package com.incountry.residence.sdk.tools.crypto;

import com.incountry.residence.sdk.tools.exceptions.StorageCryptoException;
import com.incountry.residence.sdk.tools.keyaccessor.key.SecretKey;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;

/* loaded from: input_file:com/incountry/residence/sdk/tools/crypto/DefaultCrypto.class */
public class DefaultCrypto implements Crypto {
    private static final String MSG_ERR_GEN_SECRET = "Secret generation exception";
    private static final String MSG_ERR_NO_ALGORITHM = "Unable to generate secret - cannot find PBKDF2WithHmacSHA512 algorithm. Please, check your JVM configuration";
    private static final String MSG_ERR_ENCRYPTION = "Data encryption error";
    private static final String MSG_ERR_ALG_EXCEPTION = "AES/GCM/NoPadding algorithm exception";
    private static final String ENCRYPTION_ALGORITHM = "AES/GCM/NoPadding";
    private static final String SECRET_KEY_FACTORY_ALGORITHM = "PBKDF2WithHmacSHA512";
    private static final String SECRET_KEY_ALGORITHM = "AES";
    private static final String VERSION = "2";
    private static final int AUTH_TAG_LENGTH = 16;
    private static final int IV_LENGTH = 12;
    private static final int KEY_LENGTH = 32;
    private static final int SALT_LENGTH = 64;
    private static final int PBKDF2_ITERATIONS_COUNT = 10000;
    private final Charset charset;

    public DefaultCrypto(Charset charset) {
        this.charset = charset;
    }

    @Override // com.incountry.residence.sdk.tools.crypto.Crypto
    public String encrypt(String str, SecretKey secretKey) throws StorageCryptoException {
        byte[] bytes = str.getBytes(this.charset);
        byte[] generateRandomBytes = generateRandomBytes(SALT_LENGTH);
        byte[] key = getKey(generateRandomBytes, secretKey);
        byte[] generateRandomBytes2 = generateRandomBytes(IV_LENGTH);
        SecretKeySpec secretKeySpec = new SecretKeySpec(key, SECRET_KEY_ALGORITHM);
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, generateRandomBytes2);
        try {
            Cipher cipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
            cipher.init(1, secretKeySpec, gCMParameterSpec);
            byte[] doFinal = cipher.doFinal(bytes);
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    byteArrayOutputStream.write(generateRandomBytes);
                    byteArrayOutputStream.write(generateRandomBytes2);
                    byteArrayOutputStream.write(doFinal);
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    byteArrayOutputStream.close();
                    return new String(Base64.getEncoder().encode(byteArray), this.charset);
                } finally {
                }
            } catch (IOException e) {
                throw new StorageCryptoException(MSG_ERR_ENCRYPTION, e);
            }
        } catch (GeneralSecurityException e2) {
            throw new StorageCryptoException(MSG_ERR_ALG_EXCEPTION, e2);
        }
    }

    @Override // com.incountry.residence.sdk.tools.crypto.Crypto
    public String decrypt(String str, SecretKey secretKey) throws StorageCryptoException {
        return decodeBytes(Base64.getDecoder().decode(str), secretKey);
    }

    public String decryptV1(String str, SecretKey secretKey) throws StorageCryptoException {
        return decodeBytes(DatatypeConverter.parseHexBinary(str), secretKey);
    }

    private String decodeBytes(byte[] bArr, SecretKey secretKey) throws StorageCryptoException {
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, SALT_LENGTH);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, SALT_LENGTH, 76);
        byte[] copyOfRange3 = Arrays.copyOfRange(bArr, 76, bArr.length);
        try {
            Cipher cipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
            cipher.init(2, new SecretKeySpec(getKey(copyOfRange, secretKey), SECRET_KEY_ALGORITHM), new GCMParameterSpec(128, copyOfRange2));
            return new String(cipher.doFinal(copyOfRange3), this.charset);
        } catch (GeneralSecurityException e) {
            throw new StorageCryptoException(MSG_ERR_ENCRYPTION, e);
        }
    }

    private byte[] generateStrongPasswordHash(byte[] bArr, byte[] bArr2, int i, int i2) throws StorageCryptoException {
        try {
            return SecretKeyFactory.getInstance(SECRET_KEY_FACTORY_ALGORITHM).generateSecret(new PBEKeySpec(this.charset.decode(ByteBuffer.wrap(bArr)).array(), bArr2, i, i2 * 8)).getEncoded();
        } catch (NoSuchAlgorithmException e) {
            throw new StorageCryptoException(MSG_ERR_NO_ALGORITHM, e);
        } catch (InvalidKeySpecException e2) {
            throw new StorageCryptoException(MSG_ERR_GEN_SECRET, e2);
        }
    }

    private byte[] getKey(byte[] bArr, SecretKey secretKey) throws StorageCryptoException {
        return secretKey.isKey() ? secretKey.getSecret() : generateStrongPasswordHash(secretKey.getSecret(), bArr, PBKDF2_ITERATIONS_COUNT, KEY_LENGTH);
    }

    private static byte[] generateRandomBytes(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    @Override // com.incountry.residence.sdk.tools.crypto.Crypto
    public boolean isCurrent() {
        return true;
    }

    @Override // com.incountry.residence.sdk.tools.crypto.Crypto
    public String getVersion() {
        return VERSION;
    }
}
