package com.agilebits.onepassword.wifi.encryption;

import android.text.TextUtils;
import com.agilebits.onepassword.support.Base64;
import com.agilebits.onepassword.support.BinTools;
import com.agilebits.onepassword.support.CommonConstants;
import com.agilebits.onepassword.support.Utils;
import com.agilebits.onepassword.wifi.sync.CommunicationException;
import java.io.ByteArrayOutputStream;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.jose4j.jwe.kdf.PasswordBasedKeyDerivationFunction2;
import org.jose4j.keys.AesKey;
import org.jose4j.lang.JoseException;
import org.jose4j.mac.MacUtil;
import org.json.JSONArray;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class EncryptionUtils {
    public static final int BLOCK_SIZE = 16;
    public static final String CIPHER_ALGORITHM_GCM_NOPADDING = "AES/GCM/NoPadding";
    public static final String CIPHER_ALGORITHM_NOPADDING = "AES/CBC/NoPadding";
    public static final String CIPHER_ALGORITHM_PADDING = "AES/CBC/PKCS7Padding";

    private static byte[] calculateHmac(JSONObject jSONObject, byte[] bArr) throws Exception {
        byte[] hashSHA512 = getHashSHA512(bArr);
        Mac mac = Mac.getInstance(MacUtil.HMAC_SHA256);
        mac.init(new SecretKeySpec(copyOfRange(hashSHA512, 32, hashSHA512.length), mac.getAlgorithm()));
        JSONArray names = jSONObject.names();
        int length = names.length();
        String[] strArr = new String[length];
        for (int i = 0; i < names.length(); i++) {
            strArr[i] = names.getString(i);
        }
        Arrays.sort(strArr);
        for (int i2 = 0; i2 < length; i2++) {
            String str = strArr[i2];
            if (!str.equals("hmac")) {
                String string = jSONObject.getString(str);
                if (string.equalsIgnoreCase("true")) {
                    string = "1";
                } else if (string.equalsIgnoreCase("false")) {
                    string = "0";
                }
                mac.update(str.getBytes(CommonConstants.UTF_8));
                mac.update(string.getBytes(CommonConstants.UTF_8));
            }
        }
        return mac.doFinal();
    }

    private static byte[] calculateRFC2104HMAC256(byte[] bArr, byte[] bArr2) throws SignatureException {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, AesKey.ALGORITHM);
            Mac mac = Mac.getInstance(MacUtil.HMAC_SHA256);
            mac.init(secretKeySpec);
            return mac.doFinal(bArr);
        } catch (Exception e) {
            throw new SignatureException("Failed to generate HMAC : " + Utils.getExceptionName(e));
        }
    }

    public static void checkFormat(byte[] bArr) throws EncryptionException {
        if (!Arrays.equals("opdata01".getBytes(), copyOfRange(bArr, 0, 8))) {
            throw new EncryptionException("not opdata01 format !!!");
        }
    }

    public static byte[] copyOfRange(byte[] bArr, int i, int i2) {
        int i3 = i2 - i;
        if (i3 >= 0) {
            byte[] bArr2 = new byte[i3];
            System.arraycopy(bArr, i, bArr2, 0, Math.min(bArr.length - i, i3));
            return bArr2;
        }
        throw new IllegalArgumentException(i + " > " + i2);
    }

    public static byte[] decrypItemKey(byte[] bArr, byte[] bArr2) throws EncryptionException {
        int geIntFromSwappedBa = geIntFromSwappedBa(copyOfRange(bArr, 8, 16));
        byte[] copyOfRange = copyOfRange(bArr, 0, 16);
        int i = geIntFromSwappedBa / 16;
        try {
            byte[] hashSHA512 = getHashSHA512(bArr2);
            byte[] copyOfRange2 = copyOfRange(hashSHA512, 0, 32);
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM_NOPADDING);
            cipher.init(2, new SecretKeySpec(copyOfRange2, CIPHER_ALGORITHM_NOPADDING), new IvParameterSpec(copyOfRange, 0, copyOfRange.length));
            byte[] doFinal = cipher.doFinal(copyOfRange(bArr, 16, bArr.length - 32));
            if (validateHmacForDecryption(bArr, hashSHA512)) {
                return doFinal;
            }
            throw new EncryptionException("cannot validate HMAC");
        } catch (EncryptionException e) {
            throw e;
        } catch (Exception e2) {
            throw new EncryptionException("decryptWithPBKDEF2 error (" + e2.getClass().getSimpleName() + ") :" + Utils.getExceptionName(e2));
        }
    }

    private static String decryptData(byte[] bArr, byte[] bArr2, boolean z) throws EncryptionException {
        return new String(decryptDataAsBa(bArr, bArr2, z), CommonConstants.UTF_8);
    }

    public static byte[] decryptDataAsBa(byte[] bArr, byte[] bArr2, boolean z) throws EncryptionException {
        try {
            checkFormat(bArr);
            int geIntFromSwappedBa = geIntFromSwappedBa(copyOfRange(bArr, 8, 16));
            byte[] copyOfRange = copyOfRange(bArr, 16, 32);
            int i = ((geIntFromSwappedBa / 16) + 1) * 16;
            if (z) {
                bArr2 = getHashSHA512(bArr2);
            }
            byte[] copyOfRange2 = copyOfRange(bArr2, 0, 32);
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM_NOPADDING);
            cipher.init(2, new SecretKeySpec(copyOfRange2, CIPHER_ALGORITHM_NOPADDING), new IvParameterSpec(copyOfRange, 0, copyOfRange.length));
            byte[] copyOfRange3 = copyOfRange(bArr, 32, bArr.length - 32);
            if (!validateHmacForDecryption(bArr, bArr2)) {
                throw new EncryptionException("cannot validate HMAC");
            }
            byte[] doFinal = cipher.doFinal(copyOfRange3);
            return copyOfRange(doFinal, i - geIntFromSwappedBa, doFinal.length);
        } catch (EncryptionException e) {
            throw e;
        } catch (Exception e2) {
            throw new EncryptionException("decryptWithPBKDEF2 error (" + e2.getClass().getSimpleName() + ") :" + Utils.getExceptionName(e2));
        }
    }

    public static String decryptItemOverview(byte[] bArr, byte[] bArr2) throws EncryptionException {
        return decryptData(bArr, bArr2, true);
    }

    public static String decryptItemSecureData(byte[] bArr, byte[] bArr2) throws EncryptionException {
        return decryptData(bArr, bArr2, false);
    }

    public static String decryptReply(String str, byte[] bArr) throws Exception {
        if (TextUtils.isEmpty(str)) {
            throw new Exception("ERROR: there is no reply from server");
        }
        try {
            if (!isOpDataFormat(str) && str.startsWith("ERROR")) {
                throw new CommunicationException(str.replace("ERROR", ""));
            }
            return new String(decryptData(Base64.decodeBase64(str), bArr, false));
        } catch (CommunicationException e) {
            throw e;
        } catch (Exception e2) {
            throw new Exception("ERROR decrypting communication msg (" + str + ") ex (" + Utils.getExceptionName(e2) + ")");
        }
    }

    public static byte[] decryptWithPBKDEF2(byte[] bArr, byte[] bArr2, byte[] bArr3, String str, int i) throws EncryptionException {
        checkFormat(bArr);
        int geIntFromSwappedBa = geIntFromSwappedBa(copyOfRange(bArr, 8, 16));
        byte[] copyOfRange = copyOfRange(bArr, 16, 32);
        int i2 = ((geIntFromSwappedBa / 16) + 1) * 16;
        try {
            return decryptWithPBKDEF2_Internal(bArr, bArr2, copyOfRange, i2, geIntFromSwappedBa);
        } catch (EncryptionException unused) {
            return decryptWithPBKDEF2_Internal(bArr, deriveKey(bArr3, str, i, CommonConstants.ISO_8859_1), copyOfRange, i2, geIntFromSwappedBa);
        }
    }

    private static byte[] decryptWithPBKDEF2_Internal(byte[] bArr, byte[] bArr2, byte[] bArr3, int i, int i2) throws EncryptionException {
        byte[] copyOfRange = copyOfRange(bArr2, 0, 32);
        try {
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM_NOPADDING);
            cipher.init(2, new SecretKeySpec(copyOfRange, CIPHER_ALGORITHM_NOPADDING), new IvParameterSpec(bArr3, 0, bArr3.length));
            byte[] doFinal = cipher.doFinal(copyOfRange(bArr, 32, bArr.length - 32));
            if (validateHmacForDecryption(bArr, bArr2)) {
                return copyOfRange(doFinal, i - i2, doFinal.length);
            }
            throw new EncryptionException("cannot validate HMAC");
        } catch (EncryptionException e) {
            throw e;
        } catch (Exception e2) {
            throw new EncryptionException("decryptWithPBKDEF2 error (" + Utils.getExceptionName(e2) + ")");
        }
    }

    public static byte[] deriveKey(byte[] bArr, String str, int i, Charset charset) throws EncryptionException {
        try {
            return new PasswordBasedKeyDerivationFunction2(MacUtil.HMAC_SHA512).derive(str.getBytes(charset), bArr, i, 64);
        } catch (JoseException e) {
            throw new EncryptionException(e.getMessage());
        }
    }

    public static byte[] encrypItemKey(byte[] bArr, byte[] bArr2) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] generateRandomBytes = generateRandomBytes(16);
        byteArrayOutputStream.write(generateRandomBytes);
        byte[] hashSHA512 = getHashSHA512(bArr2);
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM_NOPADDING);
        cipher.init(1, new SecretKeySpec(copyOfRange(hashSHA512, 0, 32), CIPHER_ALGORITHM_NOPADDING), new IvParameterSpec(generateRandomBytes, 0, generateRandomBytes.length));
        byteArrayOutputStream.write(cipher.doFinal(bArr));
        byteArrayOutputStream.write(calculateRFC2104HMAC256(byteArrayOutputStream.toByteArray(), copyOfRange(hashSHA512, 32, hashSHA512.length)));
        return byteArrayOutputStream.toByteArray();
    }

    public static byte[] encryptData(String str, byte[] bArr, boolean z) throws Exception {
        return encryptData(str.getBytes(CommonConstants.UTF_8), bArr, z);
    }

    public static byte[] encryptData(byte[] bArr, byte[] bArr2, boolean z) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        byteArrayOutputStream.write("opdata01".getBytes());
        byte[] generateRandomBytes = generateRandomBytes(16);
        int length = bArr.length;
        byteArrayOutputStream.write(getSwappedBaFromInt(bArr.length));
        byteArrayOutputStream.write(generateRandomBytes);
        byteArrayOutputStream2.write(generateRandomBytes((((length / 16) + 1) * 16) - length));
        byteArrayOutputStream2.write(bArr);
        if (z) {
            bArr2 = getHashSHA512(bArr2);
        }
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM_NOPADDING);
        cipher.init(1, new SecretKeySpec(copyOfRange(bArr2, 0, 32), cipher.getAlgorithm()), new IvParameterSpec(generateRandomBytes, 0, generateRandomBytes.length));
        byteArrayOutputStream.write(cipher.doFinal(byteArrayOutputStream2.toByteArray()));
        byteArrayOutputStream.write(calculateRFC2104HMAC256(byteArrayOutputStream.toByteArray(), copyOfRange(bArr2, 32, bArr2.length)));
        return byteArrayOutputStream.toByteArray();
    }

    public static byte[] encryptItemOverview(String str, byte[] bArr) throws Exception {
        return encryptData(str, bArr, true);
    }

    public static byte[] encryptItemSecureData(String str, byte[] bArr) throws Exception {
        return encryptData(str, bArr, false);
    }

    public static String encryptRequest(String str, byte[] bArr) throws Exception {
        return Base64.encodeBase64String(encryptData(str, bArr, false));
    }

    public static byte[] encryptWithPBKDEF2(byte[] bArr, byte[] bArr2, String str, int i) throws EncryptionException {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write("opdata01".getBytes());
            byte[] generateRandomBytes = generateRandomBytes(16);
            int length = bArr.length;
            byteArrayOutputStream.write(getSwappedBaFromInt(length));
            byteArrayOutputStream.write(generateRandomBytes);
            byte[] deriveKey = deriveKey(bArr2, str, i, CommonConstants.UTF_8);
            byte[] copyOfRange = copyOfRange(deriveKey, 0, 32);
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            byteArrayOutputStream2.write(generateRandomBytes((((length / 16) + 1) * 16) - length));
            byteArrayOutputStream2.write(bArr);
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM_NOPADDING);
            cipher.init(1, new SecretKeySpec(copyOfRange, CIPHER_ALGORITHM_NOPADDING), new IvParameterSpec(generateRandomBytes, 0, generateRandomBytes.length));
            byteArrayOutputStream.write(cipher.doFinal(byteArrayOutputStream2.toByteArray()));
            byteArrayOutputStream.write(calculateRFC2104HMAC256(byteArrayOutputStream.toByteArray(), copyOfRange(deriveKey, 32, deriveKey.length)));
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw new EncryptionException("decryptWithPBKDEF2 error (" + e.getClass().getSimpleName() + ") :" + Utils.getExceptionName(e));
        }
    }

    public static int geIntFromSwappedBa(byte[] bArr) {
        ByteBuffer allocate = ByteBuffer.allocate(8);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        allocate.put(bArr);
        allocate.position(0);
        return allocate.getInt();
    }

    public static byte[] generateRandomBytes(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private static byte[] getHashSHA512(byte[] bArr) throws Exception {
        return MessageDigest.getInstance(MessageDigestAlgorithms.SHA_512).digest(bArr);
    }

    public static byte[] getSwappedBaFromInt(int i) {
        ByteBuffer allocate = ByteBuffer.allocate(8);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        allocate.putInt(i);
        return allocate.array();
    }

    public static boolean isOpDataFormat(String str) {
        try {
            checkFormat(BinTools.hex2bin(str));
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    public static void setHmacAttr(JSONObject jSONObject, byte[] bArr) throws Exception {
        jSONObject.put("hmac", Base64.encodeBase64String(calculateHmac(jSONObject, bArr)));
    }

    public static void validateHmacAttr(JSONObject jSONObject, byte[] bArr) throws Exception {
        String optString = jSONObject.optString("hmac");
        if (TextUtils.isEmpty(optString)) {
            throw new Exception("ERROR: corrupted item uuid=" + jSONObject.getString("uuid") + " (hmac is missing !)");
        }
        if (Arrays.equals(calculateHmac(jSONObject, bArr), Base64.decodeBase64(optString))) {
            return;
        }
        throw new Exception("ERROR: corrupted item uuid=" + jSONObject.getString("uuid") + " (hmac is incorrect !)");
    }

    private static boolean validateHmacForDecryption(byte[] bArr, byte[] bArr2) throws SignatureException {
        return BinTools.bin2hex(calculateRFC2104HMAC256(copyOfRange(bArr, 0, bArr.length - 32), copyOfRange(bArr2, 32, bArr2.length))).equals(BinTools.bin2hex(copyOfRange(bArr, bArr.length - 32, bArr.length)));
    }
}
