package at.favre.lib.armadillo;

import at.favre.lib.bytes.Bytes;
import at.favre.lib.crypto.HKDF;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.Provider;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.UByte;

/* JADX INFO: Access modifiers changed from: package-private */
@Deprecated
/* loaded from: classes.dex */
public final class AesCbcEncryption implements AuthenticatedEncryption {
    private ThreadLocal<Cipher> cipherWrapper = new ThreadLocal<>();
    private Mac hmac;
    private final Provider provider;
    private final SecureRandom secureRandom;

    public AesCbcEncryption(SecureRandom secureRandom, Provider provider) {
        this.secureRandom = secureRandom;
        this.provider = provider;
    }

    private void checkAesKey(byte[] bArr) throws IllegalArgumentException {
        int length = bArr.length;
        if (length != 16 && length != 32) {
            throw new IllegalArgumentException("AES key length must be 16, 24, or 32 bytes");
        }
    }

    private SecretKeySpec createEncryptionKey(byte[] bArr) {
        return new SecretKeySpec(HKDF.fromHmacSha256().expand(bArr, Bytes.from("encKey").array(), bArr.length), "AES");
    }

    private synchronized Mac createHmacInstance() {
        if (this.hmac == null) {
            try {
                this.hmac = Mac.getInstance("HmacSHA256");
            } catch (Exception e) {
                throw new IllegalStateException("could not get cipher instance", e);
            }
        }
        return this.hmac;
    }

    private SecretKey createMacKey(byte[] bArr) {
        return new SecretKeySpec(HKDF.fromHmacSha256().expand(bArr, Bytes.from("macKey").array(), 32), "HmacSHA256");
    }

    private Cipher getCipher() {
        Cipher cipher = this.cipherWrapper.get();
        if (cipher != null) {
            return cipher;
        }
        try {
            Provider provider = this.provider;
            this.cipherWrapper.set(provider != null ? Cipher.getInstance("AES/CBC/PKCS5Padding", provider) : Cipher.getInstance("AES/CBC/PKCS5Padding"));
            return this.cipherWrapper.get();
        } catch (Exception e) {
            throw new IllegalStateException("could not get cipher instance", e);
        }
    }

    private byte[] macCipherText(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        SecretKey createMacKey = createMacKey(bArr);
        try {
            createHmacInstance();
            this.hmac.init(createMacKey);
            this.hmac.update(bArr3);
            this.hmac.update(bArr2);
            if (bArr4 != null) {
                this.hmac.update(bArr4);
            }
            return this.hmac.doFinal();
        } catch (InvalidKeyException unused) {
            throw new IllegalStateException("error during HMAC calculation");
        }
    }

    private void verifyMac(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5) throws AuthenticatedEncryptionException {
        if (!Bytes.wrap(bArr4).equalsConstantTime(macCipherText(bArr, bArr2, bArr3, bArr5))) {
            throw new AuthenticatedEncryptionException("encryption integrity exception: mac does not match");
        }
    }

    @Override // at.favre.lib.armadillo.AuthenticatedEncryption
    public int byteSizeLength(int i) {
        return i == 0 ? 16 : 32;
    }

    @Override // at.favre.lib.armadillo.AuthenticatedEncryption
    public byte[] decrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws AuthenticatedEncryptionException {
        byte[] bArr4;
        byte[] bArr5;
        checkAesKey(bArr);
        byte[] bArr6 = null;
        try {
            ByteBuffer wrap = ByteBuffer.wrap(bArr2);
            byte[] bArr7 = new byte[wrap.get() & UByte.MAX_VALUE];
            try {
                wrap.get(bArr7);
                bArr5 = new byte[wrap.get() & UByte.MAX_VALUE];
                try {
                    wrap.get(bArr5);
                    bArr6 = new byte[wrap.remaining()];
                    wrap.get(bArr6);
                    verifyMac(bArr, bArr6, bArr7, bArr5, bArr3);
                    Cipher cipher = getCipher();
                    cipher.init(2, createEncryptionKey(bArr), new IvParameterSpec(bArr7));
                    byte[] doFinal = cipher.doFinal(bArr6);
                    Bytes.wrapNullSafe(bArr7).mutable().secureWipe();
                    Bytes.wrapNullSafe(bArr6).mutable().secureWipe();
                    Bytes.wrapNullSafe(bArr5).mutable().secureWipe();
                    return doFinal;
                } catch (Exception e) {
                    e = e;
                    bArr4 = bArr6;
                    bArr6 = bArr7;
                    try {
                        throw new AuthenticatedEncryptionException("could not decrypt", e);
                    } catch (Throwable th) {
                        th = th;
                        Bytes.wrapNullSafe(bArr6).mutable().secureWipe();
                        Bytes.wrapNullSafe(bArr4).mutable().secureWipe();
                        Bytes.wrapNullSafe(bArr5).mutable().secureWipe();
                        throw th;
                    }
                } catch (Throwable th2) {
                    th = th2;
                    bArr4 = bArr6;
                    bArr6 = bArr7;
                    Bytes.wrapNullSafe(bArr6).mutable().secureWipe();
                    Bytes.wrapNullSafe(bArr4).mutable().secureWipe();
                    Bytes.wrapNullSafe(bArr5).mutable().secureWipe();
                    throw th;
                }
            } catch (Exception e2) {
                e = e2;
                bArr4 = null;
                bArr5 = null;
            } catch (Throwable th3) {
                th = th3;
                bArr4 = null;
                bArr5 = null;
            }
        } catch (Exception e3) {
            e = e3;
            bArr4 = null;
            bArr5 = null;
        } catch (Throwable th4) {
            th = th4;
            bArr4 = null;
            bArr5 = null;
        }
    }

    @Override // at.favre.lib.armadillo.AuthenticatedEncryption
    public byte[] encrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws AuthenticatedEncryptionException {
        byte[] bArr4;
        byte[] bArr5;
        checkAesKey(bArr);
        byte[] bArr6 = null;
        try {
            byte[] bArr7 = new byte[16];
            try {
                this.secureRandom.nextBytes(bArr7);
                Cipher cipher = getCipher();
                cipher.init(1, createEncryptionKey(bArr), new IvParameterSpec(bArr7));
                bArr4 = cipher.doFinal(bArr2);
                try {
                    bArr6 = macCipherText(bArr, bArr4, bArr7, bArr3);
                    ByteBuffer allocate = ByteBuffer.allocate(18 + bArr6.length + bArr4.length);
                    allocate.put((byte) 16);
                    allocate.put(bArr7);
                    allocate.put((byte) bArr6.length);
                    allocate.put(bArr6);
                    allocate.put(bArr4);
                    byte[] array = allocate.array();
                    Bytes.wrapNullSafe(bArr7).mutable().secureWipe();
                    Bytes.wrapNullSafe(bArr4).mutable().secureWipe();
                    Bytes.wrapNullSafe(bArr6).mutable().secureWipe();
                    return array;
                } catch (Exception e) {
                    e = e;
                    bArr5 = bArr6;
                    bArr6 = bArr7;
                    try {
                        throw new AuthenticatedEncryptionException("could not encrypt", e);
                    } catch (Throwable th) {
                        th = th;
                        Bytes.wrapNullSafe(bArr6).mutable().secureWipe();
                        Bytes.wrapNullSafe(bArr4).mutable().secureWipe();
                        Bytes.wrapNullSafe(bArr5).mutable().secureWipe();
                        throw th;
                    }
                } catch (Throwable th2) {
                    th = th2;
                    bArr5 = bArr6;
                    bArr6 = bArr7;
                    Bytes.wrapNullSafe(bArr6).mutable().secureWipe();
                    Bytes.wrapNullSafe(bArr4).mutable().secureWipe();
                    Bytes.wrapNullSafe(bArr5).mutable().secureWipe();
                    throw th;
                }
            } catch (Exception e2) {
                e = e2;
                bArr4 = null;
                bArr5 = null;
            } catch (Throwable th3) {
                th = th3;
                bArr4 = null;
                bArr5 = null;
            }
        } catch (Exception e3) {
            e = e3;
            bArr4 = null;
            bArr5 = null;
        } catch (Throwable th4) {
            th = th4;
            bArr4 = null;
            bArr5 = null;
        }
    }
}
