package com.hrbl.mobile.android.security;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.GregorianCalendar;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.springframework.util.Assert;

/* loaded from: classes.dex */
public class HlKeyGenerator {
    public static final String ALGORITHM = "PBKDF2WithHmacSHA1";
    private Cipher unwrappingCipher;
    private Cipher wrappingCipher;
    private static final Integer ITERATIONS = 800;
    private static final Integer DEFAULT_CERT_DURATION_YEARS = 100;
    private static byte[] salt = new byte[8];

    public static byte[] getSalt() {
        try {
            SecureRandom.getInstance("SHA1PRNG").nextBytes(salt);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        return salt;
    }

    public SecretKey generateKey(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return generateKey(str, 256);
    }

    public SecretKey generateKey(String str, int i) throws NoSuchAlgorithmException, InvalidKeySpecException {
        Assert.isTrue(i > 128, "Output length to small, 128 is the smallest allowed");
        return new SecretKeySpec(SecretKeyFactory.getInstance(ALGORITHM).generateSecret(new PBEKeySpec(str.toCharArray(), getSalt(), ITERATIONS.intValue(), i)).getEncoded(), "AES");
    }

    public KeyPair generateKeyPair() throws GeneralSecurityException {
        new GregorianCalendar();
        new GregorianCalendar().add(1, DEFAULT_CERT_DURATION_YEARS.intValue());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(512);
        return keyPairGenerator.generateKeyPair();
    }

    public X509Certificate generateSefSignedCertificate(KeyPair keyPair) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.add(1, DEFAULT_CERT_DURATION_YEARS.intValue());
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(5443601L));
        x509V3CertificateGenerator.setSubjectDN(new X509Principal("CN=HlOrder,O=Herbalife"));
        x509V3CertificateGenerator.setIssuerDN(new X509Principal("CN=HlOrder,O=Herbalife"));
        x509V3CertificateGenerator.setPublicKey(keyPair.getPublic());
        x509V3CertificateGenerator.setNotBefore(gregorianCalendar.getTime());
        x509V3CertificateGenerator.setNotAfter(gregorianCalendar2.getTime());
        x509V3CertificateGenerator.setSignatureAlgorithm("SHA1withRSA");
        return x509V3CertificateGenerator.generate(keyPair.getPrivate());
    }

    public SecretKey unwrap(KeyPair keyPair, byte[] bArr) throws GeneralSecurityException {
        Assert.notNull(keyPair, "Cant unwrap secret key from null KeyPair");
        if (this.unwrappingCipher == null) {
            this.unwrappingCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        }
        this.unwrappingCipher.init(4, keyPair.getPrivate());
        return (SecretKey) this.unwrappingCipher.unwrap(bArr, "AES", 3);
    }

    public byte[] wrap(KeyPair keyPair, SecretKey secretKey) throws GeneralSecurityException {
        Assert.notNull(keyPair, "Cant wrap secret key to a null KeyPair");
        Assert.notNull(keyPair, "Cant wrap null secret key to provided KeyPair");
        if (this.wrappingCipher == null) {
            this.wrappingCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        }
        this.wrappingCipher.init(3, keyPair.getPublic());
        return this.wrappingCipher.wrap(secretKey);
    }
}
