package org.thoughtcrime.securesms.crypto;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.util.Arrays;
import java.util.UUID;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import org.signal.core.util.Base64;
import org.signal.core.util.logging.Log;
import org.signal.libsignal.protocol.InvalidKeyException;
import org.signal.libsignal.protocol.ecc.Curve;
import org.signal.libsignal.protocol.ecc.ECKeyPair;
import org.thoughtcrime.securesms.util.Util;

/* loaded from: classes3.dex */
public class MasterSecretUtil {
    private static final String ASYMMETRIC_LOCAL_PRIVATE_DJB = "asymmetric_master_secret_curve25519_private";
    private static final String ASYMMETRIC_LOCAL_PUBLIC_DJB = "asymmetric_master_secret_curve25519_public";
    private static final String KEY_ALIAS_DEFAULT = "MollySecret";
    private static final String PREFERENCES_NAME = "MasterKeys";
    private static final String TAG = Log.tag((Class<?>) MasterSecretUtil.class);
    private static final char[] UNENCRYPTED_PASSPHRASE = "unencrypted".toCharArray();

    public static MasterSecret changeMasterSecretPassphrase(Context context, char[] cArr, char[] cArr2) throws InvalidPassphraseException, UnrecoverableKeyException {
        MasterSecret masterSecret = getMasterSecret(context, cArr);
        changeMasterSecretPassphrase(context, masterSecret, cArr2);
        return masterSecret;
    }

    private static void changeMasterSecretPassphrase(Context context, MasterSecret masterSecret, char[] cArr) {
        SecureSecretKeySpec deriveKey;
        String str;
        SharedPreferences.Editor edit = getSharedPreferences(context).edit();
        String retrieve = retrieve(context, "keystore_alias", KEY_ALIAS_DEFAULT);
        if (isUnencryptedPassphrase(cArr)) {
            deriveKey = getUnencryptedKey();
            str = null;
        } else {
            PassphraseBasedKdf passphraseBasedKdf = new PassphraseBasedKdf();
            System.gc();
            passphraseBasedKdf.findParameters(Util.getAvailMemory(context) / 2);
            String uuid = UUID.randomUUID().toString();
            passphraseBasedKdf.setHmacKey(KeyStoreHelper.createKeyStoreEntryHmac(uuid, hasStrongBox(context)));
            byte[] generateSalt = generateSalt();
            edit.putString("passphrase_salt", Base64.encodeWithPadding(generateSalt));
            edit.putString("kdf_parameters", passphraseBasedKdf.getParameters());
            edit.putLong("kdf_elapsed", passphraseBasedKdf.getElapsedTimeMillis());
            deriveKey = passphraseBasedKdf.deriveKey(cArr, generateSalt);
            str = uuid;
        }
        byte[] generateIV = generateIV();
        byte[] combine = Util.combine(masterSecret.getEncryptionKey().getEncoded(), masterSecret.getMacKey().getEncoded());
        byte[] encrypt = encrypt(generateIV, combine, deriveKey);
        Arrays.fill(combine, (byte) 0);
        deriveKey.destroy();
        edit.putString("encryption_iv", Base64.encodeWithPadding(generateIV));
        edit.putString("master_secret", Base64.encodeWithPadding(encrypt));
        edit.putBoolean("passphrase_initialized", true);
        edit.putBoolean("keystore_initialized", str != null);
        edit.putString("keystore_alias", str);
        if (!edit.commit()) {
            throw new AssertionError("failed to save preferences in MasterSecretUtil");
        }
        if (retrieve != null) {
            KeyStoreHelper.deleteKeyStoreEntry(retrieve);
        }
    }

    private static byte[] decrypt(byte[] bArr, byte[] bArr2, SecretKey secretKey) throws BadPaddingException {
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, secretKey, new GCMParameterSpec(128, bArr));
            return cipher.doFinal(bArr2);
        } catch (BadPaddingException e) {
            throw e;
        } catch (GeneralSecurityException e2) {
            throw new AssertionError(e2);
        }
    }

    private static byte[] encrypt(byte[] bArr, byte[] bArr2, SecretKey secretKey) {
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKey, new GCMParameterSpec(128, bArr));
            return cipher.doFinal(bArr2);
        } catch (GeneralSecurityException e) {
            throw new AssertionError(e);
        }
    }

    public static AsymmetricMasterSecret generateAsymmetricMasterSecret(Context context, MasterSecret masterSecret) {
        MasterCipher masterCipher = new MasterCipher(masterSecret);
        ECKeyPair generateKeyPair = Curve.generateKeyPair();
        if (getSharedPreferences(context).edit().putString(ASYMMETRIC_LOCAL_PUBLIC_DJB, Base64.encodeWithPadding(masterCipher.encryptPublicKey(generateKeyPair.getPublicKey()))).putString(ASYMMETRIC_LOCAL_PRIVATE_DJB, Base64.encodeWithPadding(masterCipher.encryptPrivateKey(generateKeyPair.getPrivateKey()))).commit()) {
            return new AsymmetricMasterSecret(generateKeyPair.getPublicKey(), generateKeyPair.getPrivateKey());
        }
        throw new AssertionError("failed to save preferences in MasterSecretUtil");
    }

    private static byte[] generateEncryptionSecret() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            return keyGenerator.generateKey().getEncoded();
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    private static byte[] generateIV() {
        return Util.getSecretBytes(12);
    }

    private static byte[] generateMacSecret() {
        try {
            return KeyGenerator.getInstance("HmacSHA256").generateKey().getEncoded();
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    public static MasterSecret generateMasterSecret(Context context, char[] cArr) {
        byte[] generateEncryptionSecret = generateEncryptionSecret();
        byte[] generateMacSecret = generateMacSecret();
        MasterSecret masterSecret = new MasterSecret(generateEncryptionSecret, generateMacSecret);
        Arrays.fill(generateEncryptionSecret, (byte) 0);
        Arrays.fill(generateMacSecret, (byte) 0);
        changeMasterSecretPassphrase(context, masterSecret, cArr);
        return masterSecret;
    }

    private static byte[] generateSalt() {
        return Util.getSecretBytes(16);
    }

    public static AsymmetricMasterSecret getAsymmetricMasterSecret(Context context, MasterSecret masterSecret) {
        try {
            byte[] retrieve = retrieve(context, ASYMMETRIC_LOCAL_PUBLIC_DJB);
            byte[] retrieve2 = retrieve(context, ASYMMETRIC_LOCAL_PRIVATE_DJB);
            MasterCipher masterCipher = new MasterCipher(masterSecret);
            return new AsymmetricMasterSecret(masterCipher.decryptPublicKey(retrieve), masterCipher.decryptPrivateKey(retrieve2));
        } catch (InvalidKeyException e) {
            throw new SecurityException(e);
        }
    }

    public static long getKdfElapsedTimeMillis(Context context) {
        return retrieve(context, "kdf_elapsed", 0L);
    }

    public static MasterSecret getMasterSecret(Context context, char[] cArr) throws InvalidPassphraseException, UnrecoverableKeyException {
        SecureSecretKeySpec deriveKey;
        byte[] retrieve = retrieve(context, "passphrase_salt");
        String retrieve2 = retrieve(context, "kdf_parameters", "");
        byte[] retrieve3 = retrieve(context, "master_secret");
        byte[] retrieve4 = retrieve(context, "encryption_iv");
        boolean retrieve5 = retrieve(context, "keystore_initialized", false);
        String retrieve6 = retrieve(context, "keystore_alias", KEY_ALIAS_DEFAULT);
        if (isUnencryptedPassphrase(cArr)) {
            deriveKey = getUnencryptedKey();
        } else {
            PassphraseBasedKdf passphraseBasedKdf = new PassphraseBasedKdf();
            passphraseBasedKdf.setParameters(retrieve2);
            if (retrieve5) {
                try {
                    passphraseBasedKdf.setHmacKey(KeyStoreHelper.getKeyStoreEntryHmac(retrieve6));
                } catch (UnrecoverableEntryException e) {
                    throw new UnrecoverableKeyException(e);
                }
            }
            deriveKey = passphraseBasedKdf.deriveKey(cArr, retrieve);
        }
        try {
            try {
                byte[] decrypt = decrypt(retrieve4, retrieve3, deriveKey);
                byte[] bArr = Util.split(decrypt, 32, 32)[0];
                byte[] bArr2 = Util.split(decrypt, 32, 32)[1];
                Arrays.fill(decrypt, (byte) 0);
                MasterSecret masterSecret = new MasterSecret(bArr, bArr2);
                Arrays.fill(bArr, (byte) 0);
                Arrays.fill(bArr2, (byte) 0);
                if (!retrieve5 && !isUnencryptedPassphrase(cArr)) {
                    Log.i(TAG, "KeyStore is available. Forcing master secret re-encryption to use it.");
                    changeMasterSecretPassphrase(context, masterSecret, cArr);
                }
                return masterSecret;
            } catch (BadPaddingException e2) {
                throw new InvalidPassphraseException(e2);
            }
        } finally {
            deriveKey.destroy();
        }
    }

    private static SharedPreferences getSharedPreferences(Context context) {
        return context.getSharedPreferences(PREFERENCES_NAME, 0);
    }

    private static SecureSecretKeySpec getUnencryptedKey() {
        return new SecureSecretKeySpec(new byte[32], "AES");
    }

    public static char[] getUnencryptedPassphrase() {
        return (char[]) UNENCRYPTED_PASSPHRASE.clone();
    }

    private static boolean hasStrongBox(Context context) {
        return Build.VERSION.SDK_INT >= 28 && context.getPackageManager().hasSystemFeature("android.hardware.strongbox_keystore");
    }

    public static boolean isKeyStoreInitialized(Context context) {
        return retrieve(context, "keystore_initialized", false);
    }

    public static boolean isPassphraseInitialized(Context context) {
        return retrieve(context, "passphrase_initialized", false);
    }

    private static boolean isUnencryptedPassphrase(char[] cArr) {
        return Arrays.equals(UNENCRYPTED_PASSPHRASE, cArr);
    }

    private static long retrieve(Context context, String str, long j) {
        return getSharedPreferences(context).getLong(str, j);
    }

    private static String retrieve(Context context, String str, String str2) {
        return getSharedPreferences(context).getString(str, str2);
    }

    private static boolean retrieve(Context context, String str, boolean z) {
        return getSharedPreferences(context).getBoolean(str, z);
    }

    private static byte[] retrieve(Context context, String str) {
        String string = getSharedPreferences(context).getString(str, "");
        try {
            return string == null ? new byte[0] : Base64.decode(string);
        } catch (IOException e) {
            throw new AssertionError(e);
        }
    }
}
