package com.sybase.persistence;

import android.util.Log;
import java.util.Arrays;
import javax.crypto.SecretKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public final class Gatekeeper {
    private static final String ERR_MSG_PASSWORD_EXPIRED = "Password has expired.";
    private static final String ERR_MSG_USED_DERIVATION_UNKNOWN = "The method using which the encryption keys were computed for this data vault are not known. This can happen in case the data vault is corrupted or the library is malfunctioning.";
    private final EncryptionKeyDerivation[] additionalDerivations;
    private final String dataVaultId;
    private DataEntryEncryptionKeys keys;
    private final DataVaultLifecycleManager<?> lifecycleManager;
    private final MetaInformation metaInformation;
    private final EncryptionKeyDerivation preferredDerivation;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public final class UnlockProcess {
        private final char[] password;
        final DataEntryEncryptionKeys preferredKeys;
        final EncryptionKeyDerivation successfulDerivation;
        final DataEntryEncryptionKeys successfulKeys;

        private UnlockProcess(DataEntryEncryptionKeys dataEntryEncryptionKeys, EncryptionKeyDerivation encryptionKeyDerivation, DataEntryEncryptionKeys dataEntryEncryptionKeys2, char[] cArr) {
            this.successfulKeys = dataEntryEncryptionKeys;
            this.successfulDerivation = encryptionKeyDerivation;
            this.preferredKeys = dataEntryEncryptionKeys2;
            this.password = cArr;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        /* JADX WARN: Removed duplicated region for block: B:17:0x0077 A[Catch: all -> 0x001b, TryCatch #0 {all -> 0x001b, blocks: (B:26:0x0005, B:28:0x0009, B:15:0x0066, B:17:0x0077, B:18:0x007c, B:24:0x007a, B:4:0x0020, B:6:0x0024, B:8:0x0045, B:11:0x0057, B:12:0x0060, B:14:0x0061), top: B:25:0x0005 }] */
        /* JADX WARN: Removed duplicated region for block: B:21:0x008e  */
        /* JADX WARN: Removed duplicated region for block: B:23:? A[RETURN, SYNTHETIC] */
        /* JADX WARN: Removed duplicated region for block: B:24:0x007a A[Catch: all -> 0x001b, TryCatch #0 {all -> 0x001b, blocks: (B:26:0x0005, B:28:0x0009, B:15:0x0066, B:17:0x0077, B:18:0x007c, B:24:0x007a, B:4:0x0020, B:6:0x0024, B:8:0x0045, B:11:0x0057, B:12:0x0060, B:14:0x0061), top: B:25:0x0005 }] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public void complete(boolean r10, boolean r11) {
            /*
                r9 = this;
                r0 = 0
                r1 = 0
                if (r10 == 0) goto L1e
                char[] r3 = r9.password     // Catch: java.lang.Throwable -> L1b
                if (r3 != 0) goto L1e
                com.sybase.persistence.Gatekeeper r10 = com.sybase.persistence.Gatekeeper.this     // Catch: java.lang.Throwable -> L1b
                com.sybase.persistence.MetaInformation r10 = com.sybase.persistence.Gatekeeper.access$100(r10)     // Catch: java.lang.Throwable -> L1b
                com.sybase.persistence.DataEntryEncryptionKeys r3 = r9.successfulKeys     // Catch: java.lang.Throwable -> L1b
                com.sybase.persistence.DataVault$DVPasswordPolicy r10 = r10.getPolicy(r3)     // Catch: java.lang.Throwable -> L1b
                char[] r3 = r9.password     // Catch: java.lang.Throwable -> L1b
                r10.validatePassword(r3)     // Catch: java.lang.Throwable -> L1b
                goto L66
            L1b:
                r10 = move-exception
                goto L92
            L1e:
                if (r10 == 0) goto L66
                char[] r10 = r9.password     // Catch: java.lang.Throwable -> L1b
                if (r10 == 0) goto L66
                com.sybase.persistence.Gatekeeper r10 = com.sybase.persistence.Gatekeeper.this     // Catch: java.lang.Throwable -> L1b
                com.sybase.persistence.MetaInformation r10 = com.sybase.persistence.Gatekeeper.access$100(r10)     // Catch: java.lang.Throwable -> L1b
                com.sybase.persistence.DataEntryEncryptionKeys r3 = r9.successfulKeys     // Catch: java.lang.Throwable -> L1b
                com.sybase.persistence.DataVault$DVPasswordPolicy r10 = r10.getPolicy(r3)     // Catch: java.lang.Throwable -> L1b
                int r3 = r10.getExpirationDays()     // Catch: java.lang.Throwable -> L1b
                int r3 = r3 * 24
                int r3 = r3 * 60
                int r3 = r3 * 60
                int r3 = r3 * 1000
                long r3 = (long) r3     // Catch: java.lang.Throwable -> L1b
                long r5 = java.lang.System.currentTimeMillis()     // Catch: java.lang.Throwable -> L1b
                int r7 = (r3 > r1 ? 1 : (r3 == r1 ? 0 : -1))
                if (r7 == 0) goto L61
                com.sybase.persistence.Gatekeeper r7 = com.sybase.persistence.Gatekeeper.this     // Catch: java.lang.Throwable -> L1b
                com.sybase.persistence.MetaInformation r7 = com.sybase.persistence.Gatekeeper.access$100(r7)     // Catch: java.lang.Throwable -> L1b
                com.sybase.persistence.DataEntryEncryptionKeys r8 = r9.successfulKeys     // Catch: java.lang.Throwable -> L1b
                long r7 = r7.getLastPasswordResetTime(r8)     // Catch: java.lang.Throwable -> L1b
                long r5 = r5 - r7
                int r7 = (r5 > r3 ? 1 : (r5 == r3 ? 0 : -1))
                if (r7 > 0) goto L57
                goto L61
            L57:
                com.sybase.persistence.DataVaultException r11 = new com.sybase.persistence.DataVaultException     // Catch: java.lang.Throwable -> L1b
                java.lang.String r1 = "Password has expired."
                r2 = 57
                r11.<init>(r1, r2, r10)     // Catch: java.lang.Throwable -> L1b
                throw r11     // Catch: java.lang.Throwable -> L1b
            L61:
                char[] r3 = r9.password     // Catch: java.lang.Throwable -> L1b
                r10.validatePassword(r3)     // Catch: java.lang.Throwable -> L1b
            L66:
                com.sybase.persistence.Gatekeeper r10 = com.sybase.persistence.Gatekeeper.this     // Catch: java.lang.Throwable -> L1b
                com.sybase.persistence.MetaInformation r10 = com.sybase.persistence.Gatekeeper.access$100(r10)     // Catch: java.lang.Throwable -> L1b
                r10.setRetryCount(r1)     // Catch: java.lang.Throwable -> L1b
                com.sybase.persistence.Gatekeeper r10 = com.sybase.persistence.Gatekeeper.this     // Catch: java.lang.Throwable -> L1b
                com.sybase.persistence.MetaInformation r10 = com.sybase.persistence.Gatekeeper.access$100(r10)     // Catch: java.lang.Throwable -> L1b
                if (r11 == 0) goto L7a
                com.sybase.persistence.DataEntryEncryptionKeys r11 = r9.preferredKeys     // Catch: java.lang.Throwable -> L1b
                goto L7c
            L7a:
                com.sybase.persistence.DataEntryEncryptionKeys r11 = r9.successfulKeys     // Catch: java.lang.Throwable -> L1b
            L7c:
                long r1 = java.lang.System.currentTimeMillis()     // Catch: java.lang.Throwable -> L1b
                r10.setLastUnlockTime(r11, r1)     // Catch: java.lang.Throwable -> L1b
                com.sybase.persistence.Gatekeeper r10 = com.sybase.persistence.Gatekeeper.this     // Catch: java.lang.Throwable -> L1b
                com.sybase.persistence.DataEntryEncryptionKeys r11 = r9.preferredKeys     // Catch: java.lang.Throwable -> L1b
                com.sybase.persistence.Gatekeeper.access$202(r10, r11)     // Catch: java.lang.Throwable -> L1b
                char[] r10 = r9.password
                if (r10 == 0) goto L91
                java.util.Arrays.fill(r10, r0)
            L91:
                return
            L92:
                char[] r11 = r9.password
                if (r11 == 0) goto L99
                java.util.Arrays.fill(r11, r0)
            L99:
                throw r10
            */
            throw new UnsupportedOperationException("Method not decompiled: com.sybase.persistence.Gatekeeper.UnlockProcess.complete(boolean, boolean):void");
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean isEncryptedWithPreferredKeys() {
            return this.successfulKeys == this.preferredKeys;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Gatekeeper(String str, DataVaultLifecycleManager<?> dataVaultLifecycleManager, MetaInformation metaInformation, EncryptionKeyDerivation encryptionKeyDerivation, EncryptionKeyDerivation... encryptionKeyDerivationArr) {
        this.dataVaultId = str;
        this.lifecycleManager = dataVaultLifecycleManager;
        this.metaInformation = metaInformation;
        this.preferredDerivation = encryptionKeyDerivation;
        this.additionalDerivations = (encryptionKeyDerivationArr == null || encryptionKeyDerivationArr.length <= 0) ? null : encryptionKeyDerivationArr;
    }

    private DataEntryEncryptionKeys createKeys(char[] cArr, EncryptionKeyDerivation encryptionKeyDerivation, boolean z) {
        SecretKey derive = encryptionKeyDerivation.derive(cArr, this.metaInformation.getEntryKeySalt());
        if (!z || this.metaInformation.isVersionNumberReadable(derive)) {
            return new DataEntryEncryptionKeys(derive, encryptionKeyDerivation.derive(cArr, this.metaInformation.getEntryValueSalt()));
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final UnlockProcess beginUnlock(char[] cArr) {
        EncryptionKeyDerivation encryptionKeyDerivation;
        byte[] preferredDerivationFingerprint = this.metaInformation.getPreferredDerivationFingerprint();
        if (preferredDerivationFingerprint == null) {
            DataEntryEncryptionKeys createKeys = createKeys(cArr, this.preferredDerivation, true);
            if (createKeys != null) {
                return new UnlockProcess(createKeys, this.preferredDerivation, createKeys, cArr);
            }
            EncryptionKeyDerivation[] encryptionKeyDerivationArr = this.additionalDerivations;
            if (encryptionKeyDerivationArr != null) {
                for (EncryptionKeyDerivation encryptionKeyDerivation2 : encryptionKeyDerivationArr) {
                    DataEntryEncryptionKeys createKeys2 = createKeys(cArr, encryptionKeyDerivation2, true);
                    if (createKeys2 != null) {
                        return new UnlockProcess(createKeys2, encryptionKeyDerivation2, createKeys(cArr, this.preferredDerivation, false), cArr);
                    }
                }
            }
        } else {
            if (!Arrays.equals(preferredDerivationFingerprint, this.preferredDerivation.fingerprint())) {
                EncryptionKeyDerivation[] encryptionKeyDerivationArr2 = this.additionalDerivations;
                int length = encryptionKeyDerivationArr2.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        encryptionKeyDerivation = null;
                        break;
                    }
                    EncryptionKeyDerivation encryptionKeyDerivation3 = encryptionKeyDerivationArr2[i];
                    if (Arrays.equals(preferredDerivationFingerprint, encryptionKeyDerivation3.fingerprint())) {
                        encryptionKeyDerivation = encryptionKeyDerivation3;
                        break;
                    }
                    i++;
                }
            } else {
                encryptionKeyDerivation = this.preferredDerivation;
            }
            if (encryptionKeyDerivation == null) {
                throw new DataVaultException(ERR_MSG_USED_DERIVATION_UNKNOWN, 0);
            }
            DataEntryEncryptionKeys createKeys3 = createKeys(cArr, encryptionKeyDerivation, true);
            if (createKeys3 != null) {
                return new UnlockProcess(createKeys3, encryptionKeyDerivation, this.preferredDerivation.equals(encryptionKeyDerivation) ? createKeys3 : createKeys(cArr, this.preferredDerivation, false), cArr);
            }
        }
        long retryCount = this.metaInformation.getRetryCount() + 1;
        this.metaInformation.setRetryCount(retryCount);
        long retryLimit = this.metaInformation.getRetryLimit();
        if (retryLimit <= 0 || retryCount <= retryLimit) {
            return null;
        }
        Log.w("DataVault", "Destroying data vault due to too many failed unlock attempts.");
        this.lifecycleManager.deleteVault(this.dataVaultId);
        throw new DataVaultException("Vault deleted", 3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean canBeOpenedWithDefaultPassword() {
        byte[] entryKeySalt = this.metaInformation.getEntryKeySalt();
        if (this.metaInformation.isVersionNumberReadable(this.preferredDerivation.derive(null, entryKeySalt))) {
            return true;
        }
        EncryptionKeyDerivation[] encryptionKeyDerivationArr = this.additionalDerivations;
        if (encryptionKeyDerivationArr != null) {
            for (EncryptionKeyDerivation encryptionKeyDerivation : encryptionKeyDerivationArr) {
                if (this.metaInformation.isVersionNumberReadable(encryptionKeyDerivation.derive(null, entryKeySalt))) {
                    return true;
                }
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void checkLockTimeout() {
        DataEntryEncryptionKeys dataEntryEncryptionKeys = this.keys;
        if (dataEntryEncryptionKeys != null) {
            long lockTimeout = this.metaInformation.getLockTimeout(dataEntryEncryptionKeys);
            if (lockTimeout == 0) {
                return;
            }
            long lastUnlockTime = this.metaInformation.getLastUnlockTime(this.keys);
            long currentTimeMillis = System.currentTimeMillis();
            if (lastUnlockTime > currentTimeMillis || currentTimeMillis - lastUnlockTime > lockTimeout * 1000) {
                lock();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final DataEntryEncryptionKeys getKeys() {
        return this.keys;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void lock() {
        this.keys = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void unlockDirectly(char[] cArr) {
        this.keys = createKeys(cArr, this.preferredDerivation, false);
    }
}
