package com.sec.knox.container.util;

import android.content.Context;
import android.content.pm.IPersonaFileHandler;
import android.content.pm.PersonaNewEvent;
import android.os.Binder;
import android.os.PersonaManager;
import android.os.RemoteException;
import android.os.ServiceManager;
import android.os.SystemProperties;
import android.service.tima.ITimaService;
import android.util.Log;
import com.samsung.android.spaytzsvc.api.TACommands;
import com.sec.enterprise.knox.vpn.KnoxVpnPolicyConstants;
import com.sec.tima.keystore.util.Utility;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.SecureRandom;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public class KnoxFileHandler extends IPersonaFileHandler.Stub {
    private static final int ECRYPTFS_KEY_LENGTH = 32;
    private static final int MAX_LENGTH = 16;
    private static final int MAX_SALT_LENGTH = 32;
    static final String TAG = "KnoxFileHandler";
    static final String TIMA_TAG = "KnoxFileHandler.tima";
    private Context mContext;
    EnterprisePartitionManager mEpm;
    private String mTimaVersion = "N/A";
    private static String TIMA_KEYSTORE_NAME = "FipsTimaKeyStore";
    private static String KEYSTORE_FILE_PATH = "/data/system/container/key";
    private static String ALIAS_NAME = "ecryptfsKey";
    private static boolean timaVersion20 = false;
    private static final boolean DEBUG = "eng".equals(SystemProperties.get("ro.build.type"));

    public KnoxFileHandler(Context context) {
        this.mContext = null;
        this.mEpm = null;
        this.mEpm = EnterprisePartitionManager.getInstance(context);
        this.mContext = context;
        updateTimaVersion();
        if (timaVersion20) {
            Log.d(TAG, "KnoxFileHandler: TimaVersion is 2.0 ? --- > " + timaVersion20);
        }
    }

    private void checkTimaError(int i, int i2) {
        switch (i2) {
            case TACommands.Init.TZ_COMMON_INIT_ERROR_TAMPER_FUSE_FAIL /* 65548 */:
            case TACommands.Init.TZ_COMMON_INIT_MSR_MISMATCH /* 65549 */:
            case TACommands.Init.TZ_COMMON_INIT_MSR_MODIFIED /* 65550 */:
            case 65551:
                Log.d(TIMA_TAG, "Setting to KNOX_STATE_TIMA_COMPROMISED.....");
                setTimaCompromisedState(i);
                return;
            default:
                return;
        }
    }

    private boolean checkTimaStatus(int i) {
        int timaStatus = getTimaStatus();
        boolean z = timaStatus == 0;
        if (DEBUG) {
            Log.d(TIMA_TAG, "checkTimaStatus() - Version " + this.mTimaVersion + ", Status" + timaStatus + ", Validation : " + z);
        }
        checkTimaError(i, timaStatus);
        return z;
    }

    /* JADX WARN: Removed duplicated region for block: B:17:? A[RETURN, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:9:0x008e A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void deleteEcryptFSKey(int r7, boolean r8) {
        /*
            Method dump skipped, instructions count: 616
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sec.knox.container.util.KnoxFileHandler.deleteEcryptFSKey(int, boolean):void");
    }

    private byte[] generateEcryptfsKey(String str) {
        if (str == null) {
            return null;
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(generateSalt(), "HmacSHA256");
            Mac mac = Mac.getInstance("HmacSHA256", "AndroidOpenSSL");
            mac.init(secretKeySpec);
            return mac.doFinal(str.getBytes());
        } catch (Exception e) {
            e.printStackTrace();
            Log.e(TAG, "Error inside generateCMK ");
            return null;
        }
    }

    private byte[] generateSalt() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private KeyStore.ProtectionParameter getEntryPassword(int i) {
        String str = i + "";
        if (str.length() <= 0) {
            return null;
        }
        char[] charArray = str.toCharArray();
        Log.d(TAG, "Returning key password");
        return new KeyStore.PasswordProtection(charArray);
    }

    private PersonaManager getPersonaManager() {
        return (PersonaManager) this.mContext.getSystemService("persona");
    }

    private KeyStore getTimaKeyStore() throws Exception, KeyStoreException {
        if (this.mTimaVersion.matches("N/A")) {
            updateTimaVersion();
        }
        String timaKeyStoreName = getTimaKeyStoreName();
        try {
            KeyStore keyStore = KeyStore.getInstance(timaKeyStoreName);
            keyStore.load(null);
            return keyStore;
        } catch (KeyStoreException e) {
            if (DEBUG) {
                Log.d(TIMA_TAG, "Failed to get TKS instance..." + timaKeyStoreName);
            }
            throw e;
        } catch (Exception e2) {
            if (DEBUG) {
                Log.d(TIMA_TAG, "Failed to load TKS instance..." + timaKeyStoreName);
            }
            throw e2;
        }
    }

    private String getTimaKeyStoreName() {
        String str = "N/A";
        String str2 = this.mTimaVersion;
        char c = 65535;
        switch (str2.hashCode()) {
            case -132918929:
                if (str2.equals("FIPS3.0")) {
                    c = 1;
                    break;
                }
                break;
            case 50485:
                if (str2.equals("3.0")) {
                    c = 0;
                    break;
                }
                break;
        }
        switch (c) {
            case 0:
                str = "TIMAKeyStore";
                break;
            case 1:
                str = "FipsTimaKeyStore";
                break;
        }
        if (DEBUG) {
            Log.d(TIMA_TAG, "getTimaKeyStoreName() - Version : " + this.mTimaVersion + ", Name : " + str);
        }
        return str;
    }

    private ITimaService getTimaService() {
        return ITimaService.Stub.asInterface(ServiceManager.getService("tima"));
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    private int getTimaStatus() {
        char c = 1;
        int i = -1;
        if (this.mTimaVersion.matches("N/A")) {
            updateTimaVersion();
        }
        try {
            String str = this.mTimaVersion;
            switch (str.hashCode()) {
                case -132918929:
                    if (str.equals("FIPS3.0")) {
                        c = 2;
                        break;
                    }
                    c = 65535;
                    break;
                case 49524:
                    if (str.equals(KnoxVpnPolicyConstants.NEW_FW)) {
                        c = 0;
                        break;
                    }
                    c = 65535;
                    break;
                case 50485:
                    if (str.equals("3.0")) {
                        break;
                    }
                    c = 65535;
                    break;
                default:
                    c = 65535;
                    break;
            }
            switch (c) {
                case 0:
                    i = getTimaService().keystoreInit();
                    getTimaService().keystoreShutdown();
                    break;
                case 1:
                    i = getTimaService().KeyStore3_init();
                    break;
                case 2:
                    i = getTimaService().FipsKeyStore3_init(true);
                    break;
                default:
                    if (DEBUG) {
                        Log.d(TIMA_TAG, "getTimaStatus() - Unknown Tima Version... " + this.mTimaVersion);
                        break;
                    }
                    break;
            }
        } catch (RemoteException e) {
            Log.d(TIMA_TAG, "getTimaStatus() - Failed to access to tima service...");
        } catch (Exception e2) {
            Log.d(TIMA_TAG, "getTimaStatus() - Failed due to unexpected error...");
        }
        if (DEBUG) {
            Log.d(TIMA_TAG, "getTimaStatus() - Tima Status : " + i);
        }
        return i;
    }

    private boolean isFileSystemEncrypted(int i) {
        return true;
    }

    private String retrieveEcryptFSKey(int i, boolean z, int i2) {
        KeyStore keyStore;
        String str;
        String str2 = null;
        Log.d(TAG, "retrieveEcryptFSKey enter");
        if (DEBUG) {
            Log.d(TAG, "retrieveEcryptFSKey-> isTimaEnabled :" + z);
        }
        if (!z) {
            return null;
        }
        String str3 = this.mTimaVersion;
        if ("N/A".equals(str3)) {
            updateTimaVersion();
        }
        if (timaVersion20) {
            return retrieveEcryptFSKeyForTima20(i, i2);
        }
        try {
            if (!checkTimaStatus(i)) {
                return null;
            }
            try {
                keyStore = getTimaKeyStore();
                try {
                    if (keyStore.isKeyEntry(ALIAS_NAME + i)) {
                        KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore.getEntry(ALIAS_NAME + i, getEntryPassword(i));
                        if (secretKeyEntry != null) {
                            str = android.util.Base64.encodeToString(secretKeyEntry.getSecretKey().getEncoded(), 0);
                            try {
                                if (DEBUG) {
                                    Log.d(TAG, "Found key : " + ALIAS_NAME + i + " from TIMA keystore");
                                }
                            } catch (KeyStoreException e) {
                                str2 = str;
                                e = e;
                                e.printStackTrace();
                                if (keyStore != null) {
                                    return str2;
                                }
                                Log.d(TAG, "retrieveEcryptFSKey :: Null keystore...");
                                return str2;
                            } catch (Exception e2) {
                                str2 = str;
                                e = e2;
                                e.printStackTrace();
                                if (keyStore != null) {
                                    return str2;
                                }
                                Log.d(TAG, "retrieveEcryptFSKey :: Null keystore...");
                                return str2;
                            }
                        } else {
                            if (DEBUG) {
                                Log.d(TAG, "key " + ALIAS_NAME + i + " entry is null in TIMA keystore");
                            }
                            str = null;
                        }
                        str2 = str;
                    } else if (DEBUG) {
                        Log.d(TAG, "key not found : " + ALIAS_NAME + i + " in TIMA keystore");
                    }
                    if (keyStore != null) {
                        return str2;
                    }
                    Log.d(TAG, "retrieveEcryptFSKey :: Null keystore...");
                    return str2;
                } catch (KeyStoreException e3) {
                    e = e3;
                } catch (Exception e4) {
                    e = e4;
                }
            } catch (KeyStoreException e5) {
                e = e5;
                keyStore = null;
            } catch (Exception e6) {
                e = e6;
                keyStore = null;
            } catch (Throwable th) {
                th = th;
                str3 = null;
                if (str3 == null) {
                    Log.d(TAG, "retrieveEcryptFSKey :: Null keystore...");
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private String retrieveEcryptFSKeyForTima20(int i, int i2) {
        byte[] keystoreRetrieveKey;
        String str = null;
        byte[] bArr = new byte[32];
        long clearCallingIdentity = Binder.clearCallingIdentity();
        ITimaService timaService = getTimaService();
        try {
            if (timaService != null) {
                int keystoreInit = timaService.keystoreInit();
                Log.d(TAG, "retrieveEcryptFSKeyForTima20 errorCode " + keystoreInit);
                if (keystoreInit == 0 && i2 != -1 && (keystoreRetrieveKey = timaService.keystoreRetrieveKey(i2)) != null && keystoreRetrieveKey[0] == 0) {
                    System.arraycopy(keystoreRetrieveKey, 1, bArr, 0, 32);
                    str = android.util.Base64.encodeToString(bArr, 0);
                }
                timaService.keystoreShutdown();
            }
        } catch (RemoteException e) {
            e.printStackTrace();
        } finally {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        }
        return str;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:32:0x0105  */
    /* JADX WARN: Removed duplicated region for block: B:34:0x018c  */
    /* JADX WARN: Removed duplicated region for block: B:59:0x00fb A[Catch: RemoteException -> 0x016e, Exception -> 0x0194, TRY_ENTER, TRY_LEAVE, TryCatch #10 {RemoteException -> 0x016e, Exception -> 0x0194, blocks: (B:59:0x00fb, B:66:0x0166), top: B:43:0x0084 }] */
    /* JADX WARN: Removed duplicated region for block: B:75:0x017b A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Type inference failed for: r0v13, types: [boolean] */
    /* JADX WARN: Type inference failed for: r0v14 */
    /* JADX WARN: Type inference failed for: r0v16 */
    /* JADX WARN: Type inference failed for: r0v20 */
    /* JADX WARN: Type inference failed for: r0v24 */
    /* JADX WARN: Type inference failed for: r0v26 */
    /* JADX WARN: Type inference failed for: r0v27 */
    /* JADX WARN: Type inference failed for: r0v30 */
    /* JADX WARN: Type inference failed for: r0v38 */
    /* JADX WARN: Type inference failed for: r0v39 */
    /* JADX WARN: Type inference failed for: r0v51, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r0v62 */
    /* JADX WARN: Type inference failed for: r0v63 */
    /* JADX WARN: Type inference failed for: r0v64 */
    /* JADX WARN: Type inference failed for: r0v65 */
    /* JADX WARN: Type inference failed for: r0v8 */
    /* JADX WARN: Type inference failed for: r0v9 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String retrieveEcryptFSPwd(int r11, boolean r12, int r13) {
        /*
            Method dump skipped, instructions count: 443
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sec.knox.container.util.KnoxFileHandler.retrieveEcryptFSPwd(int, boolean, int):java.lang.String");
    }

    private void setFsErrorState(int i) {
        Log.d(TAG, "setFsErrorState is called..");
        PersonaManager personaManager = getPersonaManager();
        if (personaManager != null) {
            personaManager.setFsMountState(i, false);
        }
    }

    private void setFsSuccessState(int i) {
        Log.d(TAG, "setFsSuccessState is called..");
        PersonaManager personaManager = getPersonaManager();
        if (personaManager != null) {
            personaManager.setFsMountState(i, true);
        }
    }

    private void setTimaCompromisedState(int i) {
        Log.d(TAG, "setTimaCompromisedState is called..");
        PersonaManager personaManager = getPersonaManager();
        if (personaManager != null) {
            personaManager.getStateManager(i).fireEvent(PersonaNewEvent.TIMA_COMPROMISED);
        }
    }

    private boolean storeEcryptFSKey(int i, byte[] bArr, boolean z) {
        Log.d(TAG, "storeEcryptFSKey enter");
        boolean z2 = false;
        if (DEBUG) {
            Log.d(TAG, "storeEcryptFSKey->  isTimaEnabled :" + z);
        }
        if (z && checkTimaStatus(i)) {
            try {
                try {
                    try {
                        KeyStore timaKeyStore = getTimaKeyStore();
                        if (bArr != null) {
                            timaKeyStore.setEntry(ALIAS_NAME + i, new KeyStore.SecretKeyEntry(new SecretKeySpec(bArr, "")), getEntryPassword(i));
                            if (DEBUG) {
                                Log.d(TAG, "Succesfully saved key " + ALIAS_NAME + i + " inside TIMA keystore");
                            }
                            z2 = true;
                        } else {
                            Log.e(TAG, "Illegal argument for TIMA keystore");
                        }
                        if (timaKeyStore == null) {
                            Log.e(TAG, "storeEcryptFSKey :: Null keystore...");
                        }
                    } catch (KeyStoreException e) {
                        e.printStackTrace();
                        if (0 == 0) {
                            Log.e(TAG, "storeEcryptFSKey :: Null keystore...");
                        }
                    }
                } catch (Exception e2) {
                    e2.printStackTrace();
                    if (0 == 0) {
                        Log.e(TAG, "storeEcryptFSKey :: Null keystore...");
                    }
                }
            } catch (Throwable th) {
                if (0 == 0) {
                    Log.e(TAG, "storeEcryptFSKey :: Null keystore...");
                }
                throw th;
            }
        }
        return z2;
    }

    private boolean storeEcryptfsKeyForTima20(int i, byte[] bArr, int i2) {
        ITimaService timaService = getTimaService();
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
        } catch (RemoteException e) {
            e.printStackTrace();
        } finally {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        }
        if (timaService == null) {
            Log.d(TAG, "storeEcryptfsKeyForTima20 failed returning false");
            return false;
        }
        int keystoreInit = timaService.keystoreInit();
        Log.d(TAG, "storeEcryptfsKeyForTima20 errorCode " + keystoreInit);
        if (keystoreInit == 0 && i2 != -1) {
            timaService.keystoreInstallKey(i2, bArr);
        }
        timaService.keystoreShutdown();
        return true;
    }

    private void updateTimaVersion() {
        this.mTimaVersion = "N/A";
        if (getTimaService() != null) {
            try {
                timaVersion20 = KnoxVpnPolicyConstants.NEW_FW.equals(getTimaService().getTimaVersion());
                if (timaVersion20) {
                    this.mTimaVersion = KnoxVpnPolicyConstants.NEW_FW;
                } else if (Utility.isFipsTimaEnabled()) {
                    this.mTimaVersion = "FIPS3.0";
                } else {
                    this.mTimaVersion = "3.0";
                }
            } catch (RemoteException e) {
                Log.e(TIMA_TAG, "updateTimaVersion() : Unable to get tima version", e);
            }
            if (DEBUG) {
                Log.d(TIMA_TAG, "updateTimaVersion() - Tima Version : " + this.mTimaVersion);
            }
        }
    }

    public boolean changeEncryptionKey(int i, String str, String str2, boolean z, int i2) {
        return true;
    }

    public boolean createPartition(int i, String str, boolean z, int i2) throws RemoteException {
        if (str == null) {
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            str = android.util.Base64.encodeToString(bArr, 0).substring(0, 16);
        } else {
            Log.d(TAG, "createPartition : password with password");
        }
        byte[] generateEcryptfsKey = generateEcryptfsKey(str);
        if (generateEcryptfsKey == null || !this.mEpm.createPartition(i, 1)) {
            Log.d(TAG, "createPartition : mEpm.createPartition failed...");
            return false;
        }
        Log.d(TAG, "Knox persona partition successfully created..");
        if ("N/A".equals(this.mTimaVersion)) {
            updateTimaVersion();
        }
        if (timaVersion20 ? storeEcryptfsKeyForTima20(i, generateEcryptfsKey, i2) : storeEcryptFSKey(i, generateEcryptfsKey, z)) {
            return true;
        }
        Log.d(TAG, "createPartition : secretkey not saved successfully. Removing partition");
        removePartition(i, z);
        return false;
    }

    public boolean isEncrypted(int i) throws RemoteException {
        return isFileSystemEncrypted(i);
    }

    public boolean isMounted(int i) {
        if (isFileSystemEncrypted(i)) {
            return this.mEpm.isMounted(i);
        }
        Log.d(TAG, "Unmounting failed.., file system not encrypted!!");
        return false;
    }

    public boolean migrateEcryptFSKey(int i, boolean z, int i2) {
        boolean z2 = false;
        if (z) {
            byte[] ecryptfsKeySkmm1 = KeyManagementUtil.getInstance().getEcryptfsKeySkmm1(i, retrieveEcryptFSPwd(i, z, i2));
            if (ecryptfsKeySkmm1 != null) {
                if ("N/A".equals(this.mTimaVersion)) {
                    updateTimaVersion();
                }
                z2 = timaVersion20 ? storeEcryptfsKeyForTima20(i, ecryptfsKeySkmm1, i2) : storeEcryptFSKey(i, ecryptfsKeySkmm1, z);
            } else {
                Log.e(TAG, "Failed to get eCryptfs password OR fekek!!");
            }
        }
        Log.d(TAG, "eCryptfs key migration status: " + z2);
        return z2;
    }

    public boolean migrateTimaEcryptFSKey(int i, boolean z, int i2, int i3) {
        boolean storeEcryptFSKey;
        boolean z2 = false;
        if (z) {
            String str = null;
            try {
                if (2 > i3) {
                    ITimaService timaService = getTimaService();
                    if (timaService != null) {
                        int keystoreInit = timaService.keystoreInit();
                        if (keystoreInit != 0 || i2 == -1) {
                            Log.d(TAG, "retrieveEcryptFSPwdForTima20 errorCode " + keystoreInit);
                        } else {
                            byte[] bArr = new byte[16];
                            byte[] keystoreRetrieveKey = timaService.keystoreRetrieveKey(i2);
                            if (keystoreRetrieveKey != null && keystoreRetrieveKey[0] == 0) {
                                System.arraycopy(keystoreRetrieveKey, 1, bArr, 0, 16);
                                str = new String(bArr);
                            }
                        }
                        timaService.keystoreShutdown();
                        if (str != null) {
                            storeEcryptFSKey = storeEcryptFSKey(i, KeyManagementUtil.getInstance().getEcryptfsKeySkmm1(i, str), z);
                        }
                    }
                    storeEcryptFSKey = false;
                } else {
                    String retrieveEcryptFSKeyForTima20 = retrieveEcryptFSKeyForTima20(i, i2);
                    if (retrieveEcryptFSKeyForTima20 != null) {
                        storeEcryptFSKey = storeEcryptFSKey(i, android.util.Base64.decode(retrieveEcryptFSKeyForTima20, 0), z);
                    }
                    storeEcryptFSKey = false;
                }
                z2 = storeEcryptFSKey;
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        Log.d(TAG, "eCryptfs key migration for tima status: " + z2);
        return z2;
    }

    public boolean mount(int i, String str, boolean z, int i2) throws RemoteException {
        return mountFS(i, str, z, i2, false);
    }

    public boolean mountFS(int i, String str, boolean z, int i2, boolean z2) throws RemoteException {
        String retrieveEcryptFSKey = retrieveEcryptFSKey(i, z, i2);
        if (retrieveEcryptFSKey == null) {
            if (z) {
                checkTimaError(i, getTimaStatus());
                setFsErrorState(i);
            }
            return false;
        }
        boolean mount = this.mEpm.mount(i, retrieveEcryptFSKey, z2, 1);
        if (mount) {
            setFsSuccessState(i);
            return mount;
        }
        setFsErrorState(i);
        return mount;
    }

    public boolean mountOldContainer(String str, String str2, String str3, int i, int i2) {
        return this.mEpm.mountOldContainer(str, str2, str3, i, i2);
    }

    public boolean preMount() {
        return this.mEpm.preMount();
    }

    public boolean removePartition(int i, boolean z) throws RemoteException {
        if (!isFileSystemEncrypted(i)) {
            Log.d(TAG, "remove partition failed.., file system not encrypted!!");
            return false;
        }
        if (!timaVersion20) {
            deleteEcryptFSKey(i, z);
        }
        return this.mEpm.removePartition(i, 1);
    }

    public boolean syncFS(int i, int i2) {
        return this.mEpm.syncFS(i, i2);
    }

    public boolean unmount(int i) throws RemoteException {
        if (isFileSystemEncrypted(i)) {
            return this.mEpm.unmount(i, 1);
        }
        Log.d(TAG, "Unmounting failed.., file system not encrypted!!");
        return false;
    }

    public boolean unmountOldContainer(String str) {
        return this.mEpm.unmountOldContainer(str);
    }
}
