package com.lnikkila.oidc.security;

import android.content.Context;
import android.util.Log;
import com.lnikkila.oidc.R;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.spongycastle.crypto.InvalidCipherTextException;
import org.spongycastle.crypto.engines.AESFastEngine;
import org.spongycastle.crypto.modes.CBCBlockCipher;
import org.spongycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.spongycastle.crypto.params.KeyParameter;
import org.spongycastle.crypto.params.ParametersWithIV;
import org.spongycastle.util.Arrays;

/* loaded from: classes2.dex */
public class SensitiveDataPreApi23 extends SensitiveDataUtils {
    private static final String DEFAULT_KEYSTORE_PATH = "oidc_enc_key";

    public SensitiveDataPreApi23(Context context) {
        super(context);
    }

    private byte[] cipherData(PaddedBufferedBlockCipher paddedBufferedBlockCipher, byte[] bArr) throws InvalidCipherTextException {
        byte[] bArr2 = new byte[paddedBufferedBlockCipher.getOutputSize(bArr.length)];
        int processBytes = paddedBufferedBlockCipher.processBytes(bArr, 0, bArr.length, bArr2, 0);
        byte[] bArr3 = new byte[processBytes + paddedBufferedBlockCipher.doFinal(bArr2, processBytes)];
        System.arraycopy(bArr2, 0, bArr3, 0, bArr3.length);
        return bArr3;
    }

    private String getKeyStorePath() {
        if (this.context.get() == null) {
            return DEFAULT_KEYSTORE_PATH;
        }
        String string = this.context.get().getString(R.string.oidc_encryptKeyAlias);
        return string.isEmpty() ? DEFAULT_KEYSTORE_PATH : string;
    }

    private SecretKey loadKey() {
        try {
            byte[] loadKey = loadKey(getKeyStorePath());
            return new SecretKeySpec(loadKey, 0, loadKey.length, "AES");
        } catch (IOException | IllegalArgumentException e) {
            Log.e("SensitiveDataStorage", String.format("Can't read key from storage at %1$s", getKeyStorePath()), e);
            return null;
        }
    }

    private byte[] loadKey(String str) throws IOException {
        byte[] bArr = null;
        try {
            Context context = this.context.get();
            if (context != null) {
                byte[] bArr2 = new byte[5096];
                Arrays.fill(bArr2, (byte) 0);
                FileInputStream openFileInput = context.openFileInput(str);
                int read = openFileInput.read(bArr2);
                bArr = new byte[read];
                System.arraycopy(bArr2, 0, bArr, 0, read);
                openFileInput.close();
            } else {
                Log.e("SensitiveDataStorage", "Can't load the encryption key, application context is null");
            }
        } catch (FileNotFoundException e) {
            Log.e("SensitiveDataStorage", "Can't load the encryption key", e);
        }
        return bArr;
    }

    private void saveKey(SecretKey secretKey) {
        saveKey(secretKey.getEncoded(), getKeyStorePath());
    }

    private void saveKey(byte[] bArr, String str) {
        try {
            Context context = this.context.get();
            if (context != null) {
                FileOutputStream openFileOutput = context.openFileOutput(str, 0);
                openFileOutput.write(bArr);
                openFileOutput.flush();
                openFileOutput.close();
            } else {
                Log.e("SensitiveDataStorage", "Can't save the encryption key, application context is null");
            }
        } catch (IOException e) {
            Log.e("SensitiveDataStorage", "Can't save the encryption key", e);
        }
    }

    @Override // com.lnikkila.oidc.security.SensitiveDataUtils
    protected void createAndSaveSecretKey() {
        saveKey(generateKey());
    }

    @Override // com.lnikkila.oidc.security.SensitiveDataUtils
    protected byte[] decrypt(byte[] bArr) {
        try {
            SecretKey loadKey = loadKey();
            byte[] bArr2 = new byte[16];
            System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
            byte[] bArr3 = new byte[bArr.length - bArr2.length];
            System.arraycopy(bArr, bArr2.length, bArr3, 0, bArr3.length);
            PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESFastEngine()));
            paddedBufferedBlockCipher.init(false, new ParametersWithIV(new KeyParameter(loadKey.getEncoded()), bArr2));
            return cipherData(paddedBufferedBlockCipher, bArr3);
        } catch (InvalidCipherTextException e) {
            Log.e("SensitiveDataStorage", "Can't decrypt data", e);
            return null;
        }
    }

    @Override // com.lnikkila.oidc.security.SensitiveDataUtils
    protected byte[] encrypt(byte[] bArr) {
        try {
            SecretKey loadKey = loadKey();
            byte[] bArr2 = new byte[16];
            new SecureRandom().nextBytes(bArr2);
            PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESFastEngine()));
            paddedBufferedBlockCipher.init(true, new ParametersWithIV(new KeyParameter(loadKey.getEncoded()), bArr2));
            byte[] cipherData = cipherData(paddedBufferedBlockCipher, bArr);
            byte[] bArr3 = new byte[cipherData.length + bArr2.length];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            System.arraycopy(cipherData, 0, bArr3, bArr2.length, cipherData.length);
            return bArr3;
        } catch (InvalidCipherTextException e) {
            Log.e("SensitiveDataStorage", "Can't encrypt data", e);
            return null;
        }
    }

    @Override // com.lnikkila.oidc.security.SensitiveDataUtils
    protected SecretKey generateKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            Log.e("SensitiveDataStorage", "Could not create secret key", e);
            return null;
        }
    }
}
