package com.airwatch.storage.databases;

import android.content.ContentValues;
import android.content.Context;
import android.content.SharedPreferences;
import android.database.Cursor;
import android.net.Uri;
import android.util.Base64;
import com.airwatch.app.KoinModule;
import com.airwatch.app.OpenForTesting;
import com.airwatch.bizlib.database.SQLCipherUtility;
import com.airwatch.core.AWConstants;
import com.airwatch.crypto.openssl.OpenSSLCryptUtil;
import com.airwatch.crypto.util.KeyGuard;
import com.airwatch.sdk.SDKEnrollmentState;
import com.airwatch.sdk.context.SDKContextManager;
import com.airwatch.sdk.p2p.P2PProvider;
import com.airwatch.storage.BaseContent;
import com.airwatch.storage.PreferenceErrorListener;
import com.airwatch.storage.SqlCipherDatabaseHelper;
import com.airwatch.storage.schema.SQLCipherRawKey;
import com.airwatch.util.ArrayUtils;
import com.airwatch.util.ByteArrayUtils;
import com.airwatch.util.Logger;
import com.airwatch.util.RandomGenerator;
import com.airwatch.util.ReportAdapterUtil;
import com.google.android.gms.common.util.Hex;
import com.google.android.gms.common.util.VisibleForTesting;
import java.io.File;
import java.io.FileInputStream;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.util.Objects;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.Intrinsics;

@OpenForTesting
@Metadata(d1 = {"\u0000N\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\b\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0003\n\u0002\u0010\b\n\u0000\n\u0002\u0010\u0019\n\u0002\b\t\n\u0002\u0010\u0002\n\u0002\b\u0003\b\u0011\u0018\u00002\u00020\u0001B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\b\u0010\u0016\u001a\u00020\u0017H\u0017J \u0010\u0018\u001a\u00020\u00192\u0006\u0010\u001a\u001a\u00020\u00192\u0006\u0010\u001b\u001a\u00020\u00192\u0006\u0010\u001c\u001a\u00020\u001dH\u0017J\u0010\u0010\u001e\u001a\u00020\u001f2\u0006\u0010\u001a\u001a\u00020\u0019H\u0017J\u0010\u0010 \u001a\u00020\u00192\u0006\u0010!\u001a\u00020\u001fH\u0017J\b\u0010\"\u001a\u00020\u001fH\u0017J\b\u0010#\u001a\u00020\u001dH\u0017J\b\u0010$\u001a\u00020\u001fH\u0016J\b\u0010%\u001a\u00020\u0019H\u0017J\b\u0010&\u001a\u00020\u0019H\u0017J\u0012\u0010'\u001a\u0004\u0018\u00010\u00192\u0006\u0010\u0002\u001a\u00020\u0003H\u0017J\u0010\u0010(\u001a\u00020)2\u0006\u0010\u001a\u001a\u00020\u0019H\u0017J\b\u0010*\u001a\u00020\u001fH\u0017J\u0010\u0010+\u001a\u00020\u00172\u0006\u0010\u001a\u001a\u00020\u001fH\u0017R\u001c\u0010\u0005\u001a\u00020\u00068\u0016X\u0097D¢\u0006\u000e\n\u0000\u0012\u0004\b\u0007\u0010\b\u001a\u0004\b\t\u0010\nR\u000e\u0010\u000b\u001a\u00020\u0006X\u0082\u0004¢\u0006\u0002\n\u0000R\u0014\u0010\u0002\u001a\u00020\u0003X\u0096\u0004¢\u0006\b\n\u0000\u001a\u0004\b\f\u0010\rR\u0016\u0010\u000e\u001a\n \u0010*\u0004\u0018\u00010\u000f0\u000fX\u0082\u0004¢\u0006\u0002\n\u0000R$\u0010\u0011\u001a\n \u0010*\u0004\u0018\u00010\u00120\u00128\u0016X\u0097\u0004¢\u0006\u000e\n\u0000\u0012\u0004\b\u0013\u0010\b\u001a\u0004\b\u0014\u0010\u0015¨\u0006,"}, d2 = {"Lcom/airwatch/storage/databases/SQLCipherKeyManager;", "", "context", "Landroid/content/Context;", "(Landroid/content/Context;)V", "TAG", "", "getTAG$annotations", "()V", "getTAG", "()Ljava/lang/String;", "authority", "getContext", "()Landroid/content/Context;", "rawKeyURI", "Landroid/net/Uri;", "kotlin.jvm.PlatformType", "sharedPref", "Landroid/content/SharedPreferences;", "getSharedPref$annotations", "getSharedPref", "()Landroid/content/SharedPreferences;", "dbExists", "", "derivePassCodeToRawKey", "", "key", "salt", "dbVersion", "", "formatRawDBKey", "", "getBytes", "data", "getDBPassCode", "getDBVersion", "getKey", "getSQLCipherSalt", "newRawKey", "readKeyFromDB", "saveKeyToDB", "", "storeNewRawKey", "verifyRawKey", "AWFramework_release"}, k = 1, mv = {1, 5, 1}, xi = 48)
/* loaded from: classes4.dex */
public class SQLCipherKeyManager {
    private final String TAG;
    private final String authority;
    private final Context context;
    private final Uri rawKeyURI;
    private final SharedPreferences sharedPref;

    public SQLCipherKeyManager(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        this.context = context;
        this.TAG = "SQLCipherKeyManager";
        String stringPlus = Intrinsics.stringPlus(getContext().getPackageName(), ".securepreferences");
        this.authority = stringPlus;
        this.rawKeyURI = Uri.parse(Intrinsics.stringPlus(P2PProvider.URI_SCHEME, stringPlus)).buildUpon().appendPath(SQLCipherRawKey.TABLE_NAME).build();
        this.sharedPref = getContext().getSharedPreferences(AWConstants.AWSDK_SHAREDPREFERENCE, 0);
    }

    @VisibleForTesting
    public static /* synthetic */ void getSharedPref$annotations() {
    }

    @VisibleForTesting
    public static /* synthetic */ void getTAG$annotations() {
    }

    @VisibleForTesting
    public boolean dbExists() {
        return getContext().getDatabasePath(BaseContent.DATABASE_NAME).exists();
    }

    @VisibleForTesting
    public byte[] derivePassCodeToRawKey(byte[] key, byte[] salt, int dbVersion) {
        byte[] resultArray;
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(salt, "salt");
        if (ByteArrayUtils.isEmptyOrZero(key)) {
            throw new RuntimeException("Key derivation failed. Key is empty");
        }
        OpenSSLCryptUtil openSSLCryptUtil = OpenSSLCryptUtil.getInstance();
        if (openSSLCryptUtil == null) {
            throw new RuntimeException("Failed to get an instance of OpenSSLCryptUtil");
        }
        if (dbVersion == 3) {
            resultArray = openSSLCryptUtil.generateDerivedKey(key, salt, 64000);
        } else {
            if (dbVersion != 4) {
                throw new RuntimeException("Key derivation failed. Version number not supported");
            }
            resultArray = openSSLCryptUtil.generateDerivedKeySHA512(key, salt, SQLCipherKeyManagerKt.SQLCIPHER_ITERATION_COUNT_V4);
        }
        Intrinsics.checkNotNullExpressionValue(resultArray, "resultArray");
        if (resultArray.length == 0) {
            throw new RuntimeException("Failed to derive pass code to raw key.");
        }
        return resultArray;
    }

    @VisibleForTesting
    public char[] formatRawDBKey(byte[] key) {
        Intrinsics.checkNotNullParameter(key, "key");
        String str = "x'" + ((Object) Hex.bytesToStringUppercase(key)) + '\'';
        Objects.requireNonNull(str, "null cannot be cast to non-null type java.lang.String");
        char[] charArray = str.toCharArray();
        Intrinsics.checkNotNullExpressionValue(charArray, "(this as java.lang.String).toCharArray()");
        char[] secure = KeyGuard.secure(charArray, (Integer) 100);
        Intrinsics.checkNotNullExpressionValue(secure, "secure((\"x'\" + Hex.bytes…uard.KeyLifespan.CONTEXT)");
        return secure;
    }

    @VisibleForTesting
    public byte[] getBytes(char[] data) {
        Intrinsics.checkNotNullParameter(data, "data");
        ByteBuffer encode = Charset.forName("UTF-8").encode(CharBuffer.wrap(data));
        byte[] bArr = new byte[encode.limit()];
        encode.get(bArr);
        return bArr;
    }

    public Context getContext() {
        return this.context;
    }

    @VisibleForTesting
    public char[] getDBPassCode() {
        char[] a = new a(getContext(), getContext().getSharedPreferences(AWConstants.AWSDK_SHAREDPREFERENCE, 0)).a();
        Intrinsics.checkNotNullExpressionValue(a, "sdkDBPassword.value");
        return a;
    }

    @VisibleForTesting
    public int getDBVersion() {
        return getContext().getSharedPreferences(AWConstants.AWSDK_SHAREDPREFERENCE, 0).getInt(SqlCipherDatabaseHelper.migrationKey, 3);
    }

    public char[] getKey() {
        byte[] readKeyFromDB = readKeyFromDB(getContext());
        if (readKeyFromDB != null) {
            Logger.d$default(getTAG(), "rawkey exists using it to open database ", null, 4, null);
            return formatRawDBKey(readKeyFromDB);
        }
        if (!dbExists()) {
            if (!((SDKEnrollmentState) KoinModule.get(SDKEnrollmentState.class)).isUnEnrollmentInProgress()) {
                Logger.d$default(getTAG(), "No database found creating new raw key", null, 4, null);
                return storeNewRawKey();
            }
            ReportAdapterUtil.report(getContext(), PreferenceErrorListener.PreferenceErrorCode.SECURE_PREF_DB_UNAVAILABLE, "DB file not available and un enrollment in progress, so skip creating key.");
            Logger.e$default(getTAG(), "DB file not available and un enrollment in progress, so skip creating key.", null, 4, null);
            return new char[0];
        }
        Logger.d$default(getTAG(), "Database exists migrating to rawkey", null, 4, null);
        char[] dBPassCode = getDBPassCode();
        int dBVersion = getDBVersion();
        if (getSharedPref().getBoolean(SecureDB.SDK_TRIMMED_PASSCODE, false)) {
            Logger.d$default(getTAG(), "Using trimmed passcode for opening database", null, 4, null);
            dBPassCode = ArrayUtils.getTrimmedUntilNullCharArray(dBPassCode);
            Intrinsics.checkNotNullExpressionValue(dBPassCode, "getTrimmedUntilNullCharArray(dbPassCode)");
        }
        try {
            byte[] secure = KeyGuard.secure(getBytes(dBPassCode), (Integer) 100);
            Intrinsics.checkNotNullExpressionValue(secure, "secure(getBytes(dbPassCo…uard.KeyLifespan.CONTEXT)");
            byte[] derivePassCodeToRawKey = derivePassCodeToRawKey(secure, getSQLCipherSalt(), dBVersion);
            char[] formatRawDBKey = formatRawDBKey(derivePassCodeToRawKey);
            if (!verifyRawKey(formatRawDBKey)) {
                return dBPassCode;
            }
            saveKeyToDB(derivePassCodeToRawKey);
            return formatRawDBKey;
        } catch (Exception unused) {
            ReportAdapterUtil.report(getContext(), PreferenceErrorListener.PreferenceErrorCode.SQLCIPHER_RAW_KEY_PASSCODE, "Failed to open database using raw key reverting back to using old SDK db password if exists");
            Logger.i$default(getTAG(), "Database migrating to rawkey was not successful using old key if exists", null, 4, null);
            if (!(dBPassCode.length == 0)) {
                return dBPassCode;
            }
            ReportAdapterUtil.report(getContext(), PreferenceErrorListener.PreferenceErrorCode.SQLCIPHER_RAW_KEY_PASSCODE, "Old SDK db password is empty, creating and storing new one.");
            Logger.i$default(getTAG(), "Creating and storing new raw key, old one was empty.", null, 4, null);
            return storeNewRawKey();
        }
    }

    @VisibleForTesting
    public byte[] getSQLCipherSalt() {
        File databasePath = getContext().getDatabasePath(BaseContent.DATABASE_NAME);
        Intrinsics.checkNotNullExpressionValue(databasePath, "context.getDatabasePath(BaseContent.DATABASE_NAME)");
        FileInputStream fileInputStream = new FileInputStream(databasePath);
        byte[] bArr = new byte[16];
        FileInputStream fileInputStream2 = fileInputStream;
        Throwable th = (Throwable) null;
        try {
            FileInputStream fileInputStream3 = fileInputStream2;
            fileInputStream.read(bArr);
            CloseableKt.closeFinally(fileInputStream2, th);
            return bArr;
        } finally {
        }
    }

    public SharedPreferences getSharedPref() {
        return this.sharedPref;
    }

    public String getTAG() {
        return this.TAG;
    }

    @VisibleForTesting
    public byte[] newRawKey() {
        byte[] secure = KeyGuard.secure(RandomGenerator.genRandomKey(getContext(), (byte) 32), (Integer) 100);
        Intrinsics.checkNotNullExpressionValue(secure, "secure(RandomGenerator.g…uard.KeyLifespan.CONTEXT)");
        return secure;
    }

    @VisibleForTesting
    public byte[] readKeyFromDB(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        Cursor query = context.getContentResolver().query(this.rawKeyURI, null, null, null, null);
        if (query != null) {
            Cursor cursor = query;
            Throwable th = (Throwable) null;
            try {
                Cursor cursor2 = cursor;
                cursor2.moveToLast();
                if (cursor2.getCount() == 0) {
                    CloseableKt.closeFinally(cursor, th);
                    return null;
                }
                byte[] secure = KeyGuard.secure(SDKContextManager.getSDKContext().getKeyManager().unwrapBytes(Base64.decode(query.getString(query.getColumnIndex("key")), 0)), (Integer) 100);
                if (secure != null) {
                    CloseableKt.closeFinally(cursor, th);
                    return secure;
                }
                Logger.d$default(getTAG(), "Unwrapping key from database failed.", null, 4, null);
                Unit unit = Unit.INSTANCE;
                CloseableKt.closeFinally(cursor, th);
            } finally {
            }
        }
        Logger.d$default(getTAG(), "Read Key From DB returning null.", null, 4, null);
        return null;
    }

    @VisibleForTesting
    public void saveKeyToDB(byte[] key) {
        Intrinsics.checkNotNullParameter(key, "key");
        byte[] wrapBytes = SDKContextManager.getSDKContext().getKeyManager().wrapBytes(key);
        if (wrapBytes == null) {
            throw new RuntimeException("Save to database failed. Wrap key returns null.");
        }
        ContentValues contentValues = new ContentValues();
        contentValues.put("key", Base64.encodeToString(wrapBytes, 0));
        contentValues.put("timestamp", Long.valueOf(System.currentTimeMillis()));
        getContext().getContentResolver().insert(this.rawKeyURI, contentValues);
        Logger.d$default(getTAG(), "RawKey for SQLCipher is saved", null, 4, null);
        ReportAdapterUtil.report(getContext(), PreferenceErrorListener.PreferenceErrorCode.DB_PASSWORD_GENERATED, "RawKey for SQLCipher is saved");
    }

    @VisibleForTesting
    public char[] storeNewRawKey() {
        byte[] newRawKey = newRawKey();
        saveKeyToDB(newRawKey);
        return formatRawDBKey(newRawKey);
    }

    @VisibleForTesting
    public boolean verifyRawKey(char[] key) {
        Intrinsics.checkNotNullParameter(key, "key");
        SqlCipherDatabaseHelper sqlCipherDatabaseHelper = new SqlCipherDatabaseHelper(getContext(), new SqlCipherDatabaseHelper.SQLCipherDatabaseHook());
        boolean z = SQLCipherUtility.getWritableDatabase(getContext(), sqlCipherDatabaseHelper, key) != null;
        sqlCipherDatabaseHelper.close();
        Logger.d$default(getTAG(), Intrinsics.stringPlus("Opening sqlcipher database using raw key ", Boolean.valueOf(z)), null, 4, null);
        return z;
    }
}
