package com.intuit.idps.android;

import com.intuit.idps.android.exceptions.IDPSKeyWrapException;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import sun.security.util.DerInputStream;
import sun.security.util.DerValue;

/* loaded from: classes9.dex */
public class IDPSKeyWrapper {
    protected static final String GCM_MODE = "AES/GCM/NoPadding";
    protected static final int TAG_LENGTH_BITS = 128;
    protected static volatile SecureRandom secureRandom;

    static {
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
    }

    private int extractKeyVersion(byte[] bArr) {
        return ByteBuffer.wrap(bArr, 2, 4).getInt();
    }

    private byte[] generateIdpsHeaders(int i) {
        ByteBuffer allocate = ByteBuffer.allocate(6);
        allocate.put((byte) -38);
        allocate.put((byte) 1);
        allocate.putInt(i);
        return allocate.array();
    }

    private byte[] generateSymmetricKey() {
        if (secureRandom == null) {
            secureRandom = new SecureRandom();
        }
        byte[] bArr = new byte[32];
        secureRandom.nextBytes(bArr);
        return bArr;
    }

    private boolean isIdpsCiphertext(byte[] bArr) {
        return bArr != null && bArr.length >= 2 && bArr[0] == -38 && (bArr[1] == 1 || bArr[1] == 2);
    }

    public byte[] encryptAndWrap(byte[] bArr, byte[] bArr2, int i) throws IDPSKeyWrapException {
        PublicKey generatePublic;
        if (bArr == null || bArr.length < 1) {
            throw new IDPSKeyWrapException("Plaintext cannot be empty");
        }
        if (bArr2 == null || bArr2.length < 1) {
            throw new IDPSKeyWrapException("Public key cannot be empty");
        }
        if (i <= 0) {
            throw new IDPSKeyWrapException("Version has to be a positive non-zero integer");
        }
        byte[] generateSymmetricKey = generateSymmetricKey();
        byte[] generateIdpsHeaders = generateIdpsHeaders(i);
        try {
            try {
                KeyFactory keyFactory = KeyFactory.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME);
                try {
                    generatePublic = keyFactory.generatePublic(new X509EncodedKeySpec(bArr2));
                } catch (InvalidKeySpecException unused) {
                    DerValue[] sequence = new DerInputStream(bArr2).getSequence(0);
                    if (sequence.length < 9) {
                        throw new IDPSKeyWrapException("Could not parse a PKCS1 public key.");
                    }
                    generatePublic = keyFactory.generatePublic(new RSAPublicKeySpec(sequence[1].getBigInteger(), sequence[2].getBigInteger()));
                }
                Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", BouncyCastleProvider.PROVIDER_NAME);
                cipher.init(1, generatePublic);
                byte[] doFinal = cipher.doFinal(generateSymmetricKey, 0, generateSymmetricKey.length);
                byte[] bArr3 = new byte[12];
                secureRandom.nextBytes(bArr3);
                GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, bArr3);
                SecretKeySpec secretKeySpec = new SecretKeySpec(generateSymmetricKey, "AES");
                Cipher cipher2 = Cipher.getInstance("AES/GCM/NoPadding", BouncyCastleProvider.PROVIDER_NAME);
                cipher2.init(1, secretKeySpec, gCMParameterSpec);
                byte[] doFinal2 = cipher2.doFinal(bArr, 0, bArr.length);
                byte[] bArr4 = new byte[generateIdpsHeaders.length + doFinal.length + bArr3.length + doFinal2.length];
                System.arraycopy(generateIdpsHeaders, 0, bArr4, 0, generateIdpsHeaders.length);
                System.arraycopy(doFinal, 0, bArr4, generateIdpsHeaders.length, doFinal.length);
                System.arraycopy(bArr3, 0, bArr4, generateIdpsHeaders.length + doFinal.length, bArr3.length);
                System.arraycopy(doFinal2, 0, bArr4, generateIdpsHeaders.length + doFinal.length + bArr3.length, doFinal2.length);
                return bArr4;
            } catch (InvalidKeySpecException e) {
                e = e;
                e.printStackTrace();
                throw new IDPSKeyWrapException(e.getMessage());
            }
        } catch (IOException e2) {
            e = e2;
            e.printStackTrace();
            throw new IDPSKeyWrapException(e.getMessage());
        } catch (InvalidAlgorithmParameterException e3) {
            e = e3;
            e.printStackTrace();
            throw new IDPSKeyWrapException(e.getMessage());
        } catch (InvalidKeyException e4) {
            e = e4;
            e.printStackTrace();
            throw new IDPSKeyWrapException(e.getMessage());
        } catch (NoSuchAlgorithmException e5) {
            e = e5;
            e.printStackTrace();
            throw new IDPSKeyWrapException(e.getMessage());
        } catch (NoSuchProviderException e6) {
            e = e6;
            e.printStackTrace();
            throw new IDPSKeyWrapException(e.getMessage());
        } catch (BadPaddingException e7) {
            e = e7;
            e.printStackTrace();
            throw new IDPSKeyWrapException(e.getMessage());
        } catch (IllegalBlockSizeException e8) {
            e = e8;
            e.printStackTrace();
            throw new IDPSKeyWrapException(e.getMessage());
        } catch (NoSuchPaddingException e9) {
            e = e9;
            e.printStackTrace();
            throw new IDPSKeyWrapException(e.getMessage());
        }
    }

    public byte[] unwrapAndDecrypt(byte[] bArr, byte[] bArr2) throws IDPSKeyWrapException {
        PrivateKey generatePrivate;
        if (bArr == null || bArr.length < 1) {
            throw new IDPSKeyWrapException("Ciphertext cannot be empty");
        }
        if (bArr2 == null || bArr2.length < 1) {
            throw new IDPSKeyWrapException("Private key cannot be empty");
        }
        if (!isIdpsCiphertext(bArr)) {
            throw new IDPSKeyWrapException("Not a IDPS encrypted ciphertext");
        }
        if (extractKeyVersion(bArr) < 1) {
            throw new IDPSKeyWrapException("Version has to be a positive non-zero integer");
        }
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 262, bArr.length);
        try {
            try {
                KeyFactory keyFactory = KeyFactory.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME);
                Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", BouncyCastleProvider.PROVIDER_NAME);
                byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 6, 262);
                try {
                    generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr2));
                } catch (InvalidKeySpecException unused) {
                    DerValue[] sequence = new DerInputStream(bArr2).getSequence(0);
                    if (sequence.length < 9) {
                        throw new IDPSKeyWrapException("Could not parse a PKCS1 private key.");
                    }
                    generatePrivate = keyFactory.generatePrivate(new RSAPrivateCrtKeySpec(sequence[1].getBigInteger(), sequence[2].getBigInteger(), sequence[3].getBigInteger(), sequence[4].getBigInteger(), sequence[5].getBigInteger(), sequence[6].getBigInteger(), sequence[7].getBigInteger(), sequence[8].getBigInteger()));
                }
                cipher.init(2, generatePrivate);
                byte[] doFinal = cipher.doFinal(copyOfRange2);
                byte[] copyOf = Arrays.copyOf(copyOfRange, 12);
                byte[] copyOfRange3 = Arrays.copyOfRange(copyOfRange, 12, copyOfRange.length);
                GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, copyOf);
                SecretKeySpec secretKeySpec = new SecretKeySpec(doFinal, "AES");
                Cipher cipher2 = Cipher.getInstance("AES/GCM/NoPadding", BouncyCastleProvider.PROVIDER_NAME);
                cipher2.init(2, secretKeySpec, gCMParameterSpec);
                return cipher2.doFinal(copyOfRange3);
            } catch (InvalidKeySpecException e) {
                e = e;
                Exception exc = e;
                exc.printStackTrace();
                throw new IDPSKeyWrapException(exc.getMessage());
            }
        } catch (IOException e2) {
            e = e2;
            Exception exc2 = e;
            exc2.printStackTrace();
            throw new IDPSKeyWrapException(exc2.getMessage());
        } catch (ArrayIndexOutOfBoundsException e3) {
            e = e3;
            Exception exc22 = e;
            exc22.printStackTrace();
            throw new IDPSKeyWrapException(exc22.getMessage());
        } catch (InvalidAlgorithmParameterException e4) {
            e = e4;
            Exception exc222 = e;
            exc222.printStackTrace();
            throw new IDPSKeyWrapException(exc222.getMessage());
        } catch (InvalidKeyException e5) {
            e = e5;
            Exception exc2222 = e;
            exc2222.printStackTrace();
            throw new IDPSKeyWrapException(exc2222.getMessage());
        } catch (NoSuchAlgorithmException e6) {
            e = e6;
            Exception exc22222 = e;
            exc22222.printStackTrace();
            throw new IDPSKeyWrapException(exc22222.getMessage());
        } catch (NoSuchProviderException e7) {
            e = e7;
            Exception exc222222 = e;
            exc222222.printStackTrace();
            throw new IDPSKeyWrapException(exc222222.getMessage());
        } catch (BadPaddingException e8) {
            e = e8;
            Exception exc2222222 = e;
            exc2222222.printStackTrace();
            throw new IDPSKeyWrapException(exc2222222.getMessage());
        } catch (IllegalBlockSizeException e9) {
            e = e9;
            Exception exc22222222 = e;
            exc22222222.printStackTrace();
            throw new IDPSKeyWrapException(exc22222222.getMessage());
        } catch (NoSuchPaddingException e10) {
            e = e10;
            Exception exc222222222 = e;
            exc222222222.printStackTrace();
            throw new IDPSKeyWrapException(exc222222222.getMessage());
        }
    }
}
