package com.dracoon.sdk.crypto;

import com.dracoon.sdk.crypto.model.EncryptedFileKey;
import com.dracoon.sdk.crypto.model.PlainFileKey;
import com.dracoon.sdk.crypto.model.UserKeyPair;
import com.dracoon.sdk.crypto.model.UserPrivateKey;
import com.dracoon.sdk.crypto.model.UserPublicKey;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.StringWriter;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.spec.MGF1ParameterSpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMException;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.PKCS8Generator;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.openssl.jcajce.JcaPKCS8Generator;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8EncryptorBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.util.io.pem.PemGenerationException;

/* loaded from: input_file:com/dracoon/sdk/crypto/Crypto.class */
public class Crypto {
    private static final int HASH_ITERATION_COUNT = 10000;
    private static final int FILE_KEY_SIZE = 32;
    private static final int IV_SIZE = 12;

    private Crypto() {
    }

    public static UserKeyPair generateUserKeyPair(String str) throws InvalidKeyPairException, InvalidPasswordException, CryptoSystemException {
        return generateUserKeyPair(CryptoConstants.DEFAULT_VERSION, str);
    }

    public static UserKeyPair generateUserKeyPair(String str, String str2) throws InvalidKeyPairException, InvalidPasswordException, CryptoSystemException {
        validateUserKeyPairVersion(str);
        validatePassword(str2);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            String encryptPrivateKey = encryptPrivateKey(generateKeyPair.getPrivate(), str2);
            String stringFromPublicKey = getStringFromPublicKey(generateKeyPair.getPublic());
            UserPrivateKey userPrivateKey = new UserPrivateKey();
            userPrivateKey.setVersion(str);
            userPrivateKey.setPrivateKey(encryptPrivateKey);
            UserPublicKey userPublicKey = new UserPublicKey();
            userPublicKey.setVersion(str);
            userPublicKey.setPublicKey(stringFromPublicKey);
            UserKeyPair userKeyPair = new UserKeyPair();
            userKeyPair.setUserPrivateKey(userPrivateKey);
            userKeyPair.setUserPublicKey(userPublicKey);
            return userKeyPair;
        } catch (NoSuchAlgorithmException e) {
            throw new CryptoSystemException("Could not generate RSA key pair. Algorithm is missing.", e);
        }
    }

    private static String encryptPrivateKey(PrivateKey privateKey, String str) throws InvalidPasswordException, CryptoSystemException {
        try {
            try {
                JcaPKCS8Generator jcaPKCS8Generator = new JcaPKCS8Generator(privateKey, new JceOpenSSLPKCS8EncryptorBuilder(PKCS8Generator.AES_256_CBC).setProvider("BC").setIterationCount(HASH_ITERATION_COUNT).setPasssword(str.toCharArray()).build());
                try {
                    StringWriter stringWriter = new StringWriter();
                    JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
                    jcaPEMWriter.writeObject(jcaPKCS8Generator);
                    jcaPEMWriter.close();
                    return stringWriter.toString();
                } catch (IOException e) {
                    throw new CryptoSystemException("Could not encrypt private key. PEM encoding failed.", e);
                }
            } catch (PemGenerationException e2) {
                throw new InvalidPasswordException("Could not encrypt private key. Invalid private key password.", e2);
            }
        } catch (OperatorCreationException e3) {
            throw new CryptoSystemException("Could not encrypt private key. Creation of PKCS8(AES 256 CBC) encryptor failed.", e3);
        }
    }

    private static PrivateKey decryptPrivateKey(String str, String str2) throws InvalidKeyPairException, InvalidPasswordException, CryptoSystemException {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
            PEMParser pEMParser = new PEMParser(new InputStreamReader(byteArrayInputStream));
            Object readObject = pEMParser.readObject();
            pEMParser.close();
            byteArrayInputStream.close();
            try {
                if (!(readObject instanceof PKCS8EncryptedPrivateKeyInfo)) {
                    throw new InvalidKeyPairException("Could not decrypt private key. Provided key is not a PKCS8 encrypted private key.");
                }
                try {
                    return new JcaPEMKeyConverter().setProvider("BC").getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().setProvider("BC").build(str2.toCharArray())));
                } catch (PEMException e) {
                    throw new CryptoSystemException("Could not decrypted private key. PEM decoding failed.", e);
                }
            } catch (OperatorCreationException e2) {
                throw new CryptoSystemException("Could not decrypt private key. Creation of PKCS8 decryptor failed.", e2);
            } catch (PKCSException e3) {
                throw new InvalidPasswordException("Could not decrypt private key. Invalid private key password.", e3);
            }
        } catch (IOException e4) {
            throw new InvalidKeyPairException("Could not decrypt private key. PEM decoding failed.", e4);
        }
    }

    private static String getStringFromPublicKey(PublicKey publicKey) throws InvalidKeyPairException {
        try {
            StringWriter stringWriter = new StringWriter();
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
            jcaPEMWriter.writeObject(publicKey);
            jcaPEMWriter.close();
            return stringWriter.toString();
        } catch (IOException e) {
            throw new InvalidKeyPairException("Could not encode public key. PEM encoding failed.", e);
        }
    }

    private static PublicKey getPublicKeyFromString(String str) throws InvalidKeyPairException, CryptoSystemException {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
            PEMParser pEMParser = new PEMParser(new InputStreamReader(byteArrayInputStream));
            Object readObject = pEMParser.readObject();
            pEMParser.close();
            byteArrayInputStream.close();
            if (!(readObject instanceof SubjectPublicKeyInfo)) {
                throw new InvalidKeyPairException("Could not decode public key. Provided key is not PKCS8 public key.");
            }
            try {
                return new JcaPEMKeyConverter().setProvider("BC").getPublicKey((SubjectPublicKeyInfo) readObject);
            } catch (PEMException e) {
                throw new CryptoSystemException("Could not decode public key. PEM decoding failed.", e);
            }
        } catch (IOException e2) {
            throw new InvalidKeyPairException("Could not decode public key. PEM decoding failed.", e2);
        }
    }

    public static boolean checkUserKeyPair(UserKeyPair userKeyPair, String str) throws InvalidKeyPairException, CryptoSystemException {
        validateUserKeyPair(userKeyPair);
        validateUserPrivateKey(userKeyPair.getUserPrivateKey());
        if (str == null || str.isEmpty()) {
            return false;
        }
        try {
            decryptPrivateKey(userKeyPair.getUserPrivateKey().getPrivateKey(), str);
            return true;
        } catch (CryptoSystemException | InvalidKeyPairException e) {
            throw e;
        } catch (InvalidPasswordException e2) {
            return false;
        }
    }

    public static EncryptedFileKey encryptFileKey(PlainFileKey plainFileKey, UserPublicKey userPublicKey) throws InvalidFileKeyException, InvalidKeyPairException, CryptoSystemException {
        validatePlainFileKey(plainFileKey);
        validateUserPublicKey(userPublicKey);
        PublicKey publicKeyFromString = getPublicKeyFromString(userPublicKey.getPublicKey());
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING");
            cipher.init(1, publicKeyFromString, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
            try {
                byte[] doFinal = cipher.doFinal(CryptoUtils.stringToByteArray(plainFileKey.getKey()));
                EncryptedFileKey encryptedFileKey = new EncryptedFileKey();
                encryptedFileKey.setKey(CryptoUtils.byteArrayToString(doFinal));
                encryptedFileKey.setIv(plainFileKey.getIv());
                encryptedFileKey.setTag(plainFileKey.getTag());
                encryptedFileKey.setVersion(plainFileKey.getVersion());
                return encryptedFileKey;
            } catch (BadPaddingException | IllegalBlockSizeException e) {
                throw new CryptoSystemException("Could not encrypt file key. Encryption failed.", e);
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchPaddingException e2) {
            throw new CryptoSystemException("Could not encrypt file key. Creation of cipher failed.", e2);
        } catch (InvalidKeyException e3) {
            throw new InvalidKeyPairException("Could not encrypt file key. Invalid public key.", e3);
        }
    }

    public static PlainFileKey decryptFileKey(EncryptedFileKey encryptedFileKey, UserPrivateKey userPrivateKey, String str) throws InvalidFileKeyException, InvalidKeyPairException, InvalidPasswordException, CryptoSystemException {
        validateEncryptedFileKey(encryptedFileKey);
        validateUserPrivateKey(userPrivateKey);
        validatePassword(str);
        PrivateKey decryptPrivateKey = decryptPrivateKey(userPrivateKey.getPrivateKey(), str);
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING");
            cipher.init(2, decryptPrivateKey, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT));
            try {
                byte[] doFinal = cipher.doFinal(CryptoUtils.stringToByteArray(encryptedFileKey.getKey()));
                PlainFileKey plainFileKey = new PlainFileKey();
                plainFileKey.setKey(CryptoUtils.byteArrayToString(doFinal));
                plainFileKey.setIv(encryptedFileKey.getIv());
                plainFileKey.setTag(encryptedFileKey.getTag());
                plainFileKey.setVersion(encryptedFileKey.getVersion());
                return plainFileKey;
            } catch (BadPaddingException | IllegalBlockSizeException e) {
                throw new InvalidFileKeyException("Could not decrypt file key. Encryption failed.", e);
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchPaddingException e2) {
            throw new CryptoSystemException("Could not decrypt file key. Creation of cipher failed.", e2);
        } catch (InvalidKeyException e3) {
            throw new InvalidKeyPairException("Could not decrypt file key. Invalid private key.", e3);
        }
    }

    public static PlainFileKey generateFileKey() {
        try {
            return generateFileKey(CryptoConstants.DEFAULT_VERSION);
        } catch (InvalidFileKeyException e) {
            return null;
        }
    }

    public static PlainFileKey generateFileKey(String str) throws InvalidFileKeyException {
        validateFileKeyVersion(str);
        byte[] generateSecureRandomByteArray = generateSecureRandomByteArray(FILE_KEY_SIZE);
        byte[] generateSecureRandomByteArray2 = generateSecureRandomByteArray(IV_SIZE);
        PlainFileKey plainFileKey = new PlainFileKey();
        plainFileKey.setKey(CryptoUtils.byteArrayToString(generateSecureRandomByteArray));
        plainFileKey.setIv(CryptoUtils.byteArrayToString(generateSecureRandomByteArray2));
        plainFileKey.setTag(null);
        plainFileKey.setVersion(str);
        return plainFileKey;
    }

    private static byte[] generateSecureRandomByteArray(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    public static FileEncryptionCipher createFileEncryptionCipher(PlainFileKey plainFileKey) throws InvalidFileKeyException, CryptoSystemException {
        validatePlainFileKey(plainFileKey);
        return new FileEncryptionCipher(plainFileKey);
    }

    public static FileDecryptionCipher createFileDecryptionCipher(PlainFileKey plainFileKey) throws InvalidFileKeyException, CryptoSystemException {
        validatePlainFileKey(plainFileKey);
        return new FileDecryptionCipher(plainFileKey);
    }

    private static void validatePassword(String str) throws InvalidPasswordException {
        if (str == null || str.isEmpty()) {
            throw new InvalidPasswordException("Password cannot be null or empty.");
        }
    }

    private static void validateUserKeyPair(UserKeyPair userKeyPair) throws InvalidKeyPairException {
        if (userKeyPair == null) {
            throw new InvalidKeyPairException("User key pair cannot be null.");
        }
    }

    private static void validateUserKeyPairVersion(String str) throws InvalidKeyPairException {
        if (str == null || str.isEmpty() || !str.equals(CryptoConstants.DEFAULT_VERSION)) {
            throw new InvalidKeyPairException("Unknown user key pair version.");
        }
    }

    private static void validateUserPrivateKey(UserPrivateKey userPrivateKey) throws InvalidKeyPairException {
        if (userPrivateKey == null) {
            throw new InvalidKeyPairException("Private key container cannot be null.");
        }
        String version = userPrivateKey.getVersion();
        if (version == null || !version.equals(CryptoConstants.DEFAULT_VERSION)) {
            throw new InvalidKeyPairException("Unknown private key version.");
        }
        String privateKey = userPrivateKey.getPrivateKey();
        if (privateKey == null || privateKey.isEmpty()) {
            throw new InvalidKeyPairException("Private key cannot be null or empty.");
        }
    }

    private static void validateUserPublicKey(UserPublicKey userPublicKey) throws InvalidKeyPairException {
        if (userPublicKey == null) {
            throw new InvalidKeyPairException("Public key container cannot be null.");
        }
        String version = userPublicKey.getVersion();
        if (version == null || !version.equals(CryptoConstants.DEFAULT_VERSION)) {
            throw new InvalidKeyPairException("Unknown public key version.");
        }
        String publicKey = userPublicKey.getPublicKey();
        if (publicKey == null || publicKey.isEmpty()) {
            throw new InvalidKeyPairException("Public key cannot be null or empty.");
        }
    }

    private static void validateFileKeyVersion(String str) throws InvalidFileKeyException {
        if (str == null || str.isEmpty()) {
            throw new InvalidFileKeyException("Unknown file key version.");
        }
    }

    private static void validatePlainFileKey(PlainFileKey plainFileKey) throws InvalidFileKeyException {
        if (plainFileKey == null) {
            throw new InvalidFileKeyException("File key cannot be null.");
        }
        String version = plainFileKey.getVersion();
        if (version == null || !version.equals(CryptoConstants.DEFAULT_VERSION)) {
            throw new InvalidFileKeyException("Unknown file key version.");
        }
    }

    private static void validateEncryptedFileKey(EncryptedFileKey encryptedFileKey) throws InvalidFileKeyException {
        if (encryptedFileKey == null) {
            throw new InvalidFileKeyException("File key cannot be null.");
        }
        String version = encryptedFileKey.getVersion();
        if (version == null || !version.equals(CryptoConstants.DEFAULT_VERSION)) {
            throw new InvalidFileKeyException("Unknown file key version.");
        }
    }

    static {
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
    }
}
