package info.guardianproject.cacheword;

import android.content.Context;
import android.util.Log;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class PassphraseSecrets implements ICachedSecrets {
    private static final String TAG = "PassphraseSecrets";
    private final SecretKey mSecretKey;

    /* loaded from: classes.dex */
    private static class SerializedSecrets {
        public byte[] ciphertext;
        public byte[] iv;
        public byte[] salt;
        public byte[] serialized;

        public SerializedSecrets(byte[] bArr) {
            this.serialized = bArr;
        }

        public SerializedSecrets(byte[] bArr, byte[] bArr2, byte[] bArr3) {
            this.salt = bArr;
            this.iv = bArr2;
            this.ciphertext = bArr3;
        }

        public byte[] concatenate() {
            this.serialized = new byte[this.salt.length + this.iv.length + this.ciphertext.length];
            ByteBuffer wrap = ByteBuffer.wrap(this.serialized);
            wrap.put(this.salt);
            wrap.put(this.iv);
            wrap.put(this.ciphertext);
            this.serialized = wrap.array();
            return this.serialized;
        }

        public void parse() {
            this.salt = new byte[16];
            this.iv = new byte[12];
            this.ciphertext = new byte[(this.serialized.length - 16) - 12];
            ByteBuffer wrap = ByteBuffer.wrap(this.serialized);
            wrap.get(this.salt);
            wrap.get(this.iv);
            wrap.get(this.ciphertext);
        }
    }

    private PassphraseSecrets(SecretKey secretKey) throws GeneralSecurityException {
        this.mSecretKey = secretKey;
    }

    private PassphraseSecrets(byte[] bArr) throws GeneralSecurityException {
        this.mSecretKey = new SecretKeySpec(bArr, "AES");
    }

    private static byte[] decryptSecretKey(SecretKey secretKey, byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, secretKey, new IvParameterSpec(bArr));
        return cipher.doFinal(bArr2);
    }

    private static byte[] encryptSecretKey(SecretKey secretKey, byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, secretKey, new IvParameterSpec(bArr));
        return cipher.doFinal(bArr2);
    }

    public static PassphraseSecrets fetchSecrets(Context context, char[] cArr) throws GeneralSecurityException {
        byte[] bArr = null;
        try {
            SerializedSecrets serializedSecrets = new SerializedSecrets(SecretsManager.getBytes(context, Constants.SHARED_PREFS_SECRETS));
            serializedSecrets.parse();
            byte[] bArr2 = serializedSecrets.salt;
            bArr = decryptSecretKey(hashPassphrase(cArr, bArr2), serializedSecrets.iv, serializedSecrets.ciphertext);
            return new PassphraseSecrets(bArr);
        } finally {
            Wiper.wipe(cArr);
            Wiper.wipe(bArr);
        }
    }

    private static byte[] generateIv(int i) throws NoSuchAlgorithmException {
        byte[] bArr = new byte[i];
        SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
        return bArr;
    }

    private static byte[] generateSalt(int i) throws NoSuchAlgorithmException {
        byte[] bArr = new byte[i];
        SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
        return bArr;
    }

    private static SecretKey generateSecretKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            return null;
        }
    }

    private static SecretKeySpec hashPassphrase(char[] cArr, byte[] bArr) throws GeneralSecurityException {
        PBEKeySpec pBEKeySpec;
        PBEKeySpec pBEKeySpec2 = null;
        try {
            pBEKeySpec = new PBEKeySpec(cArr, bArr, 100, 128);
        } catch (Throwable th) {
            th = th;
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(pBEKeySpec).getEncoded(), "AES");
            Wiper.wipe(pBEKeySpec);
            return secretKeySpec;
        } catch (Throwable th2) {
            th = th2;
            pBEKeySpec2 = pBEKeySpec;
            Wiper.wipe(pBEKeySpec2);
            throw th;
        }
    }

    public static PassphraseSecrets initializeSecrets(Context context, char[] cArr) {
        PassphraseSecrets passphraseSecrets;
        SecretKeySpec secretKeySpec = null;
        try {
            byte[] generateSalt = generateSalt(16);
            byte[] generateIv = generateIv(12);
            secretKeySpec = hashPassphrase(cArr, generateSalt);
            SecretKey generateSecretKey = generateSecretKey();
            SecretsManager.setInitialized(context, SecretsManager.saveBytes(context, Constants.SHARED_PREFS_SECRETS, new SerializedSecrets(generateSalt, generateIv, encryptSecretKey(secretKeySpec, generateIv, generateSecretKey.getEncoded())).concatenate()));
            passphraseSecrets = new PassphraseSecrets(generateSecretKey);
        } catch (GeneralSecurityException e) {
            Log.e(TAG, "initializeSecrets failed: " + e.getClass().getName() + " : " + e.getMessage());
            passphraseSecrets = null;
        } finally {
            Wiper.wipe(cArr);
            Wiper.wipe(secretKeySpec);
        }
        return passphraseSecrets;
    }

    @Override // info.guardianproject.cacheword.ICachedSecrets
    public void destroy() {
        Log.d(TAG, "destroy()");
        Wiper.wipe((SecretKeySpec) this.mSecretKey);
    }

    public SecretKey getSecretKey() {
        return this.mSecretKey;
    }
}
