package com.blizzard.mobile.auth.internal.security;

import android.util.Base64;
import com.blizzard.mobile.auth.internal.utils.Logger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Random;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class TassadarCodeVerifier implements CodeVerifier {
    private static final String CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
    private static final int CODE_VERIFIER_VERSION = 1;
    private static final int CODE_VERIFIER_VERSION_OFFSET = 0;
    private static final int DEFAULT_NONCE_BYTE_SIZE = 64;
    private static final String DIGEST_ALGORITHM = "SHA-256";
    private static final int IV_LENGTH = 16;
    private static final String KEYSPEC_ALGORITHM = "AES";
    private static final int KEY_LENGTH = 32;
    private static final int MAX_NONCE_BYTES = 96;
    private static final int MIN_NONCE_BYTES = 31;
    public static final String TAG = "TassadarCodeVerifier";
    private static final int VERSION_LENGTH = 1;
    private byte[] nonceBytes;
    private final int nonceSize;
    private String nonceUrlSafe;
    private Random random;

    public TassadarCodeVerifier() {
        this(new SecureRandom(), 64);
    }

    public TassadarCodeVerifier(Random random) {
        this(random, 64);
    }

    public TassadarCodeVerifier(Random random, int i) {
        this.random = random;
        this.nonceSize = i;
        generateNonce();
    }

    public TassadarCodeVerifier(byte[] bArr) {
        this.nonceBytes = bArr;
        this.nonceSize = bArr.length;
        this.nonceUrlSafe = base64UrlEncodeNonce(bArr);
    }

    private String base64UrlEncodeNonce(byte[] bArr) {
        return Base64.encodeToString(bArr, 9);
    }

    public static TassadarCodeVerifier fromNonceBytes(byte[] bArr) {
        return new TassadarCodeVerifier(bArr);
    }

    private byte[] generateNonce(Random random, int i) throws IllegalArgumentException {
        if (i < 31 || i > 96) {
            throw new IllegalArgumentException("Nonce byte size is outsize the allowed range (31-96)");
        }
        byte[] bArr = new byte[i];
        random.nextBytes(bArr);
        return bArr;
    }

    @Override // com.blizzard.mobile.auth.internal.security.CodeVerifier
    public String decrypt(String str) throws NoSuchAlgorithmException, NoSuchPaddingException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException {
        return decrypt(str, this.nonceBytes);
    }

    String decrypt(String str, byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException {
        Logger.verbose(TAG, "Decrypting\npayload: " + str + "\nnonceBytes: " + bArr + "\nnonceString: " + this.nonceUrlSafe);
        byte[] decode = Base64.decode(str, 9);
        byte b = decode[0];
        if (b != 1) {
            throw new SecurityException("Code Verifier version (1) does not match payload version (" + ((int) b) + ")");
        }
        byte[] bArr2 = new byte[16];
        System.arraycopy(decode, 1, bArr2, 0, 16);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
        int length = (decode.length - 16) - 1;
        byte[] bArr3 = new byte[length];
        System.arraycopy(decode, 17, bArr3, 0, length);
        byte[] bArr4 = new byte[32];
        MessageDigest messageDigest = MessageDigest.getInstance(DIGEST_ALGORITHM);
        messageDigest.update(bArr);
        System.arraycopy(messageDigest.digest(), 0, bArr4, 0, 32);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr4, KEYSPEC_ALGORITHM);
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
        cipher.init(2, secretKeySpec, ivParameterSpec);
        return new String(cipher.doFinal(bArr3));
    }

    @Override // com.blizzard.mobile.auth.internal.security.CodeVerifier
    public void generateNonce() {
        byte[] generateNonce = generateNonce(this.random, this.nonceSize);
        this.nonceBytes = generateNonce;
        this.nonceUrlSafe = base64UrlEncodeNonce(generateNonce);
    }

    @Override // com.blizzard.mobile.auth.internal.security.CodeVerifier
    public String getNonce() {
        return this.nonceUrlSafe;
    }

    @Override // com.blizzard.mobile.auth.internal.security.CodeVerifier
    public byte[] getNonceBytes() {
        return this.nonceBytes;
    }

    public String toString() {
        return "TassadarCodeVerifier{nonceUrlSafe='" + this.nonceUrlSafe + "', nonceBytes=" + Arrays.toString(this.nonceBytes) + ", random=" + this.random + ", nonceSize=" + this.nonceSize + '}';
    }
}
