package com.android.identity.android.storage;

import android.content.Context;
import android.os.storage.StorageManager;
import android.security.keystore.KeyGenParameterSpec;
import android.util.AtomicFile;
import com.android.identity.cbor.ArrayBuilder;
import com.android.identity.cbor.Cbor;
import com.android.identity.cbor.CborArray;
import com.android.identity.cbor.CborBuilder;
import com.android.identity.cbor.DataItem;
import com.android.identity.storage.StorageEngine;
import com.android.identity.util.HexUtilKt;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.ArraysKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.ranges.IntRange;
import kotlin.text.Charsets;
import kotlin.text.StringsKt;
import kotlinx.io.bytestring.ByteString;
import kotlinx.io.bytestring.ByteStringBuilder;

/* compiled from: AndroidStorageEngine.kt */
@Metadata(d1 = {"\u0000@\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u001e\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0006\u0018\u0000 \u00182\u00020\u0001:\u0002\u0017\u0018B\u001f\b\u0000\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007¢\u0006\u0002\u0010\bJ\u0010\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\fH\u0016J\b\u0010\r\u001a\u00020\nH\u0016J\b\u0010\u000e\u001a\u00020\u000fH\u0002J\u000e\u0010\u0010\u001a\b\u0012\u0004\u0012\u00020\f0\u0011H\u0016J\u0013\u0010\u0012\u001a\u0004\u0018\u00010\u00132\u0006\u0010\u000b\u001a\u00020\fH\u0096\u0002J\u0010\u0010\u0014\u001a\u00020\u00052\u0006\u0010\u000b\u001a\u00020\fH\u0002J\u0018\u0010\u0015\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\u0016\u001a\u00020\u0013H\u0016R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u0019"}, d2 = {"Lcom/android/identity/android/storage/AndroidStorageEngine;", "Lcom/android/identity/storage/StorageEngine;", "context", "Landroid/content/Context;", "storageDirectory", "Ljava/io/File;", "useEncryption", "", "(Landroid/content/Context;Ljava/io/File;Z)V", "delete", "", "key", "", "deleteAll", "ensureSecretKey", "Ljavax/crypto/SecretKey;", "enumerate", "", "get", "", "getTargetFile", "put", "data", "Builder", "Companion", "identity-android_debug"}, k = 1, mv = {1, 8, 0}, xi = 48)
/* loaded from: classes10.dex */
public final class AndroidStorageEngine implements StorageEngine {
    public static final int CHUNKED_ENCRYPTED_MAX_CHUNK_SIZE = 16384;

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);
    private static final byte[] MAGIC_ENCRYPTED;
    private static final byte[] MAGIC_NOT_ENCRYPTED;
    private static final int MAGIC_SIZE = 4;
    private static final String PREFIX = "IC_AndroidStorageEngine_";
    private final Context context;
    private final File storageDirectory;
    private final boolean useEncryption;

    /* compiled from: AndroidStorageEngine.kt */
    @Metadata(d1 = {"\u0000&\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018\u00002\u00020\u0001B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u0006\u0010\t\u001a\u00020\nJ\u000e\u0010\u000b\u001a\u00020\u00002\u0006\u0010\u0007\u001a\u00020\bR\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\bX\u0082\u000e¢\u0006\u0002\n\u0000¨\u0006\f"}, d2 = {"Lcom/android/identity/android/storage/AndroidStorageEngine$Builder;", "", "context", "Landroid/content/Context;", "storageDirectory", "Ljava/io/File;", "(Landroid/content/Context;Ljava/io/File;)V", "useEncryption", "", "build", "Lcom/android/identity/android/storage/AndroidStorageEngine;", "setUseEncryption", "identity-android_debug"}, k = 1, mv = {1, 8, 0}, xi = 48)
    /* loaded from: classes10.dex */
    public static final class Builder {
        private final Context context;
        private final File storageDirectory;
        private boolean useEncryption;

        public Builder(Context context, File storageDirectory) {
            Intrinsics.checkNotNullParameter(context, "context");
            Intrinsics.checkNotNullParameter(storageDirectory, "storageDirectory");
            this.context = context;
            this.storageDirectory = storageDirectory;
            Intrinsics.checkNotNull(context.getSystemService((Class<Object>) StorageManager.class), "null cannot be cast to non-null type android.os.storage.StorageManager");
            this.useEncryption = !((StorageManager) r0).isEncrypted(storageDirectory);
        }

        public final AndroidStorageEngine build() {
            return new AndroidStorageEngine(this.context, this.storageDirectory, this.useEncryption);
        }

        public final Builder setUseEncryption(boolean useEncryption) {
            this.useEncryption = useEncryption;
            return this;
        }
    }

    /* compiled from: AndroidStorageEngine.kt */
    @Metadata(d1 = {"\u0000*\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\b\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0003\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0018\u0010\u000b\u001a\u00020\u00062\u0006\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u0006H\u0002J\u0018\u0010\u000f\u001a\u00020\u00062\u0006\u0010\f\u001a\u00020\r2\u0006\u0010\u0010\u001a\u00020\u0006H\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0006X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\nX\u0082T¢\u0006\u0002\n\u0000¨\u0006\u0011"}, d2 = {"Lcom/android/identity/android/storage/AndroidStorageEngine$Companion;", "", "()V", "CHUNKED_ENCRYPTED_MAX_CHUNK_SIZE", "", "MAGIC_ENCRYPTED", "", "MAGIC_NOT_ENCRYPTED", "MAGIC_SIZE", "PREFIX", "", "decrypt", "secretKey", "Ljavax/crypto/SecretKey;", "encryptedData", "encrypt", "data", "identity-android_debug"}, k = 1, mv = {1, 8, 0}, xi = 48)
    /* loaded from: classes10.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final byte[] decrypt(SecretKey secretKey, byte[] encryptedData) {
            List<DataItem> asArray = Cbor.decode(encryptedData).getAsArray();
            try {
                ByteStringBuilder byteStringBuilder = new ByteStringBuilder(0, 1, null);
                Iterator<DataItem> it = asArray.iterator();
                while (it.hasNext()) {
                    byte[] asBstr = it.next().getAsBstr();
                    byte[] sliceArray = ArraysKt.sliceArray(asBstr, new IntRange(0, 11));
                    byte[] sliceArray2 = ArraysKt.sliceArray(asBstr, new IntRange(12, asBstr.length - 1));
                    Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                    cipher.init(2, secretKey, new GCMParameterSpec(128, sliceArray));
                    byte[] decryptedChunk = cipher.doFinal(sliceArray2);
                    Intrinsics.checkNotNullExpressionValue(decryptedChunk, "decryptedChunk");
                    ByteStringBuilder.append$default(byteStringBuilder, decryptedChunk, 0, 0, 6, null);
                }
                return ByteString.toByteArray$default(byteStringBuilder.toByteString(), 0, 0, 3, null);
            } catch (Exception e) {
                throw new IllegalStateException("Error decrypting chunk", e);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final byte[] encrypt(SecretKey secretKey, byte[] data) {
            ArrayBuilder<CborBuilder> builder = CborArray.INSTANCE.builder();
            int i = 0;
            boolean z = false;
            do {
                try {
                    int length = data.length - i;
                    if (length <= 16384) {
                        z = true;
                    } else {
                        length = 16384;
                    }
                    Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                    cipher.init(1, secretKey);
                    byte[] doFinal = cipher.doFinal(data, i, length);
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    byteArrayOutputStream.write(cipher.getIV());
                    byteArrayOutputStream.write(doFinal);
                    byte[] cipherTextForChunkWithIV = byteArrayOutputStream.toByteArray();
                    Intrinsics.checkNotNullExpressionValue(cipherTextForChunkWithIV, "cipherTextForChunkWithIV");
                    builder.add(cipherTextForChunkWithIV);
                    i += length;
                } catch (Exception e) {
                    throw new IllegalStateException("Error encrypting data", e);
                }
            } while (!z);
            return Cbor.encode(builder.end().getItem());
        }
    }

    static {
        byte[] bytes = "Ienc".getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
        MAGIC_ENCRYPTED = bytes;
        byte[] bytes2 = "Iraw".getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes2, "getBytes(...)");
        MAGIC_NOT_ENCRYPTED = bytes2;
    }

    public AndroidStorageEngine(Context context, File storageDirectory, boolean z) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(storageDirectory, "storageDirectory");
        this.context = context;
        this.storageDirectory = storageDirectory;
        this.useEncryption = z;
    }

    private final SecretKey ensureSecretKey() {
        String str = "IC_AndroidStorageEngine__KeyFor_" + this.storageDirectory;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (entry != null) {
                SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
                Intrinsics.checkNotNullExpressionValue(secretKey, "entry as KeyStore.SecretKeyEntry).secretKey");
                return secretKey;
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            KeyGenParameterSpec.Builder keySize = new KeyGenParameterSpec.Builder(str, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(128);
            Intrinsics.checkNotNullExpressionValue(keySize, "Builder(\n               …         .setKeySize(128)");
            keyGenerator.init(keySize.build());
            SecretKey generateKey = keyGenerator.generateKey();
            Intrinsics.checkNotNullExpressionValue(generateKey, "{\n            val ks = K…g.generateKey()\n        }");
            return generateKey;
        } catch (Exception e) {
            throw new IllegalStateException("Error loading secret key", e);
        }
    }

    private final File getTargetFile(String key) {
        try {
            return new File(this.storageDirectory, PREFIX + URLEncoder.encode(key, "UTF-8"));
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException(e);
        }
    }

    @Override // com.android.identity.storage.StorageEngine
    public void delete(String key) {
        Intrinsics.checkNotNullParameter(key, "key");
        new AtomicFile(getTargetFile(key)).delete();
    }

    @Override // com.android.identity.storage.StorageEngine
    public void deleteAll() {
        File[] listFiles = this.storageDirectory.listFiles();
        if (listFiles == null) {
            return;
        }
        for (File file : listFiles) {
            String name = file.getName();
            Intrinsics.checkNotNullExpressionValue(name, "name");
            if (StringsKt.startsWith$default(name, PREFIX, false, 2, (Object) null)) {
                file.delete();
            }
        }
    }

    @Override // com.android.identity.storage.StorageEngine
    public Collection<String> enumerate() {
        ArrayList arrayList = new ArrayList();
        File[] listFiles = this.storageDirectory.listFiles();
        if (listFiles != null) {
            for (File file : listFiles) {
                String name = file.getName();
                Intrinsics.checkNotNullExpressionValue(name, "name");
                if (StringsKt.startsWith$default(name, PREFIX, false, 2, (Object) null)) {
                    try {
                        String substring = name.substring(24);
                        Intrinsics.checkNotNullExpressionValue(substring, "substring(...)");
                        arrayList.add(URLDecoder.decode(substring, "UTF-8"));
                    } catch (UnsupportedEncodingException e) {
                        throw new IllegalStateException(e);
                    }
                }
            }
        }
        return arrayList;
    }

    @Override // com.android.identity.storage.StorageEngine
    public byte[] get(String key) {
        byte[] copyOfRange;
        Intrinsics.checkNotNullParameter(key, "key");
        try {
            byte[] readFully = new AtomicFile(getTargetFile(key)).readFully();
            if (!(readFully.length >= 4)) {
                throw new IllegalStateException("File too short for magic".toString());
            }
            byte[] magic = Arrays.copyOfRange(readFully, 0, 4);
            if (Arrays.equals(magic, MAGIC_ENCRYPTED)) {
                Companion companion = INSTANCE;
                SecretKey ensureSecretKey = ensureSecretKey();
                byte[] copyOfRange2 = Arrays.copyOfRange(readFully, 4, readFully.length);
                Intrinsics.checkNotNullExpressionValue(copyOfRange2, "copyOfRange(data, MAGIC_SIZE, data.size)");
                copyOfRange = companion.decrypt(ensureSecretKey, copyOfRange2);
            } else {
                if (!Arrays.equals(magic, MAGIC_NOT_ENCRYPTED)) {
                    Intrinsics.checkNotNullExpressionValue(magic, "magic");
                    throw new IllegalStateException("Unexpected magic " + HexUtilKt.getToHex(magic));
                }
                copyOfRange = Arrays.copyOfRange(readFully, 4, readFully.length);
            }
            return copyOfRange;
        } catch (FileNotFoundException e) {
            return null;
        } catch (IOException e2) {
            throw new IllegalStateException("Unexpected exception", e2);
        }
    }

    @Override // com.android.identity.storage.StorageEngine
    public void put(String key, byte[] data) {
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(data, "data");
        synchronized (this) {
            AtomicFile atomicFile = new AtomicFile(getTargetFile(key));
            FileOutputStream fileOutputStream = null;
            try {
                fileOutputStream = atomicFile.startWrite();
                if (this.useEncryption) {
                    fileOutputStream.write(MAGIC_ENCRYPTED);
                    fileOutputStream.write(INSTANCE.encrypt(ensureSecretKey(), data));
                } else {
                    fileOutputStream.write(MAGIC_NOT_ENCRYPTED);
                    fileOutputStream.write(data);
                }
                atomicFile.finishWrite(fileOutputStream);
                Unit unit = Unit.INSTANCE;
            } catch (IOException e) {
                if (fileOutputStream != null) {
                    atomicFile.failWrite(fileOutputStream);
                }
                throw new IllegalStateException("Error writing data", e);
            }
        }
    }
}
