package com.google.android.gms.iid;

import android.text.TextUtils;
import android.util.Log;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class EncryptionUtil {
    public static final String AES_JCA_NAME = "AES/CBC/PKCS5Padding";
    public static final int EXPECTED_HMAC_LENGTH = 2;
    private static final String KEY_DERIVATION_ARBITRARY_TEXT = "hmac-sha-signature";
    public static final String MAC_JCA_NAME = "HmacSHA256";
    public static final String RSA_NAME = "RSA/ECB/PKCS1Padding";
    private static final byte[] SALT = sha256("SecureMessage");
    private static final byte[] CONSTANT_01 = {1};

    public static byte[] decryptAESCBC(SecretKey secretKey, byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        try {
            Cipher cipher = Cipher.getInstance(AES_JCA_NAME);
            cipher.init(2, secretKey, new IvParameterSpec(bArr2));
            return cipher.doFinal(bArr);
        } catch (NoSuchPaddingException e) {
            throw new AssertionError(e);
        }
    }

    public static byte[] decryptRSA(Key key, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        try {
            Cipher cipher = Cipher.getInstance(RSA_NAME, "AndroidOpenSSL");
            cipher.init(2, key);
            return cipher.doFinal(bArr);
        } catch (NoSuchProviderException e) {
            throw new AssertionError(e);
        } catch (NoSuchPaddingException e2) {
            throw new AssertionError(e2);
        }
    }

    static SecretKey deriveAes256KeyFor(SecretKey secretKey, String str) throws NoSuchAlgorithmException, InvalidKeyException {
        return new SecretKeySpec(hkdf(secretKey, SALT, utf8StringToBytes(str)), "AES");
    }

    public static byte[] encryptAESCBC(SecretKey secretKey, byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        try {
            Cipher cipher = Cipher.getInstance(AES_JCA_NAME);
            cipher.init(1, secretKey, new IvParameterSpec(bArr2));
            return cipher.doFinal(bArr);
        } catch (NoSuchPaddingException e) {
            throw new AssertionError(e);
        }
    }

    public static byte[] encryptRSA(Key key, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        try {
            Cipher cipher = Cipher.getInstance(RSA_NAME, "AndroidOpenSSL");
            cipher.init(1, key);
            return cipher.doFinal(bArr);
        } catch (NoSuchProviderException e) {
            throw new AssertionError(e);
        } catch (NoSuchPaddingException e2) {
            throw new AssertionError(e2);
        }
    }

    public static byte[] hkdf(SecretKey secretKey, byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException {
        if (secretKey == null || bArr == null || bArr2 == null) {
            throw new NullPointerException();
        }
        return hkdfSha256Expand(hkdfSha256Extract(secretKey, bArr), bArr2);
    }

    private static byte[] hkdfSha256Expand(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException {
        Mac mac = Mac.getInstance(MAC_JCA_NAME);
        try {
            mac.init(new SecretKeySpec(bArr, "AES"));
            mac.update(bArr2);
            return mac.doFinal(CONSTANT_01);
        } catch (InvalidKeyException e) {
            throw new AssertionError(e);
        }
    }

    private static byte[] hkdfSha256Extract(SecretKey secretKey, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance(MAC_JCA_NAME);
        try {
            mac.init(new SecretKeySpec(bArr, "AES"));
            byte[] encoded = secretKey.getEncoded();
            if (encoded != null) {
                return mac.doFinal(encoded);
            }
            throw new InvalidKeyException("Cannot get encoded form of SecretKey");
        } catch (InvalidKeyException e) {
            throw new AssertionError(e);
        }
    }

    public static byte[] hmacSHA256(SecretKey secretKey, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException {
        SecretKey deriveAes256KeyFor = deriveAes256KeyFor(secretKey, KEY_DERIVATION_ARBITRARY_TEXT);
        Mac mac = Mac.getInstance(MAC_JCA_NAME);
        mac.init(deriveAes256KeyFor);
        return mac.doFinal(bArr);
    }

    private static byte[] sha256(String str) {
        try {
            return MessageDigest.getInstance("SHA-256").digest(utf8StringToBytes(str));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("No security provider initialized yet?", e);
        }
    }

    public static String sign(KeyPair keyPair, String... strArr) {
        try {
            byte[] bytes = TextUtils.join("\n", strArr).getBytes("UTF-8");
            try {
                PrivateKey privateKey = keyPair.getPrivate();
                Signature signature = Signature.getInstance(privateKey instanceof RSAPrivateKey ? "SHA256withRSA" : "SHA256withECDSA");
                signature.initSign(privateKey);
                signature.update(bytes);
                return Store.base64UrlSafe(signature.sign());
            } catch (GeneralSecurityException e) {
                Log.e(InstanceID.TAG, "Unable to sign registration request", e);
                return null;
            }
        } catch (UnsupportedEncodingException e2) {
            Log.e(InstanceID.TAG, "Unable to encode string", e2);
            return null;
        }
    }

    private static byte[] utf8StringToBytes(String str) {
        try {
            return str.getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    public static boolean verifyHMAC(SecretKey secretKey, byte[] bArr, byte[] bArr2) throws InvalidKeyException, NoSuchAlgorithmException {
        if (bArr2.length < 2) {
            return false;
        }
        byte[] hmacSHA256 = hmacSHA256(secretKey, bArr);
        if (bArr2.length > hmacSHA256.length) {
            return false;
        }
        byte b = 0;
        for (int i = 0; i < bArr2.length; i++) {
            b = (byte) ((hmacSHA256[i] ^ bArr2[i]) | b);
        }
        return b == 0;
    }
}
