package com.sybase.persistence;

import android.content.ContentResolver;
import android.content.ContentValues;
import android.content.Context;
import android.database.Cursor;
import android.net.Uri;
import java.io.UnsupportedEncodingException;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class SharedDataVaultLegacy {
    private static Cipher aesCFBCipher;
    private static Context context;
    private static MessageDigest messageDigest;
    private static ContentResolver s_oContentResolver;
    private String dataVaultID;
    private byte[] encryptedPasswordCheckValue;
    private SecretKey retryKey;
    private static Object lockObject = new Object();
    private static final Uri DATA_PROVIDER_URI = DataProviderConstants.DATA_VAULT_CONTENT_URI;
    private SecretKey currentEncryptionKey = null;
    private boolean defaultPasscodeUsed = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SharedDataVaultLegacy(String str) {
        this.encryptedPasswordCheckValue = null;
        this.dataVaultID = null;
        this.retryKey = null;
        if (str == null || str.length() == 0) {
            throw new DataVaultException("Invalid parameter", 4);
        }
        synchronized (lockObject) {
            checkContext();
            this.dataVaultID = str;
            this.retryKey = getAESKeyForVault((str + "{DDB45DB3-2637-4dd1-9031-00113148FE44}").toCharArray(), "{C33149A9-AF63-4ba9-838B-4D2AB4775BAA}".toCharArray(), str);
            byte[] configBlob = getConfigBlob(DATA_PROVIDER_URI, DataVault.byteArrayToHashKey(encrypt(DataVault.encodeString("CheckValue"), this.retryKey)));
            this.encryptedPasswordCheckValue = configBlob;
            if (configBlob == null) {
                throw new DataVaultException("Vault does not exist", 3);
            }
        }
    }

    private static char[] autoComputePassword(String str) {
        return ("!j2H^K)y3i&L5h@6#" + str).toCharArray();
    }

    private static char[] autoComputeSalt(String str) {
        return ("*9yG4n#(2nXY$-3o" + str).toCharArray();
    }

    private static byte[] charToByteArray(char[] cArr) {
        CharBuffer wrap = CharBuffer.wrap(cArr);
        ByteBuffer encode = Charset.forName("UTF-8").encode(wrap);
        byte[] copyOfRange = Arrays.copyOfRange(encode.array(), encode.position(), encode.limit());
        Arrays.fill(wrap.array(), (char) 0);
        Arrays.fill(encode.array(), (byte) 0);
        return copyOfRange;
    }

    private static void checkContext() {
        if (context == null) {
            throw new DataVaultException("Context not initialized", 4);
        }
    }

    private void checkDeleted() {
        if (!SharedDataVault.vaultExists(this.dataVaultID)) {
            throw new DataVaultException("Vault deleted", 3);
        }
    }

    private void checkPasswordExpiration() {
        if (hasPasswordExpired()) {
            throw new DataVaultException("Password has expired.", 57);
        }
    }

    private byte[] decrypt(byte[] bArr, SecretKey secretKey) {
        try {
            if (secretKey == null) {
                throw new DataVaultException("Vault is locked", 8);
            }
            if (bArr == null) {
                return null;
            }
            aesCFBCipher.init(2, secretKey, new IvParameterSpec(DataVault.m_abInitializationVectorStart));
            return aesCFBCipher.doFinal(bArr);
        } catch (Exception e10) {
            throw new DataVaultException(e10.getMessage(), 6, e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void deleteVault(String str) {
        if (str == null) {
            throw new DataVaultException("Invalid parameter", 4);
        }
        synchronized (lockObject) {
            checkContext();
            s_oContentResolver.delete(DATA_PROVIDER_URI, "vault_id = ?", new String[]{str});
        }
    }

    private byte[] encrypt(byte[] bArr, SecretKey secretKey) {
        if (secretKey == null) {
            throw new DataVaultException("Vault is locked", 8);
        }
        if (bArr == null) {
            return null;
        }
        try {
            aesCFBCipher.init(1, secretKey, new IvParameterSpec(DataVault.m_abInitializationVectorStart));
            return aesCFBCipher.doFinal(bArr);
        } catch (Exception e10) {
            throw new DataVaultException(e10.getMessage(), 7, e10);
        }
    }

    private static SecretKeySpec getAESKeyForVault(char[] cArr, char[] cArr2, String str) {
        if (cArr == null || cArr.length == 0) {
            cArr = autoComputePassword(str);
        }
        if (cArr2 == null || cArr2.length == 0) {
            cArr2 = autoComputeSalt(str);
        }
        messageDigest.reset();
        messageDigest.update(charToByteArray(cArr));
        messageDigest.update(charToByteArray(cArr2));
        return new SecretKeySpec(messageDigest.digest(), "AES");
    }

    private byte[] getConfigBlob(Uri uri, String str) {
        synchronized (lockObject) {
            checkContext();
            Cursor cursor = null;
            try {
                Cursor query = s_oContentResolver.query(uri, new String[]{DataProviderConstants.DATA_VAULT_COL_DATA_VAULT_VALUE}, "vault_id = ? and item_key = ? and is_config = 1", new String[]{this.dataVaultID, str}, null);
                try {
                    if (!query.moveToFirst()) {
                        query.close();
                        return null;
                    }
                    byte[] blob = query.getBlob(0);
                    query.close();
                    return blob;
                } catch (Throwable th) {
                    th = th;
                    cursor = query;
                    if (cursor != null) {
                        cursor.close();
                    }
                    throw th;
                }
            } catch (Throwable th2) {
                th = th2;
            }
        }
    }

    private long getConfigLong(String str, long j10, SecretKey secretKey) {
        byte[] decrypt;
        checkDeleted();
        synchronized (lockObject) {
            if (secretKey != null) {
                String byteArrayToHashKey = DataVault.byteArrayToHashKey(encrypt(DataVault.encodeString(str), secretKey));
                checkContext();
                Cursor cursor = null;
                try {
                    cursor = s_oContentResolver.query(DATA_PROVIDER_URI, new String[]{DataProviderConstants.DATA_VAULT_COL_DATA_VAULT_VALUE}, "vault_id = ? and item_key = ? and is_config = 1", new String[]{this.dataVaultID, byteArrayToHashKey}, null);
                    if (cursor.moveToFirst() && (decrypt = decrypt(cursor.getBlob(0), secretKey)) != null) {
                        try {
                            j10 = Long.parseLong(new String(decrypt, "UTF-8"));
                        } catch (UnsupportedEncodingException e10) {
                            throw new DataVaultException("Error during config data conversion.", 2, e10);
                        }
                    }
                    cursor.close();
                } catch (Throwable th) {
                    if (cursor != null) {
                        cursor.close();
                    }
                    throw th;
                }
            }
        }
        return j10;
    }

    private int getRetryCount() {
        return (int) getConfigLong("RetryCount", 0L, this.retryKey);
    }

    static SharedDataVaultLegacy getVault(String str) {
        return new SharedDataVaultLegacy(str);
    }

    private int getVersionNumber() {
        return (int) getConfigLong("VersionNumber", 1L, this.currentEncryptionKey);
    }

    private boolean hasPasswordExpired() {
        int configLong = (int) getConfigLong("PasswordTimeout", 0L, this.currentEncryptionKey);
        if (configLong <= 0) {
            return false;
        }
        long time = new Date().getTime();
        long configLong2 = getConfigLong("LastPasswordResetTime", 0L, this.currentEncryptionKey);
        if (configLong2 <= time) {
            return time - configLong2 > ((long) ((((configLong * 24) * 60) * 60) * 1000));
        }
        lock();
        return true;
    }

    private boolean hasTimeoutElapsed() {
        if (((int) getConfigLong("LockTimeout", 0L, this.currentEncryptionKey)) <= 0) {
            return false;
        }
        long time = new Date().getTime();
        long configLong = getConfigLong("LastUnlockTime", 0L, this.currentEncryptionKey);
        if (configLong > time) {
            lock();
            return true;
        }
        if (time - configLong <= r0 * 1000) {
            return false;
        }
        lock();
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void init(Context context2) {
        if (context2 == null) {
            throw new DataVaultException("Invalid parameter", 4);
        }
        synchronized (lockObject) {
            context = context2;
            try {
                aesCFBCipher = Cipher.getInstance("AES/CFB/NoPadding");
                messageDigest = MessageDigest.getInstance("SHA-256");
                s_oContentResolver = context2.getContentResolver();
            } catch (Exception e10) {
                throw new DataVaultException(e10.getMessage(), 4, e10);
            }
        }
    }

    private byte[] internalGetValue(String str, int i10) {
        checkDeleted();
        synchronized (lockObject) {
            if (str != null) {
                if (str.length() != 0) {
                    String byteArrayToHashKey = DataVault.byteArrayToHashKey(encrypt(DataVault.encodeString(str), this.currentEncryptionKey));
                    checkContext();
                    Cursor cursor = null;
                    try {
                        Cursor query = s_oContentResolver.query(DATA_PROVIDER_URI, new String[]{DataProviderConstants.DATA_VAULT_COL_DATA_VAULT_VALUE, DataProviderConstants.DATA_VAULT_COL_DATA_VAULT_IS_CONFIG}, "vault_id = ? and item_key = ? and is_config <> 1", new String[]{this.dataVaultID, byteArrayToHashKey}, null);
                        try {
                            if (!query.moveToFirst()) {
                                query.close();
                                return null;
                            }
                            byte[] blob = query.getBlob(0);
                            if (blob != null && getVersionNumber() > 1) {
                                int i11 = query.getInt(1);
                                if (i10 != 0 && i11 != 0 && i10 != i11) {
                                    throw new DataVaultException("Name argument may not be empty or null", 12);
                                }
                            }
                            byte[] decrypt = decrypt(blob, this.currentEncryptionKey);
                            query.close();
                            return decrypt;
                        } catch (Throwable th) {
                            th = th;
                            cursor = query;
                            if (cursor != null) {
                                cursor.close();
                            }
                            throw th;
                        }
                    } catch (Throwable th2) {
                        th = th2;
                    }
                }
            }
            throw new DataVaultException("Name argument may not be empty or null", 4);
        }
    }

    private boolean isKeyValid(SecretKey secretKey) {
        try {
            return Arrays.equals(decrypt(this.encryptedPasswordCheckValue, secretKey), DataVault.PASSWORD_CHECK_VALUE);
        } catch (DataVaultException unused) {
            return false;
        }
    }

    private void setConfigLong(String str, long j10, SecretKey secretKey) {
        checkDeleted();
        synchronized (lockObject) {
            String byteArrayToHashKey = DataVault.byteArrayToHashKey(encrypt(DataVault.encodeString(str), secretKey));
            checkContext();
            ContentValues contentValues = new ContentValues();
            try {
                contentValues.put(DataProviderConstants.DATA_VAULT_COL_DATA_VAULT_VALUE, encrypt(Long.toString(j10).getBytes("UTF-8"), secretKey));
                ContentResolver contentResolver = s_oContentResolver;
                Uri uri = DATA_PROVIDER_URI;
                if (contentResolver.update(uri, contentValues, "vault_id = ? and item_key = ? and is_config = 1", new String[]{this.dataVaultID, byteArrayToHashKey}) == 0) {
                    contentValues.put(DataProviderConstants.DATA_VAULT_COL_DATA_VAULT_ID, this.dataVaultID);
                    contentValues.put(DataProviderConstants.DATA_VAULT_COL_DATA_VAULT_KEY, byteArrayToHashKey);
                    contentValues.put(DataProviderConstants.DATA_VAULT_COL_DATA_VAULT_IS_CONFIG, (Integer) 1);
                    s_oContentResolver.insert(uri, contentValues);
                }
            } catch (UnsupportedEncodingException e10) {
                throw new DataVaultException("Error during config data conversion.", 2, e10);
            }
        }
    }

    private void setLastUnlockTime() {
        setConfigLong("LastUnlockTime", new Date().getTime(), this.currentEncryptionKey);
    }

    private void setRetryCount(int i10) {
        setConfigLong("RetryCount", i10, this.retryKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<DataRecord> getDataRecords() {
        String decodeString;
        byte[] decrypt;
        checkDeleted();
        ArrayList arrayList = new ArrayList();
        synchronized (lockObject) {
            Cursor cursor = null;
            try {
                cursor = s_oContentResolver.query(DATA_PROVIDER_URI, new String[]{DataProviderConstants.DATA_VAULT_COL_DATA_VAULT_ID, DataProviderConstants.DATA_VAULT_COL_DATA_VAULT_KEY, DataProviderConstants.DATA_VAULT_COL_DATA_VAULT_VALUE, DataProviderConstants.DATA_VAULT_COL_DATA_VAULT_IS_CONFIG}, "vault_id = ? ", new String[]{this.dataVaultID}, null);
                String byteArrayToHashKey = DataVault.byteArrayToHashKey(encrypt(DataVault.encodeString("RetryCount"), this.retryKey));
                String byteArrayToHashKey2 = DataVault.byteArrayToHashKey(encrypt(DataVault.encodeString("RetryLimit"), this.retryKey));
                String byteArrayToHashKey3 = DataVault.byteArrayToHashKey(encrypt(DataVault.encodeString("CheckValue"), this.retryKey));
                while (cursor.moveToNext()) {
                    if (!byteArrayToHashKey.equals(cursor.getString(1)) && !byteArrayToHashKey2.equals(cursor.getString(1)) && !byteArrayToHashKey3.equals(cursor.getString(1))) {
                        decodeString = DataVault.decodeString(decrypt(DataVault.hashKeyToByteArray(cursor.getString(1)), this.currentEncryptionKey));
                        decrypt = decrypt(cursor.getBlob(2), this.currentEncryptionKey);
                        arrayList.add(new DataRecord(decodeString, decrypt, cursor.getInt(3)));
                    }
                    decodeString = DataVault.decodeString(decrypt(DataVault.hashKeyToByteArray(cursor.getString(1)), this.retryKey));
                    decrypt = decrypt(cursor.getBlob(2), this.retryKey);
                    arrayList.add(new DataRecord(decodeString, decrypt, cursor.getInt(3)));
                }
                cursor.close();
            } catch (Throwable th) {
                if (cursor != null) {
                    cursor.close();
                }
                throw th;
            }
        }
        return arrayList;
    }

    int getLockTimeout() {
        return (int) getConfigLong("LockTimeout", 0L, this.currentEncryptionKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getRetryLimit() {
        return (int) getConfigLong("RetryLimit", 0L, this.retryKey);
    }

    String getString(String str) {
        return DataVault.decodeString(internalGetValue(str, 2));
    }

    byte[] getValue(String str) {
        return internalGetValue(str, 3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isDefaultPasswordUsed() {
        checkDeleted();
        synchronized (lockObject) {
            if (this.currentEncryptionKey != null) {
                return this.defaultPasscodeUsed;
            }
            return isKeyValid(getAESKeyForVault(null, null, this.dataVaultID));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isLocked() {
        checkDeleted();
        synchronized (lockObject) {
            SecretKey secretKey = this.currentEncryptionKey;
            if (secretKey == null) {
                return true;
            }
            if (!isKeyValid(secretKey)) {
                this.currentEncryptionKey = null;
                throw new DataVaultException("Credentials have changed. Vault is now locked.", 8);
            }
            if (!hasTimeoutElapsed()) {
                return false;
            }
            lock();
            return true;
        }
    }

    void lock() {
        checkDeleted();
        synchronized (lockObject) {
            this.currentEncryptionKey = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void unlock(char[] cArr, char[] cArr2, boolean z10) {
        checkDeleted();
        synchronized (lockObject) {
            SecretKeySpec aESKeyForVault = getAESKeyForVault(cArr, cArr2, this.dataVaultID);
            this.currentEncryptionKey = aESKeyForVault;
            this.defaultPasscodeUsed = cArr == null;
            if (!isKeyValid(aESKeyForVault)) {
                this.currentEncryptionKey = null;
                int configLong = (int) getConfigLong("RetryLimit", 0L, this.retryKey);
                int retryCount = getRetryCount() + 1;
                if (configLong <= 0 || retryCount <= configLong) {
                    setRetryCount(retryCount);
                } else {
                    SharedDataVault.deleteVault(this.dataVaultID);
                }
                throw new DataVaultException("Invalid Credentials", 5);
            }
            if (z10) {
                try {
                    checkPasswordExpiration();
                } catch (DataVaultException e10) {
                    setRetryCount(0);
                    this.currentEncryptionKey = null;
                    throw e10;
                }
            }
            setRetryCount(0);
            setLastUnlockTime();
        }
    }
}
