package com.google.android.libraries.nest.weavekit;

import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* compiled from: PG */
/* loaded from: classes2.dex */
public class PasswordBasedDataEncrypter implements DataEncrypter {
    private static final byte[] a = {-56, 6, 43, 49};
    private final SecureRandom b;
    private String c;
    private SecretKey d;
    private SecretKey e;
    private SecretKey f;
    private byte[] g;

    public PasswordBasedDataEncrypter(String str, SecureRandom secureRandom) {
        this.c = str;
        this.b = secureRandom;
    }

    public PasswordBasedDataEncrypter(SecretKey secretKey, SecureRandom secureRandom) {
        this.d = secretKey;
        this.b = secureRandom;
    }

    private final void a(byte[] bArr) throws GeneralSecurityException {
        byte[] bArr2;
        if (this.c != null && this.d != null && bArr != null && bArr != (bArr2 = this.g) && (bArr2 == null || !MessageDigest.isEqual(bArr, bArr2))) {
            this.d = null;
            this.e = null;
            this.f = null;
            this.g = null;
        }
        if (this.e == null || this.f == null) {
            if (this.d == null) {
                if (this.c == null) {
                    throw new IllegalStateException("PasswordBasedDataEncrypter: Password not set");
                }
                if (bArr == null) {
                    bArr = new byte[32];
                    this.b.nextBytes(bArr);
                }
                this.d = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(this.c.toCharArray(), bArr, 500000, 32));
                this.g = bArr;
            }
            Mac mac = Mac.getInstance("HmacSHA256");
            int macLength = mac.getMacLength();
            int i = macLength + macLength;
            if (i < 64) {
                throw new GeneralSecurityException("PasswordBasedDataEncrypter: Output of MAC algorithm too short for key derivation");
            }
            byte[] bArr3 = new byte[i];
            mac.init(this.d);
            byte[] bArr4 = a;
            System.arraycopy(bArr4, 0, bArr3, 0, 4);
            bArr3[4] = 1;
            mac.update(bArr3, 0, 5);
            mac.doFinal(bArr3, 0);
            System.arraycopy(bArr4, 0, bArr3, macLength, 4);
            bArr3[macLength + 4] = 2;
            mac.update(bArr3, 0, macLength + 5);
            mac.doFinal(bArr3, macLength);
            this.e = new SecretKeySpec(bArr3, 0, 32, "AES");
            this.f = new SecretKeySpec(bArr3, 32, 32, "HmacSHA256");
        }
    }

    @Override // com.google.android.libraries.nest.weavekit.DataEncrypter
    public byte[] decrypt(byte[] bArr) throws GeneralSecurityException {
        if (bArr.length < 4) {
            throw new GeneralSecurityException("PasswordBasedDataEncrypter: encryptedData too short");
        }
        for (int i = 0; i < 4; i++) {
            if (bArr[i] != a[i]) {
                throw new GeneralSecurityException("PasswordBasedDataEncrypter: Unsupported encrypted data format");
            }
        }
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        Mac mac = Mac.getInstance("HmacSHA256");
        int blockSize = cipher.getBlockSize();
        int macLength = mac.getMacLength();
        int blockSize2 = cipher.getBlockSize();
        int i2 = blockSize + 36;
        int length = bArr.length;
        if (length < blockSize2 + i2 + macLength) {
            throw new GeneralSecurityException("PasswordBasedDataEncrypter: encryptedData too short");
        }
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 4, 36);
        a(copyOfRange);
        mac.init(this.f);
        int i3 = length - macLength;
        mac.update(bArr, 0, i3);
        if (!MessageDigest.isEqual(mac.doFinal(), Arrays.copyOfRange(bArr, i3, length))) {
            throw new GeneralSecurityException("PasswordBasedDataEncrypter: Invalid MAC");
        }
        cipher.init(2, this.e, new IvParameterSpec(bArr, 36, blockSize));
        byte[] doFinal = cipher.doFinal(bArr, i2, length - (macLength + i2));
        this.g = copyOfRange;
        return doFinal;
    }

    @Override // com.google.android.libraries.nest.weavekit.DataEncrypter
    public byte[] encrypt(byte[] bArr) throws GeneralSecurityException {
        if (this.c == null && this.g == null) {
            throw new IllegalStateException("PasswordBasedDataEncrypter: KDF salt not set");
        }
        a(null);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        Mac mac = Mac.getInstance("HmacSHA256");
        int blockSize = cipher.getBlockSize();
        int macLength = mac.getMacLength();
        byte[] bArr2 = new byte[blockSize];
        this.b.nextBytes(bArr2);
        cipher.init(1, this.e, new IvParameterSpec(bArr2));
        int length = bArr.length;
        int outputSize = cipher.getOutputSize(length);
        int i = blockSize + 36;
        int i2 = i + outputSize;
        byte[] bArr3 = new byte[macLength + i2];
        System.arraycopy(a, 0, bArr3, 0, 4);
        System.arraycopy(this.g, 0, bArr3, 4, 32);
        System.arraycopy(bArr2, 0, bArr3, 36, blockSize);
        if (cipher.doFinal(bArr, 0, length, bArr3, i) != outputSize) {
            throw new GeneralSecurityException("PasswordBasedDataEncrypter: Actual encrypted length != expected encrypted length");
        }
        mac.init(this.f);
        mac.update(bArr3, 0, i2);
        mac.doFinal(bArr3, i2);
        return bArr3;
    }

    public SecretKey getMasterKey() {
        return this.d;
    }
}
