package com.cloudant.sync.datastore.encryption;

import android.os.Build;
import com.cloudant.sync.documentstore.encryption.EncryptionKey;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

/* loaded from: input_file:com/cloudant/sync/datastore/encryption/KeyManager.class */
class KeyManager {
    private static final int BYTES_TO_BITS = 8;
    static final int ENCRYPTION_KEYCHAIN_AES_KEY_SIZE = 32;
    static final int ENCRYPTION_KEYCHAIN_ENCRYPTIONKEY_SIZE = 32;
    static final int ENCRYPTION_KEYCHAIN_PBKDF2_SALT_SIZE = 32;
    static final int ENCRYPTION_KEYCHAIN_PBKDF2_ITERATIONS = 10000;
    static final String ENCRYPTION_KEYCHAIN_VERSION = "1.0";
    static final int ENCRYPTIONKEYCHAINMANAGER_AES_IV_SIZE = 16;
    private static final Logger LOGGER = Logger.getLogger(KeyManager.class.getCanonicalName());
    private KeyStorage storage;
    private SecureRandom secureRandom;

    public KeyManager(KeyStorage keyStorage) {
        if (keyStorage == null) {
            LOGGER.severe("Storage is mandatory");
            throw new IllegalArgumentException("Storage is mandatory");
        }
        this.storage = keyStorage;
        this.secureRandom = new SecureRandom();
    }

    public EncryptionKey loadKeyUsingPassword(String str) {
        if (str == null || str.equals("")) {
            throw new IllegalArgumentException("password is required to be a non-null/non-empty string");
        }
        KeyData encryptionKeyData = this.storage.getEncryptionKeyData();
        if (encryptionKeyData == null || !validateEncryptionKeyData(encryptionKeyData)) {
            return null;
        }
        try {
            return new EncryptionKey(DPKEncryptionUtil.decryptAES(pbkdf2DerivedKeyForPassword(str, encryptionKeyData.getSalt(), encryptionKeyData.iterations, 32), encryptionKeyData.getIv(), encryptionKeyData.getEncryptedDPK()));
        } catch (InvalidAlgorithmParameterException e) {
            throw new DPKException("Failed to decrypt DPK", e);
        } catch (InvalidKeyException e2) {
            throw new DPKException("Failed to decrypt DPK", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new DPKException("Failed to decrypt DPK", e3);
        } catch (InvalidKeySpecException e4) {
            throw new DPKException("Failed to decrypt DPK", e4);
        } catch (BadPaddingException e5) {
            throw new DPKException("Failed to decrypt DPK", e5);
        } catch (IllegalBlockSizeException e6) {
            throw new DPKException("Failed to decrypt DPK", e6);
        } catch (NoSuchPaddingException e7) {
            throw new DPKException("Failed to decrypt DPK", e7);
        }
    }

    public EncryptionKey generateAndSaveKeyProtectedByPassword(String str) {
        EncryptionKey encryptionKey = null;
        if (str == null || str.equals("")) {
            throw new IllegalArgumentException("password is required to be a non-null/non-empty string");
        }
        try {
            if (!keyExists()) {
                byte[] generateSecureRandomBytesWithLength = generateSecureRandomBytesWithLength(32);
                byte[] generateSecureRandomBytesWithLength2 = generateSecureRandomBytesWithLength(32);
                byte[] generateSecureRandomBytesWithLength3 = generateSecureRandomBytesWithLength(ENCRYPTIONKEYCHAINMANAGER_AES_IV_SIZE);
                if (this.storage.saveEncryptionKeyData(new KeyData(DPKEncryptionUtil.encryptAES(pbkdf2DerivedKeyForPassword(str, generateSecureRandomBytesWithLength2, ENCRYPTION_KEYCHAIN_PBKDF2_ITERATIONS, 32), generateSecureRandomBytesWithLength3, generateSecureRandomBytesWithLength), generateSecureRandomBytesWithLength2, generateSecureRandomBytesWithLength3, ENCRYPTION_KEYCHAIN_PBKDF2_ITERATIONS, ENCRYPTION_KEYCHAIN_VERSION))) {
                    encryptionKey = new EncryptionKey(generateSecureRandomBytesWithLength);
                }
            }
            return encryptionKey;
        } catch (InvalidAlgorithmParameterException e) {
            throw new DPKException("Failed to encrypt DPK.  Cause: " + e.getLocalizedMessage(), e);
        } catch (InvalidKeyException e2) {
            throw new DPKException("Failed to encrypt DPK.  Cause: " + e2.getLocalizedMessage(), e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new DPKException("Failed to encrypt DPK.  Cause: " + e3.getLocalizedMessage(), e3);
        } catch (InvalidKeySpecException e4) {
            throw new DPKException("Failed to encrypt DPK.  Cause: " + e4.getLocalizedMessage(), e4);
        } catch (BadPaddingException e5) {
            throw new DPKException("Failed to encrypt DPK.  Cause: " + e5.getLocalizedMessage(), e5);
        } catch (IllegalBlockSizeException e6) {
            throw new DPKException("Failed to encrypt DPK.  Cause: " + e6.getLocalizedMessage(), e6);
        } catch (NoSuchPaddingException e7) {
            throw new DPKException("Failed to encrypt DPK.  Cause: " + e7.getLocalizedMessage(), e7);
        }
    }

    public boolean keyExists() {
        return this.storage.encryptionKeyDataExists();
    }

    public boolean clearKey() {
        return this.storage.clearEncryptionKeyData();
    }

    private boolean validateEncryptionKeyData(KeyData keyData) {
        if (keyData.getIv().length == ENCRYPTIONKEYCHAINMANAGER_AES_IV_SIZE) {
            return true;
        }
        LOGGER.warning("IV does not have the expected size: 16 bytes");
        return false;
    }

    private SecretKey pbkdf2DerivedKeyForPassword(String str, byte[] bArr, int i, int i2) throws NoSuchAlgorithmException, InvalidKeySpecException {
        if (i2 < 1) {
            throw new IllegalArgumentException("length must greater than 0");
        }
        if (str == null || str.length() < 1) {
            throw new IllegalArgumentException("password must not be null or empty String");
        }
        if (bArr == null || bArr.length < 1) {
            throw new IllegalArgumentException("salt must not be null or empty byte array");
        }
        if (i < 1) {
            throw new IllegalArgumentException("iterations must greater than 0");
        }
        return (Build.VERSION.SDK_INT >= 19 ? SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1And8bit") : SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1")).generateSecret(new PBEKeySpec(str.toCharArray(), bArr, i, i2 * BYTES_TO_BITS));
    }

    private byte[] generateSecureRandomBytesWithLength(int i) {
        byte[] bArr = new byte[i];
        this.secureRandom.nextBytes(bArr);
        return bArr;
    }
}
