package com.truekey.api.v0.crypto;

import com.truekey.api.v0.crypto.schemes.AuthenticationTokenScheme;
import com.truekey.api.v0.crypto.schemes.KEKDerivationScheme;
import com.truekey.api.v0.exceptions.crypto.CCMIllegalStateException;
import com.truekey.api.v0.models.local.KeyMaterial;
import defpackage.b1;
import defpackage.hv;
import defpackage.iv;
import defpackage.px;
import defpackage.qi;
import defpackage.qx;
import defpackage.rx;
import defpackage.t0;
import defpackage.zb;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import org.spongycastle.crypto.CryptoException;

/* loaded from: classes.dex */
public class SimpleCryptoUtils {
    private static final int BCA_BLOCK_SIZE_BYTES = 16;
    private static final int DEFAULT_AES_KEY_SIZE_IN_BYTES = 32;
    public static final int DEFAULT_RSA_KEY_SIZE_IN_BITS_2048 = 2048;
    private static final String DEFAULT_RSA_PUBLIC_EXPONENT = "3";
    private static final int LOCAL_STORAGE_KDF_ITERATION_COUNT = 10000;
    private static final int LOCAL_STORAGE_KEY_SIZE_IN_BYTES = 32;
    private static final zb LOCAL_STORAGE_KDF_PRF = new rx();
    private static final byte[] BCA_INITIALIZATION_VECTOR = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15};

    /* renamed from: com.truekey.api.v0.crypto.SimpleCryptoUtils$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        public static final /* synthetic */ int[] $SwitchMap$com$truekey$api$v0$crypto$schemes$AuthenticationTokenScheme;

        static {
            int[] iArr = new int[AuthenticationTokenScheme.values().length];
            $SwitchMap$com$truekey$api$v0$crypto$schemes$AuthenticationTokenScheme = iArr;
            try {
                iArr[AuthenticationTokenScheme.AUTH_TOKEN_SCHEME_TRUEKEY_VERSION_1.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$truekey$api$v0$crypto$schemes$AuthenticationTokenScheme[AuthenticationTokenScheme.AUTH_TOKEN_SCHEME_PBOX_VERSION_0.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$truekey$api$v0$crypto$schemes$AuthenticationTokenScheme[AuthenticationTokenScheme.AUTH_TOKEN_SCHEME_PBOX_VERSION_1.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    public static String convertKekForMigration(String str, String str2, String str3, int i, int i2, String str4, String str5) throws CryptoException {
        byte[] deriveKeyEncryptionKey = deriveKeyEncryptionKey(str, str2, str3, i, i2);
        return encryptData(decryptData(str5, qi.d(deriveKeyEncryptionKey)), deriveKeyEncryptionKey(str4, str3, KEKDerivationScheme.KEK_DERIVATION_SCHEME_TRUEKEY_VERSION_1));
    }

    public static String decryptData(String str, String str2) throws CryptoException {
        return SJCLCryptoUtils.decryptFromPackedStringUsingDerivedKeyOrPassword(str, str2);
    }

    public static String decryptData(String str, byte[] bArr) throws CryptoException {
        return SJCLCryptoUtils.decryptFromPackedStringUsingDerivedKey(str, bArr);
    }

    public static byte[] decryptDataAesCbc(byte[] bArr, byte[] bArr2, byte[] bArr3, int i) throws CryptoException, NoSuchPaddingException, ShortBufferException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, NoSuchProviderException, InvalidAlgorithmParameterException {
        return SJCLCryptoUtils.decryptUsingAESCBC(bArr, bArr2, bArr3, i);
    }

    public static byte[] decryptDataAesCbcForBca(byte[] bArr, byte[] bArr2) throws CryptoException {
        try {
            return SJCLCryptoUtils.decryptUsingAESCBC(bArr, bArr2, BCA_INITIALIZATION_VECTOR, 16);
        } catch (Throwable th) {
            throw new CryptoException("Unable to decrypt client token", th);
        }
    }

    public static String decryptUserData(String str, KeyMaterial keyMaterial) throws CryptoException {
        return SJCLCryptoUtils.decryptFromPackedStringUsingDerivedKeyOrPassword(str, keyMaterial.getContentEncryptionKeyAsHexString());
    }

    public static String deriveAuthenticationToken(String str, String str2, AuthenticationTokenScheme authenticationTokenScheme) {
        int i = AnonymousClass1.$SwitchMap$com$truekey$api$v0$crypto$schemes$AuthenticationTokenScheme[authenticationTokenScheme.ordinal()];
        if (i != 1) {
            if (i == 2) {
                return qi.d(CommonCryptoUtils.getSHA1DigestFromString(str2));
            }
            if (i != 3) {
                throw new UnsupportedOperationException("Unknown auth token scheme");
            }
            return qi.d(CommonCryptoUtils.deriveKeyUsingPBKDF2(authenticationTokenScheme.getPRF(), CommonCryptoUtils.getBytesFromString(str2), CommonCryptoUtils.getBytesFromString(qi.d(CommonCryptoUtils.getSHA1DigestFromString(str))), authenticationTokenScheme.getIterationCount(), authenticationTokenScheme.getAuthTokenLengthInBytes()));
        }
        return authenticationTokenScheme.getPrefix() + qi.d(CommonCryptoUtils.deriveKeyUsingPBKDF2(new rx(), CommonCryptoUtils.getBytesFromString(str2), CommonCryptoUtils.getSHA256DigestFromString(str), authenticationTokenScheme.getIterationCount(), authenticationTokenScheme.getAuthTokenLengthInBytes()));
    }

    public static byte[] deriveCloudKeyMaterialBundleKey(byte[] bArr, byte[] bArr2) {
        return CommonCryptoUtils.deriveKeyUsingPBKDF2(LOCAL_STORAGE_KDF_PRF, bArr2, bArr, LOCAL_STORAGE_KDF_ITERATION_COUNT, 32);
    }

    public static byte[] deriveKeyEncryptionKey(String str, String str2, KEKDerivationScheme kEKDerivationScheme) {
        return deriveKeyEncryptionKey(str, kEKDerivationScheme.getSchemeName(), str2, kEKDerivationScheme.getFirstPassDerivationIterationCount(), kEKDerivationScheme.getMainPassDerivationIterationCount());
    }

    public static byte[] deriveKeyEncryptionKey(String str, String str2, String str3, int i, int i2) {
        byte[] bytesFromString = CommonCryptoUtils.getBytesFromString(str);
        KEKDerivationScheme kEKDerivationScheme = KEKDerivationScheme.KEK_DERIVATION_SCHEME_TRUEKEY_VERSION_1;
        if (kEKDerivationScheme.getSchemeName().equalsIgnoreCase(str2)) {
            return CommonCryptoUtils.deriveKeyUsingPBKDF2(new rx(), bytesFromString, qi.a(str3), kEKDerivationScheme.getMainPassDerivationIterationCount(), kEKDerivationScheme.getKeyEncryptionKeyLengthInBytes());
        }
        if (!KEKDerivationScheme.KEK_DERIVATION_SCHEME_PBOX_VERSION_1.getSchemeName().equalsIgnoreCase(str2)) {
            throw new UnsupportedOperationException("The KEK derivation scheme " + str2 + " is not supported.");
        }
        byte[] bytesFromString2 = CommonCryptoUtils.getBytesFromString(str3);
        byte[] bytesFromString3 = CommonCryptoUtils.getBytesFromString(qi.d(CommonCryptoUtils.deriveKeyUsingPBKDF2(new px(), bytesFromString, bytesFromString2, 1, 64)));
        if (i > 0) {
            bytesFromString3 = CommonCryptoUtils.getBytesFromString(qi.d(CommonCryptoUtils.deriveKeyUsingPBKDF2(new qx(), bytesFromString3, bytesFromString2, i, 64)));
        }
        return CommonCryptoUtils.deriveKeyUsingPBKDF2(new px(), t0.b(CommonCryptoUtils.getBytesFromString(qi.d(CommonCryptoUtils.deriveKeyUsingPBKDF2(new qx(), bytesFromString3, bytesFromString2, i2, 32))), bytesFromString), bytesFromString2, 1, 64);
    }

    public static byte[] derivePasswordBasedKeyMaterialBundleKey(byte[] bArr, String str) {
        return CommonCryptoUtils.deriveKeyUsingPBKDF2(LOCAL_STORAGE_KDF_PRF, CommonCryptoUtils.getBytesFromString(str), bArr, LOCAL_STORAGE_KDF_ITERATION_COUNT, 32);
    }

    public static String encryptData(String str, byte[] bArr) throws CryptoException {
        return SJCLCryptoUtils.encryptToPackedStringUsingDerivedKey(str, bArr);
    }

    public static byte[] encryptDataAesCbc(byte[] bArr, byte[] bArr2, byte[] bArr3, int i) throws CryptoException, NoSuchPaddingException, ShortBufferException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, NoSuchProviderException, InvalidAlgorithmParameterException {
        return SJCLCryptoUtils.encryptUsingAESCBC(bArr, bArr2, bArr3, i);
    }

    public static String encryptUserData(String str, KeyMaterial keyMaterial) throws CryptoException {
        return encryptData(str, keyMaterial.getContentEncryptionKey());
    }

    public static byte[] generateFreshContentEncryptionKey() {
        return CommonCryptoUtils.generateRandomBytes(32);
    }

    public static byte[] generateFreshKEKDerivationSalt() {
        return CommonCryptoUtils.generateRandomBytes(32);
    }

    public static byte[] generateFreshLocalDeviceKey() {
        return CommonCryptoUtils.generateRandomBytes(32);
    }

    public static byte[] generateFreshLocalStorageEncryptionKey() {
        return CommonCryptoUtils.generateRandomBytes(32);
    }

    public static b1 generateFreshRSAKeyPair() throws CCMIllegalStateException {
        iv rsaKeyPairGenerator = getRsaKeyPairGenerator();
        rsaKeyPairGenerator.d(new hv(new BigInteger("3", 10), CommonCryptoUtils.DEFAULT_SECURE_RANDOM, 2048, 80));
        try {
            return rsaKeyPairGenerator.b();
        } catch (IllegalStateException e) {
            throw new CCMIllegalStateException(e);
        }
    }

    public static iv getRsaKeyPairGenerator() {
        return new iv();
    }
}
