package idemia.bioserver.metadata.android.core;

import at.favre.lib.crypto.HKDF;
import idemia.bioserver.metadata.android.common.MetaDataCryptoException;
import idemia.bioserver.metadata.android.core.Utils;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public class Engine {
    protected SecretKey kenc;
    protected SecretKey kmac;

    private static byte[] calculateHMAC(List<byte[]> list, String str, SecretKey secretKey) throws InvalidKeyException, NoSuchAlgorithmException {
        Mac mac = Mac.getInstance(Configuration.HMAC_ALGO);
        mac.init(secretKey);
        Iterator<byte[]> it = list.iterator();
        while (it.hasNext()) {
            mac.update(it.next());
        }
        mac.update(str.getBytes(Utils.Charsets.UTF_8));
        return mac.doFinal();
    }

    private static byte[] calculateHMAC(byte[] bArr, int i, String str, SecretKey secretKey) throws InvalidKeyException, NoSuchAlgorithmException {
        Mac mac = Mac.getInstance(Configuration.HMAC_ALGO);
        mac.init(secretKey);
        mac.update(bArr, 0, i);
        if (!Utils.stringIsNullOrEmpty(str)) {
            mac.update(str.getBytes(Utils.Charsets.UTF_8));
        }
        return mac.doFinal();
    }

    private static byte[] symmetricDecrypt(byte[] bArr, int i, int i2, SecretKey secretKey) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchPaddingException {
        Cipher cipher = Cipher.getInstance(Configuration.AES_CBC_PKCS5_PADDING);
        cipher.init(2, secretKey, new IvParameterSpec(bArr, 0, 16));
        return cipher.doFinal(bArr, i, i2);
    }

    private static byte[] symmetricEncrypt(byte[] bArr, byte[] bArr2, SecretKey secretKey) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchPaddingException {
        Cipher cipher = Cipher.getInstance(Configuration.AES_CBC_PKCS5_PADDING);
        cipher.init(1, secretKey, new IvParameterSpec(bArr));
        return cipher.doFinal(bArr2);
    }

    public byte[] decrypt(byte[] bArr, PrivateKey privateKey) throws MetaDataCryptoException {
        try {
            Cipher cipher = Cipher.getInstance(Configuration.RSA_OAEP_SHA1_ALG);
            cipher.init(2, privateKey);
            return cipher.doFinal(bArr);
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new MetaDataCryptoException(e);
        }
    }

    public byte[] encrypt(byte[] bArr, PublicKey publicKey) throws MetaDataCryptoException {
        try {
            Cipher cipher = Cipher.getInstance(Configuration.RSA_OAEP_SHA1_ALG);
            cipher.init(1, publicKey);
            return cipher.doFinal(bArr);
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new MetaDataCryptoException(e);
        }
    }

    public byte[] encryptAndMac(byte[] bArr) throws MetaDataCryptoException {
        return encryptAndMac(bArr, null);
    }

    public byte[] encryptAndMac(byte[] bArr, String str) throws MetaDataCryptoException {
        Utils.checkNotNull(this.kenc);
        Utils.checkNotNull(this.kmac);
        byte[] generateRandomData = RandomGenerator.IVRANDOM.generateRandomData();
        try {
            byte[] concat = Utils.concat(generateRandomData, symmetricEncrypt(generateRandomData, bArr, this.kenc));
            return Utils.concat(concat, calculateHMAC(concat, concat.length, str, this.kmac));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new MetaDataCryptoException(e);
        }
    }

    public void generateKeys(byte[] bArr, byte[] bArr2) throws MetaDataCryptoException {
        Utils.checkNotNull(bArr2);
        if (bArr.length < 48) {
            throw new MetaDataCryptoException("master secret length too short");
        }
        byte[] expand = HKDF.fromHmacSha512().expand(HKDF.fromHmacSha512().extract(bArr2, bArr), "metadata session keys".getBytes(Utils.Charsets.UTF_8), 48);
        this.kenc = new SecretKeySpec(Arrays.copyOfRange(expand, 0, 16), Configuration.AES);
        this.kmac = new SecretKeySpec(Arrays.copyOfRange(expand, 16, expand.length), Configuration.HMAC_ALGO);
    }

    public byte[] macSign(List<byte[]> list, String str) throws MetaDataCryptoException {
        Utils.checkNotNull(str);
        Utils.checkNotNull(this.kmac);
        try {
            return calculateHMAC(list, str, this.kmac);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new MetaDataCryptoException(e);
        }
    }

    public void verifyMac(List<byte[]> list, String str, byte[] bArr) throws MetaDataCryptoException {
        Utils.checkNotNull(str);
        Utils.checkNotNull(this.kmac);
        try {
            if (!Utils.constantTimeAreEqual(calculateHMAC(list, str, this.kmac), bArr)) {
                throw new MetaDataCryptoException("MAC verification failed");
            }
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new MetaDataCryptoException(e);
        }
    }

    public byte[] verifyMacAndDecrypt(byte[] bArr) throws MetaDataCryptoException {
        return verifyMacAndDecrypt(bArr, null);
    }

    public byte[] verifyMacAndDecrypt(byte[] bArr, String str) throws MetaDataCryptoException {
        Utils.checkNotNull(this.kenc);
        Utils.checkNotNull(this.kmac);
        int length = bArr.length - 32;
        Utils.checkPositionIndex(16, bArr.length);
        Utils.checkPositionIndex(length, bArr.length);
        try {
            if (Utils.constantTimeAreEqual(calculateHMAC(bArr, length, str, this.kmac), Arrays.copyOfRange(bArr, length, bArr.length))) {
                return symmetricDecrypt(bArr, 16, length - 16, this.kenc);
            }
            throw new MetaDataCryptoException("MAC verification failed");
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new MetaDataCryptoException(e);
        }
    }
}
