package android.security.keystore;

import android.os.IBinder;
import android.security.KeyStore;
import android.security.KeyStoreException;
import android.security.keymaster.KeymasterArguments;
import android.security.keystore.KeyStoreCryptoOperationChunkedStreamer;
import java.nio.ByteBuffer;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.AEADBadTagException;
import javax.crypto.BadPaddingException;
import javax.crypto.CipherSpi;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.SecretKeySpec;
import libcore.util.EmptyArray;

/* loaded from: classes.dex */
abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStoreCryptoOperation {
    private KeyStoreCryptoOperationStreamer mAdditionalAuthenticationDataStreamer;
    private boolean mAdditionalAuthenticationDataStreamerClosed;
    private Exception mCachedException;
    private boolean mEncrypting;
    private AndroidKeyStoreKey mKey;
    private KeyStoreCryptoOperationStreamer mMainDataStreamer;
    private long mOperationHandle;
    private IBinder mOperationToken;
    private SecureRandom mRng;
    private int mKeymasterPurposeOverride = -1;
    private final KeyStore mKeyStore = KeyStore.getInstance();

    /* JADX WARN: Removed duplicated region for block: B:15:0x003f  */
    /* JADX WARN: Removed duplicated region for block: B:37:0x00a1  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void ensureKeystoreOperationInitialized() {
        /*
            r8 = this;
            android.security.keystore.KeyStoreCryptoOperationStreamer r0 = r8.mMainDataStreamer
            if (r0 == 0) goto L5
            return
        L5:
            java.lang.Exception r0 = r8.mCachedException
            if (r0 == 0) goto La
            return
        La:
            android.security.keystore.AndroidKeyStoreKey r0 = r8.mKey
            if (r0 == 0) goto La7
            android.security.keymaster.KeymasterArguments r5 = new android.security.keymaster.KeymasterArguments
            r5.<init>()
            r8.addAlgorithmSpecificParametersToBegin(r5)
            java.security.SecureRandom r0 = r8.mRng
            int r1 = r8.getAdditionalEntropyAmountForBegin()
            byte[] r6 = android.security.keystore.KeyStoreCryptoOperationUtils.getRandomBytesToMixIntoKeystoreRng(r0, r1)
            int r0 = r8.mKeymasterPurposeOverride
            r1 = -1
            r7 = 0
            if (r0 == r1) goto L28
        L26:
            r3 = r0
            goto L30
        L28:
            boolean r0 = r8.mEncrypting
            if (r0 == 0) goto L2e
            r3 = r7
            goto L30
        L2e:
            r0 = 1
            goto L26
        L30:
            android.security.KeyStore r1 = r8.mKeyStore
            android.security.keystore.AndroidKeyStoreKey r0 = r8.mKey
            java.lang.String r2 = r0.getAlias()
            r4 = 1
            android.security.keymaster.OperationResult r0 = r1.begin(r2, r3, r4, r5, r6)
            if (r0 == 0) goto La1
            android.os.IBinder r1 = r0.token
            r8.mOperationToken = r1
            long r1 = r0.operationHandle
            r8.mOperationHandle = r1
            android.security.KeyStore r1 = r8.mKeyStore
            android.security.keystore.AndroidKeyStoreKey r2 = r8.mKey
            int r3 = r0.resultCode
            java.security.GeneralSecurityException r1 = android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(r1, r2, r3)
            if (r1 == 0) goto L69
            boolean r0 = r1 instanceof java.security.InvalidKeyException
            if (r0 != 0) goto L66
            boolean r0 = r1 instanceof java.security.InvalidAlgorithmParameterException
            if (r0 == 0) goto L5e
            java.security.InvalidAlgorithmParameterException r1 = (java.security.InvalidAlgorithmParameterException) r1
            throw r1
        L5e:
            java.security.ProviderException r0 = new java.security.ProviderException
            java.lang.String r2 = "Unexpected exception type"
            r0.<init>(r2, r1)
            throw r0
        L66:
            java.security.InvalidKeyException r1 = (java.security.InvalidKeyException) r1
            throw r1
        L69:
            android.os.IBinder r1 = r8.mOperationToken
            if (r1 == 0) goto L99
            long r1 = r8.mOperationHandle
            r3 = 0
            int r1 = (r1 > r3 ? 1 : (r1 == r3 ? 0 : -1))
            if (r1 == 0) goto L91
            android.security.keymaster.KeymasterArguments r1 = r0.outParams
            r8.loadAlgorithmSpecificParametersFromBeginResult(r1)
            android.security.KeyStore r1 = r8.mKeyStore
            android.os.IBinder r2 = r0.token
            android.security.keystore.KeyStoreCryptoOperationStreamer r1 = r8.createMainDataStreamer(r1, r2)
            r8.mMainDataStreamer = r1
            android.security.KeyStore r1 = r8.mKeyStore
            android.os.IBinder r0 = r0.token
            android.security.keystore.KeyStoreCryptoOperationStreamer r0 = r8.createAdditionalAuthenticationDataStreamer(r1, r0)
            r8.mAdditionalAuthenticationDataStreamer = r0
            r8.mAdditionalAuthenticationDataStreamerClosed = r7
            return
        L91:
            java.security.ProviderException r0 = new java.security.ProviderException
            java.lang.String r1 = "Keystore returned invalid operation handle"
            r0.<init>(r1)
            throw r0
        L99:
            java.security.ProviderException r0 = new java.security.ProviderException
            java.lang.String r1 = "Keystore returned null operation token"
            r0.<init>(r1)
            throw r0
        La1:
            android.security.keystore.KeyStoreConnectException r0 = new android.security.keystore.KeyStoreConnectException
            r0.<init>()
            throw r0
        La7:
            java.lang.IllegalStateException r0 = new java.lang.IllegalStateException
            java.lang.String r1 = "Not initialized"
            r0.<init>(r1)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized():void");
    }

    private void flushAAD() {
        KeyStoreCryptoOperationStreamer keyStoreCryptoOperationStreamer = this.mAdditionalAuthenticationDataStreamer;
        if (keyStoreCryptoOperationStreamer == null || this.mAdditionalAuthenticationDataStreamerClosed) {
            return;
        }
        try {
            byte[] doFinal = keyStoreCryptoOperationStreamer.doFinal(EmptyArray.BYTE, 0, 0, null, null);
            if (doFinal == null || doFinal.length <= 0) {
                return;
            }
            throw new ProviderException("AAD update unexpectedly returned data: " + doFinal.length + " bytes");
        } finally {
            this.mAdditionalAuthenticationDataStreamerClosed = true;
        }
    }

    private void init(int i2, Key key, SecureRandom secureRandom) {
        boolean z = true;
        if (i2 != 1) {
            if (i2 != 2) {
                if (i2 != 3) {
                    if (i2 != 4) {
                        throw new InvalidParameterException("Unsupported opmode: " + i2);
                    }
                }
            }
            z = false;
        }
        this.mEncrypting = z;
        initKey(i2, key);
        if (this.mKey == null) {
            throw new ProviderException("initKey did not initialize the key");
        }
        this.mRng = secureRandom;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String opmodeToString(int i2) {
        return i2 != 1 ? i2 != 2 ? i2 != 3 ? i2 != 4 ? String.valueOf(i2) : "UNWRAP_MODE" : "WRAP_MODE" : "DECRYPT_MODE" : "ENCRYPT_MODE";
    }

    protected abstract void addAlgorithmSpecificParametersToBegin(KeymasterArguments keymasterArguments);

    protected KeyStoreCryptoOperationStreamer createAdditionalAuthenticationDataStreamer(KeyStore keyStore, IBinder iBinder) {
        return null;
    }

    protected KeyStoreCryptoOperationStreamer createMainDataStreamer(KeyStore keyStore, IBinder iBinder) {
        return new KeyStoreCryptoOperationChunkedStreamer(new KeyStoreCryptoOperationChunkedStreamer.MainDataStream(keyStore, iBinder));
    }

    @Override // javax.crypto.CipherSpi
    protected final int engineDoFinal(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) {
        return super.engineDoFinal(byteBuffer, byteBuffer2);
    }

    @Override // javax.crypto.CipherSpi
    protected final int engineDoFinal(byte[] bArr, int i2, int i3, byte[] bArr2, int i4) {
        byte[] engineDoFinal = engineDoFinal(bArr, i2, i3);
        if (engineDoFinal == null) {
            return 0;
        }
        int length = bArr2.length - i4;
        if (engineDoFinal.length <= length) {
            System.arraycopy(engineDoFinal, 0, bArr2, i4, engineDoFinal.length);
            return engineDoFinal.length;
        }
        throw new ShortBufferException("Output buffer too short. Produced: " + engineDoFinal.length + ", available: " + length);
    }

    @Override // javax.crypto.CipherSpi
    protected final byte[] engineDoFinal(byte[] bArr, int i2, int i3) {
        if (this.mCachedException != null) {
            throw ((IllegalBlockSizeException) new IllegalBlockSizeException().initCause(this.mCachedException));
        }
        try {
            ensureKeystoreOperationInitialized();
            try {
                flushAAD();
                byte[] doFinal = this.mMainDataStreamer.doFinal(bArr, i2, i3, null, KeyStoreCryptoOperationUtils.getRandomBytesToMixIntoKeystoreRng(this.mRng, getAdditionalEntropyAmountForFinish()));
                resetWhilePreservingInitState();
                return doFinal;
            } catch (KeyStoreException e2) {
                int errorCode = e2.getErrorCode();
                if (errorCode == -38) {
                    throw ((BadPaddingException) new BadPaddingException().initCause(e2));
                }
                if (errorCode == -30) {
                    throw ((AEADBadTagException) new AEADBadTagException().initCause(e2));
                }
                if (errorCode != -21) {
                    throw ((IllegalBlockSizeException) new IllegalBlockSizeException().initCause(e2));
                }
                throw ((IllegalBlockSizeException) new IllegalBlockSizeException().initCause(e2));
            }
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e3) {
            throw ((IllegalBlockSizeException) new IllegalBlockSizeException().initCause(e3));
        }
    }

    @Override // javax.crypto.CipherSpi
    protected final int engineGetKeySize(Key key) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.crypto.CipherSpi
    protected abstract AlgorithmParameters engineGetParameters();

    @Override // javax.crypto.CipherSpi
    protected final void engineInit(int i2, Key key, AlgorithmParameters algorithmParameters, SecureRandom secureRandom) {
        try {
            init(i2, key, secureRandom);
            initAlgorithmSpecificParameters(algorithmParameters);
            ensureKeystoreOperationInitialized();
        } finally {
            resetAll();
        }
    }

    @Override // javax.crypto.CipherSpi
    protected final void engineInit(int i2, Key key, SecureRandom secureRandom) {
        resetAll();
        try {
            init(i2, key, secureRandom);
            initAlgorithmSpecificParameters();
            try {
                ensureKeystoreOperationInitialized();
            } catch (InvalidAlgorithmParameterException e2) {
                throw new InvalidKeyException(e2);
            }
        } catch (Throwable th) {
            resetAll();
            throw th;
        }
    }

    @Override // javax.crypto.CipherSpi
    protected final void engineInit(int i2, Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) {
        try {
            init(i2, key, secureRandom);
            initAlgorithmSpecificParameters(algorithmParameterSpec);
            ensureKeystoreOperationInitialized();
        } finally {
            resetAll();
        }
    }

    @Override // javax.crypto.CipherSpi
    protected final void engineSetMode(String str) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.crypto.CipherSpi
    protected final void engineSetPadding(String str) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.crypto.CipherSpi
    protected final Key engineUnwrap(byte[] bArr, String str, int i2) {
        if (this.mKey == null) {
            throw new IllegalStateException("Not initilized");
        }
        if (isEncrypting()) {
            throw new IllegalStateException("Cipher must be initialized in Cipher.WRAP_MODE to wrap keys");
        }
        if (bArr == null) {
            throw new NullPointerException("wrappedKey == null");
        }
        try {
            byte[] engineDoFinal = engineDoFinal(bArr, 0, bArr.length);
            if (i2 == 1) {
                try {
                    return KeyFactory.getInstance(str).generatePublic(new X509EncodedKeySpec(engineDoFinal));
                } catch (InvalidKeySpecException e2) {
                    throw new InvalidKeyException("Failed to create public key from its X.509 encoded form", e2);
                }
            }
            if (i2 == 2) {
                try {
                    return KeyFactory.getInstance(str).generatePrivate(new PKCS8EncodedKeySpec(engineDoFinal));
                } catch (InvalidKeySpecException e3) {
                    throw new InvalidKeyException("Failed to create private key from its PKCS#8 encoded form", e3);
                }
            }
            if (i2 == 3) {
                return new SecretKeySpec(engineDoFinal, str);
            }
            throw new InvalidParameterException("Unsupported wrappedKeyType: " + i2);
        } catch (BadPaddingException | IllegalBlockSizeException e4) {
            throw new InvalidKeyException("Failed to unwrap key", e4);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected final int engineUpdate(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) {
        return super.engineUpdate(byteBuffer, byteBuffer2);
    }

    @Override // javax.crypto.CipherSpi
    protected final int engineUpdate(byte[] bArr, int i2, int i3, byte[] bArr2, int i4) {
        byte[] engineUpdate = engineUpdate(bArr, i2, i3);
        if (engineUpdate == null) {
            return 0;
        }
        int length = bArr2.length - i4;
        if (engineUpdate.length <= length) {
            System.arraycopy(engineUpdate, 0, bArr2, i4, engineUpdate.length);
            return engineUpdate.length;
        }
        throw new ShortBufferException("Output buffer too short. Produced: " + engineUpdate.length + ", available: " + length);
    }

    @Override // javax.crypto.CipherSpi
    protected final byte[] engineUpdate(byte[] bArr, int i2, int i3) {
        if (this.mCachedException != null) {
            return null;
        }
        try {
            ensureKeystoreOperationInitialized();
            if (i3 == 0) {
                return null;
            }
            try {
                flushAAD();
                byte[] update = this.mMainDataStreamer.update(bArr, i2, i3);
                if (update.length == 0) {
                    return null;
                }
                return update;
            } catch (KeyStoreException e2) {
                this.mCachedException = e2;
                return null;
            }
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e3) {
            this.mCachedException = e3;
            return null;
        }
    }

    @Override // javax.crypto.CipherSpi
    protected final void engineUpdateAAD(ByteBuffer byteBuffer) {
        byte[] bArr;
        int length;
        int i2;
        if (byteBuffer == null) {
            throw new IllegalArgumentException("src == null");
        }
        if (byteBuffer.hasRemaining()) {
            if (byteBuffer.hasArray()) {
                bArr = byteBuffer.array();
                i2 = byteBuffer.arrayOffset() + byteBuffer.position();
                length = byteBuffer.remaining();
                byteBuffer.position(byteBuffer.limit());
            } else {
                bArr = new byte[byteBuffer.remaining()];
                length = bArr.length;
                byteBuffer.get(bArr);
                i2 = 0;
            }
            engineUpdateAAD(bArr, i2, length);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected final void engineUpdateAAD(byte[] bArr, int i2, int i3) {
        if (this.mCachedException != null) {
            return;
        }
        try {
            ensureKeystoreOperationInitialized();
            if (this.mAdditionalAuthenticationDataStreamerClosed) {
                throw new IllegalStateException("AAD can only be provided before Cipher.update is invoked");
            }
            KeyStoreCryptoOperationStreamer keyStoreCryptoOperationStreamer = this.mAdditionalAuthenticationDataStreamer;
            if (keyStoreCryptoOperationStreamer == null) {
                throw new IllegalStateException("This cipher does not support AAD");
            }
            try {
                byte[] update = keyStoreCryptoOperationStreamer.update(bArr, i2, i3);
                if (update == null || update.length <= 0) {
                    return;
                }
                throw new ProviderException("AAD update unexpectedly produced output: " + update.length + " bytes");
            } catch (KeyStoreException e2) {
                this.mCachedException = e2;
            }
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e3) {
            this.mCachedException = e3;
        }
    }

    @Override // javax.crypto.CipherSpi
    protected final byte[] engineWrap(Key key) {
        byte[] encoded;
        if (this.mKey == null) {
            throw new IllegalStateException("Not initilized");
        }
        if (!isEncrypting()) {
            throw new IllegalStateException("Cipher must be initialized in Cipher.WRAP_MODE to wrap keys");
        }
        if (key == null) {
            throw new NullPointerException("key == null");
        }
        if (key instanceof SecretKey) {
            encoded = "RAW".equalsIgnoreCase(key.getFormat()) ? key.getEncoded() : null;
            if (encoded == null) {
                try {
                    encoded = ((SecretKeySpec) SecretKeyFactory.getInstance(key.getAlgorithm()).getKeySpec((SecretKey) key, SecretKeySpec.class)).getEncoded();
                } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
                    throw new InvalidKeyException("Failed to wrap key because it does not export its key material", e2);
                }
            }
        } else if (key instanceof PrivateKey) {
            encoded = "PKCS8".equalsIgnoreCase(key.getFormat()) ? key.getEncoded() : null;
            if (encoded == null) {
                try {
                    encoded = ((PKCS8EncodedKeySpec) KeyFactory.getInstance(key.getAlgorithm()).getKeySpec(key, PKCS8EncodedKeySpec.class)).getEncoded();
                } catch (NoSuchAlgorithmException | InvalidKeySpecException e3) {
                    throw new InvalidKeyException("Failed to wrap key because it does not export its key material", e3);
                }
            }
        } else {
            if (!(key instanceof PublicKey)) {
                throw new InvalidKeyException("Unsupported key type: " + key.getClass().getName());
            }
            encoded = "X.509".equalsIgnoreCase(key.getFormat()) ? key.getEncoded() : null;
            if (encoded == null) {
                try {
                    encoded = ((X509EncodedKeySpec) KeyFactory.getInstance(key.getAlgorithm()).getKeySpec(key, X509EncodedKeySpec.class)).getEncoded();
                } catch (NoSuchAlgorithmException | InvalidKeySpecException e4) {
                    throw new InvalidKeyException("Failed to wrap key because it does not export its key material", e4);
                }
            }
        }
        if (encoded == null) {
            throw new InvalidKeyException("Failed to wrap key because it does not export its key material");
        }
        try {
            return engineDoFinal(encoded, 0, encoded.length);
        } catch (BadPaddingException e5) {
            throw ((IllegalBlockSizeException) new IllegalBlockSizeException().initCause(e5));
        }
    }

    public void finalize() {
        try {
            IBinder iBinder = this.mOperationToken;
            if (iBinder != null) {
                this.mKeyStore.abort(iBinder);
            }
        } finally {
            super.finalize();
        }
    }

    protected abstract int getAdditionalEntropyAmountForBegin();

    protected abstract int getAdditionalEntropyAmountForFinish();

    /* JADX INFO: Access modifiers changed from: protected */
    public final long getConsumedInputSizeBytes() {
        KeyStoreCryptoOperationStreamer keyStoreCryptoOperationStreamer = this.mMainDataStreamer;
        if (keyStoreCryptoOperationStreamer != null) {
            return keyStoreCryptoOperationStreamer.getConsumedInputSizeBytes();
        }
        throw new IllegalStateException("Not initialized");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final KeyStore getKeyStore() {
        return this.mKeyStore;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final int getKeymasterPurposeOverride() {
        return this.mKeymasterPurposeOverride;
    }

    @Override // android.security.keystore.KeyStoreCryptoOperation
    public final long getOperationHandle() {
        return this.mOperationHandle;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final long getProducedOutputSizeBytes() {
        KeyStoreCryptoOperationStreamer keyStoreCryptoOperationStreamer = this.mMainDataStreamer;
        if (keyStoreCryptoOperationStreamer != null) {
            return keyStoreCryptoOperationStreamer.getProducedOutputSizeBytes();
        }
        throw new IllegalStateException("Not initialized");
    }

    protected abstract void initAlgorithmSpecificParameters();

    protected abstract void initAlgorithmSpecificParameters(AlgorithmParameters algorithmParameters);

    protected abstract void initAlgorithmSpecificParameters(AlgorithmParameterSpec algorithmParameterSpec);

    protected abstract void initKey(int i2, Key key);

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean isEncrypting() {
        return this.mEncrypting;
    }

    protected abstract void loadAlgorithmSpecificParametersFromBeginResult(KeymasterArguments keymasterArguments);

    /* JADX INFO: Access modifiers changed from: protected */
    public void resetAll() {
        IBinder iBinder = this.mOperationToken;
        if (iBinder != null) {
            this.mKeyStore.abort(iBinder);
        }
        this.mEncrypting = false;
        this.mKeymasterPurposeOverride = -1;
        this.mKey = null;
        this.mRng = null;
        this.mOperationToken = null;
        this.mOperationHandle = 0L;
        this.mMainDataStreamer = null;
        this.mAdditionalAuthenticationDataStreamer = null;
        this.mAdditionalAuthenticationDataStreamerClosed = false;
        this.mCachedException = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void resetWhilePreservingInitState() {
        IBinder iBinder = this.mOperationToken;
        if (iBinder != null) {
            this.mKeyStore.abort(iBinder);
        }
        this.mOperationToken = null;
        this.mOperationHandle = 0L;
        this.mMainDataStreamer = null;
        this.mAdditionalAuthenticationDataStreamer = null;
        this.mAdditionalAuthenticationDataStreamerClosed = false;
        this.mCachedException = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setKey(AndroidKeyStoreKey androidKeyStoreKey) {
        this.mKey = androidKeyStoreKey;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setKeymasterPurposeOverride(int i2) {
        this.mKeymasterPurposeOverride = i2;
    }
}
