package com.zoho.authentication.util;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.text.TextUtils;
import android.util.Base64;
import com.zoho.authentication.model.EncryptedObject;
import com.zoho.authentication.model.SecretKeyObject;
import com.zoho.authentication.util.Constants;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Enumeration;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
public class EncryptionUtil {
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String ANDROID_OPEN_SSL = "AndroidOpenSSL";
    private static final int AUTHENTICATION_DURATION_SECONDS_FOR_CONFIRM_CREDENTIALS = 62;
    private static final String BLOCK_MODE_CBC = "CBC";
    private static final String BLOCK_MODE_ECB = "ECB";
    private static final String ENCRYPTION_PADDING_PKCS7 = "PKCS7Padding";
    private static final String ENCRYPTION_PADDING_RSA_PKCS1 = "PKCS1Padding";
    private static final String HASH_ALGORITHM_SHA_256 = "SHA-256";
    private static final int HASH_ITERATION_COUNT = 1000;
    private static final String KEY_ALGORITHM_AES = "AES";
    private static final String KEY_ALGORITHM_RSA = "RSA";
    private static final int SALT_LENGTH = 32;
    private static final String TAG = "EncryptionUtil";
    private Cipher mCipher;
    private KeyGenerator mKeyGenerator;
    private KeyStore mKeyStore;
    private final PersistenceUtil mPersistence;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.zoho.authentication.util.EncryptionUtil$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$zoho$authentication$util$AuthenticationMode;

        static {
            int[] iArr = new int[AuthenticationMode.values().length];
            $SwitchMap$com$zoho$authentication$util$AuthenticationMode = iArr;
            try {
                iArr[AuthenticationMode.FINGERPRINT.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$zoho$authentication$util$AuthenticationMode[AuthenticationMode.CONFIRM_CREDENTIALS.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$zoho$authentication$util$AuthenticationMode[AuthenticationMode.PIN_CODE.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* loaded from: classes2.dex */
    public static final class Builder {
        private PersistenceUtil persistence;

        public Builder(PersistenceUtil persistenceUtil) {
            this.persistence = persistenceUtil;
        }

        public EncryptionUtil build() {
            return new EncryptionUtil(this.persistence);
        }
    }

    EncryptionUtil(PersistenceUtil persistenceUtil) {
        this.mPersistence = persistenceUtil;
        initialiseCipher();
        if (Build.VERSION.SDK_INT >= 18) {
            if (Build.VERSION.SDK_INT >= 23) {
                initialiseKeyGenerator();
            }
            initialiseKeyStore();
        }
    }

    private void createKeyNonM(Context context, String str) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 1);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSubject(new X500Principal("CN=" + str)).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM_RSA, ANDROID_KEY_STORE);
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
    }

    private String decrypt(EncryptedObject encryptedObject, SecretKey secretKey) throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, IOException, KeyStoreException, InvalidAlgorithmParameterException, BadPaddingException, IllegalBlockSizeException, InvalidKeyException {
        if (encryptedObject == null || TextUtils.isEmpty(encryptedObject.getEncryptedPassphrase()) || TextUtils.isEmpty(encryptedObject.getEncrypterIV())) {
            return null;
        }
        byte[] decode = Base64.decode(encryptedObject.getEncrypterIV(), 0);
        byte[] decode2 = Base64.decode(encryptedObject.getEncryptedPassphrase(), 0);
        initialiseCipherForDecryption(secretKey, decode);
        try {
            return new String(this.mCipher.doFinal(decode2), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            log(TAG, e.getClass().getSimpleName(), e);
            return null;
        }
    }

    private EncryptedObject encrypt(String str, SecretKeyObject secretKeyObject) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
        SecretKey secretKey = secretKeyObject.getSecretKey();
        String salt = secretKeyObject.getSalt();
        initialiseCipherForEncryption(secretKey);
        byte[] iv = this.mCipher.getIV();
        byte[] bArr = new byte[0];
        try {
            bArr = str.getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
            log(TAG, e.getClass().getSimpleName(), e);
        }
        return new EncryptedObject(Base64.encodeToString(this.mCipher.doFinal(bArr), 0), Base64.encodeToString(iv, 0), salt);
    }

    private static byte[] generateHash(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(HASH_ALGORITHM_SHA_256);
            messageDigest.update(str.getBytes());
            for (int i = 0; i < 1000; i++) {
                messageDigest.update(messageDigest.digest());
            }
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            log(TAG, e.getClass().getSimpleName(), e);
            return null;
        }
    }

    private SecretKey generateKeyUsingPassphrase(char[] cArr, byte[] bArr) throws InvalidKeySpecException {
        SecretKeyFactory secretKeyFactory;
        try {
            secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
        } catch (NoSuchAlgorithmException e) {
            log(TAG, e.getClass().getSimpleName(), e);
            e.printStackTrace();
            secretKeyFactory = null;
        }
        return secretKeyFactory.generateSecret(new PBEKeySpec(cArr, bArr, 1000, 256));
    }

    private SecretKeyObject getNewSecretKeyUsingPin(String str) throws InvalidAlgorithmParameterException {
        if (TextUtils.isEmpty(str)) {
            StringBuilder sb = new StringBuilder();
            sb.append("Pin used to create secret key should not be ");
            sb.append(str == null ? "null" : "empty");
            throw new InvalidAlgorithmParameterException(sb.toString());
        }
        char[] charArray = str.toCharArray();
        byte[] salt = getSalt();
        try {
            return new SecretKeyObject(generateKeyUsingPassphrase(charArray, salt), Base64.encodeToString(salt, 0).trim());
        } catch (InvalidKeySpecException e) {
            log(TAG, e.getClass().getSimpleName(), e);
            throw new InvalidAlgorithmParameterException(e.getCause());
        }
    }

    private SecretKeyObject getOldSecretKeyUsingPin(String str) throws InvalidAlgorithmParameterException {
        if (TextUtils.isEmpty(str)) {
            StringBuilder sb = new StringBuilder();
            sb.append("Pin used to create secret key should not be ");
            sb.append(str != null ? "empty" : "null");
            throw new InvalidAlgorithmParameterException(sb.toString());
        }
        char[] charArray = str.toCharArray();
        String string = this.mPersistence.getString(Constants.PersistenceTags.SALT_TO_GENERATE_SECRETKEY, null);
        if (TextUtils.isEmpty(string)) {
            StringBuilder sb2 = new StringBuilder();
            sb2.append("Salt used to create secret key in persistence is ");
            sb2.append(string != null ? "empty" : "null");
            throw new InvalidAlgorithmParameterException(sb2.toString());
        }
        String trim = string.trim();
        try {
            return new SecretKeyObject(generateKeyUsingPassphrase(charArray, Base64.decode(trim, 0)), trim);
        } catch (InvalidKeySpecException e) {
            log(TAG, e.getClass().getSimpleName(), e);
            throw new InvalidAlgorithmParameterException(e.getCause());
        }
    }

    public static String hashSecret(String str) {
        return Base64.encodeToString(generateHash(str), 0).trim();
    }

    private void initialiseCipher() {
        try {
            this.mCipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            log(TAG, "Failed to get an instance of Cipher :" + e.getClass().getSimpleName(), e);
        }
    }

    private void initialiseKeyGenerator() {
        try {
            this.mKeyGenerator = KeyGenerator.getInstance(KEY_ALGORITHM_AES, ANDROID_KEY_STORE);
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            log(TAG, "Failed to get an instance of KeyGenerator : " + e.getClass().getSimpleName(), e);
        }
    }

    private void initialiseKeyStore() {
        try {
            this.mKeyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
        } catch (KeyStoreException e) {
            log(TAG, "Failed to get an instance of KeyStore :" + e.getClass().getSimpleName(), e);
        }
    }

    private static void log(String str, String str2, Exception exc) {
        AppAuthenticator.log(str, str2, exc);
    }

    public SecretKeyObject createSecretKeyForM(AuthenticationMode authenticationMode, String str) throws InvalidAlgorithmParameterException {
        int i = AnonymousClass1.$SwitchMap$com$zoho$authentication$util$AuthenticationMode[authenticationMode.ordinal()];
        if (i == 1) {
            this.mKeyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes(BLOCK_MODE_CBC).setUserAuthenticationRequired(true).setEncryptionPaddings(ENCRYPTION_PADDING_PKCS7).build());
            return new SecretKeyObject(this.mKeyGenerator.generateKey(), null);
        }
        if (i == 2) {
            this.mKeyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes(BLOCK_MODE_CBC).setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(62).setEncryptionPaddings(ENCRYPTION_PADDING_PKCS7).build());
            return new SecretKeyObject(this.mKeyGenerator.generateKey(), null);
        }
        if (i == 3) {
            this.mKeyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes(BLOCK_MODE_CBC).setEncryptionPaddings(ENCRYPTION_PADDING_PKCS7).build());
            return new SecretKeyObject(this.mKeyGenerator.generateKey(), null);
        }
        throw new InvalidAlgorithmParameterException(authenticationMode + " does not need to create secret key");
    }

    public String decryptForM(EncryptedObject encryptedObject, String str) throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, IOException, KeyStoreException, InvalidAlgorithmParameterException, BadPaddingException, InvalidKeyException, IllegalBlockSizeException {
        SecretKey secretKeyforM = getSecretKeyforM(str);
        if (secretKeyforM != null) {
            return decrypt(encryptedObject, secretKeyforM);
        }
        throw new KeyPermanentlyInvalidatedException("key missing from KeyStore");
    }

    public String decryptNonM(EncryptedObject encryptedObject, String str) throws CertificateException, NoSuchAlgorithmException, IOException, NoSuchPaddingException, NoSuchProviderException, InvalidKeyException, UnrecoverableEntryException, KeyStoreException {
        if (encryptedObject == null || TextUtils.isEmpty(encryptedObject.getEncryptedPassphrase())) {
            return null;
        }
        byte[] decode = Base64.decode(encryptedObject.getEncryptedPassphrase(), 0);
        this.mKeyStore.load(null);
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.mKeyStore.getEntry(str, null);
        if (privateKeyEntry == null) {
            return null;
        }
        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) privateKeyEntry.getPrivateKey();
        Cipher cipher = Build.VERSION.SDK_INT >= 23 ? Cipher.getInstance("RSA/ECB/PKCS1Padding") : Cipher.getInstance("RSA/ECB/PKCS1Padding", ANDROID_OPEN_SSL);
        cipher.init(2, rSAPrivateKey);
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(decode), cipher);
        ArrayList arrayList = new ArrayList();
        while (true) {
            int read = cipherInputStream.read();
            if (read == -1) {
                break;
            }
            arrayList.add(Byte.valueOf((byte) read));
        }
        int size = arrayList.size();
        byte[] bArr = new byte[size];
        for (int i = 0; i < size; i++) {
            bArr[i] = ((Byte) arrayList.get(i)).byteValue();
        }
        return new String(bArr, 0, size, Charset.forName("UTF-8"));
    }

    public String decryptWithPin(EncryptedObject encryptedObject, String str) throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, IOException, KeyStoreException, InvalidAlgorithmParameterException, BadPaddingException, InvalidKeyException, IllegalBlockSizeException {
        return decrypt(encryptedObject, new SecretKeySpec(getOldSecretKeyUsingPin(str).getSecretKey().getEncoded(), KEY_ALGORITHM_AES));
    }

    public boolean deleteAllSecretKeyInKeyStore() {
        if (Build.VERSION.SDK_INT < 18) {
            return false;
        }
        try {
            KeyStore keyStore = this.mKeyStore;
            if (keyStore == null) {
                return false;
            }
            keyStore.load(null);
            Enumeration<String> aliases = this.mKeyStore.aliases();
            while (aliases.hasMoreElements()) {
                this.mKeyStore.deleteEntry(aliases.nextElement());
            }
            return true;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            log(TAG, "Failed to delete SecretKey in KeyStore " + e.getClass().getSimpleName(), e);
            return false;
        }
    }

    public boolean deleteSecretKeyInKeyStore(String str) {
        if (Build.VERSION.SDK_INT < 18) {
            return false;
        }
        try {
            KeyStore keyStore = this.mKeyStore;
            if (keyStore == null) {
                return false;
            }
            keyStore.load(null);
            this.mKeyStore.deleteEntry(str);
            return true;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            log(TAG, "Failed to delete SecretKey in KeyStore " + e.getClass().getSimpleName(), e);
            return false;
        }
    }

    public EncryptedObject encryptForM(String str, AuthenticationMode authenticationMode, String str2) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
        return encrypt(str, createSecretKeyForM(authenticationMode, str2));
    }

    public EncryptedObject encryptNonM(String str, Context context, String str2) throws CertificateException, NoSuchAlgorithmException, IOException, NoSuchProviderException, InvalidAlgorithmParameterException, InvalidKeyException, NoSuchPaddingException, UnrecoverableEntryException, KeyStoreException {
        this.mKeyStore.load(null);
        createKeyNonM(context, str2);
        RSAPublicKey rSAPublicKey = (RSAPublicKey) ((KeyStore.PrivateKeyEntry) this.mKeyStore.getEntry(str2, null)).getCertificate().getPublicKey();
        Cipher cipher = Build.VERSION.SDK_INT >= 23 ? Cipher.getInstance("RSA/ECB/PKCS1Padding") : Cipher.getInstance("RSA/ECB/PKCS1Padding", ANDROID_OPEN_SSL);
        cipher.init(1, rSAPublicKey);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        cipherOutputStream.write(str.getBytes(Charset.forName("UTF-8")));
        cipherOutputStream.close();
        return new EncryptedObject(Base64.encodeToString(byteArrayOutputStream.toByteArray(), 0), "", "");
    }

    public EncryptedObject encryptWithPin(String str, String str2) throws InvalidAlgorithmParameterException, BadPaddingException, InvalidKeyException, IllegalBlockSizeException {
        return encrypt(str, getNewSecretKeyUsingPin(str2));
    }

    public Cipher getCipher() {
        return this.mCipher;
    }

    public byte[] getSalt() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    public SecretKey getSecretKeyforM(String str) throws CertificateException, NoSuchAlgorithmException, IOException, InvalidAlgorithmParameterException, UnrecoverableKeyException, KeyStoreException {
        this.mKeyStore.load(null);
        return (SecretKey) this.mKeyStore.getKey(str, null);
    }

    public void initialiseCipherForDecryption(SecretKey secretKey, byte[] bArr) throws InvalidAlgorithmParameterException, InvalidKeyException {
        this.mCipher.init(2, secretKey, new IvParameterSpec(bArr));
    }

    public void initialiseCipherForEncryption(SecretKey secretKey) throws InvalidKeyException {
        this.mCipher.init(1, secretKey);
    }
}
