package lib.core.crypto;

import com.hchb.core.Logger;
import com.hchb.core.Utilities;
import com.hchb.interfaces.IEncryptionStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.DigestException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import javax.crypto.Cipher;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public final class SessionEncryption extends CryptoBase {
    private static final int AES_IV_OFFSET = 0;
    private static final int BUFFER_SIZE = 2048;
    private static final int ENCRYPTED_PAYLOAD_OFFSET = 17;
    private static final int MAX_ENCRYPTED_PAYLOAD_LENGTH = 20971520;
    private static final int MAX_INCOMING_MESSAGE_SIZE_BYTES = 20971569;
    private static final int MESSAGE_BODY_OVERHEAD_BYTES = 49;
    private static final int MIN_INCOMING_MESSAGE_SIZE_BYTES = 65;
    private static final int PADDING_LENGTH_OFFSET = 16;
    private final SecretKeySpec aesSessionKeySpec;
    private final byte[] tempBuffer = new byte[2048];
    private final byte[] iv = new byte[16];
    private final byte[] computedHashDigest = new byte[32];

    /* loaded from: classes2.dex */
    private class SessionDecryptionStream extends InputStream implements IEncryptionStream {
        private final byte[] byteBuffer;
        private final byte[] decryptedBuffer;
        private int decryptedBufferLen;
        private int decryptedBufferReadPos;
        private int decryptedPayloadLength;
        private int digestOffset;
        private final InputStream encryptedInputStream;
        private int encryptedStreamReadPos;
        private int totalBytesDecrypted;

        private SessionDecryptionStream(File file) throws IOException, GeneralSecurityException {
            this.decryptedBuffer = new byte[2048];
            this.byteBuffer = new byte[1];
            if (file == null) {
                throw new NullPointerException("inputFile cannot be null.");
            }
            if (file.length() > 20971520) {
                throw new IllegalArgumentException(String.format("Encrypted payload is too large: %d bytes > %d maximum.", Long.valueOf(file.length()), Integer.valueOf(SessionEncryption.MAX_ENCRYPTED_PAYLOAD_LENGTH)));
            }
            verifyMessageStreamIntegrity(new FileInputStream(file), file.length());
            this.encryptedInputStream = new FileInputStream(file);
            initializeSourceStream();
        }

        private SessionDecryptionStream(byte[] bArr) throws IOException, GeneralSecurityException {
            this.decryptedBuffer = new byte[2048];
            this.byteBuffer = new byte[1];
            if (bArr == null) {
                throw new NullPointerException("inputData cannot be null.");
            }
            if (bArr.length > SessionEncryption.MAX_ENCRYPTED_PAYLOAD_LENGTH) {
                throw new IllegalArgumentException(String.format("Encrypted payload is too large: %d bytes > %d maximum.", Integer.valueOf(bArr.length), Integer.valueOf(SessionEncryption.MAX_ENCRYPTED_PAYLOAD_LENGTH)));
            }
            verifyMessageStreamIntegrity(new ByteArrayInputStream(bArr), bArr.length);
            this.encryptedInputStream = new ByteArrayInputStream(bArr);
            initializeSourceStream();
        }

        private boolean decryptedBufferIsEmpty() {
            return this.decryptedBufferReadPos >= this.decryptedBufferLen;
        }

        private int getBytesRemainingInEncryptedInputStream() {
            return this.digestOffset - this.encryptedStreamReadPos;
        }

        private void initializeSourceStream() throws IOException, InvalidKeyException, InvalidAlgorithmParameterException {
            this.encryptedStreamReadPos = 17;
            this.decryptedBufferReadPos = 0;
            this.decryptedBufferLen = 0;
            this.totalBytesDecrypted = 0;
            if (this.encryptedInputStream.skip(17) != this.encryptedStreamReadPos) {
                throw new IOException(String.format("Unable to reposition encrypted input stream to byte %d.", Integer.valueOf(this.encryptedStreamReadPos)));
            }
            SessionEncryption.this.aesCipher.init(2, SessionEncryption.this.aesSessionKeySpec, new IvParameterSpec(SessionEncryption.this.iv));
        }

        private void verifyMessageStreamIntegrity(InputStream inputStream, long j) throws GeneralSecurityException, IOException {
            try {
                CryptoBase.validateOverallMessageLength(j, 65, SessionEncryption.MAX_INCOMING_MESSAGE_SIZE_BYTES);
                int i = (int) j;
                int i2 = i - 49;
                CryptoBase.validateEncryptedPayloadBlockSize(i2);
                this.digestOffset = i - 32;
                SessionEncryption.this.hashDigest.reset();
                int read = inputStream.read(SessionEncryption.this.iv);
                SessionEncryption.this.hashDigest.update(SessionEncryption.this.iv);
                byte read2 = (byte) inputStream.read();
                SessionEncryption.this.validatePaddingCount(read2);
                SessionEncryption.this.hashDigest.update(read2);
                int i3 = read + 1;
                this.decryptedPayloadLength = i2 - read2;
                int i4 = this.digestOffset;
                while (true) {
                    int i5 = i4 - i3;
                    if (i5 <= 0) {
                        break;
                    }
                    if (i5 > 2048) {
                        i5 = 2048;
                    }
                    int read3 = inputStream.read(SessionEncryption.this.tempBuffer, 0, i5);
                    if (read3 <= 0) {
                        break;
                    }
                    SessionEncryption.this.hashDigest.update(SessionEncryption.this.tempBuffer, 0, read3);
                    i3 += read3;
                    i4 = this.digestOffset;
                }
                SessionEncryption.this.hashDigest.digest(SessionEncryption.this.computedHashDigest, 0, 32);
                if (inputStream.read(SessionEncryption.this.tempBuffer, 0, 32) != 32) {
                    throw new IOException("Error reading message digest.");
                }
                if (!Utilities.compareByteRanges(SessionEncryption.this.computedHashDigest, SessionEncryption.this.tempBuffer, 32)) {
                    throw new DigestException();
                }
            } finally {
                inputStream.close();
            }
        }

        @Override // java.io.InputStream, java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            InputStream inputStream = this.encryptedInputStream;
            if (inputStream != null) {
                try {
                    try {
                        inputStream.close();
                    } finally {
                        super.close();
                    }
                } catch (Throwable unused) {
                    Logger.warning(getClass().getSimpleName(), "Unable to close input stream.");
                }
            }
        }

        protected void finalize() throws Throwable {
            try {
                close();
            } catch (IOException unused) {
            } catch (Throwable th) {
                super.finalize();
                throw th;
            }
            super.finalize();
        }

        @Override // com.hchb.interfaces.IEncryptionStream
        public final int getDecryptedStreamLength() {
            return this.decryptedPayloadLength;
        }

        @Override // java.io.InputStream
        public int read() throws IOException {
            if (read(this.byteBuffer, 0, 1) == -1) {
                return -1;
            }
            return this.byteBuffer[0];
        }

        @Override // java.io.InputStream
        public int read(byte[] bArr, int i, int i2) throws IOException {
            int i3 = 0;
            while (i2 > 0) {
                if (decryptedBufferIsEmpty()) {
                    int bytesRemainingInEncryptedInputStream = getBytesRemainingInEncryptedInputStream();
                    if (bytesRemainingInEncryptedInputStream <= 0) {
                        break;
                    }
                    if (bytesRemainingInEncryptedInputStream > 2048) {
                        bytesRemainingInEncryptedInputStream = 2048;
                    }
                    int read = this.encryptedInputStream.read(SessionEncryption.this.tempBuffer, 0, bytesRemainingInEncryptedInputStream);
                    if (read <= 0) {
                        throw new IOException(getClass().getSimpleName() + " - Unexpected EOF after pos " + this.encryptedStreamReadPos);
                    }
                    this.encryptedStreamReadPos += read;
                    try {
                        this.decryptedBufferLen = SessionEncryption.this.aesCipher.update(SessionEncryption.this.tempBuffer, 0, read, this.decryptedBuffer);
                        this.decryptedBufferReadPos = 0;
                    } catch (ShortBufferException e) {
                        throw new RuntimeException(e);
                    }
                }
                int i4 = this.decryptedBufferLen;
                int i5 = this.decryptedBufferReadPos;
                int i6 = i4 - i5;
                int i7 = this.decryptedPayloadLength - this.totalBytesDecrypted;
                if (i2 <= i6) {
                    i6 = i2;
                }
                if (i6 <= i7) {
                    i7 = i6;
                } else if (i7 <= 0) {
                    break;
                }
                System.arraycopy(this.decryptedBuffer, i5, bArr, i, i7);
                this.totalBytesDecrypted += i7;
                this.decryptedBufferReadPos += i7;
                i3 += i7;
                i += i7;
                i2 -= i7;
            }
            if (i3 == 0) {
                return -1;
            }
            return i3;
        }
    }

    public SessionEncryption(byte[] bArr) throws GeneralSecurityException {
        if (bArr.length != 32) {
            throw new IllegalArgumentException("aesKey");
        }
        int length = bArr.length;
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= length) {
                z = true;
                break;
            } else if (bArr[i] != 0) {
                break;
            } else {
                i++;
            }
        }
        if (z) {
            throw new IllegalArgumentException("aesKey");
        }
        this.aesSessionKeySpec = new SecretKeySpec(bArr, "AES");
        this.aesCipher = Cipher.getInstance(CryptoBase.AES_CIPHER_SPECIFICATION);
        this.hashDigest = MessageDigest.getInstance(CryptoBase.MSG_DIGEST_SPECIFICATION);
    }

    private void verifyMessageIntegrity(byte[] bArr) throws GeneralSecurityException {
        int length = bArr.length - 49;
        validateOverallMessageLength(bArr.length, 65, MAX_INCOMING_MESSAGE_SIZE_BYTES);
        validateEncryptedPayloadBlockSize(length);
        validatePaddingCount(bArr[16]);
        int length2 = bArr.length - 32;
        this.hashDigest.reset();
        this.hashDigest.update(bArr, 0, length2);
        this.hashDigest.digest(this.computedHashDigest, 0, 32);
        if (!Utilities.compareByteRanges(this.computedHashDigest, 0, bArr, length2, 32)) {
            throw new DigestException("Invalid message digest.");
        }
    }

    @Override // lib.core.crypto.IFalconEncryptionHandler
    public byte[] decryptResponse(byte[] bArr) {
        try {
            verifyMessageIntegrity(bArr);
            int length = (bArr.length - 49) / 16;
            byte b = bArr[16];
            this.aesCipher.init(2, this.aesSessionKeySpec, new IvParameterSpec(bArr, 0, 16));
            return decryptResponseBase(bArr, 17, length, b);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // lib.core.crypto.IFalconEncryptionHandler
    public byte[] encryptRequest(byte[] bArr) {
        if (bArr.length < 1) {
            throw new IllegalArgumentException();
        }
        byte[] bArr2 = new byte[(((bArr.length / 16) + 1) * 16) + 49];
        SecureRandomSource.getSource().nextBytes(this.iv);
        try {
            System.arraycopy(this.iv, 0, bArr2, 0, 16);
            encryptRequestBase(bArr, bArr2, 17, this.aesSessionKeySpec, this.iv);
            return bArr2;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // lib.core.crypto.IFalconEncryptionHandler
    public InputStream openInputStream(File file) throws IOException {
        try {
            return new SessionDecryptionStream(file);
        } catch (GeneralSecurityException e) {
            throw new SecurityException(e);
        }
    }

    @Override // lib.core.crypto.IFalconEncryptionHandler
    public InputStream openInputStream(byte[] bArr) throws IOException {
        try {
            return new SessionDecryptionStream(bArr);
        } catch (GeneralSecurityException e) {
            throw new SecurityException(e);
        }
    }
}
