package ch.threema.localcrypto;

import android.util.Log;
import androidx.camera.camera2.internal.Camera2CameraImpl;
import ch.threema.app.ThreemaApplication;
import com.lambdaworks.crypto.SCrypt;
import defpackage.sl;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.msgpack.core.MessagePack;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class a {
    public static final Logger j = LoggerFactory.b(a.class);
    public static final byte[] k = {-107, 13, 38, 122, -120, -22, 119, 16, -100, 80, -25, 63, 71, MessagePack.Code.NEGFIXINT_PREFIX, 105, 114, MessagePack.Code.STR16, MessagePack.Code.BIN8, 57, 124, -103, -22, 126, 103, -81, -3, MessagePack.Code.ARRAY32, 50, MessagePack.Code.STR16, 53, -9, 12};
    public final File a;
    public byte[] b;
    public boolean c;
    public EnumC0069a d;
    public byte[] e;
    public byte[] f;
    public byte[] g;
    public boolean h;
    public final SecureRandom i;

    /* renamed from: ch.threema.localcrypto.a$a, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    public enum EnumC0069a {
        UNPROTECTED(0),
        PBKDF2(1),
        SCRYPT(2);

        public final int f;

        EnumC0069a(int i) {
            this.f = i;
        }
    }

    public a(File file, char[] cArr, boolean z) throws IOException {
        EnumC0069a enumC0069a = EnumC0069a.UNPROTECTED;
        this.a = file;
        SecureRandom secureRandom = new SecureRandom();
        this.i = secureRandom;
        if (!file.exists()) {
            byte[] bArr = new byte[32];
            this.b = bArr;
            secureRandom.nextBytes(bArr);
            this.g = a(this.b);
            this.d = enumC0069a;
            this.c = false;
            this.h = true;
            if (z) {
                return;
            }
            try {
                i(null);
                return;
            } catch (b unused) {
                return;
            }
        }
        File file2 = new File(file.getPath() + ".new");
        File file3 = new File(file.getPath() + ".bak");
        if (file3.exists()) {
            sl.c(file3, file);
        }
        if (file2.exists() && file.exists() && !file2.delete()) {
            Log.e("AtomicFile", "Failed to delete outdated new file " + file2);
        }
        DataInputStream dataInputStream = new DataInputStream(new FileInputStream(file));
        try {
            int readUnsignedByte = dataInputStream.readUnsignedByte();
            if (readUnsignedByte != 0) {
                if (readUnsignedByte == 1) {
                    enumC0069a = EnumC0069a.PBKDF2;
                } else {
                    if (readUnsignedByte != 2) {
                        throw new IllegalArgumentException("Bad protection type " + readUnsignedByte);
                    }
                    enumC0069a = EnumC0069a.SCRYPT;
                }
            }
            this.d = enumC0069a;
            byte[] bArr2 = new byte[32];
            this.e = bArr2;
            dataInputStream.readFully(bArr2);
            for (int i = 0; i < 32; i++) {
                byte[] bArr3 = this.e;
                bArr3[i] = (byte) (bArr3[i] ^ k[i]);
            }
            byte[] bArr4 = new byte[8];
            this.f = bArr4;
            dataInputStream.readFully(bArr4);
            byte[] bArr5 = new byte[4];
            this.g = bArr5;
            dataInputStream.readFully(bArr5);
            if (h()) {
                this.c = true;
                this.b = null;
            } else {
                this.c = false;
                byte[] bArr6 = this.e;
                this.b = bArr6;
                if (!Arrays.equals(a(bArr6), this.g)) {
                    throw new IOException("Corrupt key");
                }
            }
            dataInputStream.close();
            boolean z2 = this.c;
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                try {
                    dataInputStream.close();
                } catch (Throwable th3) {
                    th.addSuppressed(th3);
                }
                throw th2;
            }
        }
    }

    public static byte[] a(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(bArr);
            byte[] bArr2 = new byte[4];
            System.arraycopy(messageDigest.digest(), 0, bArr2, 0, 4);
            return bArr2;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public static byte[] b(char[] cArr, byte[] bArr, EnumC0069a enumC0069a) {
        try {
            int ordinal = enumC0069a.ordinal();
            if (ordinal == 1) {
                return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(cArr, bArr, Camera2CameraImpl.StateCallback.CameraReopenMonitor.REOPEN_LIMIT_MS, ThreemaApplication.MAX_PW_LENGTH_BACKUP)).getEncoded();
            }
            if (ordinal == 2) {
                return SCrypt.d(new String(cArr).getBytes(StandardCharsets.UTF_8), bArr, 65536, 8, 1, 32);
            }
            throw new RuntimeException("Unsupported protection type " + enumC0069a);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public CipherInputStream c(InputStream inputStream) throws b, IOException {
        try {
            if (this.c) {
                throw new b("Master key is locked");
            }
            byte[] bArr = new byte[16];
            int read = inputStream.read(bArr);
            if (read == -1) {
                throw new IOException("Bad encrypted file (empty)");
            }
            if (read == 16) {
                return new CipherInputStream(inputStream, e(bArr));
            }
            throw new IOException("Bad encrypted file (invalid IV length " + read + ")");
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    public CipherOutputStream d(OutputStream outputStream) throws b, IOException {
        try {
            if (this.c) {
                throw new b("Master key is locked");
            }
            byte[] bArr = new byte[16];
            this.i.nextBytes(bArr);
            outputStream.write(bArr);
            return new CipherOutputStream(outputStream, f(bArr));
        } catch (Throwable th) {
            outputStream.close();
            throw th;
        }
    }

    public Cipher e(byte[] bArr) throws b {
        if (this.c) {
            throw new b("Master key is locked");
        }
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, new SecretKeySpec(this.b, "AES"), new IvParameterSpec(bArr));
            return cipher;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public Cipher f(byte[] bArr) throws b {
        if (this.c) {
            throw new b("Master key is locked");
        }
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, new SecretKeySpec(this.b, "AES"), new IvParameterSpec(bArr));
            return cipher;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public byte[] g() throws b {
        if (this.c) {
            throw new b("Master key is locked");
        }
        return this.b;
    }

    public boolean h() {
        return this.d != EnumC0069a.UNPROTECTED;
    }

    public void i(char[] cArr) throws b, IOException {
        EnumC0069a enumC0069a = EnumC0069a.SCRYPT;
        if (this.c) {
            throw new b("Master key is locked");
        }
        if (cArr != null) {
            byte[] bArr = new byte[8];
            this.f = bArr;
            this.i.nextBytes(bArr);
            byte[] b = b(cArr, this.f, enumC0069a);
            this.e = new byte[32];
            for (int i = 0; i < 32; i++) {
                this.e[i] = (byte) (this.b[i] ^ b[i]);
            }
            this.d = enumC0069a;
        } else {
            if (!h() && !this.h) {
                return;
            }
            this.d = EnumC0069a.UNPROTECTED;
            this.e = this.b;
            this.f = new byte[8];
        }
        sl slVar = new sl(this.a);
        FileOutputStream d = slVar.d();
        try {
            DataOutputStream dataOutputStream = new DataOutputStream(d);
            dataOutputStream.writeByte(this.d.f);
            byte[] bArr2 = new byte[32];
            for (int i2 = 0; i2 < 32; i2++) {
                bArr2[i2] = (byte) (this.e[i2] ^ k[i2]);
            }
            dataOutputStream.write(bArr2);
            dataOutputStream.write(this.f);
            dataOutputStream.write(this.g);
            dataOutputStream.flush();
            slVar.b(d);
            this.h = false;
        } catch (IOException e) {
            slVar.a(d);
            throw e;
        }
    }

    public boolean j(char[] cArr) {
        if (!this.c) {
            return true;
        }
        try {
            byte[] b = b(cArr, this.f, this.d);
            this.b = new byte[32];
            for (int i = 0; i < 32; i++) {
                this.b[i] = (byte) (this.e[i] ^ b[i]);
            }
            if (!MessageDigest.isEqual(a(this.b), this.g)) {
                this.b = null;
                return false;
            }
            this.c = false;
            if (this.d == EnumC0069a.PBKDF2) {
                Logger logger = j;
                logger.v("Upgrading passphrase protection from PBKDF2 to Scrypt");
                i(cArr);
                logger.v("Upgraded passphrase protection from PBKDF2 to Scrypt");
            }
            return true;
        } catch (Exception e) {
            j.g("Exception", e);
            return false;
        }
    }
}
