package info.guardianproject.cacheword;

import android.content.Context;
import android.util.Log;
import java.security.GeneralSecurityException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class PassphraseSecrets implements ICachedSecrets {
    private static final String TAG = "PassphraseSecrets";
    private final SecretKey mSecretKey;

    private PassphraseSecrets(SecretKey secretKey) throws GeneralSecurityException {
        this.mSecretKey = secretKey;
    }

    private PassphraseSecrets(byte[] bArr) throws GeneralSecurityException {
        this.mSecretKey = new SecretKeySpec(bArr, "AES");
    }

    private static int calibrateKDF(Context context) throws GeneralSecurityException {
        int pBKDF2MinimumIterationCount = getPBKDF2MinimumIterationCount(context);
        if (!getPBKDF2AutoCalibrationEnabled(context)) {
            return pBKDF2MinimumIterationCount;
        }
        int max = Math.max(pBKDF2MinimumIterationCount, new KDFIterationCalibrator(30).chooseIterationCount(1000));
        Log.d(TAG, "calibrateKDF() selected: " + max);
        return max;
    }

    public static PassphraseSecrets changePassphrase(Context context, PassphraseSecrets passphraseSecrets, char[] cArr) {
        byte[] bArr = null;
        try {
            try {
                bArr = passphraseSecrets.getSecretKey().getEncoded();
                if (!encryptAndSave(context, cArr, bArr)) {
                    Wiper.wipe(cArr);
                    Wiper.wipe(bArr);
                    passphraseSecrets = null;
                }
            } catch (GeneralSecurityException e) {
                Log.e(TAG, "changePassphrase failed: " + e.getClass().getName() + " : " + e.getMessage());
                Wiper.wipe(cArr);
                Wiper.wipe(bArr);
                passphraseSecrets = null;
            }
            return passphraseSecrets;
        } finally {
            Wiper.wipe(cArr);
            Wiper.wipe(bArr);
        }
    }

    private static boolean encryptAndSave(Context context, char[] cArr, byte[] bArr) throws GeneralSecurityException {
        return SecretsManager.saveBytes(context, Constants.SHARED_PREFS_SECRETS, new PassphraseSecretsImpl().encryptWithPassphrase(context, cArr, bArr, calibrateKDF(context)).concatenate());
    }

    public static PassphraseSecrets fetchSecrets(Context context, char[] cArr) throws GeneralSecurityException {
        SerializedSecretsV1 loadSecrets = new SerializedSecretsLoader().loadSecrets(SecretsManager.getBytes(context, Constants.SHARED_PREFS_SECRETS));
        byte[] bArr = null;
        try {
            bArr = new PassphraseSecretsImpl().decryptWithPassphrase(cArr, loadSecrets);
            PassphraseSecrets passphraseSecrets = new PassphraseSecrets(bArr);
            if (loadSecrets.pbkdf_iter_count >= getPBKDF2MinimumIterationCount(context) || (passphraseSecrets = changePassphrase(context, passphraseSecrets, cArr)) != null) {
                return passphraseSecrets;
            }
            throw new GeneralSecurityException("Upgrading iteration count failed during save");
        } finally {
            Wiper.wipe(cArr);
            Wiper.wipe(bArr);
        }
    }

    private static boolean getPBKDF2AutoCalibrationEnabled(Context context) {
        return context.getResources().getBoolean(R.bool.cacheword_pbkdf2_auto_calibrate);
    }

    private static int getPBKDF2MinimumIterationCount(Context context) {
        return context.getResources().getInteger(R.integer.cacheword_pbkdf2_minimum_iteration_count);
    }

    public static PassphraseSecrets initializeSecrets(Context context, char[] cArr) {
        PassphraseSecrets passphraseSecrets;
        try {
            try {
                SecretKeySpec secretKeySpec = (SecretKeySpec) new PassphraseSecretsImpl().generateSecretKey();
                boolean encryptAndSave = encryptAndSave(context, cArr, secretKeySpec.getEncoded());
                SecretsManager.setInitialized(context, encryptAndSave);
                if (encryptAndSave) {
                    passphraseSecrets = new PassphraseSecrets(secretKeySpec);
                } else {
                    Wiper.wipe(cArr);
                    passphraseSecrets = null;
                }
            } catch (GeneralSecurityException e) {
                Log.e(TAG, "initializeSecrets failed: " + e.getClass().getName() + " : " + e.getMessage());
                Wiper.wipe(cArr);
                passphraseSecrets = null;
            }
            return passphraseSecrets;
        } finally {
            Wiper.wipe(cArr);
        }
    }

    @Override // info.guardianproject.cacheword.ICachedSecrets
    public void destroy() {
        Log.d(TAG, "destroy()");
        Wiper.wipe((SecretKeySpec) this.mSecretKey);
    }

    public SecretKey getSecretKey() {
        return this.mSecretKey;
    }
}
