package info.nightscout.androidaps.utils;

import com.eatthepath.otp.TimeBasedOneTimePasswordGenerator;
import com.google.firebase.messaging.Constants;
import info.nightscout.androidaps.extensions.HexByteArrayConversionKt;
import info.nightscout.shared.logging.AAPSLogger;
import java.nio.ByteBuffer;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.inject.Inject;
import javax.inject.Singleton;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.StringsKt;
import net.glxn.qrgen.core.scheme.SchemeUtil;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.spongycastle.util.encoders.Base64;

/* compiled from: CryptoUtil.kt */
@Singleton
@Metadata(d1 = {"\u0000H\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0010\u0012\n\u0002\b\t\n\u0002\u0010\b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0006\b\u0007\u0018\u0000 )2\u00020\u0001:\u0001)B\u000f\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0016\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u0013J \u0010\u0015\u001a\u0004\u0018\u00010\u00132\u0006\u0010\u0016\u001a\u00020\u00132\u0006\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u0013J \u0010\u001a\u001a\u0004\u0018\u00010\u00132\u0006\u0010\u0016\u001a\u00020\u00132\u0006\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u001b\u001a\u00020\u0013J\u000e\u0010\u001c\u001a\u00020\u00132\u0006\u0010\u0012\u001a\u00020\u0013J\u0016\u0010\u001d\u001a\u00020\u00132\u0006\u0010\u001e\u001a\u00020\u00132\u0006\u0010\u001f\u001a\u00020\u0013J\u0010\u0010 \u001a\u00020\u00182\b\b\u0002\u0010!\u001a\u00020\"J,\u0010#\u001a\u00020$2\u0006\u0010\u0016\u001a\u00020\u00132\u0006\u0010\u0017\u001a\u00020\u00182\b\b\u0002\u0010%\u001a\u00020\"2\b\b\u0002\u0010&\u001a\u00020\"H\u0002J\u000e\u0010'\u001a\u00020\u00132\u0006\u0010(\u001a\u00020\u0013R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n\u0000\u001a\u0004\b\u0005\u0010\u0006R\"\u0010\u0007\u001a\n\u0018\u00010\bj\u0004\u0018\u0001`\tX\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\n\u0010\u000b\"\u0004\b\f\u0010\rR\u000e\u0010\u000e\u001a\u00020\u000fX\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006*"}, d2 = {"Linfo/nightscout/androidaps/utils/CryptoUtil;", "", "aapsLogger", "Linfo/nightscout/shared/logging/AAPSLogger;", "(Linfo/nightscout/shared/logging/AAPSLogger;)V", "getAapsLogger", "()Linfo/nightscout/shared/logging/AAPSLogger;", "lastException", "Ljava/lang/Exception;", "Lkotlin/Exception;", "getLastException", "()Ljava/lang/Exception;", "setLastException", "(Ljava/lang/Exception;)V", "secureRandom", "Ljava/security/SecureRandom;", "checkPassword", "", "password", "", "referenceHash", "decrypt", "passPhrase", "salt", "", "encryptedData", "encrypt", Constants.MessagePayloadKeys.RAW_DATA, "hashPassword", "hmac256", "str", "secret", "mineSalt", "len", "", "prepCipherKey", "Ljavax/crypto/spec/SecretKeySpec;", "iterationCount", "keyStrength", "sha256", "source", "Companion", "core_fullRelease"}, k = 1, mv = {1, 7, 1}, xi = 48)
/* loaded from: classes5.dex */
public final class CryptoUtil {
    private static final int AES_KEY_SIZE_BIT = 256;
    private static final int IV_LENGTH_BYTE = 12;
    private static final int PBKDF2_ITERATIONS = 50000;
    private static final int SALT_SIZE_BYTE = 32;
    private static final int TAG_LENGTH_BIT = 128;
    private final AAPSLogger aapsLogger;
    private Exception lastException;
    private final SecureRandom secureRandom;

    @Inject
    public CryptoUtil(AAPSLogger aapsLogger) {
        Intrinsics.checkNotNullParameter(aapsLogger, "aapsLogger");
        this.aapsLogger = aapsLogger;
        this.secureRandom = new SecureRandom();
    }

    public static /* synthetic */ byte[] mineSalt$default(CryptoUtil cryptoUtil, int i, int i2, Object obj) {
        if ((i2 & 1) != 0) {
            i = 32;
        }
        return cryptoUtil.mineSalt(i);
    }

    private final SecretKeySpec prepCipherKey(String passPhrase, byte[] salt, int iterationCount, int keyStrength) {
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2withHmacSHA1");
        Intrinsics.checkNotNullExpressionValue(secretKeyFactory, "getInstance(\"PBKDF2withHmacSHA1\")");
        char[] charArray = passPhrase.toCharArray();
        Intrinsics.checkNotNullExpressionValue(charArray, "this as java.lang.String).toCharArray()");
        SecretKey generateSecret = secretKeyFactory.generateSecret(new PBEKeySpec(charArray, salt, iterationCount, keyStrength));
        Intrinsics.checkNotNullExpressionValue(generateSecret, "factory.generateSecret(spec)");
        return new SecretKeySpec(generateSecret.getEncoded(), "AES");
    }

    static /* synthetic */ SecretKeySpec prepCipherKey$default(CryptoUtil cryptoUtil, String str, byte[] bArr, int i, int i2, int i3, Object obj) {
        if ((i3 & 4) != 0) {
            i = PBKDF2_ITERATIONS;
        }
        if ((i3 & 8) != 0) {
            i2 = 256;
        }
        return cryptoUtil.prepCipherKey(str, bArr, i, i2);
    }

    public final boolean checkPassword(String password, String referenceHash) {
        Intrinsics.checkNotNullParameter(password, "password");
        Intrinsics.checkNotNullParameter(referenceHash, "referenceHash");
        if (!StringsKt.startsWith$default(referenceHash, "hmac:", false, 2, (Object) null)) {
            return Intrinsics.areEqual(password, referenceHash);
        }
        List split$default = StringsKt.split$default((CharSequence) referenceHash, new String[]{SchemeUtil.DEFAULT_KEY_VALUE_SEPARATOR}, false, 0, 6, (Object) null);
        if (split$default.size() != 3) {
            return false;
        }
        return Intrinsics.areEqual(hmac256(password, (String) split$default.get(1)), split$default.get(2));
    }

    public final String decrypt(String passPhrase, byte[] salt, String encryptedData) {
        Intrinsics.checkNotNullParameter(passPhrase, "passPhrase");
        Intrinsics.checkNotNullParameter(salt, "salt");
        Intrinsics.checkNotNullParameter(encryptedData, "encryptedData");
        try {
            this.lastException = null;
            ByteBuffer wrap = ByteBuffer.wrap(Base64.decode(encryptedData));
            byte[] bArr = new byte[wrap.get()];
            wrap.get(bArr);
            byte[] bArr2 = new byte[wrap.remaining()];
            wrap.get(bArr2);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(\"AES/GCM/NoPadding\")");
            cipher.init(2, prepCipherKey$default(this, passPhrase, salt, 0, 0, 12, null), new GCMParameterSpec(128, bArr));
            byte[] dec = cipher.doFinal(bArr2);
            Intrinsics.checkNotNullExpressionValue(dec, "dec");
            return new String(dec, Charsets.UTF_8);
        } catch (Exception e) {
            this.lastException = e;
            this.aapsLogger.error("Decryption failed due to technical exception: " + e);
            return null;
        }
    }

    public final String encrypt(String passPhrase, byte[] salt, String rawData) {
        Intrinsics.checkNotNullParameter(passPhrase, "passPhrase");
        Intrinsics.checkNotNullParameter(salt, "salt");
        Intrinsics.checkNotNullParameter(rawData, "rawData");
        try {
            this.lastException = null;
            byte[] bArr = new byte[12];
            this.secureRandom.nextBytes(bArr);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            Intrinsics.checkNotNullExpressionValue(cipher, "getInstance(\"AES/GCM/NoPadding\")");
            cipher.init(1, prepCipherKey$default(this, passPhrase, salt, 0, 0, 12, null), new GCMParameterSpec(128, bArr));
            byte[] bytes = rawData.getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
            byte[] doFinal = cipher.doFinal(bytes);
            if (doFinal == null) {
                return null;
            }
            ByteBuffer allocate = ByteBuffer.allocate(13 + doFinal.length);
            Intrinsics.checkNotNullExpressionValue(allocate, "allocate(1 + iv.size + encrypted.size)");
            allocate.put((byte) 12);
            allocate.put(bArr);
            allocate.put(doFinal);
            byte[] encode = Base64.encode(allocate.array());
            Intrinsics.checkNotNullExpressionValue(encode, "encode(byteBuffer.array())");
            return new String(encode, Charsets.UTF_8);
        } catch (Exception e) {
            this.lastException = e;
            this.aapsLogger.error("Encryption failed due to technical exception: " + e);
            return null;
        }
    }

    public final AAPSLogger getAapsLogger() {
        return this.aapsLogger;
    }

    public final Exception getLastException() {
        return this.lastException;
    }

    public final String hashPassword(String password) {
        Intrinsics.checkNotNullParameter(password, "password");
        if (StringsKt.startsWith$default(password, "hmac:", false, 2, (Object) null)) {
            return password;
        }
        String hex = HexByteArrayConversionKt.toHex(mineSalt$default(this, 0, 1, null));
        return "hmac:" + hex + SchemeUtil.DEFAULT_KEY_VALUE_SEPARATOR + hmac256(password, hex);
    }

    public final String hmac256(String str, String secret) {
        Intrinsics.checkNotNullParameter(str, "str");
        Intrinsics.checkNotNullParameter(secret, "secret");
        Mac mac = Mac.getInstance(TimeBasedOneTimePasswordGenerator.TOTP_ALGORITHM_HMAC_SHA256);
        byte[] bytes = secret.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        mac.init(new SecretKeySpec(bytes, TimeBasedOneTimePasswordGenerator.TOTP_ALGORITHM_HMAC_SHA256));
        byte[] bytes2 = str.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes2, "this as java.lang.String).getBytes(charset)");
        byte[] doFinal = mac.doFinal(bytes2);
        Intrinsics.checkNotNullExpressionValue(doFinal, "sha256HMAC.doFinal(str.toByteArray())");
        return HexByteArrayConversionKt.toHex(doFinal);
    }

    public final byte[] mineSalt(int len) {
        byte[] bArr = new byte[len];
        this.secureRandom.nextBytes(bArr);
        return bArr;
    }

    public final void setLastException(Exception exc) {
        this.lastException = exc;
    }

    public final String sha256(String source) {
        Intrinsics.checkNotNullParameter(source, "source");
        MessageDigest messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.SHA_256);
        byte[] bytes = source.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        byte[] hashRaw = messageDigest.digest(bytes);
        Intrinsics.checkNotNullExpressionValue(hashRaw, "hashRaw");
        return HexByteArrayConversionKt.toHex(hashRaw);
    }
}
