package org.matrix.androidsdk.crypto;

import android.text.TextUtils;
import android.util.Base64;
import com.facebook.stetho.common.Utf8Charset;
import com.flurry.android.Constants;
import java.io.ByteArrayOutputStream;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.KotlinVersion;
import org.matrix.androidsdk.core.Log;

/* loaded from: classes2.dex */
public class MXMegolmExportEncryption {
    public static final int DEFAULT_ITERATION_COUNT = 500000;
    private static final String HEADER_LINE = "-----BEGIN MEGOLM SESSION DATA-----";
    private static final int LINE_LENGTH = 96;
    private static final String LOG_TAG = "MXMegolmExportEncryption";
    private static final String TRAILER_LINE = "-----END MEGOLM SESSION DATA-----";

    private static int byteToInt(byte b10) {
        return b10 & Constants.UNKNOWN;
    }

    public static String decryptMegolmKeyFile(byte[] bArr, String str) {
        byte[] unpackMegolmKeyFile = unpackMegolmKeyFile(bArr);
        if (unpackMegolmKeyFile == null || unpackMegolmKeyFile.length == 0) {
            Log.e(LOG_TAG, "## decryptMegolmKeyFile() : Invalid file: too short");
            throw new Exception("Invalid file: too short");
        }
        if (unpackMegolmKeyFile[0] != 1) {
            Log.e(LOG_TAG, "## decryptMegolmKeyFile() : Invalid file: too short");
            throw new Exception("Unsupported version");
        }
        int length = unpackMegolmKeyFile.length - 69;
        if (length < 0) {
            throw new Exception("Invalid file: too short");
        }
        if (TextUtils.isEmpty(str)) {
            throw new Exception("Empty password is not supported");
        }
        byte[] copyOfRange = Arrays.copyOfRange(unpackMegolmKeyFile, 1, 17);
        byte[] copyOfRange2 = Arrays.copyOfRange(unpackMegolmKeyFile, 17, 33);
        int byteToInt = (byteToInt(unpackMegolmKeyFile[33]) << 24) | (byteToInt(unpackMegolmKeyFile[34]) << 16) | (byteToInt(unpackMegolmKeyFile[35]) << 8) | byteToInt(unpackMegolmKeyFile[36]);
        byte[] copyOfRange3 = Arrays.copyOfRange(unpackMegolmKeyFile, 37, length + 37);
        byte[] copyOfRange4 = Arrays.copyOfRange(unpackMegolmKeyFile, unpackMegolmKeyFile.length - 32, unpackMegolmKeyFile.length);
        byte[] deriveKeys = deriveKeys(copyOfRange, byteToInt, str);
        byte[] copyOfRange5 = Arrays.copyOfRange(unpackMegolmKeyFile, 0, unpackMegolmKeyFile.length - 32);
        SecretKeySpec secretKeySpec = new SecretKeySpec(getHmacKey(deriveKeys), "HmacSHA256");
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(secretKeySpec);
        if (!Arrays.equals(copyOfRange4, mac.doFinal(copyOfRange5))) {
            Log.e(LOG_TAG, "## decryptMegolmKeyFile() : Authentication check failed: incorrect password?");
            throw new Exception("Authentication check failed: incorrect password?");
        }
        Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
        cipher.init(2, new SecretKeySpec(getAesKey(deriveKeys), "AES"), new IvParameterSpec(copyOfRange2));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(cipher.update(copyOfRange3));
        byteArrayOutputStream.write(cipher.doFinal());
        String str2 = new String(byteArrayOutputStream.toByteArray(), Utf8Charset.NAME);
        byteArrayOutputStream.close();
        return str2;
    }

    private static byte[] deriveKeys(byte[] bArr, int i10, String str) {
        Long valueOf = Long.valueOf(System.currentTimeMillis());
        Mac mac = Mac.getInstance("HmacSHA512");
        mac.init(new SecretKeySpec(str.getBytes(Utf8Charset.NAME), "HmacSHA512"));
        byte[] bArr2 = new byte[64];
        byte[] bArr3 = new byte[64];
        mac.update(bArr);
        byte[] bArr4 = new byte[4];
        Arrays.fill(bArr4, (byte) 0);
        bArr4[3] = 1;
        mac.update(bArr4);
        mac.doFinal(bArr3, 0);
        System.arraycopy(bArr3, 0, bArr2, 0, 64);
        for (int i11 = 2; i11 <= i10; i11++) {
            mac.update(bArr3);
            mac.doFinal(bArr3, 0);
            for (int i12 = 0; i12 < 64; i12++) {
                bArr2[i12] = (byte) (bArr2[i12] ^ bArr3[i12]);
            }
        }
        Log.d(LOG_TAG, "## deriveKeys() : " + i10 + " in " + (System.currentTimeMillis() - valueOf.longValue()) + " ms");
        return bArr2;
    }

    public static byte[] encryptMegolmKeyFile(String str, String str2) {
        return encryptMegolmKeyFile(str, str2, DEFAULT_ITERATION_COUNT);
    }

    public static byte[] encryptMegolmKeyFile(String str, String str2, int i10) {
        if (TextUtils.isEmpty(str2)) {
            throw new Exception("Empty password is not supported");
        }
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[16];
        secureRandom.nextBytes(bArr);
        byte[] bArr2 = new byte[16];
        secureRandom.nextBytes(bArr2);
        bArr2[9] = (byte) (bArr2[9] & Byte.MAX_VALUE);
        byte[] deriveKeys = deriveKeys(bArr, i10, str2);
        Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
        cipher.init(1, new SecretKeySpec(getAesKey(deriveKeys), "AES"), new IvParameterSpec(bArr2));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(cipher.update(str.getBytes(Utf8Charset.NAME)));
        byteArrayOutputStream.write(cipher.doFinal());
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        byte[] bArr3 = new byte[byteArray.length + 37 + 32];
        bArr3[0] = 1;
        System.arraycopy(bArr, 0, bArr3, 1, 16);
        System.arraycopy(bArr2, 0, bArr3, 17, 16);
        bArr3[33] = (byte) ((i10 >> 24) & KotlinVersion.MAX_COMPONENT_VALUE);
        bArr3[34] = (byte) ((i10 >> 16) & KotlinVersion.MAX_COMPONENT_VALUE);
        bArr3[35] = (byte) ((i10 >> 8) & KotlinVersion.MAX_COMPONENT_VALUE);
        bArr3[36] = (byte) (i10 & KotlinVersion.MAX_COMPONENT_VALUE);
        System.arraycopy(byteArray, 0, bArr3, 37, byteArray.length);
        int length = 37 + byteArray.length;
        byte[] copyOfRange = Arrays.copyOfRange(bArr3, 0, length);
        SecretKeySpec secretKeySpec = new SecretKeySpec(getHmacKey(deriveKeys), "HmacSHA256");
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(secretKeySpec);
        byte[] doFinal = mac.doFinal(copyOfRange);
        System.arraycopy(doFinal, 0, bArr3, length, doFinal.length);
        return packMegolmKeyFile(bArr3);
    }

    private static byte[] getAesKey(byte[] bArr) {
        return Arrays.copyOfRange(bArr, 0, 32);
    }

    private static byte[] getHmacKey(byte[] bArr) {
        return Arrays.copyOfRange(bArr, 32, bArr.length);
    }

    private static byte[] packMegolmKeyFile(byte[] bArr) {
        int length = ((bArr.length + 96) - 1) / 96;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(HEADER_LINE.getBytes());
        int i10 = 0;
        for (int i11 = 1; i11 <= length; i11++) {
            byteArrayOutputStream.write("\n".getBytes());
            byteArrayOutputStream.write(Base64.encode(bArr, i10, Math.min(96, bArr.length - i10), 0));
            i10 += 96;
        }
        byteArrayOutputStream.write("\n".getBytes());
        byteArrayOutputStream.write(TRAILER_LINE.getBytes());
        byteArrayOutputStream.write("\n".getBytes());
        return byteArrayOutputStream.toByteArray();
    }

    private static byte[] unpackMegolmKeyFile(byte[] bArr) {
        String str = new String(bArr, Utf8Charset.NAME);
        int i10 = 0;
        while (true) {
            int indexOf = str.indexOf(10, i10);
            if (indexOf < 0) {
                Log.e(LOG_TAG, "## unpackMegolmKeyFile() : Header line not found");
                throw new Exception("Header line not found");
            }
            String trim = str.substring(i10, indexOf).trim();
            int i11 = indexOf + 1;
            if (TextUtils.equals(trim, HEADER_LINE)) {
                int i12 = i11;
                while (true) {
                    int indexOf2 = str.indexOf(10, i12);
                    if (TextUtils.equals(indexOf2 < 0 ? str.substring(i12).trim() : str.substring(i12, indexOf2).trim(), TRAILER_LINE)) {
                        return Base64.decode(str.substring(i11, i12), 0);
                    }
                    if (indexOf2 < 0) {
                        Log.e(LOG_TAG, "## unpackMegolmKeyFile() : Trailer line not found");
                        throw new Exception("Trailer line not found");
                    }
                    i12 = indexOf2 + 1;
                }
            } else {
                i10 = i11;
            }
        }
    }
}
