package com.android.server.locksettings;

import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Slog;
import android.util.SparseArray;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.util.ArrayUtils;
import com.android.internal.widget.LockscreenCredential;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.util.Arrays;
import java.util.concurrent.TimeUnit;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

@VisibleForTesting
/* loaded from: classes2.dex */
public class UnifiedProfilePasswordCache {
    public static final int CACHE_TIMEOUT_SECONDS = (int) TimeUnit.DAYS.toSeconds(7);
    public final SparseArray mEncryptedPasswords = new SparseArray();
    public final KeyStore mKeyStore;

    public UnifiedProfilePasswordCache(KeyStore keyStore) {
        this.mKeyStore = keyStore;
    }

    public static String getEncryptionKeyName(int i) {
        return "com.android.server.locksettings.unified_profile_cache_v2_" + i;
    }

    public static String getLegacyEncryptionKeyName(int i) {
        return "com.android.server.locksettings.unified_profile_cache_" + i;
    }

    public void removePassword(int i) {
        synchronized (this.mEncryptedPasswords) {
            try {
                String encryptionKeyName = getEncryptionKeyName(i);
                String legacyEncryptionKeyName = getLegacyEncryptionKeyName(i);
                try {
                    if (this.mKeyStore.containsAlias(encryptionKeyName)) {
                        this.mKeyStore.deleteEntry(encryptionKeyName);
                    }
                    if (this.mKeyStore.containsAlias(legacyEncryptionKeyName)) {
                        this.mKeyStore.deleteEntry(legacyEncryptionKeyName);
                    }
                } catch (KeyStoreException e) {
                    Slog.d("UnifiedProfilePasswordCache", "Cannot delete key", e);
                }
                if (this.mEncryptedPasswords.contains(i)) {
                    Arrays.fill((byte[]) this.mEncryptedPasswords.get(i), (byte) 0);
                    this.mEncryptedPasswords.remove(i);
                }
            } catch (Throwable th) {
                throw th;
            }
        }
    }

    public LockscreenCredential retrievePassword(int i) {
        synchronized (this.mEncryptedPasswords) {
            byte[] bArr = (byte[]) this.mEncryptedPasswords.get(i);
            if (bArr == null) {
                return null;
            }
            try {
                Key key = this.mKeyStore.getKey(getEncryptionKeyName(i), null);
                if (key == null) {
                    return null;
                }
                byte[] copyOf = Arrays.copyOf(bArr, 12);
                byte[] copyOfRange = Arrays.copyOfRange(bArr, 12, bArr.length);
                try {
                    try {
                        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                        cipher.init(2, key, new GCMParameterSpec(128, copyOf));
                        byte[] doFinal = cipher.doFinal(copyOfRange);
                        LockscreenCredential createUnifiedProfilePassword = LockscreenCredential.createUnifiedProfilePassword(doFinal);
                        Arrays.fill(doFinal, (byte) 0);
                        return createUnifiedProfilePassword;
                    } catch (UserNotAuthenticatedException e) {
                        Slog.i("UnifiedProfilePasswordCache", "Device not unlocked for more than 7 days");
                        return null;
                    }
                } catch (GeneralSecurityException e2) {
                    Slog.d("UnifiedProfilePasswordCache", "Cannot decrypt", e2);
                    return null;
                }
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e3) {
                Slog.d("UnifiedProfilePasswordCache", "Cannot get key", e3);
                return null;
            }
        }
    }

    public void storePassword(int i, LockscreenCredential lockscreenCredential, long j) {
        if (j == 0) {
            return;
        }
        synchronized (this.mEncryptedPasswords) {
            try {
                if (this.mEncryptedPasswords.contains(i)) {
                    return;
                }
                String encryptionKeyName = getEncryptionKeyName(i);
                try {
                    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", this.mKeyStore.getProvider());
                    keyGenerator.init(new KeyGenParameterSpec.Builder(encryptionKeyName, 3).setKeySize(256).setBlockModes("GCM").setNamespace(SyntheticPasswordCrypto.keyNamespace()).setEncryptionPaddings("NoPadding").setUserAuthenticationRequired(true).setBoundToSpecificSecureUserId(j).setUserAuthenticationValidityDurationSeconds(CACHE_TIMEOUT_SECONDS).build());
                    SecretKey generateKey = keyGenerator.generateKey();
                    try {
                        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                        cipher.init(1, generateKey);
                        this.mEncryptedPasswords.put(i, ArrayUtils.concat(new byte[][]{cipher.getIV(), cipher.doFinal(lockscreenCredential.getCredential())}));
                    } catch (GeneralSecurityException e) {
                        Slog.d("UnifiedProfilePasswordCache", "Cannot encrypt", e);
                    }
                } catch (GeneralSecurityException e2) {
                    Slog.e("UnifiedProfilePasswordCache", "Cannot generate key", e2);
                }
            } catch (Throwable th) {
                throw th;
            }
        }
    }
}
