package cz.eman.core.api.plugin.keystore.authenticated;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.SharedPreferences;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import cz.eman.core.api.oneconnect.Constants;
import cz.eman.core.api.oneconnect.log.L;
import cz.eman.core.api.plugin.keystore.Keystore;
import cz.eman.core.api.plugin.keystore.authenticated.UserAuthenticationPrompt;
import cz.eman.core.api.plugin.keystore.authenticated.prompt.ActivityPromptOperator;
import cz.eman.core.api.utils.CryptoUtils;
import java.security.NoSuchAlgorithmException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public final class UserAuthenticatedKeystore {
    private static final String FORMAT_SP_IV_KEY = "%s_iv";
    private static final String FORMAT_SP_PASSWORD_IV_KEY = "%s_password_iv";
    private static final String FORMAT_SP_PASSWORD_KEY = "%s_password";
    private static final String SP_FILE_NAME = "cz.eman.core.api.plugin.keystore.AuthKeystore";
    private static final String USER_AUTHENTICATED_KEYSTORE_MASTER_KEY = "cz.eman.core.api.plugin.keystore.AuthKeystore.MASTER_KEY";

    @SuppressLint({"StaticFieldLeak"})
    private static UserAuthenticatedKeystore sInstance;
    private final Context mContext;
    private final Keystore mKeystore;
    private final SharedPreferences mPreferences;
    private final UserAuthenticationPrompt mUserPrompt;

    private UserAuthenticatedKeystore(Context context, UserAuthenticationPrompt userAuthenticationPrompt) {
        this.mContext = context.getApplicationContext();
        this.mKeystore = Keystore.getInstance(this.mContext);
        this.mPreferences = Constants.getPreferences(this.mContext);
        this.mUserPrompt = userAuthenticationPrompt;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String formatSpKey(String str, String str2) {
        return String.format(str2, CryptoUtils.getHash(str));
    }

    @Nullable
    public static UserAuthenticatedKeystore getInstance(@NonNull Context context) {
        if (sInstance == null) {
            sInstance = new UserAuthenticatedKeystore(context.getApplicationContext(), ActivityPromptOperator.getInstance(context));
        }
        return sInstance;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nullable
    public SecretKey getMasterKey() {
        return this.mKeystore.hasKey(USER_AUTHENTICATED_KEYSTORE_MASTER_KEY) ? this.mKeystore.getKey(USER_AUTHENTICATED_KEYSTORE_MASTER_KEY) : this.mKeystore.generateKey(USER_AUTHENTICATED_KEYSTORE_MASTER_KEY, false);
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nullable
    public SecretKey getUserAuthenticatedKey(String str, String str2) {
        SecretKey secretKey;
        if (hasKey(str)) {
            String string = this.mPreferences.getString(str, null);
            String string2 = this.mPreferences.getString(formatSpKey(str, FORMAT_SP_IV_KEY), null);
            try {
                secretKey = CryptoUtils.deriveAesKey(str2);
            } catch (NoSuchAlgorithmException unused) {
                secretKey = null;
            }
            if (string != null && string2 != null && secretKey != null) {
                try {
                    return new SecretKeySpec(CryptoUtils.aesDecrypt(Base64.decode(string, 0), secretKey, Base64.decode(string2, 0)), CryptoUtils.ALGORITHM_AES);
                } catch (Exception e) {
                    L.e(e, getClass(), "Could not decrypt key with entered password. Key alias %s", str);
                }
            }
        }
        return null;
    }

    @Nullable
    private String getUserPassHash(String str) {
        if (hasKey(str)) {
            String string = this.mPreferences.getString(formatSpKey(str, FORMAT_SP_PASSWORD_KEY), null);
            String string2 = this.mPreferences.getString(formatSpKey(str, FORMAT_SP_PASSWORD_IV_KEY), null);
            SecretKey masterKey = getMasterKey();
            if (string != null && string2 != null && masterKey != null) {
                try {
                    return new String(CryptoUtils.aesDecrypt(Base64.decode(string, 0), masterKey, Base64.decode(string2, 0)));
                } catch (Exception e) {
                    L.e(e, getClass(), "Could not decrypt password hash for alias %s", str);
                }
            }
        }
        return null;
    }

    public boolean deleteKey(@Nullable String str) {
        if (hasKey(str)) {
            return this.mPreferences.edit().remove(str).remove(formatSpKey(str, FORMAT_SP_IV_KEY)).remove(formatSpKey(str, FORMAT_SP_PASSWORD_KEY)).remove(formatSpKey(str, FORMAT_SP_PASSWORD_IV_KEY)).commit();
        }
        return true;
    }

    public void generateKey(@Nullable final String str, @Nullable final UserAuthenticatedKeyCallback userAuthenticatedKeyCallback) {
        this.mUserPrompt.createUserAuthentication(new UserAuthenticationPrompt.PasswordCallback() { // from class: cz.eman.core.api.plugin.keystore.authenticated.UserAuthenticatedKeystore.1
            @Override // cz.eman.core.api.plugin.keystore.authenticated.UserAuthenticationPrompt.PasswordCallback
            public UserAuthenticationPrompt.PasswordCallback.State onPassword(String str2) {
                if (str2 == null) {
                    userAuthenticatedKeyCallback.onKey(null);
                    return UserAuthenticationPrompt.PasswordCallback.State.ERROR;
                }
                try {
                    byte[][] aesEncrypt = CryptoUtils.aesEncrypt(CryptoUtils.getHash(str2).getBytes(), UserAuthenticatedKeystore.this.getMasterKey());
                    SecretKey generateAesKey = CryptoUtils.generateAesKey();
                    byte[][] aesEncrypt2 = CryptoUtils.aesEncrypt(generateAesKey.getEncoded(), CryptoUtils.deriveAesKey(str2));
                    UserAuthenticatedKeystore.this.deleteKey(str);
                    if (UserAuthenticatedKeystore.this.mPreferences.edit().putString(str, Base64.encodeToString(aesEncrypt2[0], 0)).putString(UserAuthenticatedKeystore.this.formatSpKey(str, UserAuthenticatedKeystore.FORMAT_SP_IV_KEY), Base64.encodeToString(aesEncrypt2[1], 0)).putString(UserAuthenticatedKeystore.this.formatSpKey(str, UserAuthenticatedKeystore.FORMAT_SP_PASSWORD_KEY), Base64.encodeToString(aesEncrypt[0], 0)).putString(UserAuthenticatedKeystore.this.formatSpKey(str, UserAuthenticatedKeystore.FORMAT_SP_PASSWORD_IV_KEY), Base64.encodeToString(aesEncrypt[1], 0)).commit()) {
                        userAuthenticatedKeyCallback.onKey(generateAesKey);
                        return UserAuthenticationPrompt.PasswordCallback.State.OK;
                    }
                    L.e(getClass(), "Could not save preferences for alias %s", str);
                    userAuthenticatedKeyCallback.onError();
                    return UserAuthenticationPrompt.PasswordCallback.State.ERROR;
                } catch (Exception e) {
                    L.e(e, getClass(), "Could not generate key for alias %s", str);
                    userAuthenticatedKeyCallback.onError();
                    return UserAuthenticationPrompt.PasswordCallback.State.ERROR;
                }
            }
        });
    }

    public boolean getKey(@Nullable final String str, @Nullable final UserAuthenticatedKeyCallback userAuthenticatedKeyCallback) {
        final String userPassHash;
        if (!hasKey(str) || (userPassHash = getUserPassHash(str)) == null) {
            return false;
        }
        this.mUserPrompt.authenticateUser(new UserAuthenticationPrompt.PasswordCallback() { // from class: cz.eman.core.api.plugin.keystore.authenticated.UserAuthenticatedKeystore.2
            int mAttempts = 3;

            @Override // cz.eman.core.api.plugin.keystore.authenticated.UserAuthenticationPrompt.PasswordCallback
            public UserAuthenticationPrompt.PasswordCallback.State onPassword(@Nullable String str2) {
                int i;
                SecretKey userAuthenticatedKey;
                if (str2 == null || (i = this.mAttempts) <= 0) {
                    this.mAttempts = 0;
                    userAuthenticatedKeyCallback.onKey(null);
                    return UserAuthenticationPrompt.PasswordCallback.State.ERROR;
                }
                this.mAttempts = i - 1;
                if (CryptoUtils.getHash(str2).equals(userPassHash) && (userAuthenticatedKey = UserAuthenticatedKeystore.this.getUserAuthenticatedKey(str, str2)) != null) {
                    userAuthenticatedKeyCallback.onKey(userAuthenticatedKey);
                    return UserAuthenticationPrompt.PasswordCallback.State.OK;
                }
                return UserAuthenticationPrompt.PasswordCallback.State.NOK;
            }
        });
        return true;
    }

    public boolean hasKey(@Nullable String str) {
        return this.mPreferences.contains(str) && this.mPreferences.contains(formatSpKey(str, FORMAT_SP_IV_KEY)) && this.mPreferences.contains(formatSpKey(str, FORMAT_SP_PASSWORD_KEY)) && this.mPreferences.contains(formatSpKey(str, FORMAT_SP_PASSWORD_IV_KEY)) && this.mKeystore.hasKey(USER_AUTHENTICATED_KEYSTORE_MASTER_KEY);
    }
}
