package lib.core.crypto;

import androidx.core.view.InputDeviceCompat;
import com.hchb.interfaces.IEncryptionStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public final class PreAuthenticationEncryption extends CryptoBase {
    private static final int INCOMING_PADDING_LENGTH_OFFSET = 0;
    private static final int INCOMING_PAYLOAD_OFFSET = 1;
    private static final int MAX_ENCRYPTED_PAYLOAD_LENGTH = 20971520;
    private static final int MAX_INCOMING_MESSAGE_SIZE_BYTES = 20971777;
    private static final int MIN_INCOMING_MESSAGE_SIZE_BYTES = 273;
    private static final int OUTGOING_PADDING_LENGTH_OFFSET = 256;
    private static final int OUTGOING_PAYLOAD_OFFSET = 257;
    private static final String RSA_CIPHER_SPECIFICATION = "RSA/ECB/PKCS1Padding";
    private static final int RSA_KEY_SIZE_BITS = 2048;
    private static final int RSA_MODULUS_SIZE_BYTES = 256;
    private static final int RSA_SIGNATURE_SIZE_BYTES = 256;
    private static final String RSA_SIGNATURE_SPECIFICATION = "SHA256withRSA";
    private byte[] aesKey;
    private byte[] iv1;
    private byte[] iv2;
    private final SecureRandomSource randomSource = SecureRandomSource.getSource();
    private final PublicKey rsaEncryptionKey;
    private final PublicKey rsaSignatureVerificationKey;

    /* loaded from: classes2.dex */
    private class PreAuthenticationDecryptionStream extends InputStream implements IEncryptionStream {
        private final byte[] decryptedBuffer;
        private final int decryptedBufferLen;
        private int decryptedBufferReadPos;
        private final int decryptedPayloadLength;
        private int totalBytesDecrypted;

        private PreAuthenticationDecryptionStream(PreAuthenticationEncryption preAuthenticationEncryption, File file) throws IOException {
            this(new FileInputStream(file), file.length());
        }

        private PreAuthenticationDecryptionStream(InputStream inputStream, long j) throws IOException {
            if (inputStream == null) {
                throw new NullPointerException("encryptedInputStreamProvider cannot be null");
            }
            if (j < 0 || j > 20971520) {
                throw new IllegalArgumentException(String.format("Encrypted payload is too large: %d bytes > %d maximum.", Long.valueOf(j), Integer.valueOf(PreAuthenticationEncryption.MAX_ENCRYPTED_PAYLOAD_LENGTH)));
            }
            int i = (int) j;
            byte[] bArr = new byte[i];
            try {
                if (inputStream.read(bArr) != i) {
                    throw new IOException("Error reading encrypted data.");
                }
                try {
                    byte[] decryptResponse = PreAuthenticationEncryption.this.decryptResponse(bArr);
                    this.decryptedBuffer = decryptResponse;
                    this.decryptedBufferReadPos = 0;
                    int length = decryptResponse.length;
                    this.decryptedBufferLen = length;
                    this.decryptedPayloadLength = length;
                    this.totalBytesDecrypted = 0;
                } catch (GeneralSecurityException e) {
                    throw new RuntimeException(e);
                }
            } finally {
                inputStream.close();
            }
        }

        private PreAuthenticationDecryptionStream(PreAuthenticationEncryption preAuthenticationEncryption, byte[] bArr) throws IOException {
            this(new ByteArrayInputStream(bArr), bArr.length);
        }

        private boolean decryptedBufferIsEmpty() {
            return this.decryptedBufferReadPos >= this.decryptedBufferLen;
        }

        protected void finalize() throws Throwable {
            try {
                close();
            } finally {
                super.finalize();
            }
        }

        @Override // com.hchb.interfaces.IEncryptionStream
        public int getDecryptedStreamLength() {
            return this.decryptedPayloadLength;
        }

        @Override // java.io.InputStream
        public int read() throws IOException {
            throw new IOException();
        }

        @Override // java.io.InputStream
        public int read(byte[] bArr, int i, int i2) {
            int i3 = 0;
            while (i2 > 0 && !decryptedBufferIsEmpty()) {
                int i4 = this.decryptedBufferLen;
                int i5 = this.decryptedBufferReadPos;
                int i6 = i4 - i5;
                int i7 = this.decryptedPayloadLength - this.totalBytesDecrypted;
                if (i2 <= i6) {
                    i6 = i2;
                }
                if (i6 <= i7) {
                    i7 = i6;
                } else if (i7 <= 0) {
                    break;
                }
                System.arraycopy(this.decryptedBuffer, i5, bArr, i, i7);
                this.totalBytesDecrypted += i7;
                this.decryptedBufferReadPos += i7;
                i3 += i7;
                i += i7;
                i2 -= i7;
            }
            if (i3 == 0) {
                return -1;
            }
            return i3;
        }
    }

    public PreAuthenticationEncryption(PublicKey publicKey, PublicKey publicKey2) {
        this.rsaEncryptionKey = publicKey;
        this.rsaSignatureVerificationKey = publicKey2;
    }

    private void cleanup() {
        byte[] bArr = this.aesKey;
        if (bArr != null) {
            Arrays.fill(bArr, (byte) 0);
            this.aesKey = null;
        }
        byte[] bArr2 = this.iv1;
        if (bArr2 != null) {
            Arrays.fill(bArr2, (byte) 0);
            this.iv1 = null;
        }
        byte[] bArr3 = this.iv2;
        if (bArr3 != null) {
            Arrays.fill(bArr3, (byte) 0);
            this.iv2 = null;
        }
    }

    private void verifyIncomingMessageBlockIntegrity(byte[] bArr) throws GeneralSecurityException {
        validateOverallMessageLength(bArr.length, MIN_INCOMING_MESSAGE_SIZE_BYTES, MAX_INCOMING_MESSAGE_SIZE_BYTES);
        validateEncryptedPayloadBlockSize((bArr.length - 1) - 256);
        validatePaddingCount(bArr[0]);
        int length = bArr.length - 256;
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initVerify(this.rsaSignatureVerificationKey);
        signature.update(bArr, 0, length);
        if (!signature.verify(bArr, length, 256)) {
            throw new SignatureException();
        }
    }

    @Override // lib.core.crypto.IFalconEncryptionHandler
    public byte[] decryptResponse(byte[] bArr) throws GeneralSecurityException {
        verifyIncomingMessageBlockIntegrity(bArr);
        int length = ((bArr.length - 1) + InputDeviceCompat.SOURCE_ANY) / 16;
        byte b = bArr[0];
        SecretKeySpec secretKeySpec = new SecretKeySpec(this.aesKey, "AES");
        this.aesCipher = Cipher.getInstance(CryptoBase.AES_CIPHER_SPECIFICATION);
        this.aesCipher.init(2, secretKeySpec, new IvParameterSpec(this.iv2));
        byte[] decryptResponseBase = decryptResponseBase(bArr, 1, length, b);
        cleanup();
        return decryptResponseBase;
    }

    @Override // lib.core.crypto.IFalconEncryptionHandler
    public byte[] encryptRequest(byte[] bArr) {
        if (bArr.length < 1) {
            throw new IllegalArgumentException();
        }
        byte[] bArr2 = new byte[(((bArr.length / 16) + 1) * 16) + 257 + 32];
        this.aesKey = this.randomSource.getBytes(32);
        this.iv1 = this.randomSource.getBytes(16);
        this.iv2 = this.randomSource.getBytes(16);
        try {
            Cipher cipher = Cipher.getInstance(RSA_CIPHER_SPECIFICATION);
            cipher.init(1, this.rsaEncryptionKey, cipher.getParameters());
            cipher.update(this.aesKey, 0, 32, bArr2);
            cipher.update(this.iv1, 0, 16, bArr2);
            cipher.doFinal(this.iv2, 0, 16, bArr2);
            encryptRequestBase(bArr, bArr2, 257, new SecretKeySpec(this.aesKey, "AES"), this.iv1);
            return bArr2;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    protected void finalize() throws Throwable {
        cleanup();
        super.finalize();
    }

    @Override // lib.core.crypto.IFalconEncryptionHandler
    public InputStream openInputStream(File file) throws IOException {
        return new PreAuthenticationDecryptionStream(file);
    }

    @Override // lib.core.crypto.IFalconEncryptionHandler
    public InputStream openInputStream(byte[] bArr) throws IOException {
        return new PreAuthenticationDecryptionStream(bArr);
    }
}
