package com.intuit.spc.authorization.handshake.internal.security;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import androidx.autofill.HintConstants;
import com.intuit.identity.IntuitIdentityWrappedException;
import com.noknok.android.client.utils.CryptoProviderHelper;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.util.Calendar;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlin.Deprecated;
import kotlin.Metadata;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: CryptoUtility.kt */
@Metadata(d1 = {"\u0000Z\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0010\b\n\u0002\b\b\n\u0002\u0010\u0012\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\b\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u0019\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\bÀ\u0002\u0018\u00002\u00020\u0001:\u00016B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u001a\u0010\u0013\u001a\u00020\u00102\b\u0010\u0014\u001a\u0004\u0018\u00010\u00152\b\u0010\u0016\u001a\u0004\u0018\u00010\u0010J$\u0010\u0017\u001a\u00020\u00102\b\u0010\u0018\u001a\u0004\u0018\u00010\u00102\b\u0010\u0014\u001a\u0004\u0018\u00010\u00152\b\u0010\u0019\u001a\u0004\u0018\u00010\u0010J&\u0010\u001a\u001a\u00020\u00102\b\u0010\u0018\u001a\u0004\u0018\u00010\u00102\b\u0010\u0014\u001a\u0004\u0018\u00010\u00152\b\u0010\u0019\u001a\u0004\u0018\u00010\u0010H\u0007J\u0018\u0010\u001b\u001a\u00020\u00102\b\u0010\u001c\u001a\u0004\u0018\u00010\u00102\u0006\u0010\u001d\u001a\u00020\u001eJ\u001a\u0010\u001f\u001a\u00020 2\b\u0010!\u001a\u0004\u0018\u00010\u00102\b\u0010\u0014\u001a\u0004\u0018\u00010\u0015J\u0018\u0010\"\u001a\u00020\u00102\b\u0010#\u001a\u0004\u0018\u00010\u00102\u0006\u0010\u001d\u001a\u00020\u001eJ\"\u0010$\u001a\u00020\u00152\b\u0010%\u001a\u0004\u0018\u00010&2\b\u0010'\u001a\u0004\u0018\u00010\u00102\u0006\u0010(\u001a\u00020\u0007J\u0010\u0010)\u001a\u00020\u001e2\u0006\u0010*\u001a\u00020+H\u0007J\u0006\u0010,\u001a\u00020\u0015J \u0010-\u001a\u00020.2\u0006\u0010/\u001a\u00020+2\u0006\u00100\u001a\u0002012\u0006\u00102\u001a\u000201H\u0002J\u0010\u00103\u001a\u00020\u00152\b\u00104\u001a\u0004\u0018\u00010\u0010J\u0006\u00105\u001a\u00020\u0007R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u000b\u001a\u00020\u0007X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\r\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u000e\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u0011\u0010\u000f\u001a\u00020\u00108F¢\u0006\u0006\u001a\u0004\b\u0011\u0010\u0012¨\u00067"}, d2 = {"Lcom/intuit/spc/authorization/handshake/internal/security/CryptoUtility;", "", "()V", "AES_CIPHER_CBC_MODE", "", "AES_CIPHER_GCM_MODE", "AES_KEY_SIZE", "", "ALGORITHM_AES", "ALGORITHM_RSA", "ALGORITHM_SECRET_KEY_FACTORY", "GCM_TAG_LENGTH", "KEYSTORE_PROVIDER", "KEY_ALIAS", "RSA_CIPHER_ALGORITHM", "randomSalt", "", "getRandomSalt", "()[B", "calculateHmacWithKey", "secretKey", "Ljavax/crypto/SecretKey;", "data", "decryptData", "encryptedData", "initializationVector", "decryptDataInCBC", "decryptPasswordlessAesKey", "encryptedPasswordlessAesKey", "keyStore", "Ljava/security/KeyStore;", "encryptData", "Lcom/intuit/spc/authorization/handshake/internal/security/CryptoUtility$EncryptionResult;", "unencryptedData", "encryptPasswordlessAesKey", "aesKey", "generateAesKeyForPassword", HintConstants.AUTOFILL_HINT_PASSWORD, "", "salt", "iterationCount", "generateKeyPair", "androidContext", "Landroid/content/Context;", "generatePasswordlessAesKey", "getKeyPairGeneratorSpec", "Ljava/security/spec/AlgorithmParameterSpec;", "context", "validityStart", "Ljava/util/Calendar;", "validityEnd", "getPasswordlessAesKeyFromBytes", "secretKeyBytes", "secureKeyIterationCount", "EncryptionResult", "IntuitIdentity_release"}, k = 1, mv = {1, 8, 0}, xi = 48)
/* loaded from: classes5.dex */
public final class CryptoUtility {
    private static final String AES_CIPHER_CBC_MODE = "AES/CBC/PKCS7Padding";
    private static final String AES_CIPHER_GCM_MODE = "AES/GCM/NoPadding";
    public static final int AES_KEY_SIZE = 256;
    private static final String ALGORITHM_AES = "AES";
    private static final String ALGORITHM_RSA = "RSA";
    private static final String ALGORITHM_SECRET_KEY_FACTORY = "PBKDF2WithHmacSHA1";
    private static final int GCM_TAG_LENGTH = 128;
    public static final CryptoUtility INSTANCE = new CryptoUtility();
    private static final String KEYSTORE_PROVIDER = "AndroidKeyStore";
    private static final String KEY_ALIAS = "com.intuit.spc.authorization.key";
    private static final String RSA_CIPHER_ALGORITHM = "RSA/ECB/PKCS1Padding";

    /* compiled from: CryptoUtility.kt */
    @Metadata(d1 = {"\u0000\u0014\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0002\b\b\b\u0007\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002R\u001a\u0010\u0003\u001a\u00020\u0004X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u0005\u0010\u0006\"\u0004\b\u0007\u0010\bR\u001a\u0010\t\u001a\u00020\u0004X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\n\u0010\u0006\"\u0004\b\u000b\u0010\b¨\u0006\f"}, d2 = {"Lcom/intuit/spc/authorization/handshake/internal/security/CryptoUtility$EncryptionResult;", "", "()V", "encryptedData", "", "getEncryptedData", "()[B", "setEncryptedData", "([B)V", "initializationVector", "getInitializationVector", "setInitializationVector", "IntuitIdentity_release"}, k = 1, mv = {1, 8, 0}, xi = 48)
    /* loaded from: classes5.dex */
    public static final class EncryptionResult {
        public static final int $stable = 8;
        private byte[] initializationVector = new byte[0];
        private byte[] encryptedData = new byte[0];

        public final byte[] getEncryptedData() {
            return this.encryptedData;
        }

        public final byte[] getInitializationVector() {
            return this.initializationVector;
        }

        public final void setEncryptedData(byte[] bArr) {
            Intrinsics.checkNotNullParameter(bArr, "<set-?>");
            this.encryptedData = bArr;
        }

        public final void setInitializationVector(byte[] bArr) {
            Intrinsics.checkNotNullParameter(bArr, "<set-?>");
            this.initializationVector = bArr;
        }
    }

    private CryptoUtility() {
    }

    @JvmStatic
    public static final KeyStore generateKeyPair(Context androidContext) throws InvalidAlgorithmParameterException, NoSuchProviderException, NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException {
        Intrinsics.checkNotNullParameter(androidContext, "androidContext");
        KeyStore keyStore = KeyStore.getInstance(KEYSTORE_PROVIDER);
        keyStore.load(null);
        if (keyStore.containsAlias(KEY_ALIAS)) {
            Intrinsics.checkNotNullExpressionValue(keyStore, "keyStore");
            return keyStore;
        }
        Calendar start = Calendar.getInstance();
        Calendar end = Calendar.getInstance();
        end.add(1, 30);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM_RSA, KEYSTORE_PROVIDER);
        CryptoUtility cryptoUtility = INSTANCE;
        Intrinsics.checkNotNullExpressionValue(start, "start");
        Intrinsics.checkNotNullExpressionValue(end, "end");
        keyPairGenerator.initialize(cryptoUtility.getKeyPairGeneratorSpec(androidContext, start, end));
        keyPairGenerator.generateKeyPair();
        Intrinsics.checkNotNullExpressionValue(keyStore, "keyStore");
        return keyStore;
    }

    private final AlgorithmParameterSpec getKeyPairGeneratorSpec(Context context, Calendar validityStart, Calendar validityEnd) {
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(context).setAlias(KEY_ALIAS).setSubject(new X500Principal("CN=com.intuit.spc.authorization.key, O=Intuit, OU=OII, C=US")).setSerialNumber(BigInteger.ONE).setStartDate(validityStart.getTime()).setEndDate(validityEnd.getTime()).build();
        Intrinsics.checkNotNullExpressionValue(build, "Builder(context)\n       …ime)\n            .build()");
        return build;
    }

    public final byte[] calculateHmacWithKey(SecretKey secretKey, byte[] data) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance(CryptoProviderHelper.ALG_HMAC_SHA_256);
        mac.init(secretKey);
        byte[] doFinal = mac.doFinal(data);
        Intrinsics.checkNotNullExpressionValue(doFinal, "mac.doFinal(data)");
        return doFinal;
    }

    public final byte[] decryptData(byte[] encryptedData, SecretKey secretKey, byte[] initializationVector) throws Exception {
        Cipher cipher = Cipher.getInstance(AES_CIPHER_GCM_MODE);
        SecretKey secretKey2 = secretKey;
        cipher.init(2, secretKey2, new IvParameterSpec(initializationVector));
        try {
            byte[] doFinal = cipher.doFinal(encryptedData);
            Intrinsics.checkNotNullExpressionValue(doFinal, "{\n            decryption…(encryptedData)\n        }");
            return doFinal;
        } catch (Exception unused) {
            Cipher cipher2 = Cipher.getInstance(AES_CIPHER_GCM_MODE);
            cipher2.init(2, secretKey2, new GCMParameterSpec(128, initializationVector));
            try {
                byte[] doFinal2 = cipher2.doFinal(encryptedData);
                Intrinsics.checkNotNullExpressionValue(doFinal2, "{\n            if (Build.…throw exception\n        }");
                return doFinal2;
            } catch (Exception e) {
                throw new IntuitIdentityWrappedException(null, "GCMParameterSpec retry " + e.getMessage(), null, 5, null);
            }
        }
    }

    @Deprecated(message = "")
    public final byte[] decryptDataInCBC(byte[] encryptedData, SecretKey secretKey, byte[] initializationVector) throws Exception {
        Cipher cipher = Cipher.getInstance(AES_CIPHER_CBC_MODE);
        cipher.init(2, secretKey, new IvParameterSpec(initializationVector));
        byte[] doFinal = cipher.doFinal(encryptedData);
        Intrinsics.checkNotNullExpressionValue(doFinal, "decryptionCipher.doFinal(encryptedData)");
        return doFinal;
    }

    public final byte[] decryptPasswordlessAesKey(byte[] encryptedPasswordlessAesKey, KeyStore keyStore) throws IOException, InvalidKeyException, UnrecoverableEntryException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, NoSuchPaddingException {
        Intrinsics.checkNotNullParameter(keyStore, "keyStore");
        int i = 0;
        while (true) {
            try {
                KeyStore.Entry entry = keyStore.getEntry(KEY_ALIAS, null);
                Intrinsics.checkNotNull(entry, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
                PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
                Cipher cipher = Cipher.getInstance(RSA_CIPHER_ALGORITHM);
                cipher.init(2, privateKey);
                CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(encryptedPasswordlessAesKey), cipher);
                byte[] bArr = new byte[32];
                cipherInputStream.read(bArr);
                cipherInputStream.close();
                return bArr;
            } catch (Exception e) {
                if ((e instanceof UnrecoverableEntryException) || (e instanceof NoSuchAlgorithmException) || (e instanceof KeyStoreException) || (e instanceof NullPointerException)) {
                    i++;
                    if (i == 2) {
                        throw e;
                    }
                } else {
                    continue;
                }
            }
        }
    }

    public final EncryptionResult encryptData(byte[] unencryptedData, SecretKey secretKey) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidParameterSpecException, IllegalBlockSizeException, BadPaddingException {
        Cipher cipher = Cipher.getInstance(AES_CIPHER_GCM_MODE);
        Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(AES_CIPHER_GCM_MODE)");
        cipher.init(1, secretKey);
        byte[] iv = ((GCMParameterSpec) cipher.getParameters().getParameterSpec(GCMParameterSpec.class)).getIV();
        Intrinsics.checkNotNullExpressionValue(iv, "{\n            algorithmP…:class.java).iv\n        }");
        EncryptionResult encryptionResult = new EncryptionResult();
        encryptionResult.setInitializationVector(iv);
        byte[] doFinal = cipher.doFinal(unencryptedData);
        Intrinsics.checkNotNullExpressionValue(doFinal, "encryptionCipher.doFinal(unencryptedData)");
        encryptionResult.setEncryptedData(doFinal);
        return encryptionResult;
    }

    public final byte[] encryptPasswordlessAesKey(byte[] aesKey, KeyStore keyStore) throws IOException, InvalidKeyException, NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, UnrecoverableEntryException, KeyStoreException {
        Intrinsics.checkNotNullParameter(keyStore, "keyStore");
        int i = 0;
        while (true) {
            try {
                KeyStore.Entry entry = keyStore.getEntry(KEY_ALIAS, null);
                Intrinsics.checkNotNull(entry, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
                PublicKey publicKey = ((KeyStore.PrivateKeyEntry) entry).getCertificate().getPublicKey();
                Intrinsics.checkNotNullExpressionValue(publicKey, "privateKeyEntry.certificate.publicKey");
                Cipher cipher = Cipher.getInstance(RSA_CIPHER_ALGORITHM);
                cipher.init(1, publicKey);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
                cipherOutputStream.write(aesKey);
                cipherOutputStream.close();
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                Intrinsics.checkNotNullExpressionValue(byteArray, "outputStream.toByteArray()");
                return byteArray;
            } catch (Exception e) {
                if ((e instanceof UnrecoverableEntryException) || (e instanceof NoSuchAlgorithmException) || (e instanceof KeyStoreException) || (e instanceof NullPointerException)) {
                    i++;
                    if (i == 2) {
                        throw e;
                    }
                } else {
                    continue;
                }
            }
        }
    }

    public final SecretKey generateAesKeyForPassword(char[] password, byte[] salt, int iterationCount) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return new SecretKeySpec(SecretKeyFactory.getInstance(ALGORITHM_SECRET_KEY_FACTORY).generateSecret(new PBEKeySpec(password, salt, iterationCount, 256)).getEncoded(), ALGORITHM_AES);
    }

    public final SecretKey generatePasswordlessAesKey() throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(ALGORITHM_AES);
        keyGenerator.init(256);
        SecretKey generateKey = keyGenerator.generateKey();
        Intrinsics.checkNotNullExpressionValue(generateKey, "keyGen.generateKey()");
        return generateKey;
    }

    public final SecretKey getPasswordlessAesKeyFromBytes(byte[] secretKeyBytes) {
        return new SecretKeySpec(secretKeyBytes, ALGORITHM_AES);
    }

    public final byte[] getRandomSalt() {
        byte[] bArr = new byte[8];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    public final int secureKeyIterationCount() {
        return 5;
    }
}
