package other.de.stanetz.jpencconverter;

import android.app.KeyguardManager;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.preference.PreferenceManager;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import android.util.Log;
import android.widget.Toast;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* loaded from: classes3.dex */
public class PasswordStore {
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String CIPHER_MODE = "AES/GCM/NoPadding";
    private static final String KEY_SUFFIX_IV = ".iv";
    private static final String KEY_SUFFIX_KEY = ".key";
    private static final String LOG_TAG_NAME = "SecurityStore";
    private final Context _context;
    private final boolean _deviceIsProtected;
    private final SharedPreferences _preferences;

    /* loaded from: classes3.dex */
    public enum SecurityMode {
        NONE,
        AUTHENTICATION
    }

    public PasswordStore(Context context) {
        this._context = (Context) Objects.requireNonNull(context, "The context must be set.");
        if (Build.VERSION.SDK_INT >= 23) {
            this._deviceIsProtected = ((KeyguardManager) context.getSystemService("keyguard")).isDeviceSecure();
        } else {
            this._deviceIsProtected = false;
        }
        this._preferences = PreferenceManager.getDefaultSharedPreferences(context);
    }

    private boolean clearAllKeys(String str) {
        SharedPreferences.Editor edit = this._preferences.edit();
        edit.remove(str + KEY_SUFFIX_KEY);
        edit.remove(str + KEY_SUFFIX_IV);
        edit.remove(str);
        edit.apply();
        return true;
    }

    private SecretKey createSecretKey(String str, SecurityMode securityMode) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEY_STORE);
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setUserAuthenticationRequired(SecurityMode.AUTHENTICATION.equals(securityMode)).setUserAuthenticationValidityDurationSeconds(300).build());
        return keyGenerator.generateKey();
    }

    private SecretKey getSecretKey(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore.load(null);
            KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore.getEntry(str, null);
            if (secretKeyEntry == null) {
                return null;
            }
            return secretKeyEntry.getSecretKey();
        } catch (IOException e) {
            e = e;
            Log.e(LOG_TAG_NAME, "Can't load keystore.", e);
            return null;
        } catch (KeyStoreException e2) {
            Log.e(LOG_TAG_NAME, "No keystore-provider is founded or can't load key from keystore.", e2);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            Log.e(LOG_TAG_NAME, "Can't load keystore or can't load key from keystore.", e3);
            return null;
        } catch (UnrecoverableEntryException e4) {
            Log.e(LOG_TAG_NAME, "Can't load key from keystore.", e4);
            return null;
        } catch (CertificateException e5) {
            e = e5;
            Log.e(LOG_TAG_NAME, "Can't load keystore.", e);
            return null;
        }
    }

    public char[] loadKey(int i) {
        return loadKey(this._context.getString(i));
    }

    public char[] loadKey(String str) {
        SecretKey secretKey = getSecretKey(str);
        if (this._preferences.contains(str + KEY_SUFFIX_KEY) && secretKey != null) {
            byte[] decode = Base64.decode(this._preferences.getString(str + KEY_SUFFIX_KEY, null), 0);
            byte[] decode2 = Base64.decode(this._preferences.getString(str + KEY_SUFFIX_IV, null), 0);
            try {
                Cipher cipher = Cipher.getInstance(CIPHER_MODE);
                cipher.init(2, secretKey, new GCMParameterSpec(128, decode2));
                return Charset.forName("UTF-8").decode(ByteBuffer.wrap(cipher.doFinal(decode))).array();
            } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
                Log.e(LOG_TAG_NAME, "Wrong decryption parameter", e);
            }
        }
        return null;
    }

    public boolean storeKey(String str, int i) {
        return storeKey(str, this._context.getString(i), SecurityMode.NONE);
    }

    public boolean storeKey(String str, String str2, SecurityMode securityMode) {
        SecurityMode securityMode2;
        byte[] bArr;
        if (str == null || str.isEmpty()) {
            return clearAllKeys(str2);
        }
        try {
            if (!SecurityMode.AUTHENTICATION.equals(securityMode) || this._deviceIsProtected) {
                securityMode2 = securityMode;
            } else {
                Toast.makeText(this._context, "Downgrade security mode to none, because there is no screenprotection set!Secure lock screen isn't set up.\nGo to 'Settings -> Security -> Screen lock' to set up a lock screen", 1).show();
                Log.w(LOG_TAG_NAME, "Downgrade security mode to none, because there is no screenprotection set!Secure lock screen isn't set up.\nGo to 'Settings -> Security -> Screen lock' to set up a lock screen");
                securityMode2 = SecurityMode.NONE;
            }
            Cipher cipher = Cipher.getInstance(CIPHER_MODE);
            if (Build.VERSION.SDK_INT >= 23) {
                cipher.init(1, createSecretKey(str2, securityMode2));
                bArr = cipher.getIV();
            } else {
                byte[] bArr2 = new byte[128];
                new SecureRandom().nextBytes(bArr2);
                Toast.makeText(this._context, "You have an old Android-Device. The password will be saved unsafe.", 1).show();
                Log.w(LOG_TAG_NAME, "You have an old Android-Device. The password will be saved unsafe.");
                bArr = bArr2;
            }
            byte[] doFinal = cipher.doFinal(str.getBytes("UTF-8"));
            SharedPreferences.Editor edit = this._preferences.edit();
            edit.putString(str2 + KEY_SUFFIX_KEY, Base64.encodeToString(doFinal, 0));
            edit.putString(str2 + KEY_SUFFIX_IV, Base64.encodeToString(bArr, 0));
            edit.putString(str2, "***");
            edit.apply();
            return true;
        } catch (UnsupportedEncodingException e) {
            Log.e(LOG_TAG_NAME, "Unkown encoding", e);
            clearAllKeys(str2);
            return false;
        } catch (InvalidAlgorithmParameterException e2) {
            if (!SecurityMode.AUTHENTICATION.equals(securityMode) || this._deviceIsProtected) {
                Log.e(LOG_TAG_NAME, "Wrong encryption parameter", e2);
            } else {
                Log.e(LOG_TAG_NAME, "The device must be proteced by pin or pattern or fingerprint.", e2);
            }
            clearAllKeys(str2);
            return false;
        } catch (InvalidKeyException e3) {
            e = e3;
            Log.e(LOG_TAG_NAME, "Wrong encryption parameter", e);
            clearAllKeys(str2);
            return false;
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            Log.e(LOG_TAG_NAME, "Wrong encryption parameter", e);
            clearAllKeys(str2);
            return false;
        } catch (NoSuchProviderException e5) {
            e = e5;
            Log.e(LOG_TAG_NAME, "Wrong encryption parameter", e);
            clearAllKeys(str2);
            return false;
        } catch (BadPaddingException e6) {
            e = e6;
            Log.e(LOG_TAG_NAME, "Wrong encryption parameter", e);
            clearAllKeys(str2);
            return false;
        } catch (IllegalBlockSizeException e7) {
            e = e7;
            Log.e(LOG_TAG_NAME, "Wrong encryption parameter", e);
            clearAllKeys(str2);
            return false;
        } catch (NoSuchPaddingException e8) {
            e = e8;
            Log.e(LOG_TAG_NAME, "Wrong encryption parameter", e);
            clearAllKeys(str2);
            return false;
        }
    }
}
