package de.jepfa.yapm.service.secret;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.StrongBoxUnavailableException;
import android.util.Log;
import androidx.constraintlayout.core.motion.utils.TypedValues;
import de.jepfa.yapm.model.Validable;
import de.jepfa.yapm.model.encrypted.CipherAlgorithm;
import de.jepfa.yapm.model.encrypted.CipherAlgorithmKt;
import de.jepfa.yapm.model.encrypted.EncCredential;
import de.jepfa.yapm.model.encrypted.Encrypted;
import de.jepfa.yapm.model.encrypted.EncryptedType;
import de.jepfa.yapm.model.secret.Key;
import de.jepfa.yapm.model.secret.Password;
import de.jepfa.yapm.model.secret.SecretKeyHolder;
import de.jepfa.yapm.service.PreferenceService;
import de.jepfa.yapm.service.biometrix.BiometricUtils;
import de.jepfa.yapm.ui.nfc.NfcActivity;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;

/* compiled from: SecretService.kt */
@Metadata(d1 = {"\u0000~\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\t\n\u0002\u0010\b\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0002\bÆ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u001e\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\u000b2\u0006\u0010\r\u001a\u00020\u000b2\u0006\u0010\u000e\u001a\u00020\u000fJ\u0016\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u000f2\u0006\u0010\u0013\u001a\u00020\u0014J\u0016\u0010\u0015\u001a\u00020\u00042\u0006\u0010\u0016\u001a\u00020\u00112\u0006\u0010\u0017\u001a\u00020\u0018J\u0018\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u0016\u001a\u00020\u00112\u0006\u0010\u0017\u001a\u00020\u0018H\u0002J\u0016\u0010\u001b\u001a\u00020\u00182\u0006\u0010\u0016\u001a\u00020\u00112\u0006\u0010\u0017\u001a\u00020\u0018J\u0016\u0010\u001c\u001a\u00020\u000f2\u0006\u0010\u0016\u001a\u00020\u00112\u0006\u0010\u0017\u001a\u00020\u0018J\u0016\u0010\u001d\u001a\u00020\u000b2\u0006\u0010\u0016\u001a\u00020\u00112\u0006\u0010\u0017\u001a\u00020\u0018J\u0016\u0010\u001e\u001a\u00020\u00182\u0006\u0010\u0016\u001a\u00020\u00112\u0006\u0010\u001f\u001a\u00020\u0004J\"\u0010 \u001a\u00020\u00182\b\u0010!\u001a\u0004\u0018\u00010\"2\u0006\u0010\u0016\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u001aH\u0002J\u0016\u0010#\u001a\u00020\u00182\u0006\u0010\u0016\u001a\u00020\u00112\u0006\u0010\u0017\u001a\u00020\u0018J\u001e\u0010$\u001a\u00020\u00182\u0006\u0010!\u001a\u00020\"2\u0006\u0010\u0016\u001a\u00020\u00112\u0006\u0010%\u001a\u00020\u000fJ\u0016\u0010$\u001a\u00020\u00182\u0006\u0010\u0016\u001a\u00020\u00112\u0006\u0010%\u001a\u00020\u000fJ\u001e\u0010&\u001a\u00020\u00182\u0006\u0010!\u001a\u00020\"2\u0006\u0010\u0016\u001a\u00020\u00112\u0006\u0010'\u001a\u00020\u000bJ\u0016\u0010&\u001a\u00020\u00182\u0006\u0010\u0016\u001a\u00020\u00112\u0006\u0010'\u001a\u00020\u000bJ\u0016\u0010(\u001a\u00020\u000f2\u0006\u0010\u0012\u001a\u00020\u001a2\u0006\u0010\u000e\u001a\u00020\u000fJ\u001e\u0010)\u001a\u00020\u00112\u0006\u0010'\u001a\u00020\u000b2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0013\u001a\u00020\u0014J(\u0010*\u001a\u00020\u00112\u0006\u0010'\u001a\u00020\u000b2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010+\u001a\u00020,2\u0006\u0010\u0013\u001a\u00020\u0014H\u0002J\u000e\u0010-\u001a\u00020\u000f2\u0006\u0010.\u001a\u00020,J\u001e\u0010/\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u000f2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0013\u001a\u00020\u0014J\u001e\u0010/\u001a\u00020\u00112\u0006\u0010'\u001a\u00020\u000b2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0013\u001a\u00020\u0014J\u0016\u00100\u001a\u00020\u00112\u0006\u00101\u001a\u0002022\u0006\u00103\u001a\u000204J\u000e\u00105\u001a\u00020\u00142\u0006\u00103\u001a\u000204J\u000e\u00106\u001a\u0002072\u0006\u00103\u001a\u000204J\u0018\u00108\u001a\u0002092\u0006\u00101\u001a\u0002022\u0006\u00103\u001a\u000204H\u0002J\u000e\u0010:\u001a\u00020;2\u0006\u00101\u001a\u000202J\u0016\u0010<\u001a\u00020\u000f2\u0006\u0010\u0016\u001a\u00020\u00112\u0006\u0010\u000e\u001a\u00020\u000fR\u000e\u0010\u0003\u001a\u00020\u0004X\u0082D¢\u0006\u0002\n\u0000R\u0016\u0010\u0005\u001a\n \u0007*\u0004\u0018\u00010\u00060\u0006X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006="}, d2 = {"Lde/jepfa/yapm/service/secret/SecretService;", "", "()V", "ANDROID_KEY_STORE", "", "androidKeyStore", "Ljava/security/KeyStore;", "kotlin.jvm.PlatformType", "random", "Ljava/security/SecureRandom;", "conjunctPasswords", "Lde/jepfa/yapm/model/secret/Password;", "password1", "password2", "salt", "Lde/jepfa/yapm/model/secret/Key;", "createSecretKey", "Lde/jepfa/yapm/model/secret/SecretKeyHolder;", NfcActivity.EXTRA_DATA, "cipherAlgorithm", "Lde/jepfa/yapm/model/encrypted/CipherAlgorithm;", "decryptCommonString", "secretKeyHolder", "encrypted", "Lde/jepfa/yapm/model/encrypted/Encrypted;", "decryptData", "", "decryptEncrypted", "decryptKey", "decryptPassword", "encryptCommonString", TypedValues.Custom.S_STRING, "encryptData", "type", "Lde/jepfa/yapm/model/encrypted/EncryptedType;", "encryptEncrypted", "encryptKey", "key", "encryptPassword", EncCredential.ATTRIB_PASSWORD, "fastHash", "generateNormalSecretKey", "generatePBESecretKey", "iterations", "", "generateRandomKey", "length", "generateStrongSecretKey", "getAndroidSecretKey", "androidKey", "Lde/jepfa/yapm/service/secret/AndroidKey;", "context", "Landroid/content/Context;", "getCipherAlgorithm", "hasStrongBoxSupport", "", "initAndroidSecretKey", "Ljavax/crypto/SecretKey;", "removeAndroidSecretKey", "", "secretKeyToKey", "app_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
/* loaded from: classes.dex */
public final class SecretService {
    public static final SecretService INSTANCE = new SecretService();
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final SecureRandom random = new SecureRandom();
    private static final KeyStore androidKeyStore = KeyStore.getInstance("AndroidKeyStore");

    private SecretService() {
    }

    private final byte[] decryptData(SecretKeyHolder secretKeyHolder, Encrypted encrypted) {
        if (encrypted.isEmpty()) {
            Log.e("SS", "empty encrypted");
            return Validable.INSTANCE.getFAILED_BYTE_ARRAY();
        }
        if (secretKeyHolder.getCipherAlgorithm() != encrypted.getCipherAlgorithm()) {
            Log.e("SS", "cipher algorithm mismatch");
            return Validable.INSTANCE.getFAILED_BYTE_ARRAY();
        }
        try {
            byte[] iv = encrypted.getIv();
            byte[] data = encrypted.getData();
            Cipher cipher = Cipher.getInstance(encrypted.getCipherAlgorithm().getCipherName());
            if (secretKeyHolder.getCipherAlgorithm().getGcmSupport()) {
                cipher.init(2, secretKeyHolder.getSecretKey(), new GCMParameterSpec(128, iv));
            } else {
                cipher.init(2, secretKeyHolder.getSecretKey(), new IvParameterSpec(iv));
            }
            byte[] doFinal = cipher.doFinal(data);
            Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(encryptedData)");
            return doFinal;
        } catch (GeneralSecurityException unused) {
            Log.e("SS", "unable to decrypt");
            return Validable.INSTANCE.getFAILED_BYTE_ARRAY();
        }
    }

    private final Encrypted encryptData(EncryptedType type, SecretKeyHolder secretKeyHolder, byte[] data) {
        Cipher cipher = Cipher.getInstance(secretKeyHolder.getCipherAlgorithm().getCipherName());
        Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(secretKeyHol…pherAlgorithm.cipherName)");
        if (secretKeyHolder.getCipherAlgorithm().getIntegratedIvSupport()) {
            cipher.init(1, secretKeyHolder.getSecretKey());
        } else {
            byte[] bArr = new byte[cipher.getBlockSize()];
            random.nextBytes(bArr);
            cipher.init(1, secretKeyHolder.getSecretKey(), new IvParameterSpec(bArr));
        }
        byte[] iv = cipher.getIV();
        Intrinsics.checkNotNullExpressionValue(iv, "cipher.iv");
        byte[] doFinal = cipher.doFinal(data);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(data)");
        return new Encrypted(type, iv, doFinal, secretKeyHolder.getCipherAlgorithm());
    }

    private final SecretKeyHolder generatePBESecretKey(Password password, Key salt, int iterations, CipherAlgorithm cipherAlgorithm) {
        PBEKeySpec pBEKeySpec = new PBEKeySpec(password.toEncodedCharArray(), salt.getData(), iterations, cipherAlgorithm.getKeyLength());
        try {
            SecretKey generateSecret = SecretKeyFactory.getInstance(cipherAlgorithm.getSecretKeyAlgorithm()).generateSecret(pBEKeySpec);
            Intrinsics.checkNotNullExpressionValue(generateSecret, "factory.generateSecret(keySpec)");
            return new SecretKeyHolder(generateSecret, cipherAlgorithm);
        } finally {
            pBEKeySpec.clearPassword();
        }
    }

    private final SecretKey initAndroidSecretKey(AndroidKey androidKey, Context context) {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEY_STORE);
        KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder(androidKey.getAlias(), 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding");
        Intrinsics.checkNotNullExpressionValue(encryptionPaddings, "Builder(androidKey.alias….ENCRYPTION_PADDING_NONE)");
        if (Build.VERSION.SDK_INT >= 28) {
            encryptionPaddings.setIsStrongBoxBacked(androidKey.getBoxed() && hasStrongBoxSupport(context)).setUnlockedDeviceRequired(true);
            if (androidKey.getRequireUserAuth() && BiometricUtils.INSTANCE.isFingerprintAvailable(context)) {
                encryptionPaddings.setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(-1).setInvalidatedByBiometricEnrollment(true);
            }
        }
        if (Build.VERSION.SDK_INT < 28) {
            keyGenerator.init(encryptionPaddings.build());
            SecretKey generateKey = keyGenerator.generateKey();
            Intrinsics.checkNotNullExpressionValue(generateKey, "keyGenerator.generateKey()");
            return generateKey;
        }
        try {
            keyGenerator.init(encryptionPaddings.build());
            SecretKey generateKey2 = keyGenerator.generateKey();
            Intrinsics.checkNotNullExpressionValue(generateKey2, "keyGenerator.generateKey()");
            return generateKey2;
        } catch (StrongBoxUnavailableException e) {
            Log.w("SS", "Strong box not supported, falling back to without it", e);
            encryptionPaddings.setIsStrongBoxBacked(false);
            keyGenerator.init(encryptionPaddings.build());
            SecretKey generateKey3 = keyGenerator.generateKey();
            Intrinsics.checkNotNullExpressionValue(generateKey3, "keyGenerator.generateKey()");
            return generateKey3;
        }
    }

    public final Password conjunctPasswords(Password password1, Password password2, Key salt) {
        Intrinsics.checkNotNullParameter(password1, "password1");
        Intrinsics.checkNotNullParameter(password2, "password2");
        Intrinsics.checkNotNullParameter(salt, "salt");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(salt.getData());
        messageDigest.update(password1.toByteArray());
        messageDigest.update(password2.toByteArray());
        byte[] digest = messageDigest.digest();
        Intrinsics.checkNotNullExpressionValue(digest, "digest");
        ArrayList arrayList = new ArrayList(digest.length);
        for (byte b : digest) {
            arrayList.add(Character.valueOf((char) b));
        }
        return new Password(CollectionsKt.toCharArray(arrayList));
    }

    public final SecretKeyHolder createSecretKey(Key data, CipherAlgorithm cipherAlgorithm) {
        Intrinsics.checkNotNullParameter(data, "data");
        Intrinsics.checkNotNullParameter(cipherAlgorithm, "cipherAlgorithm");
        byte[] copyOf = Arrays.copyOf(data.getData(), cipherAlgorithm.getKeyLength() / 8);
        Intrinsics.checkNotNullExpressionValue(copyOf, "copyOf(this, newSize)");
        return new SecretKeyHolder(new SecretKeySpec(copyOf, cipherAlgorithm.getSecretKeyAlgorithm()), cipherAlgorithm);
    }

    public final String decryptCommonString(SecretKeyHolder secretKeyHolder, Encrypted encrypted) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(encrypted, "encrypted");
        return new String(decryptData(secretKeyHolder, encrypted), Charsets.UTF_8);
    }

    public final Encrypted decryptEncrypted(SecretKeyHolder secretKeyHolder, Encrypted encrypted) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(encrypted, "encrypted");
        return Encrypted.INSTANCE.fromBase64(decryptData(secretKeyHolder, encrypted));
    }

    public final Key decryptKey(SecretKeyHolder secretKeyHolder, Encrypted encrypted) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(encrypted, "encrypted");
        return new Key(decryptData(secretKeyHolder, encrypted));
    }

    public final Password decryptPassword(SecretKeyHolder secretKeyHolder, Encrypted encrypted) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(encrypted, "encrypted");
        return new Password(decryptData(secretKeyHolder, encrypted));
    }

    public final Encrypted encryptCommonString(SecretKeyHolder secretKeyHolder, String string) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(string, "string");
        byte[] bytes = string.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        return encryptData(null, secretKeyHolder, bytes);
    }

    public final Encrypted encryptEncrypted(SecretKeyHolder secretKeyHolder, Encrypted encrypted) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(encrypted, "encrypted");
        return encryptData(encrypted.getType(), secretKeyHolder, encrypted.toBase64());
    }

    public final Encrypted encryptKey(EncryptedType type, SecretKeyHolder secretKeyHolder, Key key) {
        Intrinsics.checkNotNullParameter(type, "type");
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(key, "key");
        return encryptData(type, secretKeyHolder, key.getData());
    }

    public final Encrypted encryptKey(SecretKeyHolder secretKeyHolder, Key key) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(key, "key");
        return encryptData(null, secretKeyHolder, key.getData());
    }

    public final Encrypted encryptPassword(EncryptedType type, SecretKeyHolder secretKeyHolder, Password password) {
        Intrinsics.checkNotNullParameter(type, "type");
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(password, "password");
        return encryptData(type, secretKeyHolder, password.toByteArray());
    }

    public final Encrypted encryptPassword(SecretKeyHolder secretKeyHolder, Password password) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(password, "password");
        return encryptData(null, secretKeyHolder, password.toByteArray());
    }

    public final Key fastHash(byte[] data, Key salt) {
        Intrinsics.checkNotNullParameter(data, "data");
        Intrinsics.checkNotNullParameter(salt, "salt");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(salt.getData());
        messageDigest.update(data);
        byte[] digest = messageDigest.digest();
        Intrinsics.checkNotNullExpressionValue(digest, "digest");
        return new Key(digest);
    }

    public final SecretKeyHolder generateNormalSecretKey(Password password, Key salt, CipherAlgorithm cipherAlgorithm) {
        Intrinsics.checkNotNullParameter(password, "password");
        Intrinsics.checkNotNullParameter(salt, "salt");
        Intrinsics.checkNotNullParameter(cipherAlgorithm, "cipherAlgorithm");
        return generatePBESecretKey(password, salt, 1000, cipherAlgorithm);
    }

    public final Key generateRandomKey(int length) {
        byte[] bArr = new byte[length];
        random.nextBytes(bArr);
        return new Key(bArr);
    }

    public final SecretKeyHolder generateStrongSecretKey(Key data, Key salt, CipherAlgorithm cipherAlgorithm) {
        Intrinsics.checkNotNullParameter(data, "data");
        Intrinsics.checkNotNullParameter(salt, "salt");
        Intrinsics.checkNotNullParameter(cipherAlgorithm, "cipherAlgorithm");
        return generateStrongSecretKey(new Password(data), salt, cipherAlgorithm);
    }

    public final SecretKeyHolder generateStrongSecretKey(Password password, Key salt, CipherAlgorithm cipherAlgorithm) {
        Intrinsics.checkNotNullParameter(password, "password");
        Intrinsics.checkNotNullParameter(salt, "salt");
        Intrinsics.checkNotNullParameter(cipherAlgorithm, "cipherAlgorithm");
        return generatePBESecretKey(password, salt, 65536, cipherAlgorithm);
    }

    public final SecretKeyHolder getAndroidSecretKey(AndroidKey androidKey, Context context) {
        Intrinsics.checkNotNullParameter(androidKey, "androidKey");
        Intrinsics.checkNotNullParameter(context, "context");
        KeyStore keyStore = androidKeyStore;
        keyStore.load(null);
        KeyStore.Entry entry = keyStore.getEntry(androidKey.getAlias(), null);
        KeyStore.SecretKeyEntry secretKeyEntry = entry instanceof KeyStore.SecretKeyEntry ? (KeyStore.SecretKeyEntry) entry : null;
        SecretKey secretKey = secretKeyEntry != null ? secretKeyEntry.getSecretKey() : null;
        if (secretKey == null) {
            secretKey = initAndroidSecretKey(androidKey, context);
        }
        return new SecretKeyHolder(secretKey, CipherAlgorithmKt.getDEFAULT_CIPHER_ALGORITHM());
    }

    public final CipherAlgorithm getCipherAlgorithm(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        String asString = PreferenceService.INSTANCE.getAsString(PreferenceService.DATA_CIPHER_ALGORITHM, context);
        return asString == null ? CipherAlgorithmKt.getDEFAULT_CIPHER_ALGORITHM() : CipherAlgorithm.valueOf(asString);
    }

    public final boolean hasStrongBoxSupport(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        return context.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore");
    }

    public final void removeAndroidSecretKey(AndroidKey androidKey) {
        Intrinsics.checkNotNullParameter(androidKey, "androidKey");
        KeyStore keyStore = androidKeyStore;
        keyStore.load(null);
        keyStore.deleteEntry(androidKey.getAlias());
    }

    public final Key secretKeyToKey(SecretKeyHolder secretKeyHolder, Key salt) {
        Intrinsics.checkNotNullParameter(secretKeyHolder, "secretKeyHolder");
        Intrinsics.checkNotNullParameter(salt, "salt");
        byte[] encoded = secretKeyHolder.getSecretKey().getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "secretKeyHolder.secretKey.encoded");
        return fastHash(encoded, salt);
    }
}
