package e6;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import kotlin.jvm.internal.DefaultConstructorMarker;

/* compiled from: CryptoUtils.kt */
/* loaded from: classes.dex */
public final class f {

    /* renamed from: d, reason: collision with root package name */
    public static final a f32840d = new a(null);

    /* renamed from: a, reason: collision with root package name */
    private final c f32841a;

    /* renamed from: b, reason: collision with root package name */
    private final d f32842b;

    /* renamed from: c, reason: collision with root package name */
    private final i f32843c;

    /* compiled from: CryptoUtils.kt */
    /* loaded from: classes.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final KeyPair a() {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            kotlin.jvm.internal.p.i(generateKeyPair, "keyGenerator.generateKeyPair()");
            return generateKeyPair;
        }

        public final SecretKey b() {
            byte[] bArr = new byte[32];
            new SecureRandom().nextBytes(bArr);
            return c(bArr);
        }

        public final SecretKey c(byte[] keyBytes) {
            kotlin.jvm.internal.p.j(keyBytes, "keyBytes");
            return new SecretKeySpec(keyBytes, 0, keyBytes.length, "AES");
        }
    }

    public f(c cryptoEventHandler, d cryptoKeyManager, i pemFileHandler) {
        kotlin.jvm.internal.p.j(cryptoEventHandler, "cryptoEventHandler");
        kotlin.jvm.internal.p.j(cryptoKeyManager, "cryptoKeyManager");
        kotlin.jvm.internal.p.j(pemFileHandler, "pemFileHandler");
        this.f32841a = cryptoEventHandler;
        this.f32842b = cryptoKeyManager;
        this.f32843c = pemFileHandler;
    }

    private final String c(SecretKey secretKey, String str) {
        byte[] c10 = new o(secretKey, this.f32841a).c(g.a(str));
        if (c10 != null) {
            return new String(c10, kotlin.text.d.f40502b);
        }
        this.f32841a.b("CryptoUtils", "Error decrypting data with symmetric key.");
        return null;
    }

    public static final SecretKey h(byte[] bArr) {
        return f32840d.c(bArr);
    }

    public final byte[] a(byte[] byteArray) {
        kotlin.jvm.internal.p.j(byteArray, "byteArray");
        if (!o.u(byteArray)) {
            return byteArray;
        }
        g6.b j10 = o.j(new ByteArrayInputStream(byteArray), this.f32841a);
        if (j10 == null) {
            this.f32841a.b("CryptoUtils", "Locked key info was null when processing byte array! This is not normal!");
            return byteArray;
        }
        try {
            KeyPair l10 = this.f32842b.l(j10.b());
            if (l10 == null) {
                this.f32841a.b("CryptoUtils", "No private key found for fingerprint. Decryption will most likely fail.");
            }
            j jVar = new j(l10);
            byte[] contentKeyBytes = jVar.b(j10.d());
            if (contentKeyBytes == null) {
                this.f32841a.b("CryptoUtils", "Unable to decrypt RSA bytes for content key.");
            }
            a aVar = f32840d;
            kotlin.jvm.internal.p.i(contentKeyBytes, "contentKeyBytes");
            SecretKey c10 = aVar.c(contentKeyBytes);
            if (!jVar.i(j10.e(), j10.d())) {
                this.f32841a.c("CryptoUtils", "Unable to verify signature. We will continue on anyway, as unsigned content is valid, but it is unexpected to have a signature that is not valid, and may indicate a bug");
            }
            byte[] c11 = new o(c10, this.f32841a).c(byteArray);
            if (c11 == null) {
                this.f32841a.b("CryptoUtils", "Decrypted data was null.");
            }
            return c11 == null ? byteArray : c11;
        } catch (Exception e10) {
            this.f32841a.d("CryptoUtils", "Exception while processing encrypted feed content.", e10);
            return byteArray;
        }
    }

    public final String b(String keyBase64, String data) {
        kotlin.jvm.internal.p.j(keyBase64, "keyBase64");
        kotlin.jvm.internal.p.j(data, "data");
        return c(f32840d.c(g.a(keyBase64)), data);
    }

    public final f6.b d(KeyPair keyPair, ByteArrayInputStream byteArrayInputStream) {
        g6.b bVar;
        kotlin.jvm.internal.p.j(keyPair, "keyPair");
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        o oVar = new o(f32840d.c(bArr), this.f32841a);
        j jVar = new j(keyPair);
        byte[] lockedKey = jVar.d(bArr);
        byte[] g10 = jVar.g(lockedKey);
        if (g10 == null) {
            this.f32841a.c("CryptoUtils", "Unable to sign locked content key. This is not fatal, as server-produced entries will also be without a signature, but it is unexpected and may indicate an error. The client should always be able to sign content it produces.");
        }
        try {
            byte[] digest = MessageDigest.getInstance("SHA256").digest(keyPair.getPublic().getEncoded());
            kotlin.jvm.internal.p.i(digest, "getInstance(\"SHA256\").di…t(keyPair.public.encoded)");
            kotlin.jvm.internal.p.i(lockedKey, "lockedKey");
            bVar = new g6.b(digest, lockedKey, g10);
        } catch (NoSuchAlgorithmException e10) {
            this.f32841a.d("CryptoUtils", "Exception while creating locked key info for an entry!", e10);
            bVar = null;
        }
        f6.b f10 = oVar.f(byteArrayInputStream, bVar, true);
        kotlin.jvm.internal.p.i(f10, "cryptor.encrypt(inputStream, keyInfo, true)");
        return f10;
    }

    public final File e(KeyPair keyPair, FileInputStream fileInputStream) {
        g6.b bVar;
        kotlin.jvm.internal.p.j(keyPair, "keyPair");
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        o oVar = new o(f32840d.c(bArr), this.f32841a);
        j jVar = new j(keyPair);
        byte[] lockedKey = jVar.d(bArr);
        byte[] g10 = jVar.g(lockedKey);
        if (g10 == null) {
            this.f32841a.c("CryptoUtils", "Unable to sign locked content key. This is not fatal, as server-produced entries will alsobe without a signature, but it is unexpected and may indicate an error. The client should always be able to sign content it produces.");
        }
        try {
            byte[] digest = MessageDigest.getInstance("SHA256").digest(keyPair.getPublic().getEncoded());
            kotlin.jvm.internal.p.i(digest, "getInstance(\"SHA256\").di…t(keyPair.public.encoded)");
            kotlin.jvm.internal.p.i(lockedKey, "lockedKey");
            bVar = new g6.b(digest, lockedKey, g10);
        } catch (NoSuchAlgorithmException e10) {
            this.f32841a.d("CryptoUtils", "Exception while creating locked key info for an entry!", e10);
            bVar = null;
        }
        File h10 = oVar.h(fileInputStream, bVar);
        kotlin.jvm.internal.p.i(h10, "cryptor.encryptIntoFile(fileInputStream, keyInfo)");
        return h10;
    }

    public final String f(SecretKey key, String data) {
        kotlin.jvm.internal.p.j(key, "key");
        kotlin.jvm.internal.p.j(data, "data");
        o oVar = new o(key, this.f32841a);
        byte[] bytes = data.getBytes(kotlin.text.d.f40502b);
        kotlin.jvm.internal.p.i(bytes, "this as java.lang.String).getBytes(charset)");
        ByteArrayOutputStream g10 = oVar.g(new ByteArrayInputStream(bytes));
        if (g10 == null) {
            this.f32841a.b("CryptoUtils", "Error encrypting data with symmetric key.");
            return null;
        }
        byte[] byteArray = g10.toByteArray();
        kotlin.jvm.internal.p.i(byteArray, "encryptedData.toByteArray()");
        return g.b(byteArray);
    }

    public final String g(Key key) {
        kotlin.jvm.internal.p.j(key, "key");
        try {
            char[] a10 = no.c.a(MessageDigest.getInstance("SHA256").digest(key.getEncoded()));
            kotlin.jvm.internal.p.i(a10, "encodeHex(MessageDigest.…56\").digest(key.encoded))");
            return new String(a10);
        } catch (NoSuchAlgorithmException e10) {
            this.f32841a.d("CryptoUtils", "Error while running getFingerprint.", e10);
            return null;
        }
    }

    public final String i(PublicKey publicKey, SecretKey invitationKey) {
        kotlin.jvm.internal.p.j(publicKey, "publicKey");
        kotlin.jvm.internal.p.j(invitationKey, "invitationKey");
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(invitationKey);
        String d10 = this.f32843c.d(publicKey);
        if (d10 == null) {
            this.f32841a.b("CryptoUtils", "Error getting public key string while signing with HMAC.");
            return null;
        }
        byte[] bytes = d10.getBytes(kotlin.text.d.f40502b);
        kotlin.jvm.internal.p.i(bytes, "this as java.lang.String).getBytes(charset)");
        byte[] publicKeySigned = mac.doFinal(bytes);
        kotlin.jvm.internal.p.i(publicKeySigned, "publicKeySigned");
        return g.b(publicKeySigned);
    }
}
