package com.agilebits.onepassword.b5.crypto;

import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.text.TextUtils;
import com.agilebits.onepassword.b5.dataobj.AccountKey;
import com.agilebits.onepassword.b5.utils.AppInternalError;
import com.agilebits.onepassword.b5.vault.model.Jwe;
import com.agilebits.onepassword.b5.vault.model.JweNoIv;
import com.agilebits.onepassword.crypto.MyPBKDF2Engine;
import com.agilebits.onepassword.mgr.BiometricAuthMgr;
import com.agilebits.onepassword.support.Base64;
import com.agilebits.onepassword.support.BinTools;
import com.agilebits.onepassword.support.CommonConstants;
import com.agilebits.onepassword.support.LogUtils;
import com.agilebits.onepassword.support.Utils;
import com.agilebits.onepassword.watchtower.WatchtowerView;
import com.agilebits.onepassword.wifi.encryption.EncryptionUtils;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.util.Arrays;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import kotlin.UByte;
import org.apache.commons.lang3.ArrayUtils;
import org.jose4j.base64url.Base64Url;
import org.jose4j.jca.ProviderContext;
import org.jose4j.jwe.AesGcmContentEncryptionAlgorithm;
import org.jose4j.jwe.ContentEncryptionParts;
import org.jose4j.jwe.kdf.PasswordBasedKeyDerivationFunction2;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.OctetSequenceJsonWebKey;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jwx.HeaderParameterNames;
import org.jose4j.keys.AesKey;
import org.jose4j.lang.JoseException;
import org.jose4j.mac.MacUtil;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.slf4j.Marker;

/* loaded from: classes.dex */
public class B5CryptoUtils {
    public static final String ALG_PUBLIC_ENCR_CIPHER = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
    public static final String AUTOFILL_PREVIEW_KEY_NAME = "AUTOFILL_PREVIEW_KEY_NAME";
    public static final int B5_IVEC_LENGTH = 12;
    static final String CTY = "b5+jwk+json";
    public static final String HMAC_MD5 = "HmacMD5";
    public static final String HMAC_SHA1 = "HmacSHA1";
    private static final String MAC_VER = "v1";
    private static final byte[] MAGIC_STRING_AS_BA = BinTools.hex2bin("4865206E657665722077656172732061204D61632C20696E2074686520706F7572696E67207261696E2E205665727920737472616E67652E");

    public static byte[] calculateAcctKeySha256(AccountKey accountKey) throws B5EncryptionException {
        return doHKDFSha256(accountKey.getKey().getBytes(CommonConstants.UTF_8), accountKey.getKeyVersion().getBytes(CommonConstants.UTF_8), accountKey.getKeyId().getBytes(CommonConstants.UTF_8));
    }

    public static String calculateClientHash(String str, AccountKey accountKey) throws AppInternalError {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(accountKey.getKeyId().getBytes(CommonConstants.UTF_8));
            byte[] digest = messageDigest.digest();
            messageDigest.reset();
            messageDigest.update(str.getBytes(CommonConstants.UTF_8));
            byte[] digest2 = messageDigest.digest();
            byte[] bArr = new byte[digest.length + digest2.length];
            System.arraycopy(digest, 0, bArr, 0, digest.length);
            System.arraycopy(digest2, 0, bArr, digest.length, digest2.length);
            messageDigest.reset();
            messageDigest.update(bArr);
            return Base64.encodeBase64URLSafeString(messageDigest.digest());
        } catch (Exception e) {
            throw new AppInternalError("calculateClientHash:" + Utils.getExceptionName(e));
        }
    }

    public static String calculateMAC(String str, byte[] bArr, String str2, long j, String str3) throws AppInternalError {
        String lowerCase = str3.toLowerCase(Locale.US);
        if (lowerCase.startsWith(WatchtowerView.SECURED_WEBSITE_PREFIX)) {
            lowerCase = lowerCase.replace(WatchtowerView.SECURED_WEBSITE_PREFIX, "");
        }
        if (!lowerCase.contains("?")) {
            lowerCase = lowerCase + "?";
        }
        String str4 = str2 + "|" + str.toUpperCase(Locale.US) + "|" + lowerCase + "|" + MAC_VER + "|" + j;
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, MacUtil.HMAC_SHA256);
            Mac mac = Mac.getInstance(secretKeySpec.getAlgorithm());
            mac.init(secretKeySpec);
            byte[] doFinal = mac.doFinal(MAGIC_STRING_AS_BA);
            mac.reset();
            mac.init(new SecretKeySpec(doFinal, MacUtil.HMAC_SHA256));
            return "v1|" + j + "|" + Base64.encodeBase64URLSafeString(Arrays.copyOfRange(mac.doFinal(str4.getBytes(CommonConstants.UTF_8)), 0, 12));
        } catch (Exception e) {
            throw new AppInternalError("calculateMAC() reqId:" + j + " reqUrl:" + lowerCase + " sessionId:" + str2 + " [" + Utils.getExceptionName(e) + "]");
        }
    }

    public static String calculateServerHash(String str, String str2) throws AppInternalError {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(str.getBytes(CommonConstants.UTF_8));
            byte[] digest = messageDigest.digest();
            messageDigest.reset();
            messageDigest.update(str2.getBytes(CommonConstants.UTF_8));
            byte[] digest2 = messageDigest.digest();
            byte[] bArr = new byte[digest.length + digest2.length];
            System.arraycopy(digest, 0, bArr, 0, digest.length);
            System.arraycopy(digest2, 0, bArr, digest.length, digest2.length);
            messageDigest.reset();
            messageDigest.update(bArr);
            return Base64.encodeBase64URLSafeString(messageDigest.digest());
        } catch (Exception e) {
            throw new AppInternalError("calculateServerHash:" + Utils.getExceptionName(e));
        }
    }

    private static SecretKey createKeyInKeyStore(String str, boolean z, String str2, String str3) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(CommonConstants.ANDROID_KEY_STORE);
        keyStore.load(null);
        if (keyStore.containsAlias(str)) {
            keyStore.deleteEntry(str);
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance(AesKey.ALGORITHM, CommonConstants.ANDROID_KEY_STORE);
        int i = 5 << 0;
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes(str2).setUserAuthenticationRequired(z).setEncryptionPaddings(str3).build());
        return keyGenerator.generateKey();
    }

    public static SecretKey createKeyInKeyStoreForAutofillPreview() throws Exception {
        return createKeyInKeyStore(AUTOFILL_PREVIEW_KEY_NAME, false, "GCM", "NoPadding");
    }

    public static SecretKey createKeyInKeyStoreForBiometricAuth() throws Exception {
        return createKeyInKeyStore(BiometricAuthMgr.KEY_NAME, true, "CBC", "PKCS7Padding");
    }

    private static byte[] decryptAes256Gcm(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws JoseException {
        return new AesGcmContentEncryptionAlgorithm.Aes256Gcm().decrypt(new ContentEncryptionParts(bArr4, bArr, bArr2), null, bArr3, null, new ProviderContext());
    }

    public static String decryptItemEncrData(byte[] bArr, JSONObject jSONObject) throws B5EncryptionException {
        try {
            return decryptWithSymmetricKey(bArr, Base64Url.decode(jSONObject.getString(CommonConstants.DATA_FOLDER_1PASS)), Base64Url.decode(jSONObject.getString(HeaderParameterNames.INITIALIZATION_VECTOR)));
        } catch (Exception e) {
            throw new B5EncryptionException("Error on decryptItemEncrData", "ERROR decryptItemEncrData:" + Utils.getExceptionName(e));
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x0073  */
    /* JADX WARN: Removed duplicated region for block: B:15:0x007f  */
    /* JADX WARN: Removed duplicated region for block: B:19:0x00b4  */
    /* JADX WARN: Removed duplicated region for block: B:21:0x00eb A[Catch: JSONException -> 0x012d, JoseException -> 0x0130, TryCatch #2 {JoseException -> 0x0130, JSONException -> 0x012d, blocks: (B:3:0x000f, B:7:0x005d, B:10:0x006c, B:13:0x0077, B:17:0x00ad, B:21:0x00eb, B:24:0x0122, B:25:0x012c, B:26:0x00b9, B:28:0x00c8, B:30:0x0084, B:32:0x0092, B:33:0x0027, B:35:0x0033), top: B:2:0x000f }] */
    /* JADX WARN: Removed duplicated region for block: B:24:0x0122 A[Catch: JSONException -> 0x012d, JoseException -> 0x0130, TryCatch #2 {JoseException -> 0x0130, JSONException -> 0x012d, blocks: (B:3:0x000f, B:7:0x005d, B:10:0x006c, B:13:0x0077, B:17:0x00ad, B:21:0x00eb, B:24:0x0122, B:25:0x012c, B:26:0x00b9, B:28:0x00c8, B:30:0x0084, B:32:0x0092, B:33:0x0027, B:35:0x0033), top: B:2:0x000f }] */
    /* JADX WARN: Removed duplicated region for block: B:26:0x00b9 A[Catch: JSONException -> 0x012d, JoseException -> 0x0130, TryCatch #2 {JoseException -> 0x0130, JSONException -> 0x012d, blocks: (B:3:0x000f, B:7:0x005d, B:10:0x006c, B:13:0x0077, B:17:0x00ad, B:21:0x00eb, B:24:0x0122, B:25:0x012c, B:26:0x00b9, B:28:0x00c8, B:30:0x0084, B:32:0x0092, B:33:0x0027, B:35:0x0033), top: B:2:0x000f }] */
    /* JADX WARN: Removed duplicated region for block: B:30:0x0084 A[Catch: JSONException -> 0x012d, JoseException -> 0x0130, TryCatch #2 {JoseException -> 0x0130, JSONException -> 0x012d, blocks: (B:3:0x000f, B:7:0x005d, B:10:0x006c, B:13:0x0077, B:17:0x00ad, B:21:0x00eb, B:24:0x0122, B:25:0x012c, B:26:0x00b9, B:28:0x00c8, B:30:0x0084, B:32:0x0092, B:33:0x0027, B:35:0x0033), top: B:2:0x000f }] */
    /* JADX WARN: Removed duplicated region for block: B:9:0x0065  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.lang.String decryptTraffic(java.lang.String r10, java.lang.String r11, byte[] r12) throws com.agilebits.onepassword.b5.crypto.B5EncryptionException {
        /*
            Method dump skipped, instructions count: 322
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.agilebits.onepassword.b5.crypto.B5CryptoUtils.decryptTraffic(java.lang.String, java.lang.String, byte[]):java.lang.String");
    }

    public static String decryptWithPublicKey(PublicJsonWebKey publicJsonWebKey, byte[] bArr) throws B5EncryptionException {
        MGF1ParameterSpec mGF1ParameterSpec;
        try {
            Cipher cipher = Cipher.getInstance(ALG_PUBLIC_ENCR_CIPHER);
            String algorithm = publicJsonWebKey.getAlgorithm();
            if (TextUtils.isEmpty(algorithm)) {
                throw new Exception("alg not provided in private key");
            }
            if (algorithm.equalsIgnoreCase("RSA-OAEP-256")) {
                mGF1ParameterSpec = MGF1ParameterSpec.SHA256;
            } else {
                if (!algorithm.equalsIgnoreCase("RSA-OAEP")) {
                    throw new Exception("unknown public key algorithm:" + algorithm + " in" + publicJsonWebKey.getAlgorithm());
                }
                mGF1ParameterSpec = MGF1ParameterSpec.SHA1;
            }
            cipher.init(2, publicJsonWebKey.getPrivateKey(), new OAEPParameterSpec(mGF1ParameterSpec.getDigestAlgorithm(), "MGF1", mGF1ParameterSpec, PSource.PSpecified.DEFAULT));
            return new String(cipher.doFinal(bArr), CommonConstants.UTF_8);
        } catch (Exception e) {
            throw new B5EncryptionException("ERROR decryptWithPublicKey", "ERROR decryptWithPublicKey:" + Utils.getExceptionName(e));
        }
    }

    public static String decryptWithSymmetricKey(byte[] bArr, byte[] bArr2, byte[] bArr3) throws B5EncryptionException {
        try {
            return new String(decryptWithSymmetricKeyToBa(bArr, bArr2, bArr3), CommonConstants.UTF_8);
        } catch (Exception e) {
            throw new B5EncryptionException("Error on decryptWithSymmetricKey", "ERROR decryptWithSymmetricKey:" + Utils.getExceptionName(e));
        }
    }

    public static byte[] decryptWithSymmetricKeyToBa(byte[] bArr, byte[] bArr2, byte[] bArr3) throws B5EncryptionException {
        try {
            return decryptAes256Gcm(Arrays.copyOfRange(bArr2, 0, bArr2.length - 16), Arrays.copyOfRange(bArr2, bArr2.length - 16, bArr2.length), bArr, bArr3);
        } catch (Exception e) {
            throw new B5EncryptionException("Error on decryptWithSymmetricKey", "ERROR decryptWithSymmetricKey:" + Utils.getExceptionName(e));
        }
    }

    public static byte[] deriveUsingPBES2_HS256WithEnc(String str, String str2, byte[] bArr, int i, AccountKey accountKey) throws B5EncryptionException {
        try {
            byte[] derive = new PasswordBasedKeyDerivationFunction2(MacUtil.HMAC_SHA256).derive((str.toLowerCase(Locale.US) + ":" + str2).getBytes(CommonConstants.UTF_8), bArr, i, 32);
            byte[] calculateAcctKeySha256 = calculateAcctKeySha256(accountKey);
            byte[] bArr2 = new byte[32];
            for (int i2 = 0; i2 < 32; i2++) {
                bArr2[i2] = (byte) (calculateAcctKeySha256[i2] ^ derive[i2]);
            }
            return bArr2;
        } catch (Exception e) {
            throw new B5EncryptionException(" Error in getUserEncryptionKey", Utils.getExceptionName(e));
        }
    }

    public static byte[] deriveUsingPBES2g_HS256WithEnc(String str, String str2, byte[] bArr, int i, AccountKey accountKey) throws B5EncryptionException {
        try {
            byte[] derive = new PasswordBasedKeyDerivationFunction2(MacUtil.HMAC_SHA256).derive(str2.getBytes(CommonConstants.UTF_8), doHKDFSha256(bArr, SupportedAlgorithms.ALG_PBKDF2.getBytes(CommonConstants.UTF_8), str.toLowerCase(Locale.US).getBytes(CommonConstants.UTF_8)), i, 32);
            byte[] calculateAcctKeySha256 = calculateAcctKeySha256(accountKey);
            byte[] bArr2 = new byte[32];
            for (int i2 = 0; i2 < 32; i2++) {
                bArr2[i2] = (byte) (calculateAcctKeySha256[i2] ^ derive[i2]);
            }
            return bArr2;
        } catch (Exception e) {
            throw new B5EncryptionException(" Error in getUserEncryptionKey", Utils.getExceptionName(e));
        }
    }

    public static byte[] doHKDFSha256(byte[] bArr, byte[] bArr2, byte[] bArr3) throws B5EncryptionException {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr3, MacUtil.HMAC_SHA256);
            Mac mac = Mac.getInstance(secretKeySpec.getAlgorithm());
            mac.init(secretKeySpec);
            byte[] doFinal = mac.doFinal(bArr);
            mac.reset();
            mac.init(new SecretKeySpec(doFinal, MacUtil.HMAC_SHA256));
            mac.update(bArr2, 0, bArr2.length);
            return mac.doFinal(new byte[]{1});
        } catch (Exception e) {
            throw new B5EncryptionException("ERROR calculateAcctKeySha256", "ERROR calculateAcctKeySha256:" + Utils.getExceptionName(e));
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:47:0x0241 A[Catch: IOException -> 0x023d, TRY_LEAVE, TryCatch #16 {IOException -> 0x023d, blocks: (B:55:0x0239, B:47:0x0241), top: B:54:0x0239 }] */
    /* JADX WARN: Removed duplicated region for block: B:54:0x0239 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void encrFileToDecrFile(byte[] r21, byte[] r22, java.lang.String r23, java.lang.String r24, long r25, com.agilebits.onepassword.b5.utils.ProcessProgressIface r27) throws com.agilebits.onepassword.b5.utils.AppInternalError {
        /*
            Method dump skipped, instructions count: 607
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.agilebits.onepassword.b5.crypto.B5CryptoUtils.encrFileToDecrFile(byte[], byte[], java.lang.String, java.lang.String, long, com.agilebits.onepassword.b5.utils.ProcessProgressIface):void");
    }

    public static void encrFileToDecrFile_NO_RANDOM_ACCESS_FILE(byte[] bArr, byte[] bArr2, String str, String str2, long j) throws AppInternalError {
        String str3;
        try {
            File file = new File(str);
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(new File(str2)));
            long length = file.length();
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(new File(str)));
            Cipher cipherForDecryptMode = getCipherForDecryptMode(bArr, bArr2);
            byte[] bArr3 = new byte[16384];
            byte[] bArr4 = new byte[16384];
            long j2 = 0;
            String str4 = "encrFileToDecrFile_NO_RANDOM_ACCESS_FILE()";
            long j3 = 0;
            while (true) {
                int read = bufferedInputStream.read(bArr3);
                BufferedInputStream bufferedInputStream2 = bufferedInputStream;
                if (read == -1) {
                    break;
                }
                j2 += read;
                int min = Math.min(16384, (int) (length - j2));
                String str5 = str4 + "\nread:" + bArr3.length + " total read:" + j2 + " current chunk size:" + min + "  encrFile size:" + length + " count:" + read;
                if (min == 0) {
                    bArr3 = Arrays.copyOf(bArr3, min > 0 ? min : read);
                }
                long j4 = length;
                int update = cipherForDecryptMode.update(bArr3, 0, bArr3.length, bArr4);
                if (update > 0) {
                    j3 += update;
                    str3 = str5 + "\ndecrypted:" + update + " decryptedTotal:" + j3 + " encr chunk size:" + min;
                    bufferedOutputStream.write(Arrays.copyOfRange(bArr4, 0, update));
                } else {
                    str3 = str5 + "\nDecr bytes per batch " + read + " is null";
                }
                str4 = str3;
                bufferedInputStream = bufferedInputStream2;
                length = j4;
            }
            String str6 = str4 + "\nValidating tag... block size:" + cipherForDecryptMode.getBlockSize();
            byte[] doFinal = cipherForDecryptMode.doFinal();
            int length2 = doFinal != null ? doFinal.length : 0;
            bufferedOutputStream.write(Arrays.copyOfRange(doFinal, 0, length2));
            bufferedOutputStream.close();
            StringBuilder sb = new StringBuilder();
            sb.append(str6 + "\nValidated: have " + length2 + " extra bytes in the buffer");
            sb.append("\nFinal check=> processed:");
            long j5 = length2 + j3;
            sb.append(j5);
            sb.append(" expected:");
            sb.append(j);
            String sb2 = sb.toString();
            if (j5 == j) {
                LogUtils.logB5DocMsg(sb2 + "Done");
                return;
            }
            throw new AppInternalError("Error decrypting file: expected:" + j + " processed:" + j3 + Marker.ANY_NON_NULL_MARKER + length2);
        } catch (Exception e) {
            LogUtils.logB5DocMsg("encrFileToDecrFile:" + Utils.getExceptionName(e));
            throw new AppInternalError("encrFileToDecrFile:" + Utils.getExceptionName(e));
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:55:0x035b A[Catch: IOException -> 0x0357, TryCatch #1 {IOException -> 0x0357, blocks: (B:65:0x0353, B:55:0x035b, B:57:0x0360), top: B:64:0x0353 }] */
    /* JADX WARN: Removed duplicated region for block: B:57:0x0360 A[Catch: IOException -> 0x0357, TRY_LEAVE, TryCatch #1 {IOException -> 0x0357, blocks: (B:65:0x0353, B:55:0x035b, B:57:0x0360), top: B:64:0x0353 }] */
    /* JADX WARN: Removed duplicated region for block: B:64:0x0353 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static byte[] encrIstreamToDecrFile(java.io.InputStream r24, byte[] r25, byte[] r26, java.lang.String r27, java.lang.String r28, long r29, long r31, com.agilebits.onepassword.b5.utils.ProcessProgressIface r33) throws com.agilebits.onepassword.b5.utils.AppInternalError {
        /*
            Method dump skipped, instructions count: 894
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.agilebits.onepassword.b5.crypto.B5CryptoUtils.encrIstreamToDecrFile(java.io.InputStream, byte[], byte[], java.lang.String, java.lang.String, long, long, com.agilebits.onepassword.b5.utils.ProcessProgressIface):byte[]");
    }

    public static String encryptAes256Gcm(String str, byte[] bArr, String str2) throws B5EncryptionException {
        try {
            byte[] generateRandomIvec = generateRandomIvec();
            ContentEncryptionParts encrypt = new AesGcmContentEncryptionAlgorithm.Aes256Gcm().encrypt(str.getBytes(CommonConstants.UTF_8), null, bArr, generateRandomIvec, null);
            String encodeToString = android.util.Base64.encodeToString(ArrayUtils.addAll(encrypt.getCiphertext(), encrypt.getAuthenticationTag()), 11);
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(CommonConstants.DATA_FOLDER_1PASS, encodeToString);
            jSONObject.put(HeaderParameterNames.CONTENT_TYPE, CTY);
            jSONObject.put("enc", "A256GCM");
            jSONObject.put(HeaderParameterNames.INITIALIZATION_VECTOR, Base64Url.encode(generateRandomIvec));
            jSONObject.put("kid", str2);
            return jSONObject.toString();
        } catch (NoSuchAlgorithmException e) {
            e = e;
            throw new B5EncryptionException("ERROR encryptTraffic", Utils.getExceptionName(e));
        } catch (JoseException e2) {
            e = e2;
            throw new B5EncryptionException("ERROR encryptTraffic", Utils.getExceptionName(e));
        } catch (JSONException e3) {
            e = e3;
            throw new B5EncryptionException("ERROR encryptTraffic", Utils.getExceptionName(e));
        }
    }

    public static Jwe encryptAes256GcmJwe(String str, byte[] bArr, String str2) throws B5EncryptionException {
        try {
            byte[] generateRandomIvec = generateRandomIvec();
            ContentEncryptionParts encrypt = new AesGcmContentEncryptionAlgorithm.Aes256Gcm().encrypt(str.getBytes(CommonConstants.UTF_8), null, bArr, generateRandomIvec, null);
            return new Jwe(CTY, Base64Url.encode(ArrayUtils.addAll(encrypt.getCiphertext(), encrypt.getAuthenticationTag())), "A256GCM", Base64Url.encode(generateRandomIvec), str2);
        } catch (NoSuchAlgorithmException | JoseException e) {
            throw new B5EncryptionException("ERROR encryptTraffic", Utils.getExceptionName(e));
        }
    }

    public static String encryptTraffic(String str, String str2, byte[] bArr) throws B5EncryptionException {
        return encryptAes256Gcm(str, bArr, str2);
    }

    public static JweNoIv encryptWithPublicKey(PublicJsonWebKey publicJsonWebKey, String str) throws B5EncryptionException {
        MGF1ParameterSpec mGF1ParameterSpec;
        try {
            Cipher cipher = Cipher.getInstance(ALG_PUBLIC_ENCR_CIPHER);
            String algorithm = publicJsonWebKey.getAlgorithm();
            if (TextUtils.isEmpty(algorithm)) {
                throw new Exception("alg not provided in private key");
            }
            if (algorithm.equalsIgnoreCase("RSA-OAEP-256")) {
                mGF1ParameterSpec = MGF1ParameterSpec.SHA256;
            } else {
                if (!algorithm.equalsIgnoreCase("RSA-OAEP")) {
                    throw new Exception("unknown public key algorithm:" + algorithm + " in" + publicJsonWebKey.getAlgorithm());
                }
                mGF1ParameterSpec = MGF1ParameterSpec.SHA1;
            }
            cipher.init(1, publicJsonWebKey.getPublicKey(), new OAEPParameterSpec(mGF1ParameterSpec.getDigestAlgorithm(), "MGF1", mGF1ParameterSpec, PSource.PSpecified.DEFAULT));
            return new JweNoIv(CTY, Base64Url.encode(cipher.doFinal(str.getBytes())), algorithm, publicJsonWebKey.getKeyId());
        } catch (Exception e) {
            throw new B5EncryptionException("ERROR decryptWithPublicKey", "ERROR decryptWithPublicKey:" + Utils.getExceptionName(e));
        }
    }

    public static void ensureAlgCompatibility(JsonWebKey jsonWebKey, JSONObject jSONObject) throws B5EncryptionException {
        if (!jSONObject.has("enc")) {
            throw new B5EncryptionException("ERROR decrypting keysets", "ERROR agorithm enc algorithm not provided for privateKey ");
        }
        String optString = jSONObject.optString("enc");
        if (jsonWebKey.getAlgorithm().equalsIgnoreCase(optString)) {
            return;
        }
        throw new B5EncryptionException("ERROR decrypting keysets", "ERROR agorithm mismatch on decrypting Private key expected: " + optString + " got:" + jsonWebKey.getAlgorithm());
    }

    public static JsonWebKey generateA256GCMKey() throws JoseException {
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("alg", "A256GCM");
            jSONObject.put("ext", true);
            jSONObject.put(JsonWebKey.KEY_TYPE_PARAMETER, OctetSequenceJsonWebKey.KEY_TYPE);
            JSONArray jSONArray = new JSONArray();
            jSONArray.put("encrypt");
            jSONArray.put("decrypt");
            jSONObject.put(JsonWebKey.KEY_OPERATIONS, jSONArray);
            jSONObject.put("kid", Utils.getShortUuid());
            jSONObject.put(OctetSequenceJsonWebKey.KEY_VALUE_MEMBER_NAME, Base64.encodeBase64String(MyPBKDF2Engine.getGeneratedKey(32)));
            return newSymmKey(jSONObject.toString());
        } catch (Exception unused) {
            return null;
        }
    }

    public static byte[] generateRandomIvec() throws NoSuchAlgorithmException {
        return EncryptionUtils.generateRandomBytes(12);
    }

    private static Cipher getCipherForDecryptMode(byte[] bArr, byte[] bArr2) throws NoSuchProviderException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchPaddingException {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, new SecretKeySpec(bArr, AesKey.ALGORITHM), new IvParameterSpec(bArr2));
        return cipher;
    }

    private static Cipher getCipherForEncryptMode(byte[] bArr, byte[] bArr2) throws NoSuchProviderException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchPaddingException {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, new SecretKeySpec(bArr, AesKey.ALGORITHM), new IvParameterSpec(bArr2));
        return cipher;
    }

    public static String getFileSignature(byte[] bArr, String str) throws AppInternalError {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, MacUtil.HMAC_SHA256);
            Mac mac = Mac.getInstance(secretKeySpec.getAlgorithm());
            mac.init(secretKeySpec);
            return Base64.encodeBase64URLSafeString(mac.doFinal(str.getBytes(CommonConstants.UTF_8)));
        } catch (Exception e) {
            throw new AppInternalError("getFileSignature(): signingKey: [" + Utils.getExceptionName(e) + "]");
        }
    }

    public static SecretKey getKeyFromKeystore(String str) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        KeyStore keyStore = KeyStore.getInstance(CommonConstants.ANDROID_KEY_STORE);
        keyStore.load(null);
        return (SecretKey) keyStore.getKey(str, null);
    }

    public static int getPercentCompleted(long j, long j2) {
        return (((int) ((j * 100) / j2)) / 10) * 10;
    }

    public static PublicJsonWebKey getPrivateKey(byte[] bArr, byte[] bArr2, byte[] bArr3) throws B5EncryptionException {
        try {
            return PublicJsonWebKey.Factory.newPublicJwk(new String(decryptAes256Gcm(Arrays.copyOfRange(bArr, 0, bArr.length - 16), Arrays.copyOfRange(bArr, bArr.length - 16, bArr.length), bArr2, bArr3), CommonConstants.UTF_8));
        } catch (Exception e) {
            throw new B5EncryptionException("ERROR on getJsonWebKey", "ERROR getJsonWebKey:" + Utils.getExceptionName(e));
        }
    }

    public static JsonWebKey getSymmetricKey(PublicJsonWebKey publicJsonWebKey, byte[] bArr) throws B5EncryptionException {
        try {
            return newSymmKey(decryptWithPublicKey(publicJsonWebKey, bArr));
        } catch (JoseException e) {
            String str = "Error on getSymmetricKey:" + Utils.getExceptionName(e);
            throw new B5EncryptionException(str, str);
        }
    }

    public static JsonWebKey getSymmetricKey(byte[] bArr, byte[] bArr2, byte[] bArr3) throws B5EncryptionException {
        try {
            return newSymmKey(decryptWithSymmetricKey(bArr, bArr2, bArr3));
        } catch (JoseException e) {
            String str = "Error on getSymmetricKey:" + Utils.getExceptionName(e);
            throw new B5EncryptionException(str, str);
        }
    }

    private static Cipher initCipherWithSecretKey(SecretKey secretKey, int i, String str, byte[] bArr) throws Exception {
        AlgorithmParameterSpec algorithmParameterSpec;
        Cipher cipher = Cipher.getInstance(str);
        if (i == 2 && bArr != null) {
            if (str.equals("AES/GCM/NoPadding")) {
                algorithmParameterSpec = new GCMParameterSpec(128, bArr);
            } else if (str.equals(EncryptionUtils.CIPHER_ALGORITHM_PADDING)) {
                algorithmParameterSpec = new IvParameterSpec(bArr);
            }
            cipher.init(i, secretKey, algorithmParameterSpec);
            return cipher;
        }
        algorithmParameterSpec = null;
        cipher.init(i, secretKey, algorithmParameterSpec);
        return cipher;
    }

    public static Cipher initCipherWithSecretKeyForAutofillPreview(SecretKey secretKey, int i, byte[] bArr) throws Exception {
        return initCipherWithSecretKey(secretKey, i, "AES/GCM/NoPadding", bArr);
    }

    public static Cipher initCipherWithSecretKeyForBiometrics(SecretKey secretKey, int i, byte[] bArr) throws Exception {
        return initCipherWithSecretKey(secretKey, i, EncryptionUtils.CIPHER_ALGORITHM_PADDING, bArr);
    }

    public static boolean isKeyHardwareSecured() {
        try {
            KeyStore keyStore = KeyStore.getInstance(CommonConstants.ANDROID_KEY_STORE);
            keyStore.load(null);
            if (keyStore.containsAlias("testingKeyName")) {
                keyStore.deleteEntry("testingKeyName");
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance(AesKey.ALGORITHM, CommonConstants.ANDROID_KEY_STORE);
            keyGenerator.init(new KeyGenParameterSpec.Builder("testingKeyName", 3).setBlockModes("GCM").setUserAuthenticationRequired(false).setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build());
            SecretKey generateKey = keyGenerator.generateKey();
            boolean isInsideSecureHardware = ((KeyInfo) SecretKeyFactory.getInstance(generateKey.getAlgorithm(), CommonConstants.ANDROID_KEY_STORE).getKeySpec(generateKey, KeyInfo.class)).isInsideSecureHardware();
            if (keyStore.containsAlias("testingKeyName")) {
                keyStore.deleteEntry("testingKeyName");
            }
            return isInsideSecureHardware;
        } catch (Exception unused) {
            return false;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:40:0x02a8 A[Catch: all -> 0x02b5, TryCatch #11 {all -> 0x02b5, blocks: (B:38:0x0282, B:40:0x02a8, B:41:0x02aa, B:43:0x02ab, B:44:0x02b4), top: B:37:0x0282 }] */
    /* JADX WARN: Removed duplicated region for block: B:43:0x02ab A[Catch: all -> 0x02b5, TryCatch #11 {all -> 0x02b5, blocks: (B:38:0x0282, B:40:0x02a8, B:41:0x02aa, B:43:0x02ab, B:44:0x02b4), top: B:37:0x0282 }] */
    /* JADX WARN: Removed duplicated region for block: B:48:0x02c0 A[Catch: IOException -> 0x02bc, TRY_LEAVE, TryCatch #16 {IOException -> 0x02bc, blocks: (B:56:0x02b8, B:48:0x02c0), top: B:55:0x02b8 }] */
    /* JADX WARN: Removed duplicated region for block: B:55:0x02b8 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.agilebits.onepassword.b5.document.EncryptedFileData istreamToEncrFile(java.io.InputStream r30, byte[] r31, byte[] r32, java.lang.String r33, com.agilebits.onepassword.b5.utils.ProcessProgressIface r34) throws com.agilebits.onepassword.b5.utils.AppInternalError {
        /*
            Method dump skipped, instructions count: 734
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.agilebits.onepassword.b5.crypto.B5CryptoUtils.istreamToEncrFile(java.io.InputStream, byte[], byte[], java.lang.String, com.agilebits.onepassword.b5.utils.ProcessProgressIface):com.agilebits.onepassword.b5.document.EncryptedFileData");
    }

    public static JsonWebKey newSymmKey(String str) throws JoseException {
        return JsonWebKey.Factory.newJwk(str);
    }

    public static String removeAutofillPreviewKey() {
        try {
            return removeKeyFromKeystore(AUTOFILL_PREVIEW_KEY_NAME);
        } catch (Exception e) {
            return "Error: failed to remove AUTOFILL_PREVIEW_KEY_NAME from keystore (" + Utils.getExceptionName(e) + ")";
        }
    }

    private static String removeKeyFromKeystore(String str) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        String str2 = "Removing " + str + " from " + CommonConstants.ANDROID_KEY_STORE + "... ";
        KeyStore keyStore = KeyStore.getInstance(CommonConstants.ANDROID_KEY_STORE);
        keyStore.load(null);
        if (!keyStore.containsAlias(str)) {
            return str2 + "Key doesn't exist.";
        }
        keyStore.deleteEntry(str);
        return str2 + "Key removed.";
    }

    public static String sha1Hash(String str) throws B5EncryptionException {
        try {
            byte[] digest = MessageDigest.getInstance("SHA1").digest(str.getBytes());
            StringBuffer stringBuffer = new StringBuffer();
            for (byte b : digest) {
                stringBuffer.append(Integer.toString((b & UByte.MAX_VALUE) + 256, 16).substring(1));
            }
            return stringBuffer.toString();
        } catch (NoSuchAlgorithmException e) {
            String str2 = "Error generating sha1 hash:" + Utils.getExceptionName(e);
            throw new B5EncryptionException(str2, str2);
        }
    }

    public static boolean useModernKeyDerivation(String str) throws AppInternalError {
        if (TextUtils.isEmpty(str)) {
            throw new AppInternalError("useModernKeyDerivation : pbkdf2Algorithm is null");
        }
        if (str.equalsIgnoreCase(SupportedAlgorithms.ALG_PBKDF2)) {
            return true;
        }
        if (str.equalsIgnoreCase(SupportedAlgorithms.ALG_PBKDF2_LEGACY)) {
            return false;
        }
        throw new AppInternalError("useModernKeyDerivation : Invalid alg (" + str + ")");
    }

    /* JADX WARN: Removed duplicated region for block: B:47:0x013e A[Catch: UnsupportedEncodingException -> 0x02ef, UnsupportedEncodingException | NoSuchAlgorithmException | JoseException | JSONException -> 0x02f1, JSONException -> 0x02f3, JoseException -> 0x02f5, TryCatch #2 {UnsupportedEncodingException | NoSuchAlgorithmException | JoseException | JSONException -> 0x02f1, blocks: (B:25:0x0082, B:28:0x0092, B:30:0x009c, B:32:0x00a7, B:34:0x00b6, B:36:0x00bc, B:37:0x00d9, B:38:0x00e3, B:40:0x00e4, B:41:0x00ec, B:42:0x00ed, B:43:0x00f5, B:44:0x00f6, B:45:0x010a, B:47:0x013e, B:49:0x0158, B:53:0x01ce, B:57:0x01df, B:60:0x0212, B:61:0x02a7, B:62:0x022f, B:64:0x0255, B:66:0x0265, B:67:0x025c, B:69:0x02e9, B:71:0x014b), top: B:24:0x0082 }] */
    /* JADX WARN: Removed duplicated region for block: B:51:0x01c6  */
    /* JADX WARN: Removed duplicated region for block: B:71:0x014b A[Catch: UnsupportedEncodingException -> 0x02ef, UnsupportedEncodingException | NoSuchAlgorithmException | JoseException | JSONException -> 0x02f1, JSONException -> 0x02f3, JoseException -> 0x02f5, TryCatch #2 {UnsupportedEncodingException | NoSuchAlgorithmException | JoseException | JSONException -> 0x02f1, blocks: (B:25:0x0082, B:28:0x0092, B:30:0x009c, B:32:0x00a7, B:34:0x00b6, B:36:0x00bc, B:37:0x00d9, B:38:0x00e3, B:40:0x00e4, B:41:0x00ec, B:42:0x00ed, B:43:0x00f5, B:44:0x00f6, B:45:0x010a, B:47:0x013e, B:49:0x0158, B:53:0x01ce, B:57:0x01df, B:60:0x0212, B:61:0x02a7, B:62:0x022f, B:64:0x0255, B:66:0x0265, B:67:0x025c, B:69:0x02e9, B:71:0x014b), top: B:24:0x0082 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.agilebits.onepassword.b5.utils.ValidatePwdResult validatePwd(android.content.Context r26, com.agilebits.onepassword.b5.dataobj.Keyset r27, java.lang.String r28, java.lang.String r29, com.agilebits.onepassword.b5.dataobj.AccountKey r30, boolean r31) throws com.agilebits.onepassword.b5.crypto.B5EncryptionException, com.agilebits.onepassword.b5.utils.AppInternalError {
        /*
            Method dump skipped, instructions count: 793
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.agilebits.onepassword.b5.crypto.B5CryptoUtils.validatePwd(android.content.Context, com.agilebits.onepassword.b5.dataobj.Keyset, java.lang.String, java.lang.String, com.agilebits.onepassword.b5.dataobj.AccountKey, boolean):com.agilebits.onepassword.b5.utils.ValidatePwdResult");
    }
}
