package com.samsung.android.service.health.security;

import android.content.Context;
import android.os.Bundle;
import android.text.TextUtils;
import com.americanwell.sdk.manager.ValidationConstants;
import com.samsung.android.sdk.healthdata.privileged.datamigration.DataMigrationControl;
import com.samsung.android.sdk.healthdata.privileged.util.EventLog;
import com.samsung.android.sdk.healthdata.privileged.util.LogUtil;
import com.samsung.android.sdk.healthdata.privileged.util.ModelUtil;
import com.samsung.android.sdk.healthdata.privileged.util.ServiceLog;
import com.samsung.android.service.health.data.LegacyCommon;
import java.io.IOException;
import java.util.Arrays;

/* loaded from: classes9.dex */
final class SecureStorageKeyRepository implements KeyRepository {
    private final Context mContext;
    private byte[] mDbKey;
    private static final String TAG = LogUtil.makeTag("SecureStorageKeyRepository");
    private static final Object OP_LOCK = new Object();
    private static final Integer RETRY_COUNT = 5;
    private static final Integer RETRY_DELAY = Integer.valueOf(ValidationConstants.MAXIMUM_WEIGHT);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes9.dex */
    public enum SecureStorageStatus {
        SS_TRUE,
        SS_FALSE,
        SS_UNCLEAR_FALSE
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecureStorageKeyRepository(Context context) {
        this.mContext = context;
    }

    private byte[] checkDbKeyFromSecureStorage() {
        byte[] bArr;
        Context context = this.mContext;
        int intValue = RETRY_COUNT.intValue();
        int i = 0;
        while (true) {
            bArr = null;
            if (i >= intValue) {
                break;
            }
            Bundle call = context.getContentResolver().call(LegacyCommon.TRUSTZONE_AUTHORITY_URI, "get_secure_password", (String) null, (Bundle) null);
            if (call != null) {
                String string = call.getString("ss_err_message");
                if (string != null && !string.isEmpty()) {
                    ServiceLog.doLoggingWithThreshold(context, string, ServiceLog.LogCategory.ERR_SecureStorage);
                }
                bArr = call.getByteArray("value_of_password");
            } else {
                i++;
            }
        }
        if (i > 0) {
            ServiceLog.doLoggingWithThreshold(context, "KeyGenSS3:" + (bArr != null) + '(' + i + ')', ServiceLog.LogCategory.ERR_KM);
        }
        return bArr;
    }

    private static SecureStorageStatus checkSecureStorageSupported(Context context, boolean z) {
        try {
            LogUtil.LOGD(TAG, "Start to checking isSecureStorageSupported from health service");
            Bundle call = context.getContentResolver().call(LegacyCommon.TRUSTZONE_AUTHORITY_URI, "secure_storage_support", (String) null, (Bundle) null);
            if (call != null) {
                String string = call.getString("ss_err_message");
                if (!TextUtils.isEmpty(string)) {
                    ServiceLog.doLoggingWithThreshold(context, string, ServiceLog.LogCategory.ERR_SecureStorage);
                }
                return call.getBoolean("boolean_secure_storage_support") ? SecureStorageStatus.SS_TRUE : SecureStorageStatus.SS_FALSE;
            }
        } catch (IllegalArgumentException e) {
            String message = e.getMessage();
            if (message == null || !message.contains("Unknown URI")) {
                ServiceLog.doLoggingWithThreshold(context, "isSSS_Other" + message, ServiceLog.LogCategory.ERR_KM);
                LogUtil.LOGE(TAG, "Checking secure storage support failed : " + message);
            } else {
                ServiceLog.doLoggingWithThreshold(context, "isSSS_UnknownURI", ServiceLog.LogCategory.ERR_KM);
                LogUtil.LOGD(TAG, "HealthService's CP is not ready : " + message);
            }
        } catch (SecurityException e2) {
            LogUtil.LOGD(TAG, "HealthService denied to access : " + e2.getMessage());
            return SecureStorageStatus.SS_FALSE;
        } catch (Exception e3) {
            ServiceLog.doLoggingWithThreshold(context, "isSSS0" + e3.getMessage(), ServiceLog.LogCategory.ERR_KM);
            LogUtil.LOGE(TAG, "Checking secure storage support failed : " + e3.getMessage());
        }
        return SecureStorageStatus.SS_UNCLEAR_FALSE;
    }

    private byte[] getDbKeyFromSecureStorage() {
        byte[] bArr;
        try {
            bArr = checkDbKeyFromSecureStorage();
        } catch (Exception unused) {
            bArr = null;
        }
        if (bArr == null) {
            return null;
        }
        if (KeyMdFile.isDifferentWithStoredMd(this.mContext, bArr, true)) {
            ServiceLog.doLoggingWithThreshold(this.mContext, "KeyChanged", ServiceLog.LogCategory.ERR_SecureStorage);
        }
        if (DbChecker.isDbKeyValid(this.mContext, bArr, null)) {
            return bArr;
        }
        ServiceLog.doLoggingWithThreshold(this.mContext, "KeyChangedWrong", ServiceLog.LogCategory.ERR_SecureStorage);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isSecureStorageSupported(Context context) {
        boolean isSecureStorageSupported;
        synchronized (OP_LOCK) {
            isSecureStorageSupported = isSecureStorageSupported(context, RETRY_COUNT.intValue(), RETRY_DELAY.intValue());
        }
        return isSecureStorageSupported;
    }

    private static boolean isSecureStorageSupported(Context context, int i, int i2) {
        if (!ModelUtil.isSsSupportedModel(context)) {
            LogUtil.LOGD(TAG, "This model is not supported by secure storage");
            return false;
        }
        SecureStorageStatus secureStorageStatus = SecureStorageStatus.SS_UNCLEAR_FALSE;
        int i3 = 0;
        while (i3 < i) {
            secureStorageStatus = checkSecureStorageSupported(context, false);
            if (secureStorageStatus != SecureStorageStatus.SS_UNCLEAR_FALSE) {
                break;
            }
            try {
                Thread.sleep(i2);
            } catch (InterruptedException unused) {
            }
            i3++;
        }
        if (i3 >= i) {
            ServiceLog.doLoggingWithThreshold(context, "isSSS0_FinalCheck", ServiceLog.LogCategory.ERR_KM);
        }
        boolean z = secureStorageStatus == SecureStorageStatus.SS_TRUE;
        LogUtil.LOGD(TAG, "Checking isSecureStorageSupported : " + z);
        return z;
    }

    private byte[] setKrmToSs() {
        byte[] bArr;
        try {
            bArr = checkDbKeyFromSecureStorage();
        } catch (Exception unused) {
            bArr = null;
        }
        if (bArr == null) {
            if (DataMigrationControl.isMigrationRequired(this.mContext)) {
                byte[] up = new DefaultPasswordKeyRepository(this.mContext).setUp();
                if (up != null) {
                    EventLog.print(this.mContext, "KM_MIG : DB state default");
                } else {
                    ServiceLog.doLoggingWithThreshold(this.mContext, "KgetSSKS_GoToDPW_Fail", ServiceLog.LogCategory.ERR_KM);
                    EventLog.print(this.mContext, "KM_MIG : DB state default fails");
                }
                return up;
            }
            Bundle call = this.mContext.getContentResolver().call(LegacyCommon.TRUSTZONE_AUTHORITY_URI, "create_secure_password", (String) null, (Bundle) null);
            if (call != null) {
                String string = call.getString("ss_err_message");
                if (string != null && !string.isEmpty()) {
                    ServiceLog.doLoggingWithThreshold(this.mContext, string, ServiceLog.LogCategory.ERR_SecureStorage);
                }
                bArr = call.getByteArray("value_of_password");
            } else {
                bArr = null;
            }
            if (bArr == null) {
                ServiceLog.doLoggingWithThreshold(this.mContext, "KeyGenSS1", ServiceLog.LogCategory.ERR_KM);
            } else if (Arrays.equals(bArr, checkDbKeyFromSecureStorage())) {
                EventLog.print(this.mContext, "SS key is generated");
                ServiceLog.doLoggingWithThreshold(this.mContext, "SSNewKeyCreated", ServiceLog.LogCategory.ERR_KM);
            } else {
                ServiceLog.doLoggingWithThreshold(this.mContext, "KeyGenSS2", ServiceLog.LogCategory.ERR_KM);
            }
            bArr = null;
        }
        if (bArr != null) {
            try {
                KeyMdFile.writeMdFirst(this.mContext, bArr, "ss_key_md");
            } catch (IOException unused2) {
            }
        }
        return bArr;
    }

    @Override // com.samsung.android.service.health.security.KeyRepository
    public final byte[] retrieve() {
        synchronized (OP_LOCK) {
            if (this.mDbKey == null) {
                this.mDbKey = getDbKeyFromSecureStorage();
            }
        }
        return this.mDbKey;
    }

    public final byte[] setUp() {
        byte[] krmToSs;
        synchronized (OP_LOCK) {
            krmToSs = setKrmToSs();
        }
        return krmToSs;
    }
}
