package com.google.android.apps.sidekick;

import android.content.SharedPreferences;
import android.util.Base64;
import android.util.Log;
import com.google.android.apps.sidekick.inject.SignedCipherHelper;
import com.google.android.searchcommon.GsaPreferenceController;
import com.google.android.searchcommon.preferences.SharedPreferencesExt;
import com.google.common.base.Preconditions;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class SignedCipherHelperImpl implements SignedCipherHelper {
    private static final String TAG = Tag.getTag(SignedCipherHelperImpl.class);
    private boolean mIsInitialized;
    private KeyPair mKeyPair;
    private final Object mLock = new Object();
    private final GsaPreferenceController mPrefController;
    private SecureRandom mSecureRandom;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class KeyPair {
        private final SecretKeySpec mHmacKey;
        private final SecretKeySpec mSecretKey;

        KeyPair(byte[] bArr, byte[] bArr2) {
            this.mSecretKey = new SecretKeySpec(bArr, "AES");
            this.mHmacKey = new SecretKeySpec(bArr2, "HmacSHA1");
        }
    }

    public SignedCipherHelperImpl(GsaPreferenceController gsaPreferenceController) {
        this.mPrefController = gsaPreferenceController;
    }

    private static byte[] generateHmacBytes(byte[] bArr, SecretKeySpec secretKeySpec) throws GeneralSecurityException {
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(secretKeySpec);
        mac.update(Base64.encode(bArr, 3));
        return mac.doFinal();
    }

    private KeyPair generateKeyPairLocked(SharedPreferences sharedPreferences) {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            SecretKey generateKey = keyGenerator.generateKey();
            SecretKey generateKey2 = keyGenerator.generateKey();
            String encodeToString = Base64.encodeToString(generateKey.getEncoded(), 3);
            String encodeToString2 = Base64.encodeToString(generateKey2.getEncoded(), 3);
            SharedPreferences.Editor edit = sharedPreferences.edit();
            edit.putString("winston", encodeToString);
            edit.putString("wolf", encodeToString2);
            edit.apply();
            return new KeyPair(generateKey.getEncoded(), generateKey2.getEncoded());
        } catch (NoSuchAlgorithmException e) {
            Log.e(TAG, "Cannot create KeyGenerator for AES");
            return null;
        }
    }

    private void maybeInitKeysLocked() {
        SecureRandom secureRandom;
        if (this.mIsInitialized) {
            return;
        }
        SharedPreferencesExt mainPreferences = this.mPrefController.getMainPreferences();
        KeyPair readKeyPairFromPrefsLocked = readKeyPairFromPrefsLocked(mainPreferences);
        if (readKeyPairFromPrefsLocked == null) {
            readKeyPairFromPrefsLocked = generateKeyPairLocked(mainPreferences);
        }
        try {
            secureRandom = SecureRandom.getInstance("SHA1PRNG");
        } catch (NoSuchAlgorithmException e) {
            Log.e(TAG, "Cannot create SecureRandom for SHA1PRNG");
            readKeyPairFromPrefsLocked = null;
            secureRandom = null;
        }
        this.mKeyPair = readKeyPairFromPrefsLocked;
        this.mSecureRandom = secureRandom;
        this.mIsInitialized = true;
    }

    private KeyPair readKeyPairFromPrefsLocked(SharedPreferences sharedPreferences) {
        String string = sharedPreferences.getString("winston", null);
        String string2 = sharedPreferences.getString("wolf", null);
        if (string == null || string2 == null) {
            return null;
        }
        try {
            return new KeyPair(Base64.decode(string, 3), Base64.decode(string2, 3));
        } catch (IllegalArgumentException e) {
            sharedPreferences.edit().remove("winston").remove("wolf").apply();
            Log.w(TAG, "Failed to read keys successfully; clearing old ones");
            return null;
        }
    }

    @Override // com.google.android.apps.sidekick.inject.SignedCipherHelper
    public byte[] decryptBytes(byte[] bArr) {
        byte[] bArr2 = null;
        Preconditions.checkNotNull(bArr);
        synchronized (this.mLock) {
            maybeInitKeysLocked();
            if (this.mKeyPair == null) {
                Log.w(TAG, "No key pair");
            } else {
                KeyPair keyPair = this.mKeyPair;
                try {
                    int length = (bArr.length - 16) - 20;
                    if (length < 0) {
                        Log.e(TAG, "Failed to decrypt: bad data");
                    } else {
                        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
                        byte[] bArr3 = new byte[16];
                        byte[] bArr4 = new byte[20];
                        byte[] bArr5 = new byte[length];
                        if (byteArrayInputStream.read(bArr3) != bArr3.length || byteArrayInputStream.read(bArr4) != bArr4.length || byteArrayInputStream.read(bArr5) != bArr5.length) {
                            Log.e(TAG, "Could not parse encrypted data");
                        } else if (Arrays.equals(generateHmacBytes(bArr5, keyPair.mHmacKey), bArr4)) {
                            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr3);
                            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                            cipher.init(2, keyPair.mSecretKey, ivParameterSpec);
                            bArr2 = cipher.doFinal(bArr5);
                        } else {
                            Log.e(TAG, "Signature mismatch");
                        }
                    }
                } catch (IOException e) {
                    Log.e(TAG, "Failed to decrypt", e);
                } catch (GeneralSecurityException e2) {
                    Log.e(TAG, "Failed to decrypt", e2);
                }
            }
        }
        return bArr2;
    }

    @Override // com.google.android.apps.sidekick.inject.SignedCipherHelper
    public byte[] encryptBytes(byte[] bArr) {
        Preconditions.checkNotNull(bArr);
        synchronized (this.mLock) {
            maybeInitKeysLocked();
            if (this.mKeyPair == null) {
                Log.w(TAG, "No key pair");
                return null;
            }
            KeyPair keyPair = this.mKeyPair;
            SecureRandom secureRandom = this.mSecureRandom;
            try {
                byte[] bArr2 = new byte[16];
                secureRandom.nextBytes(bArr2);
                IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
                Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                cipher.init(1, keyPair.mSecretKey, ivParameterSpec);
                byte[] doFinal = cipher.doFinal(bArr);
                byte[] generateHmacBytes = generateHmacBytes(doFinal, keyPair.mHmacKey);
                if (20 != generateHmacBytes.length) {
                    throw new IllegalStateException("hmac size unexpected");
                }
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                byteArrayOutputStream.write(bArr2);
                byteArrayOutputStream.write(generateHmacBytes);
                byteArrayOutputStream.write(doFinal);
                return byteArrayOutputStream.toByteArray();
            } catch (IOException e) {
                Log.e(TAG, "Failed to encrypt", e);
                return null;
            } catch (IllegalStateException e2) {
                Log.e(TAG, "Failed to encrypt", e2);
                return null;
            } catch (GeneralSecurityException e3) {
                Log.e(TAG, "Failed to encrypt", e3);
                return null;
            }
        }
    }
}
