package org.forgerock.android.auth;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes4.dex */
abstract class AbstractSymmetricEncryptor implements Encryptor {
    private static final String AES_GCM_NO_PADDING = "AES/GCM/NOPADDING";
    private static final String HMAC_SHA256 = "HmacSHA256";
    static final int IV_LENGTH = 12;
    static final int KEY_SIZE = 256;
    final String keyAlias;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AbstractSymmetricEncryptor(String str) {
        Objects.requireNonNull(str, "keyAlias is marked non-null but is null");
        this.keyAlias = str;
    }

    private byte[] computeMac(String str, byte[] bArr) {
        try {
            Mac mac = Mac.getInstance(HMAC_SHA256);
            mac.init(new SecretKeySpec(str.getBytes(StandardCharsets.UTF_8), HMAC_SHA256));
            return mac.doFinal(bArr);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new EncryptionException(e);
        }
    }

    private byte[] concatArrays(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[] bArr4 = new byte[bArr.length + bArr2.length + bArr3.length];
        System.arraycopy(bArr, 0, bArr4, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr4, bArr.length, bArr2.length);
        System.arraycopy(bArr3, 0, bArr4, bArr.length + bArr2.length, bArr3.length);
        return bArr4;
    }

    private byte[] getArraySubset(byte[] bArr, int i, int i2) {
        byte[] bArr2 = new byte[i2];
        System.arraycopy(bArr, i, bArr2, 0, i2);
        return bArr2;
    }

    @Override // org.forgerock.android.auth.Encryptor
    public byte[] decrypt(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING);
            try {
                int macLength = Mac.getInstance(HMAC_SHA256).getMacLength();
                int length = (bArr.length - 12) - macLength;
                byte[] arraySubset = getArraySubset(bArr, 0, macLength);
                byte[] arraySubset2 = getArraySubset(bArr, macLength, 12);
                byte[] arraySubset3 = getArraySubset(bArr, macLength + 12, length);
                if (!Arrays.equals(computeMac(this.keyAlias, arraySubset3), arraySubset)) {
                    throw new RuntimeException("MAC signature could not be verified");
                }
                try {
                    cipher.init(2, getSecretKey(), new GCMParameterSpec(128, arraySubset2));
                    return cipher.doFinal(arraySubset3);
                } catch (Exception e) {
                    throw new EncryptionException(e.getMessage(), e);
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new RuntimeException("Error while instantiating MAC", e2);
            }
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e3) {
            throw new EncryptionException("Error while getting an cipher instance", e3);
        }
    }

    @Override // org.forgerock.android.auth.Encryptor
    public byte[] encrypt(byte[] bArr) {
        Objects.requireNonNull(bArr, "data is marked non-null but is null");
        try {
            Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING);
            byte[] init = init(cipher);
            byte[] doFinal = cipher.doFinal(bArr);
            return concatArrays(computeMac(this.keyAlias, doFinal), init, doFinal);
        } catch (Exception e) {
            throw new EncryptionException(e);
        }
    }

    abstract SecretKey getSecretKey() throws GeneralSecurityException, IOException;

    abstract byte[] init(Cipher cipher) throws GeneralSecurityException, IOException;
}
