package com.concur.mobile.security.crypto.impl;

import com.concur.mobile.security.crypto.CryptoException;
import com.concur.mobile.security.crypto.CryptoService;
import com.concur.mobile.security.crypto.KeyNotAvailableException;
import com.concur.mobile.security.crypto.KeyVault;
import com.google.firebase.analytics.FirebaseAnalytics;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Collection;
import java.util.List;
import javax.crypto.Cipher;
import kotlin.Metadata;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.ranges.RangesKt;
import kotlin.text.StringsKt;
import org.spongycastle.crypto.engines.AESEngine;
import org.spongycastle.crypto.modes.CBCBlockCipher;
import org.spongycastle.crypto.paddings.PKCS7Padding;
import org.spongycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.spongycastle.crypto.params.KeyParameter;
import org.spongycastle.crypto.params.ParametersWithIV;
import org.spongycastle.jce.provider.BouncyCastleProvider;

/* compiled from: CryptoService.kt */
@Metadata(d1 = {"\u0000J\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0010\u0012\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0005\u0018\u00002\u00020\u0001B\u000f\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0010\u0010\u0007\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\nH\u0016J\u0018\u0010\u0007\u001a\u00020\u000b2\u0006\u0010\t\u001a\u00020\n2\u0006\u0010\f\u001a\u00020\rH\u0016J\u0010\u0010\u0007\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u000eH\u0016J\u0010\u0010\u0007\u001a\u00020\u00062\u0006\u0010\u0010\u001a\u00020\u0006H\u0016J\u0010\u0010\u0011\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u000eH\u0016J\u0018\u0010\u0012\u001a\u00020\u000b2\u0006\u0010\t\u001a\u00020\n2\u0006\u0010\f\u001a\u00020\rH\u0016J\u0010\u0010\u0012\u001a\u00020\u00132\u0006\u0010\f\u001a\u00020\rH\u0016J\u0010\u0010\u0012\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u000eH\u0016J\u0010\u0010\u0012\u001a\u00020\u00062\u0006\u0010\u0014\u001a\u00020\u0006H\u0016J\u0010\u0010\u0015\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u000eH\u0016J\b\u0010\u0016\u001a\u00020\u0017H\u0002J\b\u0010\u0018\u001a\u00020\u0019H\u0002J\b\u0010\u001a\u001a\u00020\u000eH\u0002J \u0010\u001b\u001a\u00020\u000e2\u0006\u0010\u001c\u001a\u00020\u000e2\u0006\u0010\u001d\u001a\u00020\u00172\u0006\u0010\u0012\u001a\u00020\u0019H\u0002R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u001e"}, d2 = {"Lcom/concur/mobile/security/crypto/impl/CryptoServiceImpl;", "Lcom/concur/mobile/security/crypto/CryptoService;", "vault", "Lcom/concur/mobile/security/crypto/KeyVault;", "(Lcom/concur/mobile/security/crypto/KeyVault;)V", "tag", "", "decrypt", "Lcom/concur/mobile/security/crypto/impl/CryptoInputStream;", "input", "Ljava/io/InputStream;", "", "output", "Ljava/io/OutputStream;", "", "data", "encryptedString", "decryptRSA", "encrypt", "Lcom/concur/mobile/security/crypto/impl/CryptoOutputStream;", "string", "encryptRSA", "getCipher", "Ljavax/crypto/Cipher;", "isOracle", "", "ivBytes", "processChunkedData", FirebaseAnalytics.Param.SOURCE, "cipher", "security-sdk_release"})
/* loaded from: classes4.dex */
public final class CryptoServiceImpl implements CryptoService {
    private final String tag;
    private final KeyVault vault;

    public CryptoServiceImpl(KeyVault vault) {
        Intrinsics.checkParameterIsNotNull(vault, "vault");
        this.vault = vault;
        this.tag = "CryptoService";
    }

    private final Cipher getCipher() {
        if (isOracle()) {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            Intrinsics.checkExpressionValueIsNotNull(cipher, "Cipher.getInstance(\"RSA/ECB/PKCS1Padding\")");
            return cipher;
        }
        Cipher cipher2 = Cipher.getInstance("RSA/None/PKCS1Padding", BouncyCastleProvider.PROVIDER_NAME);
        Intrinsics.checkExpressionValueIsNotNull(cipher2, "Cipher.getInstance(\"RSA/…leProvider.PROVIDER_NAME)");
        return cipher2;
    }

    private final boolean isOracle() {
        String property = System.getProperty("java.vendor");
        Intrinsics.checkExpressionValueIsNotNull(property, "System.getProperty(\"java.vendor\")");
        return StringsKt.contains$default((CharSequence) property, (CharSequence) "Oracle", false, 2, (Object) null);
    }

    private final byte[] ivBytes() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private final byte[] processChunkedData(byte[] bArr, Cipher cipher, boolean z) {
        List emptyList = CollectionsKt.emptyList();
        int blockSize = cipher.getBlockSize();
        if (z) {
            blockSize -= 11;
        }
        int i = 0;
        while (i < bArr.length) {
            int i2 = i + blockSize;
            byte[] resultChunk = cipher.doFinal(CollectionsKt.toByteArray(ArraysKt.slice(bArr, RangesKt.until(i, Math.min(i2, bArr.length)))));
            Intrinsics.checkExpressionValueIsNotNull(resultChunk, "resultChunk");
            emptyList = CollectionsKt.plus((Collection) emptyList, (Object[]) ArraysKt.toTypedArray(resultChunk));
            i = i2;
        }
        return CollectionsKt.toByteArray(emptyList);
    }

    @Override // com.concur.mobile.security.crypto.CryptoService
    public CryptoInputStream decrypt(InputStream input) {
        Intrinsics.checkParameterIsNotNull(input, "input");
        PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), new PKCS7Padding());
        byte[] bArr = new byte[16];
        input.read(bArr);
        paddedBufferedBlockCipher.init(false, new ParametersWithIV(new KeyParameter(this.vault.aesKey()), bArr));
        return new CryptoInputStream(input, paddedBufferedBlockCipher);
    }

    @Override // com.concur.mobile.security.crypto.CryptoService
    public byte[] decrypt(byte[] data) {
        Intrinsics.checkParameterIsNotNull(data, "data");
        try {
            byte[] sliceArray = ArraysKt.sliceArray(data, RangesKt.until(0, 16));
            PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), new PKCS7Padding());
            paddedBufferedBlockCipher.init(false, new ParametersWithIV(new KeyParameter(this.vault.aesKey()), sliceArray));
            byte[] bArr = new byte[paddedBufferedBlockCipher.getOutputSize(data.length - 16)];
            int processBytes = paddedBufferedBlockCipher.processBytes(data, 16, data.length - 16, bArr, 0);
            return ArraysKt.sliceArray(bArr, RangesKt.until(0, processBytes + paddedBufferedBlockCipher.doFinal(bArr, processBytes)));
        } catch (Throwable th) {
            throw new CryptoException(th);
        }
    }

    @Override // com.concur.mobile.security.crypto.CryptoService
    public byte[] decryptRSA(byte[] data) {
        Intrinsics.checkParameterIsNotNull(data, "data");
        byte[] rsaPrivateKey = this.vault.rsaPrivateKey();
        if (rsaPrivateKey == null) {
            throw new KeyNotAvailableException();
        }
        try {
            PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(rsaPrivateKey));
            Cipher cipher = getCipher();
            cipher.init(2, generatePrivate);
            if (!isOracle()) {
                return processChunkedData(data, cipher, false);
            }
            byte[] doFinal = cipher.doFinal(data);
            Intrinsics.checkExpressionValueIsNotNull(doFinal, "cipher.doFinal(data)");
            return doFinal;
        } catch (Throwable th) {
            throw new CryptoException(th);
        }
    }

    @Override // com.concur.mobile.security.crypto.CryptoService
    public CryptoOutputStream encrypt(OutputStream output) {
        Intrinsics.checkParameterIsNotNull(output, "output");
        PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), new PKCS7Padding());
        byte[] ivBytes = ivBytes();
        paddedBufferedBlockCipher.init(true, new ParametersWithIV(new KeyParameter(this.vault.aesKey()), ivBytes));
        output.write(ivBytes);
        return new CryptoOutputStream(output, paddedBufferedBlockCipher);
    }

    @Override // com.concur.mobile.security.crypto.CryptoService
    public byte[] encryptRSA(byte[] data) {
        Intrinsics.checkParameterIsNotNull(data, "data");
        byte[] rsaPublicKey = this.vault.rsaPublicKey();
        if (rsaPublicKey.length == 0) {
            throw new KeyNotAvailableException();
        }
        try {
            PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(rsaPublicKey));
            Cipher cipher = getCipher();
            cipher.init(1, generatePublic);
            if (!isOracle()) {
                return processChunkedData(data, cipher, true);
            }
            byte[] doFinal = cipher.doFinal(data);
            Intrinsics.checkExpressionValueIsNotNull(doFinal, "cipher.doFinal(data)");
            return doFinal;
        } catch (Throwable th) {
            throw new CryptoException(th);
        }
    }
}
