package co.gem.round.crypto;

import co.gem.round.encoding.Hex;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.abstractj.kalium.crypto.SecretBox;
import org.spongycastle.crypto.BufferedBlockCipher;
import org.spongycastle.crypto.InvalidCipherTextException;
import org.spongycastle.crypto.PBEParametersGenerator;
import org.spongycastle.crypto.engines.AESEngine;
import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.spongycastle.crypto.modes.CBCBlockCipher;
import org.spongycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.spongycastle.crypto.paddings.ZeroBytePadding;
import org.spongycastle.crypto.params.KeyParameter;
import org.spongycastle.crypto.params.ParametersWithIV;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.util.Arrays;

/* loaded from: input_file:co/gem/round/crypto/PassphraseBox.class */
public class PassphraseBox {
    private byte[] aesKey;
    private byte[] salt;
    private byte[] iv;
    private BufferedBlockCipher encryptCipher;
    private BufferedBlockCipher decryptCipher;
    private SecretKeySpec aesSecretKey;
    private SecretKeySpec hmacSecretKey;
    private int iterations;
    private SecretBox box;
    private Mode mode;
    public static final String UTF_8 = "UTF-8";
    final int IVBYTES = 16;
    final int SALTBYTES = 16;
    final int KEYBYTES = 32;
    final int ITERATIONS = 100000;
    final int ITERATIONS_WINDOW = 20000;
    private SecureRandom random = new SecureRandom();

    /* loaded from: input_file:co/gem/round/crypto/PassphraseBox$Mode.class */
    public enum Mode {
        AES,
        SODIUM
    }

    public PassphraseBox(String str, String str2, int i, Mode mode) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, NoSuchProviderException {
        this.mode = mode;
        if (str2 == null) {
            this.salt = new byte[16];
            this.random.nextBytes(this.salt);
        } else {
            this.salt = Hex.decode(str2);
        }
        if (i == 0) {
            this.iterations = 100000 + this.random.nextInt(20000);
        } else {
            this.iterations = i;
        }
        if (this.mode != Mode.AES) {
            if (this.mode == Mode.SODIUM) {
                this.box = new SecretBox(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(str.toCharArray(), this.salt, i, 256)).getEncoded());
                return;
            }
            return;
        }
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator();
        pKCS5S2ParametersGenerator.init(PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(str.toCharArray()), this.salt, this.iterations);
        byte[] key = pKCS5S2ParametersGenerator.generateDerivedParameters(512).getKey();
        this.aesKey = Arrays.copyOfRange(key, 0, 32);
        this.aesSecretKey = new SecretKeySpec(this.aesKey, "AES");
        this.hmacSecretKey = new SecretKeySpec(Arrays.copyOfRange(key, 32, 64), "HmacSHA256");
        this.encryptCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), new ZeroBytePadding());
        this.decryptCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), new ZeroBytePadding());
    }

    private byte[] cipherData(BufferedBlockCipher bufferedBlockCipher, byte[] bArr) throws InvalidCipherTextException, UnsupportedEncodingException {
        byte[] bArr2 = new byte[bufferedBlockCipher.getOutputSize(bArr.length)];
        int processBytes = bufferedBlockCipher.processBytes(bArr, 0, bArr.length, bArr2, 0);
        int doFinal = processBytes + bufferedBlockCipher.doFinal(bArr2, processBytes);
        byte[] bArr3 = new byte[doFinal];
        System.arraycopy(bArr2, 0, bArr3, 0, doFinal);
        return bArr3;
    }

    public String decrypt(String str, String str2, String str3) throws InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, UnsupportedEncodingException, InvalidCipherTextException, NoSuchAlgorithmException {
        if (this.mode == Mode.AES) {
            return decryptAes(str, str3);
        }
        if (this.mode == Mode.SODIUM) {
            return decryptSodium(str2, str3);
        }
        throw new NoSuchAlgorithmException();
    }

    public String decryptAes(String str, String str2) throws InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, UnsupportedEncodingException, InvalidCipherTextException, NoSuchAlgorithmException {
        this.iv = Hex.decode(str);
        byte[] decode = Hex.decode(str2);
        byte[] copyOfRange = Arrays.copyOfRange(decode, 0, decode.length - 32);
        byte[] copyOfRange2 = Arrays.copyOfRange(decode, decode.length - 32, decode.length);
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(this.hmacSecretKey);
        if (!Arrays.areEqual(copyOfRange2, mac.doFinal(Arrays.concatenate(this.iv, copyOfRange)))) {
            throw new RuntimeException("Invalid authentication code: ciphertext may have been tampered with.");
        }
        this.decryptCipher.init(false, new ParametersWithIV(new KeyParameter(this.aesKey), this.iv));
        return new String(cipherData(this.decryptCipher, copyOfRange), UTF_8);
    }

    public String decryptSodium(String str, String str2) {
        return new String(this.box.decrypt(Hex.decode(str), Hex.decode(str2)));
    }

    public EncryptedMessage encrypt(String str) throws InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, UnsupportedEncodingException, InvalidCipherTextException, NoSuchAlgorithmException {
        this.iv = new byte[16];
        this.random.nextBytes(this.iv);
        this.encryptCipher.init(true, new ParametersWithIV(new KeyParameter(this.aesKey), this.iv));
        byte[] cipherData = cipherData(this.encryptCipher, str.getBytes(UTF_8));
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(this.hmacSecretKey);
        byte[] concatenate = Arrays.concatenate(cipherData, mac.doFinal(Arrays.concatenate(this.iv, cipherData)));
        EncryptedMessage encryptedMessage = new EncryptedMessage();
        encryptedMessage.ciphertext = Hex.encode(concatenate);
        encryptedMessage.iv = Hex.encode(this.iv);
        encryptedMessage.salt = Hex.encode(this.salt);
        encryptedMessage.iterations = this.iterations;
        return encryptedMessage;
    }

    public static String decrypt(String str, EncryptedMessage encryptedMessage) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, NoSuchPaddingException, InvalidAlgorithmParameterException, BadPaddingException, IllegalBlockSizeException, NoSuchProviderException, UnsupportedEncodingException, InvalidCipherTextException {
        Mode mode;
        if (encryptedMessage.iv != null) {
            mode = Mode.AES;
        } else {
            if (encryptedMessage.nonce == null) {
                throw new NoSuchAlgorithmException();
            }
            mode = Mode.SODIUM;
        }
        return new PassphraseBox(str, encryptedMessage.salt, encryptedMessage.iterations, mode).decrypt(encryptedMessage.iv, encryptedMessage.nonce, encryptedMessage.ciphertext);
    }

    public static EncryptedMessage encrypt(String str, String str2) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, NoSuchPaddingException, InvalidAlgorithmParameterException, BadPaddingException, IllegalBlockSizeException, NoSuchProviderException, UnsupportedEncodingException, InvalidCipherTextException {
        return new PassphraseBox(str, null, 0, Mode.AES).encrypt(str2);
    }

    static {
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
    }
}
