mStoredSalt, z2, z, str3)));
                return str4;
            } catch (Exception e2) {
                exc = e2;
            }
        }
        String format = String.format("Exception caught while DECRYPTING data for args: %s.", argsLog(str, str2, storedSaltData.mStoredSalt, z2, z, str3));
        Trace.e(LOG_TAG, format, exc);
        CryptoTelemetry.getInstance().reportDecryptException(exc, getLengthOrNull(str), getLengthOrNull(str2), getLengthOrNull(storedSaltData.mStoredSalt), z2, z, storedSaltData.mIsSaltUpgrade, CryptoTelemetry.CryptoType.ClearTextData, str3);
        Trace.e(LOG_TAG, String.format("[!!!]throw new SfbCryptoException(errorMessage[%s], caughtException[%s])", format, exc.toString()));
        throw new SfbCryptoException(format, exc);
    }

    private static byte[] decryptInternal(String str, byte[] bArr, boolean z, String str2) throws SfbCryptoException {
        StoredSaltData storedSaltData = new StoredSaltData();
        boolean z2 = false;
        try {
            storedSaltData = getStoredSalt();
        } catch (SfbCryptoSaltNotFoundException e) {
            z2 = true;
            storedSaltData.mStoredSalt = createNewSalt();
        }
        Trace.v(LOG_TAG, String.format("decryptInternal byte called with %s", argsLog(str, new String(bArr, defaultCharset), storedSaltData.mStoredSalt, z2, z, str2)));
        Exception exc = null;
        for (int i = 0; i <= 1; i++) {
            boolean z3 = exc != null;
            try {
                if (TextUtils.isEmpty(str) || bArr.length <= 0) {
                    throw new LyncIllegalArgumentException("Either seed or encryptedText are empty");
                }
                return decryptSecure(getDecryptionKey(str, storedSaltData.mStoredSalt, z3), Base64.decode(bArr, 0));
            } catch (Exception e2) {
                exc = e2;
            }
        }
        String format = String.format("Exception caught while DECRYPTING data for args: %s.", argsLog(str, new String(bArr, defaultCharset), storedSaltData.mStoredSalt, z2, z, str2));
        Trace.e(LOG_TAG, format, exc);
        CryptoTelemetry.getInstance().reportDecryptException(exc, getLengthOrNull(str), getLengthOrNull(bArr), getLengthOrNull(storedSaltData.mStoredSalt), z2, z, storedSaltData.mIsSaltUpgrade, CryptoTelemetry.CryptoType.BinaryData, str2);
        throw new SfbCryptoException(format, exc);
    }

    private static byte[] decryptSecure(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException {
        Object[] objArr = new Object[3];
        objArr[0] = CryptoAlgorithm;
        objArr[1] = bArr == null ? SSAStrings.NULL : Integer.valueOf(bArr.length);
        objArr[2] = bArr2 == null ? SSAStrings.NULL : Integer.valueOf(bArr2.length);
        Trace.v(LOG_TAG, String.format("decryptSecure: called with algorithm: [%s] , with key.length[%s] and inputdata.length[%s]", objArr));
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, CryptoAlgorithm);
        IvParameterSpec iv = getIV(bArr2);
        Cipher cipher = Cipher.getInstance(CryptoAlgorithm);
        cipher.init(2, secretKeySpec, iv);
        byte[] doFinal = cipher.doFinal(Arrays.copyOfRange(bArr2, 16, bArr2.length));
        if (doFinal == null || doFinal.length == 0) {
            Trace.w(LOG_TAG, "decryptSecure: null or empty result from decryption, trying with older insecure algorithm: AES");
            ErrorUtils.getInstance().crashIfConfigured(ErrorUtils.Category.DeprecatedUsage, ErrorMessage.DeprecatedUsageError, LegacyCryptoAlgorithm);
            doFinal = decrypt(bArr, bArr2);
        }
        Object[] objArr2 = new Object[1];
        objArr2[0] = doFinal == null ? SSAStrings.NULL : Integer.valueOf(doFinal.length);
        Trace.v(LOG_TAG, String.format("decryptSecure: return result from decryption, result.length[%s]", objArr2));
        return doFinal;
    }

    public static String encrypt(String str, String str2) {
        StoredSeedData defaultSeed = getDefaultSeed();
        return encryptInternal(defaultSeed.mStoredSeed, str, defaultSeed.mIsNewSeed, str2);
    }

    public static String encrypt(String str, String str2, String str3) {
        return encryptInternal(str, str2, false, str3);
    }

    public static byte[] encrypt(byte[] bArr, String str) {
        StoredSeedData defaultSeed = getDefaultSeed();
        return encryptInternal(defaultSeed.mStoredSeed, bArr, defaultSeed.mIsNewSeed, str);
    }

    private static byte[] encrypt(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException {
        IvParameterSpec generateIV = generateIV();
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, CryptoAlgorithm);
        Cipher cipher = Cipher.getInstance(CryptoAlgorithm);
        cipher.init(1, secretKeySpec, generateIV);
        return combineIV(generateIV, cipher.doFinal(bArr2));
    }

    private static String encryptInternal(String str, String str2, boolean z, String str3) {
        StoredSaltData storedSaltData = new StoredSaltData();
        boolean z2 = false;
        try {
            storedSaltData = getStoredSalt();
        } catch (SfbCryptoSaltNotFoundException e) {
            z2 = true;
            storedSaltData.mStoredSalt = createNewSalt();
        }
        Trace.v(LOG_TAG, String.format("encryptInternal called with %s", argsLog(str, str2, storedSaltData.mStoredSalt, z2, z, str3)));
        try {
            if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2)) {
                throw new LyncIllegalArgumentException("Either seed or clearText are empty");
            }
            return Base64.encodeToString(encrypt(generateKey(str, storedSaltData.mStoredSalt), str2.getBytes(defaultCharset)), 0);
        } catch (Exception e2) {
            Trace.e(LOG_TAG, String.format("Exception caught while ENCRYPTING data for args: %s.", argsLog(str, str2, storedSaltData.mStoredSalt, z2, z, str3)), e2);
            CryptoTelemetry.getInstance().reportEncryptException(e2, getLengthOrNull(str), getLengthOrNull(str2), getLengthOrNull(storedSaltData.mStoredSalt), z2, z, storedSaltData.mIsSaltUpgrade, CryptoTelemetry.CryptoType.ClearTextData, str3);
            return null;
        }
    }

    private static byte[] encryptInternal(String str, byte[] bArr, boolean z, String str2) {
        StoredSaltData storedSaltData = new StoredSaltData();
        boolean z2 = false;
        try {
            storedSaltData = getStoredSalt();
        } catch (SfbCryptoSaltNotFoundException e) {
            z2 = true;
            storedSaltData.mStoredSalt = createNewSalt();
        }
        Trace.v(LOG_TAG, String.format("encryptInternal byte data called with %s", argsLog(str, new String(bArr, Charset.defaultCharset()), storedSaltData.mStoredSalt, z2, z, str2)));
        try {
            if (TextUtils.isEmpty(str) || bArr.length <= 0) {
                throw new LyncIllegalArgumentException("Either seed or clearText are empty");
            }
            return Base64.encode(encrypt(generateKey(str, storedSaltData.mStoredSalt), bArr), 0);
        } catch (Exception e2) {
            Trace.e(LOG_TAG, String.format("Exception caught while ENCRYPTING data for args: %s.", argsLog(str, new String(bArr, Charset.defaultCharset()), storedSaltData.mStoredSalt, z2, z, str2)), e2);
            CryptoTelemetry.getInstance().reportEncryptException(e2, getLengthOrNull(str), getLengthOrNull(bArr), getLengthOrNull(storedSaltData.mStoredSalt), z2, z, storedSaltData.mIsSaltUpgrade, CryptoTelemetry.CryptoType.BinaryData, str2);
            return null;
        }
    }

    public static CertificateSigningRequest generateCSR(int i) {
        NativeErrorCodes nativeErrorCodes = NativeErrorCodes.S_OK;
        CertificateSigningRequest certificateSigningRequest = new CertificateSigningRequest();
        Trace.d(LOG_TAG, "generateCSR");
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA_ALGORITHM, BouncyCastleProvider.PROVIDER_NAME);
            keyPairGenerator.initialize(i);
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            PrivateKey privateKey = genKeyPair.getPrivate();
            byte[] encoded = new JcaPKCS10CertificationRequestBuilder(new X500Principal(""), genKeyPair.getPublic()).build(new JcaContentSignerBuilder(IDigestHelper.DigestType.SHA256 + "with" + RSA_ALGORITHM).build(privateKey)).getEncoded();
            certificateSigningRequest.setPrivateKey(Base64.encodeToString(privateKey.getEncoded(), 2));
            certificateSigningRequest.setCSR(Base64.encodeToString(encoded, 2));
        } catch (IOException e) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            Trace.e(LOG_TAG, "Failed to write CSR to PEM object in CSR generation", e);
        } catch (NoSuchAlgorithmException e2) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            Trace.e(LOG_TAG, "Invalid algorithm name in CSR generation", e2);
        } catch (NoSuchProviderException e3) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            Trace.e(LOG_TAG, "Bad provider spec", e3);
        } catch (OperatorCreationException e4) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            Trace.e(LOG_TAG, "Failure in ContentSigner creation in CSR generation ", e4);
        }
        certificateSigningRequest.setErrorCode(nativeErrorCodes);
        return certificateSigningRequest;
    }

    private static IvParameterSpec generateIV() {
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.setSeed(secureRandom.generateSeed(16));
        byte[] bArr = new byte[16];
        secureRandom.nextBytes(bArr);
        return new IvParameterSpec(bArr);
    }

    private static byte[] generateKey(String str, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return new SecretKeySpec(SecretKeyFactory.getInstance(KeyDerivationAlgorithm).generateSecret(new PBEKeySpec(str.toCharArray(), bArr, 100, 128)).getEncoded(), CryptoAlgorithm).getEncoded();
    }

    private static byte[] getAccManagerSalt() {
        String encryptionSalt = CredentialsStoreManager.getInstance().getEncryptionSalt();
        if (encryptionSalt == null) {
            return null;
        }
        return Base64.decode(encryptionSalt, 2);
    }

    @NonNull
    private static byte[] getDecryptionKey(String str, byte[] bArr, boolean z) throws NoSuchAlgorithmException, InvalidKeySpecException {
        if (!z) {
            return generateKey(str, bArr);
        }
        Trace.v(LOG_TAG, "getDecryptionKey, using legacy seed generation");
        return generateKey(getLegacySeed(), bArr);
    }

    private static StoredSeedData getDefaultSeed() {
        StoredSeedData storedSeedData = new StoredSeedData();
        storedSeedData.mStoredSeed = CredentialsStoreManager.getInstance().getEncryptionSeed();
        if (storedSeedData.mStoredSeed == null) {
            Trace.i(LOG_TAG, "getDefaultSeed, no stored seed.  Generating new seed.");
            storedSeedData.mStoredSeed = UUIDCreator.createUUIDString();
            storedSeedData.mIsNewSeed = true;
            try {
                CredentialsStoreManager.getInstance().setEncryptionSeed(storedSeedData.mStoredSeed);
            } catch (CredentialStoreException e) {
                CryptoTelemetry.getInstance().reportCryptoStorageError(CryptoTelemetry.StorageErrorType.SeedStorage, e.toString());
                Trace.e(LOG_TAG, "getDefaultSeed, failed to store encryption seed", e);
            }
        }
        return storedSeedData;
    }

    private static IvParameterSpec getIV(byte[] bArr) {
        return new IvParameterSpec(Arrays.copyOfRange(bArr, 0, 16));
    }

    @NonNull
    private static File getLegacySaltFile() {
        if (mLegacySaltFileSystemRoot != null) {
            return new File(mLegacySaltFileSystemRoot, SALT_FILE_NAME);
        }
        ErrorUtils.getInstance().crashIfConfigured(ErrorUtils.Category.Initialization, ErrorMessage.CryptoSaltFileRootDirIsNotInitialized, new Object[0]);
        throw new NullPointerException("mLegacySaltFileSystemRoot is null. CryptoUtils wasn't initialized properly");
    }

    private static String getLegacySeed() {
        Context context = ContextProvider.getContext();
        if (context == null) {
            throw new IllegalArgumentException("context is null.");
        }
        StringBuilder sb = new StringBuilder();
        TelephonyManager telephonyManager = (TelephonyManager) context.getSystemService("phone");
        String deviceId = telephonyManager.getDeviceId();
        if (deviceId == null) {
            deviceId = "";
        }
        sb.append(deviceId);
        String string = Settings.Secure.getString(context.getContentResolver(), "android_id");
        if (string == null) {
            string = "";
        }
        sb.append(string);
        String simSerialNumber = telephonyManager.getSimSerialNumber();
        if (simSerialNumber == null) {
            simSerialNumber = "";
        }
        sb.append(simSerialNumber);
        String subscriberId = telephonyManager.getSubscriberId();
        if (subscriberId == null) {
            subscriberId = "";
        }
        sb.append(subscriberId);
        return sb.toString();
    }

    public static String getLengthOrNull(String str) {
        return str == null ? SSAStrings.NULL : String.valueOf(str.length());
    }

    public static String getLengthOrNull(byte[] bArr) {
        return bArr == null ? SSAStrings.NULL : String.valueOf(bArr.length);
    }

    private static StoredSaltData getStoredSalt() throws SfbCryptoSaltNotFoundException {
        File legacySaltFile = getLegacySaltFile();
        StoredSaltData storedSaltData = new StoredSaltData();
        if (legacySaltFile.exists()) {
            Trace.i(LOG_TAG, "getStoredSalt, upgrading legacy salt file to store in account manager");
            storedSaltData.mStoredSalt = readLegacySalt(legacySaltFile);
            storedSaltData.mIsSaltUpgrade = true;
            legacySaltFile.delete();
            if (storedSaltData.mStoredSalt != null && !storeSalt(storedSaltData.mStoredSalt)) {
                Trace.d(LOG_TAG, "getStoredSalt, failed to store legacy salt");
            }
        }
        storedSaltData.mStoredSalt = getAccManagerSalt();
        if (storedSaltData.mStoredSalt == null) {
            throw new SfbCryptoSaltNotFoundException();
        }
        return storedSaltData;
    }

    public static void initialize(Context context) {
        if (mLegacySaltFileSystemRoot == null) {
            mLegacySaltFileSystemRoot = context.getFilesDir().getParentFile().getAbsolutePath() + File.separator + "Crypto";
        }
        Trace.i(LOG_TAG, "CryptoUtils initialized. mLegacySaltFileSystemRoot = " + mLegacySaltFileSystemRoot);
    }

    private static PrivateKey privateKeyFromBytes(byte[] bArr) throws InvalidKeySpecException, NoSuchAlgorithmException {
        return KeyFactory.getInstance(RSA_ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    private static byte[] readLegacySalt(File file) {
        byte[] bArr;
        FileInputStream fileInputStream;
        FileInputStream fileInputStream2 = null;
        try {
            try {
                fileInputStream = new FileInputStream(file);
            } catch (IOException e) {
                e = e;
            }
        } catch (Throwable th) {
            th = th;
        }
        try {
            bArr = new byte[16];
            fileInputStream.read(bArr);
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e2) {
                    Trace.e(LOG_TAG, "Exception closing salt input stream, closing quietly", e2);
                }
            }
        } catch (IOException e3) {
            e = e3;
            fileInputStream2 = fileInputStream;
            Trace.e(LOG_TAG, "Failed to read the legacy salt file in getStoredSalt()", e);
            bArr = null;
            if (fileInputStream2 != null) {
                try {
                    fileInputStream2.close();
                } catch (IOException e4) {
                    Trace.e(LOG_TAG, "Exception closing salt input stream, closing quietly", e4);
                }
            }
            return bArr;
        } catch (Throwable th2) {
            th = th2;
            fileInputStream2 = fileInputStream;
            if (fileInputStream2 != null) {
                try {
                    fileInputStream2.close();
                } catch (IOException e5) {
                    Trace.e(LOG_TAG, "Exception closing salt input stream, closing quietly", e5);
                }
            }
            throw th;
        }
        return bArr;
    }

    private static boolean storeSalt(byte[] bArr) {
        try {
            CredentialsStoreManager.getInstance().setEncryptionSalt(Base64.encodeToString(bArr, 2));
            return true;
        } catch (CredentialStoreException e) {
            Trace.e(LOG_TAG, "Unable to store salt", e);
            CryptoTelemetry.getInstance().reportCryptoStorageError(CryptoTelemetry.StorageErrorType.SaltStorage, e.toString());
            return false;
        }
    }
}
