package com.microsoft.omadm.utils;

import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyProtection;
import com.microsoft.intune.mam.client.util.CallableWithException2;
import com.microsoft.intune.mam.log.ExceptionUtils;
import com.microsoft.omadm.Services;
import com.microsoft.omadm.connection.CertificateKeyStore;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.exception.OMADMInterruptedCryptoException;
import com.microsoft.omadm.logging.telemetry.MAMTrackedOccurrence;
import java.io.IOException;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.spongycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes2.dex */
public final class CryptoUtils {
    public static final String AES_CBC_NOPADDING = "AES/CBC/NoPadding";
    public static final String AES_CBC_PKCS5PADDING = "AES/CBC/PKCS5Padding";
    public static final String AES_CBC_PKCS7PADDING = "AES/CBC/PKCS7Padding";

    @Deprecated
    public static final String AES_ECB_PKCS5PADDING = "AES/ECB/PKCS5Padding";
    protected static final int AES_IV_LENGTH_BYTES = 16;
    public static final int AES_KEY_SIZE_256 = 256;
    private static final String CIPHER = "Cipher";
    public static final int DEFAULT_AES_KEY_SIZE_BITS = 256;
    public static final String HMAC_SHA256 = "HmacSHA256";
    public static final String KEY_ALGORITHM_AES = "AES";
    private static final Logger LOGGER = Logger.getLogger(CryptoUtils.class.getName());
    private static final String MAC = "Mac";

    @Deprecated
    public static final String RSA_ECB_PKCS1PADDING = "RSA/ECB/PKCS1Padding";
    public static final String RSA_NONE_PKCS1PADDING = "RSA/None/PKCS1Padding";

    @Retention(RetentionPolicy.SOURCE)
    /* loaded from: classes2.dex */
    public @interface AESKeySizeBits {
    }

    @Retention(RetentionPolicy.SOURCE)
    /* loaded from: classes2.dex */
    public @interface CipherTransformation {
    }

    @Retention(RetentionPolicy.SOURCE)
    /* loaded from: classes2.dex */
    public @interface MacAlgorithm {
    }

    @Retention(RetentionPolicy.SOURCE)
    /* loaded from: classes2.dex */
    private @interface SecurityServiceType {
    }

    private CryptoUtils() {
    }

    public static byte[] computeMac(String str, Key key, byte[] bArr) throws OMADMException {
        return computeMac(str, key, bArr, 0, bArr.length);
    }

    public static byte[] computeMac(String str, final Key key, final byte[] bArr, final int i, final int i2) throws OMADMException {
        if (bArr.length >= i + i2) {
            try {
                final Mac mac = key.getEncoded() == null ? Mac.getInstance(str, getNonSpongyCastleMacProvider(str, key)) : Mac.getInstance(str);
                return (byte[]) retryIf(new CallableWithException2() { // from class: com.microsoft.omadm.utils.-$$Lambda$CryptoUtils$BKRaXjCIhNYFLeUzdkC-TpCpScs
                    @Override // com.microsoft.intune.mam.client.util.CallableWithException2
                    public final Object call() {
                        return CryptoUtils.lambda$computeMac$45(mac, key, bArr, i, i2);
                    }
                }, ProviderException.class);
            } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
                throw new OMADMException("Failed to get MAC instance.", e);
            }
        }
        throw new OMADMException("Unable to calculate MAC; data length is too short: " + bArr.length);
    }

    public static byte[] decryptData(String str, byte[] bArr, int i, int i2, Key key) throws OMADMException {
        int i3;
        int i4;
        IvParameterSpec ivParameterSpec;
        if (bArr.length < i + i2) {
            throw new OMADMException("Unable to apply transform; data length is too short: " + bArr.length);
        }
        if (!isCBCTransformation(str)) {
            i3 = i;
            i4 = i2;
            ivParameterSpec = null;
        } else {
            if (i2 <= 16) {
                throw new OMADMException("Unable to apply transform; data length is too short: " + bArr.length);
            }
            i3 = i + 16;
            i4 = i2 - 16;
            ivParameterSpec = new IvParameterSpec(bArr, i, 16);
        }
        return rawCrypt(getCipher(str, key), bArr, i3, i4, 2, key, ivParameterSpec);
    }

    public static byte[] decryptData(String str, byte[] bArr, Key key) throws OMADMException {
        return decryptData(str, bArr, 0, bArr.length, key);
    }

    public static byte[] encryptData(String str, byte[] bArr, int i, int i2, Key key) throws OMADMException {
        byte[] bArr2;
        IvParameterSpec ivParameterSpec;
        if (bArr.length < i + i2) {
            throw new OMADMException("Unable to apply transform; data length is too short: " + bArr.length);
        }
        Cipher cipher = getCipher(str, key);
        if (key.getEncoded() == null || !isCBCTransformation(str)) {
            bArr2 = null;
            ivParameterSpec = null;
        } else {
            byte[] bArr3 = new byte[16];
            new SecureRandom().nextBytes(bArr3);
            ivParameterSpec = new IvParameterSpec(bArr3);
            bArr2 = bArr3;
        }
        byte[] rawCrypt = rawCrypt(cipher, bArr, i, i2, 1, key, ivParameterSpec);
        if (key.getEncoded() == null && isCBCTransformation(str)) {
            bArr2 = cipher.getIV();
        }
        if (bArr2 == null) {
            return rawCrypt;
        }
        byte[] bArr4 = new byte[rawCrypt.length + bArr2.length];
        System.arraycopy(bArr2, 0, bArr4, 0, bArr2.length);
        System.arraycopy(rawCrypt, 0, bArr4, bArr2.length, rawCrypt.length);
        return bArr4;
    }

    public static byte[] encryptData(String str, byte[] bArr, Key key) throws OMADMException {
        return encryptData(str, bArr, 0, bArr.length, key);
    }

    public static SecretKey generateAESKeyInAndroidKeyStore(KeyStore keyStore, String str) throws OMADMException {
        return storeSecretKeyInAndroidKeyStore(keyStore, str, generateSecretKey(256), new KeyProtection.Builder(3).setBlockModes("CBC").setEncryptionPaddings("NoPadding", "PKCS7Padding").build());
    }

    public static SecretKey generateHMacKeyInAndroidKeyStore(KeyStore keyStore, String str) throws OMADMException {
        try {
            final KeyGenerator keyGenerator = KeyGenerator.getInstance(HMAC_SHA256, CertificateKeyStore.ANDROID_KEYSTORE_NAME);
            try {
                keyGenerator.init(new KeyGenParameterSpec.Builder(str, 4).build());
                return (SecretKey) retryIf(new CallableWithException2() { // from class: com.microsoft.omadm.utils.-$$Lambda$CryptoUtils$egTaTn5jraC3sBiQfx1WbX7Efgs
                    @Override // com.microsoft.intune.mam.client.util.CallableWithException2
                    public final Object call() {
                        SecretKey generateKey;
                        generateKey = keyGenerator.generateKey();
                        return generateKey;
                    }
                }, ProviderException.class);
            } catch (InvalidAlgorithmParameterException e) {
                throw new OMADMException("Failed to initialize Android KeyGenerator instance for HMAC", e);
            }
        } catch (NoSuchAlgorithmException | NoSuchProviderException e2) {
            throw new OMADMException("Failed to get Android KeyGenerator instance for HMAC", e2);
        }
    }

    public static KeyPair generateRSAKeyInAndroidKeyStore(final KeyStore keyStore, final String str) throws OMADMException {
        final KeyPair generateKeyPair = CertificateKeyStore.generateKeyPair();
        final X509Certificate generateSelfSignedCertificate = CertificateKeyStore.generateSelfSignedCertificate(generateKeyPair);
        retryIf(new CallableWithException2() { // from class: com.microsoft.omadm.utils.-$$Lambda$CryptoUtils$TQjbLYdEyeBc3Vv_3uFJvDZ4ffk
            @Override // com.microsoft.intune.mam.client.util.CallableWithException2
            public final Object call() {
                return CryptoUtils.lambda$generateRSAKeyInAndroidKeyStore$42(keyStore, str, generateKeyPair, generateSelfSignedCertificate);
            }
        }, KeyStoreException.class);
        return getKeyPairInAndroidKeyStore(keyStore, str);
    }

    public static SecretKey generateSecretKey(int i) {
        byte[] bArr = new byte[i / 8];
        new SecureRandom().nextBytes(bArr);
        return new SecretKeySpec(bArr, KEY_ALGORITHM_AES);
    }

    private static Cipher getCipher(String str, Key key) throws OMADMException {
        try {
            return Cipher.getInstance(str, getNonSpongyCastleCipherProvider(str, key));
        } catch (NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException e) {
            throw new OMADMException("Failed to get an instance of Cipher: " + str, e);
        }
    }

    private static KeyStore.Entry getEntryInAndroidKeyStore(final KeyStore keyStore, final String str) throws OMADMException {
        return (KeyStore.Entry) retryIf(new CallableWithException2() { // from class: com.microsoft.omadm.utils.-$$Lambda$CryptoUtils$uD2PVht4ftnFaC_BKHi-lV06Ero
            @Override // com.microsoft.intune.mam.client.util.CallableWithException2
            public final Object call() {
                return CryptoUtils.lambda$getEntryInAndroidKeyStore$41(keyStore, str);
            }
        }, UnrecoverableEntryException.class);
    }

    public static KeyPair getKeyPairInAndroidKeyStore(KeyStore keyStore, String str) throws OMADMException {
        KeyStore.Entry entryInAndroidKeyStore = getEntryInAndroidKeyStore(keyStore, str);
        if (entryInAndroidKeyStore == null) {
            return null;
        }
        if (entryInAndroidKeyStore instanceof KeyStore.PrivateKeyEntry) {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entryInAndroidKeyStore;
            return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
        }
        throw new OMADMException("Attempted to read from " + str + " in keystore, but retrieved key was not a private key, actual type: " + (entryInAndroidKeyStore == null ? "<null>" : entryInAndroidKeyStore.getClass().getName()));
    }

    private static Provider getNonSpongyCastleCipherProvider(String str, Key key) throws NoSuchProviderException {
        return getNonSpongyCastleProvider(str, key, CIPHER);
    }

    private static Provider getNonSpongyCastleMacProvider(String str, Key key) throws NoSuchProviderException {
        return getNonSpongyCastleProvider(str, key, MAC);
    }

    private static Provider getNonSpongyCastleProvider(String str, Key key, String str2) throws NoSuchProviderException {
        Provider.Service service;
        for (Provider provider : Security.getProviders()) {
            if (!BouncyCastleProvider.PROVIDER_NAME.equals(provider.getName()) && (service = provider.getService(str2, str)) != null) {
                try {
                    if (service.supportsParameter(key)) {
                        return provider;
                    }
                } catch (Throwable unused) {
                    continue;
                }
            }
        }
        throw new NoSuchProviderException("Could not find a non-SpongyCastle provider for " + str);
    }

    public static SecretKey getSecretKeyInAndroidKeyStore(KeyStore keyStore, String str) throws OMADMException {
        KeyStore.Entry entryInAndroidKeyStore = getEntryInAndroidKeyStore(keyStore, str);
        if (entryInAndroidKeyStore == null) {
            return null;
        }
        if (entryInAndroidKeyStore instanceof KeyStore.SecretKeyEntry) {
            return ((KeyStore.SecretKeyEntry) entryInAndroidKeyStore).getSecretKey();
        }
        throw new OMADMException("Attempted to read from " + str + " in keystore, but retrieved key was not a secret key, actual type: " + (entryInAndroidKeyStore == null ? "<null>" : entryInAndroidKeyStore.getClass().getName()));
    }

    private static boolean isCBCTransformation(String str) {
        return str.contains("/CBC/");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ byte[] lambda$computeMac$45(Mac mac, Key key, byte[] bArr, int i, int i2) throws Exception, OMADMException {
        try {
            mac.init(key);
            mac.update(bArr, i, i2);
            return mac.doFinal();
        } catch (InvalidKeyException e) {
            throw new OMADMException("Failed to initialize MAC.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ Object lambda$generateRSAKeyInAndroidKeyStore$42(KeyStore keyStore, String str, KeyPair keyPair, X509Certificate x509Certificate) throws Exception, OMADMException {
        try {
            keyStore.setKeyEntry(str, keyPair.getPrivate(), null, new X509Certificate[]{x509Certificate});
            return null;
        } catch (IllegalArgumentException | NullPointerException e) {
            throw new OMADMException("Failed to store RSA key in keystore.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ KeyStore.Entry lambda$getEntryInAndroidKeyStore$41(KeyStore keyStore, String str) throws Exception, OMADMException {
        try {
            return keyStore.getEntry(str, null);
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new OMADMException("Loading key failed.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ byte[] lambda$rawCrypt$46(AlgorithmParameterSpec algorithmParameterSpec, Cipher cipher, int i, Key key, byte[] bArr, int i2, int i3) throws Exception, OMADMException {
        try {
            if (algorithmParameterSpec != null) {
                cipher.init(i, key, algorithmParameterSpec);
            } else {
                cipher.init(i, key);
            }
            try {
                return cipher.doFinal(bArr, i2, i3);
            } catch (BadPaddingException | IllegalBlockSizeException e) {
                throw new OMADMException("Failed to crypt the data", e);
            }
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e2) {
            throw new OMADMException("Failed to init Cipher", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ Object lambda$storeSecretKeyInAndroidKeyStore$44(KeyStore keyStore, String str, SecretKey secretKey, KeyStore.ProtectionParameter protectionParameter) throws Exception, OMADMException {
        try {
            keyStore.setEntry(str, new KeyStore.SecretKeyEntry(secretKey), protectionParameter);
            return null;
        } catch (IllegalArgumentException | NullPointerException e) {
            throw new OMADMException("Failed to store secret key in keystore.", e);
        }
    }

    public static KeyStore loadAndroidKeyStore() throws OMADMException {
        try {
            KeyStore keyStore = KeyStore.getInstance(CertificateKeyStore.ANDROID_KEYSTORE_NAME);
            keyStore.load(null);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new OMADMException(e);
        }
    }

    private static byte[] rawCrypt(final Cipher cipher, final byte[] bArr, final int i, final int i2, final int i3, final Key key, final AlgorithmParameterSpec algorithmParameterSpec) throws OMADMException {
        return (byte[]) retryIf(new CallableWithException2() { // from class: com.microsoft.omadm.utils.-$$Lambda$CryptoUtils$9w6oIDlhjZw0wnlmS-QjrC8GOXA
            @Override // com.microsoft.intune.mam.client.util.CallableWithException2
            public final Object call() {
                return CryptoUtils.lambda$rawCrypt$46(algorithmParameterSpec, cipher, i3, key, bArr, i, i2);
            }
        }, ProviderException.class);
    }

    private static <T, E1 extends Exception> T retryIf(CallableWithException2<T, E1, OMADMException> callableWithException2, Class<? extends E1> cls) throws OMADMException, OMADMInterruptedCryptoException {
        try {
            return callableWithException2.call();
        } catch (OMADMException e) {
            throw e;
        } catch (Exception e2) {
            if (!cls.isAssignableFrom(e2.getClass())) {
                throw ((RuntimeException) e2);
            }
            LOGGER.log(Level.WARNING, "Failed to perform crypt operation due to retryable exception, retrying once.", (Throwable) e2);
            try {
                T call = callableWithException2.call();
                Services.get().getMAMTelemetryLogger().logTrackedOccurrence(null, MAMTrackedOccurrence.CRYPTO_SUCCESS_AFTER_RETRY, ExceptionUtils.describeException(e2));
                return call;
            } catch (OMADMException e3) {
                throw e3;
            } catch (Exception e4) {
                if (cls.isAssignableFrom(e4.getClass())) {
                    throw new OMADMInterruptedCryptoException("Failed to retry interrupted crypto operation.", e4);
                }
                throw ((RuntimeException) e4);
            }
        }
    }

    private static SecretKey storeSecretKeyInAndroidKeyStore(final KeyStore keyStore, final String str, final SecretKey secretKey, final KeyStore.ProtectionParameter protectionParameter) throws OMADMException {
        retryIf(new CallableWithException2() { // from class: com.microsoft.omadm.utils.-$$Lambda$CryptoUtils$UAkXMGocLfutzoa_IBPXZvrc1yI
            @Override // com.microsoft.intune.mam.client.util.CallableWithException2
            public final Object call() {
                return CryptoUtils.lambda$storeSecretKeyInAndroidKeyStore$44(keyStore, str, secretKey, protectionParameter);
            }
        }, KeyStoreException.class);
        KeyStore.Entry entryInAndroidKeyStore = getEntryInAndroidKeyStore(keyStore, str);
        if (entryInAndroidKeyStore instanceof KeyStore.SecretKeyEntry) {
            return ((KeyStore.SecretKeyEntry) entryInAndroidKeyStore).getSecretKey();
        }
        throw new OMADMException("Error occurred when initializing key " + str + " in keystore. New key was not a secret key, actual type: " + (entryInAndroidKeyStore == null ? "<null>" : entryInAndroidKeyStore.getClass().getName()));
    }

    public static boolean validateMac(String str, Key key, byte[] bArr, int i, int i2, byte[] bArr2, int i3, int i4) throws OMADMException {
        if (bArr2.length < i3 + i4) {
            throw new OMADMException("Unable to validate MAC; MAC buffer length is too short: " + bArr2.length);
        }
        byte[] computeMac = computeMac(str, key, bArr, i, i2);
        if (computeMac.length != i4) {
            return false;
        }
        for (int i5 = 0; i5 < i4; i5++) {
            if (computeMac[i5] != bArr2[i3 + i5]) {
                return false;
            }
        }
        return true;
    }

    public static boolean validateMac(String str, Key key, byte[] bArr, byte[] bArr2, int i, int i2) throws OMADMException {
        return validateMac(str, key, bArr, 0, bArr.length, bArr2, i, i2);
    }
}
