package com.zebra.scannercontrol.fipssupport;

import android.util.Log;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import de.microsensys.protocoldefinitions.CMDGroup_3000;
import de.microsensys.protocoldefinitions.CMDGroup_LEGIC;
import de.microsensys.protocoldefinitions.CMDGroup_v4;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.jvm.internal.ByteCompanionObject;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.engines.RFC5649WrapEngine;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: classes2.dex */
public class Crypto {
    private static final byte AES_BLOCK_SIZE = 16;
    private static final String KEY_STORE_ALIAS = "Key_Store_Alias";
    private static final int MAX_MP_CIPHER_TEXT_LENGTH = 3072;
    private SecretKeySpec accessKey;
    private Decryptor decryptor;
    private Cipher defaultKeyCipher;
    private SecretKeySpec defaultSharedKey;
    private byte[] encryptedSharedKey;
    private Encryptor encryptor;
    private Cipher keyCipher;
    private int keySize;
    private SecureRandom secureRandom;
    SecretKeySpec sharedKey;
    public byte[] shared_key;
    private static final byte[] default_shared_key = {CMDGroup_3000.ISO15693_LockBlock, 24, -87, CMDGroup_3000.PICO_ReadUID, CMDGroup_3000.MIFARE_WriteBlock, CMDGroup_3000.iID_G_ReadROC, -102, -83, CMDGroup_LEGIC.GET_INFO, CMDGroup_3000.WriteEEPROM_Ext, 110, -98, -10, -126, CMDGroup_3000.iID_G_ReadBlock16, ByteCompanionObject.MAX_VALUE, 60, -35, -8, 10, 88, -62, 61, -77, CMDGroup_3000.iID_L_ReadBlock64, 123, CMDGroup_3000.iID_L_ReadBlock128, -82, 40, CMDGroup_3000.iID_L_GetSensor, 45, -69};
    private static final byte[] default_aes_key = {-36, CMDGroup_3000.ISO15693_ReadBlockAddressed, -66, 64, -66, CMDGroup_LEGIC.SET_MASTER_DATA_TIMEOUT, 83, CMDGroup_3000.LEGIC_ReadUID, 47, CMDGroup_3000.ISO15693_Transparent, 43, CMDGroup_3000.SetAutoOff, CMDGroup_3000.MIFARE_WriteBlock, CMDGroup_v4.LEGIC, 114, 9};
    private static final byte[] access_key = {CMDGroup_3000.iID_L_ReadIn2, -16, 41, CMDGroup_3000.ReadEEPROM_Ext, 0, -48, -96, -31, CMDGroup_v4.LEGIC, 2, -97, -27, CMDGroup_3000.iID_L_ReadBlock128, -16, 41, CMDGroup_3000.ReadEEPROM_Ext};
    public static String keyUnwrapFailed = "Key unwrap failed : ";
    public static String keyUnwrapSuccess = "Key unwrap success : ";
    public static String keyUnwrapFailedWithCipherMisMatch = "Wrapped Key does match with NIST Cipher text";
    public static String keyUnwrapFailedWithDataMisMatch = "Decrypted Key Data is not matched with initial key data";
    public static String keyUnwrapFailedWithInvalidSharedKey = "Invalid shared key";
    public static String keyUnwrapSuccessWithDecryptDataMatched = "Key Data is matched after encryption and decryption";
    private Cipher dataCipher = null;
    private SecretKeySpec aesKey = null;
    private byte[] aes_key = null;
    private byte[] scanners_shared_key = new byte[32];
    private final String aesCipherModeCBC = "AES/CBC/NoPadding";
    private final String algorithmType = "AES";
    private final String applicationSharedKeyStatus = "Application shared key: ";
    private final String applicationSharedKeyStatusDefault = AuthenticationConstants.Broker.ACCOUNT_DEFAULT_NAME;

    public Crypto(int i) {
        this.shared_key = null;
        this.sharedKey = null;
        this.defaultKeyCipher = null;
        this.keyCipher = null;
        this.accessKey = null;
        this.secureRandom = null;
        this.keySize = i;
        try {
            this.defaultKeyCipher = Cipher.getInstance("AES/CBC/NoPadding");
            if (i == 256) {
                this.defaultSharedKey = new SecretKeySpec(default_shared_key, "AES");
            }
            IvParameterSpec ivParameterSpec = new IvParameterSpec(new byte[16]);
            this.defaultKeyCipher.init(2, this.defaultSharedKey, ivParameterSpec);
            byte[] bArr = this.encryptedSharedKey;
            if (bArr != null && bArr.length > 0) {
                byte[] decryptData = this.decryptor.decryptData(KEY_STORE_ALIAS, this.encryptor.getEncryptionData(), this.encryptor.getInitializationVector());
                Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
                SecretKeySpec secretKeySpec = new SecretKeySpec(access_key, "AES");
                this.accessKey = secretKeySpec;
                cipher.init(2, secretKeySpec);
                this.shared_key = cipher.doFinal(decryptData);
                this.keyCipher = Cipher.getInstance("AES/CBC/NoPadding");
                SecretKeySpec secretKeySpec2 = new SecretKeySpec(this.shared_key, "AES");
                this.sharedKey = secretKeySpec2;
                this.keyCipher.init(2, secretKeySpec2, ivParameterSpec);
            }
            if (this.shared_key == null) {
                byte[] bArr2 = new byte[i / 8];
                this.shared_key = bArr2;
                byte[] bArr3 = default_shared_key;
                System.arraycopy(bArr3, 0, bArr2, 0, bArr3.length);
                this.keyCipher = Cipher.getInstance("AES/CBC/NoPadding");
                SecretKeySpec secretKeySpec3 = new SecretKeySpec(this.shared_key, "AES");
                this.sharedKey = secretKeySpec3;
                this.keyCipher.init(2, secretKeySpec3, ivParameterSpec);
            }
            this.secureRandom = new SecureRandom();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private byte[] addPadding(byte[] bArr) {
        byte length = (byte) (16 - (bArr.length % 16));
        if (length == 1) {
            length = (byte) (length + 16);
        }
        int length2 = bArr.length + length;
        byte[] bArr2 = new byte[length2];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        bArr2[length2 - 1] = length;
        return bArr2;
    }

    private byte[] checkKey(byte[] bArr, byte[] bArr2) {
        try {
            KeyParameter keyParameter = new KeyParameter(bArr);
            RFC5649WrapEngine rFC5649WrapEngine = new RFC5649WrapEngine(new AESEngine());
            rFC5649WrapEngine.init(false, keyParameter);
            return rFC5649WrapEngine.unwrap(bArr2, 0, bArr2.length);
        } catch (InvalidCipherTextException unused) {
            System.out.println("Key unwrap failed - invalid shared key\r\n");
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private byte[] decryptBlock(byte[] bArr) {
        Cipher cipher;
        if (bArr != null && (cipher = this.dataCipher) != null) {
            try {
                byte[] doFinal = cipher.doFinal(bArr);
                byte[] bArr2 = new byte[16];
                System.arraycopy(bArr, bArr.length - 16, bArr2, 0, 16);
                this.dataCipher.init(2, this.aesKey, new IvParameterSpec(bArr2));
                int i = doFinal[doFinal.length - 1] & 255;
                if (i <= 16 && i != 0) {
                    int length = doFinal.length - i;
                    byte[] bArr3 = new byte[length];
                    System.arraycopy(doFinal, 0, bArr3, 0, length);
                    return bArr3;
                }
                return null;
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        return null;
    }

    private byte[] generateKey(int i) {
        byte[] bArr = new byte[i / 8];
        this.secureRandom.nextBytes(bArr);
        return bArr;
    }

    public static String wrapAndUnwrap(String str, String str2, String str3) {
        try {
            byte[] decode = Hex.decode(str);
            byte[] decode2 = Hex.decode(str2);
            byte[] decode3 = Hex.decode(str3);
            KeyParameter keyParameter = new KeyParameter(decode);
            RFC5649WrapEngine rFC5649WrapEngine = new RFC5649WrapEngine(new AESEngine());
            rFC5649WrapEngine.init(true, keyParameter);
            byte[] wrap = rFC5649WrapEngine.wrap(decode2, 0, decode2.length);
            if (!Arrays.equals(wrap, decode3)) {
                Log.d("AES-KEY-WRAP", keyUnwrapFailed + keyUnwrapFailedWithCipherMisMatch);
                return keyUnwrapFailed + keyUnwrapFailedWithCipherMisMatch;
            }
            Log.d("AES-KEY-WRAP", keyUnwrapSuccess + "Wrapped Key match with NIST Cipher text");
            KeyParameter keyParameter2 = new KeyParameter(decode);
            new RFC5649WrapEngine(new AESEngine());
            rFC5649WrapEngine.init(false, keyParameter2);
            return Arrays.equals(decode2, rFC5649WrapEngine.unwrap(wrap, 0, wrap.length)) ? keyUnwrapSuccess + keyUnwrapSuccessWithDecryptDataMatched : keyUnwrapFailed + keyUnwrapFailedWithDataMisMatch;
        } catch (RuntimeException unused) {
            return keyUnwrapFailed + keyUnwrapFailedWithInvalidSharedKey;
        } catch (Exception e) {
            e.printStackTrace();
            return keyUnwrapFailed;
        }
    }

    private byte[] wrapKey(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        try {
            KeyParameter keyParameter = new KeyParameter(default_shared_key);
            RFC5649WrapEngine rFC5649WrapEngine = new RFC5649WrapEngine(new AESEngine());
            rFC5649WrapEngine.init(true, keyParameter);
            return rFC5649WrapEngine.wrap(bArr, 0, bArr.length);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public byte[] decryptData(byte[] bArr) {
        if (bArr != null && bArr.length % 16 == 0) {
            byte[] bArr2 = new byte[bArr.length];
            int length = bArr.length;
            int i = 0;
            int i2 = 0;
            do {
                byte[] bArr3 = length >= MAX_MP_CIPHER_TEXT_LENGTH ? new byte[MAX_MP_CIPHER_TEXT_LENGTH] : new byte[length];
                System.arraycopy(bArr, i, bArr3, 0, bArr3.length);
                byte[] decryptBlock = decryptBlock(bArr3);
                if (decryptBlock != null) {
                    System.arraycopy(decryptBlock, 0, bArr2, i2, decryptBlock.length);
                    length -= bArr3.length;
                    i += bArr3.length;
                    i2 += decryptBlock.length;
                }
            } while (length > 0);
            byte[] bArr4 = new byte[i2];
            System.arraycopy(bArr2, 0, bArr4, 0, i2);
            return bArr4;
        }
        return null;
    }

    public boolean defaultAESKey() {
        byte[] bArr = this.aes_key;
        return bArr != null && Arrays.equals(bArr, default_aes_key);
    }

    public boolean defaultSharedKey() {
        byte[] bArr = this.scanners_shared_key;
        return bArr != null && Arrays.equals(bArr, default_shared_key);
    }

    public byte[] generateNewKey(int i) {
        return wrapKey(generateKey(i));
    }

    public String getAESKey() {
        byte[] bArr = this.aes_key;
        if (bArr != null) {
            return Utils.formatByteArray(bArr);
        }
        return null;
    }

    public int getKeySize() {
        return this.keySize;
    }

    public String getScannerSharedKey() {
        return Arrays.equals(this.scanners_shared_key, default_shared_key) ? "Application shared key: Default" : Utils.formatByteArray(this.scanners_shared_key);
    }

    public String getSharedKey() {
        return Arrays.equals(this.shared_key, default_shared_key) ? "Application shared key: Default" : "Application shared key: " + Utils.formatByteArray(this.shared_key);
    }

    public byte[] getSharedKeyEncrypted() {
        return wrapKey(this.shared_key);
    }

    public boolean setDefaultKey() {
        if (this.encryptedSharedKey.length > 0) {
            this.encryptedSharedKey = null;
        }
        byte[] bArr = default_shared_key;
        System.arraycopy(bArr, 0, this.shared_key, 0, bArr.length);
        try {
            this.keyCipher = Cipher.getInstance("AES/CBC/NoPadding");
            this.sharedKey = new SecretKeySpec(this.shared_key, "AES");
            this.keyCipher.init(2, this.sharedKey, new IvParameterSpec(new byte[16]));
        } catch (Exception e) {
            e.printStackTrace();
        }
        System.out.println("Application now uses default shared key");
        return true;
    }

    public boolean setKeyInfo(byte[] bArr, byte[] bArr2) {
        try {
            byte[] bArr3 = default_shared_key;
            byte[] checkKey = checkKey(bArr3, bArr);
            this.aes_key = checkKey;
            if (checkKey == null) {
                System.out.println("Scanner does NOT use default shared key");
                byte[] checkKey2 = checkKey(this.shared_key, bArr);
                this.aes_key = checkKey2;
                if (checkKey2 != null) {
                    byte[] bArr4 = this.shared_key;
                    byte[] bArr5 = this.scanners_shared_key;
                    System.arraycopy(bArr4, 0, bArr5, 0, bArr5.length);
                }
            } else {
                System.out.println("Scanner uses default shared key");
                byte[] bArr6 = this.scanners_shared_key;
                System.arraycopy(bArr3, 0, bArr6, 0, bArr6.length);
            }
            if (this.aes_key != null) {
                this.aesKey = new SecretKeySpec(this.aes_key, "AES");
                this.dataCipher = Cipher.getInstance("AES/CBC/NoPadding");
                this.dataCipher.init(2, this.aesKey, new IvParameterSpec(bArr2));
                return true;
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        System.out.println("Crypto: return failure");
        return false;
    }

    public boolean setSharedKey() {
        this.shared_key = generateKey(this.keySize);
        try {
            this.keyCipher = null;
            this.keyCipher = Cipher.getInstance("AES/CBC/NoPadding");
            this.sharedKey = new SecretKeySpec(this.shared_key, "AES");
            this.keyCipher.init(2, this.sharedKey, new IvParameterSpec(new byte[16]));
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            SecretKeySpec secretKeySpec = new SecretKeySpec(access_key, "AES");
            this.accessKey = secretKeySpec;
            cipher.init(1, secretKeySpec);
            byte[] doFinal = cipher.doFinal(this.shared_key);
            if (doFinal != null) {
                this.encryptedSharedKey = this.encryptor.encryptData(KEY_STORE_ALIAS, doFinal);
            }
            return true;
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }
}
