package io.github.muntashirakon.AppManager.crypto.ks;

import android.app.PendingIntent;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.content.SharedPreferences;
import android.security.KeyPairGeneratorSpec;
import androidx.core.app.NotificationCompat;
import com.goterl.lazycode.lazysodium.interfaces.PwHash;
import io.github.muntashirakon.AppManager.AppManager;
import io.github.muntashirakon.AppManager.R;
import io.github.muntashirakon.AppManager.logs.Log;
import io.github.muntashirakon.AppManager.utils.IOUtils;
import io.github.muntashirakon.AppManager.utils.NotificationUtils;
import io.github.muntashirakon.AppManager.utils.Utils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Calendar;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class KeyStoreManager {
    public static final String ACTION_KS_INTERACTION_BEGIN = "io.github.muntashirakon.AppManager.action.KS_INTERACTION_BEGIN";
    public static final String ACTION_KS_INTERACTION_END = "io.github.muntashirakon.AppManager.action.KS_INTERACTION_END";
    private static final String AM_KEYSTORE = "JKS";
    private static final File AM_KEYSTORE_FILE;
    private static final String AM_KEYSTORE_FILE_NAME = "am_keystore.jks";
    private static final String ANDROID_KEYSTORE = "AndroidKeyStore";
    private static final String ANDROID_KEYSTORE_ALIAS = "am_secret";
    private static final String CIPHER_ALGO_RSA = "RSA/ECB/PKCS1Padding";
    private static final String CIPHER_PROVIDER = "RSA/ECB/PKCS1Padding";
    private static KeyStoreManager INSTANCE = null;
    private static final String KEY_TYPE_RSA = "RSA";
    private static final String PREF_AM_KEYSTORE_PASS = "kspass";
    private static final String PREF_AM_KEYSTORE_PREFIX = "ks_";
    public static final String TAG = "KSManager";
    private static final KeyStore androidKeyStore;
    private static final SharedPreferences sharedPreferences;
    private final Context context;
    private boolean lock;
    private final BroadcastReceiver receiver = new BroadcastReceiver() { // from class: io.github.muntashirakon.AppManager.crypto.ks.KeyStoreManager.1
        @Override // android.content.BroadcastReceiver
        public void onReceive(Context context, Intent intent) {
            if (intent.getAction() == null) {
                return;
            }
            String action = intent.getAction();
            action.hashCode();
            if (action.equals(KeyStoreManager.ACTION_KS_INTERACTION_END)) {
                KeyStoreManager.this.releaseLock();
            }
        }
    };
    private final KeyStore amKeyStore = getAmKeyStore();

    static {
        Context context = AppManager.getContext();
        AM_KEYSTORE_FILE = new File(context.getFilesDir(), AM_KEYSTORE_FILE_NAME);
        androidKeyStore = getAndroidKeyStore();
        sharedPreferences = context.getSharedPreferences("keystore", 0);
    }

    private KeyStoreManager(Context context) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        this.context = context;
    }

    private void acquireLock() {
        this.lock = true;
        int i = 0;
        while (this.lock) {
            try {
                if (i % 200 == 0) {
                    Log.i(TAG, "Waiting for user interaction");
                }
                Thread.sleep(100L);
                if (i > 1000) {
                    return;
                } else {
                    i++;
                }
            } catch (InterruptedException e) {
                Log.e(TAG, "waitForResult: interrupted", e);
                this.lock = false;
                Thread.currentThread().interrupt();
                return;
            }
        }
    }

    private char[] getAliasPassword(String str) throws KeyStoreException {
        String prefAlias = getPrefAlias(str);
        SharedPreferences sharedPreferences2 = sharedPreferences;
        if (sharedPreferences2.contains(prefAlias)) {
            String string = sharedPreferences2.getString(prefAlias, null);
            if (string == null) {
                throw new KeyStoreException("Stored pass is empty for alias " + str);
            }
            char[] decryptedPassword = getDecryptedPassword(string);
            if (decryptedPassword != null) {
                return decryptedPassword;
            }
            throw new KeyStoreException("Decrypted pass is empty for alias " + str);
        }
        IntentFilter intentFilter = new IntentFilter(ACTION_KS_INTERACTION_BEGIN);
        intentFilter.addAction(ACTION_KS_INTERACTION_END);
        this.context.registerReceiver(this.receiver, intentFilter);
        this.context.sendBroadcast(new Intent(ACTION_KS_INTERACTION_BEGIN));
        Intent intent = new Intent(this.context, (Class<?>) KeyStoreActivity.class);
        intent.setFlags(PwHash.ARGON2ID_MEMLIMIT_MODERATE);
        intent.putExtra("type", 1);
        intent.putExtra(KeyStoreActivity.EXTRA_ALIAS, PREF_AM_KEYSTORE_PASS);
        NotificationCompat.Builder contentText = NotificationUtils.getHighPriorityNotificationBuilder(this.context).setAutoCancel(true).setDefaults(-1).setWhen(System.currentTimeMillis()).setSmallIcon(R.drawable.ic_launcher_foreground).setTicker("AM KeyStore").setContentTitle("AM KeyStore").setSubText("AM KeyStore").setContentText(this.context.getString(R.string.input_keystore_pass_msg));
        contentText.setContentIntent(PendingIntent.getActivity(this.context, 0, intent, 1207959552));
        NotificationUtils.displayHighPriorityNotification(this.context, contentText.build());
        acquireLock();
        this.context.unregisterReceiver(this.receiver);
        return getAliasPassword(str);
    }

    private KeyStore getAmKeyStore() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance(AM_KEYSTORE);
        File file = AM_KEYSTORE_FILE;
        if (file.exists()) {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                char[] amKeyStorePassword = getAmKeyStorePassword();
                keyStore.load(fileInputStream, amKeyStorePassword);
                Utils.clearChars(amKeyStorePassword);
                fileInputStream.close();
            } catch (Throwable th) {
                try {
                    throw th;
                } catch (Throwable th2) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                    throw th2;
                }
            }
        } else {
            keyStore.load(null);
        }
        return keyStore;
    }

    private static KeyStore getAndroidKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            if (!keyStore.containsAlias(ANDROID_KEYSTORE_ALIAS)) {
                sharedPreferences.edit().clear().apply();
                Calendar calendar = Calendar.getInstance();
                Calendar calendar2 = Calendar.getInstance();
                calendar2.add(1, 20);
                KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(AppManager.getContext()).setAlias(ANDROID_KEYSTORE_ALIAS).setSubject(new X500Principal("CN=App Manager")).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_TYPE_RSA, "AndroidKeyStore");
                keyPairGenerator.initialize(build);
                keyPairGenerator.generateKeyPair();
            }
            return keyStore;
        } catch (Exception e) {
            Log.e(TAG, "Could not initialize AndroidKeyStore", e);
            return null;
        }
    }

    private static char[] getDecryptedPassword(String str) {
        KeyStore keyStore;
        try {
            keyStore = androidKeyStore;
        } catch (Exception e) {
            Log.e("KS", "Could not get decrypted password for " + str, e);
        }
        if (keyStore == null) {
            throw new Exception("AndroidKeyStore wasn't initialized.");
        }
        if (keyStore.containsAlias(ANDROID_KEYSTORE_ALIAS)) {
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) ((KeyStore.PrivateKeyEntry) keyStore.getEntry(ANDROID_KEYSTORE_ALIAS, null)).getPrivateKey();
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "RSA/ECB/PKCS1Padding");
            cipher.init(2, rSAPrivateKey);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
            try {
                CipherInputStream cipherInputStream = new CipherInputStream(byteArrayInputStream, cipher);
                try {
                    char[] bytesToChars = Utils.bytesToChars(IOUtils.readFully(cipherInputStream, -1, true));
                    cipherInputStream.close();
                    byteArrayInputStream.close();
                    return bytesToChars;
                } finally {
                }
            } finally {
            }
        }
        return null;
    }

    private static String getEncryptedPassword(char[] cArr) {
        KeyStore keyStore;
        try {
            keyStore = androidKeyStore;
        } catch (Exception e) {
            Log.e("KS", "Could not get encrypted password", e);
        }
        if (keyStore == null) {
            throw new Exception("AndroidKeyStore wasn't initialized.");
        }
        if (keyStore.containsAlias(ANDROID_KEYSTORE_ALIAS)) {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) ((KeyStore.PrivateKeyEntry) keyStore.getEntry(ANDROID_KEYSTORE_ALIAS, null)).getCertificate().getPublicKey();
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "RSA/ECB/PKCS1Padding");
            cipher.init(1, rSAPublicKey);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
                try {
                    cipherOutputStream.write(Utils.charsToBytes(cArr));
                    Utils.clearChars(cArr);
                    String str = new String(byteArrayOutputStream.toByteArray());
                    cipherOutputStream.close();
                    byteArrayOutputStream.close();
                    return str;
                } finally {
                }
            } finally {
            }
        }
        return null;
    }

    public static KeyStoreManager getInstance() throws Exception {
        if (INSTANCE == null) {
            INSTANCE = new KeyStoreManager(AppManager.getContext());
        }
        return INSTANCE;
    }

    public static String getPrefAlias(String str) {
        return PREF_AM_KEYSTORE_PREFIX + str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void releaseLock() {
        this.lock = false;
    }

    public static void savePass(String str, char[] cArr) {
        sharedPreferences.edit().putString(str, getEncryptedPassword(cArr)).apply();
        Utils.clearChars(cArr);
    }

    public void addItem(String str, PrivateKey privateKey, X509Certificate x509Certificate, char[] cArr) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        String prefAlias = getPrefAlias(str);
        SharedPreferences sharedPreferences2 = sharedPreferences;
        if (sharedPreferences2.contains(prefAlias) && this.amKeyStore.containsAlias(str)) {
            throw new KeyStoreException("Alias " + str + " exists.");
        }
        char[] amKeyStorePassword = getAmKeyStorePassword();
        if (cArr == null) {
            cArr = amKeyStorePassword;
        }
        this.amKeyStore.setKeyEntry(str, privateKey, cArr, new X509Certificate[]{x509Certificate});
        String encryptedPassword = getEncryptedPassword(cArr);
        if (encryptedPassword == null) {
            this.amKeyStore.deleteEntry(str);
            throw new KeyStoreException("Password for " + str + " could not be saved.");
        }
        sharedPreferences2.edit().putString(prefAlias, encryptedPassword).apply();
        FileOutputStream fileOutputStream = new FileOutputStream(AM_KEYSTORE_FILE);
        try {
            this.amKeyStore.store(fileOutputStream, amKeyStorePassword);
            Utils.clearChars(amKeyStorePassword);
            Utils.clearChars(cArr);
            fileOutputStream.close();
        } finally {
        }
    }

    public char[] getAmKeyStorePassword() {
        String string = sharedPreferences.getString(PREF_AM_KEYSTORE_PASS, null);
        if (string != null) {
            char[] decryptedPassword = getDecryptedPassword(string);
            if (decryptedPassword != null) {
                return decryptedPassword;
            }
            throw new RuntimeException("Could not decrypt encrypted password.");
        }
        IntentFilter intentFilter = new IntentFilter(ACTION_KS_INTERACTION_BEGIN);
        intentFilter.addAction(ACTION_KS_INTERACTION_END);
        this.context.registerReceiver(this.receiver, intentFilter);
        this.context.sendBroadcast(new Intent(ACTION_KS_INTERACTION_BEGIN));
        Intent intent = new Intent(this.context, (Class<?>) KeyStoreActivity.class);
        intent.setFlags(PwHash.ARGON2ID_MEMLIMIT_MODERATE);
        intent.putExtra("type", 1);
        intent.putExtra(KeyStoreActivity.EXTRA_ALIAS, PREF_AM_KEYSTORE_PASS);
        NotificationCompat.Builder contentText = NotificationUtils.getHighPriorityNotificationBuilder(this.context).setAutoCancel(true).setDefaults(-1).setWhen(System.currentTimeMillis()).setSmallIcon(R.drawable.ic_launcher_foreground).setTicker("AM KeyStore").setContentTitle("AM KeyStore").setSubText("AM KeyStore").setContentText(this.context.getString(R.string.input_keystore_pass_msg));
        contentText.setContentIntent(PendingIntent.getActivity(this.context, 0, intent, 1207959552));
        NotificationUtils.displayHighPriorityNotification(this.context, contentText.build());
        acquireLock();
        this.context.unregisterReceiver(this.receiver);
        return getAmKeyStorePassword();
    }

    public Certificate getCertificate(String str) throws KeyStoreException {
        return this.amKeyStore.getCertificate(str);
    }

    public Key getKey(String str, char[] cArr) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        if (cArr == null) {
            cArr = getAliasPassword(str);
        }
        Key key = this.amKeyStore.getKey(str, cArr);
        Utils.clearChars(cArr);
        return key;
    }

    public void removeItem(String str) throws KeyStoreException {
        this.amKeyStore.deleteEntry(str);
        String prefAlias = getPrefAlias(str);
        SharedPreferences sharedPreferences2 = sharedPreferences;
        if (sharedPreferences2.contains(prefAlias)) {
            sharedPreferences2.edit().remove(prefAlias).apply();
        }
    }
}
