package com.agilebits.onepassword.b5.crypto;

import android.content.Context;
import android.os.Build;
import android.text.TextUtils;
import com.agilebits.onepassword.b5.collection.AccountsCollection;
import com.agilebits.onepassword.b5.dataobj.Account;
import com.agilebits.onepassword.b5.dataobj.AccountKey;
import com.agilebits.onepassword.b5.dataobj.Keyset;
import com.agilebits.onepassword.b5.srp.SRP6Util;
import com.agilebits.onepassword.b5.utils.AppInternalError;
import com.agilebits.onepassword.b5.utils.ProcessProgressIface;
import com.agilebits.onepassword.b5.utils.ValidatePwdResult;
import com.agilebits.onepassword.crypto.MyPBKDF2Engine;
import com.agilebits.onepassword.mgr.MyPreferencesMgr;
import com.agilebits.onepassword.support.Base64;
import com.agilebits.onepassword.support.LogUtils;
import com.agilebits.onepassword.support.Utils;
import com.agilebits.onepassword.wifi.encryption.EncryptionUtils;
import de.rtner.misc.BinTools;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.RandomAccessFile;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.spec.MGF1ParameterSpec;
import java.util.Arrays;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.ArrayUtils;
import org.jose4j.base64url.Base64Url;
import org.jose4j.jca.ProviderContext;
import org.jose4j.jwe.AesGcmContentEncryptionAlgorithm;
import org.jose4j.jwe.ContentEncryptionParts;
import org.jose4j.jwe.kdf.PasswordBasedKeyDerivationFunction2;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.OctetSequenceJsonWebKey;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jwx.HeaderParameterNames;
import org.jose4j.keys.AesKey;
import org.jose4j.lang.JoseException;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.slf4j.Marker;

/* loaded from: classes.dex */
public class B5CryptoUtils {
    public static final String ALG_PUBLIC_ENCR_CIPHER = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
    public static final int B5_IVEC_LENGTH = 12;
    static final String CTY = "b5+jwk+json";
    public static final String HMAC_MD5 = "HmacMD5";
    public static final String HMAC_SHA1 = "HmacSHA1";
    private static final String MAC_VER = "v1";
    private static final byte[] MAGIC_STRING_AS_BA = BinTools.hex2bin("4865206E657665722077656172732061204D61632C20696E2074686520706F7572696E67207261696E2E205665727920737472616E67652E");

    public static byte[] calculateAcctKeySha256(AccountKey accountKey) throws B5EncryptionException {
        try {
            return doHKDFSha256(accountKey.getKey().getBytes("UTF-8"), accountKey.getKeyVersion().getBytes("UTF-8"), accountKey.getKeyId().getBytes("UTF-8"));
        } catch (UnsupportedEncodingException e) {
            throw new B5EncryptionException("Error on calculateAcctKeySha256", Utils.getExceptionMsg(e));
        }
    }

    public static String calculateClientHash(String str, AccountKey accountKey) throws AppInternalError {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(accountKey.getKeyId().getBytes("UTF-8"));
            byte[] digest = messageDigest.digest();
            messageDigest.reset();
            messageDigest.update(str.getBytes("UTF-8"));
            byte[] digest2 = messageDigest.digest();
            byte[] bArr = new byte[digest.length + digest2.length];
            System.arraycopy(digest, 0, bArr, 0, digest.length);
            System.arraycopy(digest2, 0, bArr, digest.length, digest2.length);
            messageDigest.reset();
            messageDigest.update(bArr);
            return Base64.encodeBase64URLSafeString(messageDigest.digest());
        } catch (Exception e) {
            throw new AppInternalError("calculateClientHash:" + Utils.getExceptionMsg(e));
        }
    }

    public static String calculateMAC(String str, byte[] bArr, String str2, long j, String str3) throws AppInternalError {
        String lowerCase = str3.toLowerCase(Locale.US);
        if (lowerCase.startsWith("https://")) {
            lowerCase = lowerCase.replace("https://", "");
        }
        if (!lowerCase.contains("?")) {
            lowerCase = lowerCase + "?";
        }
        String str4 = str2 + "|" + str.toUpperCase(Locale.US) + "|" + lowerCase + "|" + MAC_VER + "|" + j;
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HmacSHA256");
            Mac mac = Mac.getInstance(secretKeySpec.getAlgorithm());
            mac.init(secretKeySpec);
            byte[] doFinal = mac.doFinal(MAGIC_STRING_AS_BA);
            mac.reset();
            mac.init(new SecretKeySpec(doFinal, "HmacSHA256"));
            return "v1|" + j + "|" + Base64.encodeBase64URLSafeString(Arrays.copyOfRange(mac.doFinal(str4.getBytes("UTF-8")), 0, 12));
        } catch (Exception e) {
            throw new AppInternalError("calculateMAC() reqId:" + j + " reqUrl:" + lowerCase + " sessionId:" + str2 + " [" + Utils.getExceptionMsg(e) + "]");
        }
    }

    public static String calculateServerHash(String str, String str2) throws AppInternalError {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(str.getBytes("UTF-8"));
            byte[] digest = messageDigest.digest();
            messageDigest.reset();
            messageDigest.update(str2.getBytes("UTF-8"));
            byte[] digest2 = messageDigest.digest();
            byte[] bArr = new byte[digest.length + digest2.length];
            System.arraycopy(digest, 0, bArr, 0, digest.length);
            System.arraycopy(digest2, 0, bArr, digest.length, digest2.length);
            messageDigest.reset();
            messageDigest.update(bArr);
            return Base64.encodeBase64URLSafeString(messageDigest.digest());
        } catch (Exception e) {
            throw new AppInternalError("calculateServerHash:" + Utils.getExceptionMsg(e));
        }
    }

    private static byte[] decryptAes256Gcm(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws JoseException {
        BinTools.bin2hex(bArr3);
        ProviderContext providerContext = new ProviderContext();
        providerContext.getSuppliedKeyProviderContext().setSignatureProvider("BC");
        return new AesGcmContentEncryptionAlgorithm.Aes256Gcm().decrypt(new ContentEncryptionParts(bArr4, bArr, bArr2), null, bArr3, null, providerContext);
    }

    public static String decryptItemEncrData(byte[] bArr, JSONObject jSONObject) throws B5EncryptionException {
        try {
            return decryptWithSymmetricKey(bArr, Base64Url.decode(jSONObject.getString("data")), Base64Url.decode(jSONObject.getString(HeaderParameterNames.INITIALIZATION_VECTOR)));
        } catch (Exception e) {
            throw new B5EncryptionException("Error on decryptItemEncrData", "ERROR decryptItemEncrData:" + Utils.getExceptionMsg(e));
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x0054  */
    /* JADX WARN: Removed duplicated region for block: B:14:0x005f  */
    /* JADX WARN: Removed duplicated region for block: B:18:0x0091  */
    /* JADX WARN: Removed duplicated region for block: B:20:0x00bd A[Catch: UnsupportedEncodingException | JoseException | JSONException -> 0x00f4, TryCatch #0 {UnsupportedEncodingException | JoseException | JSONException -> 0x00f4, blocks: (B:2:0x0000, B:6:0x0041, B:9:0x004c, B:12:0x0057, B:16:0x0089, B:20:0x00bd, B:21:0x00c4, B:23:0x00c5, B:25:0x0094, B:27:0x00a2, B:29:0x0063, B:31:0x0071, B:32:0x0014, B:34:0x0020), top: B:1:0x0000 }] */
    /* JADX WARN: Removed duplicated region for block: B:23:0x00c5 A[Catch: UnsupportedEncodingException | JoseException | JSONException -> 0x00f4, TRY_LEAVE, TryCatch #0 {UnsupportedEncodingException | JoseException | JSONException -> 0x00f4, blocks: (B:2:0x0000, B:6:0x0041, B:9:0x004c, B:12:0x0057, B:16:0x0089, B:20:0x00bd, B:21:0x00c4, B:23:0x00c5, B:25:0x0094, B:27:0x00a2, B:29:0x0063, B:31:0x0071, B:32:0x0014, B:34:0x0020), top: B:1:0x0000 }] */
    /* JADX WARN: Removed duplicated region for block: B:25:0x0094 A[Catch: UnsupportedEncodingException | JoseException | JSONException -> 0x00f4, TryCatch #0 {UnsupportedEncodingException | JoseException | JSONException -> 0x00f4, blocks: (B:2:0x0000, B:6:0x0041, B:9:0x004c, B:12:0x0057, B:16:0x0089, B:20:0x00bd, B:21:0x00c4, B:23:0x00c5, B:25:0x0094, B:27:0x00a2, B:29:0x0063, B:31:0x0071, B:32:0x0014, B:34:0x0020), top: B:1:0x0000 }] */
    /* JADX WARN: Removed duplicated region for block: B:29:0x0063 A[Catch: UnsupportedEncodingException | JoseException | JSONException -> 0x00f4, TryCatch #0 {UnsupportedEncodingException | JoseException | JSONException -> 0x00f4, blocks: (B:2:0x0000, B:6:0x0041, B:9:0x004c, B:12:0x0057, B:16:0x0089, B:20:0x00bd, B:21:0x00c4, B:23:0x00c5, B:25:0x0094, B:27:0x00a2, B:29:0x0063, B:31:0x0071, B:32:0x0014, B:34:0x0020), top: B:1:0x0000 }] */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0049  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.lang.String decryptTraffic(java.lang.String r5, java.lang.String r6, byte[] r7) throws com.agilebits.onepassword.b5.crypto.B5EncryptionException {
        /*
            Method dump skipped, instructions count: 257
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.agilebits.onepassword.b5.crypto.B5CryptoUtils.decryptTraffic(java.lang.String, java.lang.String, byte[]):java.lang.String");
    }

    public static String decryptWithPublicKey(PublicJsonWebKey publicJsonWebKey, byte[] bArr) throws B5EncryptionException {
        MGF1ParameterSpec mGF1ParameterSpec;
        try {
            Cipher cipher = Cipher.getInstance(ALG_PUBLIC_ENCR_CIPHER);
            String algorithm = publicJsonWebKey.getAlgorithm();
            if (TextUtils.isEmpty(algorithm)) {
                throw new Exception("alg not provided in private key");
            }
            if (algorithm.equalsIgnoreCase("RSA-OAEP-256")) {
                mGF1ParameterSpec = MGF1ParameterSpec.SHA256;
            } else {
                if (!algorithm.equalsIgnoreCase("RSA-OAEP")) {
                    throw new Exception("unknown public key algorithm:" + algorithm + " in" + publicJsonWebKey.getAlgorithm());
                }
                mGF1ParameterSpec = MGF1ParameterSpec.SHA1;
            }
            cipher.init(2, publicJsonWebKey.getPrivateKey(), new OAEPParameterSpec(mGF1ParameterSpec.getDigestAlgorithm(), "MGF1", mGF1ParameterSpec, PSource.PSpecified.DEFAULT));
            return new String(cipher.doFinal(bArr), "UTF-8");
        } catch (Exception e) {
            throw new B5EncryptionException("ERROR decryptWithPublicKey", "ERROR decryptWithPublicKey:" + Utils.getExceptionMsg(e));
        }
    }

    public static String decryptWithSymmetricKey(byte[] bArr, byte[] bArr2, byte[] bArr3) throws B5EncryptionException {
        try {
            return new String(decryptWithSymmetricKeyToBa(bArr, bArr2, bArr3), "UTF-8");
        } catch (Exception e) {
            throw new B5EncryptionException("Error on decryptWithSymmetricKey", "ERROR decryptWithSymmetricKey:" + Utils.getExceptionMsg(e));
        }
    }

    public static byte[] decryptWithSymmetricKeyToBa(byte[] bArr, byte[] bArr2, byte[] bArr3) throws B5EncryptionException {
        try {
            return decryptAes256Gcm(Arrays.copyOfRange(bArr2, 0, bArr2.length - 16), Arrays.copyOfRange(bArr2, bArr2.length - 16, bArr2.length), bArr, bArr3);
        } catch (Exception e) {
            throw new B5EncryptionException("Error on decryptWithSymmetricKey", "ERROR decryptWithSymmetricKey:" + Utils.getExceptionMsg(e));
        }
    }

    public static byte[] deriveUsingPBES2_HS256WithEnc(String str, String str2, byte[] bArr, int i, AccountKey accountKey) throws B5EncryptionException {
        try {
            byte[] derive = new PasswordBasedKeyDerivationFunction2("HmacSHA256").derive((str.toLowerCase(Locale.US) + ":" + str2).getBytes("UTF-8"), bArr, i, 32);
            byte[] calculateAcctKeySha256 = calculateAcctKeySha256(accountKey);
            byte[] bArr2 = new byte[32];
            for (int i2 = 0; i2 < bArr2.length; i2++) {
                bArr2[i2] = (byte) (calculateAcctKeySha256[i2] ^ derive[i2]);
            }
            return bArr2;
        } catch (Exception e) {
            throw new B5EncryptionException(" Error in getUserEncryptionKey", Utils.getExceptionMsg(e));
        }
    }

    public static byte[] deriveUsingPBES2g_HS256WithEnc(String str, String str2, byte[] bArr, int i, AccountKey accountKey) throws B5EncryptionException {
        try {
            byte[] derive = new PasswordBasedKeyDerivationFunction2("HmacSHA256").derive(str2.getBytes("UTF-8"), doHKDFSha256(bArr, SupportedAlgorithms.ALG_PBKDF2.getBytes("UTF-8"), str.toLowerCase(Locale.US).getBytes("UTF-8")), i, 32);
            byte[] calculateAcctKeySha256 = calculateAcctKeySha256(accountKey);
            byte[] bArr2 = new byte[32];
            for (int i2 = 0; i2 < bArr2.length; i2++) {
                bArr2[i2] = (byte) (calculateAcctKeySha256[i2] ^ derive[i2]);
            }
            return bArr2;
        } catch (Exception e) {
            throw new B5EncryptionException(" Error in getUserEncryptionKey", Utils.getExceptionMsg(e));
        }
    }

    public static byte[] doHKDFSha256(byte[] bArr, byte[] bArr2, byte[] bArr3) throws B5EncryptionException {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr3, "HmacSHA256");
            Mac mac = Mac.getInstance(secretKeySpec.getAlgorithm());
            mac.init(secretKeySpec);
            byte[] doFinal = mac.doFinal(bArr);
            mac.reset();
            mac.init(new SecretKeySpec(doFinal, "HmacSHA256"));
            mac.update(bArr2, 0, bArr2.length);
            return mac.doFinal(new byte[]{1});
        } catch (Exception e) {
            throw new B5EncryptionException("ERROR calculateAcctKeySha256", "ERROR calculateAcctKeySha256:" + Utils.getExceptionMsg(e));
        }
    }

    public static void encrFileToDecrFile(byte[] bArr, byte[] bArr2, String str, String str2, long j, ProcessProgressIface processProgressIface) throws AppInternalError {
        byte[] bArr3;
        try {
            RandomAccessFile randomAccessFile = new RandomAccessFile(new File(str), RsaJsonWebKey.PRIME_FACTOR_OTHER_MEMBER_NAME);
            File file = new File(str2);
            File file2 = new File(file.getParent());
            if (!file2.exists()) {
                file2.mkdirs();
            }
            RandomAccessFile randomAccessFile2 = new RandomAccessFile(file, "rw");
            Cipher cipherForDecryptMode = getCipherForDecryptMode(bArr, bArr2);
            int i = 16384;
            byte[] bArr4 = new byte[16384];
            byte[] bArr5 = new byte[16384];
            long j2 = 0;
            int i2 = 0;
            String str3 = "encrFileToDecrFile()";
            int i3 = 0;
            while (true) {
                long j3 = i3;
                if (j3 >= randomAccessFile.length()) {
                    break;
                }
                randomAccessFile.read(bArr4);
                int update = cipherForDecryptMode.update(bArr4, 0, Math.min(i, (int) (randomAccessFile.length() - j3)), bArr5);
                if (update > 0) {
                    bArr3 = bArr4;
                    j2 += update;
                    randomAccessFile2.write(Arrays.copyOfRange(bArr5, 0, update));
                } else {
                    bArr3 = bArr4;
                }
                long j4 = j2;
                int percentCompleted = getPercentCompleted(j4, j);
                if (j >= 1048576 && percentCompleted > i2) {
                    if (processProgressIface != null) {
                        processProgressIface.onProgressUpdate(percentCompleted);
                    }
                    str3 = str3 + "\nProcessed " + percentCompleted + "%";
                    i2 = percentCompleted;
                }
                i3 += 16384;
                j2 = j4;
                bArr4 = bArr3;
                i = 16384;
            }
            String str4 = str3 + "\nValidating tag...";
            byte[] doFinal = cipherForDecryptMode.doFinal();
            int length = doFinal != null ? doFinal.length : 0;
            randomAccessFile2.write(Arrays.copyOfRange(doFinal, 0, length));
            randomAccessFile2.close();
            StringBuilder sb = new StringBuilder();
            sb.append(str4 + "\nValidated: have " + length + " extra bytes in the buffer");
            sb.append("\nFinal check=> processed/expected:");
            long j5 = length + j2;
            sb.append(j5);
            sb.append("/");
            sb.append(j);
            String sb2 = sb.toString();
            if (j5 == j) {
                LogUtils.logB5DocMsg(sb2 + "Done");
                return;
            }
            throw new AppInternalError("Error decrypting file: expected:" + j + " processed:" + j2 + Marker.ANY_NON_NULL_MARKER + length);
        } catch (Exception e) {
            LogUtils.logB5DocMsg("encrFileToDecrFile:" + Utils.getExceptionMsg(e));
            throw new AppInternalError("encrFileToDecrFile:" + Utils.getExceptionMsg(e));
        }
    }

    public static void encrFileToDecrFile_NO_RANDOM_ACCESS_FILE(byte[] bArr, byte[] bArr2, String str, String str2, long j) throws AppInternalError {
        long j2;
        String str3;
        String str4 = "encrFileToDecrFile_NO_RANDOM_ACCESS_FILE()";
        try {
            File file = new File(str);
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(new File(str2)));
            long length = file.length();
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(new File(str)));
            Cipher cipherForDecryptMode = getCipherForDecryptMode(bArr, bArr2);
            byte[] bArr3 = new byte[16384];
            byte[] bArr4 = new byte[16384];
            long j3 = 0;
            long j4 = 0;
            while (true) {
                int read = bufferedInputStream.read(bArr3);
                BufferedInputStream bufferedInputStream2 = bufferedInputStream;
                if (read == -1) {
                    break;
                }
                j3 += read;
                int min = Math.min(16384, (int) (length - j3));
                String str5 = str4 + "\nread:" + bArr3.length + " total read:" + j3 + " current chunk size:" + min + "  encrFile size:" + length + " count:" + read;
                if (min == 0) {
                    bArr3 = Arrays.copyOf(bArr3, min > 0 ? min : read);
                }
                int update = cipherForDecryptMode.update(bArr3, 0, bArr3.length, bArr4);
                if (update > 0) {
                    j2 = length;
                    j4 += update;
                    str3 = str5 + "\ndecrypted:" + update + " decryptedTotal:" + j4 + " encr chunk size:" + min;
                    bufferedOutputStream.write(Arrays.copyOfRange(bArr4, 0, update));
                } else {
                    j2 = length;
                    str3 = str5 + "\nDecr bytes per batch " + read + " is null";
                }
                str4 = str3;
                bufferedInputStream = bufferedInputStream2;
                length = j2;
            }
            String str6 = str4 + "\nValidating tag... block size:" + cipherForDecryptMode.getBlockSize();
            byte[] doFinal = cipherForDecryptMode.doFinal();
            int length2 = doFinal != null ? doFinal.length : 0;
            bufferedOutputStream.write(Arrays.copyOfRange(doFinal, 0, length2));
            bufferedOutputStream.close();
            StringBuilder sb = new StringBuilder();
            sb.append(str6 + "\nValidated: have " + length2 + " extra bytes in the buffer");
            sb.append("\nFinal check=> processed:");
            long j5 = length2 + j4;
            sb.append(j5);
            sb.append(" expected:");
            sb.append(j);
            String sb2 = sb.toString();
            if (j5 == j) {
                LogUtils.logB5DocMsg(sb2 + "Done");
                return;
            }
            throw new AppInternalError("Error decrypting file: expected:" + j + " processed:" + j4 + Marker.ANY_NON_NULL_MARKER + length2);
        } catch (Exception e) {
            LogUtils.logB5DocMsg("encrFileToDecrFile:" + Utils.getExceptionMsg(e));
            throw new AppInternalError("encrFileToDecrFile:" + Utils.getExceptionMsg(e));
        }
    }

    public static byte[] encrIstreamToDecrFile(InputStream inputStream, byte[] bArr, byte[] bArr2, String str, String str2, long j, long j2, ProcessProgressIface processProgressIface) throws AppInternalError {
        long j3;
        RandomAccessFile randomAccessFile;
        long j4;
        int i;
        ProcessProgressIface processProgressIface2;
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            File file = new File(str);
            if (!file.exists()) {
                file.getParentFile().mkdirs();
                file.createNewFile();
            }
            File file2 = new File(str2);
            if (!file2.exists()) {
                file2.createNewFile();
            }
            RandomAccessFile randomAccessFile2 = new RandomAccessFile(file, "rw");
            RandomAccessFile randomAccessFile3 = new RandomAccessFile(file2, "rw");
            Cipher cipherForDecryptMode = getCipherForDecryptMode(bArr, bArr2);
            byte[] bArr3 = new byte[16384];
            byte[] bArr4 = new byte[16384];
            String str3 = "encrIstreamToDecrFile()\nprocessing encr file len:" + j2 + " expecting decrypted size:" + j;
            BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream, 16384);
            int i2 = 0;
            int i3 = 0;
            long j5 = 0;
            long j6 = 0;
            int i4 = 0;
            while (true) {
                int read = bufferedInputStream.read(bArr4, i2, bArr4.length);
                if (read <= 0) {
                    break;
                }
                long j7 = j5 + read;
                StringBuilder sb = new StringBuilder();
                sb.append(str3);
                sb.append("batch:");
                i4++;
                sb.append(i4);
                sb.append(" read:");
                sb.append(read);
                sb.append(" total read:");
                sb.append(j7);
                String sb2 = sb.toString();
                messageDigest.update(bArr4, 0, read);
                randomAccessFile2.write(bArr4, 0, read);
                bArr3 = bArr3;
                int update = cipherForDecryptMode.update(bArr4, 0, read, bArr3);
                if (update > 0) {
                    j3 = j7;
                    randomAccessFile = randomAccessFile2;
                    j4 = update + j6;
                    str3 = sb2 + " decrypted:" + update + " decryptedTotal:" + j4;
                    randomAccessFile3.write(bArr3, 0, update);
                } else {
                    j3 = j7;
                    randomAccessFile = randomAccessFile2;
                    str3 = sb2 + " Decr bytes per batch " + i4 + " is null";
                    j4 = j6;
                }
                int percentCompleted = getPercentCompleted(j4, j);
                if (j >= 1048576) {
                    i = i3;
                    if (percentCompleted > i) {
                        processProgressIface2 = processProgressIface;
                        if (processProgressIface2 != null) {
                            processProgressIface2.onProgressUpdate(percentCompleted);
                        }
                        str3 = str3 + "\nProcessed " + percentCompleted + "%";
                        i3 = percentCompleted;
                        j6 = j4;
                        j5 = j3;
                        randomAccessFile2 = randomAccessFile;
                        i2 = 0;
                    }
                } else {
                    i = i3;
                }
                processProgressIface2 = processProgressIface;
                i3 = i;
                j6 = j4;
                j5 = j3;
                randomAccessFile2 = randomAccessFile;
                i2 = 0;
            }
            long j8 = j5;
            long j9 = j6;
            String str4 = str3 + "\nValidating tag...";
            byte[] doFinal = cipherForDecryptMode.doFinal();
            int length = doFinal != null ? doFinal.length : 0;
            randomAccessFile3.write(doFinal, 0, length);
            StringBuilder sb3 = new StringBuilder();
            sb3.append(str4 + "\nValidated: have " + length + " extra bytes in the buffer");
            sb3.append("\nFinal check actual/expected =>read:");
            sb3.append(j8);
            sb3.append("/");
            sb3.append(j2);
            sb3.append(" processed:");
            long j10 = length + j9;
            sb3.append(j10);
            sb3.append("/");
            sb3.append(j);
            String sb4 = sb3.toString();
            if (j8 != j2) {
                throw new AppInternalError("Error saving encrypted file expected:" + j2 + " read:" + j8);
            }
            if (j10 == j) {
                LogUtils.logB5DocMsg(sb4 + "Done");
                return messageDigest.digest();
            }
            throw new AppInternalError("Error decrypting file: expected:" + j + " processed:" + j9 + Marker.ANY_NON_NULL_MARKER + length);
        } catch (Exception e) {
            LogUtils.logB5DocMsg("encrFileToDecrFile:" + Utils.getExceptionMsg(e));
            throw new AppInternalError("encrFileToDecrFile:" + Utils.getExceptionMsg(e));
        }
    }

    public static String encryptAes256Gcm(String str, byte[] bArr, String str2) throws B5EncryptionException {
        try {
            byte[] generateRandomIvec = generateRandomIvec();
            ContentEncryptionParts encrypt = new AesGcmContentEncryptionAlgorithm.Aes256Gcm().encrypt(str.getBytes("UTF-8"), null, bArr, generateRandomIvec, null);
            String encode = Base64Url.encode(ArrayUtils.addAll(encrypt.getCiphertext(), encrypt.getAuthenticationTag()));
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("data", encode);
            jSONObject.put(HeaderParameterNames.CONTENT_TYPE, CTY);
            jSONObject.put("enc", "A256GCM");
            jSONObject.put(HeaderParameterNames.INITIALIZATION_VECTOR, Base64Url.encode(generateRandomIvec));
            jSONObject.put("kid", str2);
            return jSONObject.toString();
        } catch (UnsupportedEncodingException | NoSuchAlgorithmException | JoseException | JSONException e) {
            throw new B5EncryptionException("ERROR encryptTraffic", Utils.getExceptionMsg(e));
        }
    }

    public static String encryptTraffic(String str, String str2, byte[] bArr) throws B5EncryptionException {
        return encryptAes256Gcm(str, bArr, str2);
    }

    public static void ensureAlgCompatibility(JsonWebKey jsonWebKey, JSONObject jSONObject) throws B5EncryptionException {
        if (!jSONObject.has("enc")) {
            throw new B5EncryptionException("ERROR decrypting keysets", "ERROR agorithm enc algorithm not provided for privateKey ");
        }
        String optString = jSONObject.optString("enc");
        if (jsonWebKey.getAlgorithm().equalsIgnoreCase(optString)) {
            return;
        }
        throw new B5EncryptionException("ERROR decrypting keysets", "ERROR agorithm mismatch on decrypting Private key expected: " + optString + " got:" + jsonWebKey.getAlgorithm());
    }

    public static JsonWebKey generateA256GCMKey() throws JoseException {
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("alg", "A256GCM");
            jSONObject.put("ext", true);
            jSONObject.put(JsonWebKey.KEY_TYPE_PARAMETER, OctetSequenceJsonWebKey.KEY_TYPE);
            JSONArray jSONArray = new JSONArray();
            jSONArray.put("encrypt");
            jSONArray.put("decrypt");
            jSONObject.put(JsonWebKey.KEY_OPERATIONS, jSONArray);
            jSONObject.put("kid", Utils.getShortUuid());
            jSONObject.put(OctetSequenceJsonWebKey.KEY_VALUE_MEMBER_NAME, Base64.encodeBase64String(MyPBKDF2Engine.getGeneratedKey(32)));
            return newSymmKey(jSONObject.toString());
        } catch (Exception unused) {
            return null;
        }
    }

    public static byte[] generateRandomIvec() throws NoSuchAlgorithmException {
        return EncryptionUtils.generateRandomBytes(12);
    }

    private static Cipher getCipherForDecryptMode(byte[] bArr, byte[] bArr2) throws NoSuchProviderException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchPaddingException {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, new SecretKeySpec(bArr, AesKey.ALGORITHM), new IvParameterSpec(bArr2));
        return cipher;
    }

    private static Cipher getCipherForEncryptMode(byte[] bArr, byte[] bArr2) throws NoSuchProviderException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchPaddingException {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, new SecretKeySpec(bArr, AesKey.ALGORITHM), new IvParameterSpec(bArr2));
        return cipher;
    }

    public static String getFileSignature(byte[] bArr, String str) throws AppInternalError {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HmacSHA256");
            Mac mac = Mac.getInstance(secretKeySpec.getAlgorithm());
            mac.init(secretKeySpec);
            return Base64.encodeBase64URLSafeString(mac.doFinal(str.getBytes("UTF-8")));
        } catch (Exception e) {
            throw new AppInternalError("getFileSignature(): signingKey: [" + Utils.getExceptionMsg(e) + "]");
        }
    }

    public static int getPercentCompleted(long j, long j2) {
        return (((int) ((100 * j) / j2)) / 10) * 10;
    }

    public static PublicJsonWebKey getPrivateKey(byte[] bArr, byte[] bArr2, byte[] bArr3) throws B5EncryptionException {
        try {
            return PublicJsonWebKey.Factory.newPublicJwk(new String(decryptAes256Gcm(Arrays.copyOfRange(bArr, 0, bArr.length - 16), Arrays.copyOfRange(bArr, bArr.length - 16, bArr.length), bArr2, bArr3), "UTF-8"));
        } catch (Exception e) {
            throw new B5EncryptionException("ERROR on getJsonWebKey", "ERROR getJsonWebKey:" + Utils.getExceptionMsg(e));
        }
    }

    public static JsonWebKey getSymmetricKey(PublicJsonWebKey publicJsonWebKey, byte[] bArr) throws B5EncryptionException {
        try {
            return newSymmKey(decryptWithPublicKey(publicJsonWebKey, bArr));
        } catch (JoseException e) {
            String str = "Error on getSymmetricKey:" + Utils.getExceptionMsg(e);
            throw new B5EncryptionException(str, str);
        }
    }

    public static JsonWebKey getSymmetricKey(byte[] bArr, byte[] bArr2, byte[] bArr3) throws B5EncryptionException {
        try {
            return newSymmKey(decryptWithSymmetricKey(bArr, bArr2, bArr3));
        } catch (JoseException e) {
            String str = "Error on getSymmetricKey:" + Utils.getExceptionMsg(e);
            throw new B5EncryptionException(str, str);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:34:0x022d  */
    /* JADX WARN: Removed duplicated region for block: B:37:0x0230  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.agilebits.onepassword.b5.document.EncryptedFileData istreamToEncrFile(java.io.InputStream r34, byte[] r35, byte[] r36, java.lang.String r37, com.agilebits.onepassword.b5.utils.ProcessProgressIface r38) throws com.agilebits.onepassword.b5.utils.AppInternalError {
        /*
            Method dump skipped, instructions count: 570
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.agilebits.onepassword.b5.crypto.B5CryptoUtils.istreamToEncrFile(java.io.InputStream, byte[], byte[], java.lang.String, com.agilebits.onepassword.b5.utils.ProcessProgressIface):com.agilebits.onepassword.b5.document.EncryptedFileData");
    }

    public static JsonWebKey newSymmKey(String str) throws JoseException {
        return JsonWebKey.Factory.newJwk(str);
    }

    public static boolean useModernKeyDerivation(String str) throws AppInternalError {
        if (TextUtils.isEmpty(str)) {
            throw new AppInternalError("useModernKeyDerivation : pbkdf2Algorithm is null");
        }
        if (str.equalsIgnoreCase(SupportedAlgorithms.ALG_PBKDF2)) {
            return true;
        }
        if (str.equalsIgnoreCase(SupportedAlgorithms.ALG_PBKDF2_LEGACY)) {
            return false;
        }
        throw new AppInternalError("useModernKeyDerivation : Invalid alg (" + str + ")");
    }

    public static ValidatePwdResult validatePwd(Context context, Keyset keyset, String str, String str2, AccountKey accountKey, boolean z) throws B5EncryptionException, AppInternalError {
        byte[] bArr;
        String str3;
        boolean z2 = false;
        boolean z3 = !z && MyPreferencesMgr.isB5OnlyMode(context);
        String str4 = null;
        if (TextUtils.isEmpty(str)) {
            str4 = "ValidatePwd: master pwd isn't provided";
        } else if (TextUtils.isEmpty(str2)) {
            str4 = "ValidatePwd: userEmail isn't provided";
        } else if (accountKey == null) {
            str4 = "ValidatePwd: accountKey isn't provided";
        }
        if (!TextUtils.isEmpty(str4)) {
            throw new AppInternalError(str4);
        }
        if (z3 && AccountsCollection.hasAccounts()) {
            Account account = AccountsCollection.getAccounts().get(0);
            if (accountKey.equals(account.getAccountKey()) && str2.equals(account.mEmail)) {
                z2 = true;
            }
        } else {
            z2 = z3;
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Validating password=> unlocking:");
        sb.append(z ? "T" : "F");
        String sb2 = sb.toString();
        try {
            JSONObject jSONObject = new JSONObject(keyset.mSymKeyEncr);
            if (z) {
                String symmKeyB5OnlyMode = MyPreferencesMgr.getSymmKeyB5OnlyMode(context);
                if (TextUtils.isEmpty(symmKeyB5OnlyMode)) {
                    sb2 = sb2 + "\nUsing master keyset.";
                    z2 = true;
                } else {
                    JSONObject jSONObject2 = new JSONObject(symmKeyB5OnlyMode);
                    if (!jSONObject2.has("acctKey")) {
                        throw new AppInternalError("stored json does not have acctKey");
                    }
                    if (!new AccountKey(jSONObject2.getString("acctKey")).equals(accountKey)) {
                        throw new AppInternalError("stored json accountKey is different from accountKey");
                    }
                    if (!jSONObject2.has("symmKeyEncr")) {
                        throw new AppInternalError("stored json does not have symmKey");
                    }
                    jSONObject = new JSONObject(jSONObject2.getString("symmKeyEncr"));
                    sb2 = sb2 + "\nUsing stored symm key.";
                }
            }
            String optString = jSONObject.optString("alg");
            byte[] decode = Base64Url.decode(jSONObject.getString(HeaderParameterNames.PBES2_SALT_INPUT));
            int i = jSONObject.getInt(HeaderParameterNames.PBES2_ITERATION_COUNT);
            byte[] decode2 = Base64Url.decode(jSONObject.getString("data"));
            byte[] decode3 = Base64Url.decode(jSONObject.getString(HeaderParameterNames.INITIALIZATION_VECTOR));
            long currentTimeMillis = System.currentTimeMillis();
            byte[] deriveUsingPBES2g_HS256WithEnc = useModernKeyDerivation(optString) ? deriveUsingPBES2g_HS256WithEnc(str2, str, decode, i, accountKey) : deriveUsingPBES2_HS256WithEnc(str2, SRP6Util.prehashPassword(str), decode, i, accountKey);
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            String str5 = sb2 + "\nDerivedUserKey:" + deriveUsingPBES2g_HS256WithEnc.length + " bytes ...";
            JsonWebKey symmetricKey = getSymmetricKey(deriveUsingPBES2g_HS256WithEnc, decode2, decode3);
            String str6 = str5 + "\nPwd validated. Got symmKey : " + symmetricKey.getKeyId() + " " + symmetricKey.getKey().getEncoded().length + " bytes. Iterations:" + (i / 1000) + "K.";
            if (z2) {
                int i2 = currentTimeMillis2 > 1000 ? (int) ((i * 1000.0f) / ((float) currentTimeMillis2)) : i;
                if (i2 < 25000) {
                    i2 = 25000;
                }
                String str7 = str6 + "\nSet Iterations:" + i2 + " for device:" + Build.MODEL + " (" + Build.PRODUCT + ")";
                if (i2 >= i) {
                    str3 = str7 + "\nStoring mp keyset with " + (i / 1000) + "K iterations...";
                    bArr = deriveUsingPBES2g_HS256WithEnc;
                } else {
                    String str8 = str7 + "\nRe-encrypting mp keyset with " + (i2 / 1000) + "K iterations...";
                    byte[] generateRandomBytes = EncryptionUtils.generateRandomBytes(decode.length);
                    bArr = deriveUsingPBES2g_HS256WithEnc;
                    ContentEncryptionParts encrypt = new AesGcmContentEncryptionAlgorithm.Aes256Gcm().encrypt(symmetricKey.toJson().getBytes("UTF-8"), null, useModernKeyDerivation(optString) ? deriveUsingPBES2g_HS256WithEnc(str2, str, generateRandomBytes, i2, accountKey) : deriveUsingPBES2_HS256WithEnc(str2, SRP6Util.prehashPassword(str), generateRandomBytes, i2, accountKey), decode3, null);
                    jSONObject.put(HeaderParameterNames.PBES2_SALT_INPUT, Base64Url.encode(generateRandomBytes));
                    jSONObject.put(HeaderParameterNames.PBES2_ITERATION_COUNT, i2);
                    jSONObject.put("data", Base64Url.encode(ArrayUtils.addAll(encrypt.getCiphertext(), encrypt.getAuthenticationTag())));
                    str3 = str8;
                }
                MyPreferencesMgr.setSymmKeyB5OnlyMode(context, new JSONObject().put("acctKey", accountKey.getKeyFull()).put("symmKeyEncr", jSONObject).toString());
                str6 = (str3 + " Storing...") + "\nDone.";
            } else {
                bArr = deriveUsingPBES2g_HS256WithEnc;
            }
            return new ValidatePwdResult(symmetricKey, bArr, str6);
        } catch (UnsupportedEncodingException | NoSuchAlgorithmException | JoseException | JSONException e) {
            throw new AppInternalError("validatePwd:" + Utils.getExceptionMsg(e));
        }
    }
}
