package com.android.identity.android.storage;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.util.AtomicFile;
import co.nstant.in.cbor.CborBuilder;
import co.nstant.in.cbor.CborDecoder;
import co.nstant.in.cbor.CborException;
import co.nstant.in.cbor.builder.ArrayBuilder;
import co.nstant.in.cbor.model.Array;
import co.nstant.in.cbor.model.ByteString;
import co.nstant.in.cbor.model.DataItem;
import com.android.identity.internal.Util;
import com.android.identity.storage.StorageEngine;
import com.google.android.gms.stats.CodePackage;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* loaded from: classes18.dex */
public class AndroidStorageEngine implements StorageEngine {
    static final int CHUNKED_ENCRYPTED_MAX_CHUNK_SIZE = 16384;
    private static final byte[] MAGIC_ENCRYPTED = "Ienc".getBytes(StandardCharsets.UTF_8);
    private static final byte[] MAGIC_NOT_ENCRYPTED = "Iraw".getBytes(StandardCharsets.UTF_8);
    private static final int MAGIC_SIZE = 4;
    private static final String PREFIX = "IC_AndroidStorageEngine_";
    private final Context mContext;
    private final File mStorageDirectory;
    private final boolean mUseEncryption;

    /* loaded from: classes18.dex */
    public static class Builder {
        private final Context mContext;
        private final File mStorageDirectory;
        private boolean mUseEncryption = true;

        public Builder(Context context, File file) {
            this.mContext = context;
            this.mStorageDirectory = file;
        }

        public AndroidStorageEngine build() {
            return new AndroidStorageEngine(this.mContext, this.mStorageDirectory, this.mUseEncryption);
        }

        public Builder setUseEncryption(boolean z) {
            this.mUseEncryption = z;
            return this;
        }
    }

    AndroidStorageEngine(Context context, File file, boolean z) {
        this.mContext = context;
        this.mStorageDirectory = file;
        this.mUseEncryption = z;
    }

    private static byte[] decrypt(SecretKey secretKey, byte[] bArr) {
        try {
            List<DataItem> decode = new CborDecoder(new ByteArrayInputStream(bArr)).decode();
            if (decode.size() != 1) {
                throw new IllegalStateException("Expected one item, found " + decode.size());
            }
            if (!(decode.get(0) instanceof Array)) {
                throw new IllegalStateException("Item is not a array");
            }
            Array array = (Array) decode.get(0);
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                for (DataItem dataItem : array.getDataItems()) {
                    if (!(dataItem instanceof ByteString)) {
                        throw new IllegalStateException("Item in inner array is not a bstr");
                    }
                    byte[] bytes = ((ByteString) dataItem).getBytes();
                    ByteBuffer wrap = ByteBuffer.wrap(bytes);
                    byte[] bArr2 = new byte[12];
                    wrap.get(bArr2);
                    byte[] bArr3 = new byte[bytes.length - 12];
                    wrap.get(bArr3);
                    Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                    cipher.init(2, secretKey, new GCMParameterSpec(128, bArr2));
                    byteArrayOutputStream.write(cipher.doFinal(bArr3));
                }
                return byteArrayOutputStream.toByteArray();
            } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
                throw new IllegalStateException("Error decrypting chunk", e);
            }
        } catch (CborException e2) {
            throw new IllegalStateException("Error decoding CBOR");
        }
    }

    private static byte[] encrypt(SecretKey secretKey, byte[] bArr) {
        CborBuilder cborBuilder = new CborBuilder();
        ArrayBuilder<CborBuilder> addArray = cborBuilder.addArray();
        int i = 0;
        boolean z = false;
        do {
            try {
                int length = bArr.length - i;
                if (length <= 16384) {
                    z = true;
                } else {
                    length = 16384;
                }
                Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                cipher.init(1, secretKey);
                byte[] doFinal = cipher.doFinal(bArr, i, length);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                byteArrayOutputStream.write(cipher.getIV());
                byteArrayOutputStream.write(doFinal);
                addArray.add(byteArrayOutputStream.toByteArray());
                i += length;
            } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
                throw new IllegalStateException("Error encrypting data", e);
            }
        } while (!z);
        return Util.cborEncode(cborBuilder.build().get(0));
    }

    private SecretKey ensureSecretKey() {
        String str = "IC_AndroidStorageEngine__KeyFor_" + this.mStorageDirectory;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (entry != null) {
                return ((KeyStore.SecretKeyEntry) entry).getSecretKey();
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes(CodePackage.GCM).setEncryptionPaddings("NoPadding").setKeySize(128).build());
            return keyGenerator.generateKey();
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableEntryException | CertificateException e) {
            throw new IllegalStateException("Error loading secret key", e);
        }
    }

    private File getTargetFile(String str) {
        try {
            return new File(this.mStorageDirectory, PREFIX + URLEncoder.encode(str, "UTF-8"));
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException("Unexpected UnsupportedEncodingException", e);
        }
    }

    @Override // com.android.identity.storage.StorageEngine
    public void delete(String str) {
        new AtomicFile(getTargetFile(str)).delete();
    }

    @Override // com.android.identity.storage.StorageEngine
    public void deleteAll() {
        for (File file : this.mStorageDirectory.listFiles()) {
            if (file.getName().startsWith(PREFIX)) {
                file.delete();
            }
        }
    }

    @Override // com.android.identity.storage.StorageEngine
    public Collection<String> enumerate() {
        ArrayList arrayList = new ArrayList();
        for (File file : this.mStorageDirectory.listFiles()) {
            String name = file.getName();
            if (name.startsWith(PREFIX)) {
                try {
                    arrayList.add(URLDecoder.decode(name.substring(PREFIX.length()), "UTF-8"));
                } catch (UnsupportedEncodingException e) {
                    throw new IllegalStateException(e);
                }
            }
        }
        return arrayList;
    }

    @Override // com.android.identity.storage.StorageEngine
    public byte[] get(String str) {
        try {
            byte[] readFully = new AtomicFile(getTargetFile(str)).readFully();
            if (readFully.length < 4) {
                throw new IllegalStateException("File too short for magic");
            }
            byte[] copyOfRange = Arrays.copyOfRange(readFully, 0, 4);
            if (Arrays.equals(copyOfRange, MAGIC_ENCRYPTED)) {
                return decrypt(ensureSecretKey(), Arrays.copyOfRange(readFully, 4, readFully.length));
            }
            if (Arrays.equals(copyOfRange, MAGIC_NOT_ENCRYPTED)) {
                return Arrays.copyOfRange(readFully, 4, readFully.length);
            }
            throw new IllegalStateException("Unexpected magic " + Util.toHex(copyOfRange));
        } catch (FileNotFoundException e) {
            return null;
        } catch (IOException e2) {
            throw new IllegalStateException("Unexpected exception", e2);
        }
    }

    @Override // com.android.identity.storage.StorageEngine
    public void put(String str, byte[] bArr) {
        AtomicFile atomicFile = new AtomicFile(getTargetFile(str));
        FileOutputStream fileOutputStream = null;
        try {
            fileOutputStream = atomicFile.startWrite();
            if (this.mUseEncryption) {
                fileOutputStream.write(MAGIC_ENCRYPTED);
                fileOutputStream.write(encrypt(ensureSecretKey(), bArr));
            } else {
                fileOutputStream.write(MAGIC_NOT_ENCRYPTED);
                fileOutputStream.write(bArr);
            }
            atomicFile.finishWrite(fileOutputStream);
        } catch (IOException e) {
            if (fileOutputStream != null) {
                atomicFile.failWrite(fileOutputStream);
            }
            throw new IllegalStateException("Error writing data", e);
        }
    }
}
