package tech.bluespace.android.id_guard.model;

import android.content.SharedPreferences;
import android.os.Build;
import android.os.Environment;
import android.os.StatFs;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.util.JsonWriter;
import android.util.Log;
import com.google.protobuf.ByteString;
import com.google.protobuf.InvalidProtocolBufferException;
import java.io.IOException;
import java.io.StringWriter;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import net.lingala.zip4j.util.InternalZipConstants;
import org.apache.commons.lang3.StringUtils;
import tech.bluespace.android.id_guard.utils.AesEncryptedData;
import tech.bluespace.android.id_guard.utils.CipherUtil;
import tech.bluespace.android.id_guard.utils.DateToolKt;
import tech.bluespace.android.id_guard.utils.Hex;
import tech.bluespace.id_guard.PassportData;

/* loaded from: classes2.dex */
public class Passport {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private static final String DeviceKeyAlias = "tech.bluespace.android.id_guard";
    private static final String KeyStoreProvider = "AndroidKeyStore";
    private static final String biometricMethod = "biometric";
    private static final String passwordMethod = "password";
    private static final String protectedPassportInfoDataKey = "protectedPassportInfoData";
    private byte[] deviceID;
    private KeyPair deviceKeyPair;
    private SecretKey deviceSecretKey;
    private SecretKey masterSecretKey;
    private KeyPair passportKeyPair;
    private PassportSnapshot passportSnapshot;
    private String protectionMethod;
    private byte[] userID;
    private static final String TAG = Passport.class.getSimpleName();
    private static final SharedPreferences preferences = IdGuardApplication.context.getSharedPreferences("passport", 0);
    public static final Passport main = new Passport();
    private long creationTime = 0;
    private String accountDirectory = IdGuardApplication.context.getApplicationInfo().dataDir + "/account_file/";
    private String deviceEncryptedDataKey = "deviceEncryptedPassportInfo.data";
    private String deviceEncryptedIVKey = "deviceEncryptedPassportInfo.iv";

    /* loaded from: classes2.dex */
    public class DeviceSecretKeyChangedException extends SecurityException {
        public DeviceSecretKeyChangedException() {
        }
    }

    /* loaded from: classes2.dex */
    private class PassportSnapshot {
        String accountDirectory;
        String ivKey;
        SecretKey masterKey;
        String passportInfoKey;
        String protectionMethod;

        PassportSnapshot(String str, String str2, String str3, String str4, SecretKey secretKey) {
            this.protectionMethod = str;
            this.accountDirectory = str2;
            this.passportInfoKey = str3;
            this.ivKey = str4;
            this.masterKey = secretKey;
        }
    }

    private Passport() {
    }

    private boolean createHardwareDeviceKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", KeyStoreProvider);
            keyGenerator.init(new KeyGenParameterSpec.Builder("tech.bluespace.android.id_guard", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build());
            SecretKey generateKey = keyGenerator.generateKey();
            if (!((KeyInfo) SecretKeyFactory.getInstance(generateKey.getAlgorithm(), KeyStoreProvider).getKeySpec(generateKey, KeyInfo.class)).isInsideSecureHardware()) {
                return false;
            }
            this.deviceSecretKey = generateKey;
            return true;
        } catch (Exception e) {
            Log.e("Passport", "Failed to create hardware device key", e);
            return false;
        }
    }

    private byte[] decryptInKeystore(byte[] bArr, byte[] bArr2) throws InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        Cipher aesCipher = CipherUtil.getAesCipher();
        aesCipher.init(2, this.deviceSecretKey, new GCMParameterSpec(128, bArr2));
        return aesCipher.doFinal(bArr);
    }

    private byte[] decryptPassportInfo(String str, PassportData.PasswordEncryption passwordEncryption) throws IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, InvalidKeyException {
        return CipherUtil.aes256Decrypt(CipherUtil.deriveAes256Key(str, passwordEncryption.getSalt().toByteArray(), getPasswordToKeyAlgorithm()), passwordEncryption.getData().toByteArray(), passwordEncryption.getIv().toByteArray());
    }

    private AesEncryptedData encryptInKeystore(byte[] bArr) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        Cipher aesCipher = CipherUtil.getAesCipher();
        aesCipher.init(1, this.deviceSecretKey);
        return new AesEncryptedData(aesCipher.doFinal(bArr), aesCipher.getIV());
    }

    private byte[] encryptPassportInfo(String str) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        byte[] createAes256Salt = CipherUtil.createAes256Salt();
        AesEncryptedData aes256Encrypt = CipherUtil.aes256Encrypt(CipherUtil.deriveAes256Key(str, createAes256Salt, getPasswordToKeyAlgorithm()), serializePassportInfo());
        return PassportData.PasswordEncryption.newBuilder().setSalt(ByteString.copyFrom(createAes256Salt)).setIv(ByteString.copyFrom(aes256Encrypt.iv)).setData(ByteString.copyFrom(aes256Encrypt.data)).build().toByteArray();
    }

    private static long getEpoch() {
        return new Date().getTime() / 1000;
    }

    private static long getExternalStorageBytes() {
        StatFs statFs = new StatFs(Environment.getExternalStorageDirectory().getPath());
        return statFs.getBlockSizeLong() * statFs.getBlockCountLong();
    }

    private String getPasswordToKeyAlgorithm() {
        String string = preferences.getString("PasswordToKeyAlgorithm", null);
        if (string != null) {
            return string;
        }
        String str = Build.VERSION.SDK_INT >= 26 ? "PBKDF2withHmacSHA256" : "PBKDF2WithHmacSHA1";
        preferences.edit().putString("PasswordToKeyAlgorithm", str).apply();
        return str;
    }

    private byte[] loadDeviceProtectedPassportInfo() throws GeneralSecurityException {
        byte[] decode = Hex.decode(preferences.getString(this.deviceEncryptedDataKey, ""));
        if (decode.length == 0) {
            return null;
        }
        byte[] decode2 = Hex.decode(preferences.getString(this.deviceEncryptedIVKey, ""));
        if (decode2.length == 0) {
            return null;
        }
        if (loadDeviceSecretKey()) {
            return decryptInKeystore(decode, decode2);
        }
        throw new DeviceSecretKeyChangedException();
    }

    private boolean loadDeviceSecretKey() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStoreProvider);
            keyStore.load(null);
            KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore.getEntry("tech.bluespace.android.id_guard", null);
            if (secretKeyEntry == null) {
                return false;
            }
            this.deviceSecretKey = secretKeyEntry.getSecretKey();
            return true;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            Log.e("Passport", "Failed to load device secret key", e);
            return false;
        }
    }

    private KeyPair makeKeyPair(byte[] bArr, byte[] bArr2) {
        return new KeyPair(CipherUtil.makeEcPublicKey(bArr), CipherUtil.makeEcPrivateKey(bArr2));
    }

    private void parsePassportInfo(byte[] bArr) throws InvalidProtocolBufferException {
        PassportData.PassportInfo parseFrom = PassportData.PassportInfo.parseFrom(bArr);
        this.userID = parseFrom.getUserID().toByteArray();
        this.creationTime = parseFrom.getCreationTime();
        this.masterSecretKey = new SecretKeySpec(parseFrom.getMasterKey().toByteArray(), "AES");
        this.deviceID = parseFrom.getDeviceID().toByteArray();
        this.passportKeyPair = makeKeyPair(parseFrom.getPassportPublicKey().toByteArray(), parseFrom.getPassportPrivateKey().toByteArray());
        this.deviceKeyPair = makeKeyPair(parseFrom.getDevicePublicKey().toByteArray(), parseFrom.getDevicePrivateKey().toByteArray());
    }

    private void parseProtectedPassportInfo(PassportData.ProtectedPassportInfoV20190603 protectedPassportInfoV20190603) {
        this.protectionMethod = protectedPassportInfoV20190603.getMethod().name();
        this.deviceEncryptedDataKey = protectedPassportInfoV20190603.getDeviceEncryptedDataKey();
        this.deviceEncryptedIVKey = protectedPassportInfoV20190603.getDeviceEncryptIVKey();
        this.accountDirectory = protectedPassportInfoV20190603.getAccountDataBaseFile();
    }

    private boolean saveProtectedPassportInfo(AesEncryptedData aesEncryptedData, String str) {
        this.protectionMethod = str;
        return preferences.edit().putString(this.deviceEncryptedIVKey, Hex.toHexString(aesEncryptedData.iv)).putString(this.deviceEncryptedDataKey, Hex.toHexString(aesEncryptedData.data)).putString(protectedPassportInfoDataKey, Hex.toHexString(serializeProtectedPassportInfo())).commit();
    }

    private byte[] serializePassportInfo() {
        return PassportData.PassportInfo.newBuilder().setUserID(ByteString.copyFrom(this.userID)).setMasterKey(ByteString.copyFrom(this.masterSecretKey.getEncoded())).setPassportPublicKey(ByteString.copyFrom(this.passportKeyPair.getPublic().getEncoded())).setPassportPrivateKey(ByteString.copyFrom(this.passportKeyPair.getPrivate().getEncoded())).setDeviceID(ByteString.copyFrom(this.deviceID)).setDevicePublicKey(ByteString.copyFrom(this.deviceKeyPair.getPublic().getEncoded())).setDevicePrivateKey(ByteString.copyFrom(this.deviceKeyPair.getPrivate().getEncoded())).setCreationTime(this.creationTime).build().toByteArray();
    }

    private byte[] serializeProtectedPassportInfo() {
        return PassportData.ProtectedPassportInfo.newBuilder().setVersion(PassportData.ProtectedPassportInfoVersion.protectedPassportInfoV20190603).setInfoV20190603(PassportData.ProtectedPassportInfoV20190603.newBuilder().setMethod(PassportData.ProtectedPassportInfo.ProtectionMethod.valueOf(this.protectionMethod)).setAccountDataBaseFile(this.accountDirectory).setDeviceEncryptedDataKey(this.deviceEncryptedDataKey).setDeviceEncryptIVKey(this.deviceEncryptedIVKey).build()).build().toByteArray();
    }

    private static String volumeCapacity(long j) {
        long j2 = j / 1000000000;
        for (long j3 : new long[]{0, 8, 16, 32, 64, 128, 256, 512, 1024}) {
            if (j2 <= j3) {
                return j3 + " GB";
            }
        }
        return j2 + " GB";
    }

    public String backupAsJson() {
        try {
            StringWriter stringWriter = new StringWriter();
            JsonWriter jsonWriter = new JsonWriter(stringWriter);
            jsonWriter.beginObject();
            jsonWriter.name("userID").value("0");
            jsonWriter.name("backupTime").value(getEpoch());
            jsonWriter.name("creationTime").value(this.creationTime);
            jsonWriter.name("deviceTag").value(Build.MANUFACTURER + StringUtils.SPACE + Build.MODEL + ", " + volumeCapacity(getExternalStorageBytes()));
            jsonWriter.name("clientVersion").value("tech.bluespace.android.id_guard 2019.09");
            jsonWriter.endObject();
            jsonWriter.close();
            return stringWriter.toString();
        } catch (IOException e) {
            Log.e(TAG, "Failed to backup passport", e);
            return "";
        }
    }

    public void cancelProtectionChange() {
        this.masterSecretKey = this.passportSnapshot.masterKey;
        AccountManager.main.deleteAccountDirectory(this.accountDirectory);
        this.accountDirectory = this.passportSnapshot.accountDirectory;
        this.deviceEncryptedDataKey = this.passportSnapshot.passportInfoKey;
        this.deviceEncryptedIVKey = this.passportSnapshot.ivKey;
        this.passportSnapshot = null;
    }

    public void createPassport() {
        this.userID = CipherUtil.createUUID();
        this.creationTime = getEpoch();
        this.masterSecretKey = CipherUtil.createAes256Key();
        this.passportKeyPair = CipherUtil.generateKeyPair();
        this.deviceID = CipherUtil.createUUID();
        this.deviceKeyPair = CipherUtil.generateKeyPair();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] decryptData(byte[] bArr, byte[] bArr2) throws InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        Cipher aesCipher = CipherUtil.getAesCipher();
        aesCipher.init(2, this.masterSecretKey, new IvParameterSpec(bArr2));
        return aesCipher.doFinal(bArr);
    }

    public void deleteFromDisk() {
        preferences.edit().remove(this.deviceEncryptedIVKey).remove(this.deviceEncryptedDataKey).remove(protectedPassportInfoDataKey).apply();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AesEncryptedData encryptData(byte[] bArr) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        Cipher aesCipher = CipherUtil.getAesCipher();
        aesCipher.init(1, this.masterSecretKey);
        return new AesEncryptedData(aesCipher.doFinal(bArr), aesCipher.getIV());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getAccountDirectory() {
        return this.accountDirectory;
    }

    public int getTimeToAuthenticatePassword() {
        return PasswordErrorPolicy.main.getTimeToAuthenticatePassword();
    }

    public boolean hasPassport() {
        try {
            byte[] decode = Hex.decode(preferences.getString(protectedPassportInfoDataKey, ""));
            if (decode.length == 0) {
                this.protectionMethod = preferences.getString("protectionMethod", "");
                return !this.protectionMethod.isEmpty();
            }
            PassportData.ProtectedPassportInfo parseFrom = PassportData.ProtectedPassportInfo.parseFrom(decode);
            if (parseFrom.getVersion() != PassportData.ProtectedPassportInfoVersion.protectedPassportInfoV20190603) {
                return false;
            }
            parseProtectedPassportInfo(parseFrom.getInfoV20190603());
            return true;
        } catch (InvalidProtocolBufferException e) {
            Log.e(TAG, "Fail to parse protected passport info", e);
            return false;
        }
    }

    public boolean isBiometricProtected() {
        return biometricMethod.equals(this.protectionMethod);
    }

    public boolean isLoaded() {
        return (this.deviceSecretKey == null || this.userID == null || this.masterSecretKey == null || this.deviceID == null) ? false : true;
    }

    public boolean isMasterPasswordProtected() {
        return "password".equals(this.protectionMethod);
    }

    public boolean isSameUser(byte[] bArr) {
        return Arrays.equals(this.userID, bArr);
    }

    public boolean loadPassport() throws DeviceSecretKeyChangedException {
        if (isLoaded()) {
            return true;
        }
        try {
            byte[] loadDeviceProtectedPassportInfo = loadDeviceProtectedPassportInfo();
            if (loadDeviceProtectedPassportInfo == null) {
                return false;
            }
            parsePassportInfo(loadDeviceProtectedPassportInfo);
            return true;
        } catch (InvalidProtocolBufferException e) {
            Log.e(TAG, "Failed to parse biometrics protected passport", e);
            return false;
        } catch (GeneralSecurityException e2) {
            Log.e(TAG, "Failed to load biometrics protected passport", e2);
            return false;
        }
    }

    public boolean loadPassport(String str) {
        if (getTimeToAuthenticatePassword() > 1) {
            return false;
        }
        try {
            try {
                byte[] loadDeviceProtectedPassportInfo = loadDeviceProtectedPassportInfo();
                if (loadDeviceProtectedPassportInfo == null) {
                    return false;
                }
                try {
                    byte[] decryptPassportInfo = decryptPassportInfo(str, PassportData.PasswordEncryption.parseFrom(loadDeviceProtectedPassportInfo));
                    PasswordErrorPolicy.main.clearPasswordError();
                    parsePassportInfo(decryptPassportInfo);
                    return true;
                } catch (GeneralSecurityException unused) {
                    PasswordErrorPolicy.main.countPasswordError();
                    return false;
                }
            } catch (InvalidProtocolBufferException e) {
                Log.e(TAG, "Failed to parse password protected passport", e);
                return false;
            }
        } catch (GeneralSecurityException e2) {
            Log.e(TAG, "Failed to load password protected passport", e2);
            return false;
        }
    }

    public void makeSnapshot() {
        this.passportSnapshot = new PassportSnapshot(this.protectionMethod, this.accountDirectory, this.deviceEncryptedDataKey, this.deviceEncryptedIVKey, this.masterSecretKey);
    }

    public void removeSnapshot() {
        SharedPreferences.Editor edit = preferences.edit();
        edit.remove(this.passportSnapshot.ivKey);
        edit.remove(this.passportSnapshot.passportInfoKey);
        edit.apply();
        AccountManager.main.deleteAccountDirectory(this.passportSnapshot.accountDirectory);
        this.passportSnapshot = null;
    }

    public void resetMaterKey() throws IOException {
        List<AccountItem> loadAccountItems = AccountManager.main.loadAccountItems();
        this.masterSecretKey = CipherUtil.createAes256Key();
        this.accountDirectory = IdGuardApplication.context.getApplicationInfo().dataDir + "/account_file_" + getEpoch() + InternalZipConstants.ZIP_FILE_SEPARATOR;
        AccountManager.main.reEncryptAllAccounts(loadAccountItems);
    }

    public boolean savePassport() {
        try {
            if (this.deviceSecretKey != null || createHardwareDeviceKey()) {
                return saveProtectedPassportInfo(encryptInKeystore(serializePassportInfo()), biometricMethod);
            }
            return false;
        } catch (GeneralSecurityException e) {
            Log.e(TAG, "Failed to encrypt passport", e);
            return false;
        }
    }

    public boolean savePassport(String str) {
        try {
            if (this.deviceSecretKey != null || createHardwareDeviceKey()) {
                return saveProtectedPassportInfo(encryptInKeystore(encryptPassportInfo(str)), "password");
            }
            return false;
        } catch (GeneralSecurityException e) {
            Log.e(TAG, "Failed to encrypt passport with password", e);
            return false;
        }
    }

    public boolean saveProtectionChange() {
        this.deviceEncryptedDataKey = "deviceEncryptedPassportInfo-" + DateToolKt.getTimestamp(new Date()) + ".data";
        this.deviceEncryptedIVKey = "deviceEncryptedPassportInfo-" + DateToolKt.getTimestamp(new Date()) + ".iv";
        return savePassport();
    }

    public boolean saveProtectionChange(String str) {
        this.deviceEncryptedDataKey = "deviceEncryptedPassportInfo-" + DateToolKt.getTimestamp(new Date()) + ".data";
        this.deviceEncryptedIVKey = "deviceEncryptedPassportInfo-" + DateToolKt.getTimestamp(new Date()) + ".iv";
        return savePassport(str);
    }
}
