package com.ionicframework.IdentityVault;

import android.content.SharedPreferences;
import android.util.Base64;
import android.util.Log;
import androidx.appcompat.app.AppCompatActivity;
import androidx.arch.core.util.Function;
import com.bottlerocketstudios.vault.EncryptionConstants;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.HashMap;
import javax.crypto.Cipher;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes3.dex */
public class DeviceSecurityStrongVault extends VaultBase {
    protected boolean invalidated;
    protected Cipher masterKeyCipher;
    protected String masterPasscode;

    public DeviceSecurityStrongVault(IdentityVaultConfig identityVaultConfig, AppCompatActivity appCompatActivity) {
        super(identityVaultConfig, appCompatActivity);
        this.invalidated = false;
    }

    private String getRandomPasscode() {
        SecureRandom secureRandom = new SecureRandom();
        StringBuilder sb = new StringBuilder(64);
        for (int i = 0; i < 64; i++) {
            sb.append("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*".charAt(secureRandom.nextInt(70)));
        }
        return sb.toString();
    }

    private String loadMasterPasscode(Cipher cipher) throws VaultError {
        try {
            CryptoData masterKeyCryptoData = getMasterKeyCryptoData();
            if (masterKeyCryptoData == null) {
                return null;
            }
            return new String(cipher.doFinal(masterKeyCryptoData.data), StandardCharsets.UTF_8);
        } catch (Exception e) {
            e.printStackTrace();
            throw new VaultError("DeviceSecurityStrongVault.loadMasterPasscode, " + e);
        }
    }

    private void setupEncryption() throws VaultError {
        long nanoTime = System.nanoTime();
        this.masterPasscode = PairedAESKeysHelper.generateSecurePassword();
        String encryptMasterPasscode = PairedAESKeysHelper.encryptMasterPasscode(this.biometricCypherKey, this.config.deviceSecurityType, this.masterPasscode);
        SharedPreferences.Editor edit = this.activity.getSharedPreferences(this.dataSharedPrefsName, 0).edit();
        edit.putString("mk", encryptMasterPasscode);
        edit.apply();
        Log.i("IV", "DeviceSecurityStrongVault setupEncryption() took: " + ((System.nanoTime() - nanoTime) / 1000000) + "ms");
    }

    private void storeMasterPasscode(String str) throws VaultError {
        try {
            SharedPreferences.Editor edit = this.activity.getSharedPreferences(this.dataSharedPrefsName, 0).edit();
            edit.putString("mk", CryptoData.create(this.masterKeyCipher.doFinal(str.getBytes(StandardCharsets.UTF_8)), this.masterKeyCipher.getIV(), new byte[0]).toJSON());
            edit.apply();
        } catch (Exception e) {
            e.printStackTrace();
            throw new VaultError("DeviceSecurityStrongVault.storeMasterPasscode, " + e);
        }
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    public void clear() throws VaultError {
        super.clear();
        this.masterKeyCipher = null;
        this.masterPasscode = null;
        this.invalidated = false;
        if (isAESPairedKeyEncrypted()) {
            BiometricCipherHelper.removeKey(this.biometricCypherKey + "-encrypt_key");
            BiometricCipherHelper.removeKey(this.biometricCypherKey + "-decrypt_key");
        }
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    protected void clearStoredData() throws VaultError {
        SharedPreferences.Editor edit = this.activity.getSharedPreferences(this.dataSharedPrefsName, 0).edit();
        edit.remove("mk");
        edit.apply();
        super.clearStoredData();
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    public /* bridge */ /* synthetic */ void clearTypes() throws VaultError {
        super.clearTypes();
    }

    public boolean doesMasterPasscodeExist() {
        return this.activity.getSharedPreferences(this.dataSharedPrefsName, 0).getString("mk", null) != null;
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    @Deprecated
    public /* bridge */ /* synthetic */ boolean doesVaultExist() {
        return super.doesVaultExist();
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    public /* bridge */ /* synthetic */ HashMap exportVault() throws VaultError {
        return super.exportVault();
    }

    public String getIVString() throws VaultError {
        try {
            String string = this.activity.getSharedPreferences(this.dataSharedPrefsName, 0).getString("mk", null);
            if (string == null) {
                return null;
            }
            return new JSONObject(string).getString("iv");
        } catch (JSONException e) {
            e.printStackTrace();
            throw new VaultError("DeviceSecurityStrongVault.getIVString, " + e);
        }
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    public /* bridge */ /* synthetic */ String[] getKeys() throws VaultError {
        return super.getKeys();
    }

    public CryptoData getMasterKeyCryptoData() throws VaultError {
        try {
            String string = this.activity.getSharedPreferences(this.dataSharedPrefsName, 0).getString("mk", null);
            if (string == null) {
                return null;
            }
            return CryptoData.create(string);
        } catch (JSONException e) {
            e.printStackTrace();
            throw new VaultError("DeviceSecurityStrongVault.getMasterKeyCryptoData, " + e);
        }
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    public /* bridge */ /* synthetic */ String getValue(String str) throws VaultError {
        return super.getValue(str);
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    protected String getVaultStrength() {
        return VaultStrength.STRONG;
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    protected String getVaultType() {
        return VaultType.DEVICE_SECURITY;
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    public /* bridge */ /* synthetic */ void importVault(HashMap hashMap) throws VaultError {
        super.importVault(hashMap);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isAESPairedKeyEncrypted() throws VaultError {
        try {
            KeyStore keyStore = KeyStore.getInstance(EncryptionConstants.ANDROID_KEY_STORE);
            keyStore.load(null);
            return keyStore.containsAlias(new StringBuilder().append(this.biometricCypherKey).append("-encrypt_key").toString()) && keyStore.containsAlias(new StringBuilder().append(this.biometricCypherKey).append("-decrypt_key").toString());
        } catch (Exception e) {
            e.printStackTrace();
            throw new VaultError("DeviceSecurityStrongVault.isAESPairedKeyEncrypted, " + e);
        }
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    public /* bridge */ /* synthetic */ boolean isEmpty() {
        return super.isEmpty();
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    public boolean isLocked() {
        return this.data == null && !isEmpty();
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    public void lock(boolean z) {
        this.masterKeyCipher = null;
        this.masterPasscode = null;
        super.lock(z);
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    public /* bridge */ /* synthetic */ void onError(Function function) {
        super.onError(function);
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    public /* bridge */ /* synthetic */ void onLock(Function function) {
        super.onLock(function);
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    public /* bridge */ /* synthetic */ void onUnlock(Function function) {
        super.onUnlock(function);
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    public /* bridge */ /* synthetic */ void removeValue(String str) throws VaultError {
        super.removeValue(str);
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    public /* bridge */ /* synthetic */ void requestBiometricPrompt() throws VaultError {
        super.requestBiometricPrompt();
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    public /* bridge */ /* synthetic */ void setCustomPasscode(String str) throws VaultError {
        super.setCustomPasscode(str);
    }

    public void setIsInvalidated(boolean z) {
        this.invalidated = z;
    }

    public void setMasterKeyCipher(Cipher cipher) throws VaultError {
        this.masterKeyCipher = cipher;
        if (isAESPairedKeyEncrypted()) {
            try {
                String string = this.activity.getSharedPreferences(this.dataSharedPrefsName, 0).getString("mk", null);
                if (string == null) {
                    throw new Exception("No master passcode entry found");
                }
                this.masterPasscode = Base64.encodeToString(cipher.doFinal(PairedAESKeysHelper.encodeBase64StringToBytes(new JSONObject(string).getString("encryptedPassword"))), 2);
                return;
            } catch (Exception e) {
                e.printStackTrace();
                throw new VaultError("DeviceSecurityStrongVault.setMasterKeyCipher, " + e);
            }
        }
        String loadMasterPasscode = loadMasterPasscode(cipher);
        if (loadMasterPasscode != null) {
            this.masterPasscode = loadMasterPasscode;
            return;
        }
        String randomPasscode = getRandomPasscode();
        this.masterPasscode = randomPasscode;
        storeMasterPasscode(randomPasscode);
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    public /* bridge */ /* synthetic */ void setValue(String str, String str2) throws VaultError {
        super.setValue(str, str2);
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    protected void storeData() throws VaultError {
        if (this.invalidated) {
            throw new MismatchedDeviceSecurityVault(this.config);
        }
        super.storeData();
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    public /* bridge */ /* synthetic */ void unlock() throws VaultError {
        super.unlock();
    }

    @Override // com.ionicframework.IdentityVault.VaultBase
    public void unlock(boolean z) throws VaultError {
        if (!isLocked()) {
            if (isEmpty()) {
                if (!isAESPairedKeyEncrypted()) {
                    setupEncryption();
                }
                if (this.data == null) {
                    this.data = new HashMap<>();
                }
                storeData();
                return;
            }
            return;
        }
        if (doesVaultExist() || z) {
            if (this.invalidated) {
                throw new MismatchedDeviceSecurityVault(this.config);
            }
            if (this.masterKeyCipher != null) {
                super.unlock(z);
                if (isAESPairedKeyEncrypted()) {
                    return;
                }
                BiometricCipherHelper.removeKey(this.biometricCypherKey);
                setupEncryption();
                storeData();
                return;
            }
            boolean isEmpty = isEmpty();
            boolean z2 = StateStore.pendingVault != null;
            if ((!isEmpty || doesVaultExist()) && !z2) {
                throw new MissingBiometricsError();
            }
            setupEncryption();
            if (z2) {
                return;
            }
            super.unlock(z);
        }
    }
}
