package com.tenta.android.repo;

import android.content.Context;
import android.content.SharedPreferences;
import android.util.Base64;
import androidx.preference.PreferenceManager;
import com.tenta.android.repo.IMetaFsHelper;
import com.tenta.android.utils.TentaUtils;
import gotentacrypto.Gotentacrypto;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public final class AuthenticationUtils {
    private static final String PREFIX = "Tenta.Authentication";
    private static final String TENTA_AUTHENTICATION_DATABASE_USAGE_SUFFIX = "Tenta.Authentication.database_usage_suffix";
    private static final String TENTA_AUTHENTICATION_HASH_ALGORITHM = "SHA-512";
    private static final int TENTA_AUTHENTICATION_HASH_BITS = 512;
    private static final String TENTA_AUTHENTICATION_HMAC_ALGORITHM = "HmacSHA256";
    private static final int TENTA_AUTHENTICATION_KEY_LENGTH = 512;
    private static final int TENTA_AUTHENTICATION_KEY_LENGTH_BYTES = 64;
    private static final String TENTA_AUTHENTICATION_MASTER_CHALLENGE = "Tenta.Authentication.master_challenge";
    private static final String TENTA_AUTHENTICATION_MASTER_CHALLENGE_ENCODED = "Tenta.Authentication.master_challenge_encoded";
    private static final int TENTA_AUTHENTICATION_MASTER_CHALLENGE_SIZE = 64;
    private static final String TENTA_AUTHENTICATION_METAFS_USAGE_SUFFIX = "Tenta.Authentication.metafs_usage_suffix.";
    private static final String TENTA_AUTHENTICATION_PBKDF_ALGORITHM = "PBKDF2withHmacSHA1";
    private static final int TENTA_AUTHENTICATION_PBKDF_ITERATION = 1024;
    private static final String TENTA_AUTHENTICATION_PBKDF_SALT = "Tenta.Authentication.pbkdf_salt";
    private static final int TENTA_AUTHENTICATION_PBKDF_SALT_SIZE = 64;
    public static final String TENTA_AUTHENTICATION_PIN_VERSION = "Tenta.Authentication.pin_version";
    private static final int TENTA_AUTHENTICATION_PIN_VERSION_DEFAULT = 0;
    private static final int TENTA_AUTHENTICATION_PIN_VERSION_FIRST_CHALLENGE = 1;
    private static final int TENTA_AUTHENTICATION_PIN_VERSION_SECOND_CHALLENGE = 2;
    private static final String TENTA_AUTHENTICATION_PKI_ALGORITHM = "RSA";
    private static final String TENTA_AUTHENTICATION_PKI_ENCRYPTION_SCHEME = "RSA/ECB/PKCS1Padding";
    private static final String TENTA_AUTHENTICATION_PRNG_ALGORITHM = "NativePRNGNonBlocking";
    private static final String TENTA_AUTHENTICATION_UNLOCK_USAGE_SUFFIX = "Tenta.Authentication.unlock_usage_suffix";
    private static final int TENTA_AUTHENTICATION_USAGE_SUFFIX = 64;
    private static IMetaFsHelper.All metaFsHelpers;
    private static final ArrayList<Repository> repositories = new ArrayList<>();

    /* loaded from: classes2.dex */
    public static class ByteBlob {
        private byte[] mBytes;

        public ByteBlob(int i) {
            this.mBytes = new byte[i];
        }

        private ByteBlob(String str) {
            byte[] decode = Base64.decode(str, 2);
            int length = decode.length;
            byte[] bArr = new byte[length];
            this.mBytes = bArr;
            System.arraycopy(decode, 0, bArr, 0, length);
        }

        private ByteBlob(byte[] bArr) {
            int length = bArr == null ? 0 : bArr.length;
            byte[] bArr2 = new byte[length];
            this.mBytes = bArr2;
            if (bArr != null) {
                System.arraycopy(bArr, 0, bArr2, 0, length);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public byte[] byteForm() {
            return this.mBytes;
        }

        public char[] charForm() {
            return stringForm().toCharArray();
        }

        public String stringForm() {
            return Base64.encodeToString(this.mBytes, 2);
        }
    }

    @Deprecated
    /* loaded from: classes2.dex */
    private static class VPNAuthenticationToken {
        private final int tokenId;
        private final String tokenString;

        public VPNAuthenticationToken(String str, int i) {
            this.tokenId = i;
            this.tokenString = str;
        }
    }

    public static void backOffPinChange(Context context) {
        SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
        SharedPreferences.Editor edit = defaultSharedPreferences.edit();
        String string = defaultSharedPreferences.getString(PinUtils.KEY_PIN_CHANGING, null);
        defaultSharedPreferences.getString(PinUtils.KEY_PIN, null);
        if (!defaultSharedPreferences.getBoolean(PinUtils.KEY_DEFAULTPIN, false) && string != null) {
            edit.putString(PinUtils.KEY_PIN, string).putInt(TENTA_AUTHENTICATION_PIN_VERSION, 2);
        } else if (string == null) {
            onEnrollUpgrade(context, getDefaultPinBytes());
            edit.remove(PinUtils.KEY_AUTH_BLOCKED).putBoolean(PinUtils.KEY_DEFAULTPIN, true);
        } else {
            edit.putString(PinUtils.KEY_PIN, string).putInt(TENTA_AUTHENTICATION_PIN_VERSION, 2);
        }
        edit.remove(PinUtils.KEY_PIN_CHANGING).putLong(PinUtils.KEY_CHECKED_TIMESTAMP, System.currentTimeMillis()).apply();
    }

    public static boolean calculateAndVerifyNewChallengeEncoded(Context context, byte[] bArr) {
        return compareByteArraysInternal(calculateHash(TentaUtils.concatByteArrays(calculatePBKDF(context, bArr), getChallenge(context).byteForm())), getChallengeEncoded(context).byteForm());
    }

    private static byte[] calculateHMAC(byte[] bArr, byte[] bArr2) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, TENTA_AUTHENTICATION_HMAC_ALGORITHM);
            Mac mac = Mac.getInstance(secretKeySpec.getAlgorithm());
            mac.init(secretKeySpec);
            return mac.doFinal(bArr);
        } catch (Exception unused) {
            return null;
        }
    }

    private static byte[] calculateHash(byte[] bArr) {
        if (bArr != null) {
            return Gotentacrypto.calculateHash(bArr, 512L);
        }
        return null;
    }

    private static ByteBlob calculateMasterKey(Context context, byte[] bArr) {
        return new ByteBlob(calculatePBKDF(context, bArr));
    }

    private static byte[] calculatePBKDF(Context context, byte[] bArr) {
        for (int i = 0; i < bArr.length; i++) {
            bArr[i] = (byte) (bArr[i] | 240);
        }
        return Gotentacrypto.calculatePBKDF(bArr, getSalt(context).byteForm(), 1024L, 64L);
    }

    @Deprecated
    private static byte[] calculatePBKDFOld(Context context, byte[] bArr) {
        char[] cArr = new char[bArr.length];
        for (int i = 0; i < bArr.length; i++) {
            cArr[i] = (char) (bArr[i] + 48);
        }
        try {
            SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(TENTA_AUTHENTICATION_PBKDF_ALGORITHM);
            PBEKeySpec pBEKeySpec = new PBEKeySpec(cArr, getSalt(context).byteForm(), 1024, 512);
            SecretKey generateSecret = secretKeyFactory.generateSecret(pBEKeySpec);
            pBEKeySpec.clearPassword();
            return generateSecret.getEncoded();
        } catch (Exception unused) {
            return null;
        }
    }

    private static boolean compareByteArraysInternal(byte[] bArr, byte[] bArr2) {
        if (bArr == null || bArr2 == null || bArr.length != bArr2.length) {
            return false;
        }
        for (int i = 0; i < bArr.length; i++) {
            if (bArr[i] != bArr2[i]) {
                return false;
            }
        }
        return true;
    }

    private static ByteBlob deriveKey(ByteBlob byteBlob, ByteBlob byteBlob2) {
        return new ByteBlob(calculateHash(TentaUtils.concatByteArrays(byteBlob.byteForm(), byteBlob2.byteForm())));
    }

    private static byte[] encryptWithPublicKey(byte[] bArr, byte[] bArr2) {
        try {
            PublicKey generatePublic = KeyFactory.getInstance(TENTA_AUTHENTICATION_PKI_ALGORITHM).generatePublic(new X509EncodedKeySpec(bArr));
            Cipher cipher = Cipher.getInstance(TENTA_AUTHENTICATION_PKI_ENCRYPTION_SCHEME);
            cipher.init(1, generatePublic);
            return cipher.doFinal(bArr2);
        } catch (Exception unused) {
            return null;
        }
    }

    public static void ensurePIN(Context context) {
        try {
            if (PreferenceManager.getDefaultSharedPreferences(context).contains(PinUtils.KEY_PIN)) {
                return;
            }
            backOffPinChange(context);
        } catch (Throwable unused) {
        }
    }

    private static ByteBlob getChallenge(Context context) {
        SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
        if (defaultSharedPreferences.contains(TENTA_AUTHENTICATION_MASTER_CHALLENGE)) {
            return new ByteBlob(defaultSharedPreferences.getString(TENTA_AUTHENTICATION_MASTER_CHALLENGE, null));
        }
        ByteBlob randomBytes = getRandomBytes(64);
        if (randomBytes != null) {
            defaultSharedPreferences.edit().putString(TENTA_AUTHENTICATION_MASTER_CHALLENGE, randomBytes.stringForm()).commit();
        }
        return randomBytes;
    }

    private static ByteBlob getChallengeEncoded(Context context) {
        SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
        if (defaultSharedPreferences.contains(TENTA_AUTHENTICATION_MASTER_CHALLENGE_ENCODED)) {
            return new ByteBlob(defaultSharedPreferences.getString(TENTA_AUTHENTICATION_MASTER_CHALLENGE_ENCODED, null));
        }
        ByteBlob byteBlob = new ByteBlob(calculateHash(TentaUtils.concatByteArrays(getMasterKey(context).byteForm(), getChallenge(context).byteForm())));
        defaultSharedPreferences.edit().putString(TENTA_AUTHENTICATION_MASTER_CHALLENGE, byteBlob.stringForm()).commit();
        return byteBlob;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ByteBlob getDBKey(Context context) {
        return deriveKey(getMasterKey(context), getDBUsageKey(context));
    }

    private static ByteBlob getDBUsageKey(Context context) {
        SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
        if (defaultSharedPreferences.contains(TENTA_AUTHENTICATION_DATABASE_USAGE_SUFFIX)) {
            return new ByteBlob(defaultSharedPreferences.getString(TENTA_AUTHENTICATION_DATABASE_USAGE_SUFFIX, null));
        }
        ByteBlob randomBytes = getRandomBytes(64);
        if (randomBytes != null) {
            defaultSharedPreferences.edit().putString(TENTA_AUTHENTICATION_DATABASE_USAGE_SUFFIX, randomBytes.stringForm()).commit();
        }
        return randomBytes;
    }

    public static byte[] getDefaultPinBytes() {
        CharBuffer wrap = CharBuffer.wrap("T198199".toCharArray());
        ByteBuffer encode = StandardCharsets.UTF_8.encode(wrap);
        byte[] copyOfRange = Arrays.copyOfRange(encode.array(), encode.position(), encode.limit());
        Arrays.fill(wrap.array(), (char) 0);
        Arrays.fill(encode.array(), (byte) 0);
        return copyOfRange;
    }

    public static ByteBlob getMasterKey(Context context) {
        return new ByteBlob(PreferenceManager.getDefaultSharedPreferences(context).getString(PinUtils.KEY_PIN, null));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ByteBlob getMetaFSKey(Context context, String str) {
        return deriveKey(getMasterKey(context), getMetaFSUsageKey(context, str));
    }

    private static ByteBlob getMetaFSUsageKey(Context context, String str) {
        SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
        String str2 = TENTA_AUTHENTICATION_METAFS_USAGE_SUFFIX + str;
        if (defaultSharedPreferences.contains(str2)) {
            return new ByteBlob(defaultSharedPreferences.getString(str2, null));
        }
        ByteBlob randomBytes = getRandomBytes(64);
        if (randomBytes != null) {
            defaultSharedPreferences.edit().putString(str2, randomBytes.stringForm()).commit();
        }
        return randomBytes;
    }

    @Deprecated
    private static int getPinVersion(Context context) {
        return PreferenceManager.getDefaultSharedPreferences(context).getInt(TENTA_AUTHENTICATION_PIN_VERSION, 0);
    }

    private static ByteBlob getRandomBytes(int i) {
        byte[] randomBytes = Gotentacrypto.getRandomBytes(i);
        if (randomBytes == null) {
            return null;
        }
        return new ByteBlob(randomBytes);
    }

    private static ByteBlob getSalt(Context context) {
        SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
        if (defaultSharedPreferences.contains(TENTA_AUTHENTICATION_PBKDF_SALT)) {
            return new ByteBlob(defaultSharedPreferences.getString(TENTA_AUTHENTICATION_PBKDF_SALT, null));
        }
        ByteBlob randomBytes = getRandomBytes(64);
        if (randomBytes != null) {
            defaultSharedPreferences.edit().putString(TENTA_AUTHENTICATION_PBKDF_SALT, randomBytes.stringForm()).commit();
        }
        return randomBytes;
    }

    @Deprecated
    private static ByteBlob getUnlockKey(Context context) {
        return deriveKey(getMasterKey(context), getUnlockUsageKey(context));
    }

    private static ByteBlob getUnlockUsageKey(Context context) {
        SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
        if (defaultSharedPreferences.contains(TENTA_AUTHENTICATION_UNLOCK_USAGE_SUFFIX)) {
            return new ByteBlob(defaultSharedPreferences.getString(TENTA_AUTHENTICATION_UNLOCK_USAGE_SUFFIX, null));
        }
        ByteBlob randomBytes = getRandomBytes(64);
        if (randomBytes != null) {
            defaultSharedPreferences.edit().putString(TENTA_AUTHENTICATION_UNLOCK_USAGE_SUFFIX, randomBytes.stringForm()).commit();
        }
        return randomBytes;
    }

    @Deprecated
    private static boolean needsPinUpgrade(Context context) {
        SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
        return defaultSharedPreferences.getInt(TENTA_AUTHENTICATION_PIN_VERSION, 0) < 2 && defaultSharedPreferences.contains(PinUtils.KEY_PIN) && PinUtils.noPinChangeUnderway(context);
    }

    public static void onEnrollUpgrade(Context context, byte[] bArr) {
        SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
        int i = defaultSharedPreferences.getInt(TENTA_AUTHENTICATION_PIN_VERSION, 0);
        if (i == 0) {
            ByteBlob byteBlob = new ByteBlob(calculatePBKDF(context, bArr));
            ByteBlob deriveKey = deriveKey(byteBlob, getDBUsageKey(context));
            defaultSharedPreferences.edit().putString(PinUtils.KEY_PIN, byteBlob.stringForm()).remove(PinUtils.KEY_DEFAULTPIN).commit();
            if (PinUtils.noPinChangeUnderway(context)) {
                rekeyRepositories(getDBKey(context).charForm(), deriveKey.charForm());
            } else {
                ByteBlob byteBlob2 = new ByteBlob(defaultSharedPreferences.getString(PinUtils.KEY_PIN_CHANGING, null));
                rekeyRepositories(deriveKey(byteBlob2, getDBUsageKey(context)).charForm(), deriveKey.charForm());
                rekeyMetaFs(context, defaultSharedPreferences, byteBlob, byteBlob2);
                defaultSharedPreferences.edit().remove(TENTA_AUTHENTICATION_MASTER_CHALLENGE_ENCODED).apply();
            }
        } else if (i == 1 || i == 2) {
            ByteBlob masterKey = getMasterKey(context);
            ByteBlob byteBlob3 = new ByteBlob(calculatePBKDF(context, bArr));
            ByteBlob deriveKey2 = deriveKey(byteBlob3, getDBUsageKey(context));
            defaultSharedPreferences.edit().putString(PinUtils.KEY_PIN, byteBlob3.stringForm()).remove(PinUtils.KEY_DEFAULTPIN).apply();
            if (PinUtils.noPinChangeUnderway(context)) {
                rekeyRepositories(getDBKey(context).charForm(), deriveKey2.charForm());
                rekeyMetaFs(context, defaultSharedPreferences, byteBlob3, masterKey);
            } else {
                ByteBlob byteBlob4 = new ByteBlob(defaultSharedPreferences.getString(PinUtils.KEY_PIN_CHANGING, null));
                rekeyRepositories(deriveKey(byteBlob4, getDBUsageKey(context)).charForm(), deriveKey2.charForm());
                rekeyMetaFs(context, defaultSharedPreferences, byteBlob3, byteBlob4);
                defaultSharedPreferences.edit().remove(TENTA_AUTHENTICATION_MASTER_CHALLENGE_ENCODED).apply();
            }
        }
        defaultSharedPreferences.edit().putInt(TENTA_AUTHENTICATION_PIN_VERSION, 2).commit();
        reloadRepositories();
    }

    @Deprecated
    private static boolean onEntryUpgrade(Context context, Object... objArr) {
        SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
        int i = defaultSharedPreferences.getInt(TENTA_AUTHENTICATION_PIN_VERSION, 0);
        if (i == 0) {
            ByteBlob byteBlob = new ByteBlob(calculatePBKDF(context, (byte[]) objArr[0]));
            rekeyRepositories(getDBKey(context).charForm(), new ByteBlob(calculateHash(TentaUtils.concatByteArrays(byteBlob.byteForm(), getDBUsageKey(context).byteForm()))).charForm());
            context.getSharedPreferences("tenta-enc", 0).edit().remove("encryption.pin").commit();
            defaultSharedPreferences.edit().putString(PinUtils.KEY_PIN, byteBlob.stringForm()).remove(PinUtils.KEY_DEFAULTPIN).commit();
        } else if (i == 1) {
            ByteBlob byteBlob2 = new ByteBlob(calculatePBKDF(context, (byte[]) objArr[0]));
            rekeyRepositories(getDBKey(context).charForm(), new ByteBlob(calculateHash(TentaUtils.concatByteArrays(byteBlob2.byteForm(), getDBUsageKey(context).byteForm()))).charForm());
            context.getSharedPreferences("tenta-enc", 0).edit().remove("encryption.pin").commit();
            defaultSharedPreferences.edit().putString(PinUtils.KEY_PIN, byteBlob2.stringForm()).commit();
        }
        defaultSharedPreferences.edit().putInt(TENTA_AUTHENTICATION_PIN_VERSION, 2).commit();
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void registerRepository(List<Repository> list) {
        repositories.addAll(list);
    }

    private static void rekeyMetaFs(Context context, SharedPreferences sharedPreferences, ByteBlob byteBlob, ByteBlob byteBlob2) {
        Iterator<IMetaFsHelper> it = metaFsHelpers.getAll().iterator();
        while (it.hasNext()) {
            IMetaFsHelper next = it.next();
            ByteBlob metaFSUsageKey = getMetaFSUsageKey(context, next.getDbName());
            next.reKey(deriveKey(byteBlob2, metaFSUsageKey).stringForm(), deriveKey(byteBlob, metaFSUsageKey).stringForm());
        }
    }

    private static void rekeyRepositories(char[] cArr, char[] cArr2) {
        synchronized (repositories) {
            Iterator<Repository> it = repositories.iterator();
            while (it.hasNext()) {
                it.next().changeEncryptionKey(cArr, cArr2);
            }
        }
    }

    private static void reloadRepositories() {
        synchronized (repositories) {
            Iterator<Repository> it = repositories.iterator();
            while (it.hasNext()) {
                it.next().reload();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void resetRepositories() {
        synchronized (repositories) {
            Iterator<Repository> it = repositories.iterator();
            while (it.hasNext()) {
                it.next().reset();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setMetaFsHelpers(IMetaFsHelper.All all) {
        metaFsHelpers = all;
    }
}
