package com.coinomi.wallet.core;

import android.app.KeyguardManager;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.text.TextUtils;
import android.util.Base64;
import com.coinomi.core.CrashReporter;
import com.coinomi.core.crypto.AESKey;
import com.coinomi.core.crypto.DECrypterElement;
import com.coinomi.core.util.Trace;
import java.io.Serializable;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.util.Locale;
import java.util.concurrent.locks.ReentrantLock;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import org.bitcoinj.crypto.EncryptedData;
import org.bitcoinj.utils.Threading;

/* loaded from: classes.dex */
public class AppVault {
    private static AppVault mInstance;
    private final ReentrantLock lock = Threading.lock("AppVault");
    private final Context mContext;
    private KeyStore mKeyStore;
    private final SharedPreferences mSharedPreferences;

    /* loaded from: classes.dex */
    public static class KeyStoreOptions {
        public boolean invalidatedByBiometricEnrollment;
        public boolean setIsStrongBoxBacked;
        public boolean userAuthenticationRequired;

        /* loaded from: classes.dex */
        public enum Status {
            SUPPORTED,
            DISABLED,
            UNSUPPORTED
        }

        public static Status getStrongBoxStatus() {
            return Build.VERSION.SDK_INT >= 28 ? Status.DISABLED : Status.DISABLED;
        }

        public static Status getUserAuthenticationRequiredStatus(Context context) {
            try {
                if (((KeyguardManager) context.getSystemService("keyguard")).isDeviceSecure()) {
                    return Status.SUPPORTED;
                }
            } catch (Exception e) {
                CrashReporter.getInstance().logException(e);
            }
            return Status.DISABLED;
        }
    }

    /* loaded from: classes.dex */
    public enum Mode {
        DECRYPTION(2),
        ENCRYPTION(1);

        private final int cipherMode;

        Mode(int i) {
            this.cipherMode = i;
        }

        public int cipherMode() {
            return this.cipherMode;
        }
    }

    /* loaded from: classes.dex */
    public static class VaultId implements Serializable {
        final int counter;
        protected final String id;
        final String walletId;

        VaultId(String str, int i) {
            this.walletId = str;
            this.counter = i;
            this.id = String.format(Locale.ENGLISH, "%s_%d", str, Integer.valueOf(i));
        }

        public String getWalletId() {
            return this.walletId;
        }

        public String toString() {
            return this.id;
        }
    }

    /* loaded from: classes.dex */
    public enum VaultType {
        KEYSTORE,
        PASSWORD,
        COMBINED;

        private static final VaultType[] internal = values();

        public static VaultType fromInteger(int i) {
            VaultType[] vaultTypeArr = internal;
            return i < vaultTypeArr.length ? vaultTypeArr[i] : vaultTypeArr[0];
        }
    }

    private AppVault(Context context) {
        this.mContext = context;
        this.mSharedPreferences = context.getSharedPreferences("AppVault", 0);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            this.mKeyStore = keyStore;
            keyStore.load(null);
        } catch (Exception e) {
            CrashReporter.getInstance().logException(e);
        }
    }

    private byte[] getIV(VaultId vaultId) {
        return fromBase64(this.mSharedPreferences.getString(getWalletKey("keystore_iv_%s", vaultId), null));
    }

    public static AppVault getInstance() {
        AppVault appVault = mInstance;
        if (appVault != null) {
            return appVault;
        }
        throw new Error(AppVault.class.getCanonicalName() + "not initialized!");
    }

    private Key getKeyStoreKey(VaultId vaultId) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        return this.mKeyStore.getKey(getWalletKey("keystore_alias_%s", vaultId), null);
    }

    private String getWalletKey(String str, VaultId vaultId) {
        return String.format(str, vaultId.toString());
    }

    public static synchronized AppVault initialize(Context context) {
        AppVault appVault;
        synchronized (AppVault.class) {
            if (mInstance == null) {
                mInstance = new AppVault(context);
            }
            appVault = mInstance;
        }
        return appVault;
    }

    private void saveIV(VaultId vaultId, byte[] bArr) {
        this.mSharedPreferences.edit().putString(getWalletKey("keystore_iv_%s", vaultId), toBase64(bArr)).apply();
    }

    private void setWalletIdCounter(VaultId vaultId) {
        this.mSharedPreferences.edit().putInt(String.format("counter_%s", vaultId.walletId), vaultId.counter).apply();
    }

    public void activateWalletId(VaultId vaultId) {
        setWalletIdCounter(vaultId);
    }

    public DECrypterElement createCombinedAESKey(VaultId vaultId, DECrypterElement dECrypterElement, DECrypterElement dECrypterElement2) {
        SharedPreferences.Editor edit = this.mSharedPreferences.edit();
        AESKey generateAESKey = generateAESKey();
        EncryptedData encrypt = dECrypterElement.getKeyCrypter().encrypt(generateAESKey.getKey(), dECrypterElement.getKey());
        edit.putString(getWalletKey("%s_combined_keystore_iv", vaultId), toBase64(encrypt.initialisationVector));
        EncryptedData encrypt2 = dECrypterElement2.getKeyCrypter().encrypt(encrypt.encryptedBytes, dECrypterElement2.getKey());
        edit.putString(getWalletKey("%s_combined_password_iv", vaultId), toBase64(encrypt2.initialisationVector));
        edit.putString(getWalletKey("%s_combined_aes", vaultId), toBase64(encrypt2.encryptedBytes));
        edit.apply();
        return new DECrypterElement(dECrypterElement2.getKeyCrypter(), generateAESKey);
    }

    public AESKey decryptCombinedAESKey(VaultId vaultId, DECrypterElement dECrypterElement, DECrypterElement dECrypterElement2) {
        String string = this.mSharedPreferences.getString(getWalletKey("%s_combined_aes", vaultId), null);
        if (!TextUtils.isEmpty(string)) {
            try {
                return new AESKey(dECrypterElement.getKeyCrypter().decrypt(new EncryptedData(fromBase64(this.mSharedPreferences.getString(getWalletKey("%s_combined_keystore_iv", vaultId), null)), dECrypterElement2.getKeyCrypter().decrypt(new EncryptedData(fromBase64(this.mSharedPreferences.getString(getWalletKey("%s_combined_password_iv", vaultId), null)), fromBase64(string)), dECrypterElement2.getKey())), dECrypterElement.getKey()));
            } catch (Exception e) {
                CrashReporter.getInstance().logException(e);
            }
        }
        return null;
    }

    byte[] decryptData(VaultId vaultId, Cipher cipher, byte[] bArr) throws NoSuchPaddingException, NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        if (!keyStoreKeyExists(vaultId)) {
            throw new KeyStoreException("KeyStore Keys are not created. You have to init them first.");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("Data to be decrypted must be non null");
        }
        if (cipher == null) {
            cipher = getCipher(vaultId, Mode.DECRYPTION);
        }
        return cipher.doFinal(bArr);
    }

    byte[] encryptData(VaultId vaultId, Cipher cipher, byte[] bArr) throws NoSuchPaddingException, NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        if (!keyStoreKeyExists(vaultId)) {
            throw new KeyStoreException("KeyStore Keys are not created. You have to init them first.");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("Data to be decrypted must be non null");
        }
        if (cipher == null) {
            cipher = getCipher(vaultId, Mode.ENCRYPTION);
        }
        saveIV(vaultId, cipher.getIV());
        return cipher.doFinal(bArr);
    }

    public byte[] fromBase64(String str) {
        return Base64.decode(str, 0);
    }

    AESKey generateAESKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            return new AESKey(keyGenerator.generateKey().getEncoded());
        } catch (Exception e) {
            CrashReporter.getInstance().logException(e);
            return null;
        }
    }

    public AESKey getAESKey(VaultId vaultId, Cipher cipher) {
        if (keyStoreKeyExists(vaultId)) {
            String string = this.mSharedPreferences.getString(getWalletKey("keystore_aes_%s", vaultId), null);
            try {
                if (!TextUtils.isEmpty(string)) {
                    return new AESKey(decryptData(vaultId, cipher, fromBase64(string)));
                }
            } catch (Exception e) {
                CrashReporter.getInstance().logException(e);
            }
            try {
                AESKey generateAESKey = generateAESKey();
                this.mSharedPreferences.edit().putString(getWalletKey("keystore_aes_%s", vaultId), toBase64(encryptData(vaultId, cipher, generateAESKey.getKey()))).apply();
                return generateAESKey;
            } catch (Exception e2) {
                e2.printStackTrace();
            }
        }
        return null;
    }

    public Cipher getCipher(VaultId vaultId, Mode mode) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        if (mode == Mode.DECRYPTION) {
            cipher.init(mode.cipherMode(), getKeyStoreKey(vaultId), new GCMParameterSpec(128, getIV(vaultId)));
        } else {
            cipher.init(mode.cipherMode(), getKeyStoreKey(vaultId));
        }
        return cipher;
    }

    public KeyInfo getKeyInfo(VaultId vaultId) {
        try {
            SecretKey secretKey = (SecretKey) this.mKeyStore.getKey(getWalletKey("keystore_alias_%s", vaultId), null);
            return (KeyInfo) SecretKeyFactory.getInstance(secretKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(secretKey, KeyInfo.class);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public VaultType getVaultType(VaultId vaultId) {
        String walletKey = getWalletKey("vault_type_%s", vaultId);
        if (!this.mSharedPreferences.contains(walletKey)) {
            return VaultType.PASSWORD;
        }
        VaultType fromInteger = VaultType.fromInteger(this.mSharedPreferences.getInt(walletKey, 0));
        return (fromInteger != VaultType.COMBINED || this.mSharedPreferences.contains(getWalletKey("%s_combined_aes", vaultId))) ? fromInteger : VaultType.KEYSTORE;
    }

    public int getWalletIdCounter(String str) {
        return this.mSharedPreferences.getInt(String.format("counter_%s", str), 0);
    }

    public VaultId initializeKeyStoreKey(VaultId vaultId, VaultType vaultType, KeyStoreOptions keyStoreOptions) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        VaultId vaultId2 = new VaultId(vaultId.walletId, vaultId.counter + 1);
        removeKeyStoreKey(vaultId2);
        KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder(getWalletKey("keystore_alias_%s", vaultId2), 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding");
        encryptionPaddings.setUserAuthenticationValidityDurationSeconds(-1);
        int i = Build.VERSION.SDK_INT;
        if (i >= 28) {
            encryptionPaddings.setUnlockedDeviceRequired(true);
        }
        Trace.v("userAuthenticationRequired: " + keyStoreOptions.userAuthenticationRequired);
        encryptionPaddings.setUserAuthenticationRequired(keyStoreOptions.userAuthenticationRequired);
        if (i >= 24) {
            Trace.v("invalidatedByBiometricEnrollment: " + keyStoreOptions.invalidatedByBiometricEnrollment);
            encryptionPaddings.setInvalidatedByBiometricEnrollment(keyStoreOptions.invalidatedByBiometricEnrollment);
        }
        if (i >= 28) {
            Trace.v("setIsStrongBoxBacked: " + keyStoreOptions.setIsStrongBoxBacked);
            encryptionPaddings.setIsStrongBoxBacked(keyStoreOptions.setIsStrongBoxBacked);
            encryptionPaddings.setUserPresenceRequired(keyStoreOptions.setIsStrongBoxBacked);
        }
        keyGenerator.init(encryptionPaddings.build());
        keyGenerator.generateKey();
        this.mSharedPreferences.edit().putInt(getWalletKey("vault_type_%s", vaultId2), vaultType.ordinal()).apply();
        return vaultId2;
    }

    public boolean isAppVaultEnabled(VaultId vaultId) {
        return keyStoreKeyExists(vaultId);
    }

    public boolean isUserAuthenticationRequired(VaultId vaultId) {
        try {
            return getKeyInfo(vaultId).isUserAuthenticationRequired();
        } catch (Exception e) {
            CrashReporter.getInstance().logException(e);
            return false;
        }
    }

    public boolean isValidKey(VaultId vaultId) {
        try {
            getCipher(vaultId, Mode.ENCRYPTION);
            return true;
        } catch (KeyPermanentlyInvalidatedException e) {
            e.printStackTrace();
            return false;
        } catch (Exception e2) {
            e2.printStackTrace();
            CrashReporter.getInstance().logException(e2);
            return false;
        }
    }

    boolean keyStoreKeyExists(VaultId vaultId) {
        try {
            return this.mKeyStore.containsAlias(getWalletKey("keystore_alias_%s", vaultId));
        } catch (Exception e) {
            CrashReporter.getInstance().logException(e);
            return false;
        }
    }

    public VaultId newWalletId(String str) {
        return new VaultId(str, getWalletIdCounter(str));
    }

    public void removeKeyStoreKey(VaultId vaultId) {
        this.lock.lock();
        try {
            try {
                this.mKeyStore.deleteEntry(getWalletKey("keystore_alias_%s", vaultId));
                this.mSharedPreferences.edit().remove(getWalletKey("keystore_aes_%s", vaultId)).remove(getWalletKey("keystore_iv_%s", vaultId)).remove(getWalletKey("vault_type_%s", vaultId)).remove(getWalletKey("%s_combined_aes", vaultId)).apply();
            } catch (Exception e) {
                CrashReporter.getInstance().logException(e);
            }
        } finally {
            this.lock.unlock();
        }
    }

    public String toBase64(byte[] bArr) {
        return Base64.encodeToString(bArr, 0);
    }
}
