package com.ebankit.com.bt.security;

import android.content.SharedPreferences;
import android.text.TextUtils;
import android.util.Base64;
import com.dynatrace.android.agent.Dynatrace;
import com.ebankit.android.core.security.FetchSecretTask;
import com.ebankit.android.core.utils.DeviceIdentificationUtils;
import com.ebankit.com.bt.utils.DynatraceUtils;
import com.ebankit.com.bt.utils.L;
import com.ebankit.com.bt.utils.persistent.MobilePersistentData;
import com.goterl.lazycode.lazysodium.LazySodiumAndroid;
import com.goterl.lazycode.lazysodium.SodiumAndroid;
import com.goterl.lazycode.lazysodium.exceptions.SodiumException;
import com.goterl.lazycode.lazysodium.utils.Key;
import com.goterl.lazycode.lazysodium.utils.KeyPair;
import java.nio.charset.StandardCharsets;
import java.util.Random;
import javax.crypto.Cipher;
import org.apache.commons.lang3.ArrayUtils;

/* loaded from: classes3.dex */
public class KeyBoxSodium extends BaseKeyBox {
    public static final String DATA = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
    Key serverPublicKey;
    private SharedPreferences sharedPref;
    private byte[] nonce = new byte[24];
    private Random rm = new Random();
    private LazySodiumAndroid sodium = new LazySodiumAndroid(new SodiumAndroid(), StandardCharsets.UTF_8);
    private KeyLocker keyLocker = new KeyLockerAES();

    public KeyBoxSodium(SharedPreferences sharedPreferences) {
        this.sharedPref = sharedPreferences;
    }

    private Key createCredentials(String str) throws SodiumException {
        KeyPair cryptoBoxKeypair = this.sodium.cryptoBoxKeypair();
        logKeyPairInDev(cryptoBoxKeypair);
        lockAndStoreSecretKey(cryptoBoxKeypair.getSecretKey().getAsHexString(), str);
        return cryptoBoxKeypair.getPublicKey();
    }

    private KeyPair getCredentialsByBiometric(Cipher cipher) throws NoBiometricCredentialException {
        if (!this.sharedPref.contains("MySkOpen")) {
            Dynatrace.reportError(DeviceIdentificationUtils.getDeviceName() + "|KEYBOX_SODIUM|getEncryptionKeyPair|No FingerPrint credentials found", DynatraceUtils.DynatraceCustomLogErrorCodes.LOAD_SECRET_KEY.getCode());
            throw new NoBiometricCredentialException();
        }
        try {
            String decryptMsg = new KeyLockerBio().setBiometricCipher(cipher).decryptMsg(Base64.decode(this.sharedPref.getString("MySkOpen", ""), 2), null);
            SecurityCenas.getInstance().setBiometricCipher(null);
            if (!TextUtils.isEmpty(decryptMsg)) {
                try {
                    return new KeyPair(getServerPublicKey(), Key.fromHexString(decryptMsg));
                } catch (Exception unused) {
                    throw new NoBiometricCredentialException();
                }
            }
            Dynatrace.reportError(DeviceIdentificationUtils.getDeviceName() + "|KEYBOX_SODIUM|getEncryptionKeyPair|FingerPrint Token Empty", DynatraceUtils.DynatraceCustomLogErrorCodes.LOAD_SECRET_KEY.getCode());
            throw new NoBiometricCredentialException();
        } catch (Exception unused2) {
            Dynatrace.reportError(DeviceIdentificationUtils.getDeviceName() + "|KEYBOX_SODIUM|getEncryptionKeyPair|FingerPrint fail to decode from KeyStore", DynatraceUtils.DynatraceCustomLogErrorCodes.LOAD_SECRET_KEY.getCode());
            throw new NoBiometricCredentialException();
        }
    }

    private KeyPair getCredentialsByPin(String str) throws NoPinCredentialException {
        if (this.sharedPref.contains("MySk")) {
            return new KeyPair(getServerPublicKey(), retrieveSecurityKey(str));
        }
        Dynatrace.reportError(DeviceIdentificationUtils.getDeviceName() + "|KEYBOX_SODIUM|getEncryptionKeyPair|No credentials found", DynatraceUtils.DynatraceCustomLogErrorCodes.LOAD_SECRET_KEY.getCode());
        throw new NoPinCredentialException();
    }

    private KeyPair getEncryptionKeyPair(String str, Cipher cipher) throws NoBiometricCredentialException, NoPinCredentialException {
        return str.equals("GBT") ? getCredentialsByBiometric(cipher) : getCredentialsByPin(str);
    }

    private Key getServerPublicKey() {
        return this.serverPublicKey;
    }

    private void lockAndStoreSecretKey(String str, String str2) {
        String encodeToString = Base64.encodeToString(lockerEncrypt(str, str2), 2);
        SharedPreferences.Editor edit = this.sharedPref.edit();
        edit.putString("MySk", encodeToString);
        edit.apply();
    }

    private byte[] lockerEncrypt(String str, String str2) {
        return this.keyLocker.encryptMsg(str, str2);
    }

    private void logKeyPairInDev(KeyPair keyPair) {
    }

    private Key retrieveSecurityKey(String str) throws NoPinCredentialException {
        String string = this.sharedPref.getString("MySk", "");
        if (TextUtils.isEmpty(string)) {
            throw new NoPinCredentialException();
        }
        try {
            return Key.fromHexString(this.keyLocker.decryptMsg(Base64.decode(string, 2), str));
        } catch (Exception unused) {
            return sodiumRandomKeyAsString();
        }
    }

    private String sodiumLockBox(String str, KeyPair keyPair) {
        this.rm.nextBytes(this.nonce);
        byte[] bytes = str.getBytes();
        long length = bytes.length;
        byte[] bArr = new byte[bytes.length + 16];
        this.sodium.cryptoBoxEasy(bArr, bytes, length, this.nonce, keyPair.getPublicKey().getAsBytes(), keyPair.getSecretKey().getAsBytes());
        return Base64.encodeToString(ArrayUtils.addAll(this.nonce, bArr), 2);
    }

    private Key sodiumRandomKeyAsString() {
        try {
            return this.sodium.cryptoBoxKeypair().getSecretKey();
        } catch (SodiumException unused) {
            return sodiumRandomKeyAsString();
        }
    }

    @Override // com.ebankit.com.bt.security.KeyBox
    public void createCredentialsBiometric(String str, Cipher cipher) throws Exception {
        SharedPreferences.Editor edit = this.sharedPref.edit();
        edit.putString("MySkOpen", Base64.encodeToString(new KeyLockerBio().setBiometricCipher(cipher).encryptMsg(getEncryptionKeyPair(str, null).getSecretKey().getAsHexString(), null), 2));
        edit.apply();
    }

    @Override // com.ebankit.com.bt.security.KeyBox
    public void destroyCredentials() {
        destroyCredentialsBiometric();
        SharedPreferences.Editor edit = this.sharedPref.edit();
        edit.remove("MySk");
        edit.apply();
        MobilePersistentData.getSingleton().setKeyLockerNeedUpdateToGCM(false);
    }

    @Override // com.ebankit.com.bt.security.KeyBox
    public void destroyCredentialsBiometric() {
        SharedPreferences.Editor edit = this.sharedPref.edit();
        edit.remove("MySkOpen");
        edit.apply();
    }

    @Override // com.ebankit.com.bt.security.KeyBox
    public String encryptToken(String str, String str2) throws NoBiometricCredentialException, NoPinCredentialException {
        try {
            return sodiumLockBox(str, getEncryptionKeyPair(str2, SecurityCenas.getInstance().getBiometricCipher()));
        } catch (NoBiometricCredentialException e) {
            Dynatrace.reportError(DeviceIdentificationUtils.getDeviceName() + "|KEYBOX_SODIUM|encryptToken|NoBiometricCredentialException " + e.getMessage(), DynatraceUtils.DynatraceCustomLogErrorCodes.LOAD_SECRET_KEY.getCode());
            destroyCredentialsBiometric();
            throw new NoBiometricCredentialException();
        } catch (NoPinCredentialException e2) {
            Dynatrace.reportError(DeviceIdentificationUtils.getDeviceName() + "|KEYBOX_SODIUM|encryptToken|NoPinCredentialException " + e2.getMessage(), DynatraceUtils.DynatraceCustomLogErrorCodes.LOAD_SECRET_KEY.getCode());
            destroyCredentials();
            throw new NoPinCredentialException();
        } catch (Exception e3) {
            Dynatrace.reportError(DeviceIdentificationUtils.getDeviceName() + "|KEYBOX_SODIUM|encryptToken|Exception " + e3.getMessage(), DynatraceUtils.DynatraceCustomLogErrorCodes.LOAD_SECRET_KEY.getCode());
            return sodiumLockBox(str, new KeyPair(sodiumRandomKeyAsString(), sodiumRandomKeyAsString()));
        }
    }

    @Override // com.ebankit.com.bt.security.KeyBox
    public String getEncryptPublicKey(String str) throws Exception {
        Key createCredentials = createCredentials(str);
        byte[] asBytes = createCredentials.getAsBytes();
        long length = createCredentials.getAsBytes().length;
        byte[] bArr = new byte[asBytes.length + 48];
        this.sodium.cryptoBoxSeal(bArr, asBytes, length, getServerPublicKey().getAsBytes());
        return FetchSecretTask.encryptPasswordInteractionID(Base64.encodeToString(bArr, 2));
    }

    @Override // com.ebankit.com.bt.security.KeyBox
    public void migrateCredential(String str, String str2) {
        String encodeToString = Base64.encodeToString(lockerEncrypt(str, str2), 2);
        SharedPreferences.Editor edit = this.sharedPref.edit();
        edit.putString("MySk", encodeToString);
        edit.apply();
        MobilePersistentData.getSingleton().setKeyLockerNeedUpdateToGCM(false);
    }

    @Override // com.ebankit.com.bt.security.KeyBox
    public void migrateCredentialBIO(String str) {
        L.d("*****", "migrating credential BIO" + str);
        SharedPreferences.Editor edit = this.sharedPref.edit();
        edit.putString("MySkOpen", Base64.encodeToString(new KeyLockerBio().encryptMsg(str, null), 2));
        edit.apply();
        MobilePersistentData.getSingleton().setKeyLockerBIONeedUpdateToGCM(false);
    }

    @Override // com.ebankit.com.bt.security.KeyBox
    public void setServerPublicKey(String str) {
        this.serverPublicKey = Key.fromBytes(Base64.decode(str, 2));
    }

    @Override // com.ebankit.com.bt.security.KeyBox
    public void updateKeyEncryption(String str, String str2) throws Exception {
        lockAndStoreSecretKey(getEncryptionKeyPair(str, null).getSecretKey().getAsHexString(), str2);
    }
}
