package de.nulide.findmydevice.utils;

import android.util.Base64;
import de.nulide.findmydevice.utils.Argon2EncodingUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import org.bouncycastle.crypto.generators.Argon2BytesGenerator;
import org.bouncycastle.crypto.params.Argon2Parameters;
import org.bouncycastle.pqc.crypto.crystals.kyber.KyberEngine;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: classes2.dex */
public class CypherUtils {
    private static final int AES_GCM_IV_SIZE_BYTES = 12;
    protected static final int AES_GCM_KEY_SIZE_BYTES = 32;
    private static final int AES_GCM_TAG_SIZE_BITS = 128;
    private static final int ARGON2_HASH_LENGTH = 32;
    private static final int ARGON2_M = 131072;
    private static final int ARGON2_P = 4;
    private static final int ARGON2_SALT_LENGTH = 16;
    private static final int ARGON2_T = 1;
    private static final String CONTEXT_PREFIX = "context:";
    private static final String CONTEXT_STRING_ASYM_KEY_WRAP = "context:asymmetricKeyWrap";
    private static final String CONTEXT_STRING_FMD_PIN = "context:fmdPin";
    private static final String CONTEXT_STRING_LOGIN = "context:loginAuthentication";
    private static final OAEPParameterSpec OAEP_PARAMS = new OAEPParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), PSource.PSpecified.DEFAULT);
    private static final int RSA_KEY_SIZE_BITS = 3072;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class Argon2Result {
        public final byte[] hash;
        public final Argon2Parameters params;

        public Argon2Result(byte[] bArr, Argon2Parameters argon2Parameters) {
            this.hash = bArr;
            this.params = argon2Parameters;
        }
    }

    private static boolean checkPassword(String str, String str2) {
        if (!str.isEmpty() && !str2.isEmpty()) {
            try {
                Argon2EncodingUtils.Argon2Hash decode = Argon2EncodingUtils.decode(str);
                byte[] bytes = str2.getBytes(StandardCharsets.UTF_8);
                byte[] bArr = new byte[decode.getHash().length];
                Argon2BytesGenerator argon2BytesGenerator = new Argon2BytesGenerator();
                argon2BytesGenerator.init(decode.getParameters());
                argon2BytesGenerator.generateBytes(bytes, bArr);
                return Arrays.constantTimeAreEqual(decode.getHash(), bArr);
            } catch (IllegalArgumentException e) {
                e.printStackTrace();
            }
        }
        return false;
    }

    public static boolean checkPasswordForFmdPin(String str, String str2) {
        return checkPassword(str, CONTEXT_STRING_FMD_PIN + str2);
    }

    public static boolean checkPasswordForLogin(String str, String str2) {
        return checkPassword(str, CONTEXT_STRING_LOGIN + str2);
    }

    public static byte[] concatByteArrays(byte[]... bArr) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        for (byte[] bArr2 : bArr) {
            try {
                byteArrayOutputStream.write(bArr2);
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
        return byteArrayOutputStream.toByteArray();
    }

    public static byte[] decodeBase64(String str) {
        return DatatypeConverter.parseBase64Binary(str);
    }

    public static PrivateKey decryptPrivateKeyWithPassword(String str, String str2) {
        byte[] decodeBase64 = decodeBase64(str);
        return pemDecodeRsaKey(new String(decryptWithAes(Arrays.copyOfRange(decodeBase64, 16, decodeBase64.length), hashPasswordForKeyWrap(str2, Arrays.copyOfRange(decodeBase64, 0, 16)).hash), StandardCharsets.UTF_8));
    }

    protected static byte[] decryptWithAes(byte[] bArr, byte[] bArr2) {
        try {
            byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, 12);
            byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 12, bArr.length);
            GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, copyOfRange);
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "AES");
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, secretKeySpec, gCMParameterSpec);
            return cipher.doFinal(copyOfRange2);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            e.printStackTrace();
            return null;
        }
    }

    public static String decryptWithKey(PrivateKey privateKey, byte[] bArr) {
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, KyberEngine.KyberPolyBytes);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, KyberEngine.KyberPolyBytes, bArr.length);
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
            cipher.init(2, privateKey, OAEP_PARAMS);
            return new String(decryptWithAes(copyOfRange2, cipher.doFinal(copyOfRange)), StandardCharsets.UTF_8);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            e.printStackTrace();
            return null;
        }
    }

    public static String encodeBase64(byte[] bArr) {
        return DatatypeConverter.printBase64Binary(bArr);
    }

    public static String encryptPrivateKeyWithPassword(PrivateKey privateKey, String str) {
        Argon2Result hashPasswordForKeyWrap = hashPasswordForKeyWrap(str);
        return encodeBase64(concatByteArrays(hashPasswordForKeyWrap.params.getSalt(), encryptWithAes(pemEncodeRsaKey(privateKey).getBytes(StandardCharsets.UTF_8), hashPasswordForKeyWrap.hash)));
    }

    public static byte[] encryptWithAes(byte[] bArr, byte[] bArr2) {
        if (bArr2.length != 32) {
            throw new RuntimeException("Bad AES key size:" + bArr2.length);
        }
        try {
            byte[] generateSecureRandom = generateSecureRandom(12);
            GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, generateSecureRandom);
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "AES");
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKeySpec, gCMParameterSpec);
            return concatByteArrays(generateSecureRandom, cipher.doFinal(bArr));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            e.printStackTrace();
            return null;
        }
    }

    public static byte[] encryptWithKey(PublicKey publicKey, String str) {
        byte[] generateSecureRandom = generateSecureRandom(32);
        try {
            byte[] encryptWithAes = encryptWithAes(str.getBytes(StandardCharsets.UTF_8), generateSecureRandom);
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
            cipher.init(1, publicKey, OAEP_PARAMS);
            return concatByteArrays(cipher.doFinal(generateSecureRandom), encryptWithAes);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            e.printStackTrace();
            return null;
        }
    }

    public static byte[] fromHex(String str) {
        return DatatypeConverter.parseHexBinary(str);
    }

    public static KeyPair genRsaKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(RSA_KEY_SIZE_BITS, new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            return null;
        }
    }

    public static byte[] generateSecureRandom(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private static Argon2Result hashPasswordArgon2(String str, byte[] bArr) {
        if (!str.startsWith(CONTEXT_PREFIX)) {
            throw new RuntimeException("Missing context string");
        }
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        byte[] bArr2 = new byte[32];
        Argon2Parameters build = new Argon2Parameters.Builder(2).withVersion(19).withIterations(1).withParallelism(4).withMemoryAsKB(131072).withSalt(bArr).build();
        Argon2BytesGenerator argon2BytesGenerator = new Argon2BytesGenerator();
        argon2BytesGenerator.init(build);
        argon2BytesGenerator.generateBytes(bytes, bArr2);
        return new Argon2Result(bArr2, build);
    }

    public static String hashPasswordForFmdPin(String str) {
        Argon2Result hashPasswordArgon2 = hashPasswordArgon2(CONTEXT_STRING_FMD_PIN + str, generateSecureRandom(16));
        return Argon2EncodingUtils.encode(hashPasswordArgon2.hash, hashPasswordArgon2.params);
    }

    public static Argon2Result hashPasswordForKeyWrap(String str) {
        return hashPasswordForKeyWrap(str, generateSecureRandom(16));
    }

    public static Argon2Result hashPasswordForKeyWrap(String str, byte[] bArr) {
        return hashPasswordArgon2(CONTEXT_STRING_ASYM_KEY_WRAP + str, bArr);
    }

    public static String hashPasswordForLogin(String str) {
        return hashPasswordForLogin(str, generateSecureRandom(16));
    }

    public static String hashPasswordForLogin(String str, String str2) {
        return hashPasswordForLogin(str, Base64.decode(str2, 3));
    }

    public static String hashPasswordForLogin(String str, byte[] bArr) {
        Argon2Result hashPasswordArgon2 = hashPasswordArgon2(CONTEXT_STRING_LOGIN + str, bArr);
        return Argon2EncodingUtils.encode(hashPasswordArgon2.hash, hashPasswordArgon2.params);
    }

    public static PrivateKey pemDecodeRsaKey(String str) {
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(decodeBase64(str.replace("-----END PRIVATE KEY-----\n", "").replace("-----BEGIN PRIVATE KEY-----\n", "").replace("\n", ""))));
        } catch (NullPointerException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            e.printStackTrace();
            return null;
        }
    }

    public static String pemEncodeRsaKey(PrivateKey privateKey) {
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        try {
            pemWriter.writeObject(new PemObject("PRIVATE KEY", privateKey.getEncoded()));
            pemWriter.flush();
            pemWriter.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
        return stringWriter.getBuffer().toString();
    }

    public static String toHex(byte[] bArr) {
        return DatatypeConverter.printHexBinary(bArr);
    }
}
