package com.cisco.anyconnect.vpn.android.service;

import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.os.Build;
import android.os.Bundle;
import android.os.ResultReceiver;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.cisco.anyconnect.vpn.android.avf.R;
import com.cisco.anyconnect.vpn.android.localization.UITranslator;
import com.cisco.anyconnect.vpn.android.util.AppLog;
import java.security.Key;
import java.security.KeyStore;
import java.security.UnrecoverableKeyException;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* loaded from: classes.dex */
public class CredentialManager {
    private static final String CREDENTIALS_FILENAME = "Credentials";
    private static final String HOST_KEY = "host";
    private static final String IV_KEY = "iv";
    private static final String PASSWORD_KEY = "password";
    private static final String USERNAME_KEY = "username";
    private ICredentialManagerCB mCB;
    private Context mContext;
    private KeyStore mKeyStore;

    /* loaded from: classes.dex */
    public interface ICredentialManagerCB {
        void savedCredentialsCB(String str, String str2);
    }

    public CredentialManager(Context context, ICredentialManagerCB iCredentialManagerCB) {
        this.mContext = context;
        this.mCB = iCredentialManagerCB;
        loadKeystore();
    }

    private void authenticateUser(String str, ResultReceiver resultReceiver) {
        Intent intent = new Intent(VpnActivityGlobals.FINGERPRINT_AUTH_INTENT);
        intent.putExtra("description", str);
        intent.putExtra("resultReceiver", resultReceiver);
        this.mContext.startActivity(intent);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Key generateKey(String str) {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            if (Build.VERSION.SDK_INT >= 23) {
                keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(60).build());
                SecretKey generateKey = keyGenerator.generateKey();
                AppLog.info(this, "Created credential encryption key for " + str);
                return generateKey;
            }
        } catch (Exception e) {
            AppLog.error(this, "Exception while generating credential encryption key", e);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void getCredentials(String str) {
        try {
            SharedPreferences sharedPreferences = this.mContext.getSharedPreferences(CREDENTIALS_FILENAME, 0);
            Cipher decryptCipher = getDecryptCipher(str.split("/")[0], new GCMParameterSpec(128, Base64.decode(sharedPreferences.getString(IV_KEY, ""), 0)));
            this.mCB.savedCredentialsCB(sharedPreferences.getString("username", null), new String(decryptCipher.doFinal(Base64.decode(sharedPreferences.getString("password", ""), 0))));
        } catch (Exception e) {
            AppLog.error(this, "Exception retrieving saved credentials", e);
        }
    }

    private Cipher getDecryptCipher(String str, AlgorithmParameterSpec algorithmParameterSpec) {
        Key key = getKey(str);
        if (key != null) {
            try {
                Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                cipher.init(2, key, algorithmParameterSpec);
                return cipher;
            } catch (Exception e) {
                AppLog.error(this, "Exception while initializing decrypt cipher", e);
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Key getKey(String str) {
        if (!loadKeystore()) {
            return null;
        }
        try {
            Key key = this.mKeyStore.getKey(str, null);
            if (key != null) {
                return key;
            }
            AppLog.error(this, "Credential key for " + str + " not found");
            return null;
        } catch (UnrecoverableKeyException e) {
            AppLog.error(this, "Key invalidated, deleting saved credentials for " + str);
            deleteCredentials(str);
            return null;
        } catch (Exception e2) {
            AppLog.error(this, "Exception getting credential encryption key", e2);
            return null;
        }
    }

    private boolean loadKeystore() {
        if (this.mKeyStore != null) {
            return true;
        }
        try {
            this.mKeyStore = KeyStore.getInstance("AndroidKeyStore");
            this.mKeyStore.load(null);
            return true;
        } catch (Exception e) {
            AppLog.error(this, "Exception loading AndroidKeyStore", e);
            return false;
        }
    }

    public void deleteCredentials(String str) {
        if (loadKeystore()) {
            String str2 = str.split("/")[0];
            try {
                this.mKeyStore.deleteEntry(str2);
                this.mContext.getSharedPreferences(CREDENTIALS_FILENAME, 0).edit().clear().commit();
                AppLog.info(this, "Cleared saved credentials");
            } catch (Exception e) {
                AppLog.error(this, "Exception deleting credential encryption key " + str2, e);
            }
        }
    }

    public void getSavedCredentials(String str, String str2) {
        String string = str2 == null ? UITranslator.getString(R.string.fingerprint_auth_use_saved_credentials) : String.format(UITranslator.getString(R.string.fingerprint_auth_use_saved_credentials_with_group), str2);
        final String str3 = str.split("/")[0];
        authenticateUser(string, new ResultReceiver(null) { // from class: com.cisco.anyconnect.vpn.android.service.CredentialManager.1
            @Override // android.os.ResultReceiver
            protected void onReceiveResult(int i, Bundle bundle) {
                if (i == -1) {
                    CredentialManager.this.getCredentials(str3);
                }
            }
        });
    }

    public boolean haveSavedCredentials(String str) {
        String str2 = str.split("/")[0];
        return this.mContext.getSharedPreferences(CREDENTIALS_FILENAME, 0).getString("host", "").equals(str2) && getKey(str2) != null;
    }

    public void saveCredentials(final String str, final String str2, final String str3) {
        authenticateUser(UITranslator.getString(R.string.fingerprint_auth_save_credentials), new ResultReceiver(null) { // from class: com.cisco.anyconnect.vpn.android.service.CredentialManager.2
            @Override // android.os.ResultReceiver
            protected void onReceiveResult(int i, Bundle bundle) {
                if (i == -1) {
                    try {
                        if (str2.isEmpty() || str3.isEmpty()) {
                            AppLog.error(this, "Unable to save credentials due to empty username or password");
                            return;
                        }
                        String str4 = str.split("/")[0];
                        if (CredentialManager.this.haveSavedCredentials(str4)) {
                            CredentialManager.this.deleteCredentials(str4);
                        }
                        Key key = CredentialManager.this.getKey(str4);
                        if (key == null && (key = CredentialManager.this.generateKey(str4)) == null) {
                            AppLog.error(this, "Encryption key null, unable to save credentials");
                            return;
                        }
                        SharedPreferences.Editor edit = CredentialManager.this.mContext.getSharedPreferences(CredentialManager.CREDENTIALS_FILENAME, 0).edit();
                        edit.putString("host", str4);
                        edit.putString("username", str2);
                        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                        cipher.init(1, key);
                        edit.putString("password", Base64.encodeToString(cipher.doFinal(str3.getBytes()), 0));
                        edit.putString(CredentialManager.IV_KEY, Base64.encodeToString(cipher.getIV(), 0));
                        edit.commit();
                        AppLog.info(this, "Successfully saved credentials for host " + str4 + " and user " + str2);
                    } catch (Exception e) {
                        AppLog.error(this, "Exception saving credentials", e);
                    }
                }
            }
        });
    }
}
