package com.microsoft.intune.mam.client.identity;

import com.microsoft.intune.mam.client.MAMException;
import com.microsoft.intune.mam.client.fileencryption.EncryptionAlgorithm;
import com.microsoft.intune.mam.client.fileencryption.FileEncryptionManager;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import java.io.InputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.logging.Level;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes3.dex */
class DataCrypter {
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger((Class<?>) DataCrypter.class);
    private EncryptionAlgorithm mAlgorithm;
    byte[] mIV;
    SecretKeySpec mKey;
    private FileEncryptionManager mManager;

    /* loaded from: classes3.dex */
    public enum Mode {
        ENCRYPT,
        DECRYPT
    }

    public DataCrypter(FileEncryptionManager fileEncryptionManager) {
        EncryptionAlgorithm encryptionAlgorithm = EncryptionAlgorithm.AES_CBC_PKCS5;
        this.mAlgorithm = encryptionAlgorithm;
        this.mManager = fileEncryptionManager;
        try {
            this.mIV = new byte[Cipher.getInstance(encryptionAlgorithm.getCipherSpec()).getBlockSize()];
            new SecureRandom().nextBytes(this.mIV);
            KeyGenerator keyGenerator = KeyGenerator.getInstance(this.mAlgorithm.getCipherName());
            keyGenerator.init(this.mManager.getDefaultKeyLength());
            this.mKey = new SecretKeySpec(keyGenerator.generateKey().getEncoded(), this.mAlgorithm.getCipherName());
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            LOGGER.log(Level.SEVERE, "Attempt to use unknown cryptographic algorithm/padding: {0}", e, this.mAlgorithm);
            throw new AssertionError("Cipher " + this.mAlgorithm + " should always be available");
        }
    }

    public DataCrypter(FileEncryptionManager fileEncryptionManager, String str, byte[] bArr, byte[] bArr2) throws MAMException {
        this.mAlgorithm = EncryptionAlgorithm.AES_CBC_PKCS5;
        this.mManager = fileEncryptionManager;
        try {
            this.mAlgorithm = EncryptionAlgorithm.fromCipherSpec(str);
            this.mIV = bArr2;
            byte[] decryptData = this.mManager.decryptData(bArr, bArr2);
            String[] split = str.split("/");
            this.mKey = new SecretKeySpec(decryptData, split.length > 0 ? split[0] : str);
        } catch (NoSuchAlgorithmException e) {
            throw new MAMException((Exception) e);
        }
    }

    public int getCipherBlockSize() {
        return this.mIV.length;
    }

    public CipherInputStream getCipherInputStream(InputStream inputStream, Mode mode) throws InvalidKeyException, InvalidAlgorithmParameterException {
        try {
            Cipher cipher = Cipher.getInstance(this.mAlgorithm.getCipherSpec());
            cipher.init(mode == Mode.ENCRYPT ? 1 : 2, this.mKey, new IvParameterSpec(this.mIV));
            return new CipherInputStream(inputStream, cipher);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            LOGGER.log(Level.SEVERE, "Attempt to use unknown cryptographic algorithm/padding: {0}", e, this.mAlgorithm.getCipherSpec());
            throw new AssertionError("Cipher " + this.mAlgorithm.getCipherSpec() + " should always be available");
        }
    }

    public String getCipherSpec() {
        return this.mAlgorithm.getCipherSpec();
    }

    public byte[] getIV() {
        return this.mIV;
    }

    public byte[] getKey() throws MAMException {
        try {
            return this.mManager.encryptData(this.mKey.getEncoded(), this.mIV);
        } catch (MAMException e) {
            LOGGER.log(Level.SEVERE, "Failed to encrypt secret key, will not be able to protect data", (Throwable) e);
            throw e;
        }
    }
}
