package com.tedo.consult.jncryptor;

import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class AES256JNCryptor implements JNCryptor {
    static final int AES_256_KEY_SIZE = 32;
    static final int AES_BLOCK_SIZE = 16;
    static final String AES_CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
    static final String AES_NAME = "AES";
    static final String HMAC_ALGORITHM = "HmacSHA256";
    static final String KEY_DERIVATION_ALGORITHM = "PBKDF2WithHmacSHA1";
    static final int PBKDF_DEFAULT_ITERATIONS = 10000;
    static final int SALT_LENGTH = 8;
    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
    static final int VERSION = 3;
    private int iterations;

    public AES256JNCryptor() {
        this.iterations = 10000;
    }

    public AES256JNCryptor(int i) {
        this.iterations = 10000;
        Validate.isTrue(i > 0, "Iteration value must be positive.", new Object[0]);
        this.iterations = i;
    }

    static boolean arraysEqual(byte[] bArr, byte[] bArr2) {
        if (bArr.length != bArr2.length) {
            return false;
        }
        boolean z = true;
        for (int i = 0; i < bArr.length; i++) {
            if (bArr[i] != bArr2[i]) {
                z = false;
            }
        }
        return z;
    }

    private byte[] decryptV2Data(AES256v2Ciphertext aES256v2Ciphertext, SecretKey secretKey, SecretKey secretKey2) throws CryptorException {
        try {
            Mac mac = Mac.getInstance(HMAC_ALGORITHM);
            mac.init(secretKey2);
            if (!arraysEqual(mac.doFinal(aES256v2Ciphertext.getDataToHMAC()), aES256v2Ciphertext.getHmac())) {
                throw new InvalidHMACException("Incorrect HMAC value.");
            }
            Cipher cipher = Cipher.getInstance(AES_CIPHER_ALGORITHM);
            cipher.init(2, secretKey, new IvParameterSpec(aES256v2Ciphertext.getIv()));
            return cipher.doFinal(aES256v2Ciphertext.getCiphertext());
        } catch (InvalidKeyException e) {
            throw new CryptorException("Caught InvalidKeyException. Do you have unlimited strength jurisdiction files installed?", e);
        } catch (GeneralSecurityException e2) {
            throw new CryptorException("Failed to decrypt message.", e2);
        }
    }

    private byte[] decryptV2Data(byte[] bArr, char[] cArr) throws CryptorException {
        try {
            AES256v2Ciphertext aES256v2Ciphertext = new AES256v2Ciphertext(bArr);
            if (aES256v2Ciphertext.isPasswordBased()) {
                return decryptV2Data(aES256v2Ciphertext, keyForPassword(cArr, aES256v2Ciphertext.getEncryptionSalt()), keyForPassword(cArr, aES256v2Ciphertext.getHmacSalt()));
            }
            throw new IllegalArgumentException("Ciphertext was not encrypted with a password.");
        } catch (InvalidDataException e) {
            throw new CryptorException("Unable to parse ciphertext.", e);
        }
    }

    private byte[] decryptV3Data(AES256v3Ciphertext aES256v3Ciphertext, SecretKey secretKey, SecretKey secretKey2) throws CryptorException {
        try {
            Mac mac = Mac.getInstance(HMAC_ALGORITHM);
            mac.init(secretKey2);
            if (!arraysEqual(mac.doFinal(aES256v3Ciphertext.getDataToHMAC()), aES256v3Ciphertext.getHmac())) {
                throw new InvalidHMACException("Incorrect HMAC value.");
            }
            Cipher cipher = Cipher.getInstance(AES_CIPHER_ALGORITHM);
            cipher.init(2, secretKey, new IvParameterSpec(aES256v3Ciphertext.getIv()));
            return cipher.doFinal(aES256v3Ciphertext.getCiphertext());
        } catch (InvalidKeyException e) {
            throw new CryptorException("Caught InvalidKeyException. Do you have unlimited strength jurisdiction files installed?", e);
        } catch (GeneralSecurityException e2) {
            throw new CryptorException("Failed to decrypt message.", e2);
        }
    }

    private byte[] decryptV3Data(byte[] bArr, char[] cArr) throws CryptorException {
        try {
            AES256v3Ciphertext aES256v3Ciphertext = new AES256v3Ciphertext(bArr);
            if (aES256v3Ciphertext.isPasswordBased()) {
                return decryptV3Data(aES256v3Ciphertext, keyForPassword(cArr, aES256v3Ciphertext.getEncryptionSalt()), keyForPassword(cArr, aES256v3Ciphertext.getHmacSalt()));
            }
            throw new IllegalArgumentException("Ciphertext was not encrypted with a password.");
        } catch (InvalidDataException e) {
            throw new CryptorException("Unable to parse ciphertext.", e);
        }
    }

    static byte[] getSecureRandomData(int i) {
        byte[] bArr = new byte[i];
        SECURE_RANDOM.nextBytes(bArr);
        return bArr;
    }

    private static int readVersionNumber(byte[] bArr) {
        Validate.isTrue(bArr.length > 0, "Data must be at least one byte long to read version number.", new Object[0]);
        return bArr[0];
    }

    @Override // com.tedo.consult.jncryptor.JNCryptor
    public byte[] decryptData(byte[] bArr, SecretKey secretKey, SecretKey secretKey2) throws CryptorException, InvalidHMACException {
        Validate.notNull(bArr, "Ciphertext cannot be null.", new Object[0]);
        Validate.notNull(secretKey, "Decryption key cannot be null.", new Object[0]);
        Validate.notNull(secretKey2, "HMAC key cannot be null.", new Object[0]);
        try {
            int readVersionNumber = readVersionNumber(bArr);
            switch (readVersionNumber) {
                case 2:
                    return decryptV2Data(new AES256v2Ciphertext(bArr), secretKey, secretKey2);
                case 3:
                    return decryptV3Data(new AES256v3Ciphertext(bArr), secretKey, secretKey2);
                default:
                    throw new CryptorException(String.format("Unrecognised version number: %d.", Integer.valueOf(readVersionNumber)));
            }
        } catch (InvalidDataException e) {
            throw new CryptorException("Unable to parse ciphertext.", e);
        }
    }

    @Override // com.tedo.consult.jncryptor.JNCryptor
    public byte[] decryptData(byte[] bArr, char[] cArr) throws CryptorException {
        Validate.notNull(bArr, "Ciphertext cannot be null.", new Object[0]);
        Validate.notNull(cArr, "Password cannot be null.", new Object[0]);
        Validate.isTrue(cArr.length > 0, "Password cannot be empty.", new Object[0]);
        int readVersionNumber = readVersionNumber(bArr);
        switch (readVersionNumber) {
            case 2:
                return decryptV2Data(bArr, cArr);
            case 3:
                return decryptV3Data(bArr, cArr);
            default:
                throw new CryptorException(String.format("Unrecognised version number: %d.", Integer.valueOf(readVersionNumber)));
        }
    }

    @Override // com.tedo.consult.jncryptor.JNCryptor
    public byte[] encryptData(byte[] bArr, PasswordKey passwordKey, PasswordKey passwordKey2) throws CryptorException {
        byte[] bArr2 = new byte[16];
        SECURE_RANDOM.nextBytes(bArr2);
        return encryptData(bArr, passwordKey, passwordKey2, bArr2);
    }

    byte[] encryptData(byte[] bArr, PasswordKey passwordKey, PasswordKey passwordKey2, byte[] bArr2) throws CryptorException {
        try {
            Cipher cipher = Cipher.getInstance(AES_CIPHER_ALGORITHM);
            cipher.init(1, passwordKey.getKey(), new IvParameterSpec(bArr2));
            AES256v3Ciphertext aES256v3Ciphertext = new AES256v3Ciphertext(passwordKey.getSalt(), passwordKey2.getSalt(), bArr2, cipher.doFinal(bArr));
            Mac mac = Mac.getInstance(HMAC_ALGORITHM);
            mac.init(passwordKey2.getKey());
            aES256v3Ciphertext.setHmac(mac.doFinal(aES256v3Ciphertext.getDataToHMAC()));
            return aES256v3Ciphertext.getRawData();
        } catch (InvalidKeyException e) {
            throw new CryptorException("Caught InvalidKeyException. Do you have unlimited strength jurisdiction files installed?", e);
        } catch (GeneralSecurityException e2) {
            throw new CryptorException("Failed to generate ciphertext.", e2);
        }
    }

    @Override // com.tedo.consult.jncryptor.JNCryptor
    public byte[] encryptData(byte[] bArr, SecretKey secretKey, SecretKey secretKey2) throws CryptorException {
        Validate.notNull(bArr, "Plaintext cannot be null.", new Object[0]);
        Validate.notNull(secretKey, "Encryption key cannot be null.", new Object[0]);
        Validate.notNull(secretKey2, "HMAC key cannot be null.", new Object[0]);
        byte[] secureRandomData = getSecureRandomData(16);
        try {
            Cipher cipher = Cipher.getInstance(AES_CIPHER_ALGORITHM);
            cipher.init(1, secretKey, new IvParameterSpec(secureRandomData));
            AES256v3Ciphertext aES256v3Ciphertext = new AES256v3Ciphertext(secureRandomData, cipher.doFinal(bArr));
            Mac mac = Mac.getInstance(HMAC_ALGORITHM);
            mac.init(secretKey2);
            aES256v3Ciphertext.setHmac(mac.doFinal(aES256v3Ciphertext.getDataToHMAC()));
            return aES256v3Ciphertext.getRawData();
        } catch (GeneralSecurityException e) {
            throw new CryptorException("Failed to generate ciphertext.", e);
        }
    }

    @Override // com.tedo.consult.jncryptor.JNCryptor
    public byte[] encryptData(byte[] bArr, char[] cArr) throws CryptorException {
        Validate.notNull(bArr, "Plaintext cannot be null.", new Object[0]);
        Validate.notNull(cArr, "Password cannot be null.", new Object[0]);
        Validate.isTrue(cArr.length > 0, "Password cannot be empty.", new Object[0]);
        return encryptData(bArr, cArr, getSecureRandomData(8), getSecureRandomData(8), getSecureRandomData(16));
    }

    @Override // com.tedo.consult.jncryptor.JNCryptor
    public byte[] encryptData(byte[] bArr, char[] cArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws CryptorException {
        Validate.notNull(bArr, "Plaintext cannot be null.", new Object[0]);
        Validate.notNull(cArr, "Password cannot be null.", new Object[0]);
        Validate.isTrue(cArr.length > 0, "Password cannot be empty.", new Object[0]);
        Validate.isCorrectLength(bArr2, 8, "Encryption salt");
        Validate.isCorrectLength(bArr3, 8, "HMAC salt");
        Validate.isCorrectLength(bArr4, 16, "IV");
        return encryptData(bArr, new PasswordKey(keyForPassword(cArr, bArr2), bArr2), new PasswordKey(keyForPassword(cArr, bArr3), bArr3), bArr4);
    }

    @Override // com.tedo.consult.jncryptor.JNCryptor
    public synchronized int getPBKDFIterations() {
        return this.iterations;
    }

    @Override // com.tedo.consult.jncryptor.JNCryptor
    public PasswordKey getPasswordKey(char[] cArr) throws CryptorException {
        Validate.notNull(cArr, "Password cannot be null.", new Object[0]);
        Validate.isTrue(cArr.length > 0, "Password cannot be empty.", new Object[0]);
        byte[] bArr = new byte[8];
        SECURE_RANDOM.nextBytes(bArr);
        return new PasswordKey(keyForPassword(cArr, bArr), bArr);
    }

    @Override // com.tedo.consult.jncryptor.JNCryptor
    public int getVersionNumber() {
        return 3;
    }

    @Override // com.tedo.consult.jncryptor.JNCryptor
    public SecretKey keyForPassword(char[] cArr, byte[] bArr) throws CryptorException {
        Validate.notNull(bArr, "Salt value cannot be null.", new Object[0]);
        Validate.isTrue(bArr.length == 8, "Salt value must be %d bytes.", 8);
        Validate.notNull(cArr, "Password cannot be null.", new Object[0]);
        Validate.isTrue(cArr.length > 0, "Password cannot be empty.", new Object[0]);
        try {
            return new SecretKeySpec(SecretKeyFactory.getInstance(KEY_DERIVATION_ALGORITHM).generateSecret(new PBEKeySpec(cArr, bArr, getPBKDFIterations(), 256)).getEncoded(), AES_NAME);
        } catch (GeneralSecurityException e) {
            throw new CryptorException(String.format("Failed to generate key from password using %s.", KEY_DERIVATION_ALGORITHM), e);
        }
    }

    @Override // com.tedo.consult.jncryptor.JNCryptor
    public synchronized void setPBKDFIterations(int i) {
        synchronized (this) {
            Validate.isTrue(i > 0, "Number of iterations must be greater than zero.", new Object[0]);
            this.iterations = i;
        }
    }
}
