package com.agilebits.onepassword.b5.crypto;

import android.text.TextUtils;
import com.agilebits.onepassword.support.Utils;
import de.rtner.misc.BinTools;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.spec.MGF1ParameterSpec;
import java.util.Arrays;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.ArrayUtils;
import org.jose4j.base64url.Base64Url;
import org.jose4j.jwe.AesGcmContentEncryptionAlgorithm;
import org.jose4j.jwe.ContentEncryptionParts;
import org.jose4j.jwe.kdf.PasswordBasedKeyDerivationFunction2;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jwx.HeaderParameterNames;
import org.jose4j.lang.JoseException;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class EncryptionUtilsB5 {
    public static final String ALG_PUBLIC_ENCR_CIPHER = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
    static final String ALG_RANDOM = "SHA1PRNG";
    static final String CTY = "b5+jwk+json";

    public static byte[] calculateAcctKeySha256(String str) throws B5EncryptionException {
        byte[] bArr = new byte[32];
        String replaceAll = str.toUpperCase().replaceAll("[^23456789ABCDEFGHJKLMNPQRSTVWXYZ]", "");
        String substring = replaceAll.substring(8);
        String substring2 = replaceAll.substring(2, 8);
        String substring3 = replaceAll.substring(0, 2);
        Utils.logEncryptionMsg("\n----calculateAcctKeySha256 from:" + replaceAll + "  -------\nkey:" + substring + "\nkeyId:" + substring2 + "\nkeyVersion:" + substring3);
        try {
            return doHKDFSha256(substring.getBytes("UTF-8"), substring3.getBytes("UTF-8"), substring2.getBytes("UTF-8"));
        } catch (UnsupportedEncodingException e) {
            throw new B5EncryptionException("Error on calculateAcctKeySha256", e.getMessage());
        }
    }

    private static byte[] decryptAes256Gcm(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws JoseException {
        BinTools.bin2hex(bArr3);
        return new AesGcmContentEncryptionAlgorithm.Aes256Gcm().decrypt(new ContentEncryptionParts(bArr4, bArr, bArr2), null, bArr3, null);
    }

    public static String decryptTraffic(String str, String str2, byte[] bArr) throws B5EncryptionException {
        try {
            JSONObject jSONObject = new JSONObject(str);
            String str3 = null;
            boolean z = false;
            if (!jSONObject.has("kid")) {
                str3 = "missing sessionId";
                z = true;
            } else if (!jSONObject.getString("kid").equals(str2)) {
                str3 = "Invalid sessionId expected:" + str2 + " got:" + jSONObject.getString("kid");
                z = true;
            }
            if (!jSONObject.has("data")) {
                str3 = "missing input data";
                z = true;
            }
            if (!jSONObject.has(HeaderParameterNames.INITIALIZATION_VECTOR)) {
                str3 = "missing iv";
                z = true;
            }
            if (!jSONObject.has("enc")) {
                str3 = "missing encryption algorithm";
                z = true;
            } else if (!jSONObject.getString("enc").equals("A256GCM")) {
                str3 = "unsupported encryption algorithm:" + jSONObject.getString("enc");
                z = true;
            }
            if (!jSONObject.has(HeaderParameterNames.CONTENT_TYPE)) {
                str3 = "missing cty";
                z = true;
            } else if (!jSONObject.getString(HeaderParameterNames.CONTENT_TYPE).equals(CTY)) {
                str3 = "unsupported cty:" + jSONObject.getString(HeaderParameterNames.CONTENT_TYPE);
                z = true;
            }
            if (z) {
                throw new B5EncryptionException("ERROR: invalid server sersponse", str3);
            }
            byte[] decode = Base64Url.decode(jSONObject.getString("data"));
            return new String(decryptAes256Gcm(Arrays.copyOfRange(decode, 0, decode.length - 16), Arrays.copyOfRange(decode, decode.length - 16, decode.length), bArr, Base64Url.decode(jSONObject.getString(HeaderParameterNames.INITIALIZATION_VECTOR))), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new B5EncryptionException("ERROR decryptingTraffic", "ERROR encryptTraffic: Unsupported encoding:" + e.getMessage());
        } catch (JoseException e2) {
            throw new B5EncryptionException("ERROR decryptingTraffic", "ERROR decryptTraffic: JoseException:" + e2.getMessage());
        } catch (JSONException e3) {
            throw new B5EncryptionException("ERROR decryptingTraffic", "ERROR decryptTraffic: Json Exception:" + e3.getMessage());
        }
    }

    public static String decryptWithPublicKey(String str, byte[] bArr) throws B5EncryptionException {
        MGF1ParameterSpec mGF1ParameterSpec;
        try {
            PrivateKey privateKey = PublicJsonWebKey.Factory.newPublicJwk(str).getPrivateKey();
            Cipher cipher = Cipher.getInstance(ALG_PUBLIC_ENCR_CIPHER);
            String optString = new JSONObject(str).optString("alg");
            if (TextUtils.isEmpty(optString)) {
                throw new Exception("alg not provied in private key:" + str);
            }
            if (optString.equalsIgnoreCase("RSA-OAEP-256")) {
                mGF1ParameterSpec = MGF1ParameterSpec.SHA256;
            } else {
                if (!optString.equalsIgnoreCase("RSA-OAEP")) {
                    throw new Exception("unknown public key algorithm:" + optString + " in" + str);
                }
                mGF1ParameterSpec = MGF1ParameterSpec.SHA1;
            }
            Utils.logEncryptionMsg("decryptWithPublicKey=> alg=" + optString + " hash=" + mGF1ParameterSpec.getDigestAlgorithm());
            cipher.init(2, privateKey, new OAEPParameterSpec(mGF1ParameterSpec.getDigestAlgorithm(), "MGF1", mGF1ParameterSpec, PSource.PSpecified.DEFAULT));
            String str2 = new String(cipher.doFinal(bArr), "UTF-8");
            Utils.logEncryptionMsg("decryptedWithPublicKey=>" + str2);
            return str2;
        } catch (Exception e) {
            throw new B5EncryptionException("ERROR decryptWithPublicKey", "ERROR decryptWithPublicKey:" + e.getMessage());
        }
    }

    public static String decryptWithSymmetricKey(byte[] bArr, byte[] bArr2, byte[] bArr3) throws B5EncryptionException {
        try {
            String str = new String(decryptAes256Gcm(Arrays.copyOfRange(bArr2, 0, bArr2.length - 16), Arrays.copyOfRange(bArr2, bArr2.length - 16, bArr2.length), bArr, bArr3), "UTF-8");
            Utils.logEncryptionMsg("decryptedWithSymmetricKey=>" + str);
            return str;
        } catch (Exception e) {
            throw new B5EncryptionException("Error on decryptWithSymmetricKey", "ERROR decryptWithSymmetricKey:" + e.getMessage());
        }
    }

    public static byte[] deriveUsingPBES2_HS256WithEnc(String str, String str2, byte[] bArr, int i, String str3) throws B5EncryptionException {
        Utils.logEncryptionMsg("======Calculating user key==========");
        try {
            byte[] derive = new PasswordBasedKeyDerivationFunction2("HmacSHA256").derive((str.toLowerCase(Locale.US) + ":" + str2).getBytes("UTF-8"), bArr, i, 32);
            byte[] calculateAcctKeySha256 = calculateAcctKeySha256(str3);
            byte[] bArr2 = new byte[32];
            for (int i2 = 0; i2 < bArr2.length; i2++) {
                bArr2[i2] = (byte) (calculateAcctKeySha256[i2] ^ derive[i2]);
            }
            Utils.logEncryptionMsg("USER ENCR KEY=>" + BinTools.bin2hex(bArr2));
            return bArr2;
        } catch (Exception e) {
            throw new B5EncryptionException(" Error in getUserEncryptionKey", e.getMessage());
        }
    }

    public static byte[] deriveUsingPBES2g_HS256WithEnc(String str, String str2, byte[] bArr, int i, String str3) throws B5EncryptionException {
        String lowerCase = str.toLowerCase(Locale.US);
        try {
            Utils.logEncryptionMsg("======getUserEncryptionKey==========");
            byte[] derive = new PasswordBasedKeyDerivationFunction2("HmacSHA256").derive(str2.getBytes("UTF-8"), doHKDFSha256(bArr, SupportedAlgorithms.ALG_PBKDF2.getBytes("UTF-8"), lowerCase.getBytes("UTF-8")), i, 32);
            byte[] calculateAcctKeySha256 = calculateAcctKeySha256(str3);
            byte[] bArr2 = new byte[32];
            for (int i2 = 0; i2 < bArr2.length; i2++) {
                bArr2[i2] = (byte) (calculateAcctKeySha256[i2] ^ derive[i2]);
            }
            Utils.logEncryptionMsg("USER ENCR KEY=>" + BinTools.bin2hex(bArr2));
            return bArr2;
        } catch (Exception e) {
            throw new B5EncryptionException(" Error in getUserEncryptionKey", e.getMessage());
        }
    }

    public static byte[] doHKDFSha256(byte[] bArr, byte[] bArr2, byte[] bArr3) throws B5EncryptionException {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr3, "HmacSHA256");
            Mac mac = Mac.getInstance(secretKeySpec.getAlgorithm());
            mac.init(secretKeySpec);
            byte[] doFinal = mac.doFinal(bArr);
            mac.reset();
            mac.init(new SecretKeySpec(doFinal, "HmacSHA256"));
            mac.update(bArr2, 0, bArr2.length);
            return mac.doFinal(new byte[]{1});
        } catch (Exception e) {
            throw new B5EncryptionException("ERROR calculateAcctKeySha256", "ERROR calculateAcctKeySha256:" + e.getMessage());
        }
    }

    public static String encryptAes256Gcm(String str, byte[] bArr, String str2) throws B5EncryptionException {
        try {
            byte[] generateRandomIvec = generateRandomIvec();
            ContentEncryptionParts encrypt = new AesGcmContentEncryptionAlgorithm.Aes256Gcm().encrypt(str.getBytes("UTF-8"), null, bArr, generateRandomIvec);
            String encode = Base64Url.encode(ArrayUtils.addAll(encrypt.getCiphertext(), encrypt.getAuthenticationTag()));
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("data", encode);
            jSONObject.put(HeaderParameterNames.CONTENT_TYPE, CTY);
            jSONObject.put("enc", "A256GCM");
            jSONObject.put(HeaderParameterNames.INITIALIZATION_VECTOR, Base64Url.encode(generateRandomIvec));
            jSONObject.put("kid", str2);
            Utils.logEncryptionMsg("ivec=>" + BinTools.bin2hex(generateRandomIvec) + "\nraw key=>" + BinTools.bin2hex(bArr) + "\nsessionId=>" + str2 + "\nencryptTraffic output=>" + jSONObject.toString());
            return jSONObject.toString();
        } catch (UnsupportedEncodingException e) {
            e = e;
            throw new B5EncryptionException("ERROR encryptTraffic", "ERROR encryptTraffic: Unsupported encoding:" + e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            throw new B5EncryptionException("ERROR encryptTraffic", "ERROR encryptTraffic: NoSuchAlgorithmException:" + e2.getMessage());
        } catch (JoseException e3) {
            e = e3;
            throw new B5EncryptionException("ERROR encryptTraffic", "ERROR encryptTraffic: Unsupported encoding:" + e.getMessage());
        } catch (JSONException e4) {
            throw new B5EncryptionException("ERROR encryptTraffic", "ERROR encryptTraffic: Json Exception:" + e4.getMessage());
        }
    }

    public static String encryptTraffic(String str, String str2, byte[] bArr) throws B5EncryptionException {
        Utils.logEncryptionMsg("encryptTraffic  with sessionId (" + str2 + ") RAWKEY=>" + BinTools.bin2hex(bArr) + "\n data=>" + str);
        return encryptAes256Gcm(str, bArr, str2);
    }

    public static byte[] generateRandomIvec() throws NoSuchAlgorithmException {
        byte[] bArr = new byte[12];
        SecureRandom.getInstance(ALG_RANDOM).nextBytes(bArr);
        return bArr;
    }

    public static String getPrivateKey(byte[] bArr, byte[] bArr2, byte[] bArr3) throws B5EncryptionException {
        try {
            Utils.logEncryptionMsg("======decrypting private key (A256GCM)==========");
            byte[] decryptAes256Gcm = decryptAes256Gcm(Arrays.copyOfRange(bArr, 0, bArr.length - 16), Arrays.copyOfRange(bArr, bArr.length - 16, bArr.length), bArr2, bArr3);
            Utils.logEncryptionMsg("Decrypted private key=>" + new String(decryptAes256Gcm, "UTF-8"));
            return new String(decryptAes256Gcm, "UTF-8");
        } catch (Exception e) {
            throw new B5EncryptionException("ERROR on getPrivateKey", "ERROR getPrivateKey:" + e.getMessage());
        }
    }

    public static String getSymmetricKey(String str, byte[] bArr) throws B5EncryptionException {
        Utils.logEncryptionMsg("======decrypting symmetric key ===\n" + str + "\n==========");
        return decryptWithPublicKey(str, bArr);
    }

    public static String getSymmetricKey(byte[] bArr, byte[] bArr2, byte[] bArr3) throws B5EncryptionException {
        Utils.logEncryptionMsg("======decrypting symmetric key (A256GCM)==========");
        return decryptWithSymmetricKey(bArr, bArr2, bArr3);
    }
}
