package net.zetetic.strip.services.sync;

import android.net.Uri;
import com.google.common.base.Optional;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import net.sqlcipher.Cursor;
import net.sqlcipher.database.SQLiteDatabase;
import net.zetetic.strip.R;
import net.zetetic.strip.core.Either;
import net.zetetic.strip.core.Error;
import net.zetetic.strip.helpers.CodebookApplication;
import net.zetetic.strip.helpers.DefaultRandomSource;
import net.zetetic.strip.helpers.RandomGenerator;
import net.zetetic.strip.helpers.StringHelper;
import net.zetetic.strip.security.CryptoService;
import net.zetetic.strip.text.Base64URLSafe;
import timber.log.a;

/* loaded from: classes3.dex */
public class SyncKeyURLEncoder implements CryptoService {
    private final SyncKeyEncodingListener listener;
    private final int version = 1;
    private final int latestSupportedVersion = 2;
    private final int ivSize = 16;
    private final int iterationLength = 4000000;
    private final int derivedKeySize = 64;
    private final int encryptionKeySize = 32;
    private final int hmacKeySize = 32;
    private final String TAG = getClass().getSimpleName();
    private final String encoding = "UTF-8";
    private final String CipherInstanceName = "AES/CBC/NoPadding";
    private final int base64PaddingSalt = 2;
    private final int base64PaddingIv = 2;
    private final int base64PaddingHmac = 2;
    private final int base64PaddingCode = 1;
    private final String base64PaddingChar = "=";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public class a {

        /* renamed from: a, reason: collision with root package name */
        public String f10399a;

        /* renamed from: b, reason: collision with root package name */
        public String f10400b;

        /* renamed from: c, reason: collision with root package name */
        public String f10401c;

        /* renamed from: d, reason: collision with root package name */
        public String f10402d;

        /* renamed from: e, reason: collision with root package name */
        public String f10403e;

        /* renamed from: f, reason: collision with root package name */
        public String f10404f;

        public a(int i2) {
            if (i2 == 1) {
                this.f10404f = "version";
                this.f10399a = "salt";
                this.f10400b = "iv";
                this.f10401c = "hmac";
                this.f10402d = "code";
                this.f10403e = "refresh_token";
                return;
            }
            if (i2 != 2) {
                return;
            }
            this.f10404f = "v";
            this.f10399a = "s";
            this.f10400b = "i";
            this.f10401c = "h";
            this.f10402d = "c";
            this.f10403e = "a";
        }
    }

    public SyncKeyURLEncoder(SyncKeyEncodingListener syncKeyEncodingListener) {
        this.listener = syncKeyEncodingListener;
    }

    private <T> Either<Error, T> error(String str) {
        return Either.error(new Error(str));
    }

    private byte[] generateRandomBytes(int i2) {
        byte[] bArr = new byte[i2];
        RandomGenerator randomGenerator = new RandomGenerator(new DefaultRandomSource());
        for (int i3 = 0; i3 < i2; i3++) {
            bArr[i3] = randomGenerator.randomByte(127);
        }
        return bArr;
    }

    private String getString(int i2) {
        return CodebookApplication.getInstance().getString(i2);
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x0026  */
    /* JADX WARN: Removed duplicated region for block: B:15:0x002b  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.google.common.base.Optional<java.lang.Integer> getVersionFromUri(java.lang.String r3) {
        /*
            android.net.Uri r3 = android.net.Uri.parse(r3)
            java.lang.String r0 = "v"
            java.lang.String r0 = r3.getQueryParameter(r0)
            r1 = -1
            if (r0 == 0) goto L13
            int r0 = java.lang.Integer.parseInt(r0)     // Catch: java.lang.NumberFormatException -> L12
            goto L14
        L12:
        L13:
            r0 = -1
        L14:
            if (r0 != r1) goto L24
            java.lang.String r2 = "version"
            java.lang.String r3 = r3.getQueryParameter(r2)
            if (r3 == 0) goto L24
            int r0 = java.lang.Integer.parseInt(r3)     // Catch: java.lang.NumberFormatException -> L23
            goto L24
        L23:
        L24:
            if (r0 != r1) goto L2b
            com.google.common.base.Optional r3 = com.google.common.base.Optional.absent()
            goto L33
        L2b:
            java.lang.Integer r3 = java.lang.Integer.valueOf(r0)
            com.google.common.base.Optional r3 = com.google.common.base.Optional.of(r3)
        L33:
            return r3
        */
        throw new UnsupportedOperationException("Method not decompiled: net.zetetic.strip.services.sync.SyncKeyURLEncoder.getVersionFromUri(java.lang.String):com.google.common.base.Optional");
    }

    private <T> Either<Error, T> result(T t2) {
        return Either.value(t2);
    }

    @Override // net.zetetic.strip.security.CryptoService
    public byte[] computeDerivedKey(byte[] bArr, byte[] bArr2, int i2) {
        SQLiteDatabase sQLiteDatabase = null;
        byte[] bArr3 = null;
        try {
            SQLiteDatabase openOrCreateDatabase = SQLiteDatabase.openOrCreateDatabase(SQLiteDatabase.MEMORY, "", (SQLiteDatabase.CursorFactory) null);
            try {
                Cursor rawQuery = openOrCreateDatabase.rawQuery("SELECT sqlcipher_vle_pbkdf2(?, ?, 'PBKDF2_HMAC_SHA512', ?, ?);", new Object[]{bArr, bArr2, Integer.valueOf(i2), 64});
                if (rawQuery != null) {
                    rawQuery.moveToFirst();
                    bArr3 = rawQuery.getBlob(0);
                    rawQuery.close();
                }
                openOrCreateDatabase.close();
                return bArr3;
            } catch (Throwable th) {
                th = th;
                sQLiteDatabase = openOrCreateDatabase;
                if (sQLiteDatabase != null) {
                    sQLiteDatabase.close();
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    @Override // net.zetetic.strip.security.CryptoService
    public byte[] computeHMAC(byte[] bArr, byte[] bArr2) {
        try {
            Mac mac = Mac.getInstance("HmacSHA512");
            mac.init(new SecretKeySpec(bArr, "HmacSHA512"));
            return mac.doFinal(bArr2);
        } catch (InvalidKeyException e2) {
            timber.log.a.f(this.TAG).e(e2, "Invalid key material for computing HMAC", new Object[0]);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            timber.log.a.f(this.TAG).e(e3, "Unable to compute HMAC with HmacSHA512", new Object[0]);
            return null;
        }
    }

    public Either<Error, SyncKeyDecodingResponse> decode(SyncKeyDecodingRequest syncKeyDecodingRequest) {
        try {
            SyncKeyEncodingListener syncKeyEncodingListener = this.listener;
            if (syncKeyEncodingListener != null) {
                syncKeyEncodingListener.decodingBeginning();
            }
            Uri parse = Uri.parse(syncKeyDecodingRequest.getSourceUri());
            Optional<Integer> versionFromUri = getVersionFromUri(syncKeyDecodingRequest.getSourceUri());
            if (versionFromUri.isPresent() && versionFromUri.get().intValue() <= 2) {
                Integer num = versionFromUri.get();
                int intValue = num.intValue();
                timber.log.a.f(this.TAG).i("Decoding Sync Key URL version %s", num);
                a aVar = new a(intValue);
                String queryParameter = parse.getQueryParameter(aVar.f10399a);
                String queryParameter2 = parse.getQueryParameter(aVar.f10400b);
                String queryParameter3 = parse.getQueryParameter(aVar.f10401c);
                String queryParameter4 = parse.getQueryParameter(aVar.f10402d);
                String queryParameter5 = parse.getQueryParameter(aVar.f10403e);
                Either<Error, SyncKeyDecodingResponse> error = StringHelper.isNullOrEmpty(queryParameter) ? error(getString(R.string.missing_salt_from_url)) : StringHelper.isNullOrEmpty(queryParameter2) ? error(getString(R.string.missing_iv_from_url)) : StringHelper.isNullOrEmpty(queryParameter3) ? error(getString(R.string.missing_hmac_from_url)) : StringHelper.isNullOrEmpty(queryParameter4) ? error(getString(R.string.missing_code_from_url)) : null;
                if (error != null) {
                    return error;
                }
                if (intValue == 2) {
                    for (int i2 = 0; i2 < 2; i2++) {
                        queryParameter = queryParameter + "=";
                    }
                    for (int i3 = 0; i3 < 2; i3++) {
                        queryParameter2 = queryParameter2 + "=";
                    }
                    for (int i4 = 0; i4 < 2; i4++) {
                        queryParameter3 = queryParameter3 + "=";
                    }
                    for (int i5 = 0; i5 < 1; i5++) {
                        queryParameter4 = queryParameter4 + "=";
                    }
                }
                Base64URLSafe base64URLSafe = new Base64URLSafe();
                byte[] decode = base64URLSafe.decode(queryParameter);
                byte[] decode2 = base64URLSafe.decode(queryParameter2);
                byte[] decode3 = base64URLSafe.decode(queryParameter3);
                byte[] decode4 = base64URLSafe.decode(queryParameter4);
                byte[] decode5 = !StringHelper.isNullOrEmpty(queryParameter5) ? base64URLSafe.decode(queryParameter5) : null;
                if (decode4.length != 32) {
                    error = error(String.format(getString(R.string.expected_sync_key_length_received_template), 32, Integer.valueOf(decode4.length)));
                }
                if (error != null) {
                    return error;
                }
                byte[] computeDerivedKey = computeDerivedKey(syncKeyDecodingRequest.getPassword().getBytes("UTF-8"), decode, 4000000);
                byte[] bArr = new byte[32];
                byte[] bArr2 = new byte[32];
                System.arraycopy(computeDerivedKey, 0, bArr, 0, 32);
                System.arraycopy(computeDerivedKey, 32, bArr2, 0, 32);
                byte[] computeHMAC = computeHMAC(bArr2, decode4);
                if (intValue == 2) {
                    computeHMAC = Arrays.copyOf(computeHMAC, 32);
                }
                if (!Arrays.equals(computeHMAC, decode3)) {
                    error = error("Password may be invalid, message verification failed");
                }
                if (error != null) {
                    return error;
                }
                IvParameterSpec ivParameterSpec = new IvParameterSpec(decode2);
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
                Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
                cipher.init(2, secretKeySpec, ivParameterSpec);
                byte[] doFinal = cipher.doFinal(decode4);
                Optional absent = Optional.absent();
                if (decode5 != null) {
                    Cipher cipher2 = Cipher.getInstance("AES/CBC/NoPadding");
                    cipher2.init(2, secretKeySpec, ivParameterSpec);
                    absent = Optional.of(new String(cipher2.doFinal(decode5), "UTF-8"));
                }
                SyncKeyDecodingResponse syncKeyDecodingResponse = new SyncKeyDecodingResponse(doFinal, absent);
                SyncKeyEncodingListener syncKeyEncodingListener2 = this.listener;
                if (syncKeyEncodingListener2 != null) {
                    syncKeyEncodingListener2.decodingEnded();
                }
                return result(syncKeyDecodingResponse);
            }
            return error(getString(R.string.invalid_version_from_url) + " " + (versionFromUri.isPresent() ? versionFromUri.get().intValue() : -1));
        } catch (Exception e2) {
            return error(e2.getMessage());
        }
    }

    public String encode(SyncKeyEncodingRequest syncKeyEncodingRequest) {
        int i2;
        char c2;
        UnsupportedEncodingException unsupportedEncodingException;
        try {
            try {
                SyncKeyEncodingListener syncKeyEncodingListener = this.listener;
                if (syncKeyEncodingListener != null) {
                    try {
                        syncKeyEncodingListener.encodingBeginning();
                    } catch (UnsupportedEncodingException e2) {
                        e = e2;
                    }
                }
                Base64URLSafe base64URLSafe = new Base64URLSafe();
                byte[] generateRandomBytes = generateRandomBytes(16);
                byte[] computeDerivedKey = computeDerivedKey(syncKeyEncodingRequest.getPassword().getBytes("UTF-8"), syncKeyEncodingRequest.getSalt(), 4000000);
                byte[] bArr = new byte[32];
                byte[] bArr2 = new byte[32];
                System.arraycopy(computeDerivedKey, 0, bArr, 0, 32);
                System.arraycopy(computeDerivedKey, 32, bArr2, 0, 32);
                IvParameterSpec ivParameterSpec = new IvParameterSpec(generateRandomBytes);
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
                Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
                cipher.init(1, secretKeySpec, ivParameterSpec);
                byte[] doFinal = cipher.doFinal(syncKeyEncodingRequest.getSyncKey());
                byte[] computeHMAC = computeHMAC(bArr2, doFinal);
                SyncKeyEncodingListener syncKeyEncodingListener2 = this.listener;
                if (syncKeyEncodingListener2 != null) {
                    syncKeyEncodingListener2.encodingEnded();
                }
                int version = syncKeyEncodingRequest.getVersion();
                if (version == 1) {
                    try {
                        return String.format("codebook://rescuecode?version=%s&salt=%s&iv=%s&hmac=%s&code=%s", Integer.valueOf(syncKeyEncodingRequest.getVersion()), base64URLSafe.encode(syncKeyEncodingRequest.getSalt()), base64URLSafe.encode(generateRandomBytes), base64URLSafe.encode(computeHMAC), base64URLSafe.encode(doFinal));
                    } catch (UnsupportedEncodingException e3) {
                        e = e3;
                    }
                } else {
                    if (version != 2) {
                        return "";
                    }
                    a aVar = new a(syncKeyEncodingRequest.getVersion());
                    Uri.Builder appendQueryParameter = new Uri.Builder().scheme("codebook").authority("q").appendQueryParameter(aVar.f10404f, String.valueOf(syncKeyEncodingRequest.getVersion())).appendQueryParameter(aVar.f10399a, base64URLSafe.encode(syncKeyEncodingRequest.getSalt())).appendQueryParameter(aVar.f10400b, base64URLSafe.encode(generateRandomBytes)).appendQueryParameter(aVar.f10401c, base64URLSafe.encode(Arrays.copyOf(computeHMAC, 32)));
                    Uri.Builder appendQueryParameter2 = new Uri.Builder().scheme("codebook").authority("r").appendQueryParameter(aVar.f10404f, String.valueOf(syncKeyEncodingRequest.getVersion())).appendQueryParameter(aVar.f10402d, base64URLSafe.encode(doFinal));
                    if (syncKeyEncodingRequest.getAuthorization() != null && syncKeyEncodingRequest.getAuthorization().length() > 0) {
                        Cipher cipher2 = Cipher.getInstance("AES/CBC/NoPadding");
                        cipher2.init(1, secretKeySpec, ivParameterSpec);
                        appendQueryParameter2.appendQueryParameter(aVar.f10403e, base64URLSafe.encode(cipher2.doFinal(syncKeyEncodingRequest.getAuthorization().getBytes("UTF-8"))));
                    }
                    try {
                        return String.format("%s\n%s", appendQueryParameter.toString(), appendQueryParameter2.toString());
                    } catch (UnsupportedEncodingException e4) {
                        e = e4;
                    }
                }
                unsupportedEncodingException = e;
                i2 = 1;
                c2 = 0;
            } catch (UnsupportedEncodingException e5) {
                i2 = 1;
                c2 = 0;
                unsupportedEncodingException = e5;
            }
            a.b f2 = timber.log.a.f(this.TAG);
            Object[] objArr = new Object[i2];
            objArr[c2] = "UTF-8";
            f2.e(unsupportedEncodingException, "Failed to get bytes for %s encoding", objArr);
            return "";
        } catch (InvalidAlgorithmParameterException e6) {
            e = e6;
            Throwable th = e;
            timber.log.a.f(this.TAG).e(th, "Failed to encrypt sync key", th);
            return "";
        } catch (InvalidKeyException e7) {
            e = e7;
            Throwable th2 = e;
            timber.log.a.f(this.TAG).e(th2, "Failed to encrypt sync key", th2);
            return "";
        } catch (NoSuchAlgorithmException e8) {
            e = e8;
            Throwable th22 = e;
            timber.log.a.f(this.TAG).e(th22, "Failed to encrypt sync key", th22);
            return "";
        } catch (BadPaddingException e9) {
            e = e9;
            Throwable th222 = e;
            timber.log.a.f(this.TAG).e(th222, "Failed to encrypt sync key", th222);
            return "";
        } catch (IllegalBlockSizeException e10) {
            e = e10;
            Throwable th2222 = e;
            timber.log.a.f(this.TAG).e(th2222, "Failed to encrypt sync key", th2222);
            return "";
        } catch (NoSuchPaddingException e11) {
            e = e11;
            Throwable th22222 = e;
            timber.log.a.f(this.TAG).e(th22222, "Failed to encrypt sync key", th22222);
            return "";
        }
    }
}
