package com.citrix.shield.crypto;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import com.citrix.shield.crypto.CtxShieldCrypto;
import com.citrix.shield.crypto.cryptohandle.CtxCryptoHandle;
import com.citrix.shield.crypto.custom.CtxAESSymKey;
import com.google.gson.l;
import com.google.gson.m;
import com.nimbusds.jose.jwk.JWK;
import java.io.ByteArrayOutputStream;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.spec.MGF1ParameterSpec;
import java.util.Iterator;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import kotlin.collections.i;
import kotlin.n;
import kotlin.text.d;

/* compiled from: CtxAndroidCrypto.kt */
@n(bv = {1, 0, 3}, d1 = {"\u0000B\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0002\b\b\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\r\u001a\b\u0010\u0001\u001a\u00020\u0000H\u0000\u001a\u0014\u0010\u0005\u001a\u0004\u0018\u00010\u00042\b\u0010\u0003\u001a\u0004\u0018\u00010\u0002H\u0000\u001a\u0014\u0010\u0007\u001a\u0004\u0018\u00010\u00062\b\u0010\u0003\u001a\u0004\u0018\u00010\u0002H\u0000\u001a\u0010\u0010\n\u001a\u00020\u00002\u0006\u0010\t\u001a\u00020\bH\u0000\u001a\u0018\u0010\r\u001a\u00020\b2\u0006\u0010\f\u001a\u00020\u000b2\u0006\u0010\t\u001a\u00020\bH\u0000\u001a\u0018\u0010\u000f\u001a\u00020\u000b2\u0006\u0010\u000e\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\bH\u0000\u001a\u001a\u0010\u0011\u001a\u0004\u0018\u00010\u000b2\u0006\u0010\t\u001a\u00020\b2\u0006\u0010\u0010\u001a\u00020\u000bH\u0002\u001a\u001a\u0010\u0011\u001a\u0004\u0018\u00010\u000b2\u0006\u0010\u0012\u001a\u00020\u00062\u0006\u0010\u0010\u001a\u00020\u000bH\u0000\u001a\u0012\u0010\u0013\u001a\u0004\u0018\u00010\u000b2\u0006\u0010\u0010\u001a\u00020\u000bH\u0000\u001a\u0018\u0010\u000f\u001a\u00020\u000b2\u0006\u0010\u0010\u001a\u00020\u000b2\u0006\u0010\u0015\u001a\u00020\u0014H\u0000\u001a\u001c\u0010\u001b\u001a\u0004\u0018\u00010\u001a2\u0006\u0010\u0017\u001a\u00020\u00162\b\u0010\u0019\u001a\u0004\u0018\u00010\u0018H\u0000\u001a\u0012\u0010\u001c\u001a\u0004\u0018\u00010\u000b2\u0006\u0010\f\u001a\u00020\u000bH\u0000\u001a\u001a\u0010\u001f\u001a\u00020\u00162\b\u0010\u001d\u001a\u0004\u0018\u00010\u000b2\u0006\u0010\u001e\u001a\u00020\u000bH\u0000\u001a \u0010\"\u001a\u00020\u00162\u0006\u0010 \u001a\u00020\u00042\u0006\u0010\f\u001a\u00020\b2\u0006\u0010!\u001a\u00020\bH\u0000\u001a \u0010\"\u001a\u00020\u00162\u0006\u0010 \u001a\u00020\u00042\u0006\u0010\f\u001a\u00020\u000b2\u0006\u0010!\u001a\u00020\bH\u0000\u001a\u0012\u0010$\u001a\u0004\u0018\u00010\u000b2\u0006\u0010#\u001a\u00020\u000bH\u0000\u001a\u001a\u0010&\u001a\u0004\u0018\u00010\u000b2\u0006\u0010%\u001a\u00020\u00042\u0006\u0010#\u001a\u00020\u000bH\u0000¨\u0006'"}, d2 = {"Lkotlin/r;", "generateAsymmetricKeyPair", "Ljava/security/KeyStore;", "keystore", "Ljava/security/PublicKey;", "getEndpointPublicKey", "Ljava/security/PrivateKey;", "getEndpointPrivateKey", "", "alias", "generateSymmetricKey", "", "data", "encryptUsingSymmetricKey", "cipherBase64", "decryptUsingSymmetricKey", "cipherBytes", "decryptUsingAsymmetricKey", "privateKey", "decryptUsingEndPointKey", "Lcom/citrix/shield/crypto/custom/CtxAESSymKey;", "ctxAESKey", "", "usePersistentKey", "Lcom/citrix/shield/crypto/cryptohandle/CtxCryptoHandle;", "cryptoHandle", "Lcom/google/gson/l;", "getEndpointPublicKeyInJWK", "generateMessageDigest", "digest1", "digest2", "compareMessageDigests", "key", "externalSignature", "verifyDigitalSignature", "input", "signUsingAsymmetricKey", "publicKey", "encryptUsingPublicKey", "cryptosdk_release"}, k = 2, mv = {1, 5, 1})
/* loaded from: classes2.dex */
public final class CtxAndroidCryptoKt {
    public static final boolean compareMessageDigests(byte[] bArr, byte[] digest2) {
        kotlin.jvm.internal.n.f(digest2, "digest2");
        try {
            return MessageDigest.isEqual(bArr, digest2);
        } catch (Exception e10) {
            CtxCryptoCommon.Companion.logCryptoException("Exception in compareMessageDigests", e10);
            return false;
        }
    }

    private static final byte[] decryptUsingAsymmetricKey(String str, byte[] bArr) {
        try {
            CtxShieldCrypto.Companion companion = CtxShieldCrypto.Companion;
            KeyStore androidKeyStore$cryptosdk_release = companion.getAndroidKeyStore$cryptosdk_release();
            KeyStore.Entry entry = androidKeyStore$cryptosdk_release == null ? null : androidKeyStore$cryptosdk_release.getEntry(str, null);
            if (entry == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
            }
            Cipher cipher = Cipher.getInstance(CtxShieldCrypto.CwaEndpointKeyPairCipher);
            cipher.init(2, ((KeyStore.PrivateKeyEntry) entry).getPrivateKey(), new OAEPParameterSpec("SHA-1", CtxShieldCrypto.CwaEndpointMgfName, MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
            List<byte[]> divideArray = CtxCryptoCommon.Companion.divideArray(bArr, companion.getCwaRSADecryptChunkSize$cryptosdk_release());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            if (divideArray != null) {
                Iterator<T> it = divideArray.iterator();
                while (it.hasNext()) {
                    byteArrayOutputStream.write(cipher.doFinal((byte[]) it.next()));
                }
            }
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e10) {
            CtxCryptoCommon.Companion.logCryptoException("Exception while decryptUsingAsymmetricKey Exception ", e10);
            return null;
        }
    }

    public static final byte[] decryptUsingAsymmetricKey(PrivateKey privateKey, byte[] cipherBytes) {
        kotlin.jvm.internal.n.f(privateKey, "privateKey");
        kotlin.jvm.internal.n.f(cipherBytes, "cipherBytes");
        try {
            Cipher cipher = Cipher.getInstance(CtxShieldCrypto.CwaEndpointKeyPairCipher);
            cipher.init(2, privateKey, new OAEPParameterSpec("SHA-1", CtxShieldCrypto.CwaEndpointMgfName, MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
            List<byte[]> divideArray = CtxCryptoCommon.Companion.divideArray(cipherBytes, CtxShieldCrypto.Companion.getCwaRSADecryptChunkSize$cryptosdk_release());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            if (divideArray != null) {
                Iterator<T> it = divideArray.iterator();
                while (it.hasNext()) {
                    byteArrayOutputStream.write(cipher.doFinal((byte[]) it.next()));
                }
            }
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e10) {
            CtxCryptoCommon.Companion.logCryptoException("Exception while decryptUsingAsymmetricKey Exception ", e10);
            return null;
        }
    }

    public static final byte[] decryptUsingEndPointKey(byte[] cipherBytes) {
        kotlin.jvm.internal.n.f(cipherBytes, "cipherBytes");
        try {
            return decryptUsingAsymmetricKey(CtxShieldCrypto.CwaEndPointKeyPairAlias, cipherBytes);
        } catch (Exception e10) {
            CtxCryptoCommon.Companion.logCryptoException("Exception while decryptUsingEndPointKey Exception ", e10);
            return null;
        }
    }

    public static final byte[] decryptUsingSymmetricKey(String cipherBase64, String alias) {
        byte[] h10;
        byte[] h11;
        kotlin.jvm.internal.n.f(cipherBase64, "cipherBase64");
        kotlin.jvm.internal.n.f(alias, "alias");
        try {
            byte[] decode = Base64.decode(cipherBase64, 8);
            kotlin.jvm.internal.n.e(decode, "decode(cipherBase64, Base64.URL_SAFE)");
            h10 = i.h(decode, 0, 16);
            h11 = i.h(decode, 16, decode.length);
            KeyStore androidKeyStore$cryptosdk_release = CtxShieldCrypto.Companion.getAndroidKeyStore$cryptosdk_release();
            KeyStore.Entry entry = null;
            if (androidKeyStore$cryptosdk_release != null) {
                entry = androidKeyStore$cryptosdk_release.getEntry(alias, null);
            }
            if (entry == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.KeyStore.SecretKeyEntry");
            }
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
            Cipher cipher = Cipher.getInstance(CtxShieldCrypto.CwaSymmetricCipher);
            cipher.init(2, secretKey, new IvParameterSpec(h10));
            byte[] doFinal = cipher.doFinal(h11);
            kotlin.jvm.internal.n.e(doFinal, "cipher.doFinal(encryptedData)");
            return doFinal;
        } catch (Exception e10) {
            CtxCryptoCommon.Companion.logCryptoException("Exception while decryptUsingSymmetricKey Exception ", e10);
            return new byte[0];
        }
    }

    public static final byte[] decryptUsingSymmetricKey(byte[] cipherBytes, CtxAESSymKey ctxAESKey) {
        byte[] h10;
        byte[] h11;
        kotlin.jvm.internal.n.f(cipherBytes, "cipherBytes");
        kotlin.jvm.internal.n.f(ctxAESKey, "ctxAESKey");
        try {
            byte[] decode = Base64.decode(cipherBytes, 8);
            kotlin.jvm.internal.n.e(decode, "decode(cipherBytes, Base64.URL_SAFE)");
            h10 = i.h(decode, 0, 16);
            h11 = i.h(decode, 16, decode.length);
            Cipher cipher = Cipher.getInstance(CtxShieldCrypto.CwaSymmetricCipher);
            cipher.init(2, ctxAESKey, new IvParameterSpec(h10));
            byte[] doFinal = cipher.doFinal(h11);
            kotlin.jvm.internal.n.e(doFinal, "cipher.doFinal(encryptedData)");
            return doFinal;
        } catch (Exception e10) {
            CtxCryptoCommon.Companion.logCryptoException("Exception while decryptUsingSymmetricKey Exception with SecretKeySpec", e10);
            return new byte[0];
        }
    }

    public static final byte[] encryptUsingPublicKey(PublicKey publicKey, byte[] input) {
        kotlin.jvm.internal.n.f(publicKey, "publicKey");
        kotlin.jvm.internal.n.f(input, "input");
        try {
            Cipher cipher = Cipher.getInstance(CtxShieldCrypto.CwaEndpointKeyPairCipher);
            cipher.init(1, publicKey, new OAEPParameterSpec("SHA-1", CtxShieldCrypto.CwaEndpointMgfName, MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
            return cipher.doFinal(input);
        } catch (Exception e10) {
            CtxCryptoCommon.Companion.logCryptoException("Exception while encryptUsingPublicKey Exception ", e10);
            return null;
        }
    }

    public static final String encryptUsingSymmetricKey(byte[] data, String alias) {
        kotlin.jvm.internal.n.f(data, "data");
        kotlin.jvm.internal.n.f(alias, "alias");
        try {
            KeyStore androidKeyStore$cryptosdk_release = CtxShieldCrypto.Companion.getAndroidKeyStore$cryptosdk_release();
            KeyStore.Entry entry = null;
            if (androidKeyStore$cryptosdk_release != null) {
                entry = androidKeyStore$cryptosdk_release.getEntry(alias, null);
            }
            if (entry == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.KeyStore.SecretKeyEntry");
            }
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
            Cipher cipher = Cipher.getInstance(CtxShieldCrypto.CwaSymmetricCipher);
            cipher.init(1, secretKey);
            byte[] iv = cipher.getIV();
            byte[] doFinal = cipher.doFinal(data);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(iv);
            byteArrayOutputStream.write(doFinal);
            String encodeToString = Base64.encodeToString(byteArrayOutputStream.toByteArray(), 8);
            kotlin.jvm.internal.n.e(encodeToString, "encodeToString(encryptedDataWithIVBytes, Base64.URL_SAFE)");
            return encodeToString;
        } catch (Exception e10) {
            CtxCryptoCommon.Companion.logCryptoException("Exception while encryptUsingSymmetricKey Exception  ", e10);
            return "";
        }
    }

    public static final void generateAsymmetricKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(CtxShieldCrypto.CwaEndPointKeyPairAlias, 15).setDigests("SHA-1", "SHA-256").setEncryptionPaddings("OAEPPadding").setKeySize(2048).setSignaturePaddings("PKCS1").build());
            keyPairGenerator.generateKeyPair();
        } catch (Exception e10) {
            CtxCryptoCommon.Companion.logCryptoException("Exception while generateAsymmetricKeyPair Exception ", e10);
        }
    }

    public static final byte[] generateMessageDigest(byte[] data) {
        kotlin.jvm.internal.n.f(data, "data");
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(CtxShieldCrypto.Companion.getMessageDigestAlgorithm$cryptosdk_release());
            kotlin.jvm.internal.n.e(messageDigest, "getInstance(messageDigestAlgorithm)");
            return messageDigest.digest(data);
        } catch (Exception e10) {
            CtxCryptoCommon.Companion.logCryptoException("Exception in generateMessageDigest ", e10);
            return null;
        }
    }

    public static final void generateSymmetricKey(String alias) {
        kotlin.jvm.internal.n.f(alias, "alias");
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(alias, 3);
            builder.setBlockModes("CBC");
            builder.setKeySize(256);
            builder.setRandomizedEncryptionRequired(true);
            builder.setUserAuthenticationRequired(false);
            builder.setEncryptionPaddings("PKCS7Padding");
            KeyGenParameterSpec build = builder.build();
            kotlin.jvm.internal.n.e(build, "builder.build()");
            keyGenerator.init(build);
            keyGenerator.generateKey();
        } catch (Exception e10) {
            CtxCryptoCommon.Companion.logCryptoException("Exception while generateSymmetricKeyPair Exception ", e10);
        }
    }

    public static final PrivateKey getEndpointPrivateKey(KeyStore keyStore) {
        Key key;
        if (keyStore == null) {
            key = null;
        } else {
            try {
                key = keyStore.getKey(CtxShieldCrypto.CwaEndPointKeyPairAlias, null);
            } catch (Exception e10) {
                CtxCryptoCommon.Companion.logCryptoException("Exception while getEndpointPrivateKey Exception ", e10);
                return null;
            }
        }
        return (PrivateKey) key;
    }

    public static final PublicKey getEndpointPublicKey(KeyStore keyStore) {
        KeyStore.Entry entry;
        if (keyStore == null) {
            entry = null;
        } else {
            try {
                entry = keyStore.getEntry(CtxShieldCrypto.CwaEndPointKeyPairAlias, null);
            } catch (Exception e10) {
                CtxCryptoCommon.Companion.logCryptoException("Exception while getEndpointPublicKey Exception ", e10);
                return null;
            }
        }
        if (entry == null) {
            throw new NullPointerException("null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
        }
        Certificate certificate = ((KeyStore.PrivateKeyEntry) entry).getCertificate();
        if (certificate == null) {
            return null;
        }
        return certificate.getPublicKey();
    }

    public static final l getEndpointPublicKeyInJWK(boolean z10, CtxCryptoHandle ctxCryptoHandle) {
        JWK m10;
        try {
            if (z10) {
                m10 = JWK.l(CtxShieldCrypto.Companion.getAndroidKeyStore$cryptosdk_release(), CtxShieldCrypto.CwaEndPointKeyPairAlias, null);
            } else {
                byte[] endpointsFullRSAKey = ctxCryptoHandle == null ? null : ctxCryptoHandle.getEndpointsFullRSAKey();
                kotlin.jvm.internal.n.c(endpointsFullRSAKey);
                m10 = JWK.m(new String(endpointsFullRSAKey, d.f27724b));
            }
            return new m().a(m10.p()).k();
        } catch (Exception e10) {
            CtxCryptoCommon.Companion.logCryptoException("Exception in getEndpointPublicKeyInJWK ", e10);
            return null;
        }
    }

    public static final byte[] signUsingAsymmetricKey(byte[] input) {
        kotlin.jvm.internal.n.f(input, "input");
        try {
            CtxShieldCrypto.Companion companion = CtxShieldCrypto.Companion;
            Signature signature = Signature.getInstance(companion.getDigitalSignatureAlgorithm$cryptosdk_release());
            signature.initSign(getEndpointPrivateKey(companion.getAndroidKeyStore$cryptosdk_release()));
            signature.update(input);
            return signature.sign();
        } catch (Exception e10) {
            CtxCryptoCommon.Companion.logCryptoException("Exception in signUsingAsymmetricKey", e10);
            return null;
        }
    }

    public static final boolean verifyDigitalSignature(PublicKey key, String data, String externalSignature) {
        kotlin.jvm.internal.n.f(key, "key");
        kotlin.jvm.internal.n.f(data, "data");
        kotlin.jvm.internal.n.f(externalSignature, "externalSignature");
        try {
            Signature signature = Signature.getInstance(CtxShieldCrypto.Companion.getDigitalSignatureAlgorithm$cryptosdk_release());
            signature.initVerify(key);
            byte[] bytes = data.getBytes(d.f27724b);
            kotlin.jvm.internal.n.e(bytes, "(this as java.lang.String).getBytes(charset)");
            signature.update(bytes);
            return signature.verify(Base64.decode(externalSignature, 8));
        } catch (Exception e10) {
            CtxCryptoCommon.Companion.logCryptoException("Exception in verifyDigitalSignature", e10);
            return false;
        }
    }

    public static final boolean verifyDigitalSignature(PublicKey key, byte[] data, String externalSignature) {
        kotlin.jvm.internal.n.f(key, "key");
        kotlin.jvm.internal.n.f(data, "data");
        kotlin.jvm.internal.n.f(externalSignature, "externalSignature");
        try {
            Signature signature = Signature.getInstance(CtxShieldCrypto.Companion.getDigitalSignatureAlgorithm$cryptosdk_release());
            signature.initVerify(key);
            signature.update(data);
            return signature.verify(Base64.decode(externalSignature, 8));
        } catch (Exception e10) {
            CtxCryptoCommon.Companion.logCryptoException("Exception in verifyDigitalSignature", e10);
            return false;
        }
    }
}
