package com.avast.android.ffl.v2;

import com.avast.android.ffl.AbstractFFLClient;
import com.avast.android.ffl.EncryptionException;
import com.avast.android.ffl.Hex;
import com.avast.android.ffl.KeyExpiredException;
import com.avast.android.ffl.LoggingProvider;
import com.avast.android.ffl.NonFFLResponseException;
import com.avast.android.ffl.RegistrationException;
import com.avast.crypto.FFLSpec;
import com.avast.crypto.KeyUtilityException;
import com.avast.crypto.PayloadException;
import com.avast.crypto.SymKeyUtility;
import com.avast.ffl.auth.proto.AuthProto;
import com.google.protobuf.ByteString;
import com.google.protobuf.InvalidProtocolBufferException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Locale;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.commons.codec.binary.Base64;
import org.jsoup.helper.HttpConnection;
import retrofit.client.Client;
import retrofit.client.Header;
import retrofit.client.Request;
import retrofit.client.Response;
import retrofit.mime.TypedInput;
import retrofit.mime.TypedOutput;

/* loaded from: classes.dex */
public class FFLV2ClientImpl extends AbstractFFLClient implements FFLV2Client {
    private final AuthStorage d;
    private final AtomicReference<AuthClock> e;
    private final AuthProto.Identity f;
    private final boolean g;

    public FFLV2ClientImpl(Client client, LoggingProvider loggingProvider, AuthStorage authStorage, AuthProto.Identity identity, String str) {
        this(client, loggingProvider, authStorage, identity, str, false);
    }

    public FFLV2ClientImpl(Client client, LoggingProvider loggingProvider, AuthStorage authStorage, AuthProto.Identity identity, String str, boolean z) {
        super(client, loggingProvider, str);
        this.e = new AtomicReference<>();
        this.d = authStorage;
        this.f = identity;
        this.g = z;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private ClientKey a(ClientIdentity clientIdentity, ClientKey clientKey) throws IOException {
        final byte[] byteArray = AuthProto.FFLAuthGenerateKeyRequest.j().a(clientIdentity.a()).a(clientIdentity.b()).a(clientKey.c()).a(this.f).build().toByteArray();
        Response execute = this.b.execute(new Request("POST", h(), null, new TypedOutput() { // from class: com.avast.android.ffl.v2.FFLV2ClientImpl.4
            /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
            @Override // retrofit.mime.TypedOutput
            public String fileName() {
                return null;
            }

            /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
            @Override // retrofit.mime.TypedOutput
            public long length() {
                return byteArray.length;
            }

            /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
            @Override // retrofit.mime.TypedOutput
            public String mimeType() {
                return "application/octet-stream";
            }

            /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
            @Override // retrofit.mime.TypedOutput
            public void writeTo(OutputStream outputStream) throws IOException {
                outputStream.write(byteArray);
            }
        }));
        if (execute.getStatus() == 409) {
            throw new KeyVersionConflictException("Conflict when requesting new key with previous version: " + clientKey.c());
        }
        if (execute.getStatus() != 200) {
            throw new GenerateKeyException("Return code of AUTH service should be 200, is " + execute.getStatus());
        }
        try {
            AuthProto.FFLAuthGenerateKeyResponse parseFrom = AuthProto.FFLAuthGenerateKeyResponse.parseFrom(execute.getBody().in());
            Calendar calendar = Calendar.getInstance();
            calendar.setTimeInMillis(parseFrom.i());
            this.a.b("Received new AUTH key ID %s, version %s, expiration %s", Hex.a(parseFrom.c().d()), Long.valueOf(parseFrom.g()), new SimpleDateFormat("yyyy-MM-dd HH:mm:ss", Locale.US).format(calendar.getTime()));
            ClientKey clientKey2 = new ClientKey(parseFrom.c(), parseFrom.e(), parseFrom.g(), parseFrom.i());
            a(clientKey2);
            return clientKey2;
        } catch (InvalidProtocolBufferException e) {
            throw new GenerateKeyException("Could not parse generate key GPB response", e);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private String a(String str) throws UnsupportedEncodingException {
        return URLEncoder.encode(str, org.apache.commons.codec.binary.Hex.DEFAULT_CHARSET_NAME);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private String a(byte[] bArr) throws UnsupportedEncodingException {
        return a(new String(Base64.encodeBase64(bArr), org.apache.commons.codec.binary.Hex.DEFAULT_CHARSET_NAME));
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private Response a(Request request, ClientKey clientKey) throws IOException {
        try {
            return a(request, clientKey, j());
        } catch (InvalidRequestTimeException e) {
            this.a.b("Server rejected request due to invalid time. Updating offset to server time ($s)", Long.valueOf(e.a()));
            a(e.a());
            return a(request, clientKey, j());
        }
    }

    /* JADX WARN: Unreachable blocks removed: 9, instructions: 9 */
    private Response a(Request request, ClientKey clientKey, long j) throws IOException {
        byte[] bArr;
        try {
            final TypedOutput body = request.getBody();
            ArrayList arrayList = new ArrayList(request.getHeaders());
            String b = l().b();
            byte[] a = SymKeyUtility.a();
            byte[] a2 = SymKeyUtility.a(a, clientKey.b().d(), j, FFLSpec.V2.b());
            if (body != null) {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream((int) body.length());
                body.writeTo(byteArrayOutputStream);
                bArr = byteArrayOutputStream.toByteArray();
            } else {
                bArr = new byte[0];
            }
            final byte[] a3 = (bArr == null || bArr.length <= 0) ? new byte[0] : FFLSpec.V2.c().a(bArr, a);
            arrayList.add(new Header(HttpConnection.CONTENT_ENCODING, "x-ffl"));
            arrayList.add(new Header("X-AVAST-FFL-Version", "2"));
            arrayList.add(new Header("X-AVAST-FFL-Mode", "SFSR"));
            arrayList.add(new Header("X-AVAST-Request-Time", Long.toString(j)));
            arrayList.add(new Header("X-AVAST-Client-Id-0", a(b)));
            arrayList.add(new Header("X-AVAST-Key-Id-0", a(clientKey.a().d())));
            arrayList.add(new Header("X-AVAST-ETEK-0", a(a2)));
            Response execute = this.b.execute(new Request(request.getMethod(), request.getUrl(), arrayList, body != null ? new TypedOutput() { // from class: com.avast.android.ffl.v2.FFLV2ClientImpl.2
                /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
                @Override // retrofit.mime.TypedOutput
                public String fileName() {
                    return body.fileName();
                }

                /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
                @Override // retrofit.mime.TypedOutput
                public long length() {
                    return a3.length;
                }

                /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
                @Override // retrofit.mime.TypedOutput
                public String mimeType() {
                    return body.mimeType();
                }

                /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
                @Override // retrofit.mime.TypedOutput
                public void writeTo(OutputStream outputStream) throws IOException {
                    outputStream.write(a3);
                }
            } : null));
            final TypedInput body2 = execute.getBody();
            this.a.a("Received response with status " + execute.getStatus() + "(" + execute.getReason() + ") and payload size " + (body2 != null ? body2.length() : 0L), new Object[0]);
            if (execute.getStatus() == 442) {
                throw new KeyExpiredException("Status code 442 from server");
            }
            final byte[] b2 = body2 != null ? FFLSpec.V2.c().b(a(body2.in()), SymKeyUtility.b(a(execute), clientKey.b().d(), j, FFLSpec.V2.b())) : new byte[0];
            if (execute.getStatus() == 443) {
                throw new InvalidRequestTimeException(b(b2));
            }
            return new Response(execute.getUrl(), execute.getStatus(), execute.getReason(), execute.getHeaders(), new TypedInput() { // from class: com.avast.android.ffl.v2.FFLV2ClientImpl.3
                /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
                @Override // retrofit.mime.TypedInput
                public InputStream in() throws IOException {
                    return new ByteArrayInputStream(b2);
                }

                /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
                @Override // retrofit.mime.TypedInput
                public long length() {
                    return b2.length;
                }

                /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
                @Override // retrofit.mime.TypedInput
                public String mimeType() {
                    return body2 != null ? body2.mimeType() : "application/octet-stream";
                }
            });
        } catch (KeyUtilityException e) {
            e = e;
            throw new EncryptionException(e);
        } catch (PayloadException e2) {
            e = e2;
            throw new EncryptionException(e);
        } catch (InvalidKeyException e3) {
            e = e3;
            throw new EncryptionException(e);
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            throw new EncryptionException(e);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void a(long j) throws IOException {
        long a = DefaultClock.a(j);
        this.d.a(a);
        this.e.set(new DefaultClock(a));
    }

    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    private void a(ClientIdentity clientIdentity) throws IOException {
        ByteString i = i();
        AuthProto.FFLAuthRegistrationRequest.Builder a = AuthProto.FFLAuthRegistrationRequest.h().a(i).a(this.f);
        if (clientIdentity != null) {
            a.a(AuthProto.FFLAuthRegistrationRequest.Parent.f().a(clientIdentity.b()).a(clientIdentity.a()));
        }
        final byte[] byteArray = a.build().toByteArray();
        Response execute = this.b.execute(new Request("POST", g(), null, new TypedOutput() { // from class: com.avast.android.ffl.v2.FFLV2ClientImpl.1
            /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
            @Override // retrofit.mime.TypedOutput
            public String fileName() {
                return null;
            }

            /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
            @Override // retrofit.mime.TypedOutput
            public long length() {
                return byteArray.length;
            }

            /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
            @Override // retrofit.mime.TypedOutput
            public String mimeType() {
                return "application/octet-stream";
            }

            /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
            @Override // retrofit.mime.TypedOutput
            public void writeTo(OutputStream outputStream) throws IOException {
                outputStream.write(byteArray);
            }
        }));
        if (execute.getStatus() != 200) {
            throw new RegistrationException("Return code of AUTH service should be 200, is " + execute.getStatus());
        }
        try {
            AuthProto.FFLAuthRegistrationResponse parseFrom = AuthProto.FFLAuthRegistrationResponse.parseFrom(execute.getBody().in());
            Calendar calendar = Calendar.getInstance();
            calendar.setTimeInMillis(parseFrom.l());
            this.a.b("Registered as %s Client ID %s with CIGT %s", clientIdentity != null ? "app" : "root", parseFrom.c(), Hex.a(i.d()));
            this.a.b("Received new AUTH key ID %s, version %s, expiration %s", Hex.a(parseFrom.f().d()), Long.valueOf(parseFrom.j()), new SimpleDateFormat("yyyy-MM-dd HH:mm:ss", Locale.US).format(calendar.getTime()));
            ClientIdentity clientIdentity2 = new ClientIdentity(i, parseFrom.c());
            ClientKey clientKey = new ClientKey(parseFrom.f(), parseFrom.h(), parseFrom.j(), parseFrom.l());
            if (clientIdentity != null) {
                this.d.b(clientIdentity2, clientKey);
            } else {
                this.d.a(clientIdentity2, clientKey);
            }
        } catch (InvalidProtocolBufferException e) {
            throw new RegistrationException(e, "Could not parse registration GPB response");
        }
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private void a(ClientKey clientKey) throws IOException {
        if (this.g) {
            this.d.b(clientKey);
        } else {
            this.d.a(clientKey);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 5, instructions: 5 */
    private byte[] a(Response response) throws EncryptionException, UnsupportedEncodingException, NonFFLResponseException {
        String str;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        for (Header header : response.getHeaders()) {
            if ("X-AVAST-FFL-Version".equalsIgnoreCase(header.getName())) {
                str3 = header.getValue();
                str = str2;
            } else if ("X-AVAST-FFL-Mode".equalsIgnoreCase(header.getName())) {
                str = header.getValue();
            } else if ("X-AVAST-ETEK-0".equalsIgnoreCase(header.getName())) {
                str4 = header.getValue();
                str = str2;
            } else {
                str = str2;
            }
            str2 = str;
        }
        if (!"2".equals(str3)) {
            throw new NonFFLResponseException("Invalid FFL version in server response: " + str3, response);
        }
        if (!"SFSR".equals(str2)) {
            if (!"SFMR".equals(str2)) {
                throw new EncryptionException("Invalid FFL mode in server response: " + str2);
            }
            this.a.c("Ignoring all but the first recipient in SFMR mode", new Object[0]);
        }
        if (str4 == null) {
            throw new EncryptionException("Missing ETEK in server response");
        }
        return c(str4);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private long b(byte[] bArr) throws IOException {
        try {
            return Long.parseLong(new String(bArr, org.apache.commons.codec.binary.Hex.DEFAULT_CHARSET_NAME));
        } catch (NumberFormatException e) {
            throw new EncryptionException(e, "Cannot parse server time from respnse");
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private String b(String str) throws UnsupportedEncodingException {
        return URLDecoder.decode(str, org.apache.commons.codec.binary.Hex.DEFAULT_CHARSET_NAME);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private byte[] c(String str) throws UnsupportedEncodingException {
        return Base64.decodeBase64(b(str).getBytes(org.apache.commons.codec.binary.Hex.DEFAULT_CHARSET_NAME));
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private ByteString i() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return ByteString.a(bArr);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private long j() throws IOException {
        AuthClock authClock = this.e.get();
        if (authClock == null) {
            authClock = new DefaultClock(this.d.e());
            this.e.set(authClock);
        }
        return authClock.a();
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private ClientKey k() throws IOException {
        return this.g ? this.d.d() : this.d.c();
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private ClientIdentity l() throws IOException {
        return this.g ? this.d.a() : this.d.b();
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    @Override // com.avast.android.ffl.v2.FFLV2Client
    public boolean a() throws IOException {
        return this.d.a() != null;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.avast.android.ffl.v2.FFLV2Client
    public void b() throws IOException {
        a((ClientIdentity) null);
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    @Override // com.avast.android.ffl.v2.FFLV2Client
    public boolean c() throws IOException {
        return (this.d.b() == null || this.d.c() == null) ? false : true;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.avast.android.ffl.v2.FFLV2Client
    public void d() throws IOException {
        ClientIdentity a = this.d.a();
        if (a == null) {
            throw new IllegalStateException("Root client id must be registered before registering app client id.");
        }
        a(a);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.avast.android.ffl.v2.FFLV2Client
    public void e() throws IOException {
        ClientKey k = k();
        ClientIdentity l = l();
        if (k == null || l == null) {
            throw new IllegalStateException("App client is not registered with auth server");
        }
        a(new ClientKey(k.a(), k.b(), k.c() + 1, k.d()));
        a(l, k);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // retrofit.client.Client
    public Response execute(Request request) throws IOException, KeyExpiredException {
        ClientIdentity a = this.d.a();
        if (a == null) {
            throw new IllegalStateException("Root Client ID not registered");
        }
        ClientIdentity b = this.d.b();
        if (b == null) {
            throw new IllegalStateException("App Client ID not registered");
        }
        if (b.a(a)) {
            return a(request, k());
        }
        throw new AppClientIdMismatchException("App Client ID is not derived from root Client ID");
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    public FFLV2ClientImpl f() {
        return this.g ? this : new FFLV2ClientImpl(this.b, this.a, this.d, this.f, this.c, true);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    protected String g() {
        return "https://" + this.c + "/V2/REG";
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    protected String h() {
        return "https://" + this.c + "/V2/KEY";
    }
}
