package com.google.android.libraries.nest.weavekit;

import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class PasswordBasedDataEncrypter implements DataEncrypter {

    /* renamed from: g, reason: collision with root package name */
    private static final byte[] f11561g = {-56, 6, 43, 49};

    /* renamed from: a, reason: collision with root package name */
    private final SecureRandom f11562a;

    /* renamed from: b, reason: collision with root package name */
    private String f11563b;

    /* renamed from: c, reason: collision with root package name */
    private SecretKey f11564c;

    /* renamed from: d, reason: collision with root package name */
    private SecretKeySpec f11565d;

    /* renamed from: e, reason: collision with root package name */
    private SecretKeySpec f11566e;

    /* renamed from: f, reason: collision with root package name */
    private byte[] f11567f;

    public PasswordBasedDataEncrypter(String str, SecureRandom secureRandom) {
        this.f11563b = str;
        this.f11562a = secureRandom;
    }

    public PasswordBasedDataEncrypter(SecretKey secretKey, SecureRandom secureRandom) {
        this.f11564c = secretKey;
        this.f11562a = secureRandom;
    }

    private void a(byte[] bArr) {
        byte[] bArr2;
        String str = this.f11563b;
        if (str != null && this.f11564c != null && bArr != null && bArr != (bArr2 = this.f11567f) && (bArr2 == null || !MessageDigest.isEqual(bArr, bArr2))) {
            this.f11564c = null;
            this.f11565d = null;
            this.f11566e = null;
            this.f11567f = null;
        }
        if (this.f11565d == null || this.f11566e == null) {
            if (this.f11564c == null) {
                if (str == null) {
                    throw new IllegalStateException("PasswordBasedDataEncrypter: Password not set");
                }
                if (bArr == null) {
                    bArr = new byte[32];
                    this.f11562a.nextBytes(bArr);
                }
                this.f11564c = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(str.toCharArray(), bArr, 500000, 32));
                this.f11567f = bArr;
            }
            Mac mac = Mac.getInstance("HmacSHA256");
            int macLength = mac.getMacLength();
            int i10 = macLength * 2;
            if (i10 < 64) {
                throw new GeneralSecurityException("PasswordBasedDataEncrypter: Output of MAC algorithm too short for key derivation");
            }
            byte[] bArr3 = new byte[i10];
            SecretKey secretKey = this.f11564c;
            Objects.requireNonNull(secretKey);
            mac.init(secretKey);
            byte[] bArr4 = f11561g;
            System.arraycopy(bArr4, 0, bArr3, 0, 4);
            bArr3[4] = 1;
            mac.update(bArr3, 0, 5);
            mac.doFinal(bArr3, 0);
            System.arraycopy(bArr4, 0, bArr3, macLength, 4);
            bArr3[macLength + 4] = 2;
            mac.update(bArr3, 0, macLength + 5);
            mac.doFinal(bArr3, macLength);
            this.f11565d = new SecretKeySpec(bArr3, 0, 32, "AES");
            this.f11566e = new SecretKeySpec(bArr3, 32, 32, "HmacSHA256");
        }
    }

    @Override // com.google.android.libraries.nest.weavekit.DataEncrypter
    public byte[] decrypt(byte[] bArr) {
        if (bArr.length < 4) {
            throw new GeneralSecurityException("PasswordBasedDataEncrypter: encryptedData too short");
        }
        for (int i10 = 0; i10 < 4; i10++) {
            if (bArr[i10] != f11561g[i10]) {
                throw new GeneralSecurityException("PasswordBasedDataEncrypter: Unsupported encrypted data format");
            }
        }
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        Mac mac = Mac.getInstance("HmacSHA256");
        int blockSize = cipher.getBlockSize();
        int macLength = mac.getMacLength();
        int i11 = blockSize + 36;
        if (bArr.length < cipher.getBlockSize() + i11 + macLength) {
            throw new GeneralSecurityException("PasswordBasedDataEncrypter: encryptedData too short");
        }
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 4, 36);
        a(copyOfRange);
        SecretKeySpec secretKeySpec = this.f11566e;
        Objects.requireNonNull(secretKeySpec);
        mac.init(secretKeySpec);
        int length = bArr.length - macLength;
        mac.update(bArr, 0, length);
        if (!MessageDigest.isEqual(mac.doFinal(), Arrays.copyOfRange(bArr, length, bArr.length))) {
            throw new GeneralSecurityException("PasswordBasedDataEncrypter: Invalid MAC");
        }
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr, 36, blockSize);
        SecretKeySpec secretKeySpec2 = this.f11565d;
        Objects.requireNonNull(secretKeySpec2);
        cipher.init(2, secretKeySpec2, ivParameterSpec);
        byte[] doFinal = cipher.doFinal(bArr, i11, bArr.length - (macLength + i11));
        this.f11567f = copyOfRange;
        return doFinal;
    }

    @Override // com.google.android.libraries.nest.weavekit.DataEncrypter
    public byte[] encrypt(byte[] bArr) {
        if (this.f11563b == null && this.f11567f == null) {
            throw new IllegalStateException("PasswordBasedDataEncrypter: KDF salt not set");
        }
        a(null);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        Mac mac = Mac.getInstance("HmacSHA256");
        int blockSize = cipher.getBlockSize();
        int macLength = mac.getMacLength();
        byte[] bArr2 = new byte[blockSize];
        this.f11562a.nextBytes(bArr2);
        SecretKeySpec secretKeySpec = this.f11565d;
        Objects.requireNonNull(secretKeySpec);
        cipher.init(1, secretKeySpec, new IvParameterSpec(bArr2));
        int outputSize = cipher.getOutputSize(bArr.length);
        int i10 = blockSize + 36;
        int i11 = i10 + outputSize;
        byte[] bArr3 = new byte[macLength + i11];
        System.arraycopy(f11561g, 0, bArr3, 0, 4);
        byte[] bArr4 = this.f11567f;
        Objects.requireNonNull(bArr4);
        System.arraycopy(bArr4, 0, bArr3, 4, 32);
        System.arraycopy(bArr2, 0, bArr3, 36, blockSize);
        if (cipher.doFinal(bArr, 0, bArr.length, bArr3, i10) != outputSize) {
            throw new GeneralSecurityException("PasswordBasedDataEncrypter: Actual encrypted length != expected encrypted length");
        }
        SecretKeySpec secretKeySpec2 = this.f11566e;
        Objects.requireNonNull(secretKeySpec2);
        mac.init(secretKeySpec2);
        mac.update(bArr3, 0, i11);
        mac.doFinal(bArr3, i11);
        return bArr3;
    }

    public SecretKey getMasterKey() {
        return this.f11564c;
    }
}
