package com.microsoft.office.lync.platform.security;

import android.annotation.SuppressLint;
import android.content.Context;
import android.provider.Settings;
import android.telephony.TelephonyManager;
import android.text.TextUtils;
import android.util.Base64;
import com.microsoft.office.lync.instrumentation.CryptoAnalytics;
import com.microsoft.office.lync.instrumentation.SSAStrings;
import com.microsoft.office.lync.proxy.enums.IDigestHelper;
import com.microsoft.office.lync.proxy.enums.NativeErrorCodes;
import com.microsoft.office.lync.tracing.Trace;
import com.microsoft.office.lync.utility.errors.ErrorMessage;
import com.microsoft.office.lync.utility.errors.ErrorUtils;
import com.microsoft.office.lync.utility.errors.LyncIllegalArgumentException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;

@SuppressLint({"All"})
/* loaded from: classes3.dex */
public class CryptoUtils {
    private static final String CryptoAlgorithm = "AES/CBC/PKCS5Padding";
    private static final int IV_SIZE = 16;
    private static final int IterationCount = 100;
    private static final String KeyDerivationAlgorithm = "PBKDF2WithHmacSHA1";
    private static final int KeyLength = 128;
    private static final String LOG_TAG = "CryptoUtils";
    private static final String LegacyCryptoAlgorithm = "AES";
    private static final String RSA_ALGORITHM = "RSA";
    private static final String RSA_SIGNING_ENCRYPTION = "RSA/NONE/PKCS1Padding";
    private static final String RandomNumberAlgorithm = "SHA1PRNG";
    private static final String SALT_FILE_NAME = "salt";
    private static final int SALT_LENGTH = 16;
    private static final Charset defaultCharset = Charset.forName("UTF-8");
    private static String mSaltRoot;

    private static String argsLog(String str, String str2, byte[] bArr, boolean z, boolean z2) {
        return String.format("[seed.length: %s], [data.length: %s], [salt.length: %s], [isNewSalt: %s], [isLocalSeed: %s]", getLengthOrNull(str), getLengthOrNull(str2), getLengthOrNull(bArr), Boolean.valueOf(z), Boolean.valueOf(z2));
    }

    private static byte[] combineIV(IvParameterSpec ivParameterSpec, byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length + 16];
        for (int i = 0; i < 16; i++) {
            bArr2[i] = ivParameterSpec.getIV()[i];
        }
        for (int i2 = 0; i2 < bArr.length; i2++) {
            bArr2[i2 + 16] = bArr[i2];
        }
        return bArr2;
    }

    public static Digest computeDigest(String str, IDigestHelper.DigestType digestType) {
        MessageDigest messageDigest;
        byte[] bytes;
        String str2 = "";
        NativeErrorCodes nativeErrorCodes = NativeErrorCodes.S_OK;
        try {
            messageDigest = MessageDigest.getInstance(digestType.name());
            bytes = str.getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            Trace.e(LOG_TAG, "Failure while encoding digest", e);
        } catch (NoSuchAlgorithmException e2) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            Trace.e(LOG_TAG, "Invalid algorithm while computing digest", e2);
        }
        if (bytes.length > 65535) {
            return new Digest("", NativeErrorCodes.E_InvalidArgument);
        }
        messageDigest.update(bytes);
        str2 = Base64.encodeToString(messageDigest.digest(), 2);
        return new Digest(str2, nativeErrorCodes);
    }

    public static HMAC computeHMACDigest(byte[] bArr, byte[] bArr2, IDigestHelper.DigestType digestType) {
        Mac mac;
        byte[] bArr3 = null;
        NativeErrorCodes nativeErrorCodes = NativeErrorCodes.S_OK;
        if (bArr2.length > 65535) {
            return new HMAC(null, NativeErrorCodes.E_InvalidArgument);
        }
        try {
            mac = Mac.getInstance("HMAC" + digestType.name());
            mac.init(new SecretKeySpec(bArr2, mac.getAlgorithm()));
        } catch (InvalidKeyException e) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            Trace.e(LOG_TAG, "Invalid private key bytes while creating HMAC", e);
        } catch (NoSuchAlgorithmException e2) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            Trace.e(LOG_TAG, "Invalid digest algorithm while computing HMAC", e2);
        }
        if (bArr.length > 65535) {
            return new HMAC(null, NativeErrorCodes.E_InvalidArgument);
        }
        bArr3 = mac.doFinal(bArr);
        return new HMAC(bArr3, nativeErrorCodes);
    }

    private static byte[] createNewSalt() {
        verifySaltRootDir();
        Trace.w(LOG_TAG, "Creating a new crypto salt file.");
        File file = new File(mSaltRoot, SALT_FILE_NAME);
        byte[] bArr = null;
        try {
            bArr = new byte[16];
            SecureRandom.getInstance(RandomNumberAlgorithm).nextBytes(bArr);
        } catch (NoSuchAlgorithmException e) {
            Trace.e(LOG_TAG, "Invalid algorithm in getStoredSalt()", e);
        }
        try {
            file.getParentFile().mkdirs();
            if (!file.getParentFile().isDirectory()) {
                Trace.e(LOG_TAG, "Could not create parent directory for salt file");
                return null;
            }
            file.createNewFile();
            if (!file.exists()) {
                Trace.e(LOG_TAG, "Could not create salt file");
                return null;
            }
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            fileOutputStream.write(bArr);
            fileOutputStream.flush();
            fileOutputStream.close();
            return bArr;
        } catch (IOException e2) {
            Trace.e(LOG_TAG, e2.toString());
            return bArr;
        }
    }

    public static Signature createSignature(String str, String str2, IDigestHelper.DigestType digestType) {
        Cipher cipher;
        SecureRandom secureRandom;
        byte[] decode;
        NativeErrorCodes nativeErrorCodes = NativeErrorCodes.S_OK;
        String str3 = "";
        String str4 = null;
        Trace.v(LOG_TAG, String.format("RSA signing data with %s and digest type %s", RSA_SIGNING_ENCRYPTION, digestType.toString()));
        try {
            cipher = Cipher.getInstance(RSA_SIGNING_ENCRYPTION, BouncyCastleProvider.PROVIDER_NAME);
            secureRandom = new SecureRandom();
            decode = Base64.decode(str2, 2);
        } catch (InvalidKeyException e) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            str4 = "Invalid private key in signature creation " + e;
        } catch (NoSuchAlgorithmException e2) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            str4 = "Invalid algorithm in signature creation " + e2;
        } catch (NoSuchProviderException e3) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            str4 = "Bad provider " + e3;
        } catch (InvalidKeySpecException e4) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            str4 = "Invalid private Key in signature creation " + e4;
        } catch (BadPaddingException e5) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            str4 = "Bad padding " + e5;
        } catch (IllegalBlockSizeException e6) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            str4 = "Illegal block size " + e6;
        } catch (NoSuchPaddingException e7) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            str4 = "Failed to create signing cipher, bad padding specification " + e7;
        }
        if (decode.length > 65535) {
            return new Signature("", NativeErrorCodes.E_InvalidArgument);
        }
        cipher.init(1, privateKeyFromBytes(decode), secureRandom);
        MessageDigest messageDigest = MessageDigest.getInstance(digestType.name());
        messageDigest.reset();
        messageDigest.update(str.getBytes());
        str3 = Base64.encodeToString(cipher.doFinal(messageDigest.digest()), 2);
        if (str4 != null) {
            CryptoAnalytics.reportRsaSigningError(str4);
            Trace.e(LOG_TAG, str4);
        }
        return new Signature(str3, nativeErrorCodes);
    }

    public static String decrypt(Context context, String str) {
        return decryptInternal(getDefaultSeed(context), str, defaultCharset, true);
    }

    public static String decrypt(Context context, String str, Charset charset) {
        return decryptInternal(getDefaultSeed(context), str, charset, true);
    }

    public static String decrypt(String str, String str2) {
        return decryptInternal(str, str2, defaultCharset, false);
    }

    private static byte[] decrypt(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, LegacyCryptoAlgorithm);
        Cipher cipher = Cipher.getInstance(LegacyCryptoAlgorithm);
        cipher.init(2, secretKeySpec);
        return cipher.doFinal(bArr2);
    }

    private static String decryptInternal(String str, String str2, Charset charset, boolean z) {
        byte[] createNewSalt;
        Exception exc;
        if (charset == null) {
            throw new IllegalArgumentException("charset is null.");
        }
        boolean z2 = false;
        try {
            createNewSalt = getStoredSalt();
        } catch (SfbCryptoSaltFileNotFoundException e) {
            z2 = true;
            createNewSalt = createNewSalt();
        }
        Trace.v(LOG_TAG, String.format("decryptInternal called with %s", argsLog(str, str2, createNewSalt, z2, z)));
        try {
            if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2)) {
                throw new LyncIllegalArgumentException("Either seed or encryptedText are empty");
            }
            return new String(decryptSecure(generateKey(str, createNewSalt), Base64.decode(str2, 0)), charset);
        } catch (LyncIllegalArgumentException e2) {
            exc = e2;
            Trace.e(LOG_TAG, String.format("Exception caught while DECRYPTING data for args: %s.", argsLog(str, str2, createNewSalt, z2, z)), exc);
            CryptoAnalytics.reportDecryptException(exc, getLengthOrNull(str), getLengthOrNull(str2), getLengthOrNull(createNewSalt), z2, z);
            return "";
        } catch (IllegalArgumentException e3) {
            exc = e3;
            Trace.e(LOG_TAG, String.format("Exception caught while DECRYPTING data for args: %s.", argsLog(str, str2, createNewSalt, z2, z)), exc);
            CryptoAnalytics.reportDecryptException(exc, getLengthOrNull(str), getLengthOrNull(str2), getLengthOrNull(createNewSalt), z2, z);
            return "";
        } catch (GeneralSecurityException e4) {
            exc = e4;
            Trace.e(LOG_TAG, String.format("Exception caught while DECRYPTING data for args: %s.", argsLog(str, str2, createNewSalt, z2, z)), exc);
            CryptoAnalytics.reportDecryptException(exc, getLengthOrNull(str), getLengthOrNull(str2), getLengthOrNull(createNewSalt), z2, z);
            return "";
        }
    }

    private static byte[] decryptSecure(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, CryptoAlgorithm);
        IvParameterSpec iv = getIV(bArr2);
        Cipher cipher = Cipher.getInstance(CryptoAlgorithm);
        cipher.init(2, secretKeySpec, iv);
        byte[] doFinal = cipher.doFinal(Arrays.copyOfRange(bArr2, 16, bArr2.length));
        if (doFinal != null) {
            return doFinal;
        }
        Trace.d(LOG_TAG, "decrypt: null result from decryption, trying with older insecure algorithm: AES");
        return decrypt(bArr, bArr2);
    }

    public static String encrypt(Context context, String str) {
        return encryptInternal(getDefaultSeed(context), str, true);
    }

    public static String encrypt(String str, String str2) {
        return encryptInternal(str, str2, false);
    }

    private static byte[] encrypt(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException {
        IvParameterSpec generateIV = generateIV();
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, CryptoAlgorithm);
        Cipher cipher = Cipher.getInstance(CryptoAlgorithm);
        cipher.init(1, secretKeySpec, generateIV);
        return combineIV(generateIV, cipher.doFinal(bArr2));
    }

    private static String encryptInternal(String str, String str2, boolean z) {
        byte[] createNewSalt;
        Exception exc;
        boolean z2 = false;
        try {
            createNewSalt = getStoredSalt();
        } catch (SfbCryptoSaltFileNotFoundException e) {
            z2 = true;
            createNewSalt = createNewSalt();
        }
        Trace.v(LOG_TAG, String.format("encryptInternal called with %s", argsLog(str, str2, createNewSalt, z2, z)));
        try {
            if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2)) {
                throw new LyncIllegalArgumentException("Either seed or clearText are empty");
            }
            return Base64.encodeToString(encrypt(generateKey(str, createNewSalt), str2.getBytes(defaultCharset)), 0);
        } catch (LyncIllegalArgumentException e2) {
            exc = e2;
            Trace.e(LOG_TAG, String.format("Exception caught while ENCRYPTING data for args: %s.", argsLog(str, str2, createNewSalt, z2, z)), exc);
            CryptoAnalytics.reportEncryptException(exc, getLengthOrNull(str), getLengthOrNull(str2), getLengthOrNull(createNewSalt), z2, z);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            exc = e3;
            Trace.e(LOG_TAG, String.format("Exception caught while ENCRYPTING data for args: %s.", argsLog(str, str2, createNewSalt, z2, z)), exc);
            CryptoAnalytics.reportEncryptException(exc, getLengthOrNull(str), getLengthOrNull(str2), getLengthOrNull(createNewSalt), z2, z);
            return null;
        } catch (GeneralSecurityException e4) {
            exc = e4;
            Trace.e(LOG_TAG, String.format("Exception caught while ENCRYPTING data for args: %s.", argsLog(str, str2, createNewSalt, z2, z)), exc);
            CryptoAnalytics.reportEncryptException(exc, getLengthOrNull(str), getLengthOrNull(str2), getLengthOrNull(createNewSalt), z2, z);
            return null;
        }
    }

    public static CertificateSigningRequest generateCSR(int i) {
        NativeErrorCodes nativeErrorCodes = NativeErrorCodes.S_OK;
        CertificateSigningRequest certificateSigningRequest = new CertificateSigningRequest();
        Trace.d(LOG_TAG, "generateCSR");
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA_ALGORITHM, BouncyCastleProvider.PROVIDER_NAME);
            keyPairGenerator.initialize(i);
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            PrivateKey privateKey = genKeyPair.getPrivate();
            byte[] encoded = new JcaPKCS10CertificationRequestBuilder(new X500Principal(""), genKeyPair.getPublic()).build(new JcaContentSignerBuilder(IDigestHelper.DigestType.SHA256 + "with" + RSA_ALGORITHM).build(privateKey)).getEncoded();
            certificateSigningRequest.setPrivateKey(Base64.encodeToString(privateKey.getEncoded(), 2));
            certificateSigningRequest.setCSR(Base64.encodeToString(encoded, 2));
        } catch (IOException e) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            Trace.e(LOG_TAG, "Failed to write CSR to PEM object in CSR generation", e);
        } catch (NoSuchAlgorithmException e2) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            Trace.e(LOG_TAG, "Invalid algorithm name in CSR generation", e2);
        } catch (NoSuchProviderException e3) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            Trace.e(LOG_TAG, "Bad provider spec", e3);
        } catch (OperatorCreationException e4) {
            nativeErrorCodes = NativeErrorCodes.E_CryptographicError;
            Trace.e(LOG_TAG, "Failure in ContentSigner creation in CSR generation ", e4);
        }
        certificateSigningRequest.setErrorCode(nativeErrorCodes);
        return certificateSigningRequest;
    }

    private static IvParameterSpec generateIV() {
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.setSeed(secureRandom.generateSeed(16));
        byte[] bArr = new byte[16];
        secureRandom.nextBytes(bArr);
        return new IvParameterSpec(bArr);
    }

    private static byte[] generateKey(String str, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return new SecretKeySpec(SecretKeyFactory.getInstance(KeyDerivationAlgorithm).generateSecret(new PBEKeySpec(str.toCharArray(), bArr, 100, 128)).getEncoded(), CryptoAlgorithm).getEncoded();
    }

    private static String getDefaultSeed(Context context) {
        if (context == null) {
            throw new IllegalArgumentException("context is null.");
        }
        StringBuilder sb = new StringBuilder();
        TelephonyManager telephonyManager = (TelephonyManager) context.getSystemService("phone");
        String deviceId = telephonyManager.getDeviceId();
        if (deviceId == null) {
            deviceId = "";
        }
        sb.append(deviceId);
        String string = Settings.Secure.getString(context.getContentResolver(), "android_id");
        if (string == null) {
            string = "";
        }
        sb.append(string);
        String simSerialNumber = telephonyManager.getSimSerialNumber();
        if (simSerialNumber == null) {
            simSerialNumber = "";
        }
        sb.append(simSerialNumber);
        String subscriberId = telephonyManager.getSubscriberId();
        if (subscriberId == null) {
            subscriberId = "";
        }
        sb.append(subscriberId);
        return sb.toString();
    }

    private static IvParameterSpec getIV(byte[] bArr) {
        return new IvParameterSpec(Arrays.copyOfRange(bArr, 0, 16));
    }

    public static String getLengthOrNull(String str) {
        return str == null ? SSAStrings.NULL : String.valueOf(str.length());
    }

    public static String getLengthOrNull(byte[] bArr) {
        return bArr == null ? SSAStrings.NULL : String.valueOf(bArr.length);
    }

    private static byte[] getStoredSalt() throws SfbCryptoSaltFileNotFoundException {
        verifySaltRootDir();
        File file = new File(mSaltRoot, SALT_FILE_NAME);
        byte[] bArr = null;
        if (!file.exists()) {
            throw new SfbCryptoSaltFileNotFoundException();
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            bArr = new byte[16];
            fileInputStream.read(bArr);
            fileInputStream.close();
            return bArr;
        } catch (IOException e) {
            Trace.e(LOG_TAG, "Failed to read the salt file in getStoredSalt()", e);
            return bArr;
        }
    }

    public static void initialize(Context context) {
        if (mSaltRoot == null) {
            mSaltRoot = context.getFilesDir().getParentFile().getAbsolutePath() + File.separator + "Crypto";
        }
        Trace.i(LOG_TAG, "CryptoUtils initialized. mSaltRoot=" + mSaltRoot);
    }

    private static PrivateKey privateKeyFromBytes(byte[] bArr) throws InvalidKeySpecException, NoSuchAlgorithmException {
        return KeyFactory.getInstance(RSA_ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    private static void verifySaltRootDir() {
        if (mSaltRoot == null) {
            ErrorUtils.getInstance().crashIfConfigured(ErrorUtils.Category.Initialization, ErrorMessage.CryptoSaltFileRootDirIsNotInitialized, new Object[0]);
            throw new NullPointerException("mSaltRoot is null. CryptoUtils wasn't initialized properly");
        }
    }
}
