package com.azure.authenticator.jwe;

import android.text.TextUtils;
import android.util.Base64;
import com.azure.authenticator.jwe.JweEncryptionException;
import com.microsoft.authenticator.core.common.Strings;
import com.microsoft.authenticator.core.logging.BaseLogger;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class JweEncryptionManager {
    public static final int BASE64_FLAGS = 11;
    private static final int JWE_SEGMENT_SIZE = 5;
    private final int LONG_SIZE_IN_BYTES;
    private final AlgorithmEnum _algorithmEnum;
    private final SecureRandomGenerator _secureRandomGenerator;

    public JweEncryptionManager(AlgorithmEnum algorithmEnum) {
        this.LONG_SIZE_IN_BYTES = 8;
        this._algorithmEnum = algorithmEnum;
        this._secureRandomGenerator = new SecureRandomGenerator();
    }

    JweEncryptionManager(AlgorithmEnum algorithmEnum, SecureRandomGenerator secureRandomGenerator) {
        this.LONG_SIZE_IN_BYTES = 8;
        this._algorithmEnum = algorithmEnum;
        this._secureRandomGenerator = secureRandomGenerator;
    }

    private String[] deserializeJwe(String str) throws JweEncryptionException {
        String[] split = str.split("[.]");
        if (split == null || split.length != 5) {
            BaseLogger.e("JWE is null or incorrect length");
            throw new JweEncryptionException(JweEncryptionException.JweEncryptionError.JWE_INVALID_SERIALIZATION);
        }
        for (String str2 : split) {
            if (TextUtils.isEmpty(str2)) {
                BaseLogger.e("JWE segment is null or empty");
                throw new JweEncryptionException(JweEncryptionException.JweEncryptionError.JWE_INVALID_SERIALIZATION);
            }
        }
        return split;
    }

    private byte[] getAdditionalAuthenticationHeader() throws JweEncryptionException {
        return Base64.encodeToString(getJweHeader().getBytes(StandardCharsets.UTF_8), 11).getBytes(StandardCharsets.US_ASCII);
    }

    private byte[] getAuthenticationTag(byte[] bArr, byte[] bArr2) throws JweEncryptionException {
        try {
            byte[] additionalAuthenticationHeader = getAdditionalAuthenticationHeader();
            long length = additionalAuthenticationHeader.length * 8;
            ByteBuffer allocate = ByteBuffer.allocate(8);
            allocate.order(ByteOrder.BIG_ENDIAN);
            allocate.putLong(length);
            ByteBuffer allocate2 = ByteBuffer.allocate(additionalAuthenticationHeader.length + bArr2.length + bArr.length + 8);
            allocate2.put(additionalAuthenticationHeader);
            allocate2.put(bArr2);
            allocate2.put(bArr);
            allocate2.put(allocate.array());
            return allocate2.array();
        } catch (Exception e) {
            throw new JweEncryptionException(JweEncryptionException.JweEncryptionError.JWE_CREATE_TAG_FAIL, e);
        }
    }

    private byte[] getEncryptionKey(byte[] bArr) {
        int length = bArr.length / 2;
        byte[] bArr2 = new byte[length];
        System.arraycopy(bArr, length, bArr2, 0, length);
        return bArr2;
    }

    private byte[] getHmacKey(byte[] bArr) {
        int length = bArr.length / 2;
        byte[] bArr2 = new byte[length];
        System.arraycopy(bArr, 0, bArr2, 0, length);
        return bArr2;
    }

    private String getJweHeader() throws JweEncryptionException {
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("alg", this._algorithmEnum.getAlgorithm());
            jSONObject.put("enc", this._algorithmEnum.getEncoding());
            return jSONObject.toString();
        } catch (JSONException e) {
            throw new JweEncryptionException(JweEncryptionException.JweEncryptionError.JWE_CREATE_HEADER_FAIL, e);
        }
    }

    private boolean isArrayEqual(byte[] bArr, byte[] bArr2) {
        boolean z = true;
        for (int i = 0; i < bArr.length; i++) {
            if (i >= bArr2.length || bArr[i] != bArr2[i]) {
                z = false;
            }
        }
        return z;
    }

    public String decrypt(String str, byte[] bArr) throws JweEncryptionException {
        try {
            String[] deserializeJwe = deserializeJwe(str);
            if (!isArrayEqual(getJweHeader().getBytes(Strings.Utf8Charset), Base64.decode(deserializeJwe[0], 11))) {
                throw new JweEncryptionException(JweEncryptionException.JweEncryptionError.JWE_INVALID_HEADER);
            }
            CryptoHelper cryptoHelper = new CryptoHelper();
            byte[] jweDecryptedKeyWithAesKeyUnwrap = cryptoHelper.getJweDecryptedKeyWithAesKeyUnwrap(Base64.decode(deserializeJwe[1], 11), bArr);
            byte[] decode = Base64.decode(deserializeJwe[2], 11);
            byte[] decode2 = Base64.decode(deserializeJwe[3], 11);
            byte[] decode3 = Base64.decode(deserializeJwe[4], 11);
            if (jweDecryptedKeyWithAesKeyUnwrap == null || jweDecryptedKeyWithAesKeyUnwrap.length != this._algorithmEnum.getCekSizeInBytes()) {
                throw new JweEncryptionException(JweEncryptionException.JweEncryptionError.JWE_INVALID_CEK);
            }
            byte[] hmacKey = getHmacKey(jweDecryptedKeyWithAesKeyUnwrap);
            byte[] encryptionKey = getEncryptionKey(jweDecryptedKeyWithAesKeyUnwrap);
            byte[] authTagWithHmac = cryptoHelper.getAuthTagWithHmac(getAuthenticationTag(decode2, decode), hmacKey, this._algorithmEnum.getMac());
            if (isArrayEqual(Arrays.copyOf(authTagWithHmac, authTagWithHmac.length / 2), decode3)) {
                return new String(cryptoHelper.getDecryptedTextWithAes(decode2, decode, encryptionKey), Strings.Utf8Charset);
            }
            throw new JweEncryptionException(JweEncryptionException.JweEncryptionError.JWE_INVALID_TAG);
        } catch (JweEncryptionException e) {
            BaseLogger.e("JWE decryption failed: " + str);
            BaseLogger.e(e.getJweEncryptionError().name(), e);
            throw e;
        }
    }

    public String encrypt(String str, byte[] bArr) throws JweEncryptionException {
        try {
            CryptoHelper cryptoHelper = new CryptoHelper();
            byte[] random = this._secureRandomGenerator.getRandom(this._algorithmEnum.getCekSizeInBytes());
            byte[] jweEncryptedKeyWithAesKeyWrap = cryptoHelper.getJweEncryptedKeyWithAesKeyWrap(random, bArr);
            byte[] hmacKey = getHmacKey(random);
            byte[] encryptionKey = getEncryptionKey(random);
            byte[] random2 = this._secureRandomGenerator.getRandom(this._algorithmEnum.getIvSizeInBytes());
            byte[] cipherTextWithAes = cryptoHelper.getCipherTextWithAes(str.getBytes(StandardCharsets.UTF_8), random2, encryptionKey);
            byte[] authTagWithHmac = cryptoHelper.getAuthTagWithHmac(getAuthenticationTag(cipherTextWithAes, random2), hmacKey, this._algorithmEnum.getMac());
            return Base64.encodeToString(getJweHeader().getBytes(StandardCharsets.UTF_8), 11) + "." + Base64.encodeToString(jweEncryptedKeyWithAesKeyWrap, 11) + "." + Base64.encodeToString(random2, 11) + "." + Base64.encodeToString(cipherTextWithAes, 11) + "." + Base64.encodeToString(Arrays.copyOf(authTagWithHmac, authTagWithHmac.length / 2), 11);
        } catch (JweEncryptionException e) {
            BaseLogger.e("JWE encryption failed: " + str);
            BaseLogger.e(e.getJweEncryptionError().name(), e);
            throw e;
        }
    }
}
