package com.okta.android.security.keys.tool;

import com.okta.android.security.keys.KeyUtils;
import com.okta.lib.android.common.utilities.CommonUtil;
import com.okta.lib.android.common.utilities.Log;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.SecureRandom;
import java.util.Iterator;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.inject.Inject;

/* loaded from: classes2.dex */
public class PasswordGenerator implements Iterable {
    private static final int KEYSTORE_ENTROPY_BYTES = 1;
    private static final int KEYSTORE_KEY_SIZE = 256;
    private static final int KEYSTORE_KEY_SIZE_BYTES = 32;
    private static final String KEY_INDICATOR = "KEY0101";
    public static final String SYMMETRIC_CIPHER_ALGORITHM_MODE_PADDING = "AES/CBC/PKCS5Padding";
    public static final String SYMMETRIC_KEYGEN_ALGORITHM = "AES";
    private static final String TAG = "PasswordGenerator";
    private static byte[] passwordPadding;
    private final CommonUtil commonUtil;
    private final KeyUtils keyUtils;

    @Inject
    public PasswordGenerator(CommonUtil commonUtil, KeyUtils keyUtils) {
        this.commonUtil = commonUtil;
        this.keyUtils = keyUtils;
    }

    private static void fillWithRandomBytes(byte[] bArr) {
        new SecureRandom().nextBytes(bArr);
    }

    private SecretKey generateKey(byte[] bArr) {
        return new SecretKeySpec(bArr, "AES");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] generatePredictablePassword(byte[] bArr) {
        if (bArr == null || bArr.length > 32) {
            throw new IllegalArgumentException();
        }
        ByteBuffer allocate = ByteBuffer.allocate(32);
        allocate.put(bArr);
        if (bArr.length < 32) {
            allocate.put(getPadding());
        }
        return allocate.array();
    }

    private byte[] getPadding() {
        byte[] decodeBase64;
        byte[] bArr = passwordPadding;
        if (bArr != null) {
            return bArr;
        }
        byte[] bArr2 = new byte[31];
        String androidId = this.commonUtil.getAndroidId();
        try {
            decodeBase64 = this.keyUtils.decodeBase64(androidId);
        } catch (IllegalArgumentException unused) {
            Log.d(TAG, "failed to decode to base-64: " + androidId);
            decodeBase64 = this.keyUtils.decodeBase64(this.keyUtils.getBase64String(androidId));
        }
        System.arraycopy(decodeBase64, 0, bArr2, 0, Math.min(31, decodeBase64.length));
        passwordPadding = bArr2;
        return bArr2;
    }

    public String bruteForcePredictablePassword(String str) throws GeneralSecurityException {
        byte[] decrypt;
        Iterator<byte[]> it = iterator();
        byte[] decodeBase64 = this.keyUtils.decodeBase64(str);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        int blockSize = cipher.getBlockSize();
        byte[] bArr = new byte[blockSize];
        System.arraycopy(decodeBase64, 0, bArr, 0, blockSize);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
        int length = decodeBase64.length - blockSize;
        byte[] bArr2 = new byte[length];
        System.arraycopy(decodeBase64, blockSize, bArr2, 0, length);
        while (it.hasNext()) {
            try {
                decrypt = this.keyUtils.decrypt(bArr2, ivParameterSpec, cipher, generateKey(it.next()));
            } catch (BadPaddingException unused) {
            }
            if (this.keyUtils.encodeToDefaultCharset(decrypt).startsWith(KEY_INDICATOR)) {
                byte[] bytes = KEY_INDICATOR.getBytes();
                int length2 = decrypt.length - bytes.length;
                byte[] bArr3 = new byte[length2];
                System.arraycopy(decrypt, bytes.length, bArr3, 0, length2);
                return this.keyUtils.encodeBase64(bArr3);
            }
        }
        throw new KeyStoreException("Failed to generate keystore password");
    }

    public String encryptPasswordToString(byte[] bArr) throws GeneralSecurityException {
        SecretKey generateKey = generateKey(generatePredictablePassword());
        byte[] bytes = KEY_INDICATOR.getBytes();
        ByteBuffer allocate = ByteBuffer.allocate(bytes.length + bArr.length);
        allocate.put(bytes);
        allocate.put(bArr);
        return this.keyUtils.encodeBase64(this.keyUtils.encrypt(allocate.array(), generateKey));
    }

    public byte[] generatePredictablePassword() {
        byte[] bArr = new byte[1];
        fillWithRandomBytes(bArr);
        return generatePredictablePassword(bArr);
    }

    public byte[] generateRandomPassword() {
        byte[] bArr = new byte[32];
        fillWithRandomBytes(bArr);
        return bArr;
    }

    @Override // java.lang.Iterable
    public Iterator<byte[]> iterator() {
        return new Iterator<byte[]>() { // from class: com.okta.android.security.keys.tool.PasswordGenerator.1
            private final long entropyMax = (int) Math.pow(2.0d, 8.0d);
            private long entropyCount = 0;

            @Override // java.util.Iterator
            public boolean hasNext() {
                return this.entropyCount < this.entropyMax;
            }

            @Override // java.util.Iterator
            public byte[] next() {
                byte[] bArr = new byte[1];
                for (int i = 0; i < 1; i++) {
                    bArr[i] = (byte) (this.entropyCount >> (((1 - i) - 1) * 8));
                }
                this.entropyCount++;
                return PasswordGenerator.this.generatePredictablePassword(bArr);
            }

            @Override // java.util.Iterator
            public void remove() {
                throw new UnsupportedOperationException();
            }
        };
    }
}
