package com.microsoft.teams.vault.utils;

import android.util.Base64;
import com.microsoft.skype.teams.logger.ILogger;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes5.dex */
public class SymmetricEncryption implements ISymmetricEncryption {
    private static final String AES_ALGORITHM = "AES";
    private static final String ALGORITHM = "AES/CBC/PKCS7Padding";
    private static final int ALGORITHM_CODE = 1;
    private static final int ALGORITHM_CODE_LENGTH = 1;
    private static final String ALGORITHM_STRING = "AEAD_AES_256_CBC_HMAC_SHA384";
    private static final int ASSOCIATED_DATA_LENGTH = 8;
    private static final String CIPHER_TYPE = "Microsoft Teams Vault Symmetric Encryption Key";
    private static final String ENCODING_FORMAT = "UTF-8";
    private static final int IV_LENGTH = 16;
    private static final int KEY_LENGTH = 256;
    private static final String MAC_SHA256_ALGORITHM = "HmacSHA256";
    private static final String MAC_SHA384_ALGORITHM = "HmacSHA384";
    private static final String MAC_TYPE = "Microsoft Teams Vault Message Authentication Code Key";
    private static final String MESSAGE_ASSOCIATED_DATA = "associatedData";
    private static final String MESSAGE_DATA = "data";
    private static final String MESSAGE_IV = "iv";
    private static final String MESSAGE_SECRET = "secret";
    private static final String MESSAGE_TAG = "tag";
    private static final int TAG_LENGTH = 24;
    private final ILogger mLogger;
    private final String mTAG = SymmetricEncryption.class.getSimpleName();

    public SymmetricEncryption(ILogger iLogger) {
        this.mLogger = iLogger;
    }

    private byte[] cipherKey(byte[] bArr) {
        return hmacSHA256(bArr, CIPHER_TYPE, ALGORITHM_STRING);
    }

    private byte[] decrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            byte[] decode = Base64.decode(bArr2, 0);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr3);
            SecretKeySpec secretKeySpec = new SecretKeySpec(decode, AES_ALGORITHM);
            Cipher cipher = Cipher.getInstance(ALGORITHM);
            cipher.init(2, secretKeySpec, ivParameterSpec);
            return cipher.doFinal(bArr);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            this.mLogger.log(7, this.mTAG, "decrypt exception: ", e.getMessage());
            return null;
        }
    }

    private byte[] encrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            byte[] decode = Base64.decode(bArr2, 0);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr3);
            SecretKeySpec secretKeySpec = new SecretKeySpec(decode, AES_ALGORITHM);
            Cipher cipher = Cipher.getInstance(ALGORITHM);
            cipher.init(1, secretKeySpec, ivParameterSpec);
            return cipher.doFinal(bArr);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            this.mLogger.log(7, this.mTAG, "encrypt exception: ", e.getMessage());
            return null;
        }
    }

    private Map<String, byte[]> encryptAndTag(byte[] bArr, byte[] bArr2, int i, byte[] bArr3, byte[] bArr4) {
        if (i != 1) {
            this.mLogger.log(7, this.mTAG, "encryptAndTag: algorithmCode is not valid ", Integer.valueOf(i));
            return null;
        }
        byte[] messageData = messageData(new byte[]{(byte) i}, bArr3, encrypt(bArr4, bArr, bArr3));
        byte[] tag = getTag(bArr2, messageData);
        byte[] copyOfRange = Arrays.copyOfRange(messageData, 0, messageData.length - 8);
        HashMap hashMap = new HashMap();
        hashMap.put("tag", tag);
        hashMap.put("data", copyOfRange);
        return hashMap;
    }

    private String encryptSecret(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            Map<String, byte[]> encryptAndTag = encryptAndTag(cipherKey(bArr), macKey(bArr), 1, bArr3, bArr2);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(encryptAndTag.get("data"));
            byteArrayOutputStream.write(encryptAndTag.get("tag"));
            return Base64.encodeToString(byteArrayOutputStream.toByteArray(), 0);
        } catch (IOException e) {
            this.mLogger.log(7, this.mTAG, "encrypt exception: ", e.getMessage());
            return null;
        }
    }

    private byte[] getTag(byte[] bArr, byte[] bArr2) {
        try {
            Mac mac = Mac.getInstance(MAC_SHA384_ALGORITHM);
            mac.init(new SecretKeySpec(Base64.decode(bArr, 0), MAC_SHA384_ALGORITHM));
            mac.update(bArr2);
            return Arrays.copyOfRange(mac.doFinal(), 0, 24);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            this.mLogger.log(7, this.mTAG, "getTag exception: ", e.getMessage());
            return null;
        }
    }

    private byte[] hmacSHA256(byte[] bArr, String str, String str2) {
        try {
            Mac mac = Mac.getInstance(MAC_SHA256_ALGORITHM);
            byte[] bytes = str.getBytes("UTF-8");
            byte[] bytes2 = str2.getBytes("UTF-8");
            byte[] bytes3 = Integer.toString(bArr.length).getBytes("UTF-8");
            mac.init(new SecretKeySpec(bArr, MAC_SHA256_ALGORITHM));
            mac.update(bytes);
            mac.update(bytes2);
            mac.update(bytes3);
            return Base64.encode(mac.doFinal(), 0);
        } catch (UnsupportedEncodingException | InvalidKeyException | NoSuchAlgorithmException e) {
            this.mLogger.log(7, this.mTAG, "hmacSHA256 exception: ", e.getMessage());
            return null;
        }
    }

    private boolean isMessageAuthentic(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5) {
        return Base64.encodeToString(bArr5, 0).equals(Base64.encodeToString(getTag(macKey(bArr), messageData(bArr2, bArr3, bArr4)), 0));
    }

    private byte[] macKey(byte[] bArr) {
        return hmacSHA256(bArr, MAC_TYPE, ALGORITHM_STRING);
    }

    private byte[] messageData(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            byte[] bArr4 = new byte[8];
            bArr4[7] = 8;
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(bArr);
            byteArrayOutputStream.write(bArr2);
            byteArrayOutputStream.write(bArr3);
            byteArrayOutputStream.write(bArr4);
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            this.mLogger.log(7, this.mTAG, "messageData exception: ", e.getMessage());
            return null;
        }
    }

    private Map<String, byte[]> splitEncryptedMessage(String str) {
        byte[] decode = Base64.decode(str, 0);
        int length = decode.length - 24;
        byte[] copyOfRange = Arrays.copyOfRange(decode, 0, 1);
        byte[] copyOfRange2 = Arrays.copyOfRange(decode, 1, 17);
        byte[] copyOfRange3 = Arrays.copyOfRange(decode, 17, length);
        byte[] copyOfRange4 = Arrays.copyOfRange(decode, length, length + 24);
        HashMap hashMap = new HashMap();
        hashMap.put(MESSAGE_ASSOCIATED_DATA, copyOfRange);
        hashMap.put(MESSAGE_IV, copyOfRange2);
        hashMap.put("secret", copyOfRange3);
        hashMap.put("tag", copyOfRange4);
        return hashMap;
    }

    @Override // com.microsoft.teams.vault.utils.ISymmetricEncryption
    public byte[] decryptSecret(String str, String str2) {
        Map<String, byte[]> splitEncryptedMessage = splitEncryptedMessage(str);
        byte[] decode = Base64.decode(str2, 0);
        if (!isMessageAuthentic(decode, splitEncryptedMessage.get(MESSAGE_ASSOCIATED_DATA), splitEncryptedMessage.get(MESSAGE_IV), splitEncryptedMessage.get("secret"), splitEncryptedMessage.get("tag"))) {
            return null;
        }
        return decrypt(splitEncryptedMessage.get("secret"), cipherKey(decode), splitEncryptedMessage.get(MESSAGE_IV));
    }

    @Override // com.microsoft.teams.vault.utils.ISymmetricEncryption
    public String encryptSecret(String str, String str2, String str3) {
        try {
            return encryptSecretBytes(str, str2.getBytes("UTF-8"), str3);
        } catch (UnsupportedEncodingException e) {
            this.mLogger.log(7, this.mTAG, "encryptSecret exception: ", e.getMessage());
            return null;
        }
    }

    @Override // com.microsoft.teams.vault.utils.ISymmetricEncryption
    public String encryptSecretBytes(String str, byte[] bArr, String str2) {
        return encryptSecret(Base64.decode(str, 0), bArr, str2 == null ? getAesIv() : Base64.decode(str2, 0));
    }

    @Override // com.microsoft.teams.vault.utils.ISymmetricEncryption
    public byte[] getAesIv() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return new IvParameterSpec(bArr).getIV();
    }

    @Override // com.microsoft.teams.vault.utils.ISymmetricEncryption
    public String getKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(AES_ALGORITHM);
            keyGenerator.init(256);
            return Base64.encodeToString(keyGenerator.generateKey().getEncoded(), 0);
        } catch (NoSuchAlgorithmException e) {
            this.mLogger.log(7, this.mTAG, "getKey exception: ", e.getMessage());
            return null;
        }
    }

    @Override // com.microsoft.teams.vault.utils.ISymmetricEncryption
    public boolean isPassphraseAuthentic(String str, String str2) {
        Map<String, byte[]> splitEncryptedMessage = splitEncryptedMessage(str);
        return isMessageAuthentic(Base64.decode(str2, 0), splitEncryptedMessage.get(MESSAGE_ASSOCIATED_DATA), splitEncryptedMessage.get(MESSAGE_IV), splitEncryptedMessage.get("secret"), splitEncryptedMessage.get("tag"));
    }
}
