package de.jepfa.yapm.service.secret;

import android.app.KeyguardManager;
import android.content.Context;
import android.os.Build;
import android.os.SystemClock;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.StrongBoxUnavailableException;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Log;
import androidx.constraintlayout.core.motion.utils.TypedValues;
import androidx.lifecycle.CoroutineLiveDataKt;
import de.jepfa.yapm.model.Validable;
import de.jepfa.yapm.model.encrypted.CipherAlgorithm;
import de.jepfa.yapm.model.encrypted.CipherAlgorithmKt;
import de.jepfa.yapm.model.encrypted.Encrypted;
import de.jepfa.yapm.model.encrypted.EncryptedType;
import de.jepfa.yapm.model.secret.Key;
import de.jepfa.yapm.model.secret.Password;
import de.jepfa.yapm.model.secret.SecretKeyHolder;
import de.jepfa.yapm.model.session.Session;
import de.jepfa.yapm.service.PreferenceService;
import de.jepfa.yapm.service.biometrix.BiometricUtils;
import de.jepfa.yapm.ui.nfc.NfcActivity;
import de.jepfa.yapm.util.Constants;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.StringsKt;

/* compiled from: SecretService.kt */
@Metadata(d1 = {"\u0000\u009c\u0001\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0003\n\u0002\u0010\t\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u000f\n\u0002\u0010\b\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\b\bÆ\u0002\u0018\u00002\u00020\u0001:\u0001TB\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0016\u0010\u000e\u001a\u00020\r2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0012J\u0006\u0010\u0013\u001a\u00020\u0014J\u001e\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u00162\u0006\u0010\u0018\u001a\u00020\u00162\u0006\u0010\u0019\u001a\u00020\u000bJ\u001e\u0010\u001a\u001a\u00020\u00102\u0006\u0010\u001b\u001a\u00020\u000b2\u0006\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u0011\u001a\u00020\u0012J\u0016\u0010\u001e\u001a\u00020\u00042\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u001f\u001a\u00020 J\u0018\u0010!\u001a\u00020\"2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u001f\u001a\u00020 H\u0002J\u0016\u0010#\u001a\u00020 2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u001f\u001a\u00020 J\u0016\u0010$\u001a\u00020\u000b2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u001f\u001a\u00020 J\u001d\u0010%\u001a\u0004\u0018\u00010&2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u001f\u001a\u00020 ¢\u0006\u0002\u0010'J\u0016\u0010(\u001a\u00020\u00162\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u001f\u001a\u00020 J\"\u0010)\u001a\u00020 2\u0006\u0010\u000f\u001a\u00020\u00102\b\u0010*\u001a\u0004\u0018\u00010+2\u0006\u0010\u001b\u001a\u00020\"H\u0002J\u0016\u0010,\u001a\u00020 2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010-\u001a\u00020\u0004J\"\u0010.\u001a\u00020 2\b\u0010*\u001a\u0004\u0018\u00010+2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u001b\u001a\u00020\"H\u0002J\u0016\u0010/\u001a\u00020 2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u001f\u001a\u00020 J\u001e\u00100\u001a\u00020 2\u0006\u0010*\u001a\u00020+2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u00101\u001a\u00020\u000bJ\u0016\u00100\u001a\u00020 2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u00101\u001a\u00020\u000bJ\u0016\u00102\u001a\u00020 2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u00103\u001a\u00020&J\u001e\u00104\u001a\u00020 2\u0006\u0010*\u001a\u00020+2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u00105\u001a\u00020\u0016J\u0016\u00104\u001a\u00020 2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u00105\u001a\u00020\u0016J\u0016\u00106\u001a\u00020\u000b2\u0006\u0010\u001b\u001a\u00020\"2\u0006\u0010\u0019\u001a\u00020\u000bJ&\u00107\u001a\u00020\u00102\u0006\u0010\u001b\u001a\u00020\u000b2\u0006\u0010\u0019\u001a\u00020\u000b2\u0006\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u0011\u001a\u00020\u0012J&\u00108\u001a\u00020\u00102\u0006\u00105\u001a\u00020\u00162\u0006\u0010\u0019\u001a\u00020\u000b2\u0006\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u0011\u001a\u00020\u0012J.\u00109\u001a\u00020\u00102\u0006\u00105\u001a\u00020\u00162\u0006\u0010\u0019\u001a\u00020\u000b2\u0006\u0010:\u001a\u00020;2\u0006\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u0011\u001a\u00020\u0012J\u0018\u0010<\u001a\u00020\u000b2\u0006\u0010=\u001a\u00020;2\b\u0010\u0011\u001a\u0004\u0018\u00010\u0012J&\u0010>\u001a\u00020\u00102\u0006\u00105\u001a\u00020\u00162\u0006\u0010\u0019\u001a\u00020\u000b2\u0006\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u0011\u001a\u00020\u0012J\u0016\u0010?\u001a\u00020\u00102\u0006\u0010@\u001a\u00020A2\u0006\u0010\u0011\u001a\u00020\u0012J\u000e\u0010B\u001a\u00020\u001d2\u0006\u0010\u0011\u001a\u00020\u0012J\u0012\u0010C\u001a\u0004\u0018\u00010D2\u0006\u0010\u000f\u001a\u00020\u0010H\u0002J\u0010\u0010E\u001a\u00020\t2\b\u0010\u0011\u001a\u0004\u0018\u00010\u0012J\u000e\u0010F\u001a\u00020\r2\u0006\u0010\u0011\u001a\u00020\u0012J\u0018\u0010G\u001a\u00020H2\u0006\u0010@\u001a\u00020A2\u0006\u0010\u0011\u001a\u00020\u0012H\u0002J\u0018\u0010I\u001a\u00020H2\u0006\u0010J\u001a\u00020K2\u0006\u0010L\u001a\u00020MH\u0002J\u0012\u0010N\u001a\u00020\u00142\b\u0010\u0011\u001a\u0004\u0018\u00010\u0012H\u0002J\u000e\u0010O\u001a\u00020\u00142\u0006\u0010\u0011\u001a\u00020\u0012J\u000e\u0010P\u001a\u00020\u00142\u0006\u0010@\u001a\u00020AJ\u0016\u0010Q\u001a\u00020\u000b2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0019\u001a\u00020\u000bJ\u0018\u0010R\u001a\u00020\u00142\b\u0010S\u001a\u0004\u0018\u00010\u000b2\u0006\u0010\u0011\u001a\u00020\u0012R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082D¢\u0006\u0002\n\u0000R\u0016\u0010\u0005\u001a\n \u0007*\u0004\u0018\u00010\u00060\u0006X\u0082\u0004¢\u0006\u0002\n\u0000R\u0010\u0010\b\u001a\u0004\u0018\u00010\tX\u0082\u000e¢\u0006\u0002\n\u0000R\u0010\u0010\n\u001a\u0004\u0018\u00010\u000bX\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\rX\u0082\u000e¢\u0006\u0002\n\u0000¨\u0006U"}, d2 = {"Lde/jepfa/yapm/service/secret/SecretService;", "", "()V", "ANDROID_KEY_STORE", "", "androidKeyStore", "Ljava/security/KeyStore;", "kotlin.jvm.PlatformType", "random", "Ljava/security/SecureRandom;", "userSeed", "Lde/jepfa/yapm/model/secret/Key;", "userSeedUsed", "", "checkKeyRequiresUserAuthOnInsecureDevice", "secretKeyHolder", "Lde/jepfa/yapm/model/secret/SecretKeyHolder;", "context", "Landroid/content/Context;", "clear", "", "conjunctPasswords", "Lde/jepfa/yapm/model/secret/Password;", "password1", "password2", "salt", "createSecretKey", NfcActivity.EXTRA_DATA, "cipherAlgorithm", "Lde/jepfa/yapm/model/encrypted/CipherAlgorithm;", "decryptCommonString", "encrypted", "Lde/jepfa/yapm/model/encrypted/Encrypted;", "decryptData", "", "decryptEncrypted", "decryptKey", "decryptLong", "", "(Lde/jepfa/yapm/model/secret/SecretKeyHolder;Lde/jepfa/yapm/model/encrypted/Encrypted;)Ljava/lang/Long;", "decryptPassword", "encrypt", "type", "Lde/jepfa/yapm/model/encrypted/EncryptedType;", "encryptCommonString", TypedValues.Custom.S_STRING, "encryptData", "encryptEncrypted", "encryptKey", "key", "encryptLong", "long", "encryptPassword", "password", "fastHash", "generateDefaultSecretKey", "generateNormalSecretKey", "generatePBESecretKey", "iterations", "", "generateRandomKey", "length", "generateStrongSecretKey", "getAndroidSecretKey", "androidKey", "Lde/jepfa/yapm/service/secret/AndroidKey;", "getCipherAlgorithm", "getKeyInfo", "Landroid/security/keystore/KeyInfo;", "getSecureRandom", "hasStrongBoxSupport", "initAndroidSecretKey", "Ljavax/crypto/SecretKey;", "initSecretKey", "keyGenerator", "Ljavax/crypto/KeyGenerator;", "spec", "Landroid/security/keystore/KeyGenParameterSpec;", "loadUserSeed", "persistUserSeed", "removeAndroidSecretKey", "secretKeyToKey", "setUserSeed", "seed", "KeyStoreNotReadyException", "app_release"}, k = 1, mv = {1, 8, 0}, xi = 48)
/* loaded from: classes2.dex */
public final class SecretService {
    private static SecureRandom random;
    private static Key userSeed;
    private static boolean userSeedUsed;
    public static final SecretService INSTANCE = new SecretService();
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final KeyStore androidKeyStore = KeyStore.getInstance("AndroidKeyStore");

    /* compiled from: SecretService.kt */
    @Metadata(d1 = {"\u0000\u0010\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018\u00002\u00060\u0001j\u0002`\u0002B\u0005¢\u0006\u0002\u0010\u0003¨\u0006\u0004"}, d2 = {"Lde/jepfa/yapm/service/secret/SecretService$KeyStoreNotReadyException;", "Ljava/lang/Exception;", "Lkotlin/Exception;", "()V", "app_release"}, k = 1, mv = {1, 8, 0}, xi = 48)
    /* loaded from: classes2.dex */
    public static final class KeyStoreNotReadyException extends Exception {
    }

    private SecretService() {
    }

    private final byte[] decryptData(SecretKeyHolder secretKeyHolder, Encrypted encrypted) {
        if (encrypted.isEmpty()) {
            Log.e(Constants.INSTANCE.getLOG_PREFIX() + "SS", "empty encrypted");
            return Validable.INSTANCE.getFAILED_BYTE_ARRAY();
        }
        if (secretKeyHolder.getCipherAlgorithm() != encrypted.getCipherAlgorithm()) {
            Log.e(Constants.INSTANCE.getLOG_PREFIX() + "SS", "cipher algorithm mismatch");
            return Validable.INSTANCE.getFAILED_BYTE_ARRAY();
        }
        try {
            byte[] iv = encrypted.getIv();
            byte[] data = encrypted.getData();
            Cipher cipher = Cipher.getInstance(encrypted.getCipherAlgorithm().getCipherName());
            if (secretKeyHolder.getCipherAlgorithm().getGcmSupport()) {
                cipher.init(2, secretKeyHolder.getSecretKey(), new GCMParameterSpec(128, iv));
            } else {
                cipher.init(2, secretKeyHolder.getSecretKey(), new IvParameterSpec(iv));
            }
            byte[] doFinal = cipher.doFinal(data);
            Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(encryptedData)");
            return doFinal;
        } catch (GeneralSecurityException unused) {
            Log.e(Constants.INSTANCE.getLOG_PREFIX() + "SS", "unable to decrypt");
            return Validable.INSTANCE.getFAILED_BYTE_ARRAY();
        }
    }

    private final Encrypted encrypt(SecretKeyHolder secretKeyHolder, EncryptedType type, byte[] data) {
        Cipher cipher = Cipher.getInstance(secretKeyHolder.getCipherAlgorithm().getCipherName());
        Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(secretKeyHol…pherAlgorithm.cipherName)");
        try {
            if (secretKeyHolder.getCipherAlgorithm().getIntegratedIvSupport()) {
                cipher.init(1, secretKeyHolder.getSecretKey());
            } else {
                byte[] bArr = new byte[cipher.getBlockSize()];
                getSecureRandom(null).nextBytes(bArr);
                cipher.init(1, secretKeyHolder.getSecretKey(), new IvParameterSpec(bArr));
            }
            byte[] iv = cipher.getIV();
            Intrinsics.checkNotNullExpressionValue(iv, "cipher.iv");
            byte[] doFinal = cipher.doFinal(data);
            Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(data)");
            return new Encrypted(type, iv, doFinal, secretKeyHolder.getCipherAlgorithm());
        } catch (UserNotAuthenticatedException e) {
            AndroidKey androidKey = secretKeyHolder.getAndroidKey();
            if (((androidKey == null || androidKey.getRequireUserAuth()) ? false : true) || !checkKeyRequiresUserAuthOnInsecureDevice(secretKeyHolder, secretKeyHolder.getContext())) {
                Log.w(Constants.INSTANCE.getLOG_PREFIX() + "SS", "UserNotAuthenticatedException caught but not handled", e);
                throw new KeyStoreNotReadyException();
            }
            Log.w(Constants.INSTANCE.getLOG_PREFIX() + "SS", "UserNotAuthenticatedException caught and forwarded", e);
            throw e;
        }
    }

    private final Encrypted encryptData(EncryptedType type, SecretKeyHolder secretKeyHolder, byte[] data) {
        try {
            return encrypt(secretKeyHolder, type, data);
        } catch (KeyStoreNotReadyException e) {
            Log.e(Constants.INSTANCE.getLOG_PREFIX() + "SS", "KeyStore not ready, trying again", e);
            SystemClock.sleep(3000L);
            try {
                return encrypt(secretKeyHolder, type, data);
            } catch (KeyStoreNotReadyException e2) {
                Log.e(Constants.INSTANCE.getLOG_PREFIX() + "SS", "KeyStore still not ready, trying again", e2);
                SystemClock.sleep(CoroutineLiveDataKt.DEFAULT_TIMEOUT);
                return encrypt(secretKeyHolder, type, data);
            }
        }
    }

    private final KeyInfo getKeyInfo(SecretKeyHolder secretKeyHolder) {
        try {
            KeySpec keySpec = SecretKeyFactory.getInstance(secretKeyHolder.getCipherAlgorithm().getSecretKeyAlgorithm()).getKeySpec(secretKeyHolder.getSecretKey(), KeyInfo.class);
            Intrinsics.checkNotNull(keySpec, "null cannot be cast to non-null type android.security.keystore.KeyInfo");
            return (KeyInfo) keySpec;
        } catch (InvalidKeySpecException e) {
            Log.e(Constants.INSTANCE.getLOG_PREFIX() + "SS", "Asking for invalid key spec: " + secretKeyHolder.getCipherAlgorithm(), e);
            return null;
        }
    }

    private final SecretKey initAndroidSecretKey(AndroidKey androidKey, Context context) {
        KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder(androidKey.getAlias(), 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding");
        Intrinsics.checkNotNullExpressionValue(encryptionPaddings, "Builder(androidKey.alias….ENCRYPTION_PADDING_NONE)");
        if (Build.VERSION.SDK_INT >= 28) {
            encryptionPaddings.setIsStrongBoxBacked(androidKey.getBoxed() && hasStrongBoxSupport(context)).setUnlockedDeviceRequired(true).setUserAuthenticationRequired(false);
            if (androidKey.getRequireUserAuth() && BiometricUtils.INSTANCE.isBiometricsAvailable(context)) {
                Object systemService = context.getSystemService("keyguard");
                Intrinsics.checkNotNull(systemService, "null cannot be cast to non-null type android.app.KeyguardManager");
                encryptionPaddings.setUserAuthenticationRequired(((KeyguardManager) systemService).isDeviceSecure()).setInvalidatedByBiometricEnrollment(true);
            }
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEY_STORE);
        if (Build.VERSION.SDK_INT < 28) {
            Intrinsics.checkNotNullExpressionValue(keyGenerator, "keyGenerator");
            KeyGenParameterSpec build = encryptionPaddings.build();
            Intrinsics.checkNotNullExpressionValue(build, "spec.build()");
            return initSecretKey(keyGenerator, build);
        }
        try {
            keyGenerator.init(encryptionPaddings.build());
            SecretKey generateKey = keyGenerator.generateKey();
            Intrinsics.checkNotNullExpressionValue(generateKey, "keyGenerator.generateKey()");
            return generateKey;
        } catch (StrongBoxUnavailableException e) {
            Log.w(Constants.INSTANCE.getLOG_PREFIX() + "SS", "Strong box not supported, falling back to without it", e);
            encryptionPaddings.setIsStrongBoxBacked(false);
            Intrinsics.checkNotNullExpressionValue(keyGenerator, "keyGenerator");
            KeyGenParameterSpec build2 = encryptionPaddings.build();
            Intrinsics.checkNotNullExpressionValue(build2, "spec.build()");
            return initSecretKey(keyGenerator, build2);
        } catch (Exception e2) {
            Log.w(Constants.INSTANCE.getLOG_PREFIX() + "SS", "Unknown exception, just retry", e2);
            Intrinsics.checkNotNullExpressionValue(keyGenerator, "keyGenerator");
            KeyGenParameterSpec build3 = encryptionPaddings.build();
            Intrinsics.checkNotNullExpressionValue(build3, "spec.build()");
            return initSecretKey(keyGenerator, build3);
        }
    }

    private final SecretKey initSecretKey(KeyGenerator keyGenerator, KeyGenParameterSpec spec) {
        try {
            keyGenerator.init(spec);
            SecretKey generateKey = keyGenerator.generateKey();
            Intrinsics.checkNotNullExpressionValue(generateKey, "{\n            keyGenerat…r.generateKey()\n        }");
            return generateKey;
        } catch (Exception e) {
            Log.w(Constants.INSTANCE.getLOG_PREFIX() + "SS", "Unknown exception, just retry", e);
            SystemClock.sleep(100L);
            keyGenerator.init(spec);
            SecretKey generateKey2 = keyGenerator.generateKey();
            Intrinsics.checkNotNullExpressionValue(generateKey2, "{\n            Log.w(LOG_…r.generateKey()\n        }");
            return generateKey2;
        }
    }

    private final void loadUserSeed(Context context) {
        SecretKeyHolder masterKeySK;
        Encrypted encrypted;
        if (context == null || userSeed != null || (masterKeySK = Session.INSTANCE.getMasterKeySK()) == null || (encrypted = PreferenceService.INSTANCE.getEncrypted(PreferenceService.DATA_ENCRYPTED_SEED, context)) == null) {
            return;
        }
        userSeed = INSTANCE.decryptKey(masterKeySK, encrypted);
        userSeedUsed = false;
    }

    public final boolean checkKeyRequiresUserAuthOnInsecureDevice(SecretKeyHolder secretKeyHolder, Context context) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(context, "context");
        Object systemService = context.getSystemService("keyguard");
        Intrinsics.checkNotNull(systemService, "null cannot be cast to non-null type android.app.KeyguardManager");
        boolean isDeviceSecure = ((KeyguardManager) systemService).isDeviceSecure();
        KeyInfo keyInfo = getKeyInfo(secretKeyHolder);
        return (keyInfo != null ? keyInfo.isUserAuthenticationRequired() : false) && !isDeviceSecure;
    }

    public final void clear() {
        Key key = userSeed;
        if (key != null) {
            key.clear();
        }
        userSeed = null;
        userSeedUsed = false;
        random = null;
    }

    public final Password conjunctPasswords(Password password1, Password password2, Key salt) {
        Intrinsics.checkNotNullParameter(password1, "password1");
        Intrinsics.checkNotNullParameter(password2, "password2");
        Intrinsics.checkNotNullParameter(salt, "salt");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(salt.getData());
        messageDigest.update(password1.toByteArray());
        messageDigest.update(password2.toByteArray());
        byte[] digest = messageDigest.digest();
        Intrinsics.checkNotNullExpressionValue(digest, "digest");
        ArrayList arrayList = new ArrayList(digest.length);
        for (byte b : digest) {
            arrayList.add(Character.valueOf((char) b));
        }
        return new Password(CollectionsKt.toCharArray(arrayList));
    }

    public final SecretKeyHolder createSecretKey(Key data, CipherAlgorithm cipherAlgorithm, Context context) {
        Intrinsics.checkNotNullParameter(data, "data");
        Intrinsics.checkNotNullParameter(cipherAlgorithm, "cipherAlgorithm");
        Intrinsics.checkNotNullParameter(context, "context");
        byte[] copyOf = Arrays.copyOf(data.getData(), cipherAlgorithm.getKeyLength() / 8);
        Intrinsics.checkNotNullExpressionValue(copyOf, "copyOf(this, newSize)");
        return new SecretKeyHolder(new SecretKeySpec(copyOf, cipherAlgorithm.getSecretKeyAlgorithm()), cipherAlgorithm, null, context);
    }

    public final String decryptCommonString(SecretKeyHolder secretKeyHolder, Encrypted encrypted) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(encrypted, "encrypted");
        return new String(decryptData(secretKeyHolder, encrypted), Charsets.UTF_8);
    }

    public final Encrypted decryptEncrypted(SecretKeyHolder secretKeyHolder, Encrypted encrypted) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(encrypted, "encrypted");
        return Encrypted.INSTANCE.fromBase64(decryptData(secretKeyHolder, encrypted));
    }

    public final Key decryptKey(SecretKeyHolder secretKeyHolder, Encrypted encrypted) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(encrypted, "encrypted");
        return new Key(decryptData(secretKeyHolder, encrypted));
    }

    public final Long decryptLong(SecretKeyHolder secretKeyHolder, Encrypted encrypted) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(encrypted, "encrypted");
        if (encrypted.isEmpty()) {
            return null;
        }
        return StringsKt.toLongOrNull(new String(decryptData(secretKeyHolder, encrypted), Charsets.UTF_8));
    }

    public final Password decryptPassword(SecretKeyHolder secretKeyHolder, Encrypted encrypted) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(encrypted, "encrypted");
        return new Password(decryptData(secretKeyHolder, encrypted));
    }

    public final Encrypted encryptCommonString(SecretKeyHolder secretKeyHolder, String string) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(string, "string");
        byte[] bytes = string.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        return encryptData(null, secretKeyHolder, bytes);
    }

    public final Encrypted encryptEncrypted(SecretKeyHolder secretKeyHolder, Encrypted encrypted) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(encrypted, "encrypted");
        return encryptData(encrypted.getType(), secretKeyHolder, encrypted.toBase64());
    }

    public final Encrypted encryptKey(EncryptedType type, SecretKeyHolder secretKeyHolder, Key key) {
        Intrinsics.checkNotNullParameter(type, "type");
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(key, "key");
        return encryptData(type, secretKeyHolder, key.getData());
    }

    public final Encrypted encryptKey(SecretKeyHolder secretKeyHolder, Key key) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(key, "key");
        return encryptData(null, secretKeyHolder, key.getData());
    }

    public final Encrypted encryptLong(SecretKeyHolder secretKeyHolder, long r3) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        byte[] bytes = String.valueOf(r3).getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        return encryptData(null, secretKeyHolder, bytes);
    }

    public final Encrypted encryptPassword(EncryptedType type, SecretKeyHolder secretKeyHolder, Password password) {
        Intrinsics.checkNotNullParameter(type, "type");
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(password, "password");
        return encryptData(type, secretKeyHolder, password.toByteArray());
    }

    public final Encrypted encryptPassword(SecretKeyHolder secretKeyHolder, Password password) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(password, "password");
        return encryptData(null, secretKeyHolder, password.toByteArray());
    }

    public final Key fastHash(byte[] data, Key salt) {
        Intrinsics.checkNotNullParameter(data, "data");
        Intrinsics.checkNotNullParameter(salt, "salt");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(salt.getData());
        messageDigest.update(data);
        byte[] digest = messageDigest.digest();
        Intrinsics.checkNotNullExpressionValue(digest, "digest");
        return new Key(digest);
    }

    public final SecretKeyHolder generateDefaultSecretKey(Key data, Key salt, CipherAlgorithm cipherAlgorithm, Context context) {
        Intrinsics.checkNotNullParameter(data, "data");
        Intrinsics.checkNotNullParameter(salt, "salt");
        Intrinsics.checkNotNullParameter(cipherAlgorithm, "cipherAlgorithm");
        Intrinsics.checkNotNullParameter(context, "context");
        return generatePBESecretKey(new Password(data), salt, 65536, cipherAlgorithm, context);
    }

    public final SecretKeyHolder generateNormalSecretKey(Password password, Key salt, CipherAlgorithm cipherAlgorithm, Context context) {
        Intrinsics.checkNotNullParameter(password, "password");
        Intrinsics.checkNotNullParameter(salt, "salt");
        Intrinsics.checkNotNullParameter(cipherAlgorithm, "cipherAlgorithm");
        Intrinsics.checkNotNullParameter(context, "context");
        return generatePBESecretKey(password, salt, 1000, cipherAlgorithm, context);
    }

    public final SecretKeyHolder generatePBESecretKey(Password password, Key salt, int iterations, CipherAlgorithm cipherAlgorithm, Context context) {
        Intrinsics.checkNotNullParameter(password, "password");
        Intrinsics.checkNotNullParameter(salt, "salt");
        Intrinsics.checkNotNullParameter(cipherAlgorithm, "cipherAlgorithm");
        Intrinsics.checkNotNullParameter(context, "context");
        PBEKeySpec pBEKeySpec = new PBEKeySpec(password.toEncodedCharArray(), salt.getData(), iterations, cipherAlgorithm.getKeyLength());
        try {
            SecretKey generateSecret = SecretKeyFactory.getInstance(cipherAlgorithm.getSecretKeyAlgorithm()).generateSecret(pBEKeySpec);
            Intrinsics.checkNotNullExpressionValue(generateSecret, "factory.generateSecret(keySpec)");
            return new SecretKeyHolder(generateSecret, cipherAlgorithm, null, context);
        } finally {
            pBEKeySpec.clearPassword();
        }
    }

    public final Key generateRandomKey(int length, Context context) {
        byte[] bArr = new byte[length];
        getSecureRandom(context).nextBytes(bArr);
        return new Key(bArr);
    }

    public final SecretKeyHolder generateStrongSecretKey(Password password, Key salt, CipherAlgorithm cipherAlgorithm, Context context) {
        Intrinsics.checkNotNullParameter(password, "password");
        Intrinsics.checkNotNullParameter(salt, "salt");
        Intrinsics.checkNotNullParameter(cipherAlgorithm, "cipherAlgorithm");
        Intrinsics.checkNotNullParameter(context, "context");
        return generatePBESecretKey(password, salt, PbkdfIterationService.INSTANCE.getStoredPbkdfIterations(), cipherAlgorithm, context);
    }

    public final SecretKeyHolder getAndroidSecretKey(AndroidKey androidKey, Context context) {
        Intrinsics.checkNotNullParameter(androidKey, "androidKey");
        Intrinsics.checkNotNullParameter(context, "context");
        KeyStore keyStore = androidKeyStore;
        keyStore.load(null);
        KeyStore.Entry entry = keyStore.getEntry(androidKey.getAlias(), null);
        KeyStore.SecretKeyEntry secretKeyEntry = entry instanceof KeyStore.SecretKeyEntry ? (KeyStore.SecretKeyEntry) entry : null;
        SecretKey secretKey = secretKeyEntry != null ? secretKeyEntry.getSecretKey() : null;
        if (secretKey == null) {
            secretKey = initAndroidSecretKey(androidKey, context);
        }
        return new SecretKeyHolder(secretKey, CipherAlgorithmKt.getDEFAULT_CIPHER_ALGORITHM(), androidKey, context);
    }

    public final CipherAlgorithm getCipherAlgorithm(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        String asString = PreferenceService.INSTANCE.getAsString(PreferenceService.DATA_CIPHER_ALGORITHM, context);
        return asString == null ? CipherAlgorithmKt.getDEFAULT_CIPHER_ALGORITHM() : CipherAlgorithm.valueOf(asString);
    }

    /* JADX WARN: Removed duplicated region for block: B:15:0x0082 A[Catch: all -> 0x0093, TryCatch #0 {, blocks: (B:3:0x0001, B:5:0x0005, B:8:0x0011, B:9:0x0055, B:11:0x005c, B:13:0x0060, B:15:0x0082, B:16:0x0089, B:17:0x008c, B:22:0x0030), top: B:2:0x0001 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final synchronized java.security.SecureRandom getSecureRandom(android.content.Context r3) {
        /*
            r2 = this;
            monitor-enter(r2)
            java.security.SecureRandom r0 = de.jepfa.yapm.service.secret.SecretService.random     // Catch: java.lang.Throwable -> L93
            if (r0 == 0) goto L30
            kotlin.jvm.internal.Intrinsics.checkNotNull(r0)     // Catch: java.lang.Throwable -> L93
            r1 = 100
            int r0 = r0.nextInt(r1)     // Catch: java.lang.Throwable -> L93
            if (r0 > 0) goto L11
            goto L30
        L11:
            de.jepfa.yapm.util.Constants r0 = de.jepfa.yapm.util.Constants.INSTANCE     // Catch: java.lang.Throwable -> L93
            java.lang.String r0 = r0.getLOG_PREFIX()     // Catch: java.lang.Throwable -> L93
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L93
            r1.<init>()     // Catch: java.lang.Throwable -> L93
            java.lang.StringBuilder r0 = r1.append(r0)     // Catch: java.lang.Throwable -> L93
            java.lang.String r1 = "SEED"
            java.lang.StringBuilder r0 = r0.append(r1)     // Catch: java.lang.Throwable -> L93
            java.lang.String r0 = r0.toString()     // Catch: java.lang.Throwable -> L93
            java.lang.String r1 = "return current PRNG"
            android.util.Log.d(r0, r1)     // Catch: java.lang.Throwable -> L93
            goto L55
        L30:
            de.jepfa.yapm.util.Constants r0 = de.jepfa.yapm.util.Constants.INSTANCE     // Catch: java.lang.Throwable -> L93
            java.lang.String r0 = r0.getLOG_PREFIX()     // Catch: java.lang.Throwable -> L93
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L93
            r1.<init>()     // Catch: java.lang.Throwable -> L93
            java.lang.StringBuilder r0 = r1.append(r0)     // Catch: java.lang.Throwable -> L93
            java.lang.String r1 = "SEED"
            java.lang.StringBuilder r0 = r0.append(r1)     // Catch: java.lang.Throwable -> L93
            java.lang.String r0 = r0.toString()     // Catch: java.lang.Throwable -> L93
            java.lang.String r1 = "init PRNG"
            android.util.Log.d(r0, r1)     // Catch: java.lang.Throwable -> L93
            java.security.SecureRandom r0 = new java.security.SecureRandom     // Catch: java.lang.Throwable -> L93
            r0.<init>()     // Catch: java.lang.Throwable -> L93
            de.jepfa.yapm.service.secret.SecretService.random = r0     // Catch: java.lang.Throwable -> L93
        L55:
            r2.loadUserSeed(r3)     // Catch: java.lang.Throwable -> L93
            boolean r3 = de.jepfa.yapm.service.secret.SecretService.userSeedUsed     // Catch: java.lang.Throwable -> L93
            if (r3 != 0) goto L8c
            de.jepfa.yapm.model.secret.Key r3 = de.jepfa.yapm.service.secret.SecretService.userSeed     // Catch: java.lang.Throwable -> L93
            if (r3 == 0) goto L8c
            de.jepfa.yapm.util.Constants r0 = de.jepfa.yapm.util.Constants.INSTANCE     // Catch: java.lang.Throwable -> L93
            java.lang.String r0 = r0.getLOG_PREFIX()     // Catch: java.lang.Throwable -> L93
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L93
            r1.<init>()     // Catch: java.lang.Throwable -> L93
            java.lang.StringBuilder r0 = r1.append(r0)     // Catch: java.lang.Throwable -> L93
            java.lang.String r1 = "SEED"
            java.lang.StringBuilder r0 = r0.append(r1)     // Catch: java.lang.Throwable -> L93
            java.lang.String r0 = r0.toString()     // Catch: java.lang.Throwable -> L93
            java.lang.String r1 = "add user seed to PRNG"
            android.util.Log.d(r0, r1)     // Catch: java.lang.Throwable -> L93
            java.security.SecureRandom r0 = de.jepfa.yapm.service.secret.SecretService.random     // Catch: java.lang.Throwable -> L93
            if (r0 == 0) goto L89
            byte[] r3 = r3.getData()     // Catch: java.lang.Throwable -> L93
            r0.setSeed(r3)     // Catch: java.lang.Throwable -> L93
        L89:
            r3 = 1
            de.jepfa.yapm.service.secret.SecretService.userSeedUsed = r3     // Catch: java.lang.Throwable -> L93
        L8c:
            java.security.SecureRandom r3 = de.jepfa.yapm.service.secret.SecretService.random     // Catch: java.lang.Throwable -> L93
            kotlin.jvm.internal.Intrinsics.checkNotNull(r3)     // Catch: java.lang.Throwable -> L93
            monitor-exit(r2)
            return r3
        L93:
            r3 = move-exception
            monitor-exit(r2)
            throw r3
        */
        throw new UnsupportedOperationException("Method not decompiled: de.jepfa.yapm.service.secret.SecretService.getSecureRandom(android.content.Context):java.security.SecureRandom");
    }

    public final boolean hasStrongBoxSupport(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        return context.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore");
    }

    public final void persistUserSeed(Context context) {
        SecretKeyHolder masterKeySK;
        Intrinsics.checkNotNullParameter(context, "context");
        Key key = userSeed;
        if (key == null || (masterKeySK = Session.INSTANCE.getMasterKeySK()) == null) {
            return;
        }
        PreferenceService.INSTANCE.putEncrypted(PreferenceService.DATA_ENCRYPTED_SEED, INSTANCE.encryptKey(masterKeySK, key), context);
        Log.d(Constants.INSTANCE.getLOG_PREFIX() + "SEED", "persist user seed");
    }

    public final void removeAndroidSecretKey(AndroidKey androidKey) {
        Intrinsics.checkNotNullParameter(androidKey, "androidKey");
        KeyStore keyStore = androidKeyStore;
        keyStore.load(null);
        try {
            keyStore.deleteEntry(androidKey.getAlias());
        } catch (Exception unused) {
        }
    }

    public final Key secretKeyToKey(SecretKeyHolder secretKeyHolder, Key salt) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(salt, "salt");
        byte[] encoded = secretKeyHolder.getSecretKey().getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "secretKeyHolder.secretKey.encoded");
        return fastHash(encoded, salt);
    }

    public final void setUserSeed(Key seed, Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        userSeed = seed;
        userSeedUsed = false;
        Log.d(Constants.INSTANCE.getLOG_PREFIX() + "SEED", "update user seed");
        persistUserSeed(context);
    }
}
