package com.xmission.trevin.android.notes.util;

import android.content.ContentResolver;
import android.content.ContentValues;
import android.content.ContextWrapper;
import android.database.Cursor;
import android.util.Log;
import com.xmission.trevin.android.crypto.AESCipher;
import com.xmission.trevin.android.crypto.KeyParameter;
import com.xmission.trevin.android.crypto.PKCS5S2ParametersGenerator;
import com.xmission.trevin.android.crypto.SHA256;
import com.xmission.trevin.android.notes.data.NotePreferences;
import com.xmission.trevin.android.notes.provider.Note;
import java.io.UnsupportedEncodingException;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.spec.SecretKeySpec;
import kotlin.UByte;
import kotlin.UShort;

/* loaded from: classes.dex */
public class StringEncryption {
    private static final int KEY_ITERATION_COUNT = 1000;
    private static final int KEY_LENGTH = 256;
    public static final String LOG_TAG = "StringEncryption";
    private static final int SALT_LENGTH = 32;
    private static StringEncryption globalEncryption;
    private static int globalReferences;
    private static final SecureRandom RAND = new SecureRandom();
    private static final String[] METADATA_PROJECTION = {Note.NoteMetadata.VALUE};
    public static final String[] METADATA_PASSWORD_HASH = {"StringEncryption.HashedPassword"};
    private static final String[] COUNT_PROJECTION = {"_id"};
    private char[] userPassword = null;
    private byte[] salt = null;
    private int keyLength = KEY_LENGTH;
    private int keyIterationCount = KEY_ITERATION_COUNT;
    private byte[] key = null;

    private void generateKey() throws GeneralSecurityException, IllegalStateException {
        char[] cArr = this.userPassword;
        if (cArr == null) {
            throw new IllegalStateException("Password is not set");
        }
        if (this.salt == null) {
            throw new IllegalStateException("No salt");
        }
        byte[] PKCS5PasswordToUTF8Bytes = PKCS5S2ParametersGenerator.PKCS5PasswordToUTF8Bytes(cArr);
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator();
        pKCS5S2ParametersGenerator.init(PKCS5PasswordToUTF8Bytes, this.salt, this.keyIterationCount);
        KeyParameter generateDerivedMacParameters = pKCS5S2ParametersGenerator.generateDerivedMacParameters(this.keyLength);
        Arrays.fill(PKCS5PasswordToUTF8Bytes, (byte) 0);
        this.key = generateDerivedMacParameters.getKey();
    }

    public static StringEncryption holdGlobalEncryption() {
        Log.d(LOG_TAG, ".holdGlobalEncryption(" + globalReferences + "," + globalEncryption + ")");
        if (globalEncryption == null) {
            globalEncryption = new StringEncryption();
            globalReferences = 0;
        }
        globalReferences++;
        return globalEncryption;
    }

    public static void releaseGlobalEncryption() {
        Log.d(LOG_TAG, ".releaseGlobalEncryption(" + globalReferences + "," + globalEncryption + ")");
        int i = globalReferences;
        if (i <= 0) {
            Log.e(LOG_TAG, "An unknown caller released encryption without holding it!");
        } else {
            globalReferences = i - 1;
        }
    }

    public static void releaseGlobalEncryption(ContextWrapper contextWrapper) {
        Log.d(LOG_TAG, ".releaseGlobalEncryption(" + globalReferences + "," + globalEncryption + ")");
        int i = globalReferences + (-1);
        globalReferences = i;
        if (i <= 0) {
            if (i < 0) {
                Log.e(LOG_TAG, "A caller (maybe " + contextWrapper + ") released encryption without holding it!");
            }
            StringEncryption stringEncryption = globalEncryption;
            if (stringEncryption != null) {
                stringEncryption.forgetPassword();
                NotePreferences.getInstance(contextWrapper).setShowEncrypted(false);
            }
            globalEncryption = null;
        }
    }

    public void addSalt() {
        byte[] bArr = new byte[32];
        this.salt = bArr;
        RAND.nextBytes(bArr);
        byte[] bArr2 = this.key;
        if (bArr2 != null) {
            Arrays.fill(bArr2, (byte) 0);
            this.key = null;
        }
    }

    public boolean checkPassword(ContentResolver contentResolver) throws GeneralSecurityException {
        Cursor query = contentResolver.query(Note.NoteMetadata.CONTENT_URI, METADATA_PROJECTION, "name = ?", METADATA_PASSWORD_HASH, null);
        try {
            if (!query.moveToFirst()) {
                throw new IllegalStateException("checkPassword(resolver) called with no password in the database");
            }
            byte[] blob = query.getBlob(query.getColumnIndex(Note.NoteMetadata.VALUE));
            query.close();
            return checkPassword(blob);
        } catch (Throwable th) {
            query.close();
            throw th;
        }
    }

    public boolean checkPassword(byte[] bArr) throws GeneralSecurityException {
        if (bArr == null) {
            return false;
        }
        ByteBuffer order = ByteBuffer.wrap(bArr).order(ByteOrder.BIG_ENDIAN);
        try {
            if (order.get() != 2) {
                throw new UnrecoverableKeyException("Unsupported encryption method");
            }
            this.salt = new byte[(order.get() & UByte.MAX_VALUE) + 2];
            this.keyLength = ((order.getShort() & UShort.MAX_VALUE) + 2) * 8;
            this.keyIterationCount = (order.getShort() & UShort.MAX_VALUE) + 1;
            order.get(this.salt);
            int position = order.position();
            byte[] bArr2 = new byte[order.limit() - order.position()];
            order.get(bArr2);
            generateKey();
            SHA256.Digest digest = new SHA256.Digest();
            digest.update(bArr, 0, position);
            digest.update(this.key);
            if (Arrays.equals(bArr2, digest.digest())) {
                return true;
            }
            Arrays.fill(this.key, (byte) 0);
            this.key = null;
            Arrays.fill(this.salt, (byte) 0);
            this.salt = null;
            return false;
        } catch (BufferUnderflowException unused) {
            throw new UnrecoverableKeyException("Invalid password hash");
        }
    }

    public String decrypt(byte[] bArr) throws GeneralSecurityException, IllegalStateException {
        if (bArr == null) {
            return null;
        }
        try {
            return new String(decryptBytes(bArr), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new InvalidKeyException("Could not decode data using the given password", e);
        }
    }

    public byte[] decryptBytes(byte[] bArr) throws GeneralSecurityException, IllegalStateException {
        if (bArr == null) {
            return null;
        }
        if (this.key == null) {
            generateKey();
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.key, "AES");
            AESCipher aESCipher = new AESCipher();
            aESCipher.init(2, secretKeySpec);
            return aESCipher.doFinal(bArr);
        } catch (BadPaddingException e) {
            throw new InvalidKeyException("Could not decode data using the given password", e);
        } catch (IllegalBlockSizeException e2) {
            throw new InvalidKeyException("Could not decode data using the given password", e2);
        }
    }

    public byte[] encrypt(String str) throws GeneralSecurityException, IllegalStateException {
        if (str == null) {
            return null;
        }
        try {
            return encrypt(str.getBytes("UTF-8"));
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException("UTF-8 is not supported!", e);
        }
    }

    public byte[] encrypt(byte[] bArr) throws GeneralSecurityException, IllegalStateException {
        if (bArr == null) {
            return null;
        }
        if (this.key == null) {
            generateKey();
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.key, "AES");
            AESCipher aESCipher = new AESCipher();
            aESCipher.init(1, secretKeySpec);
            return aESCipher.doFinal(bArr);
        } catch (GeneralSecurityException e) {
            forgetPassword();
            throw e;
        }
    }

    public void forgetPassword() {
        byte[] bArr = this.key;
        if (bArr != null) {
            Arrays.fill(bArr, (byte) 0);
            this.key = null;
        }
        this.salt = null;
        char[] cArr = this.userPassword;
        if (cArr != null) {
            Arrays.fill(cArr, (char) 0);
        }
        this.userPassword = null;
    }

    byte[] getKey() throws GeneralSecurityException, IllegalStateException {
        if (this.key == null) {
            generateKey();
        }
        return this.key;
    }

    public char[] getPassword() {
        char[] cArr = this.userPassword;
        if (cArr == null) {
            return null;
        }
        char[] cArr2 = new char[cArr.length];
        System.arraycopy(cArr, 0, cArr2, 0, cArr.length);
        return cArr2;
    }

    public boolean hasKey() {
        return this.key != null;
    }

    public boolean hasPassword(ContentResolver contentResolver) {
        Cursor query = contentResolver.query(Note.NoteMetadata.CONTENT_URI, METADATA_PROJECTION, "name = ?", METADATA_PASSWORD_HASH, null);
        try {
            return query.moveToFirst();
        } finally {
            query.close();
        }
    }

    public void removePassword(ContentResolver contentResolver) {
        Cursor query = contentResolver.query(Note.NoteItem.CONTENT_URI, COUNT_PROJECTION, "private > 1", null, null);
        try {
            if (!query.moveToFirst()) {
                query.close();
                contentResolver.delete(Note.NoteMetadata.CONTENT_URI, "name = ?", METADATA_PASSWORD_HASH);
            } else {
                throw new IllegalStateException(query.getInt(query.getColumnIndex("_count")) + " records are still encrypted");
            }
        } catch (Throwable th) {
            query.close();
            throw th;
        }
    }

    public void setPassword(char[] cArr) {
        char[] cArr2 = new char[cArr.length];
        this.userPassword = cArr2;
        System.arraycopy(cArr, 0, cArr2, 0, cArr.length);
        byte[] bArr = this.key;
        if (bArr != null) {
            Arrays.fill(bArr, (byte) 0);
            this.key = null;
        }
    }

    void setSalt(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("Some salt is required");
        }
        this.salt = Arrays.copyOf(bArr, bArr.length);
    }

    public void storePassword(ContentResolver contentResolver) throws GeneralSecurityException {
        if (this.key == null) {
            if (this.salt == null) {
                addSalt();
            }
            generateKey();
        }
        byte[] bArr = new byte[6];
        ByteBuffer order = ByteBuffer.wrap(bArr).order(ByteOrder.BIG_ENDIAN);
        order.put((byte) 2);
        order.put((byte) (this.salt.length - 2));
        order.putShort((short) ((this.keyLength / 8) - 2));
        order.putShort((short) (this.keyIterationCount - 1));
        SHA256.Digest digest = new SHA256.Digest();
        digest.update(bArr);
        digest.update(this.salt);
        digest.update(this.key);
        byte[] digest2 = digest.digest();
        byte[] bArr2 = new byte[this.salt.length + 6 + digest2.length];
        System.arraycopy(bArr, 0, bArr2, 0, 6);
        byte[] bArr3 = this.salt;
        System.arraycopy(bArr3, 0, bArr2, 6, bArr3.length);
        System.arraycopy(digest2, 0, bArr2, 6 + this.salt.length, digest2.length);
        ContentValues contentValues = new ContentValues();
        contentValues.put("name", METADATA_PASSWORD_HASH[0]);
        contentValues.put(Note.NoteMetadata.VALUE, bArr2);
        contentResolver.insert(Note.NoteMetadata.CONTENT_URI, contentValues);
    }
}
