package com.ekoapp.crypto.kms;

import android.content.Context;
import android.util.Base64;
import com.ekoapp.App.Eko;
import com.ekoapp.App.SharedPreferencesManager;
import com.ekoapp.crypto.PinLock;
import com.ekoapp.eko.BuildConfig;
import com.ekoapp.eko.Utils.RealmUtil;
import com.ekoapp.eko.Utils.UniqueIdGenerator;
import com.f2prateek.rx.preferences.Preference;
import com.f2prateek.rx.preferences.RxSharedPreferences;
import io.realm.ImportFlag;
import io.realm.Realm;
import io.realm.RealmConfiguration;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import timber.log.Timber;

/* loaded from: classes4.dex */
public class KMS {
    private static final String CHARSET_UTF_8 = "utf-8";
    private static final int DEFAULT_KEY_LENGTH_IN_BIT = 256;
    private static final int DEFAULT_KEY_LENGTH_IN_BYTE = 32;
    private static final String IV_STORE_KEY = "com.ekoapp.ekos.kms.init.vector";
    private static final String KEY_ALGORITHM = "AES";
    private final ConcurrentHashMap<String, byte[]> mKeyCache = new ConcurrentHashMap<>();
    private final ConcurrentHashMap<String, String> mTextCache = new ConcurrentHashMap<>();
    private static final String TAG = KMS.class.getSimpleName();
    private static final byte[] INIT_VECTOR = initIv();
    private static final byte[] STATIC_KEY = initMek();
    private static final KMS INSTANCE = new KMS();

    private static byte[] cipher(int i, byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(i, new SecretKeySpec(bArr, KEY_ALGORITHM), new IvParameterSpec(new byte[16]));
        return cipher.doFinal(bArr2);
    }

    public static byte[] decryptKey(byte[] bArr, String str) throws GeneralSecurityException {
        return cipher(2, bArr, Base64.decode(str, 2));
    }

    public static String encryptKey(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        return Base64.encodeToString(cipher(1, bArr, bArr2), 2);
    }

    private static byte[] genKey(int i) {
        SecureRandom secureRandom = new SecureRandom();
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(KEY_ALGORITHM);
            keyGenerator.init(i, secureRandom);
            return keyGenerator.generateKey().getEncoded();
        } catch (Exception e) {
            Timber.e(e, "Error genKey", new Object[0]);
            return new byte[i / 8];
        }
    }

    public static KMS get() {
        return INSTANCE;
    }

    private static long getFirstInstallTime(Context context) {
        try {
            return context.getPackageManager().getPackageInfo(BuildConfig.APPLICATION_ID, 0).firstInstallTime;
        } catch (Exception e) {
            Timber.e(e, "getFirstInstallTime", new Object[0]);
            return 0L;
        }
    }

    public static Cipher getImageCipher(int i, byte[] bArr) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(i, new SecretKeySpec(bArr, KEY_ALGORITHM), new IvParameterSpec(INIT_VECTOR));
        return cipher;
    }

    private static RealmUtil.BetterTransaction getInitKekTransaction() {
        return new RealmUtil.BetterTransaction() { // from class: com.ekoapp.crypto.kms.KMS.1
            @Override // com.ekoapp.eko.Utils.RealmUtil.BetterTransaction
            public void execute(Realm realm) throws Exception {
                realm.copyToRealmOrUpdate((Realm) KMS.newKek(), new ImportFlag[0]);
            }
        };
    }

    public static byte[] getMek() {
        return STATIC_KEY;
    }

    public static RealmConfiguration getRealmConfig() {
        return new RealmConfiguration.Builder().name("key.realm").deleteRealmIfMigrationNeeded().build();
    }

    private static byte[] initIv() {
        Preference<String> keyStore = keyStore(Eko.get());
        if (keyStore.isSet()) {
            byte[] decode = Base64.decode(keyStore.get(), 2);
            Timber.i("OLD iv: %s", keyStore.get());
            return decode;
        }
        byte[] generateSeed = new SecureRandom().generateSeed(16);
        keyStore.set(Base64.encodeToString(generateSeed, 2));
        Timber.i("NEW iv: %s", keyStore.get());
        return generateSeed;
    }

    private void initKek() {
        RealmUtil.executeTransaction(getRealmConfig(), getInitKekTransaction());
    }

    private static byte[] initMek() {
        try {
            return PinLock.genKey((UniqueIdGenerator.getID(Eko.get()) + Long.toHexString(getFirstInstallTime(Eko.get()))).toCharArray(), INIT_VECTOR);
        } catch (Exception e) {
            Timber.e(e, "initMek error", new Object[0]);
            return PinLock.genKey(PinLock.DEFAULT_PIN, INIT_VECTOR);
        }
    }

    public static void initialize(Context context) {
        get().initKek();
    }

    private static Preference<String> keyStore(Context context) {
        return RxSharedPreferences.create(context.getSharedPreferences(SharedPreferencesManager.EKO_SHARED_PREFERENCES2, 0)).getString(IV_STORE_KEY);
    }

    public static KEK newKek() throws GeneralSecurityException {
        String encryptKey = encryptKey(getMek(), genKey(256));
        KEK kek = new KEK();
        kek.setEncryptedKey(encryptKey);
        kek.setCreated(System.currentTimeMillis());
        return kek;
    }

    public void clearCache() {
        this.mKeyCache.clear();
        this.mTextCache.clear();
    }

    public String decrypt(String str, String str2) {
        return str2;
    }

    public String encrypt(String str, String str2) {
        return str2;
    }

    public byte[] getDek(String str) {
        return getDek(str, 256);
    }

    public byte[] getDek(String str, int i) {
        byte[] genKey;
        if (this.mKeyCache.containsKey(str)) {
            return this.mKeyCache.get(str);
        }
        Realm realm = null;
        try {
            try {
                realm = Realm.getInstance(getRealmConfig());
                DEK dek = (DEK) realm.where(DEK.class).equalTo("id", str).findFirst();
                if (dek != null) {
                    genKey = decryptKey(getKek(), dek.getEncryptedKey());
                } else {
                    genKey = genKey(i);
                    DEK newDek = newDek(str, getKek(), genKey);
                    realm.beginTransaction();
                    realm.copyToRealmOrUpdate((Realm) newDek, new ImportFlag[0]);
                    realm.commitTransaction();
                }
                this.mKeyCache.put(str, genKey);
                if (realm != null && !realm.isClosed()) {
                    realm.close();
                }
                return genKey;
            } catch (Exception e) {
                Timber.e(e, "getDek() error", new Object[0]);
                if (realm != null && realm.isInTransaction()) {
                    realm.cancelTransaction();
                }
                if (realm != null && !realm.isClosed()) {
                    realm.close();
                }
                return Arrays.copyOf(getMek(), i / 8);
            }
        } catch (Throwable th) {
            if (realm != null && !realm.isClosed()) {
                realm.close();
            }
            throw th;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:21:0x0058, code lost:
    
        if (r2.isClosed() == false) goto L31;
     */
    /* JADX WARN: Code restructure failed: missing block: B:22:0x0073, code lost:
    
        r2.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:28:0x0071, code lost:
    
        if (r2.isClosed() == false) goto L31;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public byte[] getKek() {
        /*
            r5 = this;
            java.util.concurrent.ConcurrentHashMap<java.lang.String, byte[]> r0 = r5.mKeyCache
            java.lang.String r1 = "kek"
            boolean r0 = r0.containsKey(r1)
            if (r0 == 0) goto L13
            java.util.concurrent.ConcurrentHashMap<java.lang.String, byte[]> r0 = r5.mKeyCache
            java.lang.Object r0 = r0.get(r1)
            byte[] r0 = (byte[]) r0
            return r0
        L13:
            r0 = 0
            io.realm.RealmConfiguration r2 = getRealmConfig()     // Catch: java.lang.Throwable -> L5d java.lang.Exception -> L61
            io.realm.Realm r2 = io.realm.Realm.getInstance(r2)     // Catch: java.lang.Throwable -> L5d java.lang.Exception -> L61
            java.lang.Class<com.ekoapp.crypto.kms.KEK> r3 = com.ekoapp.crypto.kms.KEK.class
            io.realm.RealmQuery r3 = r2.where(r3)     // Catch: java.lang.Exception -> L5b java.lang.Throwable -> L77
            java.lang.Object r3 = r3.findFirst()     // Catch: java.lang.Exception -> L5b java.lang.Throwable -> L77
            com.ekoapp.crypto.kms.KEK r3 = (com.ekoapp.crypto.kms.KEK) r3     // Catch: java.lang.Exception -> L5b java.lang.Throwable -> L77
            if (r3 == 0) goto L47
            byte[] r4 = getMek()     // Catch: java.lang.Exception -> L5b java.lang.Throwable -> L77
            java.lang.String r3 = r3.getEncryptedKey()     // Catch: java.lang.Exception -> L5b java.lang.Throwable -> L77
            byte[] r3 = decryptKey(r4, r3)     // Catch: java.lang.Exception -> L5b java.lang.Throwable -> L77
            java.util.concurrent.ConcurrentHashMap<java.lang.String, byte[]> r4 = r5.mKeyCache     // Catch: java.lang.Exception -> L5b java.lang.Throwable -> L77
            r4.put(r1, r3)     // Catch: java.lang.Exception -> L5b java.lang.Throwable -> L77
            if (r2 == 0) goto L46
            boolean r0 = r2.isClosed()
            if (r0 != 0) goto L46
            r2.close()
        L46:
            return r3
        L47:
            io.realm.RealmConfiguration r1 = getRealmConfig()     // Catch: java.lang.Exception -> L5b java.lang.Throwable -> L77
            com.ekoapp.eko.Utils.RealmUtil$BetterTransaction r3 = getInitKekTransaction()     // Catch: java.lang.Exception -> L5b java.lang.Throwable -> L77
            com.ekoapp.eko.Utils.RealmUtil.executeTransaction(r1, r3)     // Catch: java.lang.Exception -> L5b java.lang.Throwable -> L77
            if (r2 == 0) goto L76
            boolean r1 = r2.isClosed()
            if (r1 != 0) goto L76
            goto L73
        L5b:
            r1 = move-exception
            goto L63
        L5d:
            r1 = move-exception
            r2 = r0
            r0 = r1
            goto L78
        L61:
            r1 = move-exception
            r2 = r0
        L63:
            java.lang.String r3 = ""
            r4 = 0
            java.lang.Object[] r4 = new java.lang.Object[r4]     // Catch: java.lang.Throwable -> L77
            timber.log.Timber.e(r1, r3, r4)     // Catch: java.lang.Throwable -> L77
            if (r2 == 0) goto L76
            boolean r1 = r2.isClosed()
            if (r1 != 0) goto L76
        L73:
            r2.close()
        L76:
            return r0
        L77:
            r0 = move-exception
        L78:
            if (r2 == 0) goto L83
            boolean r1 = r2.isClosed()
            if (r1 != 0) goto L83
            r2.close()
        L83:
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ekoapp.crypto.kms.KMS.getKek():byte[]");
    }

    public DEK newDek(String str, byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        String encryptKey = encryptKey(bArr, bArr2);
        DEK dek = new DEK();
        dek.setId(str);
        dek.setEncryptedKey(encryptKey);
        this.mKeyCache.put(str, bArr2);
        return dek;
    }
}
