package de.tutao.tutanota;

import android.content.Context;
import android.net.Uri;
import android.os.Build;
import android.support.annotation.VisibleForTesting;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.io.IOUtils;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public final class Crypto {
    public static final int AES_KEY_LENGTH = 128;
    public static final int AES_KEY_LENGTH_BYTES = 16;
    public static final String AES_MODE_PADDING = "AES/CBC/PKCS5Padding";
    private static final Integer ANDROID_6_SDK_VERSION = 23;
    public static final String HMAC_256 = "HmacSHA256";
    private static final String PROVIDER = "BC";
    private static final String RSA_ALGORITHM = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
    private static final int RSA_KEY_LENGTH_IN_BITS = 2048;
    private static final int RSA_PUBLIC_EXPONENT = 65537;
    private static final String TAG = "tutao.Crypto";
    public static final String TEMP_DIR_DECRYPTED = "temp/decrypted";
    public static final String TEMP_DIR_ENCRYPTED = "temp/encrypted";
    private final Context context;
    private SecureRandom randomizer;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class SubKeys {
        public SecretKeySpec cKey;
        public byte[] mKey;

        private SubKeys() {
        }
    }

    static {
        PRNGFixes.apply();
    }

    public Crypto(Context context) {
        this(context, new SecureRandom());
    }

    @VisibleForTesting
    protected Crypto(Context context, SecureRandom secureRandom) {
        this.context = context;
        this.randomizer = secureRandom;
    }

    public static SecretKeySpec bytesToKey(byte[] bArr) {
        if (bArr.length == 16) {
            return new SecretKeySpec(bArr, "AES");
        }
        throw new RuntimeException("invalid key length");
    }

    private InputStream getCipherInputStream(InputStream inputStream, Cipher cipher) {
        return Build.VERSION.SDK_INT < ANDROID_6_SDK_VERSION.intValue() ? new TutaoCipherInputStream(inputStream, cipher) : new CipherInputStream(inputStream, cipher);
    }

    private static SubKeys getSubKeys(SecretKeySpec secretKeySpec, boolean z) throws NoSuchAlgorithmException {
        SubKeys subKeys = new SubKeys();
        if (z) {
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(secretKeySpec.getEncoded());
            subKeys.cKey = new SecretKeySpec(Arrays.copyOfRange(digest, 0, 16), "AES");
            subKeys.mKey = Arrays.copyOfRange(digest, 16, 32);
        } else {
            subKeys.cKey = secretKeySpec;
        }
        return subKeys;
    }

    private static byte[] hmac256(byte[] bArr, byte[] bArr2) {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, HMAC_256);
        try {
            Mac mac = Mac.getInstance(HMAC_256);
            mac.init(secretKeySpec);
            return mac.doFinal(bArr2);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private PrivateKey jsonToPrivateKey(JSONObject jSONObject) throws JSONException, NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateKeySpec(new BigInteger(Utils.base64ToBytes(jSONObject.getString("modulus"))), new BigInteger(Utils.base64ToBytes(jSONObject.getString("privateExponent")))));
    }

    private PublicKey jsonToPublicKey(JSONObject jSONObject) throws JSONException {
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(Utils.base64ToBytes(jSONObject.getString("modulus"))), BigInteger.valueOf(65537L)));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private JSONObject keyPairToJson(KeyPair keyPair) throws JSONException {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("publicKey", publicKeyToJson((RSAPublicKey) keyPair.getPublic()));
        jSONObject.put("privateKey", privateKeyToJson((RSAPrivateCrtKey) keyPair.getPrivate()));
        return jSONObject;
    }

    private JSONObject privateKeyToJson(RSAPrivateCrtKey rSAPrivateCrtKey) throws JSONException {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("version", 0);
        jSONObject.put("modulus", Utils.bytesToBase64(rSAPrivateCrtKey.getModulus().toByteArray()));
        jSONObject.put("privateExponent", Utils.bytesToBase64(rSAPrivateCrtKey.getPrivateExponent().toByteArray()));
        jSONObject.put("primeP", Utils.bytesToBase64(rSAPrivateCrtKey.getPrimeP().toByteArray()));
        jSONObject.put("primeQ", Utils.bytesToBase64(rSAPrivateCrtKey.getPrimeQ().toByteArray()));
        jSONObject.put("primeExponentP", Utils.bytesToBase64(rSAPrivateCrtKey.getPrimeExponentP().toByteArray()));
        jSONObject.put("primeExponentQ", Utils.bytesToBase64(rSAPrivateCrtKey.getPrimeExponentQ().toByteArray()));
        jSONObject.put("crtCoefficient", Utils.bytesToBase64(rSAPrivateCrtKey.getCrtCoefficient().toByteArray()));
        return jSONObject;
    }

    private JSONObject publicKeyToJson(RSAPublicKey rSAPublicKey) throws JSONException {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("version", 0);
        jSONObject.put("modulus", Utils.bytesToBase64(rSAPublicKey.getModulus().toByteArray()));
        return jSONObject;
    }

    private byte[] rsaDecrypt(JSONObject jSONObject, byte[] bArr, SecureRandom secureRandom) throws JSONException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        PrivateKey jsonToPrivateKey = jsonToPrivateKey(jSONObject);
        Cipher cipher = Cipher.getInstance(RSA_ALGORITHM, PROVIDER);
        cipher.init(2, jsonToPrivateKey, secureRandom);
        return cipher.doFinal(bArr);
    }

    private byte[] rsaEncrypt(byte[] bArr, PublicKey publicKey, SecureRandom secureRandom) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        Cipher cipher = Cipher.getInstance(RSA_ALGORITHM, PROVIDER);
        cipher.init(1, publicKey, secureRandom);
        return cipher.doFinal(bArr);
    }

    public void aesDecrypt(byte[] bArr, InputStream inputStream, OutputStream outputStream, long j) throws IOException, CryptoError {
        InputStream cipherInputStream;
        InputStream inputStream2 = null;
        try {
            try {
                if (j % 2 == 1) {
                    SubKeys subKeys = getSubKeys(bytesToKey(bArr), true);
                    byte[] encoded = subKeys.cKey.getEncoded();
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    IOUtils.copyLarge(inputStream, byteArrayOutputStream);
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    byte[] copyOfRange = Arrays.copyOfRange(byteArray, 1, byteArray.length - 32);
                    if (!Arrays.equals(hmac256(subKeys.mKey, copyOfRange), Arrays.copyOfRange(byteArray, byteArray.length - 32, byteArray.length))) {
                        throw new CryptoError("invalid mac");
                    }
                    inputStream = new ByteArrayInputStream(copyOfRange);
                    bArr = encoded;
                }
                byte[] bArr2 = new byte[16];
                IOUtils.read(inputStream, bArr2);
                Cipher cipher = Cipher.getInstance(AES_MODE_PADDING);
                cipher.init(2, bytesToKey(bArr), new IvParameterSpec(bArr2));
                cipherInputStream = getCipherInputStream(inputStream, cipher);
            } catch (Throwable th) {
                th = th;
            }
            try {
                IOUtils.copyLarge(cipherInputStream, outputStream, new byte[1024000]);
                IOUtils.closeQuietly(inputStream);
                IOUtils.closeQuietly(cipherInputStream);
                IOUtils.closeQuietly(outputStream);
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchPaddingException e) {
                e = e;
                throw new RuntimeException(e);
            } catch (InvalidKeyException e2) {
                e = e2;
                throw new CryptoError(e);
            } catch (Throwable th2) {
                inputStream2 = cipherInputStream;
                th = th2;
                IOUtils.closeQuietly(inputStream);
                IOUtils.closeQuietly(inputStream2);
                IOUtils.closeQuietly(outputStream);
                throw th;
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchPaddingException e3) {
            e = e3;
        } catch (InvalidKeyException e4) {
            e = e4;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String aesDecryptFile(byte[] bArr, String str) throws IOException, CryptoError {
        FileInfo fileInfo = Utils.getFileInfo(this.context, Uri.parse(str));
        File file = new File(Utils.getDir(this.context), TEMP_DIR_DECRYPTED);
        file.mkdirs();
        File file2 = new File(file, fileInfo.name);
        aesDecrypt(bArr, this.context.getContentResolver().openInputStream(Uri.parse(str)), new FileOutputStream(file2), fileInfo.size);
        return Uri.fromFile(file2).toString();
    }

    public void aesEncrypt(byte[] bArr, InputStream inputStream, OutputStream outputStream, byte[] bArr2, boolean z) throws CryptoError, IOException {
        SubKeys subKeys;
        InputStream cipherInputStream;
        InputStream inputStream2 = null;
        try {
            try {
                Cipher cipher = Cipher.getInstance(AES_MODE_PADDING);
                IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
                subKeys = getSubKeys(bytesToKey(bArr), z);
                cipher.init(1, subKeys.cKey, ivParameterSpec);
                cipherInputStream = getCipherInputStream(inputStream, cipher);
            } catch (Throwable th) {
                th = th;
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            e = e;
        } catch (InvalidKeyException e2) {
            e = e2;
        }
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(bArr2);
            IOUtils.copy(cipherInputStream, byteArrayOutputStream);
            if (z) {
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                outputStream.write(new byte[]{1});
                outputStream.write(byteArray);
                outputStream.write(hmac256(subKeys.mKey, byteArray));
            } else {
                outputStream.write(byteArrayOutputStream.toByteArray());
            }
            IOUtils.closeQuietly(inputStream);
            IOUtils.closeQuietly(cipherInputStream);
            IOUtils.closeQuietly(outputStream);
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchPaddingException e3) {
            e = e3;
            throw new RuntimeException(e);
        } catch (InvalidKeyException e4) {
            e = e4;
            throw new CryptoError(e);
        } catch (Throwable th2) {
            th = th2;
            inputStream2 = cipherInputStream;
            IOUtils.closeQuietly(inputStream);
            IOUtils.closeQuietly(inputStream2);
            IOUtils.closeQuietly(outputStream);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String aesEncryptFile(byte[] bArr, String str, byte[] bArr2) throws IOException, CryptoError {
        Uri parse = Uri.parse(str);
        FileInfo fileInfo = Utils.getFileInfo(this.context, parse);
        File file = new File(Utils.getDir(this.context), TEMP_DIR_ENCRYPTED);
        file.mkdirs();
        File file2 = new File(file, fileInfo.name);
        aesEncrypt(bArr, this.context.getContentResolver().openInputStream(parse), new FileOutputStream(file2), bArr2, true);
        return Utils.fileToUri(file2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized JSONObject generateRsaKey(byte[] bArr) throws JSONException, NoSuchProviderException, NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator;
        this.randomizer.setSeed(bArr);
        keyPairGenerator = KeyPairGenerator.getInstance("RSA", PROVIDER);
        keyPairGenerator.initialize(2048, this.randomizer);
        return keyPairToJson(keyPairGenerator.generateKeyPair());
    }

    public SecureRandom getRandomizer() {
        return this.randomizer;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String rsaDecrypt(JSONObject jSONObject, byte[] bArr) throws CryptoError {
        try {
            return Utils.bytesToBase64(rsaDecrypt(jSONObject, bArr, this.randomizer));
        } catch (InvalidKeyException | InvalidKeySpecException | BadPaddingException | IllegalBlockSizeException e) {
            throw new CryptoError(e);
        } catch (NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException | JSONException e2) {
            throw new RuntimeException("rsaDecrypt error", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String rsaEncrypt(JSONObject jSONObject, byte[] bArr, byte[] bArr2) throws CryptoError {
        try {
            PublicKey jsonToPublicKey = jsonToPublicKey(jSONObject);
            this.randomizer.setSeed(bArr2);
            return Utils.bytesToBase64(rsaEncrypt(bArr, jsonToPublicKey, this.randomizer));
        } catch (InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
            throw new CryptoError(e);
        } catch (NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException | JSONException e2) {
            throw new RuntimeException(e2);
        }
    }
}
