package com.evva.capacitor_secure_storage;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.KeyChain;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.util.Base64;
import android.util.Log;
import androidx.security.crypto.EncryptedSharedPreferences;
import androidx.security.crypto.MasterKey;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes3.dex */
public class PasswordStorageHelper {
    private static final String ESP_PREFERENCES_FILE = "cap_sec_esp";
    private static final String LOG_TAG = "PasswordStorageHelper";
    private static final String PREFERENCES_FILE = "cap_sec";
    private PasswordStorageImpl passwordStorage;

    /* loaded from: classes3.dex */
    private static class PasswordStorageHelper_SDK16 implements PasswordStorageImpl {
        private SharedPreferences preferences;

        private PasswordStorageHelper_SDK16() {
        }

        @Override // com.evva.capacitor_secure_storage.PasswordStorageHelper.PasswordStorageImpl
        public void clear() {
            SharedPreferences.Editor edit = this.preferences.edit();
            edit.clear();
            edit.commit();
        }

        @Override // com.evva.capacitor_secure_storage.PasswordStorageHelper.PasswordStorageImpl
        public byte[] getData(String str) {
            String string = this.preferences.getString(str, null);
            if (string == null) {
                return null;
            }
            return Base64.decode(string, 0);
        }

        @Override // com.evva.capacitor_secure_storage.PasswordStorageHelper.PasswordStorageImpl
        public boolean init(Context context) {
            this.preferences = context.getSharedPreferences(PasswordStorageHelper.PREFERENCES_FILE, 0);
            return true;
        }

        @Override // com.evva.capacitor_secure_storage.PasswordStorageHelper.PasswordStorageImpl
        public String[] keys() {
            return (String[]) this.preferences.getAll().keySet().toArray(new String[0]);
        }

        @Override // com.evva.capacitor_secure_storage.PasswordStorageHelper.PasswordStorageImpl
        public void remove(String str) {
            SharedPreferences.Editor edit = this.preferences.edit();
            edit.remove(str);
            edit.commit();
        }

        @Override // com.evva.capacitor_secure_storage.PasswordStorageHelper.PasswordStorageImpl
        public void setData(String str, byte[] bArr) {
            if (bArr == null) {
                return;
            }
            SharedPreferences.Editor edit = this.preferences.edit();
            edit.putString(str, Base64.encodeToString(bArr, 0));
            edit.commit();
        }
    }

    /* loaded from: classes3.dex */
    private static class PasswordStorageHelper_SDK18 implements PasswordStorageImpl {
        private static final String KEYSTORE_PROVIDER_ANDROID_KEYSTORE = "AndroidKeyStore";
        private static final String KEY_ALGORITHM_RSA = "RSA";
        private static final int KEY_LENGTH = 2048;
        public static final String[] RESERVED_KEYS = {"__androidx_security_crypto_encrypted_prefs_key_keyset__", "__androidx_security_crypto_encrypted_prefs_value_keyset__"};
        private static final String RSA_ECB_PKCS1_PADDING = "RSA/ECB/PKCS1Padding";
        private final ArrayList<String> aliases;
        private Boolean needsMigration;
        private SharedPreferences oldPreferences;
        private SharedPreferences preferences;

        private PasswordStorageHelper_SDK18() {
            this.aliases = new ArrayList<>();
            this.needsMigration = false;
        }

        private static byte[] decrypt(PrivateKey privateKey, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
            if (str == null) {
                return null;
            }
            byte[] decode = Base64.decode(str, 0);
            int i = 256;
            if (decode.length <= 256) {
                Cipher cipher = Cipher.getInstance(RSA_ECB_PKCS1_PADDING);
                cipher.init(2, privateKey);
                return cipher.doFinal(decode);
            }
            Cipher cipher2 = Cipher.getInstance(RSA_ECB_PKCS1_PADDING);
            cipher2.init(2, privateKey);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            for (int i2 = 0; i2 < decode.length; i2 += i) {
                if (decode.length - i2 < i) {
                    i = decode.length - i2;
                }
                try {
                    byteArrayOutputStream.write(cipher2.doFinal(decode, i2, i));
                } catch (IOException unused) {
                    Log.e(PasswordStorageHelper.LOG_TAG, "decrypt(): failed to write data to output stream");
                }
            }
            return byteArrayOutputStream.toByteArray();
        }

        private static String encrypt(PublicKey publicKey, byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, NoSuchProviderException, InvalidKeySpecException {
            int i = 245;
            if (bArr.length <= 245) {
                Cipher cipher = Cipher.getInstance(RSA_ECB_PKCS1_PADDING);
                cipher.init(1, publicKey);
                return Base64.encodeToString(cipher.doFinal(bArr), 0);
            }
            Cipher cipher2 = Cipher.getInstance(RSA_ECB_PKCS1_PADDING);
            cipher2.init(1, publicKey);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            for (int i2 = 0; i2 < bArr.length; i2 += i) {
                if (bArr.length - i2 < i) {
                    i = bArr.length - i2;
                }
                try {
                    byteArrayOutputStream.write(cipher2.doFinal(bArr, i2, i));
                } catch (IOException unused) {
                    Log.e(PasswordStorageHelper.LOG_TAG, "encrypt(): failed to write data to output stream");
                }
            }
            return Base64.encodeToString(byteArrayOutputStream.toByteArray(), 0);
        }

        private boolean isAndroidMOrHigher() {
            return true;
        }

        private boolean isKeyStoreSupported() {
            try {
                KeyStore keyStore = KeyStore.getInstance(KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
                keyStore.load(null);
                if (((PrivateKey) keyStore.getKey(this.aliases.get(1), null)) != null && keyStore.getCertificate(this.aliases.get(1)) != null) {
                    if (keyStore.getCertificate(this.aliases.get(1)).getPublicKey() != null) {
                        return true;
                    }
                }
                KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(this.aliases.get(1), 2).setDigests("SHA-256", "SHA-512").setEncryptionPaddings("PKCS1Padding").build();
                try {
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM_RSA, KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
                    keyPairGenerator.initialize(build);
                    keyPairGenerator.generateKeyPair();
                    try {
                        PrivateKey privateKey = (PrivateKey) keyStore.getKey(this.aliases.get(1), null);
                        KeyChain.isBoundKeyAlgorithm(KEY_ALGORITHM_RSA);
                        Log.d(PasswordStorageHelper.LOG_TAG, "isKeyStoreSupported(): hardware-backed keystore supported: " + ((KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), KEYSTORE_PROVIDER_ANDROID_KEYSTORE).getKeySpec(privateKey, KeyInfo.class)).isInsideSecureHardware());
                        return true;
                    } catch (KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableKeyException | InvalidKeySpecException unused) {
                        Log.e(PasswordStorageHelper.LOG_TAG, "isKeyStoreSupported(): hardware-backed keystore not supported");
                        return false;
                    }
                } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException unused2) {
                    Log.e(PasswordStorageHelper.LOG_TAG, "isKeyStoreSupported(): failed to generate key pair");
                    return false;
                }
            } catch (Exception unused3) {
                Log.e(PasswordStorageHelper.LOG_TAG, "isKeyStoreSupported(): failed to get keystore keys");
                return false;
            }
        }

        private boolean needsMigration(SharedPreferences sharedPreferences) {
            return (sharedPreferences == null || sharedPreferences.getAll().isEmpty()) ? false : true;
        }

        @Override // com.evva.capacitor_secure_storage.PasswordStorageHelper.PasswordStorageImpl
        public void clear() {
            SharedPreferences.Editor edit = this.preferences.edit();
            edit.clear();
            edit.commit();
        }

        @Override // com.evva.capacitor_secure_storage.PasswordStorageHelper.PasswordStorageImpl
        public byte[] getData(String str) {
            PrivateKey privateKey;
            String string = this.needsMigration.booleanValue() ? this.oldPreferences.getString(str, null) : this.preferences.getString(str, null);
            if (isAndroidMOrHigher() && !this.needsMigration.booleanValue()) {
                if (string != null) {
                    return string.getBytes();
                }
                return null;
            }
            try {
                KeyStore keyStore = KeyStore.getInstance(KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
                keyStore.load(null);
                Iterator<String> it = this.aliases.iterator();
                try {
                    while (it.hasNext()) {
                        String next = it.next();
                        try {
                            privateKey = (PrivateKey) keyStore.getKey(next, null);
                            return decrypt(privateKey, string);
                        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                            Log.e(PasswordStorageHelper.LOG_TAG, String.format("getData(): failed to load key for alias: %s", next), e);
                        }
                    }
                    return decrypt(privateKey, string);
                } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e2) {
                    Log.e(PasswordStorageHelper.LOG_TAG, "getData(): failed to get data for key: " + str, e2);
                    return null;
                }
                privateKey = null;
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e3) {
                Log.e(PasswordStorageHelper.LOG_TAG, "getData(): failed to load keystore", e3);
                return null;
            }
        }

        @Override // com.evva.capacitor_secure_storage.PasswordStorageHelper.PasswordStorageImpl
        public boolean init(Context context) {
            this.oldPreferences = context.getSharedPreferences(PasswordStorageHelper.PREFERENCES_FILE, 0);
            this.aliases.add(context.getPackageName() + "_cap_sec");
            this.aliases.add(context.getPackageName() + "_unique_secure_storage_key");
            this.needsMigration = Boolean.valueOf(needsMigration(this.oldPreferences));
            if (!isAndroidMOrHigher()) {
                Log.d(PasswordStorageHelper.LOG_TAG, "init(): android api-version is lower than 23");
                if (isKeyStoreSupported()) {
                    this.preferences = this.oldPreferences;
                    return true;
                }
                Log.e(PasswordStorageHelper.LOG_TAG, "init(): keystore is not supported on this device");
                return false;
            }
            try {
                this.preferences = EncryptedSharedPreferences.create(context, PasswordStorageHelper.ESP_PREFERENCES_FILE, new MasterKey.Builder(context).setKeyScheme(MasterKey.KeyScheme.AES256_GCM).build(), EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV, EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM);
                if (this.needsMigration.booleanValue()) {
                    Log.d(PasswordStorageHelper.LOG_TAG, "init(): data migration needed");
                    if (!isKeyStoreSupported()) {
                        Log.e(PasswordStorageHelper.LOG_TAG, "init(): keystore not supported, cannot migrate data");
                        return false;
                    }
                    SharedPreferences.Editor edit = this.preferences.edit();
                    Iterator<Map.Entry<String, ?>> it = this.oldPreferences.getAll().entrySet().iterator();
                    while (it.hasNext()) {
                        String key = it.next().getKey();
                        if (Arrays.asList(RESERVED_KEYS).contains(key)) {
                            Log.d(PasswordStorageHelper.LOG_TAG, "init(): skipping migration for reserved key: " + key);
                        } else {
                            try {
                                byte[] data = getData(key);
                                if (data != null) {
                                    edit.putString(key, new String(data, StandardCharsets.UTF_8));
                                    Log.d(PasswordStorageHelper.LOG_TAG, "init(): migrated data for key: " + key);
                                }
                            } catch (Exception e) {
                                Log.e(PasswordStorageHelper.LOG_TAG, "init(): error migrating key: " + key, e);
                            }
                        }
                    }
                    edit.apply();
                    this.oldPreferences.edit().clear().apply();
                    this.needsMigration = false;
                    Log.d(PasswordStorageHelper.LOG_TAG, "init(): old preferences cleared after migration");
                }
                return true;
            } catch (IOException | GeneralSecurityException e2) {
                Log.e(PasswordStorageHelper.LOG_TAG, "init(): failed to initialize encrypted shared preferences", e2);
                return false;
            }
        }

        @Override // com.evva.capacitor_secure_storage.PasswordStorageHelper.PasswordStorageImpl
        public String[] keys() {
            return (String[]) this.preferences.getAll().keySet().toArray(new String[0]);
        }

        @Override // com.evva.capacitor_secure_storage.PasswordStorageHelper.PasswordStorageImpl
        public void remove(String str) {
            SharedPreferences.Editor edit = this.preferences.edit();
            edit.remove(str);
            edit.commit();
        }

        @Override // com.evva.capacitor_secure_storage.PasswordStorageHelper.PasswordStorageImpl
        public void setData(String str, byte[] bArr) {
            if (isAndroidMOrHigher()) {
                try {
                    String str2 = new String(bArr, StandardCharsets.UTF_8);
                    SharedPreferences.Editor edit = this.preferences.edit();
                    edit.putString(str, str2);
                    edit.commit();
                    return;
                } catch (Exception e) {
                    Log.e(PasswordStorageHelper.LOG_TAG, "setData(): failed to set data for key: " + str, e);
                    return;
                }
            }
            try {
                KeyStore keyStore = KeyStore.getInstance(KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
                keyStore.load(null);
                if (keyStore.getCertificate(this.aliases.get(1)) == null) {
                    return;
                }
                PublicKey publicKey = keyStore.getCertificate(this.aliases.get(1)).getPublicKey();
                if (publicKey == null) {
                    Log.d(PasswordStorageHelper.LOG_TAG, "setData(): public key was not found in keystore");
                    return;
                }
                String encrypt = encrypt(publicKey, bArr);
                SharedPreferences.Editor edit2 = this.preferences.edit();
                edit2.putString(str, encrypt);
                edit2.commit();
            } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException | InvalidKeySpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e2) {
                Log.e(PasswordStorageHelper.LOG_TAG, "setData(): failed to set data for key: " + str, e2);
            }
        }
    }

    /* loaded from: classes3.dex */
    private interface PasswordStorageImpl {
        void clear();

        byte[] getData(String str);

        boolean init(Context context);

        String[] keys();

        void remove(String str);

        void setData(String str, byte[] bArr);
    }

    public PasswordStorageHelper(Context context) {
        boolean z;
        PasswordStorageHelper_SDK18 passwordStorageHelper_SDK18 = new PasswordStorageHelper_SDK18();
        this.passwordStorage = passwordStorageHelper_SDK18;
        try {
            z = passwordStorageHelper_SDK18.init(context);
        } catch (Exception e) {
            Log.e(LOG_TAG, "PasswordStorage initialisation error:" + e.getMessage(), e);
            z = false;
        }
        if (z || !(this.passwordStorage instanceof PasswordStorageHelper_SDK18)) {
            return;
        }
        PasswordStorageHelper_SDK16 passwordStorageHelper_SDK16 = new PasswordStorageHelper_SDK16();
        this.passwordStorage = passwordStorageHelper_SDK16;
        passwordStorageHelper_SDK16.init(context);
    }

    public void clear() {
        this.passwordStorage.clear();
    }

    public byte[] getData(String str) {
        return this.passwordStorage.getData(str);
    }

    public String[] keys() {
        return this.passwordStorage.keys();
    }

    public void remove(String str) {
        this.passwordStorage.remove(str);
    }

    public void setData(String str, byte[] bArr) {
        this.passwordStorage.setData(str, bArr);
    }
}
