package com.microsoft.identity.common.java.crypto;

import com.microsoft.identity.common.java.AuthenticationConstants;
import com.microsoft.identity.common.java.crypto.key.AbstractSecretKeyLoader;
import com.microsoft.identity.common.java.crypto.key.KeyUtil;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.logging.Logger;
import cz.msebera.android.httpclient.extras.Base64;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.List;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import lombok.NonNull;

/* loaded from: classes8.dex */
public abstract class StorageEncryptionManager implements IKeyAccessor {

    /* renamed from: b, reason: collision with root package name */
    private static final String f62554b = StorageEncryptionManager.class.getSimpleName() + "#";

    /* renamed from: a, reason: collision with root package name */
    private final IVGenerator f62555a = new IVGenerator() { // from class: com.microsoft.identity.common.java.crypto.StorageEncryptionManager.1

        /* renamed from: a, reason: collision with root package name */
        final SecureRandom f62556a = new SecureRandom();

        @Override // com.microsoft.identity.common.java.crypto.IVGenerator
        public byte[] generate() {
            byte[] bArr = new byte[16];
            this.f62556a.nextBytes(bArr);
            return bArr;
        }
    };

    private void c(byte[] bArr, int i7, int i10, byte[] bArr2) throws ClientException {
        if (bArr2.length != i10 - i7) {
            throw new ClientException(ClientException.UNEXPECTED_HMAC_LENGTH);
        }
        byte b10 = 0;
        for (int i11 = i7; i11 < i10; i11++) {
            b10 = (byte) (b10 | (bArr2[i11 - i7] ^ bArr[i11]));
        }
        if (b10 != 0) {
            throw new ClientException(ClientException.HMAC_MISMATCH);
        }
    }

    @NonNull
    private byte[] d(@NonNull byte[] bArr, @NonNull AbstractSecretKeyLoader abstractSecretKeyLoader) throws ClientException {
        String str;
        Objects.requireNonNull(bArr, "encryptedBlobWithoutEncodeVersion is marked non-null but is null");
        Objects.requireNonNull(abstractSecretKeyLoader, "keyLoader is marked non-null but is null");
        try {
            SecretKey e6 = abstractSecretKeyLoader.e();
            SecretKey a10 = KeyUtil.a(e6);
            int length = (bArr.length - 16) - 32;
            int length2 = bArr.length - 32;
            int length3 = abstractSecretKeyLoader.h().getBytes(AuthenticationConstants.f62458a).length;
            Cipher cipher = Cipher.getInstance(abstractSecretKeyLoader.d());
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(a10);
            mac.update(bArr, 0, length2);
            c(bArr, length2, bArr.length, mac.doFinal());
            cipher.init(2, e6, new IvParameterSpec(bArr, length, 16));
            return cipher.doFinal(bArr, length3, length - length3);
        } catch (IllegalArgumentException e10) {
            e = e10;
            str = ClientException.DATA_MALFORMED;
            throw new ClientException(str, e.getMessage(), e);
        } catch (InvalidAlgorithmParameterException e11) {
            e = e11;
            str = ClientException.INVALID_ALG_PARAMETER;
            throw new ClientException(str, e.getMessage(), e);
        } catch (InvalidKeyException e12) {
            e = e12;
            str = ClientException.INVALID_KEY;
            throw new ClientException(str, e.getMessage(), e);
        } catch (NoSuchAlgorithmException e13) {
            e = e13;
            str = ClientException.NO_SUCH_ALGORITHM;
            throw new ClientException(str, e.getMessage(), e);
        } catch (BadPaddingException e14) {
            e = e14;
            str = ClientException.BAD_PADDING;
            throw new ClientException(str, e.getMessage(), e);
        } catch (IllegalBlockSizeException e15) {
            e = e15;
            str = ClientException.INVALID_BLOCK_SIZE;
            throw new ClientException(str, e.getMessage(), e);
        } catch (NoSuchPaddingException e16) {
            e = e16;
            str = ClientException.NO_SUCH_PADDING;
            throw new ClientException(str, e.getMessage(), e);
        }
    }

    private static int e(@NonNull String str) {
        Objects.requireNonNull(str, "cipherText is marked non-null but is null");
        return str.charAt(0) - 'a';
    }

    private char f() {
        return (char) 99;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String g(@NonNull byte[] bArr) {
        Objects.requireNonNull(bArr, "cipherText is marked non-null but is null");
        try {
            return new String(m(bArr), 0, 4, AuthenticationConstants.f62458a);
        } catch (Exception e6) {
            Logger.v(f62554b + ":getKeyIdentifierFromCipherText", e6.getMessage());
            return "EXCEPTION OCCURRED GETTING KEY IDENTIFIER";
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean k(@NonNull byte[] bArr, @NonNull String str) {
        Objects.requireNonNull(bArr, "cipherText is marked non-null but is null");
        Objects.requireNonNull(str, "keyIdentifier is marked non-null but is null");
        try {
            return str.equalsIgnoreCase(new String(m(bArr), 0, str.length(), AuthenticationConstants.f62458a));
        } catch (Exception e6) {
            Logger.v(f62554b + ":isEncryptedByThisKeyIdentifier", e6.getMessage());
            return false;
        }
    }

    private byte[] l(@NonNull byte[] bArr) {
        Objects.requireNonNull(bArr, "encryptedData is marked non-null but is null");
        return (f() + "E1" + Base64.f(bArr, 2)).getBytes(AuthenticationConstants.f62458a);
    }

    @NonNull
    private static byte[] m(@NonNull byte[] bArr) throws ClientException {
        Objects.requireNonNull(bArr, "cipherText is marked non-null but is null");
        if (bArr.length < 1) {
            throw new IllegalArgumentException("Input blob is null or length < 1");
        }
        String str = new String(bArr, AuthenticationConstants.f62458a);
        int e6 = e(str);
        n(str, e6);
        return Base64.a(str.substring(e6 + 1), 0);
    }

    private static void n(@NonNull String str, int i7) throws ClientException {
        Objects.requireNonNull(str, "cipherString is marked non-null but is null");
        if (i7 <= 0) {
            throw new ClientException(ClientException.DATA_MALFORMED, String.format("Encode version length: '%s' is not valid, it must be greater of equal to 0", Integer.valueOf(i7)));
        }
        int i10 = i7 + 1;
        if (i10 > str.length()) {
            throw new ClientException(ClientException.DATA_MALFORMED, "Length of encode version string (plus the length character) is longer than the CipherString itself. The data is malformed.");
        }
        if (!str.substring(1, i10).equals("E1")) {
            throw new ClientException(ClientException.DATA_MALFORMED, String.format("Unsupported encode version received. Encode version supported is: '%s'", "E1"));
        }
    }

    @Override // com.microsoft.identity.common.java.crypto.IKeyAccessor
    @NonNull
    public byte[] a(@NonNull byte[] bArr) throws ClientException {
        String str;
        Objects.requireNonNull(bArr, "plaintext is marked non-null but is null");
        StringBuilder sb2 = new StringBuilder();
        String str2 = f62554b;
        sb2.append(str2);
        sb2.append(":encrypt");
        Logger.v(sb2.toString(), "Starting encryption");
        try {
            AbstractSecretKeyLoader i7 = i();
            if (i7 == null) {
                throw new IllegalStateException("KeyLoader must not be null.");
            }
            SecretKey e6 = i7.e();
            SecretKey a10 = KeyUtil.a(e6);
            byte[] bytes = i7.h().getBytes(AuthenticationConstants.f62458a);
            byte[] generate = this.f62555a.generate();
            IvParameterSpec ivParameterSpec = new IvParameterSpec(generate);
            Cipher cipher = Cipher.getInstance(i7.d());
            Mac mac = Mac.getInstance("HmacSHA256");
            cipher.init(1, e6, ivParameterSpec);
            byte[] doFinal = cipher.doFinal(bArr);
            mac.init(a10);
            mac.update(bytes);
            mac.update(doFinal);
            mac.update(generate);
            byte[] doFinal2 = mac.doFinal();
            byte[] bArr2 = new byte[bytes.length + doFinal.length + generate.length + doFinal2.length];
            System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
            System.arraycopy(doFinal, 0, bArr2, bytes.length, doFinal.length);
            System.arraycopy(generate, 0, bArr2, bytes.length + doFinal.length, generate.length);
            System.arraycopy(doFinal2, 0, bArr2, bytes.length + doFinal.length + generate.length, doFinal2.length);
            Logger.v(str2 + ":encrypt", "Finished encryption");
            return l(bArr2);
        } catch (InvalidAlgorithmParameterException e10) {
            e = e10;
            str = ClientException.INVALID_ALG_PARAMETER;
            throw new ClientException(str, e.getMessage(), e);
        } catch (InvalidKeyException e11) {
            e = e11;
            str = ClientException.INVALID_KEY;
            throw new ClientException(str, e.getMessage(), e);
        } catch (NoSuchAlgorithmException e12) {
            e = e12;
            str = ClientException.NO_SUCH_ALGORITHM;
            throw new ClientException(str, e.getMessage(), e);
        } catch (BadPaddingException e13) {
            e = e13;
            str = ClientException.BAD_PADDING;
            throw new ClientException(str, e.getMessage(), e);
        } catch (IllegalBlockSizeException e14) {
            e = e14;
            str = ClientException.INVALID_BLOCK_SIZE;
            throw new ClientException(str, e.getMessage(), e);
        } catch (NoSuchPaddingException e15) {
            e = e15;
            str = ClientException.NO_SUCH_PADDING;
            throw new ClientException(str, e.getMessage(), e);
        }
    }

    @Override // com.microsoft.identity.common.java.crypto.IKeyAccessor
    public byte[] b(byte[] bArr) throws ClientException {
        Logger.v(f62554b + ":decrypt", "Starting decryption");
        try {
            byte[] m10 = m(bArr);
            List<AbstractSecretKeyLoader> h10 = h(bArr);
            if (h10 == null || h10.size() == 0) {
                throw new IllegalStateException("KeyLoader list must not be null or empty.");
            }
            ClientException clientException = new ClientException("decryption_failed", "Tried all decryption keys and decryption still fails.");
            for (AbstractSecretKeyLoader abstractSecretKeyLoader : h10) {
                if (abstractSecretKeyLoader == null) {
                    throw new IllegalStateException("KeyLoader must not be null.");
                }
                try {
                    byte[] d10 = d(m10, abstractSecretKeyLoader);
                    Logger.v(f62554b + ":decrypt", "Finished decryption with key:" + abstractSecretKeyLoader.c());
                    return d10;
                } catch (ClientException e6) {
                    Logger.z(f62554b + ":decrypt", "Failed to decrypt with key:" + abstractSecretKeyLoader.c() + " thumbprint : " + KeyUtil.b(abstractSecretKeyLoader));
                    j(abstractSecretKeyLoader.c(), e6);
                    clientException.addSuppressedException(e6);
                }
            }
            Logger.z(f62554b + ":decrypt", clientException.getMessage());
            throw clientException;
        } catch (ClientException e10) {
            Logger.w(f62554b + ":decrypt", "Failed to strip encode version from cipherText, string might not be encrypted. Exception: ", e10.getMessage());
            return bArr;
        }
    }

    @NonNull
    public abstract List<AbstractSecretKeyLoader> h(@NonNull byte[] bArr) throws ClientException;

    @NonNull
    public abstract AbstractSecretKeyLoader i() throws ClientException;

    protected void j(@NonNull String str, @NonNull Exception exc) {
        Objects.requireNonNull(str, "keyAlias is marked non-null but is null");
        Objects.requireNonNull(exc, "exception is marked non-null but is null");
    }
}
