package es.wolfi.utils;

import android.content.SharedPreferences;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import android.util.Log;
import es.wolfi.app.passman.OfflineStorage;
import es.wolfi.app.passman.SJCLCrypto;
import es.wolfi.app.passman.SettingValues;
import es.wolfi.app.passman.SettingsCache;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.codec.digest.DigestUtils;

/* loaded from: classes2.dex */
public class KeyStoreUtils {
    private static final String AES_MODE = "AES/GCM/NoPadding";
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final int IV_LENGTH = 12;
    private static final String KEY_ALIAS = "PassmanAndroidDefaultKey";
    private static final String RANDOM_ALGORITHM = "SHA1PRNG";
    private static final int TAG_LENGTH = 128;
    private static KeyStore keyStore;
    private static SharedPreferences settings;

    public static String decrypt(String str) {
        String decryptKey;
        if (str != null && keyStore != null && (decryptKey = decryptKey(settings.getString(SettingValues.KEY_STORE_ENCRYPTION_KEY.toString(), null))) != null) {
            try {
                return SJCLCrypto.decryptString(str, decryptKey);
            } catch (Exception e) {
                Log.e("KeyStoreUtils decrypt", e.getMessage());
                e.printStackTrace();
            }
        }
        return str;
    }

    private static String decryptKey(String str) {
        if (str == null) {
            return null;
        }
        try {
            KeyStore keyStore2 = keyStore;
            if (keyStore2 == null || !keyStore2.containsAlias(KEY_ALIAS) || str.length() < 12) {
                return null;
            }
            byte[] decode = Base64.decode(str, 0);
            byte[] copyOfRange = Arrays.copyOfRange(decode, 0, 12);
            Cipher cipher = Cipher.getInstance(AES_MODE);
            cipher.init(2, getSecretKey(), new GCMParameterSpec(128, copyOfRange));
            return new String(cipher.doFinal(decode, 12, decode.length - 12));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static String encrypt(String str) {
        String decryptKey;
        if (str != null && keyStore != null && (decryptKey = decryptKey(settings.getString(SettingValues.KEY_STORE_ENCRYPTION_KEY.toString(), null))) != null) {
            try {
                return SJCLCrypto.encryptString(str, decryptKey, true);
            } catch (Exception e) {
                Log.e("KeyStoreUtils encrypt", e.getMessage());
                e.printStackTrace();
            }
        }
        return str;
    }

    private static String encryptKey(String str) {
        if (str == null) {
            return null;
        }
        try {
            KeyStore keyStore2 = keyStore;
            if (keyStore2 == null || !keyStore2.containsAlias(KEY_ALIAS)) {
                return null;
            }
            Cipher cipher = Cipher.getInstance(AES_MODE);
            byte[] generateIv = generateIv();
            cipher.init(1, getSecretKey(), new GCMParameterSpec(128, generateIv));
            byte[] doFinal = cipher.doFinal(str.getBytes(StandardCharsets.UTF_8));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(generateIv);
            byteArrayOutputStream.write(doFinal);
            return Base64.encodeToString(byteArrayOutputStream.toByteArray(), 0);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private static byte[] generateIv() throws NoSuchAlgorithmException {
        byte[] bArr = new byte[12];
        SecureRandom.getInstance(RANDOM_ALGORITHM).nextBytes(bArr);
        return bArr;
    }

    private static Key getSecretKey() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        return keyStore.getKey(KEY_ALIAS, null);
    }

    public static String getString(String str, String str2) {
        return decrypt(settings.getString(str, str2));
    }

    public static void initialize(SharedPreferences sharedPreferences) {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder randomizedEncryptionRequired;
        KeyGenParameterSpec build;
        Log.d("KeyStoreUtils", "initialize");
        settings = sharedPreferences;
        try {
            if (Build.VERSION.SDK_INT < 23) {
                Log.d("KeyStoreUtils", "not supported");
                if (settings.getBoolean(SettingValues.ENABLE_OFFLINE_CACHE.toString(), false)) {
                    return;
                }
                settings.edit().putBoolean(SettingValues.ENABLE_OFFLINE_CACHE.toString(), false).commit();
                SettingsCache.clear();
                return;
            }
            if (keyStore == null) {
                Log.d("KeyStoreUtils", "load KeyStore");
                KeyStore keyStore2 = KeyStore.getInstance(ANDROID_KEY_STORE);
                keyStore = keyStore2;
                keyStore2.load(null);
                if (!keyStore.containsAlias(KEY_ALIAS) && settings.getInt(SettingValues.KEY_STORE_MIGRATION_STATE.toString(), 0) == 0) {
                    Log.d("KeyStoreUtils", "generate new encryption key");
                    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEY_STORE);
                    KeyStoreUtils$$ExternalSyntheticApiModelOutline0.m737m();
                    blockModes = KeyStoreUtils$$ExternalSyntheticApiModelOutline0.m(KEY_ALIAS, 3).setBlockModes("GCM");
                    encryptionPaddings = blockModes.setEncryptionPaddings("NoPadding");
                    randomizedEncryptionRequired = encryptionPaddings.setRandomizedEncryptionRequired(false);
                    build = randomizedEncryptionRequired.build();
                    keyGenerator.init(build);
                    keyGenerator.generateKey();
                    byte[] bArr = new byte[4096];
                    SecureRandom.getInstance(RANDOM_ALGORITHM).nextBytes(bArr);
                    settings.edit().putString(SettingValues.KEY_STORE_ENCRYPTION_KEY.toString(), encryptKey(new String(Hex.encodeHex(DigestUtils.sha512(bArr))))).commit();
                }
                migrateSharedPreferences();
            }
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException e) {
            e.printStackTrace();
        }
    }

    private static void migrateSharedPreferences() {
        int i;
        int i2 = settings.getInt(SettingValues.KEY_STORE_MIGRATION_STATE.toString(), 0);
        if (i2 < 1) {
            Log.d("KeyStoreUtils", "run initial local storage encryption migration");
            putStringAndCommit(SettingValues.HOST.toString(), settings.getString(SettingValues.HOST.toString(), null));
            putStringAndCommit(SettingValues.USER.toString(), settings.getString(SettingValues.USER.toString(), null));
            putStringAndCommit(SettingValues.PASSWORD.toString(), settings.getString(SettingValues.PASSWORD.toString(), null));
            putStringAndCommit(SettingValues.AUTOFILL_VAULT.toString(), settings.getString(SettingValues.AUTOFILL_VAULT.toString(), ""));
            putStringAndCommit(SettingValues.OFFLINE_STORAGE.toString(), settings.getString(SettingValues.OFFLINE_STORAGE.toString(), OfflineStorage.EMPTY_STORAGE_STRING));
            i = i2 + 1;
        } else {
            i = i2;
        }
        if (i2 != i) {
            settings.edit().putInt(SettingValues.KEY_STORE_MIGRATION_STATE.toString(), i).commit();
        }
    }

    public static void putString(String str, String str2) {
        settings.edit().putString(str, encrypt(str2)).apply();
    }

    public static boolean putStringAndCommit(String str, String str2) {
        return settings.edit().putString(str, encrypt(str2)).commit();
    }
}
