package ch.papers.securestorage;

import android.os.Build;
import android.security.keystore.UserNotAuthenticatedException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.MessageDigest;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.Unit;
import kotlin.collections.ArraysKt;
import kotlin.concurrent.ThreadsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.StringCompanionObject;
import kotlin.ranges.IntRange;
import kotlin.text.Charsets;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: SecureFileStorage.kt */
@Metadata(bv = {1, 0, 2}, d1 = {"\u0000V\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\u0018\u00002\u00020\u0001B\u001f\u0012\b\u0010\u0002\u001a\u0004\u0018\u00010\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007¢\u0006\u0002\u0010\bJ\u0018\u0010\t\u001a\u00020\u00052\u0006\u0010\n\u001a\u00020\u00052\u0006\u0010\u000b\u001a\u00020\u0005H\u0002J\u0010\u0010\f\u001a\u00020\u00072\u0006\u0010\r\u001a\u00020\u0005H\u0002J\u0010\u0010\u000e\u001a\u00020\u00052\u0006\u0010\u000b\u001a\u00020\u000fH\u0002J\u0010\u0010\u0010\u001a\u00020\u000f2\u0006\u0010\u0011\u001a\u00020\u0005H\u0002J\u0010\u0010\u0012\u001a\u00020\u00052\u0006\u0010\u000b\u001a\u00020\u000fH\u0002Jm\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u000f2\b\b\u0002\u0010\n\u001a\u00020\u00052\u0012\u0010\u0016\u001a\u000e\u0012\u0004\u0012\u00020\u0018\u0012\u0004\u0012\u00020\u00140\u00172%\u0010\u0019\u001a!\u0012\u0017\u0012\u00150\u001aj\u0002`\u001b¢\u0006\f\b\u001c\u0012\b\b\u001d\u0012\u0004\b\b(\u0019\u0012\u0004\u0012\u00020\u00140\u00172\u0018\u0010\u001e\u001a\u0014\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00140\u001f\u0012\u0004\u0012\u00020\u00140\u0017JC\u0010 \u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u000f2\f\u0010\u0016\u001a\b\u0012\u0004\u0012\u00020\u00140\u001f2%\u0010\u0019\u001a!\u0012\u0017\u0012\u00150\u001aj\u0002`\u001b¢\u0006\f\b\u001c\u0012\b\b\u001d\u0012\u0004\b\b(\u0019\u0012\u0004\u0012\u00020\u00140\u0017Jm\u0010!\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u000f2\b\b\u0002\u0010\n\u001a\u00020\u00052\u0012\u0010\u0016\u001a\u000e\u0012\u0004\u0012\u00020\"\u0012\u0004\u0012\u00020\u00140\u00172%\u0010\u0019\u001a!\u0012\u0017\u0012\u00150\u001aj\u0002`\u001b¢\u0006\f\b\u001c\u0012\b\b\u001d\u0012\u0004\b\b(\u0019\u0012\u0004\u0012\u00020\u00140\u00172\u0018\u0010\u001e\u001a\u0014\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00140\u001f\u0012\u0004\u0012\u00020\u00140\u0017R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u0010\u0010\u0002\u001a\u0004\u0018\u00010\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006#"}, d2 = {"Lch/papers/securestorage/SecureFileStorage;", "", "masterSecret", "Ljava/security/Key;", "salt", "", "baseDir", "Ljava/io/File;", "(Ljava/security/Key;[BLjava/io/File;)V", "encryptionSecret", "secret", "key", "fileForHashedKey", "hashedKey", "hashForKey", "", "hexForByteArray", "hash", "ivForKey", "read", "", "fileKey", "success", "Lkotlin/Function1;", "Ljava/io/InputStream;", "error", "Ljava/lang/Exception;", "Lkotlin/Exception;", "Lkotlin/ParameterName;", "name", "requestAuthentication", "Lkotlin/Function0;", "remove", "write", "Ljava/io/OutputStream;", "app_release"}, k = 1, mv = {1, 1, 10})
/* loaded from: classes.dex */
public final class SecureFileStorage {
    private final File baseDir;
    private final Key masterSecret;
    private final byte[] salt;

    public SecureFileStorage(@Nullable Key key, @NotNull byte[] salt, @NotNull File baseDir) {
        Intrinsics.checkParameterIsNotNull(salt, "salt");
        Intrinsics.checkParameterIsNotNull(baseDir, "baseDir");
        this.masterSecret = key;
        this.salt = salt;
        this.baseDir = baseDir;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final byte[] encryptionSecret(byte[] secret, byte[] key) {
        byte[] digest = MessageDigest.getInstance(Constants.DIGEST_ALGORITHM).digest(ArraysKt.plus(secret, key));
        Intrinsics.checkExpressionValueIsNotNull(digest, "MessageDigest.getInstanc…THM).digest(secret + key)");
        return digest;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final File fileForHashedKey(byte[] hashedKey) {
        return new File(this.baseDir, hexForByteArray(hashedKey));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final byte[] hashForKey(String key) {
        MessageDigest messageDigest = MessageDigest.getInstance(Constants.DIGEST_ALGORITHM);
        byte[] bArr = this.salt;
        Charset charset = Charsets.UTF_8;
        if (key == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        byte[] bytes = key.getBytes(charset);
        Intrinsics.checkExpressionValueIsNotNull(bytes, "(this as java.lang.String).getBytes(charset)");
        byte[] digest = messageDigest.digest(ArraysKt.plus(bArr, bytes));
        Intrinsics.checkExpressionValueIsNotNull(digest, "MessageDigest.getInstanc…salt + key.toByteArray())");
        return digest;
    }

    private final String hexForByteArray(byte[] hash) {
        StringBuilder sb = new StringBuilder(hash.length * 2);
        for (byte b : hash) {
            StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
            Object[] objArr = {Byte.valueOf(b)};
            String format = String.format("%02x", Arrays.copyOf(objArr, objArr.length));
            Intrinsics.checkExpressionValueIsNotNull(format, "java.lang.String.format(format, *args)");
            sb.append(format);
        }
        String sb2 = sb.toString();
        Intrinsics.checkExpressionValueIsNotNull(sb2, "stringBuilder.toString()");
        return sb2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final byte[] ivForKey(String key) {
        return ArraysKt.sliceArray(hashForKey(key), new IntRange(0, 15));
    }

    public static /* bridge */ /* synthetic */ void read$default(SecureFileStorage secureFileStorage, String str, byte[] bArr, Function1 function1, Function1 function12, Function1 function13, int i, Object obj) {
        byte[] bArr2;
        if ((i & 2) != 0) {
            bArr2 = "".getBytes(Charsets.UTF_8);
            Intrinsics.checkExpressionValueIsNotNull(bArr2, "(this as java.lang.String).getBytes(charset)");
        } else {
            bArr2 = bArr;
        }
        secureFileStorage.read(str, bArr2, function1, function12, function13);
    }

    public static /* bridge */ /* synthetic */ void write$default(SecureFileStorage secureFileStorage, String str, byte[] bArr, Function1 function1, Function1 function12, Function1 function13, int i, Object obj) {
        byte[] bArr2;
        if ((i & 2) != 0) {
            bArr2 = "".getBytes(Charsets.UTF_8);
            Intrinsics.checkExpressionValueIsNotNull(bArr2, "(this as java.lang.String).getBytes(charset)");
        } else {
            bArr2 = bArr;
        }
        secureFileStorage.write(str, bArr2, function1, function12, function13);
    }

    public final void read(@NotNull final String fileKey, @NotNull final byte[] secret, @NotNull final Function1<? super InputStream, Unit> success, @NotNull final Function1<? super Exception, Unit> error, @NotNull final Function1<? super Function0<Unit>, Unit> requestAuthentication) {
        Intrinsics.checkParameterIsNotNull(fileKey, "fileKey");
        Intrinsics.checkParameterIsNotNull(secret, "secret");
        Intrinsics.checkParameterIsNotNull(success, "success");
        Intrinsics.checkParameterIsNotNull(error, "error");
        Intrinsics.checkParameterIsNotNull(requestAuthentication, "requestAuthentication");
        ThreadsKt.thread((r12 & 1) != 0, (r12 & 2) != 0 ? false : false, (r12 & 4) != 0 ? (ClassLoader) null : null, (r12 & 8) != 0 ? (String) null : null, (r12 & 16) != 0 ? -1 : 0, new Function0<Unit>() { // from class: ch.papers.securestorage.SecureFileStorage$read$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public /* bridge */ /* synthetic */ Unit invoke() {
                invoke2();
                return Unit.INSTANCE;
            }

            /* renamed from: invoke, reason: avoid collision after fix types in other method */
            public final void invoke2() {
                byte[] hashForKey;
                File fileForHashedKey;
                InputStream inputStream;
                byte[] hashForKey2;
                byte[] encryptionSecret;
                byte[] ivForKey;
                Cipher cipher;
                Key key;
                Key key2;
                try {
                    SecureFileStorage secureFileStorage = SecureFileStorage.this;
                    hashForKey = SecureFileStorage.this.hashForKey(fileKey);
                    fileForHashedKey = secureFileStorage.fileForHashedKey(hashForKey);
                    FileInputStream fileInputStream = new FileInputStream(fileForHashedKey);
                    if (Build.VERSION.SDK_INT >= 18) {
                        if (Build.VERSION.SDK_INT >= 23) {
                            byte[] bArr = new byte[16];
                            fileInputStream.read(bArr);
                            cipher = Cipher.getInstance(Constants.INSTANCE.getFILESYSTEM_CIPHER_ALGORITHM());
                            key2 = SecureFileStorage.this.masterSecret;
                            cipher.init(2, key2, new IvParameterSpec(bArr));
                        } else {
                            cipher = Cipher.getInstance(Constants.FILESYSTEM_FALLBACK_CIPHER_ALGORITHM);
                            key = SecureFileStorage.this.masterSecret;
                            cipher.init(2, key);
                        }
                        inputStream = new CipherInputStream(fileInputStream, cipher);
                    } else {
                        inputStream = fileInputStream;
                    }
                    SecureFileStorage secureFileStorage2 = SecureFileStorage.this;
                    byte[] bArr2 = secret;
                    hashForKey2 = SecureFileStorage.this.hashForKey(fileKey);
                    encryptionSecret = secureFileStorage2.encryptionSecret(bArr2, hashForKey2);
                    SecretKeySpec secretKeySpec = new SecretKeySpec(encryptionSecret, 0, encryptionSecret.length, "AES");
                    Cipher cipher2 = Cipher.getInstance(Constants.INSTANCE.getFILESYSTEM_CIPHER_ALGORITHM());
                    ivForKey = SecureFileStorage.this.ivForKey(fileKey);
                    cipher2.init(2, secretKeySpec, new IvParameterSpec(ivForKey));
                    success.invoke(new CipherInputStream(inputStream, cipher2));
                } catch (Exception e) {
                    if (Build.VERSION.SDK_INT < 23) {
                        error.invoke(e);
                    } else if (e instanceof UserNotAuthenticatedException) {
                        requestAuthentication.invoke(new Function0<Unit>() { // from class: ch.papers.securestorage.SecureFileStorage$read$1.1
                            {
                                super(0);
                            }

                            @Override // kotlin.jvm.functions.Function0
                            public /* bridge */ /* synthetic */ Unit invoke() {
                                invoke2();
                                return Unit.INSTANCE;
                            }

                            /* renamed from: invoke, reason: avoid collision after fix types in other method */
                            public final void invoke2() {
                                SecureFileStorage.this.read(fileKey, secret, success, error, requestAuthentication);
                            }
                        });
                    } else {
                        error.invoke(e);
                    }
                }
            }
        });
    }

    public final void remove(@NotNull final String fileKey, @NotNull final Function0<Unit> success, @NotNull final Function1<? super Exception, Unit> error) {
        Intrinsics.checkParameterIsNotNull(fileKey, "fileKey");
        Intrinsics.checkParameterIsNotNull(success, "success");
        Intrinsics.checkParameterIsNotNull(error, "error");
        ThreadsKt.thread((r12 & 1) != 0, (r12 & 2) != 0 ? false : false, (r12 & 4) != 0 ? (ClassLoader) null : null, (r12 & 8) != 0 ? (String) null : null, (r12 & 16) != 0 ? -1 : 0, new Function0<Unit>() { // from class: ch.papers.securestorage.SecureFileStorage$remove$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public /* bridge */ /* synthetic */ Unit invoke() {
                invoke2();
                return Unit.INSTANCE;
            }

            /* renamed from: invoke, reason: avoid collision after fix types in other method */
            public final void invoke2() {
                byte[] hashForKey;
                File fileForHashedKey;
                try {
                    SecureFileStorage secureFileStorage = SecureFileStorage.this;
                    hashForKey = SecureFileStorage.this.hashForKey(fileKey);
                    fileForHashedKey = secureFileStorage.fileForHashedKey(hashForKey);
                    if (!fileForHashedKey.delete()) {
                        throw new Exception("could not delete file");
                    }
                    success.invoke();
                } catch (Exception e) {
                    error.invoke(e);
                }
            }
        });
    }

    public final void write(@NotNull final String fileKey, @NotNull final byte[] secret, @NotNull final Function1<? super OutputStream, Unit> success, @NotNull final Function1<? super Exception, Unit> error, @NotNull final Function1<? super Function0<Unit>, Unit> requestAuthentication) {
        Intrinsics.checkParameterIsNotNull(fileKey, "fileKey");
        Intrinsics.checkParameterIsNotNull(secret, "secret");
        Intrinsics.checkParameterIsNotNull(success, "success");
        Intrinsics.checkParameterIsNotNull(error, "error");
        Intrinsics.checkParameterIsNotNull(requestAuthentication, "requestAuthentication");
        ThreadsKt.thread((r12 & 1) != 0, (r12 & 2) != 0 ? false : false, (r12 & 4) != 0 ? (ClassLoader) null : null, (r12 & 8) != 0 ? (String) null : null, (r12 & 16) != 0 ? -1 : 0, new Function0<Unit>() { // from class: ch.papers.securestorage.SecureFileStorage$write$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public /* bridge */ /* synthetic */ Unit invoke() {
                invoke2();
                return Unit.INSTANCE;
            }

            /* renamed from: invoke, reason: avoid collision after fix types in other method */
            public final void invoke2() {
                byte[] hashForKey;
                File fileForHashedKey;
                OutputStream outputStream;
                byte[] hashForKey2;
                byte[] encryptionSecret;
                byte[] ivForKey;
                Key key;
                try {
                    SecureFileStorage secureFileStorage = SecureFileStorage.this;
                    hashForKey = SecureFileStorage.this.hashForKey(fileKey);
                    fileForHashedKey = secureFileStorage.fileForHashedKey(hashForKey);
                    if (!fileForHashedKey.exists()) {
                        fileForHashedKey.createNewFile();
                    }
                    FileOutputStream fileOutputStream = new FileOutputStream(fileForHashedKey);
                    if (Build.VERSION.SDK_INT >= 18) {
                        Cipher fsCipher = Build.VERSION.SDK_INT >= 23 ? Cipher.getInstance(Constants.INSTANCE.getFILESYSTEM_CIPHER_ALGORITHM()) : Cipher.getInstance(Constants.FILESYSTEM_FALLBACK_CIPHER_ALGORITHM);
                        key = SecureFileStorage.this.masterSecret;
                        fsCipher.init(1, key);
                        if (Build.VERSION.SDK_INT >= 23) {
                            Intrinsics.checkExpressionValueIsNotNull(fsCipher, "fsCipher");
                            fileOutputStream.write(fsCipher.getIV());
                        }
                        outputStream = new CipherOutputStream(fileOutputStream, fsCipher);
                    } else {
                        outputStream = fileOutputStream;
                    }
                    SecureFileStorage secureFileStorage2 = SecureFileStorage.this;
                    byte[] bArr = secret;
                    hashForKey2 = SecureFileStorage.this.hashForKey(fileKey);
                    encryptionSecret = secureFileStorage2.encryptionSecret(bArr, hashForKey2);
                    SecretKeySpec secretKeySpec = new SecretKeySpec(encryptionSecret, 0, encryptionSecret.length, "AES");
                    Cipher cipher = Cipher.getInstance(Constants.INSTANCE.getFILESYSTEM_CIPHER_ALGORITHM());
                    ivForKey = SecureFileStorage.this.ivForKey(fileKey);
                    cipher.init(1, secretKeySpec, new IvParameterSpec(ivForKey));
                    success.invoke(new CipherOutputStream(outputStream, cipher));
                } catch (Exception e) {
                    if (Build.VERSION.SDK_INT < 23) {
                        error.invoke(e);
                    } else if (e instanceof UserNotAuthenticatedException) {
                        requestAuthentication.invoke(new Function0<Unit>() { // from class: ch.papers.securestorage.SecureFileStorage$write$1.1
                            {
                                super(0);
                            }

                            @Override // kotlin.jvm.functions.Function0
                            public /* bridge */ /* synthetic */ Unit invoke() {
                                invoke2();
                                return Unit.INSTANCE;
                            }

                            /* renamed from: invoke, reason: avoid collision after fix types in other method */
                            public final void invoke2() {
                                SecureFileStorage.this.write(fileKey, secret, success, error, requestAuthentication);
                            }
                        });
                    } else {
                        error.invoke(e);
                    }
                }
            }
        });
    }
}
