package com.intuit.security;

import android.content.Context;
import android.database.SQLException;
import android.os.Environment;
import com.intuit.security.SecureVaultException;
import com.intuit.security.SecureVaultUtility;
import java.io.File;
import java.security.PublicKey;
import java.text.SimpleDateFormat;
import java.util.Date;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.cert.X509Certificate;

/* loaded from: classes.dex */
public class SecureVault {
    private static /* synthetic */ int[] $SWITCH_TABLE$com$intuit$security$SecureVaultUtility$Algos = null;
    private static final SecureVaultUtility.Algos DEFAULT_ALGO = SecureVaultUtility.Algos.AES128;
    private static final long DEFAULT_IDLE_TOUT = 300;
    private static final long DEFAULT_PIN_TOUT = 1440;
    private static final int ITER_COUNT = 2000;
    private static final String KD_ENC_ALGO = "AES/CBC/PKCS5Padding";
    private static final int PWKEY_LEN = 256;
    private static final int SALT_LEN = 4;
    private static final String VAULT_NAME_COL = "NAME";
    private static final String VAULT_OBJLOC_COL = "OBJLOC";
    private static final String VAULT_OBJMAC_COL = "MAC";
    private static final String VAULT_OBJSALT_COL = "SALT";
    private static final String VAULT_SALT_COL_PREF = "__";
    private static final String VAULT_VALUE_COL = "VALUE";
    private Date accessedTS;
    private Cipher dc;
    private Cipher ec;
    private IvParameterSpec iv;
    private SecureVaultAttr myVaultAttr;
    private String[] myVaultColNames;
    private Date openedTS = new Date();
    private long vaultIdleTout;
    private long vaultPINTout;

    static /* synthetic */ int[] $SWITCH_TABLE$com$intuit$security$SecureVaultUtility$Algos() {
        int[] iArr = $SWITCH_TABLE$com$intuit$security$SecureVaultUtility$Algos;
        if (iArr == null) {
            iArr = new int[SecureVaultUtility.Algos.valuesCustom().length];
            try {
                iArr[SecureVaultUtility.Algos.AES128.ordinal()] = 2;
            } catch (NoSuchFieldError e) {
            }
            try {
                iArr[SecureVaultUtility.Algos.AES256.ordinal()] = 3;
            } catch (NoSuchFieldError e2) {
            }
            try {
                iArr[SecureVaultUtility.Algos.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError e3) {
            }
            try {
                iArr[SecureVaultUtility.Algos.SHA256.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $SWITCH_TABLE$com$intuit$security$SecureVaultUtility$Algos = iArr;
        }
        return iArr;
    }

    public SecureVault(String str, String str2, String str3) throws SecureVaultException {
        this.myVaultAttr = null;
        this.myVaultColNames = null;
        this.vaultIdleTout = 0L;
        this.vaultPINTout = 0L;
        if (str2 == null) {
            throw new SecureVaultException("SecureVault PIN can not be null", SecureVaultException.SecureVaultErrors.NO_PIN);
        }
        isTimedOut();
        boolean z = false;
        try {
            try {
                this.myVaultAttr = SecureVaultDB.getVaultAttr(str);
                if (this.myVaultAttr == null) {
                    throw new SecureVaultException("Operation failed for vault: " + str, SecureVaultException.SecureVaultErrors.NO_DATA_FOUND);
                }
                if (Long.parseLong(this.myVaultAttr.mVAULT_PIN_LOCK_COUNT) != -1) {
                    try {
                        if (Long.parseLong(this.myVaultAttr.mVAULT_FAIL_PIN_COUNT) >= Long.parseLong(this.myVaultAttr.mVAULT_PIN_LOCK_COUNT)) {
                            if ((new Date().getTime() - new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").parse(this.myVaultAttr.mVAULT_LAST_PIN_FAIL).getTime()) / 1000 < Long.parseLong(this.myVaultAttr.mVAULT_PIN_LOCK_TOUT_SECS)) {
                                z = true;
                            }
                        }
                    } catch (Exception e) {
                        throw new SecureVaultException(e.getMessage(), SecureVaultException.SecureVaultErrors.PIN_LOCKED);
                    }
                }
                if (SecureVaultUtility.VaultType.valueOf(this.myVaultAttr.mVAULT_TYPE) != SecureVaultUtility.VaultType.TOKENIZER) {
                    this.myVaultColNames = SecureVaultDB.getColNames(str);
                }
                if (!SecureVaultUtility.verifyMAC(String.valueOf(str) + this.myVaultAttr.mVAULT_TYPE + this.myVaultAttr.mVAULT_ALGO + Boolean.toString(this.myVaultAttr.mVAULT_QUERY_ENC) + this.myVaultAttr.mVAULT_IDLE_TOUT + this.myVaultAttr.mVAULT_PIN_TOUT + this.myVaultAttr.mVAULT_FLAGS + this.myVaultAttr.mVAULT_PIN_LOCK_COUNT + this.myVaultAttr.mVAULT_PIN_LOCK_TOUT_SECS + this.myVaultAttr.mVAULT_LAST_PIN_FAIL + this.myVaultAttr.mVAULT_FAIL_PIN_COUNT, this.myVaultAttr.mVAULT_MAC)) {
                    throw new SecureVaultException("MAC verification failed", SecureVaultException.SecureVaultErrors.MAC_VERIFICATION_FAILED);
                }
                byte[] verifyGetSessionKey = verifyGetSessionKey(this.myVaultAttr, str2, (String.valueOf(str) + str3).getBytes(), this.myVaultAttr.mVAULT_KD_CRYPTO, this.myVaultAttr.mVAULT_IV, DEFAULT_ALGO);
                str2 = str2 != null ? null : str2;
                if (z) {
                    throw new SecureVaultException("SecureVault locked - exceeded maximum password attempts", SecureVaultException.SecureVaultErrors.PIN_LOCKED);
                }
                if (Long.parseLong(this.myVaultAttr.mVAULT_FAIL_PIN_COUNT) > 0) {
                    SecureVaultDB.updatePasswordFailure(this.myVaultAttr.mVAULT_NAME, "0", this.myVaultAttr.mVAULT_LAST_PIN_FAIL, SecureVaultUtility.generateMAC(String.valueOf(this.myVaultAttr.mVAULT_NAME) + this.myVaultAttr.mVAULT_TYPE + this.myVaultAttr.mVAULT_ALGO + Boolean.toString(this.myVaultAttr.mVAULT_QUERY_ENC) + this.myVaultAttr.mVAULT_IDLE_TOUT + this.myVaultAttr.mVAULT_PIN_TOUT + this.myVaultAttr.mVAULT_FLAGS + this.myVaultAttr.mVAULT_PIN_LOCK_COUNT + this.myVaultAttr.mVAULT_PIN_LOCK_TOUT_SECS + this.myVaultAttr.mVAULT_LAST_PIN_FAIL + "0"));
                }
                initCiphersIVKey(verifyGetSessionKey, SecureVaultUtility.hexDecode(this.myVaultAttr.mVAULT_IV), SecureVaultUtility.Algos.valueOf(this.myVaultAttr.mVAULT_ALGO));
                this.vaultIdleTout = new Long(this.myVaultAttr.mVAULT_IDLE_TOUT).longValue();
                this.vaultPINTout = new Long(this.myVaultAttr.mVAULT_PIN_TOUT).longValue();
                if (str2 != null) {
                }
            } catch (SecureVaultException e2) {
                if (str2 != null) {
                }
                if (0 != 0) {
                }
                this.vaultIdleTout = 0L;
                this.vaultPINTout = 0L;
                if (0 == 0 && (this.myVaultAttr == null || Long.parseLong(this.myVaultAttr.mVAULT_FAIL_PIN_COUNT) < Long.parseLong(this.myVaultAttr.mVAULT_PIN_LOCK_COUNT) - 1)) {
                    throw new SecureVaultException("Failed to open SecureVault: " + e2.getErrorCode() + "; " + e2.getMessage(), e2.getErrorCode());
                }
                throw new SecureVaultException("SecureVault locked - exceeded maximum password attempts", SecureVaultException.SecureVaultErrors.PIN_LOCKED);
            }
        } catch (Throwable th) {
            if (str2 != null) {
            }
            throw th;
        }
    }

    private void addUpdateFileMAC(String str, String str2, String str3) throws SecureVaultException {
        String[][] strArr = null;
        try {
            strArr = getDBData(VAULT_OBJLOC_COL, "OBJLOC = ?", new String[]{String.valueOf(str2) + File.separatorChar + str});
        } catch (SecureVaultException e) {
            if (e.getErrorCode() != SecureVaultException.SecureVaultErrors.NO_DATA_FOUND) {
                throw e;
            }
        }
        try {
            String hexEncode = SecureVaultUtility.hexEncode(SecureVaultUtility.generateSalt(4));
            String generateMAC = SecureVaultUtility.generateMAC(String.valueOf(hexEncode) + str2 + File.separatorChar + str + str3);
            if (strArr == null || strArr.length <= 0) {
                if (!putDBData(new String[][]{new String[]{VAULT_OBJLOC_COL, String.valueOf(str2) + File.separatorChar + str}, new String[]{VAULT_OBJSALT_COL, hexEncode}, new String[]{VAULT_OBJMAC_COL, generateMAC}})) {
                    throw new SecureVaultException("Failed to add object data in vault", SecureVaultException.SecureVaultErrors.DB_ERROR);
                }
            } else if (!updateDBData(new String[][]{new String[]{VAULT_OBJSALT_COL, hexEncode}, new String[]{VAULT_OBJMAC_COL, generateMAC}}, "OBJLOC = ?", new String[]{String.valueOf(str2) + File.separatorChar + str})) {
                throw new SecureVaultException("Failed to update object data in vault", SecureVaultException.SecureVaultErrors.DB_ERROR);
            }
        } catch (SecureVaultException e2) {
            throw e2;
        }
    }

    private byte[] changePIN(long j, String str, String str2, SecureVaultUtility.Algos algos, byte[] bArr, String str3, String str4, boolean z) throws SecureVaultException {
        if (bArr == null || str4 == null) {
            throw new SecureVaultException("SecureVault password/key can not be null", SecureVaultException.SecureVaultErrors.NO_PIN);
        }
        try {
            try {
                SecretKey generateAESKey = SecureVaultUtility.generateAESKey(str4, (String.valueOf(str) + str3).getBytes(), 2000, 256);
                String hexEncode = SecureVaultUtility.hexEncode(bArr);
                Cipher cipher = Cipher.getInstance(KD_ENC_ALGO);
                cipher.init(1, generateAESKey, new IvParameterSpec(SecureVaultUtility.hexDecode(str2)));
                byte[] doFinal = cipher.doFinal(hexEncode.getBytes());
                if (!z) {
                    initCiphersIVKey(bArr, SecureVaultUtility.hexDecode(str2), algos);
                    return doFinal;
                }
                if (!SecureVaultDB.updateVaultCrypto(j, SecureVaultUtility.hexEncode(doFinal))) {
                    return null;
                }
                initCiphersIVKey(bArr, SecureVaultUtility.hexDecode(str2), algos);
                return doFinal;
            } catch (Exception e) {
                throw new SecureVaultException("Key generation failed: " + e.getMessage(), e, SecureVaultException.SecureVaultErrors.KEY_GEN_ERROR);
            }
        } finally {
        }
    }

    private byte[] changePIN(String str, String str2, String str3, boolean z) throws SecureVaultException {
        if (str2 == null || str3 == null) {
            throw new SecureVaultException("SecureVault password can not be null", SecureVaultException.SecureVaultErrors.NO_PIN);
        }
        byte[] verifyGetSessionKey = verifyGetSessionKey(this.myVaultAttr, str2, (String.valueOf(this.myVaultAttr.mVAULT_NAME) + str).getBytes(), this.myVaultAttr.mVAULT_KD_CRYPTO, this.myVaultAttr.mVAULT_IV, DEFAULT_ALGO);
        if (verifyGetSessionKey == null) {
            throw new SecureVaultException("Key verification failed", SecureVaultException.SecureVaultErrors.KEY_VERIFY_ERROR);
        }
        return changePIN(this.myVaultAttr.mVAULT_ID, this.myVaultAttr.mVAULT_NAME, this.myVaultAttr.mVAULT_IV, SecureVaultUtility.Algos.valueOf(this.myVaultAttr.mVAULT_ALGO), verifyGetSessionKey, str, str3, z);
    }

    public static boolean createBasicNameValueVault(String str, String str2, String str3, PasswordPolicy passwordPolicy, boolean z) throws SecureVaultException {
        return createVault(str, str2, SecureVaultUtility.VaultType.NAME_VALUE_PAIR, DEFAULT_ALGO, false, new String[]{VAULT_NAME_COL}, new String[]{VAULT_VALUE_COL}, 0L, 0L, str3, passwordPolicy, z);
    }

    public static boolean createDBVault(String str, String str2, SecureVaultUtility.Algos algos, boolean z, String[] strArr, String[] strArr2, long j, long j2, String str3, PasswordPolicy passwordPolicy, boolean z2) throws SecureVaultException {
        return createVault(str, str2, SecureVaultUtility.VaultType.DB_ROW, algos, z, strArr, strArr2, j, j2, str3, passwordPolicy, z2);
    }

    public static boolean createNameValueVault(String str, String str2, SecureVaultUtility.Algos algos, long j, long j2, String str3, PasswordPolicy passwordPolicy, boolean z) throws SecureVaultException {
        return createVault(str, str2, SecureVaultUtility.VaultType.NAME_VALUE_PAIR, algos, false, new String[]{VAULT_NAME_COL}, new String[]{VAULT_VALUE_COL}, j, j2, str3, passwordPolicy, z);
    }

    public static boolean createObjectVault(String str, String str2, SecureVaultUtility.Algos algos, long j, long j2, String str3, PasswordPolicy passwordPolicy, boolean z) throws SecureVaultException {
        return createVault(str, str2, SecureVaultUtility.VaultType.OBJECT_VAULT, algos, true, new String[]{VAULT_OBJLOC_COL, VAULT_OBJSALT_COL, VAULT_OBJMAC_COL}, null, j, j2, str3, passwordPolicy, z);
    }

    public static boolean createTokenizerVault(String str, String str2, SecureVaultUtility.Algos algos, long j, long j2, String str3, PasswordPolicy passwordPolicy, boolean z) throws SecureVaultException {
        return createVault(str, str2, SecureVaultUtility.VaultType.TOKENIZER, algos, true, null, null, j, j2, str3, passwordPolicy, z);
    }

    private static boolean createVault(String str, String str2, SecureVaultUtility.VaultType vaultType, SecureVaultUtility.Algos algos, boolean z, String[] strArr, String[] strArr2, long j, long j2, String str3, PasswordPolicy passwordPolicy, boolean z2) throws SecureVaultException {
        int i;
        int i2;
        if (str2 == null) {
            throw new SecureVaultException("SecureVault PIN can not be null", SecureVaultException.SecureVaultErrors.NO_PIN);
        }
        if (passwordPolicy == null) {
            passwordPolicy = new PasswordPolicy();
        }
        if (!passwordPolicy.isPasswordCompliantWithPolicy(str2)) {
            if (str2 != null) {
            }
            throw new SecureVaultException("SecureVault password does not meet minimum password strength requirements", SecureVaultException.SecureVaultErrors.NON_COMPLIANT_PIN);
        }
        SecureVaultException.SecureVaultErrors isVaultExisting = SecureVaultDB.isVaultExisting(str);
        if (isVaultExisting != SecureVaultException.SecureVaultErrors.NO_DATA_FOUND && isVaultExisting != SecureVaultException.SecureVaultErrors.NONE) {
            if (str2 != null) {
            }
            throw new SecureVaultException("Error checking existence of " + str, isVaultExisting);
        }
        if (isVaultExisting == SecureVaultException.SecureVaultErrors.NONE) {
            if (!z2) {
                if (str2 != null) {
                }
                throw new SecureVaultException(String.valueOf(str) + " already exists", SecureVaultException.SecureVaultErrors.VAULT_ALREADY_EXISTS);
            }
            if (!SecureVaultDB.deleteVault(str)) {
                if (str2 != null) {
                }
                throw new SecureVaultException("Failed to delete vault: " + str, SecureVaultException.SecureVaultErrors.DB_ERROR);
            }
        }
        if (strArr != null) {
            while (i2 < strArr.length) {
                if (strArr[i2].startsWith(VAULT_SALT_COL_PREF)) {
                    if (str2 != null) {
                    }
                    throw new SecureVaultException("Query column name can not start with __", SecureVaultException.SecureVaultErrors.DB_ERROR);
                }
                i2++;
            }
        }
        SecretKey generateAESKey = SecureVaultUtility.generateAESKey(str2, (String.valueOf(str) + str3).getBytes(), 2000, 256);
        if (str2 != null) {
        }
        if (generateAESKey == null) {
            throw new SecureVaultException("Query column name can not start with __", SecureVaultException.SecureVaultErrors.DB_ERROR);
        }
        byte[] generateIV = SecureVaultUtility.generateIV();
        if (generateIV == null) {
            throw new SecureVaultException("Failed to generate IV", SecureVaultException.SecureVaultErrors.KEY_GEN_ERROR);
        }
        try {
            try {
                byte[] generateKDCrypto = generateKDCrypto(generateAESKey, generateIV, algos);
                if (j == 0) {
                    j = DEFAULT_IDLE_TOUT;
                }
                if (j2 == 0) {
                    j2 = DEFAULT_PIN_TOUT;
                }
                SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
                Date date = new Date();
                String generateMAC = SecureVaultUtility.generateMAC(String.valueOf(str) + vaultType.toString() + algos.toString() + Boolean.toString(z) + new Long(j).toString() + new Long(j2).toString() + passwordPolicy.getPolicyFlags() + new Integer(passwordPolicy.getMaxLockCount()).toString() + new Integer(passwordPolicy.getLockTimeOutinSecs()).toString() + simpleDateFormat.format(date) + "-1");
                if (generateMAC == null) {
                    return false;
                }
                int length = strArr != null ? strArr.length : 0;
                int length2 = strArr2 != null ? strArr2.length : 0;
                String[] strArr3 = new String[length + length2];
                if (strArr != null) {
                    for (int i3 = 0; i3 < length; i3++) {
                        strArr3[i3] = strArr[i3];
                    }
                }
                if (strArr2 != null) {
                    while (i < length2) {
                        strArr3[length + i] = VAULT_SALT_COL_PREF + strArr2[i];
                        i++;
                    }
                }
                SecureVaultDB.createVault(str, simpleDateFormat.format(date), vaultType, algos, z, strArr3, j, j2, passwordPolicy, str3, SecureVaultUtility.hexEncode(generateIV), SecureVaultUtility.hexEncode(generateKDCrypto), generateMAC);
                return true;
            } catch (SecureVaultException e) {
                throw e;
            }
        } finally {
        }
    }

    private boolean deleteDBData(String str, String[] strArr, long j) throws SecureVaultException {
        try {
            if (j >= 0) {
                strArr = null;
                str = new String("Where PRIMARYKEY_ID=" + j);
            } else {
                if (str != null) {
                    for (String str2 : str.split("[ ,=?]+")) {
                        if (isSaltColumn(str2)) {
                            throw new SecureVaultException("Non-query column can not be used for selection", SecureVaultException.SecureVaultErrors.DB_ERROR);
                        }
                    }
                }
                if (strArr != null) {
                    for (int i = 0; i < strArr.length; i++) {
                        if (strArr[i] != null && this.myVaultAttr.mVAULT_QUERY_ENC) {
                            strArr[i] = SecureVaultUtility.hexEncode(encrypt(strArr[i].getBytes()));
                        }
                    }
                }
            }
            return SecureVaultDB.deleteDBData(this.myVaultAttr.mVAULT_NAME, str, strArr, j);
        } catch (SQLException e) {
            throw new SecureVaultException("Failed to delete data: " + e.getMessage(), e, SecureVaultException.SecureVaultErrors.DB_ERROR);
        }
    }

    private String encDecFile(boolean z, Context context, String str, String str2, String str3, String str4, String str5, String str6) throws SecureVaultException {
        if ((z && this.ec == null) || (!z && this.dc == null)) {
            throw new SecureVaultException("Vault not open/initialized", SecureVaultException.SecureVaultErrors.VAULT_INIT_ERROR);
        }
        if (isTimedOut()) {
            throw new SecureVaultException("Vault timed out", SecureVaultException.SecureVaultErrors.VAULT_TOUT);
        }
        if (!(str2 == null && str4 == null) && (!SecureVaultUtility.isExternalStorageAvailable() || SecureVaultUtility.isExternalStorageReadOnly())) {
            throw new SecureVaultException("External storage error", SecureVaultException.SecureVaultErrors.EXTERNAL_STORAGE_ERROR);
        }
        try {
            byte[] readInternalStoragePrivate = str2 == null ? SecureVaultUtility.readInternalStoragePrivate(context, str) : SecureVaultUtility.readExternalStoragePublic(str2, str);
            if (!z && str5 != null && str6 != null && !SecureVaultUtility.generateMAC(String.valueOf(str5) + str2 + File.separatorChar + str + SecureVaultUtility.generateMAC(new String(readInternalStoragePrivate))).equals(str6)) {
                throw new SecureVaultException("Object integrity check failed", SecureVaultException.SecureVaultErrors.OBJ_INTEGRITY_ERROR);
            }
            byte[] doFinal = z ? this.ec.doFinal(readInternalStoragePrivate) : this.dc.doFinal(readInternalStoragePrivate);
            if (str4 == null) {
                if (!SecureVaultUtility.writeInternalStoragePrivate(context, str3, doFinal)) {
                    throw new SecureVaultException("Error writing output file", SecureVaultException.SecureVaultErrors.FILE_IO_ERROR);
                }
                if (z) {
                    return SecureVaultUtility.generateMAC(new String(doFinal));
                }
                return null;
            }
            if (!SecureVaultUtility.writeToExternalStoragePublic(str4, str3, doFinal)) {
                throw new SecureVaultException("Error writing output file", SecureVaultException.SecureVaultErrors.FILE_IO_ERROR);
            }
            if (z) {
                return SecureVaultUtility.generateMAC(new String(doFinal));
            }
            return null;
        } catch (Exception e) {
            if (z) {
                throw new SecureVaultException("Encryption failed: " + e.getMessage(), e, SecureVaultException.SecureVaultErrors.ENCRYPTION_ERROR);
            }
            throw new SecureVaultException("Decryption failed: " + e.getMessage(), e, SecureVaultException.SecureVaultErrors.DECRYPTION_ERROR);
        }
    }

    private static byte[] generateKDCrypto(SecretKey secretKey, byte[] bArr, SecureVaultUtility.Algos algos) throws SecureVaultException {
        int i = 16;
        switch ($SWITCH_TABLE$com$intuit$security$SecureVaultUtility$Algos()[algos.ordinal()]) {
            case 2:
                i = 16;
                break;
            case 3:
                i = 32;
                break;
            case 4:
                i = 32;
                break;
        }
        String hexEncode = SecureVaultUtility.hexEncode(SecureVaultUtility.generateSalt(i));
        try {
            Cipher cipher = Cipher.getInstance(KD_ENC_ALGO);
            cipher.init(1, secretKey, new IvParameterSpec(bArr));
            return cipher.doFinal(hexEncode.getBytes());
        } catch (Exception e) {
            throw new SecureVaultException("Key generation failed: " + e.getMessage(), e, SecureVaultException.SecureVaultErrors.KEY_GEN_ERROR);
        }
    }

    private String[][] getDBData(String str, String str2, String[] strArr, long j) throws SecureVaultException {
        if (isTimedOut()) {
            return null;
        }
        if (str2 != null) {
            for (String str3 : str2.split("[ ,?=]+")) {
                if (isSaltColumn(str3)) {
                    throw new SecureVaultException("Non-query column can not be used for selection", SecureVaultException.SecureVaultErrors.DB_ERROR);
                }
            }
        }
        String[] strArr2 = null;
        if (str != null) {
            strArr2 = str.split("[ ,]+");
            str = "";
            for (int i = 0; i < strArr2.length; i++) {
                if (isSaltColumn(strArr2[i])) {
                    strArr2[i] = VAULT_SALT_COL_PREF + strArr2[i];
                }
                str = String.valueOf(str) + strArr2[i];
                if (i < strArr2.length - 1) {
                    str = String.valueOf(str) + ", ";
                }
            }
        }
        if (strArr != null && j < 0) {
            for (int i2 = 0; i2 < strArr.length; i2++) {
                try {
                    if (strArr[i2] != null && this.myVaultAttr.mVAULT_QUERY_ENC) {
                        strArr[i2] = SecureVaultUtility.hexEncode(encrypt(strArr[i2].getBytes()));
                    }
                } catch (SecureVaultException e) {
                    throw e;
                } catch (Exception e2) {
                    throw new SecureVaultException("Error getting data from vault: " + e2.getMessage(), e2, SecureVaultException.SecureVaultErrors.DB_ERROR);
                }
            }
        }
        String[][] dBData = SecureVaultDB.getDBData(this.myVaultAttr.mVAULT_NAME, str, str2, strArr, j);
        if (dBData == null) {
            return null;
        }
        for (int i3 = 0; i3 < dBData.length; i3++) {
            for (int i4 = 1; i4 < dBData[i3].length; i4++) {
                if (dBData[i3][i4] != null && dBData[i3][i4].length() > 0) {
                    if (str != null) {
                        if (strArr2[i4 - 1].startsWith(VAULT_SALT_COL_PREF)) {
                            dBData[i3][i4] = new String(decrypt(SecureVaultUtility.hexDecode(dBData[i3][i4])));
                            dBData[i3][i4] = dBData[i3][i4].substring(8);
                        } else if (this.myVaultAttr.mVAULT_QUERY_ENC) {
                            dBData[i3][i4] = new String(decrypt(SecureVaultUtility.hexDecode(dBData[i3][i4])));
                        }
                    } else if (this.myVaultColNames[i4].startsWith(VAULT_SALT_COL_PREF)) {
                        dBData[i3][i4] = new String(decrypt(SecureVaultUtility.hexDecode(dBData[i3][i4])));
                        dBData[i3][i4] = dBData[i3][i4].substring(8);
                    } else if (this.myVaultAttr.mVAULT_QUERY_ENC) {
                        dBData[i3][i4] = new String(decrypt(SecureVaultUtility.hexDecode(dBData[i3][i4])));
                    }
                }
            }
        }
        return dBData;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:4:0x0012. Please report as an issue. */
    private boolean initCiphersIVKey(byte[] bArr, byte[] bArr2, SecureVaultUtility.Algos algos) throws SecureVaultException {
        try {
            try {
                this.iv = new IvParameterSpec(bArr2);
                switch ($SWITCH_TABLE$com$intuit$security$SecureVaultUtility$Algos()[algos.ordinal()]) {
                    case 2:
                    case 3:
                        this.ec = Cipher.getInstance(KD_ENC_ALGO);
                        this.dc = Cipher.getInstance(KD_ENC_ALGO);
                        this.ec.init(1, new SecretKeySpec(bArr, "AES"), this.iv);
                        this.dc.init(2, new SecretKeySpec(bArr, "AES"), this.iv);
                        return true;
                    default:
                        return false;
                }
            } catch (Exception e) {
                throw new SecureVaultException("Key generation failed: " + e.getMessage(), e, SecureVaultException.SecureVaultErrors.KEY_GEN_ERROR);
            }
        } finally {
        }
    }

    private boolean isSaltColumn(String str) {
        if (str == null) {
            return false;
        }
        for (int i = 0; i < this.myVaultColNames.length; i++) {
            if (this.myVaultColNames[i].equals(VAULT_SALT_COL_PREF + str)) {
                return true;
            }
        }
        return false;
    }

    private boolean isTimedOut() throws SecureVaultException {
        if (this.accessedTS != null) {
            if (this.vaultIdleTout >= 0) {
                Date date = new Date();
                date.setTime(this.accessedTS.getTime());
                long time = new Date().getTime() - date.getTime();
                if (time < 0 || time / 1000 > this.vaultIdleTout) {
                    closeVault();
                    throw new SecureVaultException("IDLE TimeOut (" + time + ":" + this.vaultIdleTout + ") - re-enter the PIN", SecureVaultException.SecureVaultErrors.IDLE_TOUT);
                }
            }
            if (this.vaultPINTout >= 0) {
                long time2 = new Date().getTime() - this.openedTS.getTime();
                if (time2 < 0 || time2 / 60000 > this.vaultPINTout) {
                    closeVault();
                    throw new SecureVaultException("PIN TimeOut (" + time2 + ":" + this.vaultPINTout + ") - re-enter the PIN", SecureVaultException.SecureVaultErrors.PIN_TOUT);
                }
            }
        }
        this.accessedTS = new Date();
        return false;
    }

    private byte[] verifyGetSessionKey(SecureVaultAttr secureVaultAttr, String str, byte[] bArr, String str2, String str3, SecureVaultUtility.Algos algos) throws SecureVaultException {
        try {
            SecretKey generateAESKey = SecureVaultUtility.generateAESKey(str, bArr, 2000, 256);
            if (str != null) {
                str = null;
            }
            IvParameterSpec ivParameterSpec = new IvParameterSpec(SecureVaultUtility.hexDecode(str3));
            Cipher cipher = Cipher.getInstance(KD_ENC_ALGO);
            cipher.init(2, generateAESKey, ivParameterSpec);
            return SecureVaultUtility.hexDecode(new String(cipher.doFinal(SecureVaultUtility.hexDecode(str2))));
        } catch (Exception e) {
            if (str != null) {
            }
            try {
                SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
                Date date = new Date();
                String l = secureVaultAttr.mVAULT_FAIL_PIN_COUNT.equals("-1") ? "1" : Long.toString(Long.parseLong(secureVaultAttr.mVAULT_FAIL_PIN_COUNT) + 1);
                SecureVaultDB.updatePasswordFailure(secureVaultAttr.mVAULT_NAME, l, simpleDateFormat.format(date), SecureVaultUtility.generateMAC(String.valueOf(secureVaultAttr.mVAULT_NAME) + secureVaultAttr.mVAULT_TYPE + secureVaultAttr.mVAULT_ALGO + Boolean.toString(secureVaultAttr.mVAULT_QUERY_ENC) + secureVaultAttr.mVAULT_IDLE_TOUT + secureVaultAttr.mVAULT_PIN_TOUT + secureVaultAttr.mVAULT_FLAGS + secureVaultAttr.mVAULT_PIN_LOCK_COUNT + secureVaultAttr.mVAULT_PIN_LOCK_TOUT_SECS + simpleDateFormat.format(date) + l));
                throw new SecureVaultException("Key verification failed: " + e.getMessage(), e, SecureVaultException.SecureVaultErrors.KEY_VERIFY_ERROR);
            } catch (SecureVaultException e2) {
                throw new SecureVaultException("Key verification failed: " + e.getMessage(), e, SecureVaultException.SecureVaultErrors.KEY_VERIFY_ERROR);
            }
        }
    }

    public String backupKEY(String str, String str2, String str3, PasswordPolicy passwordPolicy) throws SecureVaultException {
        if (str2 == null || str3 == null) {
            throw new SecureVaultException("SecureVault password can not be null", SecureVaultException.SecureVaultErrors.NO_PIN);
        }
        if (passwordPolicy == null) {
            passwordPolicy = new PasswordPolicy();
        }
        if (!passwordPolicy.isPasswordCompliantWithPolicy(str3)) {
            throw new SecureVaultException("SecureVault password does not meet minimum password strength requirements", SecureVaultException.SecureVaultErrors.NON_COMPLIANT_PIN);
        }
        byte[] changePIN = changePIN(str, str2, str3, false);
        if (changePIN == null) {
            return null;
        }
        return SecureVaultUtility.hexEncode(changePIN);
    }

    public byte[] backupKEY(String str, String str2, byte[] bArr) throws Exception {
        if (str2 == null || bArr == null) {
            return null;
        }
        PublicKey publicKey = X509Certificate.getInstance(bArr).getPublicKey();
        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(1, publicKey);
        return cipher.doFinal(SecureVaultUtility.hexEncode(verifyGetSessionKey(this.myVaultAttr, str2, (String.valueOf(this.myVaultAttr.mVAULT_NAME) + str).getBytes(), this.myVaultAttr.mVAULT_KD_CRYPTO, this.myVaultAttr.mVAULT_IV, DEFAULT_ALGO)).getBytes());
    }

    public boolean changePIN(String str, String str2, String str3, PasswordPolicy passwordPolicy) throws SecureVaultException {
        if (str2 == null || str3 == null) {
            throw new SecureVaultException("SecureVault password can not be null", SecureVaultException.SecureVaultErrors.NO_PIN);
        }
        if (passwordPolicy == null) {
            passwordPolicy = new PasswordPolicy();
        }
        if (passwordPolicy.isPasswordCompliantWithPolicy(str3)) {
            return changePIN(str, str2, str3, true) != null;
        }
        throw new SecureVaultException("SecureVault password does not meet minimum password strength requirements", SecureVaultException.SecureVaultErrors.NON_COMPLIANT_PIN);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void closeVault() {
        this.vaultIdleTout = 0L;
        this.vaultPINTout = 0L;
        this.ec = null;
        this.dc = null;
    }

    public byte[] decrypt(byte[] bArr) throws SecureVaultException {
        if (this.dc == null) {
            throw new SecureVaultException("Vault not open/initialized", SecureVaultException.SecureVaultErrors.VAULT_INIT_ERROR);
        }
        if (isTimedOut()) {
            return null;
        }
        try {
            return this.dc.doFinal(bArr);
        } catch (Exception e) {
            throw new SecureVaultException("Decryption failed: " + e.getMessage(), e, SecureVaultException.SecureVaultErrors.DECRYPTION_ERROR);
        }
    }

    public SecureVaultException.SecureVaultErrors decryptFile(Context context, String str, String str2, String str3, boolean z) throws SecureVaultException {
        String[][] strArr = null;
        if (z) {
            try {
                strArr = getDBData("OBJLOC,SALT,MAC", "OBJLOC = ?", new String[]{String.valueOf(str2) + File.separatorChar + str});
                if (strArr == null || strArr[0].length < 4) {
                    return SecureVaultException.SecureVaultErrors.OBJ_NOT_IN_VAULT;
                }
            } catch (SecureVaultException e) {
                if (e.getErrorCode() != SecureVaultException.SecureVaultErrors.NO_DATA_FOUND) {
                    throw e;
                }
                throw new SecureVaultException("Integrity protected object not found in SecureVault", SecureVaultException.SecureVaultErrors.OBJ_NOT_IN_VAULT);
            }
        }
        if (str3.startsWith(Environment.getExternalStorageDirectory().getAbsolutePath())) {
            return SecureVaultException.SecureVaultErrors.INVALID_FILE_ERROR;
        }
        try {
            if (z) {
                encDecFile(false, context, str, str2, str3, null, strArr[0][2], strArr[0][3]);
            } else {
                encDecFile(false, context, str, str2, str3, null, null, null);
            }
            return SecureVaultException.SecureVaultErrors.NONE;
        } catch (Exception e2) {
            throw new SecureVaultException(e2.getMessage(), e2, SecureVaultException.SecureVaultErrors.DECRYPTION_ERROR);
        }
    }

    public boolean deleteAll() throws SQLException {
        return SecureVaultDB.deleteAllFromVault(this.myVaultAttr.mVAULT_NAME);
    }

    public boolean deleteDBData(String str, String[] strArr) throws SecureVaultException {
        return deleteDBData(str, strArr, -1L);
    }

    public boolean deleteNameValue(String str) throws SecureVaultException {
        if (str == null) {
            return false;
        }
        return SecureVaultDB.deleteNameValue(this.myVaultAttr.mVAULT_NAME, VAULT_NAME_COL, str);
    }

    public boolean delteFile(Context context, String str, String str2) {
        if (str2 != null) {
            if (!new File(String.valueOf(str2) + File.separatorChar + str).delete()) {
                return false;
            }
        } else if (!context.deleteFile(str)) {
            return false;
        }
        removeFileEntry(str, str2);
        return true;
    }

    public byte[] encrypt(byte[] bArr) throws SecureVaultException {
        if (this.ec == null) {
            throw new SecureVaultException("Vault not open/initialized", SecureVaultException.SecureVaultErrors.VAULT_INIT_ERROR);
        }
        if (isTimedOut()) {
            return null;
        }
        try {
            return this.ec.doFinal(bArr);
        } catch (Exception e) {
            throw new SecureVaultException("Encryption failed: " + e.getMessage(), e, SecureVaultException.SecureVaultErrors.ENCRYPTION_ERROR);
        }
    }

    public SecureVaultException.SecureVaultErrors encryptFile(Context context, String str, String str2, String str3, String str4, boolean z) throws SecureVaultException {
        try {
            String encDecFile = encDecFile(true, context, str, str2, str3, str4, null, null);
            if (z) {
                addUpdateFileMAC(str3, str4, encDecFile);
            }
            return SecureVaultException.SecureVaultErrors.NONE;
        } catch (Exception e) {
            try {
                if (str4 != null) {
                    new File(String.valueOf(str4) + File.separatorChar + str3).delete();
                } else {
                    context.deleteFile(str3);
                }
            } catch (Exception e2) {
            }
            throw new SecureVaultException("Encryption failed: " + e.getMessage(), e, SecureVaultException.SecureVaultErrors.ENCRYPTION_ERROR);
        }
    }

    public String[][] getAllDBData() throws SecureVaultException {
        if (isTimedOut()) {
            return null;
        }
        return getDBData(null, null, null, -1L);
    }

    public String[][] getAllNameValuePairs() throws SecureVaultException {
        return getAllNameValuePairs(null, -1L);
    }

    public String[][] getAllNameValuePairs(String str) throws SecureVaultException {
        return getAllNameValuePairs(str, -1L);
    }

    String[][] getAllNameValuePairs(String str, long j) throws SecureVaultException {
        if (isTimedOut()) {
            return null;
        }
        try {
            String[][] allNameValuePairs = SecureVaultDB.getAllNameValuePairs(this.myVaultAttr.mVAULT_NAME, VAULT_NAME_COL, "__VALUE", str, j);
            if (allNameValuePairs == null) {
                return null;
            }
            for (int i = 0; i < allNameValuePairs.length; i++) {
                allNameValuePairs[i][2] = new String(decrypt(SecureVaultUtility.hexDecode(allNameValuePairs[i][2])));
                allNameValuePairs[i][2] = allNameValuePairs[i][2].substring(8);
            }
            return allNameValuePairs;
        } catch (SecureVaultException e) {
            throw e;
        } catch (Exception e2) {
            throw new SecureVaultException("Error getting data from vault: " + e2.getMessage(), e2, SecureVaultException.SecureVaultErrors.DB_ERROR);
        }
    }

    public String[] getColNames() throws SQLException {
        String[] strArr = new String[this.myVaultColNames.length - 1];
        for (int i = 1; i < this.myVaultColNames.length; i++) {
            if (this.myVaultColNames[i].startsWith(VAULT_SALT_COL_PREF)) {
                strArr[i - 1] = this.myVaultColNames[i].substring(VAULT_SALT_COL_PREF.length());
            } else {
                strArr[i - 1] = this.myVaultColNames[i];
            }
        }
        return strArr;
    }

    public String[][] getDBData(String str, String str2, String[] strArr) throws SecureVaultException {
        if (isTimedOut()) {
            return null;
        }
        return getDBData(str, str2, strArr, -1L);
    }

    public SecureVaultAttr getMyVaultAttr() {
        return new SecureVaultAttr(this.myVaultAttr);
    }

    public String getMyVaultName() {
        if (this.myVaultAttr == null) {
            return null;
        }
        return this.myVaultAttr.mVAULT_NAME;
    }

    public boolean isOpen() {
        return (this.ec == null || this.dc == null) ? false : true;
    }

    public boolean moveEncryptedFile(Context context, String str, String str2, String str3, String str4, boolean z) throws SecureVaultException {
        String generateMAC;
        if (isTimedOut()) {
            throw new SecureVaultException("Vault timed out", SecureVaultException.SecureVaultErrors.VAULT_TOUT);
        }
        if (!(str2 == null && str4 == null) && (!SecureVaultUtility.isExternalStorageAvailable() || SecureVaultUtility.isExternalStorageReadOnly())) {
            throw new SecureVaultException("External storage error", SecureVaultException.SecureVaultErrors.EXTERNAL_STORAGE_ERROR);
        }
        try {
            byte[] readInternalStoragePrivate = str2 == null ? SecureVaultUtility.readInternalStoragePrivate(context, str) : SecureVaultUtility.readExternalStoragePublic(str2, str);
            if (str4 == null) {
                if (!SecureVaultUtility.writeInternalStoragePrivate(context, str3, readInternalStoragePrivate)) {
                    throw new SecureVaultException("Error writing output file", SecureVaultException.SecureVaultErrors.FILE_IO_ERROR);
                }
                generateMAC = SecureVaultUtility.generateMAC(new String(readInternalStoragePrivate));
            } else {
                if (!SecureVaultUtility.writeToExternalStoragePublic(str4, str3, readInternalStoragePrivate)) {
                    throw new SecureVaultException("Error writing output file", SecureVaultException.SecureVaultErrors.FILE_IO_ERROR);
                }
                generateMAC = SecureVaultUtility.generateMAC(new String(readInternalStoragePrivate));
            }
            if (z) {
                addUpdateFileMAC(str3, str4, generateMAC);
            }
            if (str2 != null) {
                new File(String.valueOf(str2) + File.separatorChar + str).delete();
            } else {
                context.deleteFile(str);
            }
            removeFileEntry(str, str2);
            return true;
        } catch (Exception e) {
            throw new SecureVaultException("Move file failed: " + e.getMessage(), e, SecureVaultException.SecureVaultErrors.FILE_IO_ERROR);
        }
    }

    public boolean putDBData(String[][] strArr) throws SecureVaultException {
        if (isTimedOut() || strArr == null) {
            return false;
        }
        for (int i = 0; i < strArr.length; i++) {
            if (isSaltColumn(strArr[i][0])) {
                strArr[i][0] = VAULT_SALT_COL_PREF + strArr[i][0];
                strArr[i][1] = SecureVaultUtility.hexEncode(encrypt((String.valueOf(SecureVaultUtility.hexEncode(SecureVaultUtility.generateSalt(4))) + strArr[i][1]).getBytes()));
            } else if (this.myVaultAttr.mVAULT_QUERY_ENC) {
                strArr[i][1] = SecureVaultUtility.hexEncode(encrypt(strArr[i][1].getBytes()));
            }
        }
        return SecureVaultDB.putDBData(this.myVaultAttr.mVAULT_NAME, strArr);
    }

    public boolean putNameValue(String str, String str2) throws SecureVaultException {
        if (isTimedOut()) {
            return false;
        }
        return SecureVaultDB.putNameValue(this.myVaultAttr.mVAULT_NAME, VAULT_NAME_COL, "__VALUE", str, SecureVaultUtility.hexEncode(encrypt((String.valueOf(SecureVaultUtility.hexEncode(SecureVaultUtility.generateSalt(4))) + str2).getBytes())));
    }

    public boolean removeFileEntry(String str, String str2) {
        try {
            return deleteDBData("OBJLOC = ?", new String[]{String.valueOf(str2) + File.separatorChar + str});
        } catch (Exception e) {
            return false;
        }
    }

    public boolean restoreKey(String str, String str2, String str3, String str4, String str5, String str6, String str7, PasswordPolicy passwordPolicy) throws Exception {
        if (str5 == null || str7 == null) {
            throw new SecureVaultException("SecureVault password can not be null", SecureVaultException.SecureVaultErrors.NO_PIN);
        }
        if (passwordPolicy == null) {
            passwordPolicy = new PasswordPolicy();
        }
        if (!passwordPolicy.isPasswordCompliantWithPolicy(str7)) {
            throw new SecureVaultException("SecureVault password does not meet minimum password strength requirements", SecureVaultException.SecureVaultErrors.NON_COMPLIANT_PIN);
        }
        SecureVaultAttr vaultAttr = SecureVaultDB.getVaultAttr(str);
        if (!SecureVaultUtility.verifyMAC(String.valueOf(str) + vaultAttr.mVAULT_TYPE + vaultAttr.mVAULT_ALGO + Boolean.toString(vaultAttr.mVAULT_QUERY_ENC) + vaultAttr.mVAULT_IDLE_TOUT + vaultAttr.mVAULT_PIN_TOUT + vaultAttr.mVAULT_FLAGS + vaultAttr.mVAULT_PIN_LOCK_COUNT + vaultAttr.mVAULT_PIN_LOCK_TOUT_SECS + vaultAttr.mVAULT_LAST_PIN_FAIL + vaultAttr.mVAULT_FAIL_PIN_COUNT, vaultAttr.mVAULT_MAC)) {
            throw new SecureVaultException("MAC verification failed", SecureVaultException.SecureVaultErrors.MAC_VERIFICATION_FAILED);
        }
        byte[] verifyGetSessionKey = verifyGetSessionKey(vaultAttr, str5, SecureVaultUtility.hexDecode(str3), str2, str4, DEFAULT_ALGO);
        if (verifyGetSessionKey == null) {
            throw new SecureVaultException("Key verification failed", SecureVaultException.SecureVaultErrors.KEY_VERIFY_ERROR);
        }
        return changePIN(vaultAttr.mVAULT_ID, str, vaultAttr.mVAULT_IV, SecureVaultUtility.Algos.valueOf(vaultAttr.mVAULT_ALGO), verifyGetSessionKey, str6, str7, true) != null;
    }

    public boolean updateDBData(String[][] strArr, String str, String[] strArr2) throws SecureVaultException {
        if (isTimedOut() || strArr == null) {
            return false;
        }
        for (int i = 0; i < strArr.length; i++) {
            if (isSaltColumn(strArr[i][0])) {
                strArr[i][0] = VAULT_SALT_COL_PREF + strArr[i][0];
                strArr[i][1] = SecureVaultUtility.hexEncode(encrypt((String.valueOf(SecureVaultUtility.hexEncode(SecureVaultUtility.generateSalt(4))) + strArr[i][1]).getBytes()));
            } else if (this.myVaultAttr.mVAULT_QUERY_ENC) {
                strArr[i][1] = SecureVaultUtility.hexEncode(encrypt(strArr[i][1].getBytes()));
            }
        }
        for (int i2 = 0; i2 < strArr2.length; i2++) {
            if (this.myVaultAttr.mVAULT_QUERY_ENC) {
                strArr2[i2] = SecureVaultUtility.hexEncode(encrypt(strArr2[i2].getBytes()));
            }
        }
        return SecureVaultDB.updateDBData(this.myVaultAttr.mVAULT_NAME, strArr, str, strArr2);
    }

    public boolean updateVaultParams(long j, long j2, PasswordPolicy passwordPolicy) throws SecureVaultException {
        if (isTimedOut() || !isOpen()) {
            return false;
        }
        return SecureVaultDB.updateVaultParams(this.myVaultAttr.mVAULT_ID, new Long(j).toString(), new Long(j2).toString(), passwordPolicy, SecureVaultUtility.generateMAC(String.valueOf(this.myVaultAttr.mVAULT_NAME) + this.myVaultAttr.mVAULT_TYPE + this.myVaultAttr.mVAULT_ALGO + Boolean.toString(this.myVaultAttr.mVAULT_QUERY_ENC) + new Long(j).toString() + new Long(j2).toString() + this.myVaultAttr.mVAULT_FLAGS + new Integer(passwordPolicy.getMaxLockCount()).toString() + new Integer(passwordPolicy.getLockTimeOutinSecs()).toString() + this.myVaultAttr.mVAULT_LAST_PIN_FAIL + this.myVaultAttr.mVAULT_FAIL_PIN_COUNT));
    }
}
