package com.netflix.msl.keyx;

import com.netflix.android.org.json.JSONException;
import com.netflix.android.org.json.JSONObject;
import com.netflix.msl.MslConstants;
import com.netflix.msl.MslCryptoException;
import com.netflix.msl.MslEncodingException;
import com.netflix.msl.MslError;
import com.netflix.msl.MslInternalException;
import com.netflix.msl.MslKeyExchangeException;
import com.netflix.msl.MslMasterTokenException;
import com.netflix.msl.crypto.AsymmetricCryptoContext;
import com.netflix.msl.crypto.CryptoCache;
import com.netflix.msl.crypto.ICryptoContext;
import com.netflix.msl.crypto.JcaAlgorithm;
import com.netflix.msl.crypto.JsonWebEncryptionCryptoContext;
import com.netflix.msl.crypto.JsonWebKey;
import com.netflix.msl.crypto.SessionCryptoContext;
import com.netflix.msl.entityauth.EntityAuthenticationData;
import com.netflix.msl.keyx.KeyExchangeFactory;
import com.netflix.msl.tokens.MasterToken;
import com.netflix.msl.util.AuthenticationUtils;
import com.netflix.msl.util.Base64;
import com.netflix.msl.util.MslContext;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import javax.crypto.SecretKey;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class AsymmetricWrappedExchange extends KeyExchangeFactory {
    private static final Set<JsonWebKey.KeyOp> ENCRYPT_DECRYPT = new HashSet(Arrays.asList(JsonWebKey.KeyOp.encrypt, JsonWebKey.KeyOp.decrypt));
    private static final Set<JsonWebKey.KeyOp> SIGN_VERIFY = new HashSet(Arrays.asList(JsonWebKey.KeyOp.sign, JsonWebKey.KeyOp.verify));
    private final AuthenticationUtils authutils;

    /* loaded from: classes.dex */
    public class RequestData extends KeyRequestData {
        private static final String KEY_KEY_PAIR_ID = "keypairid";
        private static final String KEY_MECHANISM = "mechanism";
        private static final String KEY_PUBLIC_KEY = "publickey";
        private final String keyPairId;
        private final Mechanism mechanism;
        private final PrivateKey privateKey;
        private final PublicKey publicKey;

        /* loaded from: classes.dex */
        public enum Mechanism {
            RSA,
            ECC,
            JWE_RSA,
            JWEJS_RSA,
            JWK_RSA,
            JWK_RSAES
        }

        public RequestData(JSONObject jSONObject) {
            super(KeyExchangeScheme.ASYMMETRIC_WRAPPED);
            try {
                this.keyPairId = jSONObject.getString(KEY_KEY_PAIR_ID);
                String string = jSONObject.getString(KEY_MECHANISM);
                try {
                    this.mechanism = Mechanism.valueOf(string);
                    try {
                        byte[] decode = Base64.decode(jSONObject.getString(KEY_PUBLIC_KEY));
                        try {
                            switch (this.mechanism) {
                                case RSA:
                                case JWE_RSA:
                                case JWEJS_RSA:
                                case JWK_RSA:
                                case JWK_RSAES:
                                    this.publicKey = CryptoCache.getKeyFactory("RSA").generatePublic(new X509EncodedKeySpec(decode));
                                    this.privateKey = null;
                                    return;
                                default:
                                    throw new MslCryptoException(MslError.UNSUPPORTED_KEYX_MECHANISM, this.mechanism.name());
                            }
                        } catch (NullPointerException e) {
                            throw new MslCryptoException(MslError.INVALID_PUBLIC_KEY, "keydata " + jSONObject.toString(), e);
                        } catch (NoSuchAlgorithmException e2) {
                            throw new MslCryptoException(MslError.UNSUPPORTED_KEYX_MECHANISM, "keydata " + jSONObject.toString(), e2);
                        } catch (InvalidKeySpecException e3) {
                            throw new MslCryptoException(MslError.INVALID_PUBLIC_KEY, "keydata " + jSONObject.toString(), e3);
                        }
                    } catch (IllegalArgumentException e4) {
                        throw new MslCryptoException(MslError.KEYX_INVALID_PUBLIC_KEY, "keydata " + jSONObject.toString(), e4);
                    }
                } catch (IllegalArgumentException e5) {
                    throw new MslKeyExchangeException(MslError.UNIDENTIFIED_KEYX_MECHANISM, string, e5);
                }
            } catch (JSONException e6) {
                throw new MslEncodingException(MslError.JSON_PARSE_ERROR, "keydata " + jSONObject.toString(), e6);
            }
        }

        public RequestData(String str, Mechanism mechanism, PublicKey publicKey, PrivateKey privateKey) {
            super(KeyExchangeScheme.ASYMMETRIC_WRAPPED);
            this.keyPairId = str;
            this.mechanism = mechanism;
            this.publicKey = publicKey;
            this.privateKey = privateKey;
        }

        @Override // com.netflix.msl.keyx.KeyRequestData
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof RequestData)) {
                return false;
            }
            RequestData requestData = (RequestData) obj;
            return super.equals(obj) && this.keyPairId.equals(requestData.keyPairId) && this.mechanism.equals(requestData.mechanism) && Arrays.equals(this.publicKey.getEncoded(), requestData.publicKey.getEncoded()) && (this.privateKey == requestData.privateKey || (this.privateKey != null && requestData.privateKey != null && Arrays.equals(this.privateKey.getEncoded(), requestData.privateKey.getEncoded())));
        }

        public String getKeyPairId() {
            return this.keyPairId;
        }

        @Override // com.netflix.msl.keyx.KeyRequestData
        protected JSONObject getKeydata() {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(KEY_KEY_PAIR_ID, this.keyPairId);
            jSONObject.put(KEY_MECHANISM, this.mechanism.name());
            jSONObject.put(KEY_PUBLIC_KEY, Base64.encode(this.publicKey.getEncoded()));
            return jSONObject;
        }

        public Mechanism getMechanism() {
            return this.mechanism;
        }

        public PrivateKey getPrivateKey() {
            return this.privateKey;
        }

        public PublicKey getPublicKey() {
            return this.publicKey;
        }

        @Override // com.netflix.msl.keyx.KeyRequestData
        public int hashCode() {
            return (this.privateKey != null ? Arrays.hashCode(this.privateKey.getEncoded()) : 0) ^ (((super.hashCode() ^ this.keyPairId.hashCode()) ^ this.mechanism.hashCode()) ^ Arrays.hashCode(this.publicKey.getEncoded()));
        }
    }

    /* loaded from: classes.dex */
    public class ResponseData extends KeyResponseData {
        private static final String KEY_ENCRYPTION_KEY = "encryptionkey";
        private static final String KEY_HMAC_KEY = "hmackey";
        private static final String KEY_KEY_PAIR_ID = "keypairid";
        private final byte[] encryptionKey;
        private final byte[] hmacKey;
        private final String keyPairId;

        public ResponseData(MasterToken masterToken, JSONObject jSONObject) {
            super(masterToken, KeyExchangeScheme.ASYMMETRIC_WRAPPED);
            try {
                this.keyPairId = jSONObject.getString(KEY_KEY_PAIR_ID);
                try {
                    this.encryptionKey = Base64.decode(jSONObject.getString(KEY_ENCRYPTION_KEY));
                    try {
                        this.hmacKey = Base64.decode(jSONObject.getString(KEY_HMAC_KEY));
                    } catch (IllegalArgumentException e) {
                        throw new MslKeyExchangeException(MslError.KEYX_INVALID_HMAC_KEY, "keydata " + jSONObject.toString(), e);
                    }
                } catch (IllegalArgumentException e2) {
                    throw new MslKeyExchangeException(MslError.KEYX_INVALID_ENCRYPTION_KEY, "keydata " + jSONObject.toString(), e2);
                }
            } catch (JSONException e3) {
                throw new MslEncodingException(MslError.JSON_PARSE_ERROR, "keydata " + jSONObject.toString(), e3);
            }
        }

        public ResponseData(MasterToken masterToken, String str, byte[] bArr, byte[] bArr2) {
            super(masterToken, KeyExchangeScheme.ASYMMETRIC_WRAPPED);
            this.keyPairId = str;
            this.encryptionKey = bArr;
            this.hmacKey = bArr2;
        }

        @Override // com.netflix.msl.keyx.KeyResponseData
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof ResponseData)) {
                return false;
            }
            ResponseData responseData = (ResponseData) obj;
            return super.equals(obj) && this.keyPairId.equals(responseData.keyPairId) && Arrays.equals(this.encryptionKey, responseData.encryptionKey) && Arrays.equals(this.hmacKey, responseData.hmacKey);
        }

        public byte[] getEncryptionKey() {
            return this.encryptionKey;
        }

        public byte[] getHmacKey() {
            return this.hmacKey;
        }

        public String getKeyPairId() {
            return this.keyPairId;
        }

        @Override // com.netflix.msl.keyx.KeyResponseData
        protected JSONObject getKeydata() {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(KEY_KEY_PAIR_ID, this.keyPairId);
            jSONObject.put(KEY_ENCRYPTION_KEY, Base64.encode(this.encryptionKey));
            jSONObject.put(KEY_HMAC_KEY, Base64.encode(this.hmacKey));
            return jSONObject;
        }

        @Override // com.netflix.msl.keyx.KeyResponseData
        public int hashCode() {
            return ((super.hashCode() ^ this.keyPairId.hashCode()) ^ Arrays.hashCode(this.encryptionKey)) ^ Arrays.hashCode(this.hmacKey);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class RsaWrappingCryptoContext extends AsymmetricCryptoContext {
        private final AlgorithmParameterSpec wrapParams;
        private final String wrapTransform;

        /* loaded from: classes.dex */
        public enum Mode {
            WRAP_UNWRAP_OAEP,
            WRAP_UNWRAP_PKCS1
        }

        public RsaWrappingCryptoContext(MslContext mslContext, String str, PrivateKey privateKey, PublicKey publicKey, Mode mode) {
            super(str, privateKey, publicKey, "nullOp", null, "nullOp");
            switch (mode) {
                case WRAP_UNWRAP_OAEP:
                    this.wrapTransform = "RSA/ECB/OAEPPadding";
                    this.wrapParams = OAEPParameterSpec.DEFAULT;
                    return;
                case WRAP_UNWRAP_PKCS1:
                    this.wrapTransform = "RSA/ECB/PKCS1Padding";
                    this.wrapParams = null;
                    return;
                default:
                    throw new MslInternalException("RSA wrapping crypto context mode " + mode + " not supported.");
            }
        }

        /* JADX WARN: Removed duplicated region for block: B:22:0x0046  */
        @Override // com.netflix.msl.crypto.AsymmetricCryptoContext, com.netflix.msl.crypto.ICryptoContext
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public byte[] unwrap(byte[] r7) {
            /*
                r6 = this;
                java.lang.String r0 = "nullOp"
                java.lang.String r1 = r6.wrapTransform
                boolean r0 = r0.equals(r1)
                if (r0 == 0) goto Lc
            Lb:
                return r7
            Lc:
                java.security.PrivateKey r0 = r6.privateKey
                if (r0 != 0) goto L1b
                com.netflix.msl.MslCryptoException r0 = new com.netflix.msl.MslCryptoException
                com.netflix.msl.MslError r1 = com.netflix.msl.MslError.DECRYPT_NOT_SUPPORTED
                java.lang.String r2 = "no private key"
                r0.<init>(r1, r2)
                throw r0
            L1b:
                r1 = 0
                java.lang.String r0 = r6.wrapTransform     // Catch: javax.crypto.NoSuchPaddingException -> L36 java.security.NoSuchAlgorithmException -> L4c java.security.InvalidKeyException -> L5b javax.crypto.IllegalBlockSizeException -> L69 javax.crypto.BadPaddingException -> L77 java.security.InvalidAlgorithmParameterException -> L85 java.lang.RuntimeException -> L93 java.lang.Throwable -> L9a
                javax.crypto.Cipher r0 = com.netflix.msl.crypto.CryptoCache.getCipher(r0)     // Catch: javax.crypto.NoSuchPaddingException -> L36 java.security.NoSuchAlgorithmException -> L4c java.security.InvalidKeyException -> L5b javax.crypto.IllegalBlockSizeException -> L69 javax.crypto.BadPaddingException -> L77 java.security.InvalidAlgorithmParameterException -> L85 java.lang.RuntimeException -> L93 java.lang.Throwable -> L9a
                r2 = 2
                java.security.PrivateKey r3 = r6.privateKey     // Catch: javax.crypto.NoSuchPaddingException -> L36 java.security.NoSuchAlgorithmException -> L4c java.security.InvalidKeyException -> L5b javax.crypto.IllegalBlockSizeException -> L69 javax.crypto.BadPaddingException -> L77 java.security.InvalidAlgorithmParameterException -> L85 java.lang.RuntimeException -> L93 java.lang.Throwable -> L9a
                java.security.spec.AlgorithmParameterSpec r4 = r6.wrapParams     // Catch: javax.crypto.NoSuchPaddingException -> L36 java.security.NoSuchAlgorithmException -> L4c java.security.InvalidKeyException -> L5b javax.crypto.IllegalBlockSizeException -> L69 javax.crypto.BadPaddingException -> L77 java.security.InvalidAlgorithmParameterException -> L85 java.lang.RuntimeException -> L93 java.lang.Throwable -> L9a
                r0.init(r2, r3, r4)     // Catch: javax.crypto.NoSuchPaddingException -> L36 java.security.NoSuchAlgorithmException -> L4c java.security.InvalidKeyException -> L5b javax.crypto.IllegalBlockSizeException -> L69 javax.crypto.BadPaddingException -> L77 java.security.InvalidAlgorithmParameterException -> L85 java.lang.RuntimeException -> L93 java.lang.Throwable -> L9a
                byte[] r7 = r0.doFinal(r7)     // Catch: javax.crypto.NoSuchPaddingException -> L36 java.security.NoSuchAlgorithmException -> L4c java.security.InvalidKeyException -> L5b javax.crypto.IllegalBlockSizeException -> L69 javax.crypto.BadPaddingException -> L77 java.security.InvalidAlgorithmParameterException -> L85 java.lang.RuntimeException -> L93 java.lang.Throwable -> L9a
                if (r1 == 0) goto Lb
                java.lang.String r0 = r6.wrapTransform
                com.netflix.msl.crypto.CryptoCache.resetCipher(r0)
                goto Lb
            L36:
                r0 = move-exception
                com.netflix.msl.MslInternalException r1 = new com.netflix.msl.MslInternalException     // Catch: java.lang.Throwable -> L40
                java.lang.String r2 = "Unsupported padding exception."
                r1.<init>(r2, r0)     // Catch: java.lang.Throwable -> L40
                throw r1     // Catch: java.lang.Throwable -> L40
            L40:
                r1 = move-exception
                r5 = r1
                r1 = r0
                r0 = r5
            L44:
                if (r1 == 0) goto L4b
                java.lang.String r1 = r6.wrapTransform
                com.netflix.msl.crypto.CryptoCache.resetCipher(r1)
            L4b:
                throw r0
            L4c:
                r0 = move-exception
                com.netflix.msl.MslInternalException r1 = new com.netflix.msl.MslInternalException     // Catch: java.lang.Throwable -> L56
                java.lang.String r2 = "Invalid cipher algorithm specified."
                r1.<init>(r2, r0)     // Catch: java.lang.Throwable -> L56
                throw r1     // Catch: java.lang.Throwable -> L56
            L56:
                r1 = move-exception
                r5 = r1
                r1 = r0
                r0 = r5
                goto L44
            L5b:
                r0 = move-exception
                com.netflix.msl.MslCryptoException r1 = new com.netflix.msl.MslCryptoException     // Catch: java.lang.Throwable -> L64
                com.netflix.msl.MslError r2 = com.netflix.msl.MslError.INVALID_PRIVATE_KEY     // Catch: java.lang.Throwable -> L64
                r1.<init>(r2, r0)     // Catch: java.lang.Throwable -> L64
                throw r1     // Catch: java.lang.Throwable -> L64
            L64:
                r1 = move-exception
                r5 = r1
                r1 = r0
                r0 = r5
                goto L44
            L69:
                r0 = move-exception
                com.netflix.msl.MslCryptoException r1 = new com.netflix.msl.MslCryptoException     // Catch: java.lang.Throwable -> L72
                com.netflix.msl.MslError r2 = com.netflix.msl.MslError.CIPHERTEXT_ILLEGAL_BLOCK_SIZE     // Catch: java.lang.Throwable -> L72
                r1.<init>(r2, r0)     // Catch: java.lang.Throwable -> L72
                throw r1     // Catch: java.lang.Throwable -> L72
            L72:
                r1 = move-exception
                r5 = r1
                r1 = r0
                r0 = r5
                goto L44
            L77:
                r0 = move-exception
                com.netflix.msl.MslCryptoException r1 = new com.netflix.msl.MslCryptoException     // Catch: java.lang.Throwable -> L80
                com.netflix.msl.MslError r2 = com.netflix.msl.MslError.CIPHERTEXT_BAD_PADDING     // Catch: java.lang.Throwable -> L80
                r1.<init>(r2, r0)     // Catch: java.lang.Throwable -> L80
                throw r1     // Catch: java.lang.Throwable -> L80
            L80:
                r1 = move-exception
                r5 = r1
                r1 = r0
                r0 = r5
                goto L44
            L85:
                r0 = move-exception
                com.netflix.msl.MslCryptoException r1 = new com.netflix.msl.MslCryptoException     // Catch: java.lang.Throwable -> L8e
                com.netflix.msl.MslError r2 = com.netflix.msl.MslError.INVALID_ALGORITHM_PARAMS     // Catch: java.lang.Throwable -> L8e
                r1.<init>(r2, r0)     // Catch: java.lang.Throwable -> L8e
                throw r1     // Catch: java.lang.Throwable -> L8e
            L8e:
                r1 = move-exception
                r5 = r1
                r1 = r0
                r0 = r5
                goto L44
            L93:
                r0 = move-exception
                throw r0     // Catch: java.lang.Throwable -> L95
            L95:
                r1 = move-exception
                r5 = r1
                r1 = r0
                r0 = r5
                goto L44
            L9a:
                r0 = move-exception
                goto L44
            */
            throw new UnsupportedOperationException("Method not decompiled: com.netflix.msl.keyx.AsymmetricWrappedExchange.RsaWrappingCryptoContext.unwrap(byte[]):byte[]");
        }

        /* JADX WARN: Removed duplicated region for block: B:22:0x0046  */
        @Override // com.netflix.msl.crypto.AsymmetricCryptoContext, com.netflix.msl.crypto.ICryptoContext
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public byte[] wrap(byte[] r7) {
            /*
                r6 = this;
                java.lang.String r0 = "nullOp"
                java.lang.String r1 = r6.wrapTransform
                boolean r0 = r0.equals(r1)
                if (r0 == 0) goto Lc
            Lb:
                return r7
            Lc:
                java.security.PublicKey r0 = r6.publicKey
                if (r0 != 0) goto L1b
                com.netflix.msl.MslCryptoException r0 = new com.netflix.msl.MslCryptoException
                com.netflix.msl.MslError r1 = com.netflix.msl.MslError.WRAP_NOT_SUPPORTED
                java.lang.String r2 = "no public key"
                r0.<init>(r1, r2)
                throw r0
            L1b:
                r1 = 0
                java.lang.String r0 = r6.wrapTransform     // Catch: javax.crypto.NoSuchPaddingException -> L36 java.security.NoSuchAlgorithmException -> L4c java.security.InvalidKeyException -> L5b javax.crypto.IllegalBlockSizeException -> L69 javax.crypto.BadPaddingException -> L7a java.security.InvalidAlgorithmParameterException -> L8b java.lang.RuntimeException -> L99 java.lang.Throwable -> La0
                javax.crypto.Cipher r0 = com.netflix.msl.crypto.CryptoCache.getCipher(r0)     // Catch: javax.crypto.NoSuchPaddingException -> L36 java.security.NoSuchAlgorithmException -> L4c java.security.InvalidKeyException -> L5b javax.crypto.IllegalBlockSizeException -> L69 javax.crypto.BadPaddingException -> L7a java.security.InvalidAlgorithmParameterException -> L8b java.lang.RuntimeException -> L99 java.lang.Throwable -> La0
                r2 = 1
                java.security.PublicKey r3 = r6.publicKey     // Catch: javax.crypto.NoSuchPaddingException -> L36 java.security.NoSuchAlgorithmException -> L4c java.security.InvalidKeyException -> L5b javax.crypto.IllegalBlockSizeException -> L69 javax.crypto.BadPaddingException -> L7a java.security.InvalidAlgorithmParameterException -> L8b java.lang.RuntimeException -> L99 java.lang.Throwable -> La0
                java.security.spec.AlgorithmParameterSpec r4 = r6.wrapParams     // Catch: javax.crypto.NoSuchPaddingException -> L36 java.security.NoSuchAlgorithmException -> L4c java.security.InvalidKeyException -> L5b javax.crypto.IllegalBlockSizeException -> L69 javax.crypto.BadPaddingException -> L7a java.security.InvalidAlgorithmParameterException -> L8b java.lang.RuntimeException -> L99 java.lang.Throwable -> La0
                r0.init(r2, r3, r4)     // Catch: javax.crypto.NoSuchPaddingException -> L36 java.security.NoSuchAlgorithmException -> L4c java.security.InvalidKeyException -> L5b javax.crypto.IllegalBlockSizeException -> L69 javax.crypto.BadPaddingException -> L7a java.security.InvalidAlgorithmParameterException -> L8b java.lang.RuntimeException -> L99 java.lang.Throwable -> La0
                byte[] r7 = r0.doFinal(r7)     // Catch: javax.crypto.NoSuchPaddingException -> L36 java.security.NoSuchAlgorithmException -> L4c java.security.InvalidKeyException -> L5b javax.crypto.IllegalBlockSizeException -> L69 javax.crypto.BadPaddingException -> L7a java.security.InvalidAlgorithmParameterException -> L8b java.lang.RuntimeException -> L99 java.lang.Throwable -> La0
                if (r1 == 0) goto Lb
                java.lang.String r0 = r6.wrapTransform
                com.netflix.msl.crypto.CryptoCache.resetCipher(r0)
                goto Lb
            L36:
                r0 = move-exception
                com.netflix.msl.MslInternalException r1 = new com.netflix.msl.MslInternalException     // Catch: java.lang.Throwable -> L40
                java.lang.String r2 = "Unsupported padding exception."
                r1.<init>(r2, r0)     // Catch: java.lang.Throwable -> L40
                throw r1     // Catch: java.lang.Throwable -> L40
            L40:
                r1 = move-exception
                r5 = r1
                r1 = r0
                r0 = r5
            L44:
                if (r1 == 0) goto L4b
                java.lang.String r1 = r6.wrapTransform
                com.netflix.msl.crypto.CryptoCache.resetCipher(r1)
            L4b:
                throw r0
            L4c:
                r0 = move-exception
                com.netflix.msl.MslInternalException r1 = new com.netflix.msl.MslInternalException     // Catch: java.lang.Throwable -> L56
                java.lang.String r2 = "Invalid cipher algorithm specified."
                r1.<init>(r2, r0)     // Catch: java.lang.Throwable -> L56
                throw r1     // Catch: java.lang.Throwable -> L56
            L56:
                r1 = move-exception
                r5 = r1
                r1 = r0
                r0 = r5
                goto L44
            L5b:
                r0 = move-exception
                com.netflix.msl.MslCryptoException r1 = new com.netflix.msl.MslCryptoException     // Catch: java.lang.Throwable -> L64
                com.netflix.msl.MslError r2 = com.netflix.msl.MslError.INVALID_PUBLIC_KEY     // Catch: java.lang.Throwable -> L64
                r1.<init>(r2, r0)     // Catch: java.lang.Throwable -> L64
                throw r1     // Catch: java.lang.Throwable -> L64
            L64:
                r1 = move-exception
                r5 = r1
                r1 = r0
                r0 = r5
                goto L44
            L69:
                r0 = move-exception
                com.netflix.msl.MslCryptoException r1 = new com.netflix.msl.MslCryptoException     // Catch: java.lang.Throwable -> L75
                com.netflix.msl.MslError r2 = com.netflix.msl.MslError.PLAINTEXT_ILLEGAL_BLOCK_SIZE     // Catch: java.lang.Throwable -> L75
                java.lang.String r3 = "not expected when padding is specified"
                r1.<init>(r2, r3, r0)     // Catch: java.lang.Throwable -> L75
                throw r1     // Catch: java.lang.Throwable -> L75
            L75:
                r1 = move-exception
                r5 = r1
                r1 = r0
                r0 = r5
                goto L44
            L7a:
                r0 = move-exception
                com.netflix.msl.MslCryptoException r1 = new com.netflix.msl.MslCryptoException     // Catch: java.lang.Throwable -> L86
                com.netflix.msl.MslError r2 = com.netflix.msl.MslError.PLAINTEXT_BAD_PADDING     // Catch: java.lang.Throwable -> L86
                java.lang.String r3 = "not expected when encrypting"
                r1.<init>(r2, r3, r0)     // Catch: java.lang.Throwable -> L86
                throw r1     // Catch: java.lang.Throwable -> L86
            L86:
                r1 = move-exception
                r5 = r1
                r1 = r0
                r0 = r5
                goto L44
            L8b:
                r0 = move-exception
                com.netflix.msl.MslCryptoException r1 = new com.netflix.msl.MslCryptoException     // Catch: java.lang.Throwable -> L94
                com.netflix.msl.MslError r2 = com.netflix.msl.MslError.INVALID_ALGORITHM_PARAMS     // Catch: java.lang.Throwable -> L94
                r1.<init>(r2, r0)     // Catch: java.lang.Throwable -> L94
                throw r1     // Catch: java.lang.Throwable -> L94
            L94:
                r1 = move-exception
                r5 = r1
                r1 = r0
                r0 = r5
                goto L44
            L99:
                r0 = move-exception
                throw r0     // Catch: java.lang.Throwable -> L9b
            L9b:
                r1 = move-exception
                r5 = r1
                r1 = r0
                r0 = r5
                goto L44
            La0:
                r0 = move-exception
                goto L44
            */
            throw new UnsupportedOperationException("Method not decompiled: com.netflix.msl.keyx.AsymmetricWrappedExchange.RsaWrappingCryptoContext.wrap(byte[]):byte[]");
        }
    }

    public AsymmetricWrappedExchange(AuthenticationUtils authenticationUtils) {
        super(KeyExchangeScheme.ASYMMETRIC_WRAPPED);
        this.authutils = authenticationUtils;
    }

    private static ICryptoContext createCryptoContext(MslContext mslContext, String str, RequestData.Mechanism mechanism, PrivateKey privateKey, PublicKey publicKey) {
        switch (mechanism) {
            case RSA:
            case JWK_RSA:
                return new RsaWrappingCryptoContext(mslContext, str, privateKey, publicKey, RsaWrappingCryptoContext.Mode.WRAP_UNWRAP_OAEP);
            case JWE_RSA:
                return new JsonWebEncryptionCryptoContext(mslContext, new JsonWebEncryptionCryptoContext.RsaOaepCryptoContext(privateKey, publicKey), JsonWebEncryptionCryptoContext.Encryption.A128GCM, JsonWebEncryptionCryptoContext.Format.JWE_CS);
            case JWEJS_RSA:
                return new JsonWebEncryptionCryptoContext(mslContext, new JsonWebEncryptionCryptoContext.RsaOaepCryptoContext(privateKey, publicKey), JsonWebEncryptionCryptoContext.Encryption.A128GCM, JsonWebEncryptionCryptoContext.Format.JWE_JS);
            case JWK_RSAES:
                return new RsaWrappingCryptoContext(mslContext, str, privateKey, publicKey, RsaWrappingCryptoContext.Mode.WRAP_UNWRAP_PKCS1);
            default:
                throw new MslCryptoException(MslError.UNSUPPORTED_KEYX_MECHANISM, mechanism.name());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyRequestData createRequestData(MslContext mslContext, JSONObject jSONObject) {
        return new RequestData(jSONObject);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyResponseData createResponseData(MslContext mslContext, MasterToken masterToken, JSONObject jSONObject) {
        return new ResponseData(masterToken, jSONObject);
    }

    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyExchangeFactory.KeyExchangeData generateResponse(MslContext mslContext, KeyRequestData keyRequestData, EntityAuthenticationData entityAuthenticationData) {
        byte[] wrap;
        byte[] wrap2;
        if (!(keyRequestData instanceof RequestData)) {
            throw new MslInternalException("Key request data " + keyRequestData.getClass().getName() + " was not created by this factory.");
        }
        RequestData requestData = (RequestData) keyRequestData;
        String identity = entityAuthenticationData.getIdentity();
        if (!this.authutils.isSchemePermitted(identity, getScheme())) {
            throw new MslKeyExchangeException(MslError.KEYX_INCORRECT_DATA, "Authentication scheme for entity not permitted " + identity + ":" + getScheme()).setEntityAuthenticationData(entityAuthenticationData);
        }
        byte[] bArr = new byte[16];
        byte[] bArr2 = new byte[32];
        mslContext.getRandom().nextBytes(bArr);
        mslContext.getRandom().nextBytes(bArr2);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        SecretKeySpec secretKeySpec2 = new SecretKeySpec(bArr2, JcaAlgorithm.HMAC_SHA256);
        String keyPairId = requestData.getKeyPairId();
        RequestData.Mechanism mechanism = requestData.getMechanism();
        ICryptoContext createCryptoContext = createCryptoContext(mslContext, keyPairId, mechanism, null, requestData.getPublicKey());
        switch (mechanism) {
            case JWE_RSA:
            case JWEJS_RSA:
                JsonWebKey jsonWebKey = new JsonWebKey(JsonWebKey.Usage.enc, JsonWebKey.Algorithm.A128CBC, false, (String) null, (SecretKey) secretKeySpec);
                JsonWebKey jsonWebKey2 = new JsonWebKey(JsonWebKey.Usage.sig, JsonWebKey.Algorithm.HS256, false, (String) null, (SecretKey) secretKeySpec2);
                wrap = createCryptoContext.wrap(jsonWebKey.toJSONString().getBytes(MslConstants.DEFAULT_CHARSET));
                wrap2 = createCryptoContext.wrap(jsonWebKey2.toJSONString().getBytes(MslConstants.DEFAULT_CHARSET));
                break;
            case JWK_RSA:
            case JWK_RSAES:
                JsonWebKey jsonWebKey3 = new JsonWebKey(ENCRYPT_DECRYPT, JsonWebKey.Algorithm.A128CBC, false, (String) null, (SecretKey) secretKeySpec);
                JsonWebKey jsonWebKey4 = new JsonWebKey(SIGN_VERIFY, JsonWebKey.Algorithm.HS256, false, (String) null, (SecretKey) secretKeySpec2);
                wrap = createCryptoContext.wrap(jsonWebKey3.toJSONString().getBytes(MslConstants.DEFAULT_CHARSET));
                wrap2 = createCryptoContext.wrap(jsonWebKey4.toJSONString().getBytes(MslConstants.DEFAULT_CHARSET));
                break;
            default:
                wrap = createCryptoContext.wrap(bArr);
                wrap2 = createCryptoContext.wrap(bArr2);
                break;
        }
        MasterToken createMasterToken = mslContext.getTokenFactory().createMasterToken(mslContext, entityAuthenticationData, secretKeySpec, secretKeySpec2, null);
        try {
            return new KeyExchangeFactory.KeyExchangeData(new ResponseData(createMasterToken, requestData.getKeyPairId(), wrap, wrap2), new SessionCryptoContext(mslContext, createMasterToken));
        } catch (MslMasterTokenException e) {
            throw new MslInternalException("Master token constructed by token factory is not trusted.", e);
        }
    }

    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyExchangeFactory.KeyExchangeData generateResponse(MslContext mslContext, KeyRequestData keyRequestData, MasterToken masterToken) {
        byte[] wrap;
        byte[] wrap2;
        if (!(keyRequestData instanceof RequestData)) {
            throw new MslInternalException("Key request data " + keyRequestData.getClass().getName() + " was not created by this factory.");
        }
        RequestData requestData = (RequestData) keyRequestData;
        if (!masterToken.isVerified()) {
            throw new MslMasterTokenException(MslError.MASTERTOKEN_UNTRUSTED, masterToken);
        }
        String identity = masterToken.getIdentity();
        if (!this.authutils.isSchemePermitted(identity, getScheme())) {
            throw new MslKeyExchangeException(MslError.KEYX_INCORRECT_DATA, "Authentication scheme for entity not permitted " + identity + ":" + getScheme()).setMasterToken(masterToken);
        }
        byte[] bArr = new byte[16];
        byte[] bArr2 = new byte[32];
        mslContext.getRandom().nextBytes(bArr);
        mslContext.getRandom().nextBytes(bArr2);
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
            SecretKeySpec secretKeySpec2 = new SecretKeySpec(bArr2, JcaAlgorithm.HMAC_SHA256);
            String keyPairId = requestData.getKeyPairId();
            RequestData.Mechanism mechanism = requestData.getMechanism();
            ICryptoContext createCryptoContext = createCryptoContext(mslContext, keyPairId, mechanism, null, requestData.getPublicKey());
            switch (mechanism) {
                case JWE_RSA:
                case JWEJS_RSA:
                    JsonWebKey jsonWebKey = new JsonWebKey(JsonWebKey.Usage.enc, JsonWebKey.Algorithm.A128CBC, false, (String) null, (SecretKey) secretKeySpec);
                    JsonWebKey jsonWebKey2 = new JsonWebKey(JsonWebKey.Usage.sig, JsonWebKey.Algorithm.HS256, false, (String) null, (SecretKey) secretKeySpec2);
                    wrap = createCryptoContext.wrap(jsonWebKey.toJSONString().getBytes(MslConstants.DEFAULT_CHARSET));
                    wrap2 = createCryptoContext.wrap(jsonWebKey2.toJSONString().getBytes(MslConstants.DEFAULT_CHARSET));
                    break;
                case JWK_RSA:
                case JWK_RSAES:
                    JsonWebKey jsonWebKey3 = new JsonWebKey(ENCRYPT_DECRYPT, JsonWebKey.Algorithm.A128CBC, false, (String) null, (SecretKey) secretKeySpec);
                    JsonWebKey jsonWebKey4 = new JsonWebKey(SIGN_VERIFY, JsonWebKey.Algorithm.HS256, false, (String) null, (SecretKey) secretKeySpec2);
                    wrap = createCryptoContext.wrap(jsonWebKey3.toJSONString().getBytes(MslConstants.DEFAULT_CHARSET));
                    wrap2 = createCryptoContext.wrap(jsonWebKey4.toJSONString().getBytes(MslConstants.DEFAULT_CHARSET));
                    break;
                default:
                    wrap = createCryptoContext.wrap(bArr);
                    wrap2 = createCryptoContext.wrap(bArr2);
                    break;
            }
            MasterToken renewMasterToken = mslContext.getTokenFactory().renewMasterToken(mslContext, masterToken, secretKeySpec, secretKeySpec2, null);
            return new KeyExchangeFactory.KeyExchangeData(new ResponseData(renewMasterToken, requestData.getKeyPairId(), wrap, wrap2), new SessionCryptoContext(mslContext, renewMasterToken));
        } catch (IllegalArgumentException e) {
            throw new MslCryptoException(MslError.SESSION_KEY_CREATION_FAILURE, e).setMasterToken(masterToken);
        }
    }

    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public ICryptoContext getCryptoContext(MslContext mslContext, KeyRequestData keyRequestData, KeyResponseData keyResponseData, MasterToken masterToken) {
        SecretKey secretKey;
        SecretKey secretKey2;
        if (!(keyRequestData instanceof RequestData)) {
            throw new MslInternalException("Key request data " + keyRequestData.getClass().getName() + " was not created by this factory.");
        }
        RequestData requestData = (RequestData) keyRequestData;
        if (!(keyResponseData instanceof ResponseData)) {
            throw new MslInternalException("Key response data " + keyResponseData.getClass().getName() + " was not created by this factory.");
        }
        ResponseData responseData = (ResponseData) keyResponseData;
        String keyPairId = requestData.getKeyPairId();
        String keyPairId2 = responseData.getKeyPairId();
        if (!keyPairId.equals(keyPairId2)) {
            throw new MslKeyExchangeException(MslError.KEYX_RESPONSE_REQUEST_MISMATCH, "request " + keyPairId + "; response " + keyPairId2);
        }
        PrivateKey privateKey = requestData.getPrivateKey();
        if (privateKey == null) {
            throw new MslKeyExchangeException(MslError.KEYX_PRIVATE_KEY_MISSING, "request Asymmetric private key");
        }
        RequestData.Mechanism mechanism = requestData.getMechanism();
        ICryptoContext createCryptoContext = createCryptoContext(mslContext, keyPairId, mechanism, privateKey, null);
        switch (mechanism) {
            case JWE_RSA:
            case JWEJS_RSA:
            case JWK_RSA:
            case JWK_RSAES:
                byte[] unwrap = createCryptoContext.unwrap(responseData.getEncryptionKey());
                byte[] unwrap2 = createCryptoContext.unwrap(responseData.getHmacKey());
                try {
                    JSONObject jSONObject = new JSONObject(new String(unwrap, MslConstants.DEFAULT_CHARSET));
                    JSONObject jSONObject2 = new JSONObject(new String(unwrap2, MslConstants.DEFAULT_CHARSET));
                    secretKey = new JsonWebKey(jSONObject).getSecretKey();
                    secretKey2 = new JsonWebKey(jSONObject2).getSecretKey();
                    break;
                } catch (JSONException e) {
                    throw new MslCryptoException(MslError.SESSION_KEY_CREATION_FAILURE, e).setMasterToken(masterToken);
                }
            default:
                byte[] unwrap3 = createCryptoContext.unwrap(responseData.getEncryptionKey());
                byte[] unwrap4 = createCryptoContext.unwrap(responseData.getHmacKey());
                try {
                    secretKey = new SecretKeySpec(unwrap3, "AES");
                    secretKey2 = new SecretKeySpec(unwrap4, JcaAlgorithm.HMAC_SHA256);
                    break;
                } catch (IllegalArgumentException e2) {
                    throw new MslCryptoException(MslError.SESSION_KEY_CREATION_FAILURE, e2).setMasterToken(masterToken);
                }
        }
        return new SessionCryptoContext(mslContext, responseData.getMasterToken(), mslContext.getEntityAuthenticationData(null).getIdentity(), secretKey, secretKey2);
    }
}
