package com.avast.android.airbond.internal.crypto;

import com.avast.android.airbond.CryptoException;
import com.avast.android.airbond.internal.Crypto;
import com.avast.android.passwordmanager.o.biv;
import com.avast.android.passwordmanager.o.biw;
import com.avast.android.passwordmanager.o.biy;
import com.avast.android.passwordmanager.o.bjc;
import com.avast.android.passwordmanager.o.bjh;
import com.avast.android.passwordmanager.o.bjm;
import com.avast.android.passwordmanager.o.bjt;
import com.avast.android.passwordmanager.o.bjv;
import com.avast.android.passwordmanager.o.bjw;
import com.avast.android.passwordmanager.o.bkc;
import com.avast.android.passwordmanager.o.bkd;
import com.avast.android.passwordmanager.o.bkh;
import com.avast.android.passwordmanager.o.bko;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.spongycastle.jce.ECNamedCurveTable;
import org.spongycastle.jce.interfaces.ECPublicKey;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.jce.spec.ECNamedCurveParameterSpec;
import org.spongycastle.jce.spec.ECPublicKeySpec;

/* loaded from: classes.dex */
public class CastleCrypto implements Crypto {
    public static final String AES_WITH_OTP_TRANSFORMATION = "AES/ECB/PKCS5Padding";
    public static final String AES_WITH_SHK_TRANSFORMATION = "AES/ECB/NoPadding";
    public static final int OTP_LENGTH = 16;
    private static final int c = 16;
    private final biv<SecureRandom> a;
    private final String b;
    public static final Companion Companion = new Companion(null);
    private static final /* synthetic */ bko[] d = {bkd.a(new bkc(bkd.a(CastleCrypto.class), "random", "getRandom()Ljava/security/SecureRandom;"))};

    /* loaded from: classes.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(bjt bjtVar) {
            this();
        }
    }

    /* loaded from: classes.dex */
    static final class a extends bjw implements bjm<SecureRandom> {
        public static final a a = new a();

        a() {
            super(0);
        }

        @Override // com.avast.android.passwordmanager.o.bju, com.avast.android.passwordmanager.o.bjm
        /* renamed from: b, reason: merged with bridge method [inline-methods] */
        public final SecureRandom a() {
            return new SecureRandom();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public CastleCrypto() {
        this(null, 1, 0 == true ? 1 : 0);
    }

    public CastleCrypto(String str) {
        bjv.b(str, "providerName");
        this.b = str;
        this.a = biw.a(biy.NONE, a.a);
        Security.addProvider(new BouncyCastleProvider());
    }

    public /* synthetic */ CastleCrypto(String str, int i, bjt bjtVar) {
        this((i & 1) != 0 ? BouncyCastleProvider.PROVIDER_NAME : str);
    }

    private final SecureRandom a() {
        biv<SecureRandom> bivVar = this.a;
        bko bkoVar = d[0];
        return bivVar.a();
    }

    private final byte[] a(byte[] bArr, SecretKey secretKey, String str) {
        try {
            Cipher cipher = Cipher.getInstance(str, this.b);
            cipher.init(1, secretKey);
            byte[] doFinal = cipher.doFinal(bArr);
            bjv.a((Object) doFinal, "cipher.doFinal(data)");
            return doFinal;
        } catch (GeneralSecurityException e) {
            throw new CryptoException("failed to encrypt data", e);
        }
    }

    @Override // com.avast.android.airbond.internal.Crypto
    public byte[] decryptDataWithOtp(byte[] bArr, byte[] bArr2) {
        bjv.b(bArr, "data");
        bjv.b(bArr2, "key");
        if (bArr2.length != OTP_LENGTH) {
            throw new IllegalArgumentException("illegal OTP length " + bArr2.length);
        }
        try {
            Cipher cipher = Cipher.getInstance(AES_WITH_OTP_TRANSFORMATION, this.b);
            cipher.init(2, new SecretKeySpec(bArr2, "AES"));
            byte[] doFinal = cipher.doFinal(bArr);
            bjv.a((Object) doFinal, "cipher.doFinal(data)");
            return doFinal;
        } catch (GeneralSecurityException e) {
            throw new CryptoException("failed to decrypt data", e);
        }
    }

    @Override // com.avast.android.airbond.internal.Crypto
    public byte[] deduceSharedKeyFromEcdhKeyPair(PrivateKey privateKey, PublicKey publicKey) {
        bjv.b(privateKey, "privateKey");
        bjv.b(publicKey, "publicKey");
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", this.b);
            keyAgreement.init(privateKey);
            keyAgreement.doPhase(publicKey, true);
            byte[] generateSecret = keyAgreement.generateSecret();
            byte[] bArr = new byte[c];
            bkh a2 = bjh.a(bArr);
            int a3 = a2.a();
            int b = a2.b();
            if (a3 <= b) {
                while (true) {
                    bArr[a3] = (byte) (generateSecret[a3] ^ generateSecret[c + a3]);
                    if (a3 == b) {
                        break;
                    }
                    a3++;
                }
            }
            return bArr;
        } catch (GeneralSecurityException e) {
            throw new CryptoException("failed to deduce shared key from ECDH key agreement", e);
        }
    }

    @Override // com.avast.android.airbond.internal.Crypto
    public byte[] encryptDataWithAirBondSecretKey(byte[] bArr, byte[] bArr2) {
        bjv.b(bArr, "data");
        bjv.b(bArr2, "key");
        return a(bArr, new SecretKeySpec(bArr2, "AES"), AES_WITH_SHK_TRANSFORMATION);
    }

    @Override // com.avast.android.airbond.internal.Crypto
    public byte[] encryptDataWithOtp(byte[] bArr, byte[] bArr2) {
        bjv.b(bArr, "data");
        bjv.b(bArr2, "key");
        if (bArr2.length != OTP_LENGTH) {
            throw new IllegalArgumentException("illegal OTP length " + bArr2.length);
        }
        return a(bArr, new SecretKeySpec(bArr2, "AES"), AES_WITH_OTP_TRANSFORMATION);
    }

    @Override // com.avast.android.airbond.internal.Crypto
    public KeyPair generateEcdhKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDH", this.b);
            keyPairGenerator.initialize(new ECGenParameterSpec("secp256r1"));
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            bjv.a((Object) generateKeyPair, "kp");
            return generateKeyPair;
        } catch (GeneralSecurityException e) {
            throw new CryptoException(null, e, 1, null);
        }
    }

    protected final String getProviderName() {
        return this.b;
    }

    @Override // com.avast.android.airbond.internal.Crypto
    public byte[] randomBytes(byte[] bArr) {
        bjv.b(bArr, "bytes");
        a().nextBytes(bArr);
        return bArr;
    }

    @Override // com.avast.android.airbond.internal.Crypto
    public byte[] sha256(byte[] bArr) {
        bjv.b(bArr, "data");
        byte[] digest = MessageDigest.getInstance("SHA-256").digest(bArr);
        bjv.a((Object) digest, "digest.digest(data)");
        return digest;
    }

    @Override // com.avast.android.airbond.internal.Crypto
    public PublicKey toEcdhPublicKeyFromPointEncodedBytes(byte[] bArr) {
        bjv.b(bArr, "keyBytes");
        if (bArr.length == 0) {
            return (PublicKey) null;
        }
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("ECDH", this.b);
            ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("secp256r1");
            PublicKey generatePublic = keyFactory.generatePublic(new ECPublicKeySpec(parameterSpec.getCurve().decodePoint(bArr), parameterSpec));
            if (generatePublic == null) {
                throw new bjc("null cannot be cast to non-null type org.spongycastle.jce.interfaces.ECPublicKey");
            }
            return (ECPublicKey) generatePublic;
        } catch (GeneralSecurityException e) {
            throw new CryptoException("failed to convert bytes to ECDH Public key", e);
        }
    }

    @Override // com.avast.android.airbond.internal.Crypto
    public byte[] toPointEncodedBytesFromEC(PublicKey publicKey) {
        bjv.b(publicKey, "ecdh");
        ECPublicKey eCPublicKey = (ECPublicKey) (!(publicKey instanceof ECPublicKey) ? null : publicKey);
        if (eCPublicKey == null) {
            throw new IllegalArgumentException("given key " + publicKey + " is not of type ECPublicKey");
        }
        byte[] encoded = eCPublicKey.getQ().getEncoded();
        bjv.a((Object) encoded, "publicKey.q.encoded");
        return encoded;
    }

    @Override // com.avast.android.airbond.internal.Crypto
    public boolean verifySignatureWithMasterKey(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        bjv.b(bArr, "data");
        bjv.b(bArr2, "signature");
        bjv.b(bArr3, "masterPublicKey");
        try {
            PublicKey generatePublic = KeyFactory.getInstance("ECDH", this.b).generatePublic(new X509EncodedKeySpec(bArr3));
            Signature signature = Signature.getInstance("SHA256withECDSA", this.b);
            signature.initVerify(generatePublic);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (GeneralSecurityException e) {
            throw new CryptoException("failed to verify signature", e);
        }
    }
}
