package io.enpass.app.fingerprint;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Handler;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Pair;
import android.widget.Toast;
import androidx.credentials.exceptions.publickeycredential.DomExceptionUtils;
import io.enpass.app.EnpassApplication;
import io.enpass.app.Utils;
import io.enpass.app.fingerprint.FingerprintBiometricView;
import io.enpass.app.helper.CoreCommandUtils;
import io.enpass.app.helper.DisplayUtils;
import io.enpass.app.helper.EnpassUtils;
import io.enpass.app.helper.HelperUtils;
import io.enpass.app.helper.LogUtils;
import io.enpass.app.helper.PrefManager;
import io.enpass.app.helper.cmd.CoreConstantsUI;
import io.enpass.app.vault.VaultSharedPrefs;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidParameterSpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes3.dex */
public class FingerprintKeyStoreHelper {
    static String IV_FILE = "iv_file";
    static String KEY_NAME = "io.enpass.app";
    static String NEW_KEY_NAME = "enpass.app";
    private static int PREFERRED_LENGTH = 100;
    public static final String UPDATED_DERIVED_KEY_PREF_NAME = "updated_derived_key_file";
    private static final String UPDATE_DERIVED_KEY_IV_FILE = "iv_updated_derived_key";
    static Cipher mCipher;
    static Context mContext;
    static Cipher mDecryptCipher;
    static KeyGenerator mKeyGenerator;
    static KeyStore mKeyStore;

    /* JADX INFO: Access modifiers changed from: protected */
    public static void createNewKey() {
        try {
            try {
                mKeyGenerator.init(new KeyGenParameterSpec.Builder(NEW_KEY_NAME, 3).setBlockModes("CBC").setUserAuthenticationRequired(true).setEncryptionPaddings("PKCS7Padding").setKeySize(256).build());
                mKeyGenerator.generateKey();
            } catch (InvalidAlgorithmParameterException e) {
                LogUtils.e(e);
                Toast.makeText(mContext, "Failed to create New Key. ", 1).show();
            }
        } catch (InvalidAlgorithmParameterException unused) {
            mKeyGenerator.init(new KeyGenParameterSpec.Builder(NEW_KEY_NAME, 3).setBlockModes("CBC").setUserAuthenticationRequired(true).setEncryptionPaddings("PKCS7Padding").setKeySize(128).build());
            mKeyGenerator.generateKey();
        } catch (Exception e2) {
            LogUtils.e(e2);
        }
        try {
            if (mKeyStore.containsAlias(KEY_NAME)) {
                mKeyStore.deleteEntry(KEY_NAME);
            }
        } catch (KeyStoreException e3) {
            LogUtils.e(e3);
        }
    }

    private static boolean deleteDataFromPref() {
        PrefManager.getInstance().remove(UPDATED_DERIVED_KEY_PREF_NAME);
        int i = 1 >> 0;
        return EnpassUtils.getEnpassSharedPreferences("EncryptedData", 0).edit().remove("data").commit();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void deleteEntries() {
        try {
            mKeyStore.deleteEntry(NEW_KEY_NAME);
            deleteDataFromPref();
            File file = new File(IV_FILE);
            if (file.exists()) {
                file.delete();
            }
            mKeyStore = null;
            mKeyGenerator = null;
            mCipher = null;
            mDecryptCipher = null;
        } catch (KeyStoreException e) {
            LogUtils.e(e);
        } catch (Exception e2) {
            LogUtils.e(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Cipher getCipher() {
        return mCipher;
    }

    public static Cipher getDecryptCipher() {
        return mDecryptCipher;
    }

    private static Pair<String, String> getKeyAliasAndIvAccToMode(FingerprintBiometricView.MODE mode, boolean z) {
        String str = NEW_KEY_NAME;
        FingerprintBiometricView.MODE mode2 = FingerprintBiometricView.MODE.ENCRYPT;
        String str2 = UPDATE_DERIVED_KEY_IV_FILE;
        if (mode == mode2) {
            str2 = IV_FILE;
        } else if (mode == FingerprintBiometricView.MODE.DECRYPT) {
            if (!isDerivedKeyUpdated() || z) {
                str2 = IV_FILE;
            }
        } else if (mode != FingerprintBiometricView.MODE.UPDATE_DERIVE_KEY) {
            str2 = "";
        }
        return new Pair<>(str, str2);
    }

    public static boolean hasEncryptedFingerprintPref() {
        SharedPreferences enpassSharedPreferences = EnpassUtils.getEnpassSharedPreferences("EncryptedData", 0);
        return enpassSharedPreferences != null && enpassSharedPreferences.contains("data");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean hasKey() {
        try {
            return mKeyStore.containsAlias(NEW_KEY_NAME);
        } catch (KeyStoreException e) {
            LogUtils.e(e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean initDecryptCipher(boolean z) {
        try {
            mKeyStore.load(null);
            Pair<String, String> keyAliasAndIvAccToMode = getKeyAliasAndIvAccToMode(FingerprintBiometricView.MODE.DECRYPT, z);
            String str = (String) keyAliasAndIvAccToMode.first;
            String str2 = (String) keyAliasAndIvAccToMode.second;
            if (!TextUtils.isEmpty(str) && !TextUtils.isEmpty(str2)) {
                SecretKey secretKey = (SecretKey) mKeyStore.getKey(str, null);
                int length = (int) new File(mContext.getFilesDir() + DomExceptionUtils.SEPARATOR + str2).length();
                byte[] bArr = new byte[length];
                FileInputStream openFileInput = mContext.openFileInput(str2);
                openFileInput.read(bArr, 0, length);
                openFileInput.close();
                mDecryptCipher.init(2, secretKey, new IvParameterSpec(bArr));
                return true;
            }
        } catch (KeyPermanentlyInvalidatedException | IOException | IllegalStateException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException unused) {
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean initEncryptCipher(FingerprintBiometricView.MODE mode) {
        try {
            mKeyStore.load(null);
            Pair<String, String> keyAliasAndIvAccToMode = getKeyAliasAndIvAccToMode(mode, false);
            String str = (String) keyAliasAndIvAccToMode.first;
            String str2 = (String) keyAliasAndIvAccToMode.second;
            if (!TextUtils.isEmpty(str) && !TextUtils.isEmpty(str2)) {
                mCipher.init(1, (SecretKey) mKeyStore.getKey(str, null));
                byte[] iv = ((IvParameterSpec) mCipher.getParameters().getParameterSpec(IvParameterSpec.class)).getIV();
                FileOutputStream openFileOutput = mContext.openFileOutput(str2, 0);
                openFileOutput.write(iv);
                openFileOutput.close();
                LogUtils.d("Cipher Init encrypt mode happened successfully");
                return true;
            }
            return false;
        } catch (KeyPermanentlyInvalidatedException unused) {
            return false;
        } catch (IOException e) {
            e = e;
            LogUtils.e(e);
            new Handler().postDelayed(new Runnable() { // from class: io.enpass.app.fingerprint.FingerprintKeyStoreHelper.1
                @Override // java.lang.Runnable
                public void run() {
                    Toast.makeText(FingerprintKeyStoreHelper.mContext, "Failed to init Cipher ", 1).show();
                }
            }, 8000L);
            return false;
        } catch (InvalidKeyException e2) {
            e = e2;
            LogUtils.e(e);
            new Handler().postDelayed(new Runnable() { // from class: io.enpass.app.fingerprint.FingerprintKeyStoreHelper.1
                @Override // java.lang.Runnable
                public void run() {
                    Toast.makeText(FingerprintKeyStoreHelper.mContext, "Failed to init Cipher ", 1).show();
                }
            }, 8000L);
            return false;
        } catch (KeyStoreException e3) {
            e = e3;
            LogUtils.e(e);
            new Handler().postDelayed(new Runnable() { // from class: io.enpass.app.fingerprint.FingerprintKeyStoreHelper.1
                @Override // java.lang.Runnable
                public void run() {
                    Toast.makeText(FingerprintKeyStoreHelper.mContext, "Failed to init Cipher ", 1).show();
                }
            }, 8000L);
            return false;
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            LogUtils.e(e);
            new Handler().postDelayed(new Runnable() { // from class: io.enpass.app.fingerprint.FingerprintKeyStoreHelper.1
                @Override // java.lang.Runnable
                public void run() {
                    Toast.makeText(FingerprintKeyStoreHelper.mContext, "Failed to init Cipher ", 1).show();
                }
            }, 8000L);
            return false;
        } catch (UnrecoverableKeyException e5) {
            e = e5;
            LogUtils.e(e);
            new Handler().postDelayed(new Runnable() { // from class: io.enpass.app.fingerprint.FingerprintKeyStoreHelper.1
                @Override // java.lang.Runnable
                public void run() {
                    Toast.makeText(FingerprintKeyStoreHelper.mContext, "Failed to init Cipher ", 1).show();
                }
            }, 8000L);
            return false;
        } catch (CertificateException e6) {
            e = e6;
            LogUtils.e(e);
            new Handler().postDelayed(new Runnable() { // from class: io.enpass.app.fingerprint.FingerprintKeyStoreHelper.1
                @Override // java.lang.Runnable
                public void run() {
                    Toast.makeText(FingerprintKeyStoreHelper.mContext, "Failed to init Cipher ", 1).show();
                }
            }, 8000L);
            return false;
        } catch (InvalidParameterSpecException e7) {
            e = e7;
            LogUtils.e(e);
            new Handler().postDelayed(new Runnable() { // from class: io.enpass.app.fingerprint.FingerprintKeyStoreHelper.1
                @Override // java.lang.Runnable
                public void run() {
                    Toast.makeText(FingerprintKeyStoreHelper.mContext, "Failed to init Cipher ", 1).show();
                }
            }, 8000L);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Removed duplicated region for block: B:13:0x0038 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:18:0x0025 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:9:0x0055  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void initialize(android.content.Context r3) {
        /*
            r2 = 4
            java.security.KeyStore r0 = io.enpass.app.fingerprint.FingerprintKeyStoreHelper.mKeyStore
            r2 = 1
            if (r0 != 0) goto L1f
            java.security.KeyStore r0 = io.enpass.app.fingerprint.KeyStoreHelper.providesKeystore()     // Catch: java.lang.RuntimeException -> L13 java.security.cert.CertificateException -> L15 java.security.NoSuchAlgorithmException -> L18 java.io.IOException -> L1a
            io.enpass.app.fingerprint.FingerprintKeyStoreHelper.mKeyStore = r0     // Catch: java.lang.RuntimeException -> L13 java.security.cert.CertificateException -> L15 java.security.NoSuchAlgorithmException -> L18 java.io.IOException -> L1a
            r2 = 1
            r1 = 0
            r0.load(r1)     // Catch: java.lang.RuntimeException -> L13 java.security.cert.CertificateException -> L15 java.security.NoSuchAlgorithmException -> L18 java.io.IOException -> L1a
            r2 = 1
            goto L1f
        L13:
            r0 = move-exception
            goto L1b
        L15:
            r0 = move-exception
            r2 = 6
            goto L1b
        L18:
            r0 = move-exception
            goto L1b
        L1a:
            r0 = move-exception
        L1b:
            r2 = 5
            io.enpass.app.helper.LogUtils.e(r0)
        L1f:
            r2 = 1
            javax.crypto.KeyGenerator r0 = io.enpass.app.fingerprint.FingerprintKeyStoreHelper.mKeyGenerator
            r2 = 3
            if (r0 != 0) goto L33
            r2 = 6
            javax.crypto.KeyGenerator r0 = io.enpass.app.fingerprint.KeyStoreHelper.providesKeyGenerator()     // Catch: java.lang.RuntimeException -> L2e
            io.enpass.app.fingerprint.FingerprintKeyStoreHelper.mKeyGenerator = r0     // Catch: java.lang.RuntimeException -> L2e
            r2 = 7
            goto L33
        L2e:
            r0 = move-exception
            r2 = 0
            io.enpass.app.helper.LogUtils.e(r0)
        L33:
            r2 = 6
            javax.crypto.Cipher r0 = io.enpass.app.fingerprint.FingerprintKeyStoreHelper.mCipher
            if (r0 != 0) goto L51
            r2 = 6
            java.security.KeyStore r0 = io.enpass.app.fingerprint.FingerprintKeyStoreHelper.mKeyStore     // Catch: java.lang.RuntimeException -> L4c
            javax.crypto.Cipher r0 = io.enpass.app.fingerprint.KeyStoreHelper.providesCipher(r0)     // Catch: java.lang.RuntimeException -> L4c
            io.enpass.app.fingerprint.FingerprintKeyStoreHelper.mCipher = r0     // Catch: java.lang.RuntimeException -> L4c
            r2 = 3
            java.security.KeyStore r0 = io.enpass.app.fingerprint.FingerprintKeyStoreHelper.mKeyStore     // Catch: java.lang.RuntimeException -> L4c
            javax.crypto.Cipher r0 = io.enpass.app.fingerprint.KeyStoreHelper.providesCipher(r0)     // Catch: java.lang.RuntimeException -> L4c
            r2 = 3
            io.enpass.app.fingerprint.FingerprintKeyStoreHelper.mDecryptCipher = r0     // Catch: java.lang.RuntimeException -> L4c
            goto L51
        L4c:
            r0 = move-exception
            r2 = 3
            io.enpass.app.helper.LogUtils.e(r0)
        L51:
            android.content.Context r0 = io.enpass.app.fingerprint.FingerprintKeyStoreHelper.mContext
            if (r0 != 0) goto L58
            r2 = 4
            io.enpass.app.fingerprint.FingerprintKeyStoreHelper.mContext = r3
        L58:
            java.lang.String r3 = "phonebp lm cdriiI grseaakinasi,crecn tn ototet ieiilGhpe dtryecseerop "
            java.lang.String r3 = "Init cipher process completed, keyGenerator and cipher got initialised"
            r2 = 0
            io.enpass.app.helper.LogUtils.d(r3)
            r2 = 3
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: io.enpass.app.fingerprint.FingerprintKeyStoreHelper.initialize(android.content.Context):void");
    }

    public static boolean isDerivedKeyUpdated() {
        return !TextUtils.isEmpty(PrefManager.getInstance().get(UPDATED_DERIVED_KEY_PREF_NAME, ""));
    }

    private static byte[] readDataFromPref(boolean z) {
        return Base64.decode((!(TextUtils.isEmpty(PrefManager.getInstance().get(UPDATED_DERIVED_KEY_PREF_NAME, "")) ^ true) || z) ? EnpassApplication.getInstance().getAppSettings().getFingerprintEncryptedData() : PrefManager.getInstance().get(UPDATED_DERIVED_KEY_PREF_NAME, ""), 0);
    }

    public static boolean shouldRetryOpenDerived() {
        return (TextUtils.isEmpty(PrefManager.getInstance().get(UPDATED_DERIVED_KEY_PREF_NAME, "")) || TextUtils.isEmpty(EnpassApplication.getInstance().getAppSettings().getFingerprintEncryptedData())) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] tryDecryptData(boolean z) {
        byte[] bArr = new byte[0];
        try {
            byte[] doFinal = mDecryptCipher.doFinal(readDataFromPref(z));
            int i = doFinal[doFinal.length - 1];
            if (i != 0) {
                int i2 = PREFERRED_LENGTH;
                bArr = new byte[i2 - i];
                System.arraycopy(doFinal, 0, bArr, 0, i2 - i);
            } else {
                bArr = new byte[doFinal.length - 1];
                System.arraycopy(doFinal, 0, bArr, 0, doFinal.length - 1);
            }
        } catch (BadPaddingException e) {
            e = e;
            LogUtils.e(e);
        } catch (IllegalBlockSizeException e2) {
            e = e2;
            LogUtils.e(e);
        } catch (Exception e3) {
            LogUtils.e(e3);
        }
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean tryEncryptData(boolean z) {
        boolean writeDataToPref;
        try {
            LogUtils.d("Inside tryEncryptData function");
            String masterTeamId = EnpassApplication.getInstance().getMasterTeamId();
            String masterVaultUid = Utils.getMasterVaultUid();
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("vault_uuid", masterVaultUid);
            jSONObject.put("team_id", masterTeamId);
            String str = CoreConstantsUI.COMMAND_ACTION_GET_DERIVED_KEY_FOR_VAULT;
            if (z) {
                str = CoreConstantsUI.COMMAND_GET_UPGRADED_DERIVED_KEY_VAULT;
            }
            Pair<byte[], String> processSecure = EnpassApplication.getInstance().getBridgeInstance().processSecure(CoreCommandUtils.makeBridgeInstanceCommand(str, CoreConstantsUI.COMMAND_TYPE_SECURE_DATA, jSONObject));
            if (processSecure == null) {
                LogUtils.d("FingerPrintHelper", "Pair returned null from process Secure command");
                DisplayUtils.showGenericErrorToast();
                return false;
            }
            byte[] bArr = (byte[]) processSecure.first;
            if (bArr == null) {
                LogUtils.d("Derived Key returned null from Core side");
                return false;
            }
            if (z) {
                DerivedKeyCache.storeTempDerivedKey((byte[]) bArr.clone());
            }
            int length = bArr.length;
            int i = PREFERRED_LENGTH;
            if (length < i) {
                byte[] bArr2 = new byte[i + 1];
                SecureRandom secureRandom = new SecureRandom();
                int length2 = PREFERRED_LENGTH - bArr.length;
                int i2 = length2 + 1;
                byte[] bArr3 = new byte[i2];
                secureRandom.nextBytes(bArr3);
                bArr3[length2] = (byte) length2;
                System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
                System.arraycopy(bArr3, 0, bArr2, bArr.length, i2);
                byte[] doFinal = mCipher.doFinal(bArr2);
                LogUtils.d("Derived Key encrypted with keygen");
                writeDataToPref = writeDataToPref(doFinal, z);
                HelperUtils.wipeByteArray(doFinal);
                HelperUtils.wipeByteArray(bArr2);
            } else {
                byte[] bArr4 = new byte[bArr.length + 1];
                System.arraycopy(bArr, 0, bArr4, 0, bArr.length);
                bArr4[bArr.length] = 0;
                byte[] doFinal2 = mCipher.doFinal(bArr4);
                writeDataToPref = writeDataToPref(doFinal2, z);
                HelperUtils.wipeByteArray(doFinal2);
                HelperUtils.wipeByteArray(bArr4);
            }
            HelperUtils.wipeByteArray(bArr);
            return writeDataToPref;
        } catch (BadPaddingException e) {
            e = e;
            LogUtils.e(e);
            LogUtils.d("Failed to encrypt the data with the generated key.");
            return false;
        } catch (IllegalBlockSizeException e2) {
            e = e2;
            LogUtils.e(e);
            LogUtils.d("Failed to encrypt the data with the generated key.");
            return false;
        } catch (JSONException e3) {
            e = e3;
            LogUtils.e(e);
            LogUtils.d("Failed to encrypt the data with the generated key.");
            return false;
        }
    }

    private static boolean writeDataToPref(byte[] bArr, boolean z) {
        String encodeToString = Base64.encodeToString(bArr, 0);
        if (TextUtils.isEmpty(encodeToString)) {
            return false;
        }
        if (z) {
            LogUtils.d("Updated Encrypted Derived Key set to Preferences with value = " + encodeToString);
            PrefManager.getInstance().set(UPDATED_DERIVED_KEY_PREF_NAME, encodeToString);
        } else {
            LogUtils.d("Encrypted Derived Key saved to Preferences = " + encodeToString);
            EnpassApplication.getInstance().getAppSettings().setFingerprintEncryptedData(encodeToString);
        }
        VaultSharedPrefs.setDerivedKey();
        return true;
    }
}
