package com.okta.android.mobile.oktamobile.security;

import android.app.enterprise.BluetoothPolicy;
import android.text.TextUtils;
import android.util.Base64;
import com.okta.android.mobile.oktamobile.OktaApp;
import com.okta.android.mobile.oktamobile.framework.Clock;
import com.okta.android.mobile.oktamobile.framework.CommonPreferences;
import com.okta.android.mobile.oktamobile.utilities.DeviceInfoCollector;
import com.okta.android.mobile.oktamobile.utilities.IOUtil;
import com.okta.lib.android.common.utilities.Log;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.inject.Inject;
import javax.inject.Named;
import org.spongycastle.crypto.generators.SCrypt;
import org.spongycastle.util.encoders.Hex;

/* loaded from: classes.dex */
public class SecureUtil {
    private static final String TAG = "com.okta.android.mobile.oktamobile.security.SecureUtil";
    private Cipher cipher;
    private final Clock clock;
    private final DeviceInfoCollector deviceInfo;
    private final IOUtil ioUtil;
    private KeyStore keyStore;
    private final CommonPreferences preferences;

    @Inject
    public SecureUtil(@Named("OktaMobile_SharedPreferences") CommonPreferences commonPreferences, IOUtil iOUtil, DeviceInfoCollector deviceInfoCollector, Clock clock) {
        this.preferences = commonPreferences;
        this.ioUtil = iOUtil;
        this.deviceInfo = deviceInfoCollector;
        this.clock = clock;
    }

    private byte[] decodeFromBase64(String str) {
        if (str == null) {
            return null;
        }
        return Base64.decode(str, 0);
    }

    private String decrypt(byte[] bArr, SecretKey secretKey) {
        if (bArr != null && secretKey != null) {
            initializeCipher(2, secretKey, bArr, false);
            Cipher cipher = this.cipher;
            if (cipher == null) {
                return null;
            }
            int length = bArr.length - cipher.getBlockSize();
            byte[] bArr2 = new byte[length];
            System.arraycopy(bArr, this.cipher.getBlockSize(), bArr2, 0, length);
            try {
                byte[] doFinal = this.cipher.doFinal(bArr2);
                this.cipher = null;
                return new String(doFinal, Charset.forName("UTF-8"));
            } catch (BadPaddingException e) {
                Log.e(TAG, "Padding of the data does not match the padding scheme", e);
                return null;
            } catch (IllegalBlockSizeException e2) {
                Log.e(TAG, "Size of the resulting bytes is not a multiple of the cipher block size", e2);
            }
        }
        return null;
    }

    private String decryptStringWithPassword(String str, String str2) {
        initializeKeyStore();
        SecretKey loadSecretKey = loadSecretKey(str2, "tokenAlias", "token.keystore");
        if (loadSecretKey == null) {
            return null;
        }
        return decrypt(decodeFromBase64(str), loadSecretKey);
    }

    private String encodeToBase64(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        return Base64.encodeToString(bArr, 0);
    }

    private String encodeToCharset(String str, String str2) {
        if (str == null) {
            return null;
        }
        return new String(str.getBytes(), Charset.forName(str2));
    }

    private String encodeToDefaultCharset(String str) {
        return encodeToCharset(str, "UTF-8");
    }

    private byte[] encrypt(String str, SecretKey secretKey) {
        if (str != null && secretKey != null) {
            byte[] initializeCipher = initializeCipher(1, secretKey, null, true);
            if (this.cipher == null) {
                return null;
            }
            try {
                byte[] doFinal = this.cipher.doFinal(str.getBytes(Charset.forName("UTF-8")));
                byte[] bArr = new byte[initializeCipher.length + doFinal.length];
                System.arraycopy(initializeCipher, 0, bArr, 0, initializeCipher.length);
                System.arraycopy(doFinal, 0, bArr, initializeCipher.length, doFinal.length);
                this.cipher = null;
                return bArr;
            } catch (BadPaddingException e) {
                Log.e(TAG, "Padding of the data does not match the padding scheme", e);
                return null;
            } catch (IllegalBlockSizeException e2) {
                Log.e(TAG, "Size of the resulting bytes is not a multiple of the cipher block size", e2);
            }
        }
        return null;
    }

    private String encryptStringWithHash(String str, String str2) {
        initializeKeyStore();
        SecretKey loadSecretKey = loadSecretKey(str2, "tokenAlias", "token.keystore");
        if (loadSecretKey == null) {
            return null;
        }
        return encodeToBase64(encrypt(str, loadSecretKey));
    }

    private SecretKey generateSecretKey(String str, String str2, String str3) {
        String encodeToDefaultCharset = encodeToDefaultCharset(str);
        String encodeToDefaultCharset2 = encodeToDefaultCharset(str2);
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(BluetoothPolicy.BluetoothProfile.BLUETOOTH_SAP_PROFILE);
            SecretKey generateKey = keyGenerator.generateKey();
            if (!loadKeyStore(null, encodeToDefaultCharset)) {
                return null;
            }
            KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(encodeToDefaultCharset.toCharArray());
            try {
                this.keyStore.setEntry(encodeToDefaultCharset2, new KeyStore.SecretKeyEntry(generateKey), passwordProtection);
                if (keyStoreToDisk(str3, encodeToDefaultCharset)) {
                    return generateKey;
                }
                return null;
            } catch (KeyStoreException e) {
                Log.e(TAG, "Key store is not initialized.", e);
                return null;
            }
        } catch (NoSuchAlgorithmException e2) {
            Log.e(TAG, "AES is not a supported algorithm", e2);
            return null;
        }
    }

    private String getScryptHash(String str) {
        long currentTimeMillis = this.clock.currentTimeMillis();
        byte[] generate = SCrypt.generate(str.getBytes(), this.deviceInfo.getAndroidId().getBytes(), 16384, 8, 1, 32);
        Log.d(TAG, "Time to generate hash::" + (this.clock.currentTimeMillis() - currentTimeMillis));
        return new String(Hex.encode(generate));
    }

    private byte[] initializeCipher(int i, SecretKey secretKey, byte[] bArr, boolean z) {
        byte[] bArr2;
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            this.cipher = cipher;
            if (z) {
                SecureRandom secureRandom = new SecureRandom();
                bArr2 = new byte[this.cipher.getBlockSize()];
                secureRandom.nextBytes(bArr2);
            } else {
                int blockSize = cipher.getBlockSize();
                byte[] bArr3 = new byte[blockSize];
                System.arraycopy(bArr, 0, bArr3, 0, blockSize);
                bArr2 = bArr3;
            }
            try {
                this.cipher.init(i, secretKey, new IvParameterSpec(bArr2));
                return bArr2;
            } catch (InvalidAlgorithmParameterException e) {
                Log.e(TAG, "The specified parameters are inappropriate for this cipher.", e);
                return null;
            } catch (InvalidKeyException e2) {
                Log.e(TAG, "Key could not be used to initialize this cipher instance.", e2);
                return null;
            }
        } catch (NoSuchAlgorithmException e3) {
            Log.e(TAG, "No provider for the suggested transformation.", e3);
            return null;
        } catch (NoSuchPaddingException e4) {
            Log.e(TAG, "No provider for the suggested padding scheme.", e4);
            return null;
        }
    }

    private boolean initializeKeyStore() {
        try {
            this.keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            return true;
        } catch (KeyStoreException e) {
            Log.e(TAG, "KeyStore could not be created", e);
            return false;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v5, types: [java.security.KeyStore] */
    /* JADX WARN: Type inference failed for: r5v0, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r5v10 */
    /* JADX WARN: Type inference failed for: r5v11 */
    /* JADX WARN: Type inference failed for: r5v12 */
    /* JADX WARN: Type inference failed for: r5v2, types: [java.io.FileOutputStream] */
    /* JADX WARN: Type inference failed for: r5v5 */
    /* JADX WARN: Type inference failed for: r5v6, types: [java.io.OutputStream, java.io.FileOutputStream] */
    /* JADX WARN: Type inference failed for: r5v7 */
    /* JADX WARN: Type inference failed for: r5v8 */
    /* JADX WARN: Type inference failed for: r5v9 */
    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:39:0x001e -> B:9:0x0055). Please report as a decompilation issue!!! */
    private boolean keyStoreToDisk(String str, String str2) {
        String encodeToDefaultCharset = encodeToDefaultCharset(str2);
        boolean z = false;
        try {
            try {
                try {
                    str = OktaApp.getContext().openFileOutput(str, 0);
                    try {
                        try {
                            try {
                                this.keyStore.store(str, encodeToDefaultCharset.toCharArray());
                                str.close();
                                z = true;
                                str = str;
                            } catch (KeyStoreException e) {
                                Log.e(TAG, "Key store not initialized", e);
                                str.close();
                                str = str;
                            }
                        } catch (CertificateException e2) {
                            Log.e(TAG, "Could not load certificates", e2);
                            str.close();
                            str = str;
                        }
                    } catch (IOException e3) {
                        Log.e(TAG, "Could not read from file stream", e3);
                        str.close();
                        str = str;
                    } catch (NoSuchAlgorithmException e4) {
                        Log.e(TAG, "No Algorithm", e4);
                        str.close();
                        str = str;
                    }
                } catch (FileNotFoundException e5) {
                    Log.e(TAG, "File could not be found", e5);
                    return false;
                }
            } catch (Throwable th) {
                try {
                    str.close();
                } catch (IOException e6) {
                    Log.e(TAG, "FileOutputStream close failed.", e6);
                }
                throw th;
            }
        } catch (IOException e7) {
            Log.e(TAG, "FileOutputStream close failed.", e7);
            str = e7;
        }
        return z;
    }

    private boolean loadKeyStore(String str, String str2) {
        FileInputStream openFileInput;
        String encodeToDefaultCharset = encodeToDefaultCharset(str2);
        if (str != null) {
            try {
                openFileInput = OktaApp.getContext().openFileInput(str);
            } catch (FileNotFoundException e) {
                Log.e(TAG, "File could not be found", e);
                return false;
            }
        } else {
            openFileInput = null;
        }
        try {
            try {
                try {
                    try {
                        this.keyStore.load(openFileInput, encodeToDefaultCharset.toCharArray());
                        if (openFileInput != null) {
                            openFileInput.close();
                        }
                        return true;
                    } catch (IOException e2) {
                        Log.e(TAG, "FileInputStream close failed.", e2);
                        return false;
                    }
                } catch (Throwable th) {
                    if (openFileInput != null) {
                        try {
                            openFileInput.close();
                        } catch (IOException e3) {
                            Log.e(TAG, "FileInputStream close failed.", e3);
                        }
                    }
                    throw th;
                }
            } catch (NoSuchAlgorithmException e4) {
                Log.e(TAG, "No Algorithm", e4);
                if (openFileInput == null) {
                    return false;
                }
                openFileInput.close();
                return false;
            }
        } catch (IOException unused) {
            if (openFileInput == null) {
                return false;
            }
            openFileInput.close();
            return false;
        } catch (CertificateException e5) {
            Log.e(TAG, "Could not load certificates", e5);
            if (openFileInput == null) {
                return false;
            }
            openFileInput.close();
            return false;
        }
    }

    private SecretKey loadSecretKey(String str, String str2, String str3) {
        if (!loadKeyStore(str3, str)) {
            return null;
        }
        String encodeToDefaultCharset = encodeToDefaultCharset(str);
        try {
            return ((KeyStore.SecretKeyEntry) this.keyStore.getEntry(encodeToDefaultCharset(str2), new KeyStore.PasswordProtection(encodeToDefaultCharset.toCharArray()))).getSecretKey();
        } catch (KeyStoreException e) {
            Log.e(TAG, "KeyStore is not initialized", e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            Log.e(TAG, "Required algorithm is unavailable.", e2);
            return null;
        } catch (UnrecoverableEntryException e3) {
            Log.e(TAG, "The entry could not be recovered", e3);
            return null;
        }
    }

    public void clear() {
        this.preferences.removeKey("token");
    }

    public String decryptString(String str, String str2) {
        String decryptStringWithPassword = decryptStringWithPassword(str, getScryptHash(str2));
        if (TextUtils.isEmpty(decryptStringWithPassword)) {
            decryptStringWithPassword = decryptStringWithPassword(str, str2);
            if (!TextUtils.isEmpty(decryptStringWithPassword)) {
                encryptToken(str2, decryptStringWithPassword);
            }
        }
        return decryptStringWithPassword;
    }

    public String decryptToken(String str) {
        return decryptString(this.preferences.getString("token"), str);
    }

    public String encryptString(String str, String str2) {
        return encryptStringWithHash(str, getScryptHash(str2));
    }

    public boolean encryptToken(String str, String str2) {
        String scryptHash = getScryptHash(str);
        initializeKeyStore();
        generateSecretKey(scryptHash, "tokenAlias", "token.keystore");
        String encryptStringWithHash = encryptStringWithHash(str2, scryptHash);
        if (encryptStringWithHash == null) {
            return false;
        }
        this.preferences.set("token", encryptStringWithHash);
        return true;
    }

    public String getEncryptedToken() {
        return this.preferences.getString("token");
    }

    public boolean hasToken() {
        return this.preferences.getString("token") != null;
    }

    public byte[] readKeyStoreFile() {
        return this.ioUtil.readFileToByteArray("token.keystore");
    }

    public void saveEncryptedToken(String str) {
        this.preferences.set("token", str);
    }

    public void saveKeyStoreFile(byte[] bArr) {
        this.ioUtil.writeFileWithByteArray("token.keystore", bArr);
    }
}
