package com.personx.cryptx.crypto;

import android.content.Context;
import android.content.SharedPreferences;
import android.util.Base64;
import android.util.Log;
import androidx.constraintlayout.widget.ConstraintLayout;
import com.personx.cryptx.SecurePrefs;
import com.personx.cryptx.database.encryption.DatabaseProvider;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.Metadata;
import kotlin.collections.ArraysKt;
import kotlin.jvm.internal.Intrinsics;
import net.zetetic.database.DatabaseErrorHandler;
import net.zetetic.database.sqlcipher.SQLiteDatabase;

/* compiled from: PinCryptoManager.kt */
@Metadata(d1 = {"\u00004\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0002\b\u0007\u0018\u00002\u00020\u0001B\u000f\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0004\b\u0004\u0010\u0005J\u000e\u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\tJ\u000e\u0010\n\u001a\u00020\u000b2\u0006\u0010\b\u001a\u00020\tJ\u000e\u0010\f\u001a\u00020\u000b2\u0006\u0010\b\u001a\u00020\tJ\u000e\u0010\r\u001a\u00020\u000b2\u0006\u0010\u000e\u001a\u00020\tJ\u0018\u0010\u000f\u001a\u00020\u00102\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\u0011\u001a\u00020\u0012H\u0002J\b\u0010\u0013\u001a\u00020\u0012H\u0002R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u0014"}, d2 = {"Lcom/personx/cryptx/crypto/PinCryptoManager;", "", "context", "Landroid/content/Context;", "<init>", "(Landroid/content/Context;)V", "setupPin", "", "pin", "", "verifyPin", "", "loadSessionKeyIfPinValid", "changePinAndRekeyDatabase", "newPin", "deriveKeyFromPin", "Ljavax/crypto/SecretKey;", SecurePrefs.SALT, "", "generateSalt", "app_release"}, k = 1, mv = {2, 2, 0}, xi = ConstraintLayout.LayoutParams.Table.LAYOUT_CONSTRAINT_VERTICAL_CHAINSTYLE)
/* loaded from: classes3.dex */
public final class PinCryptoManager {
    public static final int $stable = 8;
    private final Context context;

    public PinCryptoManager(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        this.context = context;
    }

    private final SecretKey deriveKeyFromPin(String pin, byte[] salt) {
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
        char[] charArray = pin.toCharArray();
        Intrinsics.checkNotNullExpressionValue(charArray, "toCharArray(...)");
        return new SecretKeySpec(secretKeyFactory.generateSecret(new PBEKeySpec(charArray, salt, 310000, 256)).getEncoded(), "AES");
    }

    private final byte[] generateSalt() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    public final boolean changePinAndRekeyDatabase(String newPin) {
        Intrinsics.checkNotNullParameter(newPin, "newPin");
        SharedPreferences sharedPreferences = this.context.getSharedPreferences(SecurePrefs.NAME, 0);
        String absolutePath = this.context.getDatabasePath("encrypted_history.db").getAbsolutePath();
        SecretKey sessionKey = SessionKeyManager.INSTANCE.getSessionKey();
        if (sessionKey == null) {
            return false;
        }
        byte[] generateSalt = generateSalt();
        SecretKey deriveKeyFromPin = deriveKeyFromPin(newPin, generateSalt);
        try {
            try {
                System.loadLibrary("sqlcipher");
                SQLiteDatabase openOrCreateDatabase = SQLiteDatabase.openOrCreateDatabase(absolutePath, sessionKey.getEncoded(), (SQLiteDatabase.CursorFactory) null, (DatabaseErrorHandler) null);
                try {
                    openOrCreateDatabase.changePassword(deriveKeyFromPin.getEncoded());
                    openOrCreateDatabase.close();
                    SessionKeyManager.INSTANCE.setSessionKey(deriveKeyFromPin);
                    Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                    byte[] bArr = new byte[12];
                    new SecureRandom().nextBytes(bArr);
                    cipher.init(1, deriveKeyFromPin, new GCMParameterSpec(128, bArr));
                    byte[] doFinal = cipher.doFinal(sessionKey.getEncoded());
                    Intrinsics.checkNotNull(sharedPreferences);
                    SharedPreferences.Editor edit = sharedPreferences.edit();
                    edit.putString(SecurePrefs.SALT, Base64.encodeToString(generateSalt, 2));
                    edit.putString(SecurePrefs.IV, Base64.encodeToString(bArr, 2));
                    edit.putString(SecurePrefs.ENCRYPTED_SESSION_KEY, Base64.encodeToString(doFinal, 2));
                    edit.apply();
                    DatabaseProvider.INSTANCE.clearDatabaseInstance();
                    byte[] encoded = sessionKey.getEncoded();
                    if (encoded != null) {
                        ArraysKt.fill$default(encoded, (byte) 0, 0, 0, 6, (Object) null);
                    }
                    byte[] encoded2 = deriveKeyFromPin.getEncoded();
                    if (encoded2 != null) {
                        ArraysKt.fill$default(encoded2, (byte) 0, 0, 0, 6, (Object) null);
                    }
                    return true;
                } catch (Throwable th) {
                    openOrCreateDatabase.close();
                    throw th;
                }
            } catch (Exception e) {
                Log.e("PinCryptoManager", "PIN change failed", e);
                byte[] encoded3 = sessionKey.getEncoded();
                if (encoded3 != null) {
                    ArraysKt.fill$default(encoded3, (byte) 0, 0, 0, 6, (Object) null);
                }
                byte[] encoded4 = deriveKeyFromPin.getEncoded();
                if (encoded4 != null) {
                    ArraysKt.fill$default(encoded4, (byte) 0, 0, 0, 6, (Object) null);
                }
                return false;
            }
        } catch (Throwable th2) {
            byte[] encoded5 = sessionKey.getEncoded();
            if (encoded5 != null) {
                ArraysKt.fill$default(encoded5, (byte) 0, 0, 0, 6, (Object) null);
            }
            byte[] encoded6 = deriveKeyFromPin.getEncoded();
            if (encoded6 != null) {
                ArraysKt.fill$default(encoded6, (byte) 0, 0, 0, 6, (Object) null);
            }
            throw th2;
        }
    }

    public final boolean loadSessionKeyIfPinValid(String pin) {
        String string;
        String string2;
        Intrinsics.checkNotNullParameter(pin, "pin");
        SharedPreferences sharedPreferences = this.context.getSharedPreferences(SecurePrefs.NAME, 0);
        String string3 = sharedPreferences.getString(SecurePrefs.SALT, null);
        if (string3 == null || (string = sharedPreferences.getString(SecurePrefs.IV, null)) == null || (string2 = sharedPreferences.getString(SecurePrefs.ENCRYPTED_SESSION_KEY, null)) == null) {
            return false;
        }
        byte[] decode = Base64.decode(string3, 2);
        byte[] decode2 = Base64.decode(string, 2);
        byte[] decode3 = Base64.decode(string2, 2);
        Intrinsics.checkNotNull(decode);
        SecretKey deriveKeyFromPin = deriveKeyFromPin(pin, decode);
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, deriveKeyFromPin, new GCMParameterSpec(128, decode2));
            byte[] doFinal = cipher.doFinal(decode3);
            SessionKeyManager.INSTANCE.setSessionKey(new SecretKeySpec(doFinal, "AES"));
            byte[] encoded = deriveKeyFromPin.getEncoded();
            Intrinsics.checkNotNullExpressionValue(encoded, "getEncoded(...)");
            ArraysKt.fill$default(encoded, (byte) 0, 0, 0, 6, (Object) null);
            Intrinsics.checkNotNull(doFinal);
            ArraysKt.fill$default(doFinal, (byte) 0, 0, 0, 6, (Object) null);
            return true;
        } catch (Exception e) {
            byte[] encoded2 = deriveKeyFromPin.getEncoded();
            Intrinsics.checkNotNullExpressionValue(encoded2, "getEncoded(...)");
            ArraysKt.fill$default(encoded2, (byte) 0, 0, 0, 6, (Object) null);
            Log.e("PinCryptoManager", "Decryption failed: " + e.getMessage(), e);
            return false;
        }
    }

    public final void setupPin(String pin) {
        Intrinsics.checkNotNullParameter(pin, "pin");
        SharedPreferences sharedPreferences = this.context.getSharedPreferences(SecurePrefs.NAME, 0);
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256);
        SecretKey generateKey = keyGenerator.generateKey();
        byte[] generateSalt = generateSalt();
        SecretKey deriveKeyFromPin = deriveKeyFromPin(pin, generateSalt);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        byte[] bArr = new byte[12];
        new SecureRandom().nextBytes(bArr);
        cipher.init(1, deriveKeyFromPin, new GCMParameterSpec(128, bArr));
        byte[] doFinal = cipher.doFinal(generateKey.getEncoded());
        Intrinsics.checkNotNull(sharedPreferences);
        SharedPreferences.Editor edit = sharedPreferences.edit();
        edit.putString(SecurePrefs.SALT, Base64.encodeToString(generateSalt, 2));
        edit.putString(SecurePrefs.IV, Base64.encodeToString(bArr, 2));
        edit.putString(SecurePrefs.ENCRYPTED_SESSION_KEY, Base64.encodeToString(doFinal, 2));
        edit.apply();
        byte[] encoded = generateKey.getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "getEncoded(...)");
        ArraysKt.fill$default(encoded, (byte) 0, 0, 0, 6, (Object) null);
        byte[] encoded2 = deriveKeyFromPin.getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded2, "getEncoded(...)");
        ArraysKt.fill$default(encoded2, (byte) 0, 0, 0, 6, (Object) null);
    }

    public final boolean verifyPin(String pin) {
        String string;
        String string2;
        Intrinsics.checkNotNullParameter(pin, "pin");
        SharedPreferences sharedPreferences = this.context.getSharedPreferences(SecurePrefs.NAME, 0);
        String string3 = sharedPreferences.getString(SecurePrefs.SALT, null);
        if (string3 == null || (string = sharedPreferences.getString(SecurePrefs.IV, null)) == null || (string2 = sharedPreferences.getString(SecurePrefs.ENCRYPTED_SESSION_KEY, null)) == null) {
            return false;
        }
        byte[] decode = Base64.decode(string3, 2);
        byte[] decode2 = Base64.decode(string, 2);
        byte[] decode3 = Base64.decode(string2, 2);
        Intrinsics.checkNotNull(decode);
        SecretKey deriveKeyFromPin = deriveKeyFromPin(pin, decode);
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, deriveKeyFromPin, new GCMParameterSpec(128, decode2));
            byte[] doFinal = cipher.doFinal(decode3);
            SessionKeyManager.INSTANCE.setSessionKey(new SecretKeySpec(doFinal, "AES"));
            byte[] encoded = deriveKeyFromPin.getEncoded();
            Intrinsics.checkNotNullExpressionValue(encoded, "getEncoded(...)");
            ArraysKt.fill$default(encoded, (byte) 0, 0, 0, 6, (Object) null);
            Intrinsics.checkNotNull(doFinal);
            ArraysKt.fill$default(doFinal, (byte) 0, 0, 0, 6, (Object) null);
            return true;
        } catch (Exception e) {
            byte[] encoded2 = deriveKeyFromPin.getEncoded();
            Intrinsics.checkNotNullExpressionValue(encoded2, "getEncoded(...)");
            ArraysKt.fill$default(encoded2, (byte) 0, 0, 0, 6, (Object) null);
            Log.e("PinCryptoManager", "PIN verification failed: " + e.getMessage());
            return false;
        }
    }
}
