package com.netflix.msl.keyx;

import com.netflix.android.org.json.JSONException;
import com.netflix.android.org.json.JSONObject;
import com.netflix.mediaclienu.service.player.subtitles.image.v2.ParserUtils;
import com.netflix.msl.MslCryptoException;
import com.netflix.msl.MslEncodingException;
import com.netflix.msl.MslError;
import com.netflix.msl.MslInternalException;
import com.netflix.msl.MslKeyExchangeException;
import com.netflix.msl.MslMasterTokenException;
import com.netflix.msl.crypto.ICryptoContext;
import com.netflix.msl.crypto.JcaAlgorithm;
import com.netflix.msl.crypto.JsonWebEncryptionCryptoContext;
import com.netflix.msl.crypto.JsonWebKey;
import com.netflix.msl.crypto.SessionCryptoContext;
import com.netflix.msl.entityauth.EntityAuthenticationData;
import com.netflix.msl.entityauth.EntityAuthenticationFactory;
import com.netflix.msl.entityauth.EntityAuthenticationScheme;
import com.netflix.msl.entityauth.PresharedAuthenticationData;
import com.netflix.msl.keyx.KeyExchangeFactory;
import com.netflix.msl.tokens.MasterToken;
import com.netflix.msl.util.AuthenticationUtils;
import com.netflix.msl.util.Base64;
import com.netflix.msl.util.MslContext;
import java.nio.charset.Charset;
import java.util.Arrays;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class JsonWebEncryptionLadderExchange extends KeyExchangeFactory {
    private static final Charset UTF_8 = Charset.forName(ParserUtils.UTF8_CHARSET);
    private final AuthenticationUtils authutils;
    private final WrapCryptoContextRepository repository;

    /* loaded from: classes.dex */
    public enum Mechanism {
        PSK,
        WRAP
    }

    /* loaded from: classes.dex */
    public class RequestData extends KeyRequestData {
        private static final String KEY_MECHANISM = "mechanism";
        private static final String KEY_WRAPDATA = "wrapdata";
        private final Mechanism mechanism;
        private final byte[] wrapdata;

        public RequestData(JSONObject jSONObject) {
            super(KeyExchangeScheme.JWE_LADDER);
            try {
                String string = jSONObject.getString(KEY_MECHANISM);
                try {
                    this.mechanism = Mechanism.valueOf(string);
                    try {
                        switch (this.mechanism) {
                            case WRAP:
                                try {
                                    this.wrapdata = Base64.decode(jSONObject.getString(KEY_WRAPDATA));
                                    if (this.wrapdata == null || this.wrapdata.length == 0) {
                                        throw new MslKeyExchangeException(MslError.KEYX_WRAPPING_KEY_MISSING, "keydata " + jSONObject.toString());
                                    }
                                    return;
                                } catch (IllegalArgumentException e) {
                                    throw new MslKeyExchangeException(MslError.KEYX_INVALID_WRAPPING_KEY, "keydata " + jSONObject.toString());
                                }
                            case PSK:
                                this.wrapdata = null;
                                return;
                            default:
                                throw new MslCryptoException(MslError.UNSUPPORTED_KEYX_MECHANISM, this.mechanism.name());
                        }
                    } catch (JSONException e2) {
                        throw new MslEncodingException(MslError.JSON_PARSE_ERROR, "keydata " + jSONObject.toString(), e2);
                    }
                    throw new MslEncodingException(MslError.JSON_PARSE_ERROR, "keydata " + jSONObject.toString(), e2);
                } catch (IllegalArgumentException e3) {
                    throw new MslKeyExchangeException(MslError.UNIDENTIFIED_KEYX_MECHANISM, string, e3);
                }
            } catch (JSONException e4) {
                throw new MslEncodingException(MslError.JSON_PARSE_ERROR, "keydata " + jSONObject.toString(), e4);
            }
        }

        public RequestData(Mechanism mechanism, byte[] bArr) {
            super(KeyExchangeScheme.JWE_LADDER);
            this.mechanism = mechanism;
            switch (mechanism) {
                case WRAP:
                    if (bArr == null) {
                        throw new MslInternalException("Previous wrapping key based key exchange requires the previous wrapping key data and ID.");
                    }
                    this.wrapdata = bArr;
                    return;
                default:
                    this.wrapdata = null;
                    return;
            }
        }

        @Override // com.netflix.msl.keyx.KeyRequestData
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof RequestData)) {
                return false;
            }
            RequestData requestData = (RequestData) obj;
            return super.equals(obj) && this.mechanism.equals(requestData.mechanism) && Arrays.equals(this.wrapdata, requestData.wrapdata);
        }

        @Override // com.netflix.msl.keyx.KeyRequestData
        protected JSONObject getKeydata() {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(KEY_MECHANISM, this.mechanism.name());
            if (this.wrapdata != null) {
                jSONObject.put(KEY_WRAPDATA, Base64.encode(this.wrapdata));
            }
            return jSONObject;
        }

        public Mechanism getMechanism() {
            return this.mechanism;
        }

        public byte[] getWrapdata() {
            return this.wrapdata;
        }

        @Override // com.netflix.msl.keyx.KeyRequestData
        public int hashCode() {
            return (this.wrapdata != null ? Arrays.hashCode(this.wrapdata) : 0) ^ (super.hashCode() ^ this.mechanism.hashCode());
        }
    }

    /* loaded from: classes.dex */
    public class ResponseData extends KeyResponseData {
        private static final String KEY_ENCRYPTION_KEY = "encryptionkey";
        private static final String KEY_HMAC_KEY = "hmackey";
        private static final String KEY_WRAPDATA = "wrapdata";
        private static final String KEY_WRAP_KEY = "wrapkey";
        private final byte[] encryptionKey;
        private final byte[] hmacKey;
        private final byte[] wrapKey;
        private final byte[] wrapdata;

        public ResponseData(MasterToken masterToken, JSONObject jSONObject) {
            super(masterToken, KeyExchangeScheme.JWE_LADDER);
            try {
                try {
                    this.wrapKey = Base64.decode(jSONObject.getString(KEY_WRAP_KEY));
                    try {
                        this.wrapdata = Base64.decode(jSONObject.getString(KEY_WRAPDATA));
                        try {
                            this.encryptionKey = Base64.decode(jSONObject.getString(KEY_ENCRYPTION_KEY));
                            try {
                                this.hmacKey = Base64.decode(jSONObject.getString(KEY_HMAC_KEY));
                            } catch (IllegalArgumentException e) {
                                throw new MslKeyExchangeException(MslError.KEYX_INVALID_HMAC_KEY, "keydata " + jSONObject.toString(), e);
                            }
                        } catch (IllegalArgumentException e2) {
                            throw new MslKeyExchangeException(MslError.KEYX_INVALID_ENCRYPTION_KEY, "keydata " + jSONObject.toString(), e2);
                        }
                    } catch (IllegalArgumentException e3) {
                        throw new MslKeyExchangeException(MslError.KEYX_INVALID_WRAPDATA, "keydata " + jSONObject.toString(), e3);
                    }
                } catch (IllegalArgumentException e4) {
                    throw new MslKeyExchangeException(MslError.KEYX_INVALID_WRAPPING_KEY, "keydata " + jSONObject.toString(), e4);
                }
            } catch (JSONException e5) {
                throw new MslEncodingException(MslError.JSON_PARSE_ERROR, "keydata " + jSONObject.toString(), e5);
            }
        }

        public ResponseData(MasterToken masterToken, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
            super(masterToken, KeyExchangeScheme.JWE_LADDER);
            this.wrapKey = bArr;
            this.wrapdata = bArr2;
            this.encryptionKey = bArr3;
            this.hmacKey = bArr4;
        }

        @Override // com.netflix.msl.keyx.KeyResponseData
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof ResponseData)) {
                return false;
            }
            ResponseData responseData = (ResponseData) obj;
            return super.equals(obj) && Arrays.equals(this.wrapKey, responseData.wrapKey) && Arrays.equals(this.wrapdata, responseData.wrapdata) && Arrays.equals(this.encryptionKey, responseData.encryptionKey) && Arrays.equals(this.hmacKey, responseData.hmacKey);
        }

        public byte[] getEncryptionKey() {
            return this.encryptionKey;
        }

        public byte[] getHmacKey() {
            return this.hmacKey;
        }

        @Override // com.netflix.msl.keyx.KeyResponseData
        protected JSONObject getKeydata() {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(KEY_WRAP_KEY, Base64.encode(this.wrapKey));
            jSONObject.put(KEY_WRAPDATA, Base64.encode(this.wrapdata));
            jSONObject.put(KEY_ENCRYPTION_KEY, Base64.encode(this.encryptionKey));
            jSONObject.put(KEY_HMAC_KEY, Base64.encode(this.hmacKey));
            return jSONObject;
        }

        public byte[] getWrapKey() {
            return this.wrapKey;
        }

        public byte[] getWrapdata() {
            return this.wrapdata;
        }

        @Override // com.netflix.msl.keyx.KeyResponseData
        public int hashCode() {
            return (((super.hashCode() ^ Arrays.hashCode(this.wrapKey)) ^ Arrays.hashCode(this.wrapdata)) ^ Arrays.hashCode(this.encryptionKey)) ^ Arrays.hashCode(this.hmacKey);
        }
    }

    public JsonWebEncryptionLadderExchange(WrapCryptoContextRepository wrapCryptoContextRepository, AuthenticationUtils authenticationUtils) {
        super(KeyExchangeScheme.JWE_LADDER);
        this.repository = wrapCryptoContextRepository;
        this.authutils = authenticationUtils;
    }

    private static ICryptoContext createCryptoContext(MslContext mslContext, Mechanism mechanism, byte[] bArr, String str) {
        switch (mechanism) {
            case WRAP:
                byte[] unwrap = mslContext.getMslCryptoContext().unwrap(bArr);
                if (unwrap == null || unwrap.length == 0) {
                    throw new MslKeyExchangeException(MslError.KEYX_WRAPPING_KEY_MISSING);
                }
                return new JsonWebEncryptionCryptoContext(mslContext, new JsonWebEncryptionCryptoContext.AesKwCryptoContext(new SecretKeySpec(unwrap, "AES")), JsonWebEncryptionCryptoContext.Encryption.A128GCM, JsonWebEncryptionCryptoContext.Format.JWE_JS);
            case PSK:
                PresharedAuthenticationData presharedAuthenticationData = new PresharedAuthenticationData(str);
                EntityAuthenticationFactory entityAuthenticationFactory = mslContext.getEntityAuthenticationFactory(EntityAuthenticationScheme.PSK);
                if (entityAuthenticationFactory == null) {
                    throw new MslKeyExchangeException(MslError.UNSUPPORTED_KEYX_MECHANISM, mechanism.name());
                }
                return new JsonWebEncryptionCryptoContext(mslContext, new JsonWebEncryptionCryptoContext.AesKwCryptoContext(entityAuthenticationFactory.getCryptoContext(mslContext, presharedAuthenticationData)), JsonWebEncryptionCryptoContext.Encryption.A128GCM, JsonWebEncryptionCryptoContext.Format.JWE_JS);
            default:
                throw new MslKeyExchangeException(MslError.UNSUPPORTED_KEYX_MECHANISM, mechanism.name());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyRequestData createRequestData(MslContext mslContext, JSONObject jSONObject) {
        return new RequestData(jSONObject);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyResponseData createResponseData(MslContext mslContext, MasterToken masterToken, JSONObject jSONObject) {
        return new ResponseData(masterToken, jSONObject);
    }

    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyExchangeFactory.KeyExchangeData generateResponse(MslContext mslContext, KeyRequestData keyRequestData, EntityAuthenticationData entityAuthenticationData) {
        if (!(keyRequestData instanceof RequestData)) {
            throw new MslInternalException("Key request data " + keyRequestData.getClass().getName() + " was not created by this factory.");
        }
        RequestData requestData = (RequestData) keyRequestData;
        String identity = entityAuthenticationData.getIdentity();
        if (!this.authutils.isSchemePermitted(identity, getScheme())) {
            throw new MslKeyExchangeException(MslError.KEYX_INCORRECT_DATA, "Authentication Sscheme for entity not permitted " + identity + ":" + getScheme()).setEntityAuthenticationData(entityAuthenticationData);
        }
        String valueOf = String.valueOf(mslContext.getRandom().nextLong());
        byte[] bArr = new byte[16];
        mslContext.getRandom().nextBytes(bArr);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        byte[] wrap = mslContext.getMslCryptoContext().wrap(bArr);
        byte[] bArr2 = new byte[16];
        byte[] bArr3 = new byte[32];
        mslContext.getRandom().nextBytes(bArr2);
        mslContext.getRandom().nextBytes(bArr3);
        SecretKeySpec secretKeySpec2 = new SecretKeySpec(bArr2, "AES");
        SecretKeySpec secretKeySpec3 = new SecretKeySpec(bArr3, JcaAlgorithm.HMAC_SHA256);
        byte[] wrap2 = createCryptoContext(mslContext, requestData.getMechanism(), requestData.getWrapdata(), identity).wrap(new JsonWebKey(JsonWebKey.Usage.wrap, JsonWebKey.Algorithm.A128KW, false, valueOf, (SecretKey) secretKeySpec).toJSONString().getBytes(UTF_8));
        JsonWebEncryptionCryptoContext jsonWebEncryptionCryptoContext = new JsonWebEncryptionCryptoContext(mslContext, new JsonWebEncryptionCryptoContext.AesKwCryptoContext(secretKeySpec), JsonWebEncryptionCryptoContext.Encryption.A128GCM, JsonWebEncryptionCryptoContext.Format.JWE_JS);
        JsonWebKey jsonWebKey = new JsonWebKey(JsonWebKey.Usage.enc, JsonWebKey.Algorithm.A128CBC, false, (String) null, (SecretKey) secretKeySpec2);
        JsonWebKey jsonWebKey2 = new JsonWebKey(JsonWebKey.Usage.sig, JsonWebKey.Algorithm.HS256, false, (String) null, (SecretKey) secretKeySpec3);
        byte[] wrap3 = jsonWebEncryptionCryptoContext.wrap(jsonWebKey.toJSONString().getBytes(UTF_8));
        byte[] wrap4 = jsonWebEncryptionCryptoContext.wrap(jsonWebKey2.toJSONString().getBytes(UTF_8));
        MasterToken createMasterToken = mslContext.getTokenFactory().createMasterToken(mslContext, entityAuthenticationData, secretKeySpec2, secretKeySpec3, null);
        return new KeyExchangeFactory.KeyExchangeData(new ResponseData(createMasterToken, wrap2, wrap, wrap3, wrap4), new SessionCryptoContext(mslContext, createMasterToken));
    }

    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyExchangeFactory.KeyExchangeData generateResponse(MslContext mslContext, KeyRequestData keyRequestData, MasterToken masterToken) {
        if (!(keyRequestData instanceof RequestData)) {
            throw new MslInternalException("Key request data " + keyRequestData.getClass().getName() + " was not created by this factory.");
        }
        RequestData requestData = (RequestData) keyRequestData;
        if (!masterToken.isVerified()) {
            throw new MslMasterTokenException(MslError.MASTERTOKEN_UNTRUSTED, masterToken);
        }
        String identity = masterToken.getIdentity();
        if (!this.authutils.isSchemePermitted(identity, getScheme())) {
            throw new MslKeyExchangeException(MslError.KEYX_INCORRECT_DATA, "Authentication scheme for entity not permitted " + identity + ":" + getScheme()).setMasterToken(masterToken);
        }
        String valueOf = String.valueOf(mslContext.getRandom().nextLong());
        byte[] bArr = new byte[16];
        mslContext.getRandom().nextBytes(bArr);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        byte[] wrap = mslContext.getMslCryptoContext().wrap(bArr);
        byte[] bArr2 = new byte[16];
        byte[] bArr3 = new byte[32];
        mslContext.getRandom().nextBytes(bArr2);
        mslContext.getRandom().nextBytes(bArr3);
        SecretKeySpec secretKeySpec2 = new SecretKeySpec(bArr2, "AES");
        SecretKeySpec secretKeySpec3 = new SecretKeySpec(bArr3, JcaAlgorithm.HMAC_SHA256);
        byte[] wrap2 = createCryptoContext(mslContext, requestData.getMechanism(), requestData.getWrapdata(), identity).wrap(new JsonWebKey(JsonWebKey.Usage.wrap, JsonWebKey.Algorithm.A128KW, false, valueOf, (SecretKey) secretKeySpec).toJSONString().getBytes(UTF_8));
        JsonWebEncryptionCryptoContext jsonWebEncryptionCryptoContext = new JsonWebEncryptionCryptoContext(mslContext, new JsonWebEncryptionCryptoContext.AesKwCryptoContext(secretKeySpec), JsonWebEncryptionCryptoContext.Encryption.A128GCM, JsonWebEncryptionCryptoContext.Format.JWE_JS);
        JsonWebKey jsonWebKey = new JsonWebKey(JsonWebKey.Usage.enc, JsonWebKey.Algorithm.A128CBC, false, (String) null, (SecretKey) secretKeySpec2);
        JsonWebKey jsonWebKey2 = new JsonWebKey(JsonWebKey.Usage.sig, JsonWebKey.Algorithm.HS256, false, (String) null, (SecretKey) secretKeySpec3);
        byte[] wrap3 = jsonWebEncryptionCryptoContext.wrap(jsonWebKey.toJSONString().getBytes(UTF_8));
        byte[] wrap4 = jsonWebEncryptionCryptoContext.wrap(jsonWebKey2.toJSONString().getBytes(UTF_8));
        MasterToken renewMasterToken = mslContext.getTokenFactory().renewMasterToken(mslContext, masterToken, secretKeySpec2, secretKeySpec3, null);
        return new KeyExchangeFactory.KeyExchangeData(new ResponseData(renewMasterToken, wrap2, wrap, wrap3, wrap4), new SessionCryptoContext(mslContext, renewMasterToken));
    }

    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public ICryptoContext getCryptoContext(MslContext mslContext, KeyRequestData keyRequestData, KeyResponseData keyResponseData, MasterToken masterToken) {
        ICryptoContext cryptoContext;
        if (!(keyRequestData instanceof RequestData)) {
            throw new MslInternalException("Key request data " + keyRequestData.getClass().getName() + " was not created by this factory.");
        }
        RequestData requestData = (RequestData) keyRequestData;
        if (!(keyResponseData instanceof ResponseData)) {
            throw new MslInternalException("Key response data " + keyResponseData.getClass().getName() + " was not created by this factory.");
        }
        ResponseData responseData = (ResponseData) keyResponseData;
        Mechanism mechanism = requestData.getMechanism();
        byte[] wrapdata = requestData.getWrapdata();
        EntityAuthenticationData entityAuthenticationData = mslContext.getEntityAuthenticationData(null);
        String identity = entityAuthenticationData.getIdentity();
        switch (mechanism) {
            case WRAP:
                cryptoContext = this.repository.getCryptoContext(wrapdata);
                if (cryptoContext == null) {
                    throw new MslKeyExchangeException(MslError.KEYX_WRAPPING_KEY_MISSING, Base64.encode(wrapdata)).setEntityAuthenticationData(entityAuthenticationData);
                }
                break;
            case PSK:
                PresharedAuthenticationData presharedAuthenticationData = new PresharedAuthenticationData(identity);
                EntityAuthenticationFactory entityAuthenticationFactory = mslContext.getEntityAuthenticationFactory(EntityAuthenticationScheme.PSK);
                if (entityAuthenticationFactory != null) {
                    cryptoContext = new JsonWebEncryptionCryptoContext(mslContext, new JsonWebEncryptionCryptoContext.AesKwCryptoContext(entityAuthenticationFactory.getCryptoContext(mslContext, presharedAuthenticationData)), JsonWebEncryptionCryptoContext.Encryption.A128GCM, JsonWebEncryptionCryptoContext.Format.JWE_JS);
                    break;
                } else {
                    throw new MslKeyExchangeException(MslError.UNSUPPORTED_KEYX_MECHANISM, mechanism.name()).setEntityAuthenticationData(entityAuthenticationData);
                }
            default:
                throw new MslKeyExchangeException(MslError.UNSUPPORTED_KEYX_MECHANISM, mechanism.name()).setEntityAuthenticationData(entityAuthenticationData);
        }
        String str = new String(cryptoContext.unwrap(responseData.getWrapKey()), UTF_8);
        try {
            JsonWebEncryptionCryptoContext jsonWebEncryptionCryptoContext = new JsonWebEncryptionCryptoContext(mslContext, new JsonWebEncryptionCryptoContext.AesKwCryptoContext(new JsonWebKey(new JSONObject(str)).getSecretKey()), JsonWebEncryptionCryptoContext.Encryption.A128GCM, JsonWebEncryptionCryptoContext.Format.JWE_JS);
            byte[] unwrap = jsonWebEncryptionCryptoContext.unwrap(responseData.getEncryptionKey());
            byte[] unwrap2 = jsonWebEncryptionCryptoContext.unwrap(responseData.getHmacKey());
            String str2 = new String(unwrap, UTF_8);
            String str3 = new String(unwrap2, UTF_8);
            try {
                JsonWebKey jsonWebKey = new JsonWebKey(new JSONObject(str2));
                try {
                    JsonWebKey jsonWebKey2 = new JsonWebKey(new JSONObject(str3));
                    this.repository.addCryptoContext(responseData.getWrapdata(), jsonWebEncryptionCryptoContext);
                    if (wrapdata != null) {
                        this.repository.removeCryptoContext(wrapdata);
                    }
                    return new SessionCryptoContext(mslContext, responseData.getMasterToken(), identity, jsonWebKey.getSecretKey(), jsonWebKey2.getSecretKey());
                } catch (JSONException e) {
                    throw new MslKeyExchangeException(MslError.INVALID_JWK, str3, e).setEntityAuthenticationData(entityAuthenticationData);
                }
            } catch (JSONException e2) {
                throw new MslKeyExchangeException(MslError.INVALID_JWK, str2, e2).setEntityAuthenticationData(entityAuthenticationData);
            }
        } catch (JSONException e3) {
            throw new MslKeyExchangeException(MslError.INVALID_JWK, str, e3).setEntityAuthenticationData(entityAuthenticationData);
        }
    }
}
