package com.amazon.mShop.securestorage.crypto;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Log;
import com.amazon.mShop.pushnotification.fcm.FCMNotificationProvider;
import com.amazon.mShop.securestorage.ErrorCode;
import com.amazon.mShop.securestorage.NonRetryableException;
import com.amazon.mShop.securestorage.RetryableException;
import com.amazon.mShop.securestorage.common.Constants;
import com.amazon.mShop.securestorage.metric.MetricsHelper;
import com.amazon.mShop.securestorage.metric.SimpleTimer;
import com.amazon.mShop.util.DebugUtil;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Optional;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import java.util.concurrent.Semaphore;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.inject.Inject;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes3.dex */
public class KeyStoreCryptoMaterialProvider implements CryptoMaterialProvider {
    private static final String DELIMETER = "#";
    private static final String KEYSTORE_PROVIDER = "AndroidKeyStore";
    private static final int KEY_SIZE = 256;
    private static final String SHARED_PREFERENCES_NAME = "SSKeyVersionStore";
    private final Context context;
    private final KeyStore mKeyStore = getKeyStoreInstance();
    private final MetricsHelper metricsHelper;
    private static final String TAG = KeyStoreCryptoMaterialProvider.class.getSimpleName();
    private static final Semaphore SERIAL_ACCESS_LOCK = new Semaphore(1, true);
    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();

    @Inject
    public KeyStoreCryptoMaterialProvider(Context context, MetricsHelper metricsHelper) {
        this.context = context;
        this.metricsHelper = metricsHelper;
    }

    private CryptoMaterial createKey(CryptoMetaData cryptoMetaData, KeyMaterialAccessControlOptions keyMaterialAccessControlOptions) throws NonRetryableException {
        SimpleTimer simpleTimer = new SimpleTimer();
        simpleTimer.startTimer();
        try {
            try {
                String keyStoreAlias = getKeyStoreAlias(cryptoMetaData.getKeyName(), cryptoMetaData.getVersion());
                Log.i(TAG, "Creating a new Key with Alias : " + keyStoreAlias);
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", KEYSTORE_PROVIDER);
                KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(keyStoreAlias, 3);
                builder.setBlockModes(FCMNotificationProvider.PROVIDER_NAME).setKeySize(256).setEncryptionPaddings("NoPadding");
                if (keyMaterialAccessControlOptions.isAuthenticationRequired()) {
                    builder.setUserAuthenticationRequired(keyMaterialAccessControlOptions.isAuthenticationRequired()).setUserAuthenticationValidityDurationSeconds(keyMaterialAccessControlOptions.getAuthenticationValidityDurationSeconds());
                }
                keyGenerator.init(builder.build());
                CryptoMaterial build = CryptoMaterial.builder().secretKey(keyGenerator.generateKey()).cryptoMetaData(cryptoMetaData).build();
                simpleTimer.stopTimer();
                this.metricsHelper.recordLatency("KEY_STORE_CREATE_KEY", simpleTimer);
                this.metricsHelper.recordCounterMetric("KEY_STORE_CREATE_KEY_SUCCESS", 1.0d);
                return build;
            } catch (Throwable th) {
                simpleTimer.stopTimer();
                this.metricsHelper.recordLatency("KEY_STORE_CREATE_KEY", simpleTimer);
                this.metricsHelper.recordCounterMetric("KEY_STORE_CREATE_KEY_SUCCESS", 1 == 0 ? 0.0d : 1.0d);
                throw th;
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new NonRetryableException("Error occurred while creating a Secret", ErrorCode.INTERNAL_ISSUE, e);
        }
    }

    private CryptoMaterial createKeyAndStore(String str, int i, KeyMaterialAccessControlOptions keyMaterialAccessControlOptions) throws RetryableException, NonRetryableException {
        CryptoMaterial createKey;
        try {
            try {
                SERIAL_ACCESS_LOCK.acquire();
                CryptoMetaData build = CryptoMetaData.builder().keyName(str).version(i).build();
                Optional<SecretKey> key = getKey(build);
                if (key.isPresent()) {
                    DebugUtil.Log.d(TAG, "Secret Key already exists. Returning");
                    createKey = CryptoMaterial.builder().cryptoMetaData(build).secretKey(key.get()).build();
                } else {
                    createKey = createKey(build, keyMaterialAccessControlOptions);
                }
                build.setCreatedTimeStamp(System.currentTimeMillis());
                storeCryptoMetaDataInSharedPrefs(build);
                storeLatestKeyInfoInfoSharedPrefs(build);
                return createKey;
            } catch (InterruptedException unused) {
                throw new RetryableException("Error occurred while acquiring a lock.", ErrorCode.INTERNAL_ISSUE);
            }
        } finally {
            SERIAL_ACCESS_LOCK.release();
        }
    }

    private void deleteKeyFromKeyStore(String str, int i) throws NonRetryableException {
        String keyStoreAlias = getKeyStoreAlias(str, i);
        try {
            Log.i(TAG, "Deleting key with alias : " + keyStoreAlias + " from key store.");
            this.mKeyStore.deleteEntry(keyStoreAlias);
        } catch (KeyStoreException e) {
            throw new NonRetryableException("Error occurred while deleting the Secret key : " + e.getMessage(), ErrorCode.INTERNAL_ISSUE, e);
        }
    }

    private Optional<CryptoMetaData> getCryptoMetaDataInSharedPrefs(String str, int i) throws NonRetryableException {
        String string = getSharedPrefs().getString(getKeyStoreAlias(str, i), null);
        if (StringUtils.isBlank(string)) {
            return Optional.absent();
        }
        try {
            return Optional.of((CryptoMetaData) OBJECT_MAPPER.readValue(string, CryptoMetaData.class));
        } catch (IOException e) {
            throw new NonRetryableException("Error retrieving key meta data info from sharedPrefs", ErrorCode.INTERNAL_ISSUE, e);
        }
    }

    private Optional<SecretKey> getKey(CryptoMetaData cryptoMetaData) throws NonRetryableException {
        SimpleTimer simpleTimer = new SimpleTimer();
        simpleTimer.startTimer();
        try {
            try {
                return Optional.fromNullable((SecretKey) this.mKeyStore.getKey(getKeyStoreAlias(cryptoMetaData.getKeyName(), cryptoMetaData.getVersion()), null));
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException unused) {
                throw new NonRetryableException("Error occurred while retrieving key from KeyStore.", ErrorCode.INTERNAL_ISSUE);
            }
        } finally {
            simpleTimer.stopTimer();
            this.metricsHelper.recordLatency("KEY_STORE_GEY_KEY", simpleTimer);
        }
    }

    private String getKeyStoreAlias(String str, int i) {
        return str + DELIMETER + i;
    }

    private KeyStore getKeyStoreInstance() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_PROVIDER);
            keyStore.load(null);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            this.metricsHelper.recordCounterMetric("KEY_STORE_INSTANTIATION_FAILURE", 1.0d);
            throw new RuntimeException("Exception occurred while instantiating Key Store", e);
        }
    }

    private Optional<CryptoMetaData> getLatestKeyInfoFromSharedPrefs(String str) throws NonRetryableException {
        int i = getSharedPrefs().getInt(str, -1);
        if (i != -1) {
            return getCryptoMetaDataInSharedPrefs(str, i);
        }
        DebugUtil.Log.d(TAG, "No Entry found for latestKey info for key : " + str);
        return Optional.absent();
    }

    private SharedPreferences getSharedPrefs() {
        return this.context.getSharedPreferences(SHARED_PREFERENCES_NAME, 0);
    }

    private boolean isKeyExpired(CryptoMetaData cryptoMetaData) {
        return System.currentTimeMillis() - cryptoMetaData.getCreatedTimeStamp() > Constants.CRYPTOGRAPHIC_KEY_EXPIRATION_MILLI_SECONDS;
    }

    private void storeCryptoMetaDataInSharedPrefs(CryptoMetaData cryptoMetaData) throws NonRetryableException {
        SharedPreferences sharedPrefs = getSharedPrefs();
        String keyStoreAlias = getKeyStoreAlias(cryptoMetaData.getKeyName(), cryptoMetaData.getVersion());
        try {
            String writeValueAsString = OBJECT_MAPPER.writeValueAsString(cryptoMetaData);
            SharedPreferences.Editor edit = sharedPrefs.edit();
            edit.putString(keyStoreAlias, writeValueAsString);
            edit.commit();
        } catch (JsonProcessingException e) {
            throw new NonRetryableException("Error adding key meta data info to sharedPrefs", ErrorCode.INTERNAL_ISSUE, e);
        }
    }

    private void storeLatestKeyInfoInfoSharedPrefs(CryptoMetaData cryptoMetaData) {
        SharedPreferences.Editor edit = getSharedPrefs().edit();
        edit.putInt(cryptoMetaData.getKeyName(), cryptoMetaData.getVersion());
        edit.commit();
    }

    @Override // com.amazon.mShop.securestorage.crypto.CryptoMaterialProvider
    public void deleteSecret(String str) throws NonRetryableException {
        Optional<CryptoMetaData> latestKeyInfoFromSharedPrefs = getLatestKeyInfoFromSharedPrefs(str);
        Log.i(TAG, "Delete Secret request received for keyName : " + str);
        if (!latestKeyInfoFromSharedPrefs.isPresent()) {
            Log.i(TAG, "Returning as no cryptoMetaData found for keyName : " + str);
            return;
        }
        int version = latestKeyInfoFromSharedPrefs.get().getVersion();
        SharedPreferences.Editor edit = getSharedPrefs().edit();
        for (int i = 1; i <= version; i++) {
            deleteKeyFromKeyStore(str, i);
            edit.remove(getKeyStoreAlias(str, i));
        }
        edit.remove(str);
        edit.commit();
    }

    @Override // com.amazon.mShop.securestorage.crypto.CryptoMaterialProvider
    public CryptoMaterial getActiveSecret(String str, KeyMaterialAccessControlOptions keyMaterialAccessControlOptions) throws RetryableException, NonRetryableException {
        Optional<CryptoMetaData> latestKeyInfoFromSharedPrefs = getLatestKeyInfoFromSharedPrefs(str);
        if (!latestKeyInfoFromSharedPrefs.isPresent()) {
            Log.i(TAG, "No Key found with name : " + str + ". Creating a new key with version 1.");
            return createKeyAndStore(str, 1, keyMaterialAccessControlOptions);
        }
        CryptoMetaData cryptoMetaData = latestKeyInfoFromSharedPrefs.get();
        if (isKeyExpired(cryptoMetaData)) {
            Log.i(TAG, "Expired version : " + cryptoMetaData.getVersion() + "found for key : " + str + ". Creating a new version.");
            return createKeyAndStore(str, cryptoMetaData.getVersion() + 1, keyMaterialAccessControlOptions);
        }
        Optional<SecretKey> key = getKey(cryptoMetaData);
        SecretKey secretKey = null;
        if (key.isPresent()) {
            secretKey = key.get();
        } else {
            this.metricsHelper.recordCounterMetric("NO_KEY_FOUND_FOR_META_DATA", 1.0d);
            Log.e(TAG, "Key not found for crypto meta data : " + cryptoMetaData.toString());
        }
        return CryptoMaterial.builder().secretKey(secretKey).cryptoMetaData(cryptoMetaData).build();
    }

    @Override // com.amazon.mShop.securestorage.crypto.CryptoMaterialProvider
    public CryptoMaterial getSecret(CryptoMetaData cryptoMetaData) throws NonRetryableException {
        Optional<SecretKey> key = getKey(cryptoMetaData);
        if (key.isPresent()) {
            return CryptoMaterial.builder().cryptoMetaData(cryptoMetaData).secretKey(key.get()).build();
        }
        return null;
    }

    @Override // com.amazon.mShop.securestorage.crypto.CryptoMaterialProvider
    public List<String> getSecretNames() {
        Set<String> keySet = getSharedPrefs().getAll().keySet();
        ArrayList arrayList = new ArrayList();
        for (String str : keySet) {
            if (!str.contains(DELIMETER)) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }
}
