package com.sec.knox.container.util;

import android.util.Log;
import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import com.sec.knox.container.util.DaemonConnector;
import defpackage.ajb;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public class KeyManagementUtil implements IDaemonConnectorCallbacks {
    public static final int CMK_FORMAT_16_BYTE = 16;
    public static final int CMK_FORMAT_32_BYTE = 32;
    public static final int CMK_LEN = 32;
    private static final String CMK_MDM_FILE = "ECMK_MDM";
    private static final String CMK_PWD_FILE = "ECMK_PWD";
    private static final String KEK_MDM_FILE = "KEK_MDM";
    private static final String KEK_PWD_FILE = "KEK_PWD";
    public static final int MAX_LENGTH = 32;
    private static final int MAX_SALT_LENGTH = 32;
    private static final String SDP_SOCKET_NAME = "sdp";
    private static final String SDP_SUB_CMD_CHANGE_KEK = "change_kek";
    private static final String SDP_SUB_CMD_CHANGE_PWD_AND_GET_DEK = "change_pwd_and_get_dek";
    private static final String SDP_SUB_CMD_CREATE_KEK_MDM = "create_kek_mdm";
    private static final String SDP_SUB_CMD_CREATE_KEK_PWD = "create_kek_pwd";
    private static final String SDP_SUB_CMD_GET_ECRYPTFSKEY_SKMM1 = "get_ecryptfskey_skmm1";
    private static final String SDP_SUB_CMD_IS_SKMM_SUPPORTED = "is_skmm_supported";
    private static final String SDP_SUB_CMD_VERIFY_KEK_MDM = "verify_kek_mdm";
    private static final String SDP_SUB_CMD_VERIFY_KEK_PWD = "verify_kek_pwd";
    private static final int SEC_ODE_KM_KEY_SIZE_BYTES = 32;
    static final String TAG = "KeyManagementUtil";
    public static final int TYPE_PASSWORD = 1;
    public static final int TYPE_RST_TOKEN = 2;
    private static KeyManagementUtil mKeyManagementUtil = null;
    private DaemonConnector mConnector;
    private boolean mReady = false;
    private final Object mSkmmLock = new Object();

    /* loaded from: classes2.dex */
    static class Request {
        static final String SDP_KEY_CMD = "keymanagement_cmd";

        private Request() {
        }
    }

    /* loaded from: classes2.dex */
    static class SdpResponseCode {
        static final int CommandFailed = 281;
        static final int CommandKey = 700;
        static final int CommandNoPermission = 502;
        static final int CommandOkay = 200;
        static final int CommandOngoing = 201;
        static final int CommandParameterError = 501;
        static final int CommandSyntaxError = 500;
        static final int OperationFailed = 400;
        static final int UnsolicitedInformation = 600;

        private SdpResponseCode() {
        }
    }

    private KeyManagementUtil() {
        createConnector();
    }

    private static byte[] aesDecrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        Cipher cipher;
        byte[] bArr4 = null;
        if (bArr2 == null || !(bArr2.length == 16 || bArr2.length == 24 || bArr2.length == 32)) {
            if (bArr2 == null) {
                return null;
            }
            Log.d(TAG, "inside aesDecrypt - bad length: " + bArr2.length);
            return null;
        }
        if (bArr3 != null && bArr3.length != 16) {
            return null;
        }
        try {
            if (bArr3 != null) {
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "AES/CBC/PKCS7Padding");
                cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "AndroidOpenSSL");
                cipher.init(2, secretKeySpec, new IvParameterSpec(bArr3));
            } else {
                SecretKeySpec secretKeySpec2 = new SecretKeySpec(bArr2, "AES/ECB/PKCS7Padding");
                cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "AndroidOpenSSL");
                cipher.init(2, secretKeySpec2);
            }
            bArr4 = cipher.doFinal(bArr);
            return bArr4;
        } catch (Exception e) {
            e.printStackTrace();
            Log.e(TAG, "Error inside aesDecrypt ");
            return bArr4;
        }
    }

    private static byte[] aesEncrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        Cipher cipher;
        byte[] bArr4 = null;
        if (bArr2 == null || !(bArr2.length == 16 || bArr2.length == 24 || bArr2.length == 32)) {
            if (bArr2 == null) {
                return null;
            }
            Log.d(TAG, " inside aesEncrypt - bad length: " + bArr2.length);
            return null;
        }
        if (bArr3 != null && bArr3.length != 16) {
            return null;
        }
        try {
            if (bArr3 != null) {
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "AES/CBC/PKCS7Padding");
                cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "AndroidOpenSSL");
                cipher.init(1, secretKeySpec, new IvParameterSpec(bArr3));
            } else {
                SecretKeySpec secretKeySpec2 = new SecretKeySpec(bArr2, "AES/ECB/PKCS7Padding");
                cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "AndroidOpenSSL");
                cipher.init(1, secretKeySpec2);
            }
            bArr4 = cipher.doFinal(bArr);
            return bArr4;
        } catch (Exception e) {
            e.printStackTrace();
            Log.e(TAG, "error inside aesEncrypt ");
            return bArr4;
        }
    }

    private DaemonEvent command(DaemonConnector.Command command) {
        DaemonEvent execute;
        if (this.mConnector != null) {
            try {
                execute = this.mConnector.execute(command);
                logD("event called.");
            } catch (DaemonConnectorException e) {
                logE("Failed to send command" + e.toString());
                return null;
            }
        } else {
            execute = null;
        }
        return execute;
    }

    private void createConnector() {
        logD("createConnector() for socket sdp");
        this.mConnector = new DaemonConnector(this, SDP_SOCKET_NAME, 500, TAG, 160);
        new Thread((Runnable) this.mConnector, TAG).start();
    }

    private boolean generateECMKWithMdm(int i, String str, byte[] bArr) {
        boolean z = false;
        if (str != null && bArr != null) {
            try {
                byte[] aesEncrypt = aesEncrypt(Base64.decode(str, 0), bArr, null);
                if (aesEncrypt == null) {
                    Log.e(TAG, "encBytes is null in generateECMKWithMdm ");
                } else {
                    z = storeInFile("/data/system/users/" + i + ajb.kj + CMK_MDM_FILE, aesEncrypt);
                }
            } catch (Exception e) {
                e.printStackTrace();
                Log.e(TAG, "Error inside generateECMKWithMdm ");
            }
        }
        return z;
    }

    private boolean generateECMKWithPwd(int i, String str, byte[] bArr) {
        boolean z = false;
        if (str != null && bArr != null) {
            try {
                byte[] aesEncrypt = aesEncrypt(Base64.decode(str, 0), bArr, null);
                if (aesEncrypt == null) {
                    Log.e(TAG, "encBytes is null  ");
                } else {
                    z = storeInFile("/data/system/users/" + i + ajb.kj + CMK_PWD_FILE, aesEncrypt);
                }
            } catch (Exception e) {
                e.printStackTrace();
                Log.e(TAG, "inside Error generateECMKWithPwd  ");
            }
        }
        return z;
    }

    private static byte[] generateSalt() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    public static synchronized KeyManagementUtil getInstance() {
        KeyManagementUtil keyManagementUtil;
        synchronized (KeyManagementUtil.class) {
            if (mKeyManagementUtil == null) {
                mKeyManagementUtil = new KeyManagementUtil();
            }
            keyManagementUtil = mKeyManagementUtil;
        }
        return keyManagementUtil;
    }

    private byte[] getKeyFromFile(String str) {
        FileInputStream fileInputStream;
        byte[] bArr = null;
        try {
            if (str != null) {
                try {
                    fileInputStream = new FileInputStream(new File(str));
                    try {
                        bArr = new byte[fileInputStream.available()];
                        fileInputStream.read(bArr);
                        try {
                            fileInputStream.close();
                        } catch (IOException e) {
                        }
                    } catch (IOException e2) {
                        e = e2;
                        e.printStackTrace();
                        try {
                            fileInputStream.close();
                        } catch (IOException e3) {
                        }
                        return bArr;
                    }
                } catch (IOException e4) {
                    e = e4;
                    fileInputStream = null;
                } catch (Throwable th) {
                    fileInputStream = null;
                    th = th;
                    try {
                        fileInputStream.close();
                    } catch (IOException e5) {
                    }
                    throw th;
                }
            }
            return bArr;
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private byte[] getPadded(byte[] bArr, int i) {
        byte[] bArr2 = new byte[i];
        Arrays.fill(bArr2, 0, i, (byte) 0);
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        return bArr2;
    }

    private String getPlainCMKWithMdm(int i, byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        byte[] keyFromFile = getKeyFromFile("/data/system/users/" + i + ajb.kj + CMK_MDM_FILE);
        if (keyFromFile == null) {
            Log.d(TAG, "getPlainCMKWithMdm encCMK is null!!.");
            return null;
        }
        byte[] aesDecrypt = aesDecrypt(keyFromFile, bArr, null);
        if (aesDecrypt == null) {
            Log.d(TAG, "getPlainCMKWithMdm CMK is null!!.");
            return null;
        }
        String encodeToString = Base64.encodeToString(aesDecrypt, 0);
        zeroOut(aesDecrypt);
        return encodeToString;
    }

    private String getPlainCMKWithPwd(int i, byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        byte[] keyFromFile = getKeyFromFile("/data/system/users/" + i + ajb.kj + CMK_PWD_FILE);
        if (keyFromFile == null) {
            Log.d(TAG, "getPlainCMKWithPwd encCMK is null!!.");
            return null;
        }
        byte[] aesDecrypt = aesDecrypt(keyFromFile, bArr, null);
        if (aesDecrypt == null) {
            Log.d(TAG, "getPlainCMKWithPwd CMK is null!!.");
            return null;
        }
        String encodeToString = Base64.encodeToString(aesDecrypt, 0);
        zeroOut(aesDecrypt);
        return encodeToString;
    }

    private boolean isFailed(DaemonEvent daemonEvent) {
        return daemonEvent == null || daemonEvent.getCode() == 281;
    }

    private boolean isOnGoing(DaemonEvent daemonEvent) {
        return daemonEvent != null && daemonEvent.getCode() == 201;
    }

    private boolean isSuccess(DaemonEvent daemonEvent) {
        return daemonEvent != null && daemonEvent.getCode() == 200;
    }

    private static void logD(String str) {
        Log.d(TAG, str);
    }

    private static void logE(String str) {
        Log.e(TAG, str);
    }

    private String retrieveCMKWithoutVerify(int i, byte[] bArr, int i2, int i3) {
        switch (i3) {
            case 16:
                return i2 == 1 ? getOldPlainCMKWithPwd(i, bArr) : getOldPlainCMKWithMdm(i, bArr);
            case 32:
                return i2 == 1 ? getPlainCMKWithPwd(i, bArr) : getPlainCMKWithMdm(i, bArr);
            default:
                Log.e(TAG, "unknown algo-type : " + i2);
                return null;
        }
    }

    private boolean storeInFile(String str, byte[] bArr) {
        FileOutputStream fileOutputStream;
        Throwable th;
        boolean z;
        try {
            fileOutputStream = new FileOutputStream(new File(str));
        } catch (IOException e) {
            fileOutputStream = null;
        } catch (Throwable th2) {
            fileOutputStream = null;
            th = th2;
        }
        try {
            fileOutputStream.write(bArr);
            fileOutputStream.flush();
            z = true;
            try {
                fileOutputStream.close();
            } catch (IOException e2) {
            }
        } catch (IOException e3) {
            z = false;
            try {
                fileOutputStream.close();
            } catch (IOException e4) {
            }
            return z;
        } catch (Throwable th3) {
            th = th3;
            try {
                fileOutputStream.close();
            } catch (IOException e5) {
            }
            throw th;
        }
        return z;
    }

    private void waitForDaemonConnected() {
        int i = 10;
        while (!this.mReady && i > 0) {
            try {
                logD("Socket connection is not ready now..");
                Thread.sleep(100L);
                i--;
            } catch (Exception e) {
            }
        }
        if (this.mReady) {
            logD("Socket connection is ready!!");
        }
    }

    private void zeroOut(String str) {
        if (str != null) {
            str.clear();
        }
    }

    private void zeroOut(byte[] bArr) {
        if (bArr == null) {
            return;
        }
        Arrays.fill(bArr, 0, bArr.length, (byte) 0);
    }

    public boolean changePassword(int i, String str, String str2) {
        boolean z = false;
        Log.d(TAG, " inside changeKEK ");
        if (str2 != null && str != null) {
            if (!this.mReady) {
                Log.e(TAG, "SDP Socket is not connected!!");
                waitForDaemonConnected();
            }
            synchronized (this.mSkmmLock) {
                byte[] bytes = str.getBytes();
                byte[] bytes2 = str2.getBytes();
                String encodeToString = Base64.encodeToString(bytes, 0);
                String encodeToString2 = Base64.encodeToString(bytes2, 0);
                DaemonConnector.Command command = new DaemonConnector.Command("keymanagement_cmd", new Object[0]);
                command.appendArg(SDP_SUB_CMD_CHANGE_KEK);
                command.appendArg(Integer.valueOf(i));
                command.appendArg(encodeToString);
                command.appendArg(encodeToString2);
                command.appendArg(0);
                DaemonEvent command2 = command(command);
                zeroOut(bytes);
                zeroOut(bytes2);
                zeroOut(encodeToString);
                zeroOut(encodeToString2);
                z = isSuccess(command2);
            }
        }
        return z;
    }

    public String changePwdAndGetDEK(int i, String str, String str2, boolean z) {
        String str3 = null;
        Log.d(TAG, " inside changeKEK ");
        if (str != null) {
            if (this.mReady) {
                synchronized (this.mSkmmLock) {
                    byte[] bytes = str.getBytes();
                    byte[] bytes2 = str2.getBytes();
                    String encodeToString = Base64.encodeToString(bytes, 0);
                    String encodeToString2 = Base64.encodeToString(bytes2, 0);
                    DaemonConnector.Command command = new DaemonConnector.Command("keymanagement_cmd", new Object[0]);
                    command.appendArg(SDP_SUB_CMD_CHANGE_PWD_AND_GET_DEK);
                    command.appendArg(Integer.valueOf(i));
                    command.appendArg(encodeToString);
                    command.appendArg(encodeToString2);
                    command.appendArg(Integer.valueOf(z ? 1 : 0));
                    DaemonEvent command2 = command(command);
                    if (isFailed(command2)) {
                        zeroOut(bytes);
                        zeroOut(bytes2);
                        zeroOut(encodeToString);
                        zeroOut(encodeToString2);
                    } else {
                        str3 = command2.getMessage();
                        zeroOut(bytes);
                        zeroOut(bytes2);
                        zeroOut(encodeToString);
                        zeroOut(encodeToString2);
                    }
                }
            } else {
                Log.e(TAG, "SDP Socket is not connected!!");
            }
        }
        return str3;
    }

    public String changePwdAndretrieveCMK(int i, String str, String str2, int i2, int i3) {
        byte[] decode;
        byte[] bArr;
        String changePwdAndGetDEK = changePwdAndGetDEK(i, str2, str, i2 == 2);
        if (changePwdAndGetDEK == null) {
            Log.e(TAG, "Failed to change and get DEK !!");
            return null;
        }
        if (i2 == 1) {
            bArr = Base64.decode(changePwdAndGetDEK, 0);
            decode = null;
        } else {
            if (i2 != 2) {
                Log.e(TAG, "unknown pw-type : " + i2);
                zeroOut(changePwdAndGetDEK);
                return null;
            }
            String[] split = changePwdAndGetDEK.split(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
            byte[] decode2 = Base64.decode(split[0], 0);
            decode = Base64.decode(split[1], 0);
            zeroOut(split[0]);
            zeroOut(split[1]);
            bArr = decode2;
        }
        String retrieveCMKWithoutVerify = retrieveCMKWithoutVerify(i, bArr, i2, i3);
        if (i2 == 1) {
            zeroOut(bArr);
            zeroOut(decode);
            zeroOut(changePwdAndGetDEK);
            return retrieveCMKWithoutVerify;
        }
        if (i2 != 2) {
            zeroOut(bArr);
            zeroOut(decode);
            zeroOut(changePwdAndGetDEK);
            return null;
        }
        if (generateECMKWithPwd(i, retrieveCMKWithoutVerify, decode)) {
            zeroOut(bArr);
            zeroOut(decode);
            zeroOut(changePwdAndGetDEK);
            return retrieveCMKWithoutVerify;
        }
        Log.e(TAG, "Failed to generateECMKWithPwd!!");
        zeroOut(bArr);
        zeroOut(decode);
        zeroOut(changePwdAndGetDEK);
        return null;
    }

    public byte[] cmkToByte(String str) {
        return getPadded(Base64.decode(str, 0), 32);
    }

    public byte[] createKEKMdm(int i, String str) {
        byte[] bArr = null;
        Log.d(TAG, " inside createKEK ");
        if (str != null) {
            if (!this.mReady) {
                Log.e(TAG, "SDP Socket is not connected!!");
                waitForDaemonConnected();
            }
            synchronized (this.mSkmmLock) {
                byte[] bytes = str.getBytes();
                String encodeToString = Base64.encodeToString(bytes, 0);
                DaemonConnector.Command command = new DaemonConnector.Command("keymanagement_cmd", new Object[0]);
                command.appendArg(SDP_SUB_CMD_CREATE_KEK_MDM);
                command.appendArg(Integer.valueOf(i));
                command.appendArg(encodeToString);
                command.appendArg(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
                command.appendArg(0);
                DaemonEvent command2 = command(command);
                if (isFailed(command2)) {
                    zeroOut(bytes);
                    zeroOut(encodeToString);
                } else {
                    String message = command2.getMessage();
                    zeroOut(bytes);
                    zeroOut(encodeToString);
                    bArr = Base64.decode(message, 0);
                    zeroOut(message);
                }
            }
        }
        return bArr;
    }

    public byte[] createKEKPwd(int i, String str) {
        byte[] bArr = null;
        Log.d(TAG, " inside createKEK ");
        if (str != null) {
            if (!this.mReady) {
                Log.e(TAG, "SDP Socket is not connected!!");
                waitForDaemonConnected();
            }
            synchronized (this.mSkmmLock) {
                byte[] bytes = str.getBytes();
                String encodeToString = Base64.encodeToString(bytes, 0);
                DaemonConnector.Command command = new DaemonConnector.Command("keymanagement_cmd", new Object[0]);
                command.appendArg(SDP_SUB_CMD_CREATE_KEK_PWD);
                command.appendArg(Integer.valueOf(i));
                command.appendArg(encodeToString);
                command.appendArg(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
                command.appendArg(0);
                DaemonEvent command2 = command(command);
                if (isFailed(command2)) {
                    zeroOut(bytes);
                    zeroOut(encodeToString);
                } else {
                    String message = command2.getMessage();
                    zeroOut(bytes);
                    zeroOut(encodeToString);
                    bArr = Base64.decode(message, 0);
                    zeroOut(message);
                }
            }
        }
        return bArr;
    }

    public boolean generateAndStoreCMK(int i, String str, String str2) {
        String generateCMK = generateCMK(str);
        Log.i(TAG, "generateAndStoreCMK");
        if (generateCMK == null) {
            Log.e(TAG, "can't generate CMK");
            return false;
        }
        if (!storeCMK(i, generateCMK, str, 1)) {
            Log.e(TAG, "storeCMK(PW) failed");
            return false;
        }
        if (storeCMK(i, generateCMK, str2, 2)) {
            return true;
        }
        Log.e(TAG, "storeCMK(RST_TOKEN) failed");
        return false;
    }

    public String generateCMK(String str) {
        String str2 = null;
        if (str == null) {
            Log.e(TAG, "inside Error generateCMK password is NULL!!!!  ");
            return null;
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(generateSalt(), "HmacSHA256");
            Mac mac = Mac.getInstance("HmacSHA256", "AndroidOpenSSL");
            mac.init(secretKeySpec);
            byte[] bytes = str.getBytes();
            byte[] doFinal = mac.doFinal(bytes);
            str2 = Base64.encodeToString(doFinal, 0);
            zeroOut(bytes);
            zeroOut(doFinal);
            return str2;
        } catch (Exception e) {
            e.printStackTrace();
            Log.e(TAG, "Error inside generateCMK ");
            return str2;
        }
    }

    public byte[] generateEcryptfsKey(String str) {
        byte[] bArr = null;
        if (str == null) {
            return null;
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(generateSalt(), "HmacSHA256");
            Mac mac = Mac.getInstance("HmacSHA256", "AndroidOpenSSL");
            mac.init(secretKeySpec);
            byte[] bytes = str.getBytes();
            bArr = mac.doFinal(bytes);
            zeroOut(bytes);
            return bArr;
        } catch (Exception e) {
            e.printStackTrace();
            Log.e(TAG, "Error inside generateCMK ");
            return bArr;
        }
    }

    public String generatePasswordResetToken() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        String encodeToString = Base64.encodeToString(bArr, 0);
        zeroOut(bArr);
        return encodeToString;
    }

    public byte[] getEcryptfsKeySkmm1(int i, String str) {
        byte[] bArr = null;
        if (str != null) {
            if (!this.mReady) {
                Log.e(TAG, "SDP Socket is not connected!!");
                waitForDaemonConnected();
            }
            Log.d(TAG, " inside getEcryptfsKeySkmm1 ");
            synchronized (this.mSkmmLock) {
                DaemonConnector.Command command = new DaemonConnector.Command("keymanagement_cmd", new Object[0]);
                command.appendArg(SDP_SUB_CMD_GET_ECRYPTFSKEY_SKMM1);
                command.appendArg(Integer.valueOf(i));
                command.appendArg(Base64.encodeToString(str.getBytes(), 0));
                command.appendArg(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
                command.appendArg(0);
                DaemonEvent command2 = command(command);
                if (!isFailed(command2)) {
                    bArr = Base64.decode(command2.getMessage(), 0);
                }
            }
        }
        return bArr;
    }

    public String getOldPlainCMKWithMdm(int i, byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        byte[] keyFromFile = getKeyFromFile("/data/system/users/" + i + ajb.kj + CMK_MDM_FILE);
        String str = keyFromFile != null ? new String(keyFromFile) : null;
        if (str == null) {
            Log.d(TAG, "getPlainCMKWithMdm encCMK is null!!.");
            return null;
        }
        byte[] decode = Base64.decode(str, 0);
        byte[] aesDecrypt = aesDecrypt(decode, bArr, null);
        if (aesDecrypt == null) {
            Log.d(TAG, "getPlainCMKWithMdm CMK is null!!.");
            return null;
        }
        String str2 = new String(aesDecrypt);
        zeroOut(aesDecrypt);
        zeroOut(decode);
        return str2;
    }

    public String getOldPlainCMKWithPwd(int i, byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        byte[] keyFromFile = getKeyFromFile("/data/system/users/" + i + ajb.kj + CMK_PWD_FILE);
        String str = keyFromFile != null ? new String(keyFromFile) : null;
        if (str == null) {
            Log.d(TAG, "getPlainCMKWithPwd encCMK is null!!.");
            return null;
        }
        byte[] decode = Base64.decode(str, 0);
        byte[] aesDecrypt = aesDecrypt(decode, bArr, null);
        if (aesDecrypt == null) {
            Log.d(TAG, "getPlainCMKWithPwd CMK is null!!.");
            return null;
        }
        String str2 = new String(aesDecrypt);
        zeroOut(decode);
        zeroOut(aesDecrypt);
        return str2;
    }

    public boolean isCMKExists(int i, int i2) {
        switch (i2) {
            case 1:
                return isECMKPWDFileExists(i);
            case 2:
                return isECMKMDMFileExists(i);
            default:
                return false;
        }
    }

    public boolean isECMKMDMFileExists(int i) {
        File file = new File("/data/system/users/" + i + ajb.kj + CMK_MDM_FILE);
        return file != null && file.exists();
    }

    public boolean isECMKPWDFileExists(int i) {
        File file = new File("/data/system/users/" + i + ajb.kj + CMK_PWD_FILE);
        return file != null && file.exists();
    }

    public boolean isSkmm2Supported() {
        boolean isSuccess;
        Log.d(TAG, " inside isSkmm2Supported ");
        if (!this.mReady) {
            Log.e(TAG, "SDP Socket is not connected!!");
            waitForDaemonConnected();
        }
        synchronized (this.mSkmmLock) {
            DaemonConnector.Command command = new DaemonConnector.Command("keymanagement_cmd", new Object[0]);
            command.appendArg(SDP_SUB_CMD_IS_SKMM_SUPPORTED);
            command.appendArg(0);
            command.appendArg(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
            command.appendArg(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
            command.appendArg(0);
            isSuccess = isSuccess(command(command));
        }
        return isSuccess;
    }

    public void onDaemonConnected() {
        logD("onDaemonConnected() for socket sdp");
        this.mReady = true;
    }

    public boolean onEvent(int i, String str, String[] strArr) {
        logD("onEvent >> code: " + i + " raw: " + str);
        if (strArr != null) {
            int i2 = 0;
            for (String str2 : strArr) {
                logD("onEvent cooked[" + i2 + "] : " + str2);
                i2++;
            }
        }
        return false;
    }

    public boolean removeECMK(int i, int i2) {
        switch (i2) {
            case 1:
                if (isECMKPWDFileExists(i)) {
                    return new File("/data/system/users/" + i + ajb.kj + CMK_PWD_FILE).delete();
                }
                return true;
            case 2:
                if (isECMKMDMFileExists(i)) {
                    return new File("/data/system/users/" + i + ajb.kj + CMK_MDM_FILE).delete();
                }
                return true;
            default:
                Log.e(TAG, "removeECMK :: unknown type : " + i2);
                return false;
        }
    }

    public boolean removeKEK(int i, int i2) {
        switch (i2) {
            case 1:
                File file = new File("/data/system/users/" + i + ajb.kj + KEK_PWD_FILE);
                if (file == null || !file.exists()) {
                    return true;
                }
                return file.delete();
            case 2:
                File file2 = new File("/data/system/users/" + i + ajb.kj + KEK_MDM_FILE);
                if (file2 == null || !file2.exists()) {
                    return true;
                }
                return file2.delete();
            default:
                Log.e(TAG, "removeKEK :: unknown type : " + i2);
                return false;
        }
    }

    public String retrieveCMK(int i, String str, int i2) {
        Log.i(TAG, "retrieveCMK");
        switch (i2) {
            case 1:
                if (!isECMKPWDFileExists(i)) {
                    Log.e(TAG, "can't find ECMD_PWD");
                    return null;
                }
                byte[] verifyKEKPwd = verifyKEKPwd(i, str);
                if (verifyKEKPwd == null) {
                    Log.e(TAG, "invalid password");
                    return null;
                }
                String plainCMKWithPwd = getPlainCMKWithPwd(i, verifyKEKPwd);
                zeroOut(verifyKEKPwd);
                return plainCMKWithPwd;
            case 2:
                if (!isECMKMDMFileExists(i)) {
                    Log.e(TAG, "can't find ECMD_MDM");
                    return null;
                }
                byte[] verifyKEKMdm = verifyKEKMdm(i, str, true);
                if (verifyKEKMdm == null) {
                    Log.e(TAG, "invalid reset-token");
                    return null;
                }
                String plainCMKWithMdm = getPlainCMKWithMdm(i, verifyKEKMdm);
                zeroOut(verifyKEKMdm);
                return plainCMKWithMdm;
            default:
                Log.e(TAG, "unknown pw-type : " + i2);
                return null;
        }
    }

    public String retrieveCMK(int i, String str, int i2, int i3) {
        switch (i3) {
            case 16:
                return retrieveOldCMK(i, str, i2);
            case 32:
                return retrieveCMK(i, str, i2);
            default:
                Log.e(TAG, "unknown algo-type : " + i2);
                return null;
        }
    }

    public String retrieveOldCMK(int i, String str, int i2) {
        Log.i(TAG, "retrieveOldCMK");
        switch (i2) {
            case 1:
                if (!isECMKPWDFileExists(i)) {
                    Log.e(TAG, "can't find ECMD_PWD");
                    return null;
                }
                byte[] verifyKEKPwd = verifyKEKPwd(i, str);
                if (verifyKEKPwd == null) {
                    Log.e(TAG, "invalid password");
                    return null;
                }
                String oldPlainCMKWithPwd = getOldPlainCMKWithPwd(i, verifyKEKPwd);
                zeroOut(verifyKEKPwd);
                return oldPlainCMKWithPwd;
            case 2:
                if (!isECMKMDMFileExists(i)) {
                    Log.e(TAG, "can't find ECMD_MDM");
                    return null;
                }
                byte[] verifyKEKMdm = verifyKEKMdm(i, str, true);
                if (verifyKEKMdm == null) {
                    Log.e(TAG, "invalid reset-token");
                    return null;
                }
                String oldPlainCMKWithMdm = getOldPlainCMKWithMdm(i, verifyKEKMdm);
                zeroOut(verifyKEKMdm);
                return oldPlainCMKWithMdm;
            default:
                Log.e(TAG, "unknown pw-type : " + i2);
                return null;
        }
    }

    public boolean storeCMK(int i, String str, String str2, int i2) {
        Log.i(TAG, "storeCMK");
        switch (i2) {
            case 1:
                byte[] createKEKPwd = createKEKPwd(i, str2);
                if (createKEKPwd == null) {
                    Log.e(TAG, "can't create kek-pw");
                    return false;
                }
                boolean generateECMKWithPwd = generateECMKWithPwd(i, str, createKEKPwd);
                zeroOut(createKEKPwd);
                return generateECMKWithPwd;
            case 2:
                byte[] createKEKMdm = createKEKMdm(i, str2);
                if (createKEKMdm == null) {
                    Log.e(TAG, "can't create kek-rst_token");
                    return false;
                }
                boolean generateECMKWithMdm = generateECMKWithMdm(i, str, createKEKMdm);
                zeroOut(createKEKMdm);
                return generateECMKWithMdm;
            default:
                Log.e(TAG, "unknown pw-type : " + i2);
                return false;
        }
    }

    public byte[] verifyKEKMdm(int i, String str, boolean z) {
        byte[] bArr = null;
        Log.d(TAG, " inside verifyKEKMdm " + z);
        if (str != null) {
            if (!this.mReady) {
                Log.e(TAG, "SDP Socket is not connected!!");
                waitForDaemonConnected();
            }
            synchronized (this.mSkmmLock) {
                byte[] bytes = str.getBytes();
                String encodeToString = Base64.encodeToString(bytes, 0);
                DaemonConnector.Command command = new DaemonConnector.Command("keymanagement_cmd", new Object[0]);
                command.appendArg(SDP_SUB_CMD_VERIFY_KEK_MDM);
                command.appendArg(Integer.valueOf(i));
                command.appendArg(encodeToString);
                command.appendArg(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
                command.appendArg(Integer.valueOf(z ? 1 : 0));
                DaemonEvent command2 = command(command);
                if (isFailed(command2)) {
                    zeroOut(bytes);
                    zeroOut(encodeToString);
                } else {
                    String message = command2.getMessage();
                    zeroOut(bytes);
                    zeroOut(encodeToString);
                    bArr = Base64.decode(message, 0);
                    zeroOut(message);
                }
            }
        }
        return bArr;
    }

    public byte[] verifyKEKPwd(int i, String str) {
        byte[] bArr = null;
        Log.d(TAG, " inside verifyKEKPwd ");
        if (str != null) {
            if (!this.mReady) {
                Log.e(TAG, "SDP Socket is not connected!!");
                waitForDaemonConnected();
            }
            synchronized (this.mSkmmLock) {
                byte[] bytes = str.getBytes();
                String encodeToString = Base64.encodeToString(bytes, 0);
                DaemonConnector.Command command = new DaemonConnector.Command("keymanagement_cmd", new Object[0]);
                command.appendArg(SDP_SUB_CMD_VERIFY_KEK_PWD);
                command.appendArg(Integer.valueOf(i));
                command.appendArg(encodeToString);
                command.appendArg(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
                command.appendArg(0);
                DaemonEvent command2 = command(command);
                if (isFailed(command2)) {
                    zeroOut(bytes);
                    zeroOut(encodeToString);
                } else {
                    String message = command2.getMessage();
                    zeroOut(encodeToString);
                    zeroOut(bytes);
                    bArr = Base64.decode(message, 0);
                    zeroOut(message);
                }
            }
        }
        return bArr;
    }
}
