package com.samsung.android.knox.ddar.securesession;

import com.honeyspace.sdk.source.entity.PairAppsItem;
import com.samsung.android.security.mdf.MdfUtils;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.security.auth.DestroyFailedException;

/* loaded from: classes5.dex */
class SecureSessionManager {
    private static final String CRYPTO_PROVIDER = "AndroidOpenSSL";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public static class PrivateSessionEndpoint {
        private PrivateKey privateKey;
        private PublicKey publicKey;

        /* JADX INFO: Access modifiers changed from: package-private */
        public PrivateSessionEndpoint() throws Exception {
            try {
                KeyPair createKeyPair = createKeyPair();
                this.publicKey = createKeyPair.getPublic();
                this.privateKey = createKeyPair.getPrivate();
            } catch (Exception e10) {
                e10.printStackTrace();
                throw new Exception("Error: PrivateSessionEndpoint creation failure");
            }
        }

        private KeyPair createKeyPair() throws Exception {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", SecureSessionManager.CRYPTO_PROVIDER);
            keyPairGenerator.initialize(new ECGenParameterSpec("secp521r1"));
            return keyPairGenerator.generateKeyPair();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void destroy() throws Exception {
            try {
                this.privateKey.destroy();
                this.privateKey = null;
                this.publicKey = null;
            } catch (DestroyFailedException e10) {
            }
        }

        PrivateKey getPrivateKey() {
            return this.privateKey;
        }

        PublicKey getPublicKey() {
            return this.publicKey;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public String getPublicKeyString() {
            return Util.byteArrayToHexString(this.publicKey.getEncoded());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public static class PublicSessionEndpoint {
        private PublicKey publicKey;

        /* JADX INFO: Access modifiers changed from: package-private */
        public PublicSessionEndpoint(String str) throws Exception {
            try {
                this.publicKey = createPublicKey(str);
            } catch (Exception e10) {
                e10.printStackTrace();
                throw new Exception("Error: PublicSessionEndpoint creation failure");
            }
        }

        private PublicKey createPublicKey(String str) throws Exception {
            return KeyFactory.getInstance("EC", SecureSessionManager.CRYPTO_PROVIDER).generatePublic(new X509EncodedKeySpec(Util.fromHexString(str)));
        }

        PublicKey getPublicKey() {
            return this.publicKey;
        }

        String getPublicKeyString() {
            return Util.byteArrayToHexString(this.publicKey.getEncoded());
        }
    }

    /* loaded from: classes5.dex */
    static class SecureSession {
        private PrivateSessionEndpoint privateSessionEndpoint;
        private PublicSessionEndpoint publicSessionEndpoint;
        private SecretKey sessionKey;
        private byte[] xorMask;

        /* JADX INFO: Access modifiers changed from: package-private */
        public SecureSession(PrivateSessionEndpoint privateSessionEndpoint, PublicSessionEndpoint publicSessionEndpoint) throws Exception {
            this.privateSessionEndpoint = privateSessionEndpoint;
            this.publicSessionEndpoint = publicSessionEndpoint;
            generateSessionKey();
        }

        private void applyXorMask(byte[] bArr) {
            int i10 = 0;
            int i11 = 0;
            while (i10 < bArr.length) {
                if (i11 >= this.xorMask.length) {
                    i11 = 0;
                }
                bArr[i10] = (byte) (bArr[i10] ^ this.xorMask[i11]);
                i10++;
                i11++;
            }
        }

        private byte[] decrypt(byte[] bArr, byte[] bArr2) throws Exception {
            Cipher cipher = Cipher.getInstance(MdfUtils.MDF_CIPHER_MODE, Security.getProvider(SecureSessionManager.CRYPTO_PROVIDER));
            cipher.init(2, this.sessionKey, new IvParameterSpec(bArr));
            byte[] doFinal = cipher.doFinal(bArr2);
            applyXorMask(doFinal);
            return doFinal;
        }

        private byte[] decryptData(String str) throws Exception {
            String[] split = str.split(PairAppsItem.DELIMITER_USER_ID);
            return decrypt(Util.decodeBase64(split[0]), Util.decodeBase64(split[1]));
        }

        private byte[] encrypt(byte[] bArr, byte[] bArr2) throws Exception {
            applyXorMask(bArr2);
            Cipher cipher = Cipher.getInstance(MdfUtils.MDF_CIPHER_MODE, Security.getProvider(SecureSessionManager.CRYPTO_PROVIDER));
            cipher.init(1, this.sessionKey, new IvParameterSpec(bArr));
            return cipher.doFinal(bArr2);
        }

        private String encryptData(byte[] bArr, byte[] bArr2) throws Exception {
            return Util.encodeBase64(bArr) + PairAppsItem.DELIMITER_USER_ID + Util.encodeBase64(encrypt(bArr, bArr2));
        }

        private byte[] generateIV() {
            byte[] bArr = new byte[12];
            new SecureRandom().nextBytes(bArr);
            return bArr;
        }

        private void generateSessionKey() throws Exception {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", SecureSessionManager.CRYPTO_PROVIDER);
            keyAgreement.init(this.privateSessionEndpoint.getPrivateKey());
            keyAgreement.doPhase(this.publicSessionEndpoint.getPublicKey(), true);
            byte[] generateSecret = keyAgreement.generateSecret();
            byte[] copyOf = Arrays.copyOf(generateSecret, 16);
            this.xorMask = Arrays.copyOfRange(generateSecret, 16, generateSecret.length);
            this.sessionKey = new SessionSecretKeySpec(copyOf, MdfUtils.KEYPROP_KEY_ALGORITHM_AES);
            Wiper.wipe(generateSecret);
            Wiper.wipe(copyOf);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public byte[] decryptBytes(byte[] bArr) throws Exception {
            if (bArr == null) {
                return null;
            }
            return decryptData(new String(bArr));
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public String decryptString(String str) throws Exception {
            if (str == null) {
                return null;
            }
            return new String(decryptData(str));
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void destroySessionkey() throws Exception {
            Wiper.wipe(this.xorMask);
            this.sessionKey.destroy();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public byte[] encryptBytes(byte[] bArr) throws Exception {
            if (bArr == null) {
                return null;
            }
            return encryptData(generateIV(), bArr).getBytes();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public String encryptString(String str) throws Exception {
            if (str == null) {
                return null;
            }
            return encryptData(generateIV(), str.getBytes());
        }
    }

    SecureSessionManager() {
    }
}
