package net.wigle.wigleandroid;

import android.content.SharedPreferences;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import net.wigle.wigleandroid.util.Logging;
import net.wigle.wigleandroid.util.PreferenceKeys;

/* loaded from: classes2.dex */
public class TokenAccess {
    private static final String AES_CIPHER = "AES/GCM/NoPadding";
    public static final String ANDROID_KEYSTORE = "AndroidKeyStore";
    public static final String KEYSTORE_WIGLE_CREDS_KEY_V0 = "WiGLEKeyOld";
    public static final String KEYSTORE_WIGLE_CREDS_KEY_V1 = "WiGLEKey";
    public static final String KEYSTORE_WIGLE_CREDS_KEY_V2 = "WiGLEKeyAES";
    private static final String RSA_CIPHER = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
    private static final String RSA_OLD_CIPHER = "RSA/ECB/PKCS1Padding";

    public static boolean checkMigrateKeystoreVersion(SharedPreferences sharedPreferences) {
        boolean checkMigrateKeystoreVersion1 = checkMigrateKeystoreVersion1(sharedPreferences);
        checkMigrateKeystoreVersion2(sharedPreferences);
        return checkMigrateKeystoreVersion1;
    }

    private static boolean checkMigrateKeystoreVersion1(SharedPreferences sharedPreferences) {
        boolean z;
        if (sharedPreferences.getString(PreferenceKeys.PREF_TOKEN, "").isEmpty()) {
            Logging.info("[TOKEN] No auth token stored - no preference migration possible.");
            z = true;
        } else {
            z = false;
        }
        try {
            Logging.info("[TOKEN] Using Android Keystore; check need for new key...");
            KeyStore keyStore = getKeyStore();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEYSTORE);
            if (keyStore.containsAlias(KEYSTORE_WIGLE_CREDS_KEY_V1)) {
                Logging.info("[TOKEN] Key present and up-to-date M - no change.");
                return false;
            }
            Logging.info("[TOKEN] Initializing SDKv23 Key...");
            String apiToken = keyStore.containsAlias(KEYSTORE_WIGLE_CREDS_KEY_V0) ? getApiToken(sharedPreferences) : "";
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(KEYSTORE_WIGLE_CREDS_KEY_V1, 3).setDigests("SHA-256", "SHA-512").setEncryptionPaddings("OAEPPadding").build());
            keyPairGenerator.generateKeyPair();
            if (keyStore.containsAlias(KEYSTORE_WIGLE_CREDS_KEY_V0)) {
                Logging.info("[TOKEN] Upgrading from v0->v1 token...");
                if (apiToken != null && !apiToken.isEmpty()) {
                    keyStore.deleteEntry(KEYSTORE_WIGLE_CREDS_KEY_V0);
                }
                return false;
            }
            apiToken = sharedPreferences.getString(PreferenceKeys.PREF_TOKEN, "");
            Logging.info("[TOKEN] Encrypting token at v1...");
            if (apiToken.isEmpty()) {
                Logging.info("[TOKEN] ...no token, returning after init.");
                return false;
            }
            if (z) {
                Logging.error("[TOKEN] v1 Keystore initialized, but no token present.");
            } else {
                if (setApiToken(sharedPreferences, apiToken)) {
                    Logging.info("[TOKEN] ...token set at v1.");
                    return true;
                }
                Logging.error("[TOKEN] ...Failed token encryption; clearing.");
                clearApiToken(sharedPreferences);
            }
            return false;
        } catch (IOException e) {
            e = e;
            Logging.error("Upgrade/init of token storage failed: ", e);
            e.printStackTrace();
            return false;
        } catch (InvalidAlgorithmParameterException e2) {
            e = e2;
            Logging.error("Upgrade/init of token storage failed: ", e);
            e.printStackTrace();
            return false;
        } catch (KeyStoreException e3) {
            e = e3;
            Logging.error("Upgrade/init of token storage failed: ", e);
            e.printStackTrace();
            return false;
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            Logging.error("Upgrade/init of token storage failed: ", e);
            e.printStackTrace();
            return false;
        } catch (NoSuchProviderException e5) {
            e = e5;
            Logging.error("Upgrade/init of token storage failed: ", e);
            e.printStackTrace();
            return false;
        } catch (ProviderException e6) {
            e = e6;
            Logging.error("Upgrade/init of token storage failed: ", e);
            e.printStackTrace();
            return false;
        } catch (CertificateException e7) {
            e = e7;
            Logging.error("Upgrade/init of token storage failed: ", e);
            e.printStackTrace();
            return false;
        } catch (Exception e8) {
            Logging.error("Unexpected error in upgrade/init of token storage failed: ", e8);
            e8.printStackTrace();
            return false;
        }
    }

    private static void checkMigrateKeystoreVersion2(SharedPreferences sharedPreferences) {
        try {
            if (getKeyStore().containsAlias(KEYSTORE_WIGLE_CREDS_KEY_V2)) {
                Logging.info("[TOKEN] Key present and up-to-date V2 AES - no change.");
                return;
            }
            String apiToken = getApiToken(sharedPreferences);
            Logging.info("Got old token, length: " + (apiToken == null ? null : Integer.valueOf(apiToken.length())));
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEYSTORE);
            keyGenerator.init(new KeyGenParameterSpec.Builder(KEYSTORE_WIGLE_CREDS_KEY_V2, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build());
            keyGenerator.generateKey();
            if (apiToken == null || apiToken.isEmpty()) {
                return;
            }
            setApiToken(sharedPreferences, apiToken);
        } catch (Exception e) {
            Logging.error("Exception migrating to version 2: " + e, e);
        }
    }

    public static void clearApiToken(SharedPreferences sharedPreferences) {
        SharedPreferences.Editor edit = sharedPreferences.edit();
        edit.remove(PreferenceKeys.PREF_TOKEN);
        edit.apply();
    }

    public static String getApiToken(SharedPreferences sharedPreferences) {
        KeyStore.PrivateKeyEntry privateKeyEntry;
        char c;
        try {
            KeyStore keyStore = getKeyStore();
            if (keyStore.containsAlias(KEYSTORE_WIGLE_CREDS_KEY_V2)) {
                return getApiTokenVersion2(sharedPreferences);
            }
            if (keyStore.containsAlias(KEYSTORE_WIGLE_CREDS_KEY_V1)) {
                privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(KEYSTORE_WIGLE_CREDS_KEY_V1, null);
                c = 23;
            } else {
                if (!keyStore.containsAlias(KEYSTORE_WIGLE_CREDS_KEY_V0)) {
                    Logging.warn("[TOKEN] Compatible build, but no key set: " + Build.VERSION.SDK_INT + " - returning plaintext.");
                    return sharedPreferences.getString(PreferenceKeys.PREF_TOKEN, "");
                }
                privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(KEYSTORE_WIGLE_CREDS_KEY_V0, null);
                c = 18;
            }
            if (privateKeyEntry == null) {
                Logging.error("[TOKEN] NULL Private Key on token decrypt.");
                return null;
            }
            String string = sharedPreferences.getString(PreferenceKeys.PREF_TOKEN, "");
            if (string.isEmpty()) {
                Logging.error("[TOKEN] NULL encoded cyphertext on token decrypt.");
                return null;
            }
            byte[] decode = Base64.decode(string, 0);
            PrivateKey privateKey = privateKeyEntry.getPrivateKey();
            Cipher cipher = c >= 23 ? Cipher.getInstance(RSA_CIPHER) : Cipher.getInstance(RSA_OLD_CIPHER);
            cipher.init(2, privateKey);
            return new String(cipher.doFinal(decode), StandardCharsets.UTF_8);
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            Logging.error("[TOKEN] Failed to get API Token: ", e);
            return null;
        }
    }

    private static String getApiTokenVersion2(SharedPreferences sharedPreferences) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, NoSuchPaddingException, InvalidKeyException, UnrecoverableEntryException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException {
        try {
            SecretKey secretKey = (SecretKey) getKeyStore().getKey(KEYSTORE_WIGLE_CREDS_KEY_V2, null);
            if (secretKey == null) {
                Logging.warn("Null key in getApiTokenVersion2");
                return null;
            }
            Cipher cipher = Cipher.getInstance(AES_CIPHER);
            byte[] decode = Base64.decode(sharedPreferences.getString(PreferenceKeys.PREF_TOKEN, ""), 0);
            byte[] decode2 = Base64.decode(sharedPreferences.getString(PreferenceKeys.PREF_TOKEN_IV, ""), 0);
            if (decode2.length == 0) {
                Logging.warn("IV is zero length, cannot decrypt token");
                return null;
            }
            cipher.init(2, secretKey, new GCMParameterSpec(sharedPreferences.getInt(PreferenceKeys.PREF_TOKEN_TAG_LENGTH, 128), decode2));
            String str = new String(cipher.doFinal(decode), StandardCharsets.UTF_8);
            Logging.info("[TOKEN] aes decrypted token length: " + str.length());
            return str;
        } catch (Exception e) {
            Logging.error("Failed to decrypt token with AES-GCM (v2 cipher): ", e);
            return null;
        }
    }

    private static KeyStore getKeyStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
        keyStore.load(null);
        return keyStore;
    }

    public static boolean hasApiToken(SharedPreferences sharedPreferences) {
        if (!sharedPreferences.getString(PreferenceKeys.PREF_TOKEN, "").isEmpty()) {
            try {
                KeyStore keyStore = getKeyStore();
                if (keyStore.containsAlias(KEYSTORE_WIGLE_CREDS_KEY_V1)) {
                    return true;
                }
                if (keyStore.containsAlias(KEYSTORE_WIGLE_CREDS_KEY_V2)) {
                    return true;
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                Logging.error("[TOKEN] Error trying to test token existence: ", e);
            }
        }
        return false;
    }

    public static boolean setApiToken(SharedPreferences sharedPreferences, String str) {
        try {
            return setApiTokenVersion2(sharedPreferences, str);
        } catch (IOException e) {
            e = e;
            Logging.error("[TOKEN] Failed to set token: ", e);
            e.printStackTrace();
            return false;
        } catch (InvalidKeyException e2) {
            e = e2;
            Logging.error("[TOKEN] Failed to set token: ", e);
            e.printStackTrace();
            return false;
        } catch (KeyStoreException e3) {
            e = e3;
            Logging.error("[TOKEN] Failed to set token: ", e);
            e.printStackTrace();
            return false;
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            Logging.error("[TOKEN] Failed to set token: ", e);
            e.printStackTrace();
            return false;
        } catch (UnrecoverableEntryException e5) {
            e = e5;
            Logging.error("[TOKEN] Failed to set token: ", e);
            e.printStackTrace();
            return false;
        } catch (CertificateException e6) {
            e = e6;
            Logging.error("[TOKEN] Failed to set token: ", e);
            e.printStackTrace();
            return false;
        } catch (BadPaddingException e7) {
            e = e7;
            Logging.error("[TOKEN] Failed to set token: ", e);
            e.printStackTrace();
            return false;
        } catch (IllegalBlockSizeException e8) {
            e = e8;
            Logging.error("[TOKEN] Failed to set token: ", e);
            e.printStackTrace();
            return false;
        } catch (NoSuchPaddingException e9) {
            e = e9;
            Logging.error("[TOKEN] Failed to set token: ", e);
            e.printStackTrace();
            return false;
        } catch (Exception e10) {
            Logging.error("[TOKEN] Other error - failed to set token: ", e10);
            e10.printStackTrace();
            return false;
        }
    }

    private static boolean setApiTokenVersion2(SharedPreferences sharedPreferences, String str) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, NoSuchPaddingException, InvalidKeyException, UnrecoverableEntryException, IllegalBlockSizeException, BadPaddingException {
        if (str == null) {
            Logging.error("[TOKEN] ERROR: unreachable condition, apiToken NULL. APIv" + Build.VERSION.SDK_INT);
            return false;
        }
        SecretKey secretKey = (SecretKey) getKeyStore().getKey(KEYSTORE_WIGLE_CREDS_KEY_V2, null);
        if (secretKey == null) {
            Logging.warn("unable to retrieve KEYSTORE_WIGLE_CREDS_KEY_V2");
            throw new InvalidKeyException("Unable to fetch key");
        }
        Cipher cipher = Cipher.getInstance(AES_CIPHER);
        cipher.init(1, secretKey);
        byte[] bytes = str.getBytes();
        byte[] doFinal = cipher.doFinal(bytes);
        if (doFinal == null) {
            Logging.error("[TOKEN] ERROR: unreachable condition, cypherToken NULL. APIv" + Build.VERSION.SDK_INT);
            return false;
        }
        byte[] iv = cipher.getIV();
        int length = (doFinal.length - bytes.length) * 8;
        SharedPreferences.Editor edit = sharedPreferences.edit();
        edit.putString(PreferenceKeys.PREF_TOKEN, Base64.encodeToString(doFinal, 0));
        edit.putString(PreferenceKeys.PREF_TOKEN_IV, Base64.encodeToString(iv, 0));
        edit.putInt(PreferenceKeys.PREF_TOKEN_TAG_LENGTH, length);
        boolean commit = edit.commit();
        Logging.info("[TOKEN] setApiTokenVersion2 success: " + commit + " setting token length: " + str.length());
        return commit;
    }
}
