package com.server.auditor.ssh.client.encryption.storage;

import android.content.SharedPreferences;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.amazonaws.mobileconnectors.s3.transferutility.TransferTable;
import com.amazonaws.services.s3.internal.crypto.JceEncryptionConstants;
import com.server.auditor.ssh.client.app.TermiusApplication;
import com.server.auditor.ssh.client.encryption.keyring.EncryptedStorageMigrationException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.GregorianCalendar;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
public final class n implements g {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static final class a extends com.server.auditor.ssh.client.encryption.keyring.c {
        private final String a;
        private final String b;
        private KeyStore.PrivateKeyEntry c;
        private final KeyStore d;
        private final com.server.auditor.ssh.client.app.f e;

        public a(KeyStore keyStore, com.server.auditor.ssh.client.app.f fVar) {
            kotlin.y.d.l.e(keyStore, "androidKeyStore");
            kotlin.y.d.l.e(fVar, "keyValueRepository");
            this.d = keyStore;
            this.e = fVar;
            this.a = "termius_secret_key_pair_api21_v1";
            this.b = "RSA/ECB/PKCS1Padding";
        }

        private final Cipher f() {
            Cipher cipher = Cipher.getInstance(this.b);
            KeyStore.PrivateKeyEntry privateKeyEntry = this.c;
            if (privateKeyEntry == null) {
                kotlin.y.d.l.t("keyEntry");
                throw null;
            }
            cipher.init(2, privateKeyEntry.getPrivateKey());
            kotlin.y.d.l.d(cipher, "cipher");
            return cipher;
        }

        private final Cipher g() {
            Cipher cipher = Cipher.getInstance(this.b);
            KeyStore.PrivateKeyEntry privateKeyEntry = this.c;
            if (privateKeyEntry == null) {
                kotlin.y.d.l.t("keyEntry");
                throw null;
            }
            Certificate certificate = privateKeyEntry.getCertificate();
            kotlin.y.d.l.d(certificate, "keyEntry.certificate");
            cipher.init(1, certificate.getPublicKey());
            kotlin.y.d.l.d(cipher, "cipher");
            return cipher;
        }

        private final byte[] h(String str) {
            byte[] decode = Base64.decode(str, 2);
            kotlin.y.d.l.d(decode, "Base64.decode(input, Base64.NO_WRAP)");
            return decode;
        }

        private final String i(byte[] bArr) {
            String encodeToString = Base64.encodeToString(bArr, 2);
            kotlin.y.d.l.d(encodeToString, "Base64.encodeToString(input, Base64.NO_WRAP)");
            return encodeToString;
        }

        @Override // com.server.auditor.ssh.client.encryption.keyring.c
        public com.server.auditor.ssh.client.app.f a() {
            return this.e;
        }

        @Override // com.server.auditor.ssh.client.encryption.keyring.c
        public void b() {
            if (!this.d.isKeyEntry(this.a)) {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                GregorianCalendar gregorianCalendar = new GregorianCalendar();
                GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
                gregorianCalendar2.add(1, 20);
                KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(TermiusApplication.g()).setAlias(this.a).setSubject(new X500Principal("CN=" + this.a)).setKeySize(3072).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).setSerialNumber(BigInteger.valueOf(1337L)).build();
                kotlin.y.d.l.d(build, "KeyPairGeneratorSpec.Bui…                 .build()");
                keyPairGenerator.initialize(build);
                keyPairGenerator.genKeyPair();
            }
            KeyStore.Entry entry = this.d.getEntry(this.a, null);
            Objects.requireNonNull(entry, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
            this.c = (KeyStore.PrivateKeyEntry) entry;
            g();
        }

        @Override // com.server.auditor.ssh.client.encryption.keyring.c
        public byte[] c(String str, byte[] bArr) {
            kotlin.y.d.l.e(str, TransferTable.COLUMN_KEY);
            kotlin.y.d.l.e(bArr, "defaultValue");
            String string = a().getString(str, "");
            if (!(string == null || string.length() == 0)) {
                try {
                    bArr = f().doFinal(h(string));
                } catch (Throwable unused) {
                }
                kotlin.y.d.l.d(bArr, "try {\n                  …ltValue\n                }");
            }
            return bArr;
        }

        @Override // com.server.auditor.ssh.client.encryption.keyring.c
        public void d(String str) {
            kotlin.y.d.l.e(str, TransferTable.COLUMN_KEY);
            a().edit().remove(str).apply();
        }

        @Override // com.server.auditor.ssh.client.encryption.keyring.c
        public void e(String str, byte[] bArr) {
            kotlin.y.d.l.e(str, TransferTable.COLUMN_KEY);
            kotlin.y.d.l.e(bArr, "value");
            byte[] doFinal = g().doFinal(bArr);
            SharedPreferences.Editor edit = a().edit();
            kotlin.y.d.l.d(doFinal, "encrypted");
            edit.putString(str, i(doFinal)).apply();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static final class b extends com.server.auditor.ssh.client.encryption.keyring.c {
        private final String a;
        private final String b;
        private final a c;
        private KeyStore.SecretKeyEntry d;
        private final KeyStore e;
        private final com.server.auditor.ssh.client.app.f f;

        /* loaded from: classes2.dex */
        public static final class a {
            private final int a = 1;

            public final byte[] a(byte[] bArr, byte[] bArr2) {
                byte[] j;
                byte[] k;
                byte[] k2;
                kotlin.y.d.l.e(bArr, "input");
                kotlin.y.d.l.e(bArr2, "iv");
                j = kotlin.u.h.j(new byte[0], (byte) bArr2.length);
                k = kotlin.u.h.k(j, bArr2);
                k2 = kotlin.u.h.k(k, bArr);
                return k2;
            }

            public final kotlin.l<byte[], byte[]> b(byte[] bArr) {
                byte[] g;
                byte[] g2;
                kotlin.y.d.l.e(bArr, "input");
                byte b = bArr[0];
                int i = this.a;
                g = kotlin.u.h.g(bArr, i, i + b);
                g2 = kotlin.u.h.g(bArr, this.a + b, bArr.length);
                return new kotlin.l<>(g, g2);
            }
        }

        public b(KeyStore keyStore, com.server.auditor.ssh.client.app.f fVar) {
            kotlin.y.d.l.e(keyStore, "androidKeyStore");
            kotlin.y.d.l.e(fVar, "keyValueRepository");
            this.e = keyStore;
            this.f = fVar;
            this.a = "termius_secret_key_api23_v1";
            this.b = "AES/GCM/NoPadding";
            this.c = new a();
        }

        private final Cipher f(byte[] bArr) {
            Cipher cipher = Cipher.getInstance(this.b);
            GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, bArr);
            KeyStore.SecretKeyEntry secretKeyEntry = this.d;
            if (secretKeyEntry == null) {
                kotlin.y.d.l.t("keyEntry");
                throw null;
            }
            cipher.init(2, secretKeyEntry.getSecretKey(), gCMParameterSpec);
            kotlin.y.d.l.d(cipher, "cipher");
            return cipher;
        }

        private final Cipher g() {
            Cipher cipher = Cipher.getInstance(this.b);
            KeyStore.SecretKeyEntry secretKeyEntry = this.d;
            if (secretKeyEntry == null) {
                kotlin.y.d.l.t("keyEntry");
                throw null;
            }
            cipher.init(1, secretKeyEntry.getSecretKey());
            kotlin.y.d.l.d(cipher, "cipher");
            return cipher;
        }

        private final byte[] h(String str) {
            byte[] decode = Base64.decode(str, 2);
            kotlin.y.d.l.d(decode, "Base64.decode(input, Base64.NO_WRAP)");
            return decode;
        }

        private final String i(byte[] bArr) {
            String encodeToString = Base64.encodeToString(bArr, 2);
            kotlin.y.d.l.d(encodeToString, "Base64.encodeToString(input, Base64.NO_WRAP)");
            return encodeToString;
        }

        @Override // com.server.auditor.ssh.client.encryption.keyring.c
        public com.server.auditor.ssh.client.app.f a() {
            return this.f;
        }

        @Override // com.server.auditor.ssh.client.encryption.keyring.c
        public void b() {
            if (Build.VERSION.SDK_INT < 23) {
                throw new IllegalStateException("AES cipher in AndroidKeyStore supports only on Android M and above.");
            }
            if (!this.e.isKeyEntry(this.a)) {
                KeyGenerator keyGenerator = KeyGenerator.getInstance(JceEncryptionConstants.SYMMETRIC_KEY_ALGORITHM, "AndroidKeyStore");
                KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(this.a, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).build();
                kotlin.y.d.l.d(build, "KeyGenParameterSpec.Buil…                 .build()");
                keyGenerator.init(build);
                keyGenerator.generateKey();
            }
            KeyStore.Entry entry = this.e.getEntry(this.a, null);
            Objects.requireNonNull(entry, "null cannot be cast to non-null type java.security.KeyStore.SecretKeyEntry");
            this.d = (KeyStore.SecretKeyEntry) entry;
            g();
        }

        @Override // com.server.auditor.ssh.client.encryption.keyring.c
        public byte[] c(String str, byte[] bArr) {
            kotlin.y.d.l.e(str, TransferTable.COLUMN_KEY);
            kotlin.y.d.l.e(bArr, "defaultValue");
            String string = a().getString(str, "");
            if (!(string == null || string.length() == 0)) {
                try {
                    kotlin.l<byte[], byte[]> b = this.c.b(h(string));
                    bArr = f(b.a()).doFinal(b.b());
                } catch (Throwable unused) {
                }
                kotlin.y.d.l.d(bArr, "try {\n                  …ltValue\n                }");
            }
            return bArr;
        }

        @Override // com.server.auditor.ssh.client.encryption.keyring.c
        public void d(String str) {
            kotlin.y.d.l.e(str, TransferTable.COLUMN_KEY);
            a().edit().remove(str).apply();
        }

        @Override // com.server.auditor.ssh.client.encryption.keyring.c
        public void e(String str, byte[] bArr) {
            kotlin.y.d.l.e(str, TransferTable.COLUMN_KEY);
            kotlin.y.d.l.e(bArr, "value");
            Cipher g = g();
            byte[] doFinal = g.doFinal(bArr);
            a aVar = this.c;
            kotlin.y.d.l.d(doFinal, "encrypted");
            byte[] iv = g.getIV();
            kotlin.y.d.l.d(iv, "cipher.iv");
            a().edit().putString(str, i(aVar.a(doFinal, iv))).apply();
        }
    }

    /* loaded from: classes2.dex */
    private static final class c {
        private final String a = "encrypted_storage_api_int";

        public final com.server.auditor.ssh.client.encryption.keyring.c a(KeyStore keyStore, com.server.auditor.ssh.client.app.f fVar, int i) {
            int i2;
            com.server.auditor.ssh.client.encryption.keyring.c dVar;
            kotlin.y.d.l.e(fVar, "keyValueRepository");
            try {
                if (fVar.contains(this.a)) {
                    i2 = fVar.getInt(this.a, i);
                } else {
                    fVar.edit().putInt(this.a, i).apply();
                    i2 = i;
                }
                if (i2 > i) {
                    com.crystalnix.terminal.utils.f.a.b.d(new EncryptedStorageMigrationException("Actual sdk version is lower than currently uses " + i2 + '/' + i + '.'));
                }
                if (i2 != 0 && keyStore != null) {
                    dVar = i2 < 23 ? new a(keyStore, fVar) : new b(keyStore, fVar);
                    dVar.b();
                    return dVar;
                }
                dVar = new d(fVar);
                dVar.b();
                return dVar;
            } catch (Throwable th) {
                com.crystalnix.terminal.utils.f.a.b.d(th);
                fVar.edit().putInt(this.a, 0).apply();
                d dVar2 = new d(fVar);
                dVar2.b();
                return dVar2;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static final class d extends com.server.auditor.ssh.client.encryption.keyring.c {
        private final com.server.auditor.ssh.client.app.f a;

        public d(com.server.auditor.ssh.client.app.f fVar) {
            kotlin.y.d.l.e(fVar, "keyValueRepository");
            this.a = fVar;
        }

        private final byte[] f(String str) {
            byte[] decode = Base64.decode(str, 2);
            kotlin.y.d.l.d(decode, "Base64.decode(input, Base64.NO_WRAP)");
            return decode;
        }

        private final String g(byte[] bArr) {
            String encodeToString = Base64.encodeToString(bArr, 2);
            kotlin.y.d.l.d(encodeToString, "Base64.encodeToString(input, Base64.NO_WRAP)");
            return encodeToString;
        }

        @Override // com.server.auditor.ssh.client.encryption.keyring.c
        public com.server.auditor.ssh.client.app.f a() {
            return this.a;
        }

        @Override // com.server.auditor.ssh.client.encryption.keyring.c
        public void b() {
        }

        @Override // com.server.auditor.ssh.client.encryption.keyring.c
        public byte[] c(String str, byte[] bArr) {
            kotlin.y.d.l.e(str, TransferTable.COLUMN_KEY);
            kotlin.y.d.l.e(bArr, "defaultValue");
            String string = a().getString(str, "");
            if (!(string == null || string.length() == 0)) {
                try {
                } catch (Throwable unused) {
                    return bArr;
                }
            }
            return f(string);
        }

        @Override // com.server.auditor.ssh.client.encryption.keyring.c
        public void d(String str) {
            kotlin.y.d.l.e(str, TransferTable.COLUMN_KEY);
            a().edit().remove(str).apply();
        }

        @Override // com.server.auditor.ssh.client.encryption.keyring.c
        public void e(String str, byte[] bArr) {
            kotlin.y.d.l.e(str, TransferTable.COLUMN_KEY);
            kotlin.y.d.l.e(bArr, "value");
            a().edit().putString(str, g(bArr)).apply();
        }
    }

    @Override // com.server.auditor.ssh.client.encryption.storage.g
    public void a(KeyStore keyStore, com.server.auditor.ssh.client.app.f fVar, com.server.auditor.ssh.client.app.f fVar2) {
        kotlin.y.d.l.e(fVar, "encryptionKeyValueRepository");
        kotlin.y.d.l.e(fVar2, "mainKeyValueRepository");
        SharedPreferences.Editor edit = fVar2.edit();
        com.server.auditor.ssh.client.encryption.keyring.c a2 = new c().a(keyStore, fVar, Build.VERSION.SDK_INT);
        String string = fVar2.getString("TEAM_INFO_NAME", "");
        if (!(string == null || string.length() == 0)) {
            Charset charset = kotlin.e0.d.a;
            Objects.requireNonNull(string, "null cannot be cast to non-null type java.lang.String");
            byte[] bytes = string.getBytes(charset);
            kotlin.y.d.l.d(bytes, "(this as java.lang.String).getBytes(charset)");
            a2.e("team_info_name", bytes);
            edit.remove("TEAM_INFO_NAME");
        }
        String string2 = fVar2.getString("TEAM_INFO_OWNER", "");
        if (!(string2 == null || string2.length() == 0)) {
            Charset charset2 = kotlin.e0.d.a;
            Objects.requireNonNull(string2, "null cannot be cast to non-null type java.lang.String");
            byte[] bytes2 = string2.getBytes(charset2);
            kotlin.y.d.l.d(bytes2, "(this as java.lang.String).getBytes(charset)");
            a2.e("team_info_owner", bytes2);
            edit.remove("TEAM_INFO_OWNER");
        }
        edit.apply();
    }
}
