package com.jefftharris.passwdsafe;

import android.content.Context;
import android.net.Uri;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import androidx.biometric.BiometricManager;
import androidx.biometric.BiometricPrompt;
import androidx.core.content.ContextCompat;
import androidx.fragment.app.Fragment;
import com.jefftharris.passwdsafe.db.PasswdSafeDb;
import com.jefftharris.passwdsafe.db.SavedPassword;
import com.jefftharris.passwdsafe.db.SavedPasswordsDao;
import com.jefftharris.passwdsafe.file.PasswdFileUri;
import com.jefftharris.passwdsafe.lib.PasswdSafeUtil;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import org.pwsafe.lib.Util;
import org.pwsafe.lib.file.Owner;
import org.pwsafe.lib.file.PwsPassword;

/* loaded from: classes.dex */
public final class SavedPasswordsMgr {
    private static final String KEYSTORE = "AndroidKeyStore";
    private static final MessageDigest MD_SHA256;
    private static final String TAG = "SavedPasswordsMgr";
    private User itsActiveUser;
    private BiometricPrompt itsBioPrompt;
    private final Context itsContext;
    private final SavedPasswordsDao itsDao;
    private boolean itsHasBioHw;
    private boolean itsHasEnrolledBio;

    /* loaded from: classes.dex */
    private class BioAuthenticationCallback extends BiometricPrompt.AuthenticationCallback {
        private BioAuthenticationCallback() {
        }

        @Override // androidx.biometric.BiometricPrompt.AuthenticationCallback
        public void onAuthenticationError(int i, CharSequence charSequence) {
            super.onAuthenticationError(i, charSequence);
            if (SavedPasswordsMgr.this.itsActiveUser != null) {
                SavedPasswordsMgr.this.itsActiveUser.onAuthenticationError(i, charSequence);
                SavedPasswordsMgr.this.itsActiveUser = null;
            }
        }

        @Override // androidx.biometric.BiometricPrompt.AuthenticationCallback
        public void onAuthenticationFailed() {
            super.onAuthenticationFailed();
            if (SavedPasswordsMgr.this.itsActiveUser != null) {
                SavedPasswordsMgr.this.itsActiveUser.onAuthenticationFailed();
            }
        }

        @Override // androidx.biometric.BiometricPrompt.AuthenticationCallback
        public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult authenticationResult) {
            super.onAuthenticationSucceeded(authenticationResult);
            if (SavedPasswordsMgr.this.itsActiveUser != null) {
                SavedPasswordsMgr.this.itsActiveUser.onAuthenticationSucceeded(authenticationResult);
                SavedPasswordsMgr.this.itsActiveUser = null;
            }
        }
    }

    /* loaded from: classes.dex */
    public static abstract class User extends BiometricPrompt.AuthenticationCallback {
        protected abstract boolean isEncrypt();
    }

    static {
        MessageDigest messageDigest;
        try {
            messageDigest = MessageDigest.getInstance("SHA-256");
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            messageDigest = null;
        }
        MD_SHA256 = messageDigest;
    }

    public SavedPasswordsMgr(Context context) {
        Context applicationContext = context.getApplicationContext();
        this.itsContext = applicationContext;
        SavedPasswordsDao accessSavedPasswords = PasswdSafeDb.get(applicationContext).accessSavedPasswords();
        this.itsDao = accessSavedPasswords;
        accessSavedPasswords.processDbUpgrade(applicationContext);
        this.itsHasBioHw = false;
        this.itsHasEnrolledBio = false;
        this.itsBioPrompt = null;
    }

    private Cipher getKeyCipher(PasswdFileUri passwdFileUri, boolean z) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, UnrecoverableKeyException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
        SavedPassword savedPassword;
        Uri uri = passwdFileUri.getUri();
        if (z) {
            savedPassword = null;
            e = null;
        } else {
            try {
                savedPassword = getSavedPassword(passwdFileUri);
                if (savedPassword != null) {
                    try {
                        uri = Uri.parse(savedPassword.uri);
                    } catch (Exception e) {
                        e = e;
                    }
                }
                e = null;
            } catch (Exception e2) {
                e = e2;
                savedPassword = null;
            }
        }
        KeyStore keystore = getKeystore();
        String[] strArr = {getUriAlias2(uri), getUriAlias1(uri)};
        Key key = null;
        int i = 0;
        while (true) {
            if (i >= 2) {
                break;
            }
            String str = strArr[i];
            Key key2 = keystore.getKey(str, null);
            if (key2 != null) {
                PasswdSafeUtil.dbginfo(TAG, "getKeyCipher name %s", str);
                key = key2;
                break;
            }
            i++;
            key = key2;
        }
        if (key == null) {
            throw new IOException(this.itsContext.getString(R.string.key_not_found, uri));
        }
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        if (z) {
            cipher.init(1, key);
        } else {
            if (savedPassword == null || TextUtils.isEmpty(savedPassword.iv)) {
                throw new IOException("Key IV not found for " + passwdFileUri, e);
            }
            cipher.init(2, key, new IvParameterSpec(Base64.decode(savedPassword.iv, 2)));
        }
        return cipher;
    }

    private KeyStore getKeystore() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KEYSTORE);
        keyStore.load(null);
        return keyStore;
    }

    private SavedPassword getSavedPassword(PasswdFileUri passwdFileUri) {
        return this.itsDao.get(passwdFileUri, this.itsContext);
    }

    private static String getUriAlias1(Uri uri) {
        return "key_" + uri.toString();
    }

    private static String getUriAlias2(Uri uri) throws UnsupportedEncodingException {
        return "key2_" + getUriKey(uri);
    }

    private static String getUriKey(Uri uri) throws UnsupportedEncodingException {
        return Base64.encodeToString(MD_SHA256.digest(uri.toString().getBytes("UTF-8")), 2);
    }

    public void addSavedPassword(PasswdFileUri passwdFileUri, Owner<PwsPassword>.Param param, Cipher cipher) throws Exception {
        Owner<PwsPassword> use = param.use();
        try {
            String encodeToString = Base64.encodeToString(cipher.doFinal(use.get().getBytes("UTF-8")), 2);
            this.itsDao.add(passwdFileUri, Base64.encodeToString(cipher.getIV(), 2), encodeToString, this.itsContext);
            if (use != null) {
                use.close();
            }
        } catch (Throwable th) {
            if (use != null) {
                try {
                    use.close();
                } catch (Throwable th2) {
                    Throwable.class.getDeclaredMethod("addSuppressed", Throwable.class).invoke(th, th2);
                }
            }
            throw th;
        }
    }

    public void attach(Fragment fragment) {
        int canAuthenticate = BiometricManager.from(this.itsContext).canAuthenticate();
        if (canAuthenticate == 0) {
            this.itsHasBioHw = true;
            this.itsHasEnrolledBio = true;
        } else if (canAuthenticate == 11) {
            this.itsHasBioHw = true;
        }
        this.itsBioPrompt = new BiometricPrompt(fragment, ContextCompat.getMainExecutor(this.itsContext), new BioAuthenticationCallback());
    }

    public void detach() {
        this.itsActiveUser = null;
        BiometricPrompt biometricPrompt = this.itsBioPrompt;
        if (biometricPrompt != null) {
            biometricPrompt.cancelAuthentication();
        }
    }

    public synchronized void generateKey(PasswdFileUri passwdFileUri) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, IOException {
        String uriAlias2 = getUriAlias2(passwdFileUri.getUri());
        PasswdSafeUtil.dbginfo(TAG, "generateKey: %s, key: %s", passwdFileUri, uriAlias2);
        if (!this.itsHasEnrolledBio) {
            throw new IOException(this.itsContext.getString(R.string.no_biometrics_registered));
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", KEYSTORE);
            keyGenerator.init(new KeyGenParameterSpec.Builder(uriAlias2, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setKeySize(256).setUserAuthenticationRequired(true).build());
            keyGenerator.generateKey();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            Log.e(TAG, "generateKey failure", e);
            removeSavedPassword(passwdFileUri);
            throw e;
        }
    }

    public boolean isAvailable() {
        return this.itsHasBioHw;
    }

    public synchronized boolean isSaved(PasswdFileUri passwdFileUri) {
        try {
        } catch (Exception e) {
            Log.e(TAG, "Error checking saved for " + passwdFileUri, e);
            return false;
        }
        return getSavedPassword(passwdFileUri) != null;
    }

    public Owner<PwsPassword> loadSavedPassword(PasswdFileUri passwdFileUri, Cipher cipher) throws IOException, BadPaddingException, IllegalBlockSizeException {
        SavedPassword savedPassword = null;
        try {
            e = null;
            savedPassword = getSavedPassword(passwdFileUri);
        } catch (Exception e) {
            e = e;
        }
        if (savedPassword == null || TextUtils.isEmpty(savedPassword.encPasswd)) {
            throw new IOException(this.itsContext.getString(R.string.password_not_found, passwdFileUri), e);
        }
        byte[] decode = Base64.decode(savedPassword.encPasswd, 2);
        byte[] doFinal = cipher.doFinal(decode);
        try {
            return PwsPassword.create(doFinal, "UTF-8");
        } finally {
            Util.clearArray(doFinal);
            Util.clearArray(decode);
        }
    }

    public synchronized void removeAllSavedPasswords() {
        try {
            this.itsDao.removeAll();
        } catch (Exception e) {
            Log.e(TAG, "Error removing passwords", e);
        }
        if (isAvailable()) {
            try {
                KeyStore keystore = getKeystore();
                Enumeration<String> aliases = keystore.aliases();
                if (aliases != null) {
                    while (aliases.hasMoreElements()) {
                        String nextElement = aliases.nextElement();
                        PasswdSafeUtil.dbginfo(TAG, "removeAllSavedPasswords key: %s", nextElement);
                        keystore.deleteEntry(nextElement);
                    }
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
                e2.printStackTrace();
            }
        }
    }

    public synchronized void removeSavedPassword(PasswdFileUri passwdFileUri) {
        Uri uri = passwdFileUri.getUri();
        try {
            SavedPassword savedPassword = getSavedPassword(passwdFileUri);
            if (savedPassword != null) {
                uri = Uri.parse(savedPassword.uri);
            }
            this.itsDao.remove(uri);
        } catch (Exception e) {
            Log.e(TAG, "Error removing " + passwdFileUri, e);
        }
        if (isAvailable()) {
            PasswdSafeUtil.dbginfo(TAG, "removeSavedPassword: %s", passwdFileUri);
            try {
                try {
                    KeyStore keystore = getKeystore();
                    String[] strArr = {getUriAlias2(uri), getUriAlias1(uri)};
                    for (int i = 0; i < 2; i++) {
                        try {
                            keystore.deleteEntry(strArr[i]);
                        } catch (KeyStoreException e2) {
                            e2.printStackTrace();
                        }
                    }
                } catch (KeyStoreException e3) {
                    e = e3;
                    e.printStackTrace();
                }
            } catch (IOException e4) {
                e = e4;
                e.printStackTrace();
            } catch (NoSuchAlgorithmException e5) {
                e = e5;
                e.printStackTrace();
            } catch (CertificateException e6) {
                e = e6;
                e.printStackTrace();
            }
        }
    }

    public boolean startPasswordAccess(PasswdFileUri passwdFileUri, User user) {
        try {
            if (this.itsBioPrompt == null) {
                throw new IOException("Not attached");
            }
            boolean isEncrypt = user.isEncrypt();
            Cipher keyCipher = getKeyCipher(passwdFileUri, isEncrypt);
            BiometricPrompt.PromptInfo build = new BiometricPrompt.PromptInfo.Builder().setTitle(this.itsContext.getString(R.string.app_name)).setSubtitle(passwdFileUri.getIdentifier(this.itsContext, true)).setDescription(this.itsContext.getString(isEncrypt ? R.string.touch_sensor_to_save_the_password : R.string.touch_sensor_to_load_saved_password)).setNegativeButtonText(this.itsContext.getString(R.string.cancel)).setConfirmationRequired(false).build();
            this.itsActiveUser = user;
            this.itsBioPrompt.authenticate(build, new BiometricPrompt.CryptoObject(keyCipher));
            return true;
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException | NoSuchPaddingException e) {
            if (e.getClass().getName().equals("android.security.keystore.KeyPermanentlyInvalidatedException")) {
                removeSavedPassword(passwdFileUri);
            }
            Context context = this.itsContext;
            String string = context.getString(R.string.key_error, passwdFileUri.getIdentifier(context, true), e.getLocalizedMessage());
            Log.e(TAG, string, e);
            user.onAuthenticationError(2, string);
            return false;
        }
    }
}
