package pwd.eci.com.pwdapp.forms.utility;

import android.util.Base64;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;

/* loaded from: classes4.dex */
public class AKgn {
    private static final String AES_ALGORITHM = "AES";
    private static final int AES_KEY_SIZE = 256;
    private static final String AES_TRANSFORMATION = "AES/GCM/NoPadding";
    private static final int GCM_TAG_LENGTH = 16;
    private static final int IV_SIZE = 12;
    private static final String RSA_TRANSFORMATION = "RSA/ECB/OAEPPadding";

    /* loaded from: classes4.dex */
    private static class EncryptionResult {
        public final byte[] encryptedAESKey;
        public final byte[] encryptedData;
        public final byte[] iv;

        public EncryptionResult(byte[] bArr, byte[] bArr2, byte[] bArr3) {
            this.encryptedData = bArr;
            this.encryptedAESKey = bArr2;
            this.iv = bArr3;
        }
    }

    /* loaded from: classes4.dex */
    public static class EncryptionResultB64 {
        public final String encryptedAESKey;
        public final String encryptedData;
        public final String iv;

        public EncryptionResultB64(EncryptionResult encryptionResult) {
            this.encryptedData = AKgn.safeBase64Encode(encryptionResult.encryptedData).trim();
            this.encryptedAESKey = AKgn.safeBase64Encode(encryptionResult.encryptedAESKey).trim();
            this.iv = AKgn.safeBase64Encode(encryptionResult.iv).trim();
        }
    }

    private static OAEPParameterSpec createOAEPParameterSpec() {
        return new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT);
    }

    public static byte[] encryptAESKeyWithRSA(SecretKey secretKey, PublicKey publicKey) throws Exception {
        Cipher cipher = Cipher.getInstance(RSA_TRANSFORMATION);
        cipher.init(1, publicKey, createOAEPParameterSpec());
        return cipher.doFinal(secretKey.getEncoded());
    }

    public static EncryptionResultB64 encryptData(byte[] bArr, PublicKey publicKey) throws Exception {
        SecretKey generateAESKey = generateAESKey();
        byte[] generateIV = generateIV();
        return new EncryptionResultB64(new EncryptionResult(encryptWithAES(bArr, generateAESKey, generateIV), encryptAESKeyWithRSA(generateAESKey, publicKey), generateIV));
    }

    public static byte[] encryptWithAES(byte[] bArr, SecretKey secretKey, byte[] bArr2) throws Exception {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, secretKey, new GCMParameterSpec(128, bArr2));
        return cipher.doFinal(bArr);
    }

    public static SecretKey generateAESKey() throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(AES_ALGORITHM);
        keyGenerator.init(256);
        return keyGenerator.generateKey();
    }

    public static byte[] generateIV() {
        byte[] bArr = new byte[12];
        try {
            SecureRandom.getInstanceStrong().nextBytes(bArr);
        } catch (Exception unused) {
            generateIVLegacy(bArr);
        }
        return bArr;
    }

    private static void generateIVLegacy(byte[] bArr) {
        try {
            SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
        } catch (NoSuchAlgorithmException unused) {
            new SecureRandom().nextBytes(bArr);
        }
    }

    public static String safeBase64Encode(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        return Base64.encodeToString(bArr, 2);
    }

    public static PublicKey stringToPublicKey(String str) throws Exception {
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode(str, 0)));
    }
}
