package com.fido.android.framework.tm.core.prov;

import android.content.Context;
import android.util.Base64;
import com.fido.android.framework.tm.core.inf.ICryptoModule;
import com.fido.android.framework.tm.core.inf.ITmDbManager;
import com.fido.android.framework.types.TmError;
import com.fido.android.framework.types.TmException;
import com.fido.android.utils.Logger;
import com.google.android.gms.location.LocationStatusCodes;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class CryptoModule implements ICryptoModule {
    private static final String a = CryptoModule.class.getSimpleName();
    private String c;
    private Context d;
    private byte[] b = null;
    protected boolean mIsDebugMode = false;

    public CryptoModule(String str, Context context) {
        this.c = str;
        this.d = context;
        Logger.i(a, ":::: mContext ====" + this.d);
        Logger.i(a, ":::: mFilePath ====" + this.c);
    }

    private void a(String str, byte[] bArr) {
        if (a()) {
            Logger.v(a + "-Data", str, bArr);
        }
    }

    private boolean a() {
        if (this.mIsDebugMode) {
            Logger.w(a, "Debug Mode");
        }
        return this.mIsDebugMode;
    }

    private static byte[] a(byte[] bArr, byte[] bArr2) {
        Logger.i(a, "hmacSha256");
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr, mac.getAlgorithm()));
            return mac.doFinal(bArr2);
        } catch (InvalidKeyException e) {
            throw new TmException(TmError.Error.FAILURE, e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            throw new TmException(TmError.Error.FAILURE, e2.getMessage());
        }
    }

    public static char[] bytesToChars(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        char[] cArr = new char[bArr.length];
        for (int i = 0; i < bArr.length; i++) {
            cArr[i] = (char) bArr[i];
        }
        return cArr;
    }

    public static ByteArrayOutputStream bytesToStream(byte[] bArr, ByteArrayOutputStream byteArrayOutputStream) {
        if (bArr != null) {
            if (byteArrayOutputStream == null) {
                byteArrayOutputStream = new ByteArrayOutputStream();
            }
            for (int i : bArr) {
                byteArrayOutputStream.write(i);
            }
        }
        return byteArrayOutputStream;
    }

    public static KeyPair generateECCKeyPair(String str) {
        try {
            ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(str);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
            keyPairGenerator.initialize(eCGenParameterSpec);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Logger.i(a, "ECDSA KeypairGenerated");
            return generateKeyPair;
        } catch (InvalidAlgorithmParameterException e) {
            Logger.e(a, e);
            throw new NoSuchAlgorithmException();
        }
    }

    public static KeyPair generateRSAKeyPair() {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        return keyPairGenerator.genKeyPair();
    }

    public static String getDrowssap(int[] iArr, int i) {
        char[] cArr = new char[i];
        int i2 = 0;
        for (int i3 : iArr) {
            cArr[i2] = (char) (i3 + 97);
            i2++;
        }
        return String.valueOf(cArr);
    }

    public static String getPinKey(byte[] bArr) {
        char[] cArr = new char[26];
        for (int i = 0; i < 26; i++) {
            cArr[i] = (char) (((i * i) % 26) + 97);
        }
        String str = "android_id" + new String(cArr);
        if (bArr == null || bArr.length <= 0) {
            return str;
        }
        byte[] bytes = str.getBytes();
        int length = bytes.length >= bArr.length ? bytes.length : bArr.length;
        byte[] bArr2 = new byte[length];
        for (int i2 = 0; i2 < length; i2++) {
            if (i2 < bytes.length && i2 < bArr.length) {
                bArr2[i2] = (byte) (bytes[i2] ^ bArr[i2]);
            } else if (i2 >= bytes.length) {
                bArr2[i2] = bArr[i2];
            } else if (i2 >= bArr.length) {
                bArr2[i2] = bytes[i2];
            }
        }
        return new String(bArr2);
    }

    public static byte[] sha256(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            Logger.e(a, e);
            throw new TmException(TmError.Error.FAILURE, "No such algorithm: SHA-256");
        }
    }

    @Override // com.fido.android.framework.tm.core.inf.ICryptoModule
    public byte[] DecryptViaPIN(byte[] bArr, byte[] bArr2) {
        Logger.d(a, "DecryptViaPIN:");
        a("PIN", bArr);
        a("Protected Blob", bArr2);
        if (bArr == null || bArr2 == null) {
            Logger.e(a, "DecryptViaPIN. Bad parameter");
            throw new TmException(TmError.Error.FAILURE, "DecryptViaPIN. Bad parameter");
        }
        if (bArr2.length < 8) {
            Logger.e(a, "DecryptViaPIN. encryptedSeed length less than PKCS5_SALT_LENGTH");
            throw new TmException(TmError.Error.FAILURE, "DecryptViaPIN. encryptedSeed length less than PKCS5_SALT_LENGTH");
        }
        byte[] bArr3 = new byte[8];
        for (int i = 0; i < 8; i++) {
            bArr3[i] = bArr2[i];
        }
        a("Salt", bArr3);
        try {
            byte[] a2 = a(getKey(), bArr);
            if (!a()) {
                bArr = a2;
            }
            a("Derived PIN", bArr);
            char[] bytesToChars = bytesToChars(bArr);
            Logger.v(a, "Key generation Spec: IterationCount(1000), KeyLen(128)");
            try {
                try {
                    byte[] encoded = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(bytesToChars, bArr3, LocationStatusCodes.GEOFENCE_NOT_AVAILABLE, 128)).getEncoded();
                    a("Decryption Key", encoded);
                    SecretKeySpec secretKeySpec = new SecretKeySpec(encoded, "AES");
                    byte[] bArr4 = new byte[20];
                    for (int i2 = 0; i2 < 20; i2++) {
                        bArr4[i2] = bArr2[i2 + 8];
                    }
                    if (bArr2.length <= 28) {
                        Logger.e(a, "DecryptViaPIN. Invalid encrypted seed length.\n");
                        throw new TmException(TmError.Error.FAILURE, "DecryptViaPIN. Invalid encrypted seed length.\n");
                    }
                    int length = (bArr2.length - 8) - 20;
                    byte[] bArr5 = new byte[length];
                    for (int i3 = 0; i3 < length; i3++) {
                        bArr5[i3] = bArr2[i3 + 28];
                    }
                    a("Encrypted Seed", bArr5);
                    try {
                        Cipher cipher = Cipher.getInstance("AES");
                        try {
                            cipher.init(2, secretKeySpec);
                            try {
                                byte[] doFinal = cipher.doFinal(bArr5);
                                a(cipher.getAlgorithm() + " Decrypted Seed", doFinal);
                                try {
                                    MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
                                    messageDigest.update(doFinal);
                                    byte[] digest = messageDigest.digest();
                                    a("Stored Digest", digest);
                                    a(messageDigest.getAlgorithm() + " Calculated Digest", digest);
                                    if (!Arrays.equals(digest, bArr4)) {
                                        throw new TmException(TmError.Error.NOT_REGISTERED);
                                    }
                                    Logger.d(a, "DecryptViaPIN:Passed");
                                    return doFinal;
                                } catch (NoSuchAlgorithmException e) {
                                    Logger.e(a, e);
                                    throw new TmException(TmError.Error.FAILURE, e.toString());
                                }
                            } catch (BadPaddingException e2) {
                                Logger.e(a, e2);
                                throw new TmException(TmError.Error.FAILURE, e2.toString());
                            } catch (IllegalBlockSizeException e3) {
                                Logger.e(a, e3);
                                throw new TmException(TmError.Error.FAILURE, e3.toString());
                            }
                        } catch (InvalidKeyException e4) {
                            Logger.e(a, e4);
                            throw new TmException(TmError.Error.FAILURE, e4.toString());
                        }
                    } catch (NoSuchAlgorithmException e5) {
                        Logger.e(a, e5);
                        throw new TmException(TmError.Error.FAILURE, e5.toString());
                    } catch (NoSuchPaddingException e6) {
                        Logger.e(a, e6);
                        throw new TmException(TmError.Error.FAILURE, e6.toString());
                    }
                } catch (InvalidKeySpecException e7) {
                    Logger.e(a, e7);
                    throw new TmException(TmError.Error.FAILURE, "DecryptViaPIN. Failed to generate key");
                }
            } catch (NoSuchAlgorithmException e8) {
                Logger.e(a, e8);
                throw new TmException(TmError.Error.FAILURE, "DecryptViaPIN. Failed to get key spec");
            }
        } catch (IOException e9) {
            Logger.e(a, e9);
            throw new TmException(TmError.Error.FAILURE, "getKey. Failed to get key.");
        }
    }

    @Override // com.fido.android.framework.tm.core.inf.ICryptoModule
    public byte[] EncryptViaPIN(byte[] bArr, byte[] bArr2) {
        Logger.d(a, "EncryptViaPIN:");
        a("PIN", bArr);
        a("Plain Seed", bArr2);
        if (bArr == null || bArr2 == null) {
            Logger.e(a, "EncryptViaPIN. Bad parameter");
            throw new TmException(TmError.Error.FAILURE, "EncryptViaPIN. Bad parameter");
        }
        try {
            byte[] a2 = a(getKey(), bArr);
            if (!a()) {
                bArr = a2;
            }
            a("Derived PIN", bArr);
            char[] bytesToChars = bytesToChars(bArr);
            byte[] bArr3 = new byte[8];
            new SecureRandom().nextBytes(bArr3);
            if (a()) {
                for (int i = 0; i < bArr3.length; i++) {
                    bArr3[i] = 0;
                }
            }
            a("Salt", bArr3);
            ByteArrayOutputStream bytesToStream = bytesToStream(bArr3, null);
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
                messageDigest.update(bArr2);
                byte[] digest = messageDigest.digest();
                a(messageDigest.getAlgorithm() + " digest of plain seed", digest);
                ByteArrayOutputStream bytesToStream2 = bytesToStream(digest, bytesToStream);
                try {
                    byte[] encoded = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(bytesToChars, bArr3, LocationStatusCodes.GEOFENCE_NOT_AVAILABLE, 128)).getEncoded();
                    Logger.d(a, "Key generation Spec: IterationCount(1000), KeyLen(128)");
                    a("Encryption Key", encoded);
                    Cipher cipher = Cipher.getInstance("AES");
                    cipher.init(1, new SecretKeySpec(encoded, "AES"));
                    byte[] doFinal = cipher.doFinal(bArr2);
                    a(cipher.getAlgorithm() + " Encrypted Seed", doFinal);
                    byte[] byteArray = bytesToStream(doFinal, bytesToStream2).toByteArray();
                    a("Protected Blob", byteArray);
                    return byteArray;
                } catch (Exception e) {
                    Logger.e(a, e);
                    throw new TmException(TmError.Error.FAILURE, e.getMessage());
                }
            } catch (NoSuchAlgorithmException e2) {
                Logger.e(a, e2);
                throw new TmException(TmError.Error.FAILURE, e2.getMessage());
            }
        } catch (IOException e3) {
            Logger.e(a, e3);
            Logger.e(a, "EncryptViaPIN. Failed to get DB Key");
            throw new TmException(TmError.Error.FAILURE, "EncryptViaPIN. Failed to get DB Key");
        }
    }

    @Override // com.fido.android.framework.tm.core.inf.ICryptoModule
    public String bytesToHexString(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        String str = "";
        int i = 0;
        while (i < bArr.length) {
            String hexString = Integer.toHexString(bArr[i] & 255);
            if (hexString.length() == 1) {
                str = str + ITmDbManager.FIDODB_STRCONST_ZERO;
            }
            i++;
            str = str + hexString;
        }
        return str;
    }

    public File createDatFilesWithKeys(String str) {
        Logger.i(a, "TMCore :: createDatFilesWithKeys");
        File file = new File(str);
        if (!file.exists()) {
            file.createNewFile();
            try {
                byte[] randomKey = getRandomKey();
                FileOutputStream openFileOutput = this.d.openFileOutput(file.getName(), 32768);
                openFileOutput.write(Base64.encode(randomKey, 2));
                openFileOutput.close();
            } catch (FileNotFoundException e) {
                Logger.e(a, e);
            }
        }
        return file;
    }

    public byte[] getKey() {
        Logger.i(a, "CryptoModule :: getKey");
        if (this.b == null) {
            File createDatFilesWithKeys = createDatFilesWithKeys(this.c + ".dat");
            FileInputStream fileInputStream = new FileInputStream(createDatFilesWithKeys);
            byte[] bArr = new byte[(int) createDatFilesWithKeys.length()];
            try {
                fileInputStream.read(bArr);
                this.b = Base64.decode(bArr, 0);
            } finally {
                try {
                    fileInputStream.close();
                } catch (IOException e) {
                    Logger.e(a, e);
                }
            }
        }
        return this.b;
    }

    public byte[] getRandomKey() {
        Logger.i(a, "TMCore :: getRandomKey");
        byte[] bArr = new byte[100];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    @Override // com.fido.android.framework.tm.core.inf.ICryptoModule
    public byte[] sha1(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            Logger.e(a, e);
            throw new TmException(TmError.Error.FAILURE, "No such algorithm: SHA-1");
        }
    }
}
