package com.agilebits.onepassword.mgr;

import android.content.Context;
import com.agilebits.onepassword.b5.crypto.B5CryptoUtils;
import com.agilebits.onepassword.b5.dataobj.Account;
import com.agilebits.onepassword.b5.dataobj.Keyset;
import com.agilebits.onepassword.b5.utils.ValidatePwdResult;
import com.agilebits.onepassword.crypto.MyPBKDF2Engine;
import com.agilebits.onepassword.db.DbAdapter;
import com.agilebits.onepassword.enums.Enumerations;
import com.agilebits.onepassword.model.EncrKeyRec;
import com.agilebits.onepassword.model.ExternalKeyRec;
import com.agilebits.onepassword.support.Base64;
import com.agilebits.onepassword.support.CommonConstants;
import com.agilebits.onepassword.support.LogUtils;
import com.agilebits.onepassword.support.Utils;
import com.agilebits.onepassword.wifi.encryption.EncryptionUtils;
import de.rtner.misc.BinTools;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes.dex */
public class EncryptionMgr {
    public static final int ENCR_KEY_LEN_BYTES = 256;
    public static final int ENCR_KEY_LEN_SHORT_BYTES = 128;
    public static final int MASTER_KEY_LEN = 2048;

    public static EncrKeyRec createEncrKeyRec(String str) throws Exception {
        return setEncrKeyRecProperties(str, new EncrKeyRec(), getGeneratedKey());
    }

    public static String decrypt(String str, byte[] bArr) throws Exception {
        return new String(MyPBKDF2Engine.decrypt(Base64.decodeBase64(str), bArr, bArr.length / 8));
    }

    public static byte[] decrypt(byte[] bArr, byte[] bArr2) throws Exception {
        return MyPBKDF2Engine.decrypt(bArr, bArr2, bArr2.length / 8);
    }

    public static byte[] decryptWithPBKDEF2(byte[] bArr, String str) throws Exception {
        return MyPBKDF2Engine.decryptWithPBKDF2(bArr, str, CommonConstants.NO_OF_ITERATIONS_MASTER_KEY);
    }

    public static String encrypt(String str, byte[] bArr) throws Exception {
        return Base64.encodeBase64String(MyPBKDF2Engine.encrypt(str.getBytes(), bArr, bArr.length / 8));
    }

    public static byte[] encrypt(byte[] bArr, byte[] bArr2) throws Exception {
        return MyPBKDF2Engine.encrypt(bArr, bArr2, bArr2.length / 8);
    }

    public static byte[] encryptWithPBKDEF2(byte[] bArr, String str) throws Exception {
        return MyPBKDF2Engine.encryptWithPBKDF2(bArr, str, CommonConstants.NO_OF_ITERATIONS_MASTER_KEY);
    }

    public static byte[] getGeneratedKey() throws NoSuchAlgorithmException, NoSuchProviderException {
        return MyPBKDF2Engine.getGeneratedKey(2048);
    }

    public static byte[] getGeneratedKeyShort() throws NoSuchAlgorithmException, NoSuchProviderException {
        return MyPBKDF2Engine.getGeneratedKey(1024);
    }

    private static EncrKeyRec setEncrKeyRecProperties(String str, EncrKeyRec encrKeyRec, byte[] bArr) throws Exception {
        byte[] encryptWithPBKDEF2 = encryptWithPBKDEF2(bArr, str);
        byte[] encrypt = encrypt(bArr, bArr);
        encrKeyRec.mEncrData = BinTools.bin2hex(encryptWithPBKDEF2);
        encrKeyRec.mValidationString = BinTools.bin2hex(encrypt);
        encrKeyRec.mTimeStamp = System.currentTimeMillis();
        encrKeyRec.setShortArr(bArr);
        return encrKeyRec;
    }

    public static EncrKeyRec updateEncrKeyRec(String str, EncrKeyRec encrKeyRec) throws Exception {
        return setEncrKeyRecProperties(str, encrKeyRec, encrKeyRec.getMasterKeyBa());
    }

    public static boolean validateExternalKey(ExternalKeyRec externalKeyRec, String str) {
        int i = externalKeyRec.hasOneSecurityLevel() ? 256 : 128;
        if (!externalKeyRec.isValid()) {
            return false;
        }
        try {
            byte[] decryptWithPBKDF2 = MyPBKDF2Engine.decryptWithPBKDF2(Base64.decodeBase64(externalKeyRec.mEncrDataSL5), str, externalKeyRec.getIterationsSL5());
            if (decryptWithPBKDF2 == null || decryptWithPBKDF2.length <= 0) {
                return false;
            }
            boolean equals = Arrays.equals(MyPBKDF2Engine.decrypt(Base64.decodeBase64(externalKeyRec.getEncrValidationSL5().replaceAll("0000$", "")), decryptWithPBKDF2, i), decryptWithPBKDF2);
            if (equals) {
                externalKeyRec.setEncrKeyArraySL5(decryptWithPBKDF2);
                if (!externalKeyRec.hasOneSecurityLevel()) {
                    byte[] decryptWithPBKDF22 = MyPBKDF2Engine.decryptWithPBKDF2(Base64.decodeBase64(externalKeyRec.mEncrDataSL3), str, externalKeyRec.getIterationsSL3());
                    boolean equals2 = Arrays.equals(MyPBKDF2Engine.decrypt(Base64.decodeBase64(externalKeyRec.getEncrValidationSL3()), decryptWithPBKDF22, i), decryptWithPBKDF22);
                    if (equals2) {
                        externalKeyRec.setEncrKeyArraySL3(decryptWithPBKDF22);
                    }
                    return equals2;
                }
                externalKeyRec.setEncrKeyArraySL3(decryptWithPBKDF2);
            }
            return equals;
        } catch (Exception e) {
            LogUtils.logMsg("Failed pwd validation: " + e.getMessage());
            return false;
        }
    }

    public static Enumerations.ValidationResultEnum validatePassword(EncrKeyRec encrKeyRec, String str, Context context) {
        byte[] decryptWithPBKDEF2;
        byte[] bArr;
        Enumerations.ValidationResultEnum validationResultEnum;
        String str2;
        Enumerations.ValidationResultEnum validationResultEnum2 = Enumerations.ValidationResultEnum.VALIDATION_FAILED;
        System.currentTimeMillis();
        if (encrKeyRec.isReadyForValidation(context)) {
            try {
                if (EncryptionUtils.isOpDataFormat(encrKeyRec.getData())) {
                    decryptWithPBKDEF2 = EncryptionUtils.decryptWithPBKDEF2(BinTools.hex2bin(encrKeyRec.getData()), Base64.decodeBase64(encrKeyRec.getSalt()), str, (int) encrKeyRec.mIterations);
                    bArr = EncryptionUtils.decryptWithPBKDEF2(BinTools.hex2bin(encrKeyRec.getOverviewKey()), Base64.decodeBase64(encrKeyRec.getSalt()), str, (int) encrKeyRec.mIterations);
                } else {
                    decryptWithPBKDEF2 = decryptWithPBKDEF2(BinTools.hex2bin(encrKeyRec.getData()), str);
                    bArr = null;
                }
                if (decryptWithPBKDEF2 != null && decryptWithPBKDEF2.length > 0) {
                    if (encrKeyRec.isOpv()) {
                        encrKeyRec.setMasterPwd(EncryptionUtils.encryptItemSecureData(str, decryptWithPBKDEF2));
                        encrKeyRec.setShortArrOv(bArr);
                        validationResultEnum = Enumerations.ValidationResultEnum.VALIDATION_OK;
                    } else {
                        byte[] decrypt = decrypt(BinTools.hex2bin(encrKeyRec.getValidation()), decryptWithPBKDEF2);
                        validationResultEnum = (decrypt == null || decrypt.length <= 0 || !Arrays.equals(decrypt, decryptWithPBKDEF2)) ? Enumerations.ValidationResultEnum.VALIDATION_FAILED : Enumerations.ValidationResultEnum.VALIDATION_OK;
                        try {
                            encrKeyRec.setMasterPwd(encrypt(str.getBytes(), decryptWithPBKDEF2));
                        } catch (Exception e) {
                            e = e;
                            validationResultEnum2 = validationResultEnum;
                            LogUtils.logMsg("Failed pwd validation: " + e.getMessage());
                            return validationResultEnum2 == Enumerations.ValidationResultEnum.VALIDATION_FAILED ? validationResultEnum2 : validationResultEnum2;
                        }
                    }
                    encrKeyRec.setShortArr(decryptWithPBKDEF2);
                    validationResultEnum2 = validationResultEnum;
                }
            } catch (Exception e2) {
                e = e2;
            }
        }
        if (validationResultEnum2 == Enumerations.ValidationResultEnum.VALIDATION_FAILED || !encrKeyRec.isReadyForValidation(context) || !encrKeyRec.isUpdated()) {
            return validationResultEnum2;
        }
        long currentTimeMillis = System.currentTimeMillis();
        try {
            byte[] decryptWithPBKDF2 = MyPBKDF2Engine.decryptWithPBKDF2(BinTools.hex2bin(encrKeyRec.mNewExternalKey), str, (int) encrKeyRec.mNewIterations);
            StringBuilder sb = new StringBuilder();
            sb.append("=====>just tried for ");
            sb.append(System.currentTimeMillis() - currentTimeMillis);
            sb.append(" externalKey length=");
            if (decryptWithPBKDF2 == null) {
                str2 = "null";
            } else {
                str2 = decryptWithPBKDF2.length + "";
            }
            sb.append(str2);
            LogUtils.logMsg(sb.toString());
            if (decryptWithPBKDF2 == null || decryptWithPBKDF2.length <= 0) {
                return validationResultEnum2;
            }
            byte[] decrypt2 = decrypt(BinTools.hex2bin(encrKeyRec.mNewValidation), decryptWithPBKDF2);
            Enumerations.ValidationResultEnum validationResultEnum3 = (decrypt2 == null || decrypt2.length <= 0 || !Arrays.equals(decrypt2, decryptWithPBKDF2)) ? Enumerations.ValidationResultEnum.VALIDATION_FAILED : Enumerations.ValidationResultEnum.PWD_CHANGED;
            try {
                if (validationResultEnum3 == Enumerations.ValidationResultEnum.PWD_CHANGED) {
                    try {
                        RecordMgrOpv recordMgr = DbAdapter.getDbAdapter(context).getRecordMgr();
                        ExternalKeyRec extKeyRecFromDb = recordMgr.getExtKeyRecFromDb();
                        if (extKeyRecFromDb != null) {
                            encrKeyRec.setShortArr(decrypt(BinTools.hex2bin(extKeyRecFromDb.mMasterKeyEncr), decryptWithPBKDF2));
                            recordMgr.saveEncrKeyRec(str, null);
                            return Enumerations.ValidationResultEnum.PWD_CHANGED;
                        }
                    } catch (Exception e3) {
                        LogUtils.logMsg("internal error: cannot decrypt stored master key with externalMasterKeySL5" + Utils.getStackTraceFormatted(e3));
                    }
                }
                return validationResultEnum3;
            } catch (Exception e4) {
                e = e4;
                validationResultEnum2 = validationResultEnum3;
                LogUtils.logMsg("Failed pwd validation:" + Utils.getExceptionMsg(e));
                return validationResultEnum2;
            }
        } catch (Exception e5) {
            e = e5;
        }
    }

    public static Enumerations.ValidationResultEnum validatePasswordB5OnlyMode(Account account, EncrKeyRec encrKeyRec, String str, Context context, StringBuffer stringBuffer) {
        Keyset keyset;
        Enumerations.ValidationResultEnum validationResultEnum = Enumerations.ValidationResultEnum.VALIDATION_FAILED;
        long currentTimeMillis = System.currentTimeMillis();
        LogUtils.logB5Msg("Validating password");
        try {
            Iterator<Keyset> it = account.getKeysets().iterator();
            while (true) {
                if (!it.hasNext()) {
                    keyset = null;
                    break;
                }
                Keyset next = it.next();
                if (next.mEncrBy.equals("mp")) {
                    keyset = next;
                    break;
                }
            }
            ValidatePwdResult validatePwd = B5CryptoUtils.validatePwd(context, keyset, str, account.mEmail, account.getAccountKey(), true);
            if (stringBuffer != null) {
                stringBuffer.append(StringUtils.LF + validatePwd.getUnlockingTrace());
            }
            encrKeyRec.setShortArr(validatePwd.getSymmKey().getKey().getEncoded());
            LogUtils.logB5Msg("Validated OK. Duration:" + (new Date().getTime() - currentTimeMillis) + " ms.");
            return Enumerations.ValidationResultEnum.VALIDATION_OK;
        } catch (Exception e) {
            LogUtils.logB5Msg("validatePassword: FAIL:" + Utils.getExceptionMsg(e));
            return validationResultEnum;
        }
    }

    public static boolean verifyExternalKey(ExternalKeyRec externalKeyRec, ExternalKeyRec externalKeyRec2, byte[] bArr) {
        int i = externalKeyRec.hasOneSecurityLevel() ? 256 : 128;
        try {
            byte[] decrypt = decrypt(BinTools.hex2bin(externalKeyRec2.mEncrDataSL3), bArr);
            byte[] decrypt2 = decrypt(BinTools.hex2bin(externalKeyRec2.mEncrDataSL5), bArr);
            boolean verifyKey = verifyKey(externalKeyRec.getEncrValidationSL5(), decrypt2, i);
            if (verifyKey) {
                verifyKey = verifyKey(externalKeyRec.getEncrValidationSL3(), decrypt, i);
            }
            if (verifyKey) {
                externalKeyRec.setEncrKeyArraySL3(decrypt);
                externalKeyRec.setEncrKeyArraySL5(decrypt2);
            }
            return verifyKey;
        } catch (Exception unused) {
            return false;
        }
    }

    private static boolean verifyKey(String str, byte[] bArr, int i) {
        try {
            return Arrays.equals(MyPBKDF2Engine.decrypt(Base64.decodeBase64(str), bArr, i), bArr);
        } catch (Exception unused) {
            return false;
        }
    }
}
