package com.microsoft.teams.vault.data;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.microsoft.skype.teams.logger.ILogger;
import com.microsoft.teams.core.injection.UserScope;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Calendar;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;

@UserScope
/* loaded from: classes2.dex */
public class VaultKeyBox implements IVaultKeyBox {
    private static final String AES_ALGORITHM = "AES";
    private static final String AES_MODE = "AES/CBC/PKCS5Padding";
    private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
    private static final String ENCODING_FORMAT = "UTF-8";
    private static final String KEY_ALIAS = "VaultKeyAlias";
    private static final int KEY_BYTES_LENGTH = 256;
    private static final String LOG_TAG = "VaultKeyBox";
    private static final int RANDOM_KEY_LENGTH = 16;
    private static final String RSA_MODE = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
    private static KeyStore keyStore;
    private final Context mContext;
    private final ILogger mLogger;

    public VaultKeyBox(Context context, ILogger iLogger) {
        this.mLogger = iLogger;
        this.mContext = context;
        generateEncryptKey();
    }

    @Override // com.microsoft.teams.vault.data.IVaultKeyBox
    public String decryptData(String str) {
        try {
            byte[] decode = Base64.decode(str.getBytes("UTF-8"), 0);
            if (decode.length <= 256) {
                this.mLogger.log(7, LOG_TAG, "decryptData: Invalid input length", new Object[0]);
                return null;
            }
            byte[] bArr = new byte[decode.length - 256];
            byte[] bArr2 = new byte[256];
            System.arraycopy(decode, 0, bArr2, 0, 256);
            System.arraycopy(decode, 256, bArr, 0, decode.length - 256);
            byte[] decryptKey = decryptKey(bArr2);
            if (decryptKey == null) {
                this.mLogger.log(7, LOG_TAG, "decryptData: could not decrypt key", new Object[0]);
                return null;
            }
            Cipher cipher = Cipher.getInstance(AES_MODE);
            cipher.init(2, new SecretKeySpec(decryptKey, AES_ALGORITHM), new IvParameterSpec(decryptKey));
            CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), cipher);
            ArrayList arrayList = new ArrayList();
            while (true) {
                int read = cipherInputStream.read();
                if (read == -1) {
                    break;
                }
                arrayList.add(Byte.valueOf((byte) read));
            }
            int size = arrayList.size();
            byte[] bArr3 = new byte[size];
            for (int i = 0; i < size; i++) {
                bArr3[i] = ((Byte) arrayList.get(i)).byteValue();
            }
            return new String(bArr3, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            this.mLogger.log(7, LOG_TAG, "decryptData: " + e.getMessage(), new Object[0]);
            return null;
        } catch (IOException e2) {
            this.mLogger.log(7, LOG_TAG, "decryptData: " + e2.getMessage(), new Object[0]);
            return null;
        } catch (InvalidAlgorithmParameterException e3) {
            this.mLogger.log(7, LOG_TAG, "decryptData: " + e3.getMessage(), new Object[0]);
            return null;
        } catch (InvalidKeyException e4) {
            this.mLogger.log(7, LOG_TAG, "decryptData: " + e4.getMessage(), new Object[0]);
            return null;
        } catch (NoSuchAlgorithmException e5) {
            this.mLogger.log(7, LOG_TAG, "decryptData: " + e5.getMessage(), new Object[0]);
            return null;
        } catch (NoSuchPaddingException e6) {
            this.mLogger.log(7, LOG_TAG, "decryptData: " + e6.getMessage(), new Object[0]);
            return null;
        }
    }

    protected byte[] decryptKey(byte[] bArr) {
        PrivateKey privateKey;
        try {
            if (Build.VERSION.SDK_INT >= 23) {
                privateKey = (PrivateKey) keyStore.getKey(KEY_ALIAS, null);
            } else {
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(KEY_ALIAS, null);
                if (privateKeyEntry == null) {
                    this.mLogger.log(7, LOG_TAG, "decryptKey: Private key is null", new Object[0]);
                    return null;
                }
                privateKey = privateKeyEntry.getPrivateKey();
            }
            Cipher cipher = Cipher.getInstance(RSA_MODE);
            cipher.init(2, privateKey);
            return cipher.doFinal(bArr);
        } catch (InvalidKeyException e) {
            this.mLogger.log(7, LOG_TAG, "decryptKey: " + e.getMessage(), new Object[0]);
            return null;
        } catch (KeyStoreException e2) {
            this.mLogger.log(7, LOG_TAG, "decryptKey: " + e2.getMessage(), new Object[0]);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            this.mLogger.log(7, LOG_TAG, "decryptKey: " + e3.getMessage(), new Object[0]);
            return null;
        } catch (UnrecoverableEntryException e4) {
            this.mLogger.log(7, LOG_TAG, "decryptKey: " + e4.getMessage(), new Object[0]);
            return null;
        } catch (BadPaddingException e5) {
            this.mLogger.log(7, LOG_TAG, "decryptKey: " + e5.getMessage(), new Object[0]);
            return null;
        } catch (IllegalBlockSizeException e6) {
            this.mLogger.log(7, LOG_TAG, "decryptKey: " + e6.getMessage(), new Object[0]);
            return null;
        } catch (NoSuchPaddingException e7) {
            this.mLogger.log(7, LOG_TAG, "decryptKey: " + e7.getMessage(), new Object[0]);
            return null;
        }
    }

    @Override // com.microsoft.teams.vault.data.IVaultKeyBox
    public String encryptData(String str) {
        try {
            byte[] bytes = str.getBytes("UTF-8");
            Cipher cipher = Cipher.getInstance(AES_MODE);
            byte[] secretKey = getSecretKey();
            cipher.init(1, new SecretKeySpec(secretKey, AES_ALGORITHM), new IvParameterSpec(secretKey));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            cipherOutputStream.write(bytes);
            cipherOutputStream.close();
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            byte[] encryptKey = encryptKey(secretKey);
            if (encryptKey == null) {
                this.mLogger.log(7, LOG_TAG, "encryptData: could not encrypt key", new Object[0]);
                return null;
            }
            byte[] bArr = new byte[encryptKey.length + byteArray.length];
            System.arraycopy(encryptKey, 0, bArr, 0, encryptKey.length);
            System.arraycopy(byteArray, 0, bArr, encryptKey.length, byteArray.length);
            return Base64.encodeToString(bArr, 0);
        } catch (IOException e) {
            this.mLogger.log(7, LOG_TAG, "encryptData: " + e.getMessage(), new Object[0]);
            return null;
        } catch (InvalidAlgorithmParameterException e2) {
            this.mLogger.log(7, LOG_TAG, "encryptData: " + e2.getMessage(), new Object[0]);
            return null;
        } catch (InvalidKeyException e3) {
            this.mLogger.log(7, LOG_TAG, "encryptData: " + e3.getMessage(), new Object[0]);
            return null;
        } catch (NoSuchAlgorithmException e4) {
            this.mLogger.log(7, LOG_TAG, "encryptData: " + e4.getMessage(), new Object[0]);
            return null;
        } catch (NoSuchPaddingException e5) {
            this.mLogger.log(7, LOG_TAG, "encryptData: " + e5.getMessage(), new Object[0]);
            return null;
        }
    }

    protected byte[] encryptKey(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance(RSA_MODE);
            if (Build.VERSION.SDK_INT >= 23) {
                Certificate certificate = keyStore.getCertificate(KEY_ALIAS);
                if (certificate == null) {
                    this.mLogger.log(7, LOG_TAG, "encryptKey: Certificate is null", new Object[0]);
                    return null;
                }
                PublicKey publicKey = certificate.getPublicKey();
                if (publicKey == null) {
                    this.mLogger.log(7, LOG_TAG, "encryptKey: Public key certificate is null", new Object[0]);
                    return null;
                }
                cipher.init(1, KeyFactory.getInstance(publicKey.getAlgorithm()).generatePublic(new X509EncodedKeySpec(publicKey.getEncoded())), new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
            } else {
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(KEY_ALIAS, null);
                if (privateKeyEntry == null) {
                    this.mLogger.log(7, LOG_TAG, "encryptKey: Private key is null", new Object[0]);
                    return null;
                }
                cipher.init(1, privateKeyEntry.getCertificate().getPublicKey());
            }
            return cipher.doFinal(bArr);
        } catch (InvalidAlgorithmParameterException e) {
            this.mLogger.log(7, LOG_TAG, "encryptKey: " + e.getMessage(), new Object[0]);
            return null;
        } catch (InvalidKeyException e2) {
            this.mLogger.log(7, LOG_TAG, "encryptKey: " + e2.getMessage(), new Object[0]);
            return null;
        } catch (KeyStoreException e3) {
            this.mLogger.log(7, LOG_TAG, "encryptKey: " + e3.getMessage(), new Object[0]);
            return null;
        } catch (NoSuchAlgorithmException e4) {
            this.mLogger.log(7, LOG_TAG, "encryptKey: " + e4.getMessage(), new Object[0]);
            return null;
        } catch (UnrecoverableEntryException e5) {
            this.mLogger.log(7, LOG_TAG, "encryptKey: " + e5.getMessage(), new Object[0]);
            return null;
        } catch (InvalidKeySpecException e6) {
            this.mLogger.log(7, LOG_TAG, "encryptKey: " + e6.getMessage(), new Object[0]);
            return null;
        } catch (BadPaddingException e7) {
            this.mLogger.log(7, LOG_TAG, "encryptKey: " + e7.getMessage(), new Object[0]);
            return null;
        } catch (IllegalBlockSizeException e8) {
            this.mLogger.log(7, LOG_TAG, "encryptKey: " + e8.getMessage(), new Object[0]);
            return null;
        } catch (NoSuchPaddingException e9) {
            this.mLogger.log(7, LOG_TAG, "encryptKey: " + e9.getMessage(), new Object[0]);
            return null;
        }
    }

    protected void generateEncryptKey() {
        try {
            KeyStore keyStore2 = KeyStore.getInstance(ANDROID_KEY_STORE);
            keyStore = keyStore2;
            keyStore2.load(null);
            if (!keyStore.containsAlias(KEY_ALIAS)) {
                if (Build.VERSION.SDK_INT >= 23) {
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEY_STORE);
                    keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(KEY_ALIAS, 3).setDigests("SHA-256", "SHA-512").setEncryptionPaddings("OAEPPadding").build());
                    keyPairGenerator.generateKeyPair();
                } else {
                    Calendar calendar = Calendar.getInstance();
                    Calendar calendar2 = Calendar.getInstance();
                    calendar2.add(1, 100);
                    KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.mContext).setAlias(KEY_ALIAS).setSubject(new X500Principal("CN=VaultKeyAlias")).setSerialNumber(BigInteger.TEN).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
                    KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", ANDROID_KEY_STORE);
                    keyPairGenerator2.initialize(build);
                    keyPairGenerator2.generateKeyPair();
                }
            }
        } catch (IOException e) {
            this.mLogger.log(7, LOG_TAG, "generateEncryptKey: " + e.getMessage(), new Object[0]);
        } catch (InvalidAlgorithmParameterException e2) {
            this.mLogger.log(7, LOG_TAG, "generateEncryptKey: " + e2.getMessage(), new Object[0]);
        } catch (KeyStoreException e3) {
            this.mLogger.log(7, LOG_TAG, "generateEncryptKey: " + e3.getMessage(), new Object[0]);
        } catch (NoSuchAlgorithmException e4) {
            this.mLogger.log(7, LOG_TAG, "generateEncryptKey: " + e4.getMessage(), new Object[0]);
        } catch (NoSuchProviderException e5) {
            this.mLogger.log(7, LOG_TAG, "generateEncryptKey: " + e5.getMessage(), new Object[0]);
        } catch (CertificateException e6) {
            this.mLogger.log(7, LOG_TAG, "generateEncryptKey: " + e6.getMessage(), new Object[0]);
        }
    }

    protected byte[] getSecretKey() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }
}
