package com.rsa.mfasecuridlib.internal;

import android.content.Context;
import android.database.sqlite.SQLiteDatabase;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import com.rsa.crypto.AlgorithmStrings;
import com.rsa.jsafe.cms.ParameterFactory;
import com.rsa.mfasecuridlib.exception.CryptoException;
import com.rsa.securidlib.exceptions.DatabaseException;
import com.rsa.securidlib.exceptions.DecryptFailException;
import com.rsa.securidlib.exceptions.EncryptFailException;
import com.rsa.securidlib.exceptions.InvalidParameterException;
import com.rsa.securidlib.exceptions.SecurIDLibException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Vector;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* loaded from: classes.dex */
public class ra extends qa {

    /* renamed from: c, reason: collision with root package name */
    public static final String f3782c = "com.rsa.mfasecuridlib.internal.ra";

    /* renamed from: b, reason: collision with root package name */
    public final Context f3783b;

    public ra(Context context) {
        this.f3783b = context;
        this.f3752a = ta.a(context);
    }

    public DecryptFailException a(GeneralSecurityException generalSecurityException, String str) {
        return generalSecurityException instanceof NoSuchAlgorithmException ? new DecryptFailException(b.a.a.a.a.a(str, "01")) : generalSecurityException instanceof NoSuchPaddingException ? new DecryptFailException(b.a.a.a.a.a(str, "02")) : generalSecurityException instanceof BadPaddingException ? new DecryptFailException(b.a.a.a.a.a(str, "03")) : generalSecurityException instanceof IllegalBlockSizeException ? new DecryptFailException(b.a.a.a.a.a(str, "04")) : generalSecurityException instanceof InvalidKeyException ? new DecryptFailException(b.a.a.a.a.a(str, "05")) : generalSecurityException instanceof CertificateException ? new DecryptFailException(b.a.a.a.a.a(str, "06")) : generalSecurityException instanceof UnrecoverableKeyException ? new DecryptFailException(b.a.a.a.a.a(str, "07")) : generalSecurityException instanceof KeyStoreException ? new DecryptFailException(b.a.a.a.a.a(str, "08")) : generalSecurityException instanceof InvalidAlgorithmParameterException ? new DecryptFailException(b.a.a.a.a.a(str, "09")) : generalSecurityException instanceof NoSuchProviderException ? new DecryptFailException(b.a.a.a.a.a(str, "10")) : new DecryptFailException(b.a.a.a.a.a(str, "99"));
    }

    public final SecretKey a() {
        int i = Build.VERSION.SDK_INT;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            SecretKey secretKey = (SecretKey) keyStore.getKey("com.rsa.key", null);
            if (secretKey != null) {
                c.d(f3782c, "getHWKey", "key already exists");
                return secretKey;
            }
            c.d(f3782c, "getHWKey", "a new  key has to be generated");
            KeyGenerator keyGenerator = KeyGenerator.getInstance(AlgorithmStrings.AES, "AndroidKeyStore");
            keyGenerator.init(new KeyGenParameterSpec.Builder("com.rsa.key", 3).setBlockModes(AlgorithmStrings.GCM).setEncryptionPaddings("NoPadding").setKeySize(128).build());
            return keyGenerator.generateKey();
        } catch (IOException e) {
            c.a(f3782c, "getHWKey", e);
            throw new DecryptFailException("1140");
        } catch (GeneralSecurityException e2) {
            c.a(f3782c, "getHWKey", e2);
            throw a(e2, "11");
        }
    }

    @Override // com.rsa.mfasecuridlib.internal.sa
    public void a(Context context, SQLiteDatabase sQLiteDatabase) {
    }

    @Override // com.rsa.mfasecuridlib.internal.sa
    public void a(SQLiteDatabase sQLiteDatabase) {
        int i = Build.VERSION.SDK_INT;
        String str = f3782c;
        c.d(str, "updateKey", "start");
        try {
            byte[] c2 = new pa(this.f3783b).c(sQLiteDatabase);
            if (c2 == null) {
                c.e(str, "updateKey", "keyBio is null");
                throw new DecryptFailException("1030");
            }
            a(sQLiteDatabase, c2);
            c.d(str, "updateKey", "key retrieved");
        } catch (Exception e) {
            c.a(f3782c, "updateKey", e);
            throw new DecryptFailException("1131");
        }
    }

    public void a(SQLiteDatabase sQLiteDatabase, byte[] bArr) {
        SecretKey a2;
        byte[] bArr2;
        boolean z;
        c.d(f3782c, "wrapAndSaveKey", "start");
        try {
            a2 = a();
        } catch (DecryptFailException unused) {
            try {
                a2 = new l2(this.f3783b).a();
            } catch (CryptoException unused2) {
                throw new DecryptFailException("1040");
            }
        }
        try {
            Cipher cipher = Cipher.getInstance(ParameterFactory.ENCRYPTION_ALG_AES_GCM_NOPAD);
            cipher.init(1, a2);
            byte[] doFinal = cipher.doFinal(bArr);
            byte[] iv = cipher.getIV();
            byte[] e = ua.e();
            if (e == null || e.length <= 0) {
                bArr2 = doFinal;
                z = false;
            } else {
                byte[] a3 = pb.c().a(doFinal, e);
                nb.a(e);
                bArr2 = a3;
                z = true;
            }
            Vector<byte[]> vector = new Vector<>();
            vector.add(bArr2);
            vector.add(iv);
            String str = f3782c;
            c.d(str, "wrapAndSaveKey", "isPasswrodSet = " + z);
            if (z) {
                vector.add(new byte[]{1});
            } else {
                vector.add(new byte[]{0});
            }
            vector.add(null);
            a(sQLiteDatabase, vector);
            c.d(str, "wrapAndSaveKey", "end");
            this.f3752a.b(1);
        } catch (DatabaseException e2) {
            c.a(f3782c, "wrapAndSaveKey", e2);
            throw new DecryptFailException("1042");
        } catch (InvalidParameterException e3) {
            c.a(f3782c, "wrapAndSaveKey", e3);
            throw new DecryptFailException("1041");
        } catch (GeneralSecurityException e4) {
            c.a(f3782c, "wrapAndSaveKey", e4);
            throw a(e4, "10");
        }
    }

    @Override // com.rsa.mfasecuridlib.internal.sa
    public void b(SQLiteDatabase sQLiteDatabase) {
        String str = f3782c;
        c.d(str, "initkey", "start");
        byte[] bArr = new byte[16];
        try {
            pb.c().a(bArr);
            a(sQLiteDatabase, bArr);
            c.d(str, "initkey", "end");
            this.f3752a.b(1);
        } catch (EncryptFailException unused) {
            throw new DecryptFailException("1051");
        } catch (InvalidParameterException unused2) {
            throw new DecryptFailException("1050");
        }
    }

    @Override // com.rsa.mfasecuridlib.internal.sa
    public byte[] c(SQLiteDatabase sQLiteDatabase) {
        SecretKey a2;
        int i = Build.VERSION.SDK_INT;
        c.d(f3782c, "getKeyFromStorage", "start");
        byte[] bArr = null;
        try {
            a2 = a();
        } catch (DecryptFailException unused) {
            try {
                a2 = new l2(this.f3783b).a();
            } catch (CryptoException unused2) {
                throw new DecryptFailException("1232");
            }
        }
        try {
            Vector<byte[]> d2 = d(sQLiteDatabase);
            byte[] bArr2 = d2.get(0);
            byte[] bArr3 = d2.get(1);
            byte[] bArr4 = d2.get(2);
            byte[] e = ua.e();
            if (e == null || e.length <= 0) {
                c.d(f3782c, "getKeyFromStorage", "NO password");
                Cipher cipher = Cipher.getInstance(ParameterFactory.ENCRYPTION_ALG_AES_GCM_NOPAD);
                cipher.init(2, a2, new GCMParameterSpec(128, bArr3));
                bArr = cipher.doFinal(bArr2);
            } else {
                if (bArr4[0] == 0) {
                    c.d(f3782c, "getKeyFromStorage", "PASSWORD_NOT_SET");
                    Cipher cipher2 = Cipher.getInstance(ParameterFactory.ENCRYPTION_ALG_AES_GCM_NOPAD);
                    cipher2.init(2, a2, new GCMParameterSpec(128, bArr3));
                    bArr = cipher2.doFinal(bArr2);
                    a(sQLiteDatabase, bArr);
                } else if (bArr4[0] == 1) {
                    c.d(f3782c, "getKeyFromStorage", "PASSWORD_SET");
                    byte[] b2 = pb.c().b(bArr2, e);
                    Cipher cipher3 = Cipher.getInstance(ParameterFactory.ENCRYPTION_ALG_AES_GCM_NOPAD);
                    cipher3.init(2, a2, new GCMParameterSpec(128, bArr3));
                    bArr = cipher3.doFinal(b2);
                }
                nb.b(e);
            }
            c.d(f3782c, "getKeyFromStorage", "end");
            return bArr;
        } catch (DatabaseException e2) {
            c.a(f3782c, "getKeyFromStorage", e2);
            throw new DecryptFailException("1228");
        } catch (SecurIDLibException e3) {
            c.a(f3782c, "getKeyFromStorage", e3);
            throw new DecryptFailException("1230");
        } catch (IllegalArgumentException e4) {
            c.a(f3782c, "getKeyFromStorage", e4);
            throw new DecryptFailException("1229");
        } catch (GeneralSecurityException e5) {
            c.a(f3782c, "getKeyFromStorage", e5);
            throw a(e5, "12");
        }
    }
}
