package slack.commons.security;

import android.annotation.TargetApi;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.google.common.collect.Collections2;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.AEADBadTagException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import kotlin.TypeCastException;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.ranges.IntRange;
import kotlin.ranges.RangesKt___RangesKt;
import kotlin.text.Charsets;
import slack.commons.exceptions.LoggableNonFatalThrowable;
import timber.log.Timber;

/* compiled from: SlackCrypto.kt */
/* loaded from: classes2.dex */
public final class SlackCrypto implements Cryptographer {
    public final Map<String, String> ciphertextToPlaintextCache = new ConcurrentHashMap();
    public final Set<String> failedDecryptionTokens;
    public Key secretKey;
    public final String type;

    /* compiled from: SlackCrypto.kt */
    /* loaded from: classes2.dex */
    public final class FailedToInitializeSlackCryptoCipherException extends RuntimeException {
        public FailedToInitializeSlackCryptoCipherException(Throwable th) {
            super(th);
        }
    }

    /* compiled from: SlackCrypto.kt */
    /* loaded from: classes2.dex */
    public final class FailedToInitializeSlackCryptoKeyException extends RuntimeException {
        public FailedToInitializeSlackCryptoKeyException(Throwable th) {
            super(th);
        }
    }

    public SlackCrypto() {
        Set<String> newConcurrentHashSet = Collections2.newConcurrentHashSet();
        Intrinsics.checkExpressionValueIsNotNull(newConcurrentHashSet, "Sets.newConcurrentHashSet()");
        this.failedDecryptionTokens = newConcurrentHashSet;
        try {
            if (isSupported()) {
                initKeys();
            }
        } catch (Throwable th) {
            Timber.TREE_OF_SOULS.e(LoggableNonFatalThrowable.Companion.create(new FailedToInitializeSlackCryptoKeyException(th)), "Unable to initialize and generate keys", new Object[0]);
        }
        this.type = "Slack";
    }

    @Override // slack.commons.security.Cryptographer
    public DecryptionResult decrypt(String str) {
        if (str == null) {
            Intrinsics.throwParameterIsNullException("encryptedData");
            throw null;
        }
        if (!isSupported()) {
            return CryptoUnsupported.INSTANCE;
        }
        String str2 = this.ciphertextToPlaintextCache.get(str);
        if (str2 != null) {
            return new DecryptedCache(str2);
        }
        if (this.failedDecryptionTokens.contains(str)) {
            return CachedFail.INSTANCE;
        }
        byte[] decodedBytes = Base64.decode(str, 0);
        Intrinsics.checkExpressionValueIsNotNull(decodedBytes, "decodedBytes");
        IntRange until = RangesKt___RangesKt.until(0, 12);
        if (until == null) {
            Intrinsics.throwParameterIsNullException("indices");
            throw null;
        }
        try {
            byte[] decryptedBytes = getCipher(until.isEmpty() ? new byte[0] : ArraysKt___ArraysKt.copyOfRange(decodedBytes, until.getStart().intValue(), until.getEndInclusive().intValue() + 1), 2).doFinal(decodedBytes, 12, decodedBytes.length - 12);
            Intrinsics.checkExpressionValueIsNotNull(decryptedBytes, "decryptedBytes");
            String str3 = new String(decryptedBytes, Charsets.UTF_8);
            this.ciphertextToPlaintextCache.put(str, str3);
            return new Decrypted(str3);
        } catch (AEADBadTagException e) {
            this.failedDecryptionTokens.add(str);
            throw e;
        }
    }

    @Override // slack.commons.security.Cryptographer
    public String encrypt(String str) {
        if (str == null) {
            Intrinsics.throwParameterIsNullException("dataToEncrypt");
            throw null;
        }
        if (!isSupported()) {
            return null;
        }
        byte[] generateSeed = new SecureRandom().generateSeed(12);
        Intrinsics.checkExpressionValueIsNotNull(generateSeed, "SecureRandom().generateS…POST_23_IV_STRING_LENGTH)");
        Cipher cipher = getCipher(generateSeed, 1);
        byte[] bytes = str.getBytes(Charsets.UTF_8);
        Intrinsics.checkExpressionValueIsNotNull(bytes, "(this as java.lang.String).getBytes(charset)");
        byte[] encodedBytes = cipher.doFinal(bytes);
        Intrinsics.checkExpressionValueIsNotNull(encodedBytes, "encodedBytes");
        return Base64.encodeToString(ArraysKt___ArraysKt.plus(generateSeed, encodedBytes), 0);
    }

    public final synchronized Cipher getCipher(byte[] bArr, int i) {
        Cipher cipher;
        try {
            Key key = this.secretKey;
            if (key == null) {
                key = getSecretKey();
            }
            this.secretKey = key;
            cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(i, this.secretKey, new GCMParameterSpec(128, bArr));
            Intrinsics.checkExpressionValueIsNotNull(cipher, "Cipher.getInstance(AES_M…M_AUTH_TAG_LENGTH, iv)) }");
        } catch (IOException e) {
            removeKeys();
            throw new FailedToInitializeSlackCryptoCipherException(e);
        } catch (InvalidKeyException e2) {
            removeKeys();
            throw new FailedToInitializeSlackCryptoCipherException(e2);
        }
        return cipher;
    }

    public final Key getSecretKey() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        Key key = keyStore.getKey("token_alias", null);
        Intrinsics.checkExpressionValueIsNotNull(key, "keyStore.getKey(KEY_ALIAS, null)");
        return key;
    }

    @Override // slack.commons.security.Cryptographer
    public String getType() {
        return this.type;
    }

    public final synchronized void initKeys() {
        KeyStore.Entry entry;
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (keyStore.containsAlias("token_alias")) {
            boolean z = false;
            try {
                entry = keyStore.getEntry("token_alias", null);
            } catch (UnrecoverableKeyException e) {
                Timber.TREE_OF_SOULS.e(LoggableNonFatalThrowable.Companion.create(e), "Failed to get key store entry", new Object[0]);
            }
            if (entry == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.security.KeyStore.Entry");
            }
            if ((entry instanceof KeyStore.SecretKeyEntry) && isSupported()) {
                z = true;
            }
            if (!z) {
                removeKeys();
                initValidKeys();
            }
        } else {
            initValidKeys();
        }
    }

    @TargetApi(23)
    public final void initValidKeys() {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder("token_alias", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).setRandomizedEncryptionRequired(false).build());
        keyGenerator.generateKey();
    }

    @Override // slack.commons.security.Cryptographer
    public boolean isSupported() {
        return Build.VERSION.SDK_INT >= 23;
    }

    public final synchronized void removeKeys() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        keyStore.deleteEntry("token_alias");
    }
}
