package com.microsoft.identity.common.adal.internal.cache;

import android.annotation.SuppressLint;
import android.annotation.TargetApi;
import android.content.Context;
import android.content.SharedPreferences;
import android.preference.PreferenceManager;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.adal.internal.AuthenticationSettings;
import com.microsoft.identity.common.adal.internal.util.StringExtensions;
import com.microsoft.identity.common.exception.ErrorStrings;
import com.microsoft.identity.common.internal.logging.Logger;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.DigestException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.jose4j.keys.AesKey;
import org.jose4j.mac.MacUtil;

/* loaded from: classes12.dex */
public class StorageHelper implements IStorageHelper {
    public static final int DATA_KEY_LENGTH = 16;
    public static final int HMAC_LENGTH = 32;
    public static final String VERSION_ANDROID_KEY_STORE = "A001";
    public static final String VERSION_USER_DEFINED = "U001";
    public static final boolean sShouldEncryptWithKeyStoreKey = false;

    /* renamed from: a, reason: collision with root package name */
    private final Context f81960a;

    /* renamed from: b, reason: collision with root package name */
    private final SecureRandom f81961b;

    /* renamed from: c, reason: collision with root package name */
    private IWpjTelemetryCallback f81962c;

    /* renamed from: d, reason: collision with root package name */
    private KeyPair f81963d;

    /* renamed from: e, reason: collision with root package name */
    private String f81964e;

    /* renamed from: f, reason: collision with root package name */
    private SecretKey f81965f;

    /* renamed from: g, reason: collision with root package name */
    private SecretKey f81966g;

    /* renamed from: h, reason: collision with root package name */
    private SecretKey f81967h;

    /* loaded from: classes12.dex */
    public enum EncryptionType {
        USER_DEFINED,
        ANDROID_KEY_STORE,
        UNENCRYPTED
    }

    /* loaded from: classes12.dex */
    public enum KeyType {
        LEGACY_AUTHENTICATOR_APP_KEY,
        LEGACY_COMPANY_PORTAL_KEY,
        ADAL_USER_DEFINED_KEY,
        KEYSTORE_ENCRYPTED_KEY
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes12.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f81970a;

        static {
            int[] iArr = new int[KeyType.values().length];
            f81970a = iArr;
            try {
                iArr[KeyType.LEGACY_AUTHENTICATOR_APP_KEY.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f81970a[KeyType.LEGACY_COMPANY_PORTAL_KEY.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f81970a[KeyType.ADAL_USER_DEFINED_KEY.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f81970a[KeyType.KEYSTORE_ENCRYPTED_KEY.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    public StorageHelper(@NonNull Context context) {
        this(context, null);
    }

    @SuppressLint({"TrulyRandom"})
    public StorageHelper(@NonNull Context context, @Nullable IWpjTelemetryCallback iWpjTelemetryCallback) {
        this.f81965f = null;
        this.f81966g = null;
        this.f81967h = null;
        this.f81960a = context.getApplicationContext();
        this.f81961b = new SecureRandom();
        this.f81962c = iWpjTelemetryCallback;
    }

    private void a(byte[] bArr, int i5, int i6, byte[] bArr2) throws DigestException {
        if (bArr2.length != i6 - i5) {
            throw new IllegalArgumentException("Unexpected HMAC length");
        }
        byte b6 = 0;
        for (int i7 = i5; i7 < i6; i7++) {
            b6 = (byte) (b6 | (bArr2[i7 - i5] ^ bArr[i7]));
        }
        if (b6 != 0) {
            throw new DigestException();
        }
    }

    @NonNull
    private String b(@NonNull byte[] bArr, @NonNull SecretKey secretKey) throws GeneralSecurityException, IOException {
        SecretKey g5 = g(secretKey);
        int length = bArr.length;
        int i5 = length - 48;
        int length2 = bArr.length - 32;
        int i6 = length - 52;
        if (i5 < 0 || length2 < 0 || i6 < 0) {
            throw new IOException("Invalid byte array input for decryption.");
        }
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        Mac mac = Mac.getInstance(MacUtil.HMAC_SHA256);
        mac.init(g5);
        mac.update(bArr, 0, length2);
        a(bArr, length2, bArr.length, mac.doFinal());
        cipher.init(2, secretKey, new IvParameterSpec(bArr, i5, 16));
        return new String(cipher.doFinal(bArr, 4, i6), "UTF-8");
    }

    private void c(@NonNull KeyType keyType, @NonNull Exception exc) {
        SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(this.f81960a);
        String string = defaultSharedPreferences.getString("current_active_broker", "");
        String packageName = this.f81960a.getPackageName();
        if (string.equalsIgnoreCase(packageName)) {
            return;
        }
        String str = "Decryption failed with key: " + keyType.name() + " Active broker: " + packageName + " Exception: " + exc.toString();
        Logger.info("StorageHelper:emitDecryptionFailureTelemetryIfNeeded", str);
        IWpjTelemetryCallback iWpjTelemetryCallback = this.f81962c;
        if (iWpjTelemetryCallback != null) {
            iWpjTelemetryCallback.logEvent(this.f81960a, AuthenticationConstants.TelemetryEvents.DECRYPTION_ERROR, Boolean.TRUE, str);
        }
        defaultSharedPreferences.edit().putString("current_active_broker", packageName).apply();
    }

    @TargetApi(18)
    private synchronized KeyPair d() throws GeneralSecurityException, IOException {
        KeyPair generateKeyPair;
        try {
            n(":generateKeyPairFromAndroidKeyStore", AuthenticationConstants.TelemetryEvents.KEYCHAIN_WRITE_START);
            KeyStore.getInstance("AndroidKeyStore").load(null);
            Logger.verbose("StorageHelper:generateKeyPairFromAndroidKeyStore", "Generate KeyPair from AndroidKeyStore");
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 100);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(h(this.f81960a, calendar.getTime(), calendar2.getTime()));
            generateKeyPair = keyPairGenerator.generateKeyPair();
            o(":generateKeyPairFromAndroidKeyStore", AuthenticationConstants.TelemetryEvents.KEYCHAIN_WRITE_END, "");
        } catch (IOException e6) {
            e = e6;
            m(":generateKeyPairFromAndroidKeyStore", AuthenticationConstants.TelemetryEvents.KEYCHAIN_WRITE_END, e.toString(), e);
            throw e;
        } catch (IllegalStateException e7) {
            m(":generateKeyPairFromAndroidKeyStore", AuthenticationConstants.TelemetryEvents.KEYCHAIN_WRITE_END, e7.toString(), e7);
            throw new KeyStoreException(e7);
        } catch (GeneralSecurityException e8) {
            e = e8;
            m(":generateKeyPairFromAndroidKeyStore", AuthenticationConstants.TelemetryEvents.KEYCHAIN_WRITE_END, e.toString(), e);
            throw e;
        }
        return generateKeyPair;
    }

    private byte[] e(@NonNull String str) {
        char charAt = str.charAt(0);
        s(str, charAt - 'a');
        return Base64.decode(str.substring(charAt - '`'), 0);
    }

    private char f() {
        return (char) 99;
    }

    private SecretKey g(SecretKey secretKey) throws NoSuchAlgorithmException {
        byte[] encoded = secretKey.getEncoded();
        return encoded != null ? new SecretKeySpec(MessageDigest.getInstance("SHA256").digest(encoded), AesKey.ALGORITHM) : secretKey;
    }

    @TargetApi(18)
    private AlgorithmParameterSpec h(Context context, Date date, Date date2) {
        return new KeyPairGeneratorSpec.Builder(context).setAlias("AdalKey").setSubject(new X500Principal(String.format(Locale.ROOT, "CN=%s, OU=%s", "AdalKey", getPackageName()))).setSerialNumber(BigInteger.ONE).setStartDate(date).setEndDate(date2).build();
    }

    private static SecretKey i(byte[] bArr) {
        if (bArr != null) {
            return new SecretKeySpec(bArr, AesKey.ALGORITHM);
        }
        throw new IllegalArgumentException("rawBytes");
    }

    @Nullable
    @TargetApi(18)
    private synchronized SecretKey j() throws GeneralSecurityException, IOException {
        Logger.verbose("StorageHelper:getUnwrappedSecretKey", "Reading SecretKey");
        byte[] p5 = p();
        if (p5 == null) {
            Logger.verbose("StorageHelper:getUnwrappedSecretKey", "Key data is null");
            return null;
        }
        KeyPair q5 = q();
        this.f81963d = q5;
        if (q5 == null) {
            return null;
        }
        SecretKey r5 = r(p5);
        Logger.verbose("StorageHelper:getUnwrappedSecretKey", "Finished reading SecretKey");
        return r5;
    }

    @Nullable
    private synchronized SecretKey k() throws GeneralSecurityException, IOException {
        SecretKey secretKey = this.f81967h;
        if (secretKey != null) {
            return secretKey;
        }
        try {
            SecretKey j5 = j();
            this.f81967h = j5;
            return j5;
        } catch (IOException | GeneralSecurityException e6) {
            Logger.error("StorageHelper:loadKeyStoreEncryptedKey", ErrorStrings.ANDROIDKEYSTORE_FAILED, e6);
            this.f81963d = null;
            this.f81967h = null;
            deleteKeyFile();
            resetKeyPairFromAndroidKeyStore();
            throw e6;
        }
    }

    private void l(@NonNull String str, @NonNull String str2, @NonNull boolean z5, @NonNull String str3) {
        Logger.verbose("StorageHelper" + str, str2 + ": " + str3);
        IWpjTelemetryCallback iWpjTelemetryCallback = this.f81962c;
        if (iWpjTelemetryCallback != null) {
            iWpjTelemetryCallback.logEvent(this.f81960a, str2, Boolean.valueOf(z5), str3);
        }
    }

    private void m(@NonNull String str, @NonNull String str2, @NonNull String str3, @Nullable Exception exc) {
        Logger.error("StorageHelper" + str, str2 + " failed: " + str3, exc);
        IWpjTelemetryCallback iWpjTelemetryCallback = this.f81962c;
        if (iWpjTelemetryCallback != null) {
            iWpjTelemetryCallback.logEvent(this.f81960a, str2, Boolean.TRUE, str3);
        }
    }

    private void n(@NonNull String str, @NonNull String str2) {
        Logger.verbose("StorageHelper" + str, str2 + " started.");
        IWpjTelemetryCallback iWpjTelemetryCallback = this.f81962c;
        if (iWpjTelemetryCallback != null) {
            iWpjTelemetryCallback.logEvent(this.f81960a, str2, Boolean.FALSE, "");
        }
    }

    private void o(@NonNull String str, @NonNull String str2, @NonNull String str3) {
        Logger.verbose("StorageHelper" + str, str2 + " successfully finished: " + str3);
        IWpjTelemetryCallback iWpjTelemetryCallback = this.f81962c;
        if (iWpjTelemetryCallback != null) {
            iWpjTelemetryCallback.logEvent(this.f81960a, str2, Boolean.FALSE, str3);
        }
    }

    @Nullable
    private byte[] p() throws IOException {
        File file = new File(this.f81960a.getDir(getPackageName(), 0), "adalks");
        if (!file.exists()) {
            return null;
        }
        Logger.verbose("StorageHelper:readKeyData", "Reading key data from a file");
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[1024];
            while (true) {
                int read = fileInputStream.read(bArr);
                if (read == -1) {
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    fileInputStream.close();
                    return byteArray;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    @Nullable
    private synchronized KeyPair q() throws GeneralSecurityException, IOException {
        Logger.verbose("StorageHelper:readKeyPair", "Reading Key entry");
        try {
            n(":readKeyPair", AuthenticationConstants.TelemetryEvents.KEYCHAIN_READ_START);
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Certificate certificate = keyStore.getCertificate("AdalKey");
            Key key = keyStore.getKey("AdalKey", null);
            if (certificate != null && key != null) {
                KeyPair keyPair = new KeyPair(certificate.getPublicKey(), (PrivateKey) key);
                o(":readKeyPair", AuthenticationConstants.TelemetryEvents.KEYCHAIN_READ_END, "KeyStore KeyPair is loaded.");
                return keyPair;
            }
            o(":readKeyPair", AuthenticationConstants.TelemetryEvents.KEYCHAIN_READ_END, "KeyStore is empty.");
            Logger.verbose("StorageHelper:readKeyPair", "Key entry doesn't exist.");
            return null;
        } catch (IOException e6) {
            e = e6;
            m(":readKeyPair", AuthenticationConstants.TelemetryEvents.KEYCHAIN_READ_END, e.toString(), e);
            throw e;
        } catch (RuntimeException e7) {
            m(":readKeyPair", AuthenticationConstants.TelemetryEvents.KEYCHAIN_READ_END, e7.toString(), e7);
            throw new KeyStoreException(e7);
        } catch (GeneralSecurityException e8) {
            e = e8;
            m(":readKeyPair", AuthenticationConstants.TelemetryEvents.KEYCHAIN_READ_END, e.toString(), e);
            throw e;
        }
    }

    @SuppressLint({"GetInstance"})
    @TargetApi(18)
    private SecretKey r(byte[] bArr) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(4, this.f81963d.getPrivate());
        try {
            return (SecretKey) cipher.unwrap(bArr, AesKey.ALGORITHM, 3);
        } catch (IllegalArgumentException e6) {
            throw new KeyStoreException(e6);
        }
    }

    private void s(String str, int i5) {
        if (i5 <= 0) {
            throw new IllegalArgumentException(String.format("Encode version length: '%s' is not valid, it must be greater of equal to 0", Integer.valueOf(i5)));
        }
        if (!str.substring(1, i5 + 1).equals("E1")) {
            throw new IllegalArgumentException(String.format("Unsupported encode version received. Encode version supported is: '%s'", "E1"));
        }
    }

    @SuppressLint({"GetInstance"})
    @TargetApi(18)
    private byte[] t(SecretKey secretKey) throws GeneralSecurityException {
        Logger.verbose("StorageHelper:wrap", "Wrap secret key.");
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(3, this.f81963d.getPublic());
        return cipher.wrap(secretKey);
    }

    private void u(byte[] bArr) throws IOException {
        Logger.verbose("StorageHelper:writeKeyData", "Writing key data to a file");
        FileOutputStream fileOutputStream = new FileOutputStream(new File(this.f81960a.getDir(getPackageName(), 0), "adalks"));
        try {
            fileOutputStream.write(bArr);
        } finally {
            fileOutputStream.close();
        }
    }

    @Override // com.microsoft.identity.common.adal.internal.cache.IStorageHelper
    public String decrypt(String str) throws GeneralSecurityException, IOException {
        SecretKey loadSecretKey;
        Logger.verbose("StorageHelper:decrypt", "Starting decryption");
        if (StringExtensions.isNullOrBlank(str)) {
            throw new IllegalArgumentException("Input is empty or null");
        }
        if (getEncryptionType(str) == EncryptionType.UNENCRYPTED) {
            Logger.warn("StorageHelper:decrypt", "This string is not encrypted. Finished decryption.");
            return str;
        }
        if (this.f81962c != null) {
            try {
                if (loadSecretKey(KeyType.KEYSTORE_ENCRYPTED_KEY) == null) {
                    this.f81962c.logEvent(this.f81960a, ":decrypt", Boolean.FALSE, "KEY_DECRYPTION_KEYSTORE_KEY_NOT_INITIALIZED");
                }
            } catch (Exception unused) {
                this.f81962c.logEvent(this.f81960a, ":decrypt", Boolean.FALSE, "KEY_DECRYPTION_KEYSTORE_KEY_FAILED_TO_LOAD");
            }
        }
        List<KeyType> keysForDecryptionType = getKeysForDecryptionType(str, getPackageName());
        byte[] e6 = e(str);
        for (KeyType keyType : keysForDecryptionType) {
            try {
                loadSecretKey = loadSecretKey(keyType);
            } catch (IOException | GeneralSecurityException e7) {
                c(keyType, e7);
            }
            if (loadSecretKey != null) {
                String b6 = b(e6, loadSecretKey);
                Logger.verbose("StorageHelper:decrypt", "Finished decryption with keyType:" + keyType.name());
                return b6;
            }
        }
        Logger.info("StorageHelper:decrypt", "Tried all decryption keys and decryption still fails. Throw an exception.");
        throw new GeneralSecurityException(ErrorStrings.DECRYPTION_FAILED);
    }

    public void deleteKeyFile() {
        File file = new File(this.f81960a.getDir(getPackageName(), 0), "adalks");
        if (file.exists()) {
            Logger.verbose("StorageHelper:deleteKeyFile", "Delete KeyFile");
            if (file.delete()) {
                return;
            }
            Logger.verbose("StorageHelper:deleteKeyFile", "Delete KeyFile failed");
        }
    }

    public SecretKey deserializeSecretKey(@NonNull String str) {
        return i(Base64.decode(str, 0));
    }

    @Override // com.microsoft.identity.common.adal.internal.cache.IStorageHelper
    public String encrypt(String str) throws GeneralSecurityException, IOException {
        if (StringExtensions.isNullOrBlank(str)) {
            throw new IllegalArgumentException("Input is empty or null");
        }
        Logger.verbose("StorageHelper:encrypt", "Starting encryption");
        SecretKey loadSecretKeyForEncryption = loadSecretKeyForEncryption();
        this.f81965f = loadSecretKeyForEncryption;
        this.f81966g = g(loadSecretKeyForEncryption);
        Logger.verbose("StorageHelper:encrypt", "Encrypt version:" + this.f81964e);
        byte[] bytes = this.f81964e.getBytes("UTF-8");
        byte[] bytes2 = str.getBytes("UTF-8");
        byte[] bArr = new byte[16];
        this.f81961b.nextBytes(bArr);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        Mac mac = Mac.getInstance(MacUtil.HMAC_SHA256);
        cipher.init(1, this.f81965f, ivParameterSpec);
        byte[] doFinal = cipher.doFinal(bytes2);
        mac.init(this.f81966g);
        mac.update(bytes);
        mac.update(doFinal);
        mac.update(bArr);
        byte[] doFinal2 = mac.doFinal();
        byte[] bArr2 = new byte[bytes.length + doFinal.length + 16 + doFinal2.length];
        System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
        System.arraycopy(doFinal, 0, bArr2, bytes.length, doFinal.length);
        System.arraycopy(bArr, 0, bArr2, bytes.length + doFinal.length, 16);
        System.arraycopy(doFinal2, 0, bArr2, bytes.length + doFinal.length + 16, doFinal2.length);
        String str2 = new String(Base64.encode(bArr2, 2), "UTF-8");
        Logger.verbose("StorageHelper:encrypt", "Finished encryption");
        return f() + "E1" + str2;
    }

    public synchronized SecretKey generateKeyStoreEncryptedKey() throws GeneralSecurityException, IOException {
        SecretKey generateSecretKey = generateSecretKey();
        this.f81967h = generateSecretKey;
        saveKeyStoreEncryptedKey(generateSecretKey);
        l(":generateKeyStoreEncryptedKey", AuthenticationConstants.TelemetryEvents.KEY_CREATED, false, "New key is generated.");
        return this.f81967h;
    }

    protected SecretKey generateSecretKey() throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(AesKey.ALGORITHM);
        keyGenerator.init(256, this.f81961b);
        return keyGenerator.generateKey();
    }

    public EncryptionType getEncryptionType(@NonNull String str) throws UnsupportedEncodingException {
        try {
            try {
                String str2 = new String(e(str), 0, 4, "UTF-8");
                return VERSION_USER_DEFINED.equalsIgnoreCase(str2) ? EncryptionType.USER_DEFINED : VERSION_ANDROID_KEY_STORE.equalsIgnoreCase(str2) ? EncryptionType.ANDROID_KEY_STORE : EncryptionType.UNENCRYPTED;
            } catch (UnsupportedEncodingException e6) {
                Logger.error("StorageHelper:getEncryptionType", "Failed to extract keyVersion.", e6);
                throw e6;
            }
        } catch (Exception e7) {
            Logger.error("StorageHelper:getEncryptionType", "This data is not an encrypted blob. Treat as unencrypted data.", e7);
            return EncryptionType.UNENCRYPTED;
        }
    }

    @NonNull
    public List<KeyType> getKeysForDecryptionType(@NonNull String str, @NonNull String str2) throws IOException {
        ArrayList arrayList = new ArrayList();
        EncryptionType encryptionType = getEncryptionType(str);
        if (encryptionType == EncryptionType.USER_DEFINED) {
            if (AuthenticationSettings.INSTANCE.getSecretKeyData() != null) {
                arrayList.add(KeyType.ADAL_USER_DEFINED_KEY);
            } else if ("com.microsoft.windowsintune.companyportal".equalsIgnoreCase(str2)) {
                arrayList.add(KeyType.LEGACY_COMPANY_PORTAL_KEY);
                arrayList.add(KeyType.LEGACY_AUTHENTICATOR_APP_KEY);
            } else if (AuthenticationConstants.Broker.AZURE_AUTHENTICATOR_APP_PACKAGE_NAME.equalsIgnoreCase(str2)) {
                arrayList.add(KeyType.LEGACY_AUTHENTICATOR_APP_KEY);
                arrayList.add(KeyType.LEGACY_COMPANY_PORTAL_KEY);
            }
        } else if (encryptionType == EncryptionType.ANDROID_KEY_STORE) {
            arrayList.add(KeyType.KEYSTORE_ENCRYPTED_KEY);
        }
        return arrayList;
    }

    protected String getPackageName() {
        return this.f81960a.getPackageName();
    }

    @Nullable
    public SecretKey loadSecretKey(@NonNull KeyType keyType) throws IOException, GeneralSecurityException {
        int i5 = a.f81970a[keyType.ordinal()];
        if (i5 == 1) {
            return i(AuthenticationSettings.INSTANCE.getBrokerSecretKeys().get(AuthenticationConstants.Broker.AZURE_AUTHENTICATOR_APP_PACKAGE_NAME));
        }
        if (i5 == 2) {
            return i(AuthenticationSettings.INSTANCE.getBrokerSecretKeys().get("com.microsoft.windowsintune.companyportal"));
        }
        if (i5 == 3) {
            return i(AuthenticationSettings.INSTANCE.getSecretKeyData());
        }
        if (i5 == 4) {
            return k();
        }
        Logger.verbose("StorageHelper:loadSecretKey", "Unknown KeyType. This code should never be reached.");
        throw new GeneralSecurityException("unknown_error");
    }

    @Override // com.microsoft.identity.common.adal.internal.cache.IStorageHelper
    public synchronized SecretKey loadSecretKeyForEncryption() throws IOException, GeneralSecurityException {
        SecretKey secretKey = this.f81965f;
        if (secretKey != null && this.f81966g != null) {
            return secretKey;
        }
        AuthenticationSettings authenticationSettings = AuthenticationSettings.INSTANCE;
        if (authenticationSettings.getBrokerSecretKeys().containsKey(getPackageName())) {
            if (this.f81962c != null) {
                try {
                    if (loadSecretKey(KeyType.KEYSTORE_ENCRYPTED_KEY) == null) {
                        this.f81962c.logEvent(this.f81960a, ":loadSecretKeyForEncryption", Boolean.FALSE, "KEY_ENCRYPTION_KEYSTORE_KEY_NOT_INITIALIZED");
                    }
                } catch (Exception unused) {
                    this.f81962c.logEvent(this.f81960a, ":loadSecretKeyForEncryption", Boolean.FALSE, "KEY_ENCRYPTION_KEYSTORE_KEY_FAILED_TO_LOAD");
                }
            }
            setBlobVersion(VERSION_USER_DEFINED);
            if (AuthenticationConstants.Broker.AZURE_AUTHENTICATOR_APP_PACKAGE_NAME.equalsIgnoreCase(getPackageName())) {
                return loadSecretKey(KeyType.LEGACY_AUTHENTICATOR_APP_KEY);
            }
            return loadSecretKey(KeyType.LEGACY_COMPANY_PORTAL_KEY);
        }
        if (authenticationSettings.getSecretKeyData() != null) {
            setBlobVersion(VERSION_USER_DEFINED);
            return loadSecretKey(KeyType.ADAL_USER_DEFINED_KEY);
        }
        setBlobVersion(VERSION_ANDROID_KEY_STORE);
        try {
            SecretKey loadSecretKey = loadSecretKey(KeyType.KEYSTORE_ENCRYPTED_KEY);
            if (loadSecretKey != null) {
                return loadSecretKey;
            }
        } catch (IOException | GeneralSecurityException unused2) {
        }
        Logger.verbose("StorageHelper:loadSecretKeyForEncryption", "Keystore-encrypted key does not exist, try to generate new keys.");
        return generateKeyStoreEncryptedKey();
    }

    @TargetApi(18)
    protected synchronized void resetKeyPairFromAndroidKeyStore() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        keyStore.deleteEntry("AdalKey");
    }

    public void saveKeyStoreEncryptedKey(@NonNull SecretKey secretKey) throws GeneralSecurityException, IOException {
        if (this.f81963d == null) {
            this.f81963d = d();
        }
        u(t(secretKey));
    }

    public String serializeSecretKey(@NonNull SecretKey secretKey) {
        return Base64.encodeToString(secretKey.getEncoded(), 0);
    }

    protected void setBlobVersion(@NonNull String str) {
        this.f81964e = str;
    }
}
