package com.ilegendsoft.vaultxpm.encryption.keyczar;

import com.google.gson.Gson;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.keyczar.enums.CipherMode;
import org.keyczar.exceptions.Base64DecodingException;
import org.keyczar.exceptions.KeyczarException;
import org.keyczar.interfaces.KeyczarReader;
import org.keyczar.util.Base64Coder;

/* loaded from: classes.dex */
public class KeyczarPBEReader implements KeyczarReader {
    static final /* synthetic */ boolean $assertionsDisabled;
    private static final String AES_ALGORITHM = "AES";
    static final int DEFAULT_ITERATION_COUNT = 50000;
    private static final int MIN_ITERATION_COUNT = 10000;
    static final int PBE_AES_KEY_BYTES = 16;
    private static final String PBE_CIPHER = "AES128";
    private static final String PBE_HMAC = "HMAC_SHA1";
    private static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA1";
    static final int SALT_BYTES = 16;
    private final String passphrase;
    private final KeyczarReader reader;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static final class PBEKeyczarKey {
        public String cipher;
        public String hmac;
        public int iterationCount;
        public String iv;
        public String key;
        public String salt;

        PBEKeyczarKey() {
        }
    }

    static {
        $assertionsDisabled = !KeyczarPBEReader.class.desiredAssertionStatus();
    }

    public KeyczarPBEReader(KeyczarReader keyczarReader, String str) {
        this.reader = keyczarReader;
        this.passphrase = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String encryptKey(String str, String str2) throws KeyczarException {
        PBEKeyczarKey pBEKeyczarKey = new PBEKeyczarKey();
        pBEKeyczarKey.cipher = PBE_CIPHER;
        pBEKeyczarKey.hmac = PBE_HMAC;
        pBEKeyczarKey.iterationCount = 50000;
        byte[] bArr = new byte[16];
        org.keyczar.util.Util.rand(bArr);
        pBEKeyczarKey.salt = Base64Coder.encodeWebSafe(bArr);
        SecretKeySpec secretKeySpec = new SecretKeySpec(pbkdf2(keySpecFromJson(pBEKeyczarKey, str2)), AES_ALGORITHM);
        byte[] bArr2 = new byte[16];
        org.keyczar.util.Util.rand(bArr2);
        pBEKeyczarKey.iv = Base64Coder.encodeWebSafe(bArr2);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
        try {
            Cipher cipher = Cipher.getInstance(CipherMode.CBC.getMode());
            cipher.init(1, secretKeySpec, ivParameterSpec);
            pBEKeyczarKey.key = Base64Coder.encodeWebSafe(cipher.doFinal(str.getBytes("UTF-8")));
            return new Gson().toJson(pBEKeyczarKey);
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("Should never occur");
        } catch (GeneralSecurityException e2) {
            throw new KeyczarException("Error encrypting key", e2);
        }
    }

    static PBEKeySpec keySpecFromJson(PBEKeyczarKey pBEKeyczarKey, String str) {
        try {
            return new PBEKeySpec(str.toCharArray(), Base64Coder.decodeWebSafe(pBEKeyczarKey.salt), pBEKeyczarKey.iterationCount, 128);
        } catch (Base64DecodingException e) {
            throw new RuntimeException(e);
        }
    }

    static PBEKeyczarKey parsePBEMetadata(String str) {
        PBEKeyczarKey pBEKeyczarKey = (PBEKeyczarKey) new Gson().fromJson(str, PBEKeyczarKey.class);
        if (!$assertionsDisabled && !pBEKeyczarKey.cipher.equals(PBE_CIPHER)) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !pBEKeyczarKey.hmac.equals(PBE_HMAC)) {
            throw new AssertionError();
        }
        if ($assertionsDisabled || pBEKeyczarKey.iterationCount > 0) {
            return pBEKeyczarKey;
        }
        throw new AssertionError();
    }

    public static byte[] pbkdf2(PBEKeySpec pBEKeySpec) {
        try {
            return SecretKeyFactory.getInstance(PBKDF2_ALGORITHM).generateSecret(pBEKeySpec).getEncoded();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Unexpected: unsupported key derivation function?", e);
        } catch (InvalidKeySpecException e2) {
            throw new IllegalArgumentException("Invalid keySpec", e2);
        }
    }

    String decryptKey(String str) throws KeyczarException {
        PBEKeyczarKey parsePBEMetadata = parsePBEMetadata(str);
        SecretKeySpec secretKeySpec = new SecretKeySpec(pbkdf2(keySpecFromJson(parsePBEMetadata, this.passphrase)), AES_ALGORITHM);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(Base64Coder.decodeWebSafe(parsePBEMetadata.iv));
        try {
            Cipher cipher = Cipher.getInstance(CipherMode.CBC.getMode());
            cipher.init(2, secretKeySpec, ivParameterSpec);
            return new String(cipher.doFinal(Base64Coder.decodeWebSafe(parsePBEMetadata.key)), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("Should never occur");
        } catch (GeneralSecurityException e2) {
            throw new KeyczarException("Error decrypting PBE key", e2);
        }
    }

    @Override // org.keyczar.interfaces.KeyczarReader
    public String getKey() throws KeyczarException {
        return decryptKey(this.reader.getKey());
    }

    @Override // org.keyczar.interfaces.KeyczarReader
    public String getKey(int i) throws KeyczarException {
        return decryptKey(this.reader.getKey(i));
    }

    @Override // org.keyczar.interfaces.KeyczarReader
    public String getMetadata() throws KeyczarException {
        return this.reader.getMetadata().replaceFirst("\"encrypted\":\\s*true", "\"encrypted\":false");
    }
}
