package org.matrix.android.sdk.internal.database;

import android.content.Context;
import android.content.SharedPreferences;
import android.util.Base64;
import io.reactivex.android.plugins.RxAndroidPlugins;
import io.realm.RealmConfiguration;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.KeyStoreException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Locale;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import org.matrix.android.sdk.internal.session.securestorage.SecretStoringUtils;
import timber.log.Timber;

/* compiled from: RealmKeysUtils.kt */
/* loaded from: classes2.dex */
public final class RealmKeysUtils {
    public final SecureRandom rng;
    public final SecretStoringUtils secretStoringUtils;
    public final SharedPreferences sharedPreferences;

    public RealmKeysUtils(Context context, SecretStoringUtils secretStoringUtils) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(secretStoringUtils, "secretStoringUtils");
        this.secretStoringUtils = secretStoringUtils;
        this.rng = new SecureRandom();
        this.sharedPreferences = context.getSharedPreferences("im.vector.matrix.android.keys", 0);
    }

    public final void clear(String keyAlias) {
        Intrinsics.checkNotNullParameter(keyAlias, "alias");
        if (this.sharedPreferences.contains(Intrinsics.stringPlus("REALM_ENCRYPTED_KEY_", keyAlias))) {
            SecretStoringUtils secretStoringUtils = this.secretStoringUtils;
            Objects.requireNonNull(secretStoringUtils);
            Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
            try {
                secretStoringUtils.getKeyStore().deleteEntry(keyAlias);
            } catch (KeyStoreException e) {
                Timber.TREE_OF_SOULS.e(e);
            }
            SharedPreferences sharedPreferences = this.sharedPreferences;
            Intrinsics.checkNotNullExpressionValue(sharedPreferences, "sharedPreferences");
            SharedPreferences.Editor editor = sharedPreferences.edit();
            Intrinsics.checkNotNullExpressionValue(editor, "editor");
            editor.remove(Intrinsics.stringPlus("REALM_ENCRYPTED_KEY_", keyAlias));
            editor.apply();
        }
    }

    public final void configureEncryption(RealmConfiguration.Builder realmConfigurationBuilder, String alias) {
        Intrinsics.checkNotNullParameter(realmConfigurationBuilder, "realmConfigurationBuilder");
        Intrinsics.checkNotNullParameter(alias, "alias");
        byte[] realmEncryptionKey = getRealmEncryptionKey(alias);
        if (realmEncryptionKey.length != 64) {
            throw new IllegalArgumentException(String.format(Locale.US, "The provided key must be %s bytes. Yours was: %s", 64, Integer.valueOf(realmEncryptionKey.length)));
        }
        realmConfigurationBuilder.key = Arrays.copyOf(realmEncryptionKey, realmEncryptionKey.length);
    }

    public final byte[] getRealmEncryptionKey(String keyAlias) {
        byte[] byteArray;
        String decryptString;
        Intrinsics.checkNotNullParameter(keyAlias, "alias");
        if (this.sharedPreferences.contains(Intrinsics.stringPlus("REALM_ENCRYPTED_KEY_", keyAlias))) {
            Timber.TREE_OF_SOULS.i(Intrinsics.stringPlus("Found key for alias:", keyAlias), new Object[0]);
            byte[] encrypted = Base64.decode(this.sharedPreferences.getString(Intrinsics.stringPlus("REALM_ENCRYPTED_KEY_", keyAlias), null), 1);
            SecretStoringUtils secretStoringUtils = this.secretStoringUtils;
            Intrinsics.checkNotNullExpressionValue(encrypted, "encryptedKey");
            Objects.requireNonNull(secretStoringUtils);
            Intrinsics.checkNotNullParameter(encrypted, "encrypted");
            Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(encrypted);
            try {
                byte read = (byte) byteArrayInputStream.read();
                if (read == 0) {
                    decryptString = secretStoringUtils.decryptStringM(byteArrayInputStream, keyAlias);
                } else {
                    if (read != 1) {
                        throw new IllegalArgumentException(Intrinsics.stringPlus("Unknown format ", Byte.valueOf(read)));
                    }
                    decryptString = secretStoringUtils.decryptString(byteArrayInputStream, keyAlias);
                }
                RxAndroidPlugins.closeFinally(byteArrayInputStream, null);
                byte[] decode = Base64.decode(decryptString, 1);
                Intrinsics.checkNotNullExpressionValue(decode, "decode(b64, Base64.NO_PADDING)");
                return decode;
            } catch (Throwable th) {
                try {
                    throw th;
                } catch (Throwable th2) {
                    RxAndroidPlugins.closeFinally(byteArrayInputStream, th);
                    throw th2;
                }
            }
        }
        Timber.TREE_OF_SOULS.i(Intrinsics.stringPlus("Create key for DB alias:", keyAlias), new Object[0]);
        byte[] bArr = new byte[64];
        this.rng.nextBytes(bArr);
        String secret = Base64.encodeToString(bArr, 1);
        SecretStoringUtils secretStoringUtils2 = this.secretStoringUtils;
        Intrinsics.checkNotNullExpressionValue(secret, "encodedKey");
        Objects.requireNonNull(secretStoringUtils2);
        Intrinsics.checkNotNullParameter(secret, "secret");
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        if (secretStoringUtils2.buildVersionSdkIntProvider.get() >= 23) {
            SecretKey orGenerateSymmetricKeyForAliasM = secretStoringUtils2.getOrGenerateSymmetricKeyForAliasM(keyAlias);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, orGenerateSymmetricKeyForAliasM);
            byte[] iv = cipher.getIV();
            byte[] bytes = secret.getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
            byte[] doFinal = cipher.doFinal(bytes);
            Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(text.toByteArray(Charsets.UTF_8))");
            Intrinsics.checkNotNullExpressionValue(iv, "iv");
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(iv.length + 2 + doFinal.length);
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(iv.length);
            byteArrayOutputStream.write(iv);
            byteArrayOutputStream.write(doFinal);
            byteArray = byteArrayOutputStream.toByteArray();
            Intrinsics.checkNotNullExpressionValue(byteArray, "bos.toByteArray()");
        } else {
            byte[] bArr2 = new byte[16];
            secretStoringUtils2.secureRandom.nextBytes(bArr2);
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "AES");
            byte[] rsaEncrypt = secretStoringUtils2.rsaEncrypt(keyAlias, bArr2);
            Cipher cipher2 = Cipher.getInstance("AES/GCM/NoPadding");
            cipher2.init(1, secretKeySpec);
            byte[] iv2 = cipher2.getIV();
            byte[] bytes2 = secret.getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes2, "(this as java.lang.String).getBytes(charset)");
            byte[] doFinal2 = cipher2.doFinal(bytes2);
            Intrinsics.checkNotNullExpressionValue(doFinal2, "cipher.doFinal(text.toByteArray(Charsets.UTF_8))");
            Intrinsics.checkNotNullExpressionValue(iv2, "iv");
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream(rsaEncrypt.length + 4 + iv2.length + doFinal2.length);
            byteArrayOutputStream2.write(1);
            byteArrayOutputStream2.write((rsaEncrypt.length & 65280) >> 8);
            byteArrayOutputStream2.write(rsaEncrypt.length & 255);
            byteArrayOutputStream2.write(rsaEncrypt);
            byteArrayOutputStream2.write(iv2.length);
            byteArrayOutputStream2.write(iv2);
            byteArrayOutputStream2.write(doFinal2);
            byteArray = byteArrayOutputStream2.toByteArray();
            Intrinsics.checkNotNullExpressionValue(byteArray, "bos.toByteArray()");
        }
        SharedPreferences sharedPreferences = this.sharedPreferences;
        Intrinsics.checkNotNullExpressionValue(sharedPreferences, "sharedPreferences");
        SharedPreferences.Editor editor = sharedPreferences.edit();
        Intrinsics.checkNotNullExpressionValue(editor, "editor");
        editor.putString(Intrinsics.stringPlus("REALM_ENCRYPTED_KEY_", keyAlias), Base64.encodeToString(byteArray, 1));
        editor.apply();
        return bArr;
    }
}
