package org.emergent.android.weave.client;

import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class WeaveCryptoUtil {
    private static final String PROVIDER_CLASS = "org.bouncycastle.jce.provider.BouncyCastleProvider";
    private static final String PROVIDER_NAME = "BC";
    private static final byte[] HMAC_INPUT = WeaveUtil.toAsciiBytes("Sync-AES_256_CBC-HMAC256");
    private static final Pattern ILLEGAL_USERNAME_PATTERN = Pattern.compile("[^A-Z0-9._-]", 2);
    private static final WeaveCryptoUtil sm_instance = new WeaveCryptoUtil();

    static {
        initProvider(PROVIDER_NAME, PROVIDER_CLASS);
    }

    private WeaveCryptoUtil() {
    }

    private void checkMac(Key key, String str, String str2) {
        if (!str2.equalsIgnoreCase(createMac(key, str))) {
            throw new GeneralSecurityException("mac failed");
        }
    }

    private String createMac(Key key, String str) {
        Mac mac = Mac.getInstance("HMACSHA256", PROVIDER_NAME);
        mac.init(key);
        return WeaveUtil.toAsciiString(Hex.encode(mac.doFinal(WeaveUtil.toAsciiBytes(str))));
    }

    private static byte[] derivePKCS5S2(char[] cArr, byte[] bArr) {
        byte[] passwordPKCS5ToBytes = passwordPKCS5ToBytes(cArr);
        Mac mac = Mac.getInstance("HMACSHA1");
        int macLength = mac.getMacLength();
        int i = ((macLength + 32) - 1) / macLength;
        byte[] bArr2 = new byte[4];
        byte[] bArr3 = new byte[i * macLength];
        for (int i2 = 1; i2 <= i; i2++) {
            intToOctet(bArr2, i2);
            derivePKCS5S2Helper(mac, passwordPKCS5ToBytes, bArr, 4096, bArr2, bArr3, (i2 - 1) * macLength);
        }
        byte[] bArr4 = new byte[32];
        System.arraycopy(bArr3, 0, bArr4, 0, 32);
        return bArr4;
    }

    private static void derivePKCS5S2Helper(Mac mac, byte[] bArr, byte[] bArr2, int i, byte[] bArr3, byte[] bArr4, int i2) {
        byte[] bArr5 = new byte[mac.getMacLength()];
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "SHA1");
        mac.init(secretKeySpec);
        if (bArr2 != null) {
            mac.update(bArr2, 0, bArr2.length);
        }
        mac.update(bArr3, 0, bArr3.length);
        mac.doFinal(bArr5, 0);
        System.arraycopy(bArr5, 0, bArr4, i2, bArr5.length);
        if (i == 0) {
            throw new IllegalArgumentException("iteration count must be at least 1.");
        }
        for (int i3 = 1; i3 < i; i3++) {
            mac.init(secretKeySpec);
            mac.update(bArr5, 0, bArr5.length);
            mac.doFinal(bArr5, 0);
            for (int i4 = 0; i4 != bArr5.length; i4++) {
                int i5 = i2 + i4;
                bArr4[i5] = (byte) (bArr4[i5] ^ bArr5[i4]);
            }
        }
    }

    public static byte[] deriveSyncHmacKey(byte[] bArr, byte[] bArr2, String str) {
        Mac mac = Mac.getInstance("HMACSHA256");
        byte[] bArr3 = new byte[mac.getMacLength()];
        mac.init(new SecretKeySpec(bArr, "SHA256"));
        mac.update(bArr2);
        mac.update(HMAC_INPUT);
        mac.update(WeaveUtil.toAsciiBytes(str));
        mac.update((byte) 2);
        mac.doFinal(bArr3, 0);
        byte[] bArr4 = new byte[32];
        System.arraycopy(bArr3, 0, bArr4, 0, 32);
        return bArr4;
    }

    public static byte[] deriveSyncKey(byte[] bArr, String str) {
        Mac mac = Mac.getInstance("HMACSHA256");
        byte[] bArr2 = new byte[mac.getMacLength()];
        mac.init(new SecretKeySpec(bArr, "SHA256"));
        mac.update(HMAC_INPUT);
        mac.update(WeaveUtil.toAsciiBytes(str));
        mac.update((byte) 1);
        mac.doFinal(bArr2, 0);
        byte[] bArr3 = new byte[32];
        System.arraycopy(bArr2, 0, bArr3, 0, 32);
        return bArr3;
    }

    private byte[] encrypt(Key key, String str, String str2) {
        return encrypt(key, Base64.decode(str), str2);
    }

    private byte[] encrypt(Key key, byte[] bArr, String str) {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING", PROVIDER_NAME);
        cipher.init(1, key, new IvParameterSpec(Base64.decode(str)));
        return cipher.doFinal(bArr);
    }

    public static WeaveCryptoUtil getInstance() {
        return sm_instance;
    }

    protected static boolean initProvider(String str, String str2) {
        try {
            if (Security.getProvider(str) == null) {
                Security.addProvider((Provider) Class.forName(str2).newInstance());
            }
            return true;
        } catch (Throwable th) {
            return false;
        }
    }

    private static void intToOctet(byte[] bArr, int i) {
        bArr[0] = (byte) (i >>> 24);
        bArr[1] = (byte) (i >>> 16);
        bArr[2] = (byte) (i >>> 8);
        bArr[3] = (byte) i;
    }

    private static byte[] passwordPKCS5ToBytes(char[] cArr) {
        byte[] bArr = new byte[cArr.length];
        for (int i = 0; i != bArr.length; i++) {
            bArr[i] = (byte) cArr[i];
        }
        return bArr;
    }

    public RSAPrivateKey decodePrivateKeyFromPKCSBytes(byte[] bArr) {
        return (RSAPrivateKey) KeyFactory.getInstance("RSA", PROVIDER_NAME).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    public byte[] decrypt(Key key, String str, String str2, String str3) {
        byte[] decode = Base64.decode(str);
        byte[] decode2 = Base64.decode(str2);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING", PROVIDER_NAME);
        cipher.init(2, key, new IvParameterSpec(decode2));
        return cipher.doFinal(decode);
    }

    public byte[] decrypt(Key key, Key key2, String str, String str2, String str3) {
        checkMac(key2, str, str3);
        byte[] decode = Base64.decode(str);
        byte[] decode2 = Base64.decode(str2);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING", PROVIDER_NAME);
        cipher.init(2, key, new IvParameterSpec(decode2));
        return cipher.doFinal(decode);
    }

    protected Key getKeyDecryptionKey(char[] cArr, byte[] bArr) {
        return new SecretKeySpec(derivePKCS5S2(cArr, bArr), "AES");
    }

    public String legalizeUsername(String str) {
        try {
            if (!ILLEGAL_USERNAME_PATTERN.matcher(str).find()) {
                return str;
            }
            MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
            messageDigest.update(WeaveUtil.toAsciiBytes(str.toLowerCase()));
            return WeaveUtil.toAsciiString(Base32.encode(messageDigest.digest()));
        } catch (GeneralSecurityException e) {
            throw new Error(e);
        }
    }

    public X509Certificate readCertificate(byte[] bArr) {
        return (X509Certificate) CertificateFactory.getInstance("X.509", PROVIDER_NAME).generateCertificate(new ByteArrayInputStream(bArr));
    }

    public RSAPublicKey readCertificatePubKey(String str) {
        return (RSAPublicKey) readCertificate(Base64.decode(str));
    }

    public byte[] readPrivateKeyToPKCSBytes(char[] cArr, String str, String str2, String str3) {
        Key keyDecryptionKey = getKeyDecryptionKey(cArr, Base64.decode(str));
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING", PROVIDER_NAME);
        cipher.init(2, keyDecryptionKey, new IvParameterSpec(Base64.decode(str2)));
        return cipher.doFinal(Base64.decode(str3));
    }

    public Key unwrapSecretKey(RSAPrivateKey rSAPrivateKey, String str) {
        byte[] decode = Base64.decode(str);
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", PROVIDER_NAME);
        cipher.init(4, rSAPrivateKey);
        return cipher.unwrap(decode, "AES", 3);
    }
}
