package de.starface.shared.service.passphrase;

import android.app.Application;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import com.teamfon.logging.LoggerFactory;
import com.teamfon.logging.LoggerImplementationKt;
import de.starface.shared.utils.extensions.CommonExtensionsKt;
import de.starface.shared.utils.log.DefaultLogCategory;
import java.io.File;
import java.security.Key;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.io.CloseableKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import okio.BufferedSink;
import okio.BufferedSource;
import okio.Okio;
import okio.Okio__JvmOkioKt;

/* compiled from: PassphraseProvider.kt */
@Metadata(d1 = {"\u0000@\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\b\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u0019\n\u0002\b\u0003\u0018\u0000 \u001a2\u00020\u0001:\u0001\u001aB\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0018\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u0016H\u0002J\u0010\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0013\u001a\u00020\u0014H\u0002J\b\u0010\u0019\u001a\u00020\u0018H\u0016R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n\u0000\u001a\u0004\b\u0005\u0010\u0006R\u000e\u0010\u0007\u001a\u00020\bX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\nX\u0082\u0004¢\u0006\u0002\n\u0000R\u001b\u0010\u000b\u001a\u00020\f8BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\u000f\u0010\u0010\u001a\u0004\b\r\u0010\u000e¨\u0006\u001b"}, d2 = {"Lde/starface/shared/service/passphrase/PassphraseProviderImpl;", "Lde/starface/shared/service/passphrase/PassphraseProvider;", "application", "Landroid/app/Application;", "(Landroid/app/Application;)V", "getApplication", "()Landroid/app/Application;", "blockSize", "", "encryptedFile", "Ljava/io/File;", "log", "Lcom/teamfon/logging/LoggerImplementationKt;", "getLog", "()Lcom/teamfon/logging/LoggerImplementationKt;", "log$delegate", "Lkotlin/Lazy;", "createKey", "", "keyStore", "Ljava/security/KeyStore;", "isStrongBoxEnabled", "", "createPassPhrase", "", "get", "Companion", "shared_release"}, k = 1, mv = {1, 8, 0}, xi = 48)
/* loaded from: classes2.dex */
public final class PassphraseProviderImpl implements PassphraseProvider {
    private static final String BASE36_SYMBOLS = "abcdefghijklmnopqrstuvwxyz0123456789";
    private static final String CIPHER_PROPERTIES = "AES/CBC/PKCS7Padding";
    public static final String DATABASE_NAME = "starfaceDB_2";
    private static final String FILE_NAME = "data_2.bin";
    private static final String KEYSTORE = "AndroidKeyStore";
    private static final String KEY_NAME = "secret";
    private final Application application;
    private final int blockSize;
    private final File encryptedFile;

    /* renamed from: log$delegate, reason: from kotlin metadata */
    private final Lazy log;

    public PassphraseProviderImpl(Application application) {
        int i;
        Intrinsics.checkNotNullParameter(application, "application");
        this.application = application;
        this.log = LazyKt.lazy(new Function0<LoggerImplementationKt>() { // from class: de.starface.shared.service.passphrase.PassphraseProviderImpl$log$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // kotlin.jvm.functions.Function0
            public final LoggerImplementationKt invoke() {
                return LoggerFactory.INSTANCE.getDefaultLogger().getLoggerKt(PassphraseProviderImpl.this.getClass(), DefaultLogCategory.INSTANCE.getCORE());
            }
        });
        this.encryptedFile = new File(application.getFilesDir(), FILE_NAME);
        try {
            i = Cipher.getInstance(CIPHER_PROPERTIES).getBlockSize();
        } catch (Exception e) {
            getLog().error(e, new Function0<String>() { // from class: de.starface.shared.service.passphrase.PassphraseProviderImpl$blockSize$1
                @Override // kotlin.jvm.functions.Function0
                public final String invoke() {
                    return "Could not get AES/CBC/PKCS7Padding cipher";
                }
            });
            i = -1;
        }
        this.blockSize = i;
    }

    private final void createKey(KeyStore keyStore, boolean isStrongBoxEnabled) throws Exception {
        KeyGenParameterSpec.Builder randomizedEncryptionRequired = new KeyGenParameterSpec.Builder(KEY_NAME, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setUserAuthenticationRequired(false).setRandomizedEncryptionRequired(false);
        Intrinsics.checkNotNullExpressionValue(randomizedEncryptionRequired, "Builder(KEY_NAME, keyPro…EncryptionRequired(false)");
        if (Build.VERSION.SDK_INT >= 28) {
            randomizedEncryptionRequired.setIsStrongBoxBacked(isStrongBoxEnabled);
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", KEYSTORE);
        keyGenerator.init(randomizedEncryptionRequired.build());
        try {
            keyStore.setKeyEntry(KEY_NAME, keyGenerator.generateKey(), null, null);
        } catch (Exception e) {
            if (!isStrongBoxEnabled) {
                getLog().error(e, new Function0<String>() { // from class: de.starface.shared.service.passphrase.PassphraseProviderImpl$createKey$2
                    @Override // kotlin.jvm.functions.Function0
                    public final String invoke() {
                        return "CreateKey failed";
                    }
                });
                throw e;
            }
            getLog().error(e, new Function0<String>() { // from class: de.starface.shared.service.passphrase.PassphraseProviderImpl$createKey$1
                @Override // kotlin.jvm.functions.Function0
                public final String invoke() {
                    return "Protection by a StrongBox security chip failed";
                }
            });
            createKey(keyStore, false);
        }
    }

    private final char[] createPassPhrase(KeyStore keyStore) throws Exception {
        getLog().info(new Function0<String>() { // from class: de.starface.shared.service.passphrase.PassphraseProviderImpl$createPassPhrase$1
            @Override // kotlin.jvm.functions.Function0
            public final String invoke() {
                return "createPassPhrase...";
            }
        });
        this.application.deleteDatabase(DATABASE_NAME);
        if (this.encryptedFile.exists()) {
            this.encryptedFile.delete();
        }
        if (keyStore.containsAlias(KEY_NAME)) {
            keyStore.deleteEntry(KEY_NAME);
        }
        final boolean hasSystemFeature = Build.VERSION.SDK_INT >= 28 ? this.application.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore") : false;
        getLog().info(new Function0<String>() { // from class: de.starface.shared.service.passphrase.PassphraseProviderImpl$createPassPhrase$2
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final String invoke() {
                return "createPassPhrase: Device has StrongBox feature = " + hasSystemFeature;
            }
        });
        createKey(keyStore, hasSystemFeature);
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[this.blockSize];
        secureRandom.nextBytes(bArr);
        char[] cArr = new char[128];
        for (int i = 0; i < 128; i++) {
            cArr[i] = BASE36_SYMBOLS.charAt(secureRandom.nextInt(36));
        }
        Key key = keyStore.getKey(KEY_NAME, null);
        SecretKey secretKey = key instanceof SecretKey ? (SecretKey) key : null;
        if (secretKey == null) {
            throw new IllegalStateException("Key is not SecretKey");
        }
        Cipher cipher = Cipher.getInstance(CIPHER_PROPERTIES);
        cipher.init(1, secretKey, new IvParameterSpec(bArr));
        byte[] encrypted = cipher.doFinal(CommonExtensionsKt.toBytes(cArr));
        BufferedSink buffer = Okio.buffer(Okio__JvmOkioKt.sink$default(this.encryptedFile, false, 1, null));
        try {
            BufferedSink bufferedSink = buffer;
            bufferedSink.write(bArr);
            Intrinsics.checkNotNullExpressionValue(encrypted, "encrypted");
            bufferedSink.write(encrypted);
            CloseableKt.closeFinally(buffer, null);
            getLog().info(new Function0<String>() { // from class: de.starface.shared.service.passphrase.PassphraseProviderImpl$createPassPhrase$4
                @Override // kotlin.jvm.functions.Function0
                public final String invoke() {
                    return "new PassPhrase created successfully";
                }
            });
            return cArr;
        } finally {
        }
    }

    private final LoggerImplementationKt getLog() {
        return (LoggerImplementationKt) this.log.getValue();
    }

    @Override // de.starface.shared.service.passphrase.PassphraseProvider
    public char[] get() {
        KeyStore keyStore = KeyStore.getInstance(KEYSTORE);
        keyStore.load(null);
        if (!this.encryptedFile.exists()) {
            Intrinsics.checkNotNullExpressionValue(keyStore, "keyStore");
            return createPassPhrase(keyStore);
        }
        Key key = keyStore.getKey(KEY_NAME, null);
        SecretKey secretKey = key instanceof SecretKey ? (SecretKey) key : null;
        if (secretKey == null) {
            Intrinsics.checkNotNullExpressionValue(keyStore, "keyStore");
            return createPassPhrase(keyStore);
        }
        BufferedSource buffer = Okio.buffer(Okio.source(this.encryptedFile));
        try {
            BufferedSource bufferedSource = buffer;
            Pair pair = new Pair(bufferedSource.readByteArray(this.blockSize), bufferedSource.readByteArray());
            CloseableKt.closeFinally(buffer, null);
            final byte[] bArr = (byte[]) pair.component1();
            final byte[] bArr2 = (byte[]) pair.component2();
            getLog().info(new Function0<String>() { // from class: de.starface.shared.service.passphrase.PassphraseProviderImpl$get$2
                /* JADX INFO: Access modifiers changed from: package-private */
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(0);
                }

                @Override // kotlin.jvm.functions.Function0
                public final String invoke() {
                    return "encrypted PassPhrase found: initialVector.size = " + bArr.length + ", encrypted.size = " + bArr2.length;
                }
            });
            try {
                Cipher cipher = Cipher.getInstance(CIPHER_PROPERTIES);
                cipher.init(2, secretKey, new IvParameterSpec(bArr));
                byte[] decrypted = cipher.doFinal(bArr2);
                getLog().info(new Function0<String>() { // from class: de.starface.shared.service.passphrase.PassphraseProviderImpl$get$3
                    @Override // kotlin.jvm.functions.Function0
                    public final String invoke() {
                        return "PassPhrase decrypted successfully";
                    }
                });
                Intrinsics.checkNotNullExpressionValue(decrypted, "decrypted");
                return CommonExtensionsKt.toChars(decrypted);
            } catch (Exception e) {
                getLog().error(e, new Function0<String>() { // from class: de.starface.shared.service.passphrase.PassphraseProviderImpl$get$4
                    @Override // kotlin.jvm.functions.Function0
                    public final String invoke() {
                        return "Could not decrypt passphrase";
                    }
                });
                Intrinsics.checkNotNullExpressionValue(keyStore, "keyStore");
                return createPassPhrase(keyStore);
            }
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                CloseableKt.closeFinally(buffer, th);
                throw th2;
            }
        }
    }

    public final Application getApplication() {
        return this.application;
    }
}
