package io.lantern.secrets;

import android.content.SharedPreferences;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.nio.charset.Charset;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import kotlin.Unit;
import kotlin.collections.ArraysKt___ArraysJvmKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;

/* loaded from: classes2.dex */
public final class Secrets {
    public static final Companion Companion = new Companion(null);
    private static final String androidKeyStoreName = "AndroidKeyStore";
    public static final int base64EncodingStyle = 3;
    private static final String cipherName = "AES/GCM/NoPadding";
    private final KeyStore keyStore;
    private final SharedPreferences legacyPrefs;
    private final String masterKeyAlias;
    private final SharedPreferences prefs;

    /* loaded from: classes2.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final SecureRandom getSecureRandom() {
            return new SecureRandom();
        }

        public final byte[] fromBase64(String str) {
            Intrinsics.checkNotNullParameter(str, "str");
            byte[] decode = Base64.decode(str, 3);
            Intrinsics.checkNotNullExpressionValue(decode, "Base64.decode(str, base64EncodingStyle)");
            return decode;
        }

        public final byte[] generate(int i2) {
            byte[] bArr = new byte[i2];
            getSecureRandom().nextBytes(bArr);
            return bArr;
        }

        public final String toBase64(byte[] bytes) {
            Intrinsics.checkNotNullParameter(bytes, "bytes");
            String encodeToString = Base64.encodeToString(bytes, 3);
            Intrinsics.checkNotNullExpressionValue(encodeToString, "Base64.encodeToString(bytes, base64EncodingStyle)");
            return encodeToString;
        }
    }

    public Secrets(String masterKeyAlias, SharedPreferences prefs, SharedPreferences sharedPreferences) {
        Intrinsics.checkNotNullParameter(masterKeyAlias, "masterKeyAlias");
        Intrinsics.checkNotNullParameter(prefs, "prefs");
        this.masterKeyAlias = masterKeyAlias;
        this.prefs = prefs;
        this.legacyPrefs = sharedPreferences;
        KeyStore keyStore = KeyStore.getInstance(androidKeyStoreName);
        keyStore.load(null);
        Unit unit = Unit.INSTANCE;
        this.keyStore = keyStore;
    }

    public /* synthetic */ Secrets(String str, SharedPreferences sharedPreferences, SharedPreferences sharedPreferences2, int i2, DefaultConstructorMarker defaultConstructorMarker) {
        this(str, sharedPreferences, (i2 & 4) != 0 ? null : sharedPreferences2);
    }

    private final synchronized SecretKey getMasterKey() {
        SecretKey secretKey;
        secretKey = (SecretKey) this.keyStore.getKey(this.masterKeyAlias, new char[0]);
        if (secretKey == null) {
            secretKey = genMasterKey();
        }
        return secretKey;
    }

    public final byte[] doSeal(byte[] plainText) {
        byte[] plus;
        Intrinsics.checkNotNullParameter(plainText, "plainText");
        Cipher cipher = Cipher.getInstance(cipherName);
        cipher.init(1, getMasterKey(), Companion.getSecureRandom());
        byte[] cipherText = cipher.doFinal(plainText);
        Intrinsics.checkNotNullExpressionValue(cipher, "cipher");
        byte[] iv = cipher.getIV();
        Intrinsics.checkNotNullExpressionValue(iv, "cipher.iv");
        Intrinsics.checkNotNullExpressionValue(cipherText, "cipherText");
        plus = ArraysKt___ArraysJvmKt.plus(iv, cipherText);
        return plus;
    }

    public final byte[] doUnseal(byte[] sealed) {
        byte[] copyOfRange;
        Intrinsics.checkNotNullParameter(sealed, "sealed");
        byte[] copyOf = Arrays.copyOf(sealed, 12);
        Intrinsics.checkNotNullExpressionValue(copyOf, "java.util.Arrays.copyOf(this, newSize)");
        copyOfRange = ArraysKt___ArraysJvmKt.copyOfRange(sealed, 12, sealed.length);
        Cipher cipher = Cipher.getInstance(cipherName);
        cipher.init(2, getMasterKey(), new GCMParameterSpec(128, copyOf));
        byte[] doFinal = cipher.doFinal(copyOfRange);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(cipherText)");
        return doFinal;
    }

    public final SecretKey genMasterKey() {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", androidKeyStoreName);
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(this.masterKeyAlias, 3).setKeySize(256).setBlockModes("GCM").setEncryptionPaddings("NoPadding").build();
        Intrinsics.checkNotNullExpressionValue(build, "KeyGenParameterSpec.Buil…\n                .build()");
        keyGenerator.init(build);
        SecretKey generateKey = keyGenerator.generateKey();
        Intrinsics.checkNotNullExpressionValue(generateKey, "keyGen.generateKey()");
        return generateKey;
    }

    public final synchronized byte[] get(String key) {
        SharedPreferences.Editor edit;
        SharedPreferences.Editor putString;
        String str;
        String it;
        try {
            Intrinsics.checkNotNullParameter(key, "key");
            String str2 = key + "_unencrypted";
            byte[] bArr = null;
            String string = this.prefs.getString(str2, null);
            if (string == null) {
                SharedPreferences sharedPreferences = this.legacyPrefs;
                string = sharedPreferences != null ? sharedPreferences.getString(str2, null) : null;
                if (string != null) {
                    SharedPreferences sharedPreferences2 = this.legacyPrefs;
                    if (sharedPreferences2 != null && (edit = sharedPreferences2.edit()) != null && (putString = edit.putString(str2, null)) != null) {
                        putString.commit();
                    }
                    this.prefs.edit().putString(str2, null).commit();
                }
            }
            byte[] fromBase64 = string != null ? Companion.fromBase64(string) : null;
            if (!isEncrypted$lib_release()) {
                return fromBase64;
            }
            if (fromBase64 != null) {
                put(key, fromBase64);
                this.prefs.edit().putString(str2, null).commit();
                return fromBase64;
            }
            String it2 = this.prefs.getString(key, null);
            if (it2 != null) {
                Intrinsics.checkNotNullExpressionValue(it2, "it");
                byte[] unseal$lib_release = unseal$lib_release(it2);
                if (unseal$lib_release != null) {
                    bArr = unseal$lib_release;
                    return bArr;
                }
            }
            SharedPreferences sharedPreferences3 = this.legacyPrefs;
            if (sharedPreferences3 == null || (it = sharedPreferences3.getString(key, null)) == null) {
                str = null;
            } else {
                Intrinsics.checkNotNullExpressionValue(it, "it");
                str = legacyUnseal$lib_release(it);
            }
            if (str != null) {
                throw new InsecureSecretException(this, key, str);
            }
            return bArr;
        } finally {
        }
    }

    public final synchronized byte[] get(String key, int i2) {
        Intrinsics.checkNotNullParameter(key, "key");
        byte[] bArr = get(key);
        if (bArr != null) {
            return bArr;
        }
        byte[] generate = Companion.generate(i2);
        put(key, generate);
        return generate;
    }

    public final boolean isEncrypted$lib_release() {
        return true;
    }

    public final String legacySeal$lib_release(String plainText) {
        Intrinsics.checkNotNullParameter(plainText, "plainText");
        Charset defaultCharset = Charset.defaultCharset();
        Intrinsics.checkNotNullExpressionValue(defaultCharset, "Charset.defaultCharset()");
        byte[] bytes = plainText.getBytes(defaultCharset);
        Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
        return seal(bytes);
    }

    public final String legacyUnseal$lib_release(String cipherText) {
        Intrinsics.checkNotNullParameter(cipherText, "cipherText");
        byte[] unseal$lib_release = unseal$lib_release(cipherText);
        Charset defaultCharset = Charset.defaultCharset();
        Intrinsics.checkNotNullExpressionValue(defaultCharset, "Charset.defaultCharset()");
        return new String(unseal$lib_release, defaultCharset);
    }

    public final void put(String key, byte[] secret) {
        SharedPreferences.Editor edit;
        SharedPreferences.Editor putString;
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(secret, "secret");
        if (!isEncrypted$lib_release()) {
            this.prefs.edit().putString(key + "_unencrypted", Companion.toBase64(secret)).commit();
            return;
        }
        this.prefs.edit().putString(key, seal(secret)).commit();
        SharedPreferences sharedPreferences = this.legacyPrefs;
        if (sharedPreferences == null || (edit = sharedPreferences.edit()) == null || (putString = edit.putString(key, null)) == null) {
            return;
        }
        putString.commit();
    }

    public final String seal(byte[] plainText) {
        Intrinsics.checkNotNullParameter(plainText, "plainText");
        return Companion.toBase64(doSeal(plainText));
    }

    public final byte[] unseal$lib_release(String cipherText) {
        Intrinsics.checkNotNullParameter(cipherText, "cipherText");
        return doUnseal(Companion.fromBase64(cipherText));
    }
}
