package com.watchdox.android.security;

import android.content.ContentValues;
import android.content.Context;
import android.content.Intent;
import android.provider.Settings;
import android.util.Base64;
import androidx.constraintlayout.motion.widget.KeyAttributes$$ExternalSyntheticOutline0;
import com.watchdox.android.WDLog;
import com.watchdox.android.sdk.R;
import com.watchdox.android.storage.SecureStorageUtils;
import com.watchdox.android.storage.contentprovider.DocumentAnnotationsDataContract;
import com.watchdox.android.utils.WatchdoxSDKUtils;
import com.watchdox.android.watchdoxapi.utils.HashUtils;
import com.watchdox.android.watchdoxapi.utils.ParameterVerifier;
import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class WatchdoxSecureDataCrypter {
    static String CIPHER_MODE_PADDING = "AES/CBC/PKCS7Padding";
    private static final boolean DEV_PLAIN_TEXT = false;
    private static final String TAG = "com.watchdox.android.security.WatchdoxSecureDataCrypter";
    private static boolean bIsFirstRunForAlgorithmChangeCheck = true;
    private static IvParameterSpec ivParameterSpec;
    private static WatchdoxSecureDataCrypter mDataCrypter;
    private Cipher mDecryptCipher;
    private Cipher mEncryptCipher;
    private static final Object mLoadContentKeyLock = new Object();
    private static final Object mEncryptContentKeyLock = new Object();
    private static final Object mDecryptContentKeyLock = new Object();
    private Key mContentCryptKey = null;
    private byte[] mPassphraseOrPIN = null;

    private WatchdoxSecureDataCrypter() {
        try {
            this.mEncryptCipher = Cipher.getInstance(CIPHER_MODE_PADDING);
            this.mDecryptCipher = Cipher.getInstance(CIPHER_MODE_PADDING);
        } catch (NoSuchAlgorithmException e) {
            WDLog.printStackTrace(e);
        } catch (NoSuchPaddingException e2) {
            WDLog.printStackTrace(e2);
        }
    }

    public static byte[] decrypt(Context context, byte[] bArr, Key key) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        byte[] bArr2;
        ParameterVerifier.verifyNotNull(key, "Key cannot be null");
        synchronized (mDecryptContentKeyLock) {
            Cipher cipher = getInstance().mDecryptCipher;
            try {
                cipher.init(2, key, getIvParameterSpec(context));
                bArr2 = cipher.doFinal(bArr);
            } catch (Exception e) {
                WDLog.debug(WatchdoxSecureDataCrypter.class, "Could not dec " + e.getMessage());
                bArr2 = null;
            }
        }
        return bArr2;
    }

    private static void deleteContentKey(Context context) {
        SecureStorageUtils.delete(WatchdoxSDKUtils.isGoodFSSupported(), getContentKeyFilePath(context));
    }

    public static byte[] encrypt(Context context, byte[] bArr, Key key) throws NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, InvalidKeyException {
        byte[] bArr2;
        ParameterVerifier.verifyNotNull(key, "Key cannot be null");
        synchronized (mEncryptContentKeyLock) {
            Cipher cipher = getInstance().mEncryptCipher;
            try {
                cipher.init(1, key, getIvParameterSpec(context));
                bArr2 = cipher.doFinal(bArr);
            } catch (Exception e) {
                onExceptionInCrypter(context);
                WDLog.printStackTrace(e);
                bArr2 = null;
            }
        }
        return bArr2;
    }

    private static Key generateKeyFromPassCode(Context context, byte[] bArr) {
        return generateKeyFromPassCode(context, bArr, true);
    }

    private static Key generateKeyFromPassCode(Context context, byte[] bArr, boolean z) {
        SecretKeySpec secretKeySpec;
        try {
            byte[] saltForPasscode = getSaltForPasscode(context);
            if (z) {
                secretKeySpec = new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1And8bit").generateSecret(new PBEKeySpec((new String(bArr) + HashUtils.getBcryptHash(bArr, context)).toCharArray(), saltForPasscode, 10000, 256)).getEncoded(), "AES");
            } else {
                secretKeySpec = new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(new String(bArr).toCharArray(), saltForPasscode, 10000, 256)).getEncoded(), "AES");
            }
            return secretKeySpec;
        } catch (NoSuchAlgorithmException | InvalidKeySpecException | Exception unused) {
            return null;
        }
    }

    private static Key generateNewContentKey() throws NoSuchAlgorithmException {
        SecureRandom secureRandom = new SecureRandom();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256, secureRandom);
        return keyGenerator.generateKey();
    }

    private String getCharSet() {
        return Charset.defaultCharset().name();
    }

    private static Key getContentKey(Context context, Key key) {
        Key loadContentKey = loadContentKey(context, key);
        if (loadContentKey != null) {
            return loadContentKey;
        }
        if (bIsFirstRunForAlgorithmChangeCheck) {
            return null;
        }
        try {
            loadContentKey = generateNewContentKey();
            storeContentKey(context, key, loadContentKey);
            return loadContentKey;
        } catch (NoSuchAlgorithmException unused) {
            return loadContentKey;
        }
    }

    private static String getContentKeyFilePath(Context context) {
        if (WatchdoxSDKUtils.isGoodFSSupported()) {
            return "raw.asc";
        }
        StringBuilder sb = new StringBuilder();
        sb.append(context.getFilesDir());
        return KeyAttributes$$ExternalSyntheticOutline0.m(sb, File.separator, "raw.asc");
    }

    /* JADX WARN: Removed duplicated region for block: B:5:0x0052  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x005a A[RETURN] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.security.Key getContentKeyFromStore(android.content.Context r5) {
        /*
            java.lang.String r5 = getContentKeyFilePath(r5)
            boolean r0 = com.watchdox.android.utils.WatchdoxSDKUtils.isGoodFSSupported()
            java.io.File r5 = com.watchdox.android.storage.SecureStorageUtils.createFile(r0, r5)
            boolean r0 = r5.exists()
            r1 = 0
            if (r0 == 0) goto L4f
            boolean r0 = com.watchdox.android.utils.WatchdoxSDKUtils.isGoodFSSupported()     // Catch: java.io.IOException -> L42 java.io.FileNotFoundException -> L48
            java.io.InputStream r0 = com.watchdox.android.storage.SecureStorageUtils.createInputStream(r0, r5)     // Catch: java.io.IOException -> L42 java.io.FileNotFoundException -> L48
            if (r0 == 0) goto L4f
            boolean r2 = com.watchdox.android.utils.WatchdoxSDKUtils.isGoodFSSupported()     // Catch: java.io.IOException -> L42 java.io.FileNotFoundException -> L48
            if (r2 == 0) goto L2a
            int r5 = r0.available()     // Catch: java.io.IOException -> L42 java.io.FileNotFoundException -> L48
            byte[] r5 = new byte[r5]     // Catch: java.io.IOException -> L42 java.io.FileNotFoundException -> L48
            goto L31
        L2a:
            long r2 = r5.length()     // Catch: java.io.IOException -> L42 java.io.FileNotFoundException -> L48
            int r5 = (int) r2     // Catch: java.io.IOException -> L42 java.io.FileNotFoundException -> L48
            byte[] r5 = new byte[r5]     // Catch: java.io.IOException -> L42 java.io.FileNotFoundException -> L48
        L31:
            r0.read(r5)     // Catch: java.io.IOException -> L38 java.io.FileNotFoundException -> L3d
            r0.close()     // Catch: java.io.IOException -> L38 java.io.FileNotFoundException -> L3d
            goto L50
        L38:
            r0 = move-exception
            r4 = r0
            r0 = r5
            r5 = r4
            goto L44
        L3d:
            r0 = move-exception
            r4 = r0
            r0 = r5
            r5 = r4
            goto L4a
        L42:
            r5 = move-exception
            r0 = r1
        L44:
            com.watchdox.android.WDLog.printStackTrace(r5)
            goto L4d
        L48:
            r5 = move-exception
            r0 = r1
        L4a:
            com.watchdox.android.WDLog.printStackTrace(r5)
        L4d:
            r5 = r0
            goto L50
        L4f:
            r5 = r1
        L50:
            if (r5 == 0) goto L5a
            javax.crypto.spec.SecretKeySpec r0 = new javax.crypto.spec.SecretKeySpec
            java.lang.String r1 = com.watchdox.android.security.WatchdoxSecureDataCrypter.CIPHER_MODE_PADDING
            r0.<init>(r5, r1)
            return r0
        L5a:
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: com.watchdox.android.security.WatchdoxSecureDataCrypter.getContentKeyFromStore(android.content.Context):java.security.Key");
    }

    public static WatchdoxSecureDataCrypter getInstance() {
        if (mDataCrypter == null) {
            synchronized (mLoadContentKeyLock) {
                mDataCrypter = new WatchdoxSecureDataCrypter();
            }
        }
        return mDataCrypter;
    }

    private static byte[] getIvByte(Context context) {
        byte[] bArr = {-32, 79, -48, 32, -22, 58, 105, 16, -94, -40, 8, 0, 43, 48, 48, -99};
        byte[] saltForPasscode = getSaltForPasscode(context);
        for (int i = 0; i < saltForPasscode.length && i < 16; i++) {
            bArr[i] = (byte) (bArr[i] | saltForPasscode[i]);
        }
        return bArr;
    }

    private static IvParameterSpec getIvParameterSpec(Context context) {
        if (ivParameterSpec == null) {
            ivParameterSpec = new IvParameterSpec(getIvByte(context));
        }
        return ivParameterSpec;
    }

    private static byte[] getSaltForPasscode(Context context) {
        return Settings.Secure.getString(context.getContentResolver(), "android_id").getBytes();
    }

    private static Key loadContentKey(Context context, Key key) {
        Key contentKeyFromStore = getContentKeyFromStore(context);
        if (contentKeyFromStore == null) {
            return null;
        }
        try {
            byte[] decrypt = decrypt(context, contentKeyFromStore.getEncoded(), key);
            if (decrypt == null) {
                return null;
            }
            return new SecretKeySpec(decrypt, CIPHER_MODE_PADDING);
        } catch (InvalidKeyException e) {
            onExceptionInCrypter(context);
            WDLog.printStackTrace(e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            onExceptionInCrypter(context);
            WDLog.printStackTrace(e2);
            return null;
        } catch (BadPaddingException e3) {
            onExceptionInCrypter(context);
            WDLog.printStackTrace(e3);
            return null;
        } catch (IllegalBlockSizeException e4) {
            onExceptionInCrypter(context);
            WDLog.printStackTrace(e4);
            return null;
        } catch (NoSuchPaddingException e5) {
            onExceptionInCrypter(context);
            WDLog.printStackTrace(e5);
            return null;
        }
    }

    private boolean loadContentKey(Context context) {
        if (this.mContentCryptKey == null) {
            synchronized (mLoadContentKeyLock) {
                Key contentKey = getContentKey(context, generateKeyFromPassCode(context, this.mPassphraseOrPIN));
                this.mContentCryptKey = contentKey;
                if (bIsFirstRunForAlgorithmChangeCheck) {
                    bIsFirstRunForAlgorithmChangeCheck = false;
                    if (contentKey == null) {
                        this.mContentCryptKey = getContentKey(context, generateKeyFromPassCode(context, this.mPassphraseOrPIN, false));
                    }
                }
            }
        }
        return this.mContentCryptKey != null;
    }

    private static void onExceptionInCrypter(Context context) {
        Intent intent = new Intent(context, (Class<?>) SecurityExceptionActivity.class);
        intent.addFlags(67108864);
        intent.addFlags(268435456);
        context.startActivity(intent);
    }

    private static boolean putContentKeyInStore(Context context, byte[] bArr) {
        try {
            OutputStream createOutputStream = SecureStorageUtils.createOutputStream(WatchdoxSDKUtils.isGoodFSSupported(), getContentKeyFilePath(context));
            if (createOutputStream == null) {
                return true;
            }
            createOutputStream.write(bArr);
            createOutputStream.close();
            return true;
        } catch (IOException e) {
            WDLog.printStackTrace(e);
            return false;
        }
    }

    public static void resetDataCrypter(Context context) {
        deleteContentKey(context);
        mDataCrypter = null;
        ivParameterSpec = null;
    }

    private static boolean storeContentKey(Context context, Key key, Key key2) {
        try {
            return putContentKeyInStore(context, encrypt(context, key2.getEncoded(), key));
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException unused) {
            return false;
        }
    }

    public byte[] decrypt(Context context, byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        ParameterVerifier.verifyBooleanTrue(isInitialized(), "Initialize using init before calling decrypt");
        loadContentKey(context);
        return decrypt(context, bArr, this.mContentCryptKey);
    }

    public String decryptString(Context context, String str) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException {
        ParameterVerifier.verifyNotNull(context, "Context cannot be passed null");
        ParameterVerifier.verifyNonEmptyString(str, "Empty value cannot be decrypted");
        return new String(decrypt(context, Base64.decode(str.getBytes(getCharSet()), 0)), getCharSet());
    }

    public byte[] encrypt(Context context, byte[] bArr) throws NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, InvalidKeyException {
        ParameterVerifier.verifyBooleanTrue(isInitialized(), "Initialize using init before calling encrypt");
        loadContentKey(context);
        return encrypt(context, bArr, this.mContentCryptKey);
    }

    public ContentValues encryptContentValueForDocumentAnnotation(Context context, ContentValues contentValues) throws Exception {
        ParameterVerifier.verifyNotNull(context, "context cannot be null");
        if (!isInitialized()) {
            return null;
        }
        if (contentValues.containsKey("guid")) {
            contentValues.put("guid", HashUtils.getSHAHashString(contentValues.getAsString("guid")));
        }
        if (contentValues.containsKey(DocumentAnnotationsDataContract.DocumentAnnotationsColumns.ANNOTATION_JSON)) {
            contentValues.put(DocumentAnnotationsDataContract.DocumentAnnotationsColumns.ANNOTATION_JSON, encryptString(context, contentValues.getAsString(DocumentAnnotationsDataContract.DocumentAnnotationsColumns.ANNOTATION_JSON)));
        }
        if (contentValues.containsKey(DocumentAnnotationsDataContract.DocumentAnnotationsColumns.EXTRA1)) {
            contentValues.put(DocumentAnnotationsDataContract.DocumentAnnotationsColumns.EXTRA1, encryptString(context, contentValues.getAsString(DocumentAnnotationsDataContract.DocumentAnnotationsColumns.EXTRA1)));
        }
        return contentValues;
    }

    public ContentValues encryptContentValueForDocumentAnnotationUser(Context context, ContentValues contentValues) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException {
        ParameterVerifier.verifyNotNull(context, "context cannot be null");
        if (!isInitialized()) {
            return null;
        }
        if (contentValues.containsKey(DocumentAnnotationsDataContract.DocumentAnnotationUsersColumns.ANNOTER_ID)) {
            contentValues.put(DocumentAnnotationsDataContract.DocumentAnnotationUsersColumns.ANNOTER_ID, encryptString(context, contentValues.getAsString(DocumentAnnotationsDataContract.DocumentAnnotationUsersColumns.ANNOTER_ID)));
        }
        if (contentValues.containsKey("guid")) {
            contentValues.put("guid", HashUtils.getSHAHashString(contentValues.getAsString("guid")));
        }
        return contentValues;
    }

    public String encryptString(Context context, String str) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException {
        ParameterVerifier.verifyNotNull(context, "Context cannot be passed null");
        ParameterVerifier.verifyNonEmptyString(str, "Empty value cannot be encrypted");
        return new String(Base64.encode(encrypt(context, str.getBytes(getCharSet())), 0), getCharSet());
    }

    public String getKeyForDB(Context context) {
        if (!context.getString(R.string.encrypt_db).equals("true")) {
            return "";
        }
        try {
            if (this.mContentCryptKey == null) {
                loadContentKey(context);
            }
            return Base64.encodeToString(this.mContentCryptKey.getEncoded(), 0);
        } catch (Exception e) {
            WDLog.printStackTrace(e);
            return null;
        }
    }

    public boolean init(Context context, byte[] bArr) {
        this.mPassphraseOrPIN = bArr;
        return bArr != null;
    }

    public boolean isInitialized() {
        return this.mPassphraseOrPIN != null;
    }

    public boolean onPasscodeChanged(Context context, byte[] bArr, byte[] bArr2) {
        ParameterVerifier.verifyNotNull(bArr, "Earlier passcode cannot be null");
        ParameterVerifier.verifyNotNull(bArr2, "New passcode cannot be null");
        Key generateKeyFromPassCode = generateKeyFromPassCode(context, bArr2);
        loadContentKey(context);
        boolean storeContentKey = storeContentKey(context, generateKeyFromPassCode, this.mContentCryptKey);
        this.mPassphraseOrPIN = bArr2;
        return storeContentKey;
    }
}
