package com.okta.android.auth.security;

import android.content.Context;
import com.okta.android.auth.data.IOUtils;
import com.okta.android.auth.util.LocaleUtil;
import com.okta.lib.android.common.annotation.ApplicationContext;
import com.okta.lib.android.common.utilities.Log;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStoreException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.Iterator;
import java.util.Locale;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.inject.Inject;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.cert.X509v3CertificateBuilder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes2.dex */
public abstract class PasswordGenerator implements Iterable {
    private static final int KEYSTORE_ENTROPY_BYTES = 1;
    private static final int KEYSTORE_KEY_SIZE = 256;
    private static final int KEYSTORE_KEY_SIZE_BYTES = 32;
    private static final String KEY_INDICATOR = "KEY0101";
    public static final String SYMMETRIC_CIPHER_ALGORITHM_MODE_PADDING = "AES/CBC/PKCS5Padding";
    private static final String TAG = "PasswordGenerator";

    @ApplicationContext
    @Inject
    Context context;
    private byte[] passwordPadding;

    /* loaded from: classes2.dex */
    public enum PaddingType {
        SERIAL { // from class: com.okta.android.auth.security.PasswordGenerator.PaddingType.1
            @Override // com.okta.android.auth.security.PasswordGenerator.PaddingType
            public String getIndicator() {
                return "";
            }
        },
        ANDROID_ID { // from class: com.okta.android.auth.security.PasswordGenerator.PaddingType.2
            @Override // com.okta.android.auth.security.PasswordGenerator.PaddingType
            public String getIndicator() {
                return "PT_aid";
            }
        };

        private static final String INDICATOR_KEY = "PT_";

        public abstract String getIndicator();
    }

    public static void fillWithRandomBytes(byte[] bArr) {
        new SecureRandom().nextBytes(bArr);
    }

    private byte[] getPadding() {
        byte[] bArr = this.passwordPadding;
        if (bArr != null) {
            return bArr;
        }
        byte[] bArr2 = new byte[31];
        byte[] paddingBytes = getPaddingBytes();
        System.arraycopy(paddingBytes, 0, bArr2, 0, Math.min(31, paddingBytes.length));
        this.passwordPadding = bArr2;
        return bArr2;
    }

    private byte[] getPaddingBytes() {
        String paddingString = getPaddingString();
        try {
            return IOUtils.decodeBase64(paddingString);
        } catch (IllegalArgumentException unused) {
            Log.w(TAG, "Failed to decode to base-64: " + paddingString);
            return IOUtils.decodeBase64(IOUtils.getBase64String(paddingString));
        }
    }

    public String bruteForcePredictablePassword(String str) throws GeneralSecurityException {
        byte[] decrypt;
        Iterator<byte[]> it = iterator();
        byte[] decodeBase64 = IOUtils.decodeBase64(str);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        int blockSize = cipher.getBlockSize();
        byte[] bArr = new byte[blockSize];
        System.arraycopy(decodeBase64, 0, bArr, 0, blockSize);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
        int length = decodeBase64.length - blockSize;
        byte[] bArr2 = new byte[length];
        System.arraycopy(decodeBase64, blockSize, bArr2, 0, length);
        while (it.hasNext()) {
            try {
                decrypt = KeyPairManager.decrypt(bArr2, ivParameterSpec, cipher, generateKey(it.next()));
            } catch (BadPaddingException unused) {
            }
            if (IOUtils.encodeToDefaultCharset(decrypt).startsWith(KEY_INDICATOR)) {
                byte[] bytes = KEY_INDICATOR.getBytes();
                int length2 = decrypt.length - bytes.length;
                byte[] bArr3 = new byte[length2];
                System.arraycopy(decrypt, bytes.length, bArr3, 0, length2);
                return IOUtils.encodeBase64(bArr3);
            }
        }
        throw new KeyStoreException("Failed to generate keystore password");
    }

    public String encryptPasswordToString(byte[] bArr) throws GeneralSecurityException {
        SecretKey generateKey = generateKey(generatePredictablePassword());
        byte[] bytes = KEY_INDICATOR.getBytes();
        ByteBuffer allocate = ByteBuffer.allocate(bytes.length + bArr.length);
        allocate.put(bytes);
        allocate.put(bArr);
        return IOUtils.encodeBase64(KeyPairManager.encrypt(allocate.array(), generateKey));
    }

    public X509Certificate generateCertificate(KeyPair keyPair, String str) throws OperatorCreationException, CertificateException {
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        calendar.add(1, 5);
        Date time2 = calendar.getTime();
        SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(keyPair.getPublic().getEncoded()));
        Locale currentLocale = LocaleUtil.getCurrentLocale();
        LocaleUtil.setEnglishLocale(this.context);
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name("CN=com.okta.android.auth"), BigInteger.ONE, time, time2, new X500Name("CN=" + str), subjectPublicKeyInfo);
        LocaleUtil.setLocale(this.context, currentLocale);
        return new JcaX509CertificateConverter().setProvider("CCJ").getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("CCJ").build(keyPair.getPrivate())));
    }

    public SecretKey generateKey(byte[] bArr) {
        return new SecretKeySpec(bArr, "AES/CBC/PKCS5Padding");
    }

    public byte[] generatePredictablePassword() {
        byte[] bArr = new byte[1];
        fillWithRandomBytes(bArr);
        return generatePredictablePassword(bArr);
    }

    public byte[] generatePredictablePassword(byte[] bArr) {
        if (bArr == null || bArr.length > 32) {
            throw new IllegalArgumentException();
        }
        ByteBuffer allocate = ByteBuffer.allocate(32);
        allocate.put(bArr);
        if (bArr.length < 32) {
            allocate.put(getPadding());
        }
        return allocate.array();
    }

    public byte[] generateRandomPassword() {
        byte[] bArr = new byte[32];
        fillWithRandomBytes(bArr);
        return bArr;
    }

    protected abstract String getPaddingString();

    public abstract PaddingType getPaddingType();

    @Override // java.lang.Iterable
    public Iterator<byte[]> iterator() {
        return new Iterator<byte[]>() { // from class: com.okta.android.auth.security.PasswordGenerator.1
            private final long entropyMax = (int) Math.pow(2.0d, 8.0d);
            private long entropyCount = 0;

            @Override // java.util.Iterator
            public boolean hasNext() {
                return this.entropyCount < this.entropyMax;
            }

            @Override // java.util.Iterator
            public byte[] next() {
                byte[] bArr = new byte[1];
                for (int i = 0; i < 1; i++) {
                    bArr[i] = (byte) (this.entropyCount >> (((1 - i) - 1) * 8));
                }
                this.entropyCount++;
                return PasswordGenerator.this.generatePredictablePassword(bArr);
            }

            @Override // java.util.Iterator
            public void remove() {
                throw new UnsupportedOperationException();
            }
        };
    }
}
