package com.microsoft.omadm.utils;

import android.content.Context;
import com.microsoft.intune.common.utils.IOUtils;
import com.microsoft.omadm.EnrollmentSettings;
import com.microsoft.omadm.Services;
import com.microsoft.omadm.connection.CertificateKeyStore;
import com.microsoft.omadm.exception.OMADMException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.spongycastle.cms.CMSEnvelopedData;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.RecipientInformation;
import org.spongycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.spongycastle.cms.jcajce.JceKeyTransRecipientId;
import org.spongycastle.crypto.signers.PSSSigner;
import org.spongycastle.util.encoders.Base64;

/* loaded from: classes.dex */
public final class DataEncryptionUtils {
    private static final int ITERATION_COUNT = 20;
    private static final int IV_BYTES = 16;
    private static final int KEY_LENGTH = 128;
    private static final String PBE_ALGORITHM = "PBKDF2WithHmacSHA1";
    public static final String RSA_ALGORITHM = "RSA/None/PKCS1Padding";
    private static final String SECRET_KEY_ALGORITHM = "AES";
    public static final String TRANSFORMATION = "AES/CBC/PKCS5Padding";

    private DataEncryptionUtils() {
    }

    public static String decryptData(byte[] bArr, Context context) throws OMADMException {
        return decryptData(bArr, context, TRANSFORMATION);
    }

    @Deprecated
    public static String decryptData(byte[] bArr, Context context, String str) throws OMADMException {
        if (bArr == null) {
            return null;
        }
        try {
            return new String(decryptRawData(bArr, context, str), IOUtils.UTF8_CHARSET_ENCODING);
        } catch (UnsupportedEncodingException e) {
            throw new OMADMException("Failed to decode the base64 encoded data", e);
        }
    }

    private static String decryptEnvelope(byte[] bArr, X509Certificate x509Certificate, PrivateKey privateKey) throws OMADMException, CMSException {
        return new String(decryptEnvelope(new CMSEnvelopedData(bArr), x509Certificate, privateKey));
    }

    private static byte[] decryptEnvelope(CMSEnvelopedData cMSEnvelopedData, X509Certificate x509Certificate, PrivateKey privateKey) throws OMADMException, CMSException {
        RecipientInformation recipientInformation = cMSEnvelopedData.getRecipientInfos().get(new JceKeyTransRecipientId(x509Certificate));
        if (recipientInformation == null) {
            throw new OMADMException("Cannot decrypt data, key transfer recipient missing for certificate: " + x509Certificate.getSubjectDN());
        }
        return recipientInformation.getContent(new JceKeyTransEnvelopedRecipient(privateKey));
    }

    private static String decryptKeyData(byte[] bArr, RSAPrivateKey rSAPrivateKey, String str) throws OMADMException {
        try {
            Cipher cipher = Cipher.getInstance(str);
            cipher.init(2, rSAPrivateKey);
            return new String(cipher.doFinal(bArr), "UTF8");
        } catch (Throwable th) {
            throw new OMADMException(th);
        }
    }

    public static byte[] decryptRawData(byte[] bArr, Context context) throws OMADMException {
        return decryptRawData(bArr, context, TRANSFORMATION);
    }

    @Deprecated
    public static byte[] decryptRawData(byte[] bArr, Context context, String str) throws OMADMException {
        byte[] bArr2;
        if (bArr == null || bArr.length == 0) {
            return bArr;
        }
        IvParameterSpec ivParameterSpec = null;
        if (!str.contains("/CBC/")) {
            bArr2 = bArr;
        } else {
            if (bArr.length <= 16) {
                throw new OMADMException("Unable to apply transform; data length is too short: " + bArr.length);
            }
            byte[] bArr3 = new byte[16];
            bArr2 = new byte[bArr.length - 16];
            System.arraycopy(bArr, 0, bArr3, 0, 16);
            System.arraycopy(bArr, 16, bArr2, 0, bArr.length - 16);
            ivParameterSpec = new IvParameterSpec(bArr3);
        }
        try {
            Cipher cipher = Cipher.getInstance(str);
            try {
                cipher.init(2, getSecretKey(context), ivParameterSpec);
                try {
                    return cipher.doFinal(bArr2);
                } catch (BadPaddingException e) {
                    throw new OMADMException("Failed to decrypt the data", e);
                } catch (IllegalBlockSizeException e2) {
                    throw new OMADMException("Failed to decrypt the data", e2);
                }
            } catch (InvalidAlgorithmParameterException e3) {
                throw new OMADMException("Failed to init Cipher", e3);
            } catch (InvalidKeyException e4) {
                throw new OMADMException("Failed to init Cipher", e4);
            }
        } catch (NoSuchAlgorithmException e5) {
            throw new OMADMException("Failed to get an instance of Cipher: " + str, e5);
        } catch (NoSuchPaddingException e6) {
            throw new OMADMException("Failed to get an instance of Cipher: " + str, e6);
        }
    }

    public static String decryptUsingEnrollmentCert(byte[] bArr) throws OMADMException, CMSException {
        Context context = (Context) Services.getInstance(Context.class);
        EnrollmentSettings enrollmentSettings = (EnrollmentSettings) Services.getInstance(EnrollmentSettings.class);
        if (CertificateKeyStore.hasEnrollmentCertificate(context, enrollmentSettings)) {
            return decryptEnvelope(bArr, CertificateKeyStore.getEnrollmentCertificate(context, enrollmentSettings), CertificateKeyStore.getEnrollmentPrivateKey(context, enrollmentSettings));
        }
        throw new OMADMException("Unable to decrypt data, enrollment certificate not found.");
    }

    public static byte[] encryptData(String str, Context context) throws OMADMException {
        if (str == null) {
            return null;
        }
        try {
            return encryptRawData(str.getBytes(IOUtils.UTF8_CHARSET_ENCODING), context);
        } catch (UnsupportedEncodingException e) {
            throw new OMADMException("Failed to encode the encrypted data", e);
        }
    }

    public static byte[] encryptKeyData(String str, Certificate certificate) throws OMADMException {
        try {
            Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);
            cipher.init(1, certificate);
            return cipher.doFinal(str.getBytes("UTF8"));
        } catch (Throwable th) {
            throw new OMADMException(th);
        }
    }

    public static byte[] encryptRawData(byte[] bArr, Context context) throws OMADMException {
        if (bArr == null) {
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance(TRANSFORMATION);
            byte[] generateSeed = new SecureRandom().generateSeed(16);
            try {
                cipher.init(1, getSecretKey(context), new IvParameterSpec(generateSeed));
                try {
                    byte[] doFinal = cipher.doFinal(bArr);
                    byte[] bArr2 = new byte[doFinal.length + generateSeed.length];
                    System.arraycopy(generateSeed, 0, bArr2, 0, generateSeed.length);
                    System.arraycopy(doFinal, 0, bArr2, generateSeed.length, doFinal.length);
                    return bArr2;
                } catch (BadPaddingException e) {
                    throw new OMADMException("Failed to encrypt the data", e);
                } catch (IllegalBlockSizeException e2) {
                    throw new OMADMException("Failed to encrypt the data", e2);
                }
            } catch (InvalidAlgorithmParameterException e3) {
                throw new OMADMException("Failed to init Cipher", e3);
            } catch (InvalidKeyException e4) {
                throw new OMADMException("Failed to init Cipher", e4);
            }
        } catch (NoSuchAlgorithmException e5) {
            throw new OMADMException("Failed to get an instance of Cipher: AES/CBC/PKCS5Padding", e5);
        } catch (NoSuchPaddingException e6) {
            throw new OMADMException("Failed to get an instance of Cipher: AES/CBC/PKCS5Padding", e6);
        }
    }

    private static String getKeyStorePassword(Context context, EnrollmentSettings enrollmentSettings) throws OMADMException {
        return getKeyStorePassword(context, RSA_ALGORITHM, enrollmentSettings);
    }

    @Deprecated
    public static String getKeyStorePassword(Context context, String str, EnrollmentSettings enrollmentSettings) throws OMADMException {
        String string = enrollmentSettings.getString(EnrollmentSettings.KEY_STORE_PASSWORD, null);
        if (string == null) {
            throw new OMADMException("CertificateStorePassword should not be null");
        }
        if (!enrollmentSettings.getBoolean(EnrollmentSettings.IS_KEY_STORE_PASSWORD_ENCRYPTED, false)) {
            return string;
        }
        return decryptKeyData(Base64.decode(string), CertificateKeyStore.getEnrollmentPrivateKey(context, enrollmentSettings), str);
    }

    private static SecretKey getSecretKey(Context context) throws OMADMException {
        try {
            try {
                return new SecretKeySpec(SecretKeyFactory.getInstance(PBE_ALGORITHM).generateSecret(new PBEKeySpec(getKeyStorePassword(context, (EnrollmentSettings) Services.getInstance(EnrollmentSettings.class)).toCharArray(), new byte[]{-80, PSSSigner.TRAILER_IMPLICIT, 73, -83, -49, -37, 93, 81}, 20, 128)).getEncoded(), SECRET_KEY_ALGORITHM);
            } catch (InvalidKeySpecException e) {
                throw new OMADMException("Failed to generate AES SecretKeySpec: ", e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new OMADMException("Failed to get an instance of PBKDF2WithHmacSHA1: ", e2);
        }
    }

    public static void reEncryptKeyStorePassword(Certificate certificate, EnrollmentSettings enrollmentSettings, Context context) throws OMADMException {
        if (enrollmentSettings.getBoolean(EnrollmentSettings.IS_KEY_STORE_PASSWORD_ENCRYPTED, false)) {
            enrollmentSettings.setString(EnrollmentSettings.KEY_STORE_PASSWORD, Base64.toBase64String(encryptKeyData(getKeyStorePassword(context, enrollmentSettings), certificate)));
        }
    }
}
