package com.avast.android.ffl.v2;

import com.avast.android.ffl.AbstractFFLClient;
import com.avast.android.ffl.EncryptionException;
import com.avast.android.ffl.Hex;
import com.avast.android.ffl.KeyExpiredException;
import com.avast.android.ffl.LoggingProvider;
import com.avast.android.ffl.NonFFLResponseException;
import com.avast.android.ffl.RegistrationException;
import com.avast.crypto.FFLSpec;
import com.avast.crypto.KeyUtilityException;
import com.avast.crypto.PayloadException;
import com.avast.crypto.SymKeyUtility;
import com.avast.ffl.auth.proto.AuthProto$FFLAuthGenerateKeyRequest;
import com.avast.ffl.auth.proto.AuthProto$FFLAuthGenerateKeyResponse;
import com.avast.ffl.auth.proto.AuthProto$FFLAuthRegistrationRequest;
import com.avast.ffl.auth.proto.AuthProto$FFLAuthRegistrationResponse;
import com.avast.ffl.auth.proto.AuthProto$Identity;
import com.google.protobuf.ByteString;
import com.google.protobuf.InvalidProtocolBufferException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Locale;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.commons.codec.binary.Base64;
import org.jsoup.helper.HttpConnection;
import retrofit.client.Client;
import retrofit.client.Header;
import retrofit.client.Request;
import retrofit.client.Response;
import retrofit.mime.TypedInput;
import retrofit.mime.TypedOutput;

/* loaded from: classes.dex */
public class FFLV2ClientImpl extends AbstractFFLClient implements FFLV2Client {

    /* renamed from: ʻ, reason: contains not printable characters */
    private final AuthProto$Identity f23523;

    /* renamed from: ʼ, reason: contains not printable characters */
    private final boolean f23524;

    /* renamed from: ˏ, reason: contains not printable characters */
    private final AuthStorage f23525;

    /* renamed from: ᐝ, reason: contains not printable characters */
    private final AtomicReference<AuthClock> f23526;

    public FFLV2ClientImpl(Client client, LoggingProvider loggingProvider, AuthStorage authStorage, AuthProto$Identity authProto$Identity, String str) {
        this(client, loggingProvider, authStorage, authProto$Identity, str, false);
    }

    public FFLV2ClientImpl(Client client, LoggingProvider loggingProvider, AuthStorage authStorage, AuthProto$Identity authProto$Identity, String str, boolean z) {
        super(client, loggingProvider, str);
        this.f23526 = new AtomicReference<>();
        this.f23525 = authStorage;
        this.f23523 = authProto$Identity;
        this.f23524 = z;
    }

    /* renamed from: ʹ, reason: contains not printable characters */
    private void m23468(ClientKey clientKey) throws IOException {
        if (this.f23524) {
            this.f23525.mo23450(clientKey);
        } else {
            this.f23525.mo23453(clientKey);
        }
    }

    /* renamed from: ʼ, reason: contains not printable characters */
    private byte[] m23469(String str) throws UnsupportedEncodingException {
        return Base64.decodeBase64(m23470(str).getBytes("UTF-8"));
    }

    /* renamed from: ʽ, reason: contains not printable characters */
    private String m23470(String str) throws UnsupportedEncodingException {
        return URLDecoder.decode(str, "UTF-8");
    }

    /* renamed from: ʾ, reason: contains not printable characters */
    private Response m23471(Request request, ClientKey clientKey) throws IOException {
        try {
            return m23472(request, clientKey, m23480());
        } catch (InvalidRequestTimeException e) {
            this.f23512.mo23443("Server rejected request due to invalid time. Updating offset to server time ($s)", Long.valueOf(e.m23487()));
            m23479(e.m23487());
            return m23472(request, clientKey, m23480());
        }
    }

    /* renamed from: ʿ, reason: contains not printable characters */
    private Response m23472(Request request, ClientKey clientKey, long j) throws IOException {
        byte[] bArr;
        try {
            final TypedOutput body = request.getBody();
            ArrayList arrayList = new ArrayList(request.getHeaders());
            String m23455 = m23476().m23455();
            byte[] m25928 = SymKeyUtility.m25928();
            byte[] m49495 = clientKey.m23460().m49495();
            FFLSpec fFLSpec = FFLSpec.V2;
            byte[] m25927 = SymKeyUtility.m25927(m25928, m49495, j, fFLSpec.mo25906());
            if (body != null) {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream((int) body.length());
                body.writeTo(byteArrayOutputStream);
                bArr = byteArrayOutputStream.toByteArray();
            } else {
                bArr = new byte[0];
            }
            final byte[] m25903 = (bArr == null || bArr.length <= 0) ? new byte[0] : fFLSpec.mo25905().m25903(bArr, m25928);
            arrayList.add(new Header(HttpConnection.CONTENT_ENCODING, "x-ffl"));
            arrayList.add(new Header("X-AVAST-FFL-Version", "2"));
            arrayList.add(new Header("X-AVAST-FFL-Mode", "SFSR"));
            arrayList.add(new Header("X-AVAST-Request-Time", Long.toString(j)));
            arrayList.add(new Header("X-AVAST-Client-Id-0", m23482(m23455)));
            arrayList.add(new Header("X-AVAST-Key-Id-0", m23478(clientKey.m23459().m49495())));
            arrayList.add(new Header("X-AVAST-ETEK-0", m23478(m25927)));
            Response execute = this.f23513.execute(new Request(request.getMethod(), request.getUrl(), arrayList, body != null ? new TypedOutput(this) { // from class: com.avast.android.ffl.v2.FFLV2ClientImpl.2
                @Override // retrofit.mime.TypedOutput
                public String fileName() {
                    return body.fileName();
                }

                @Override // retrofit.mime.TypedOutput
                public long length() {
                    return m25903.length;
                }

                @Override // retrofit.mime.TypedOutput
                public String mimeType() {
                    return body.mimeType();
                }

                @Override // retrofit.mime.TypedOutput
                public void writeTo(OutputStream outputStream) throws IOException {
                    outputStream.write(m25903);
                }
            } : null));
            final TypedInput body2 = execute.getBody();
            long length = body2 != null ? body2.length() : 0L;
            this.f23512.mo23442("Received response with status " + execute.getStatus() + "(" + execute.getReason() + ") and payload size " + length, new Object[0]);
            if (execute.getStatus() == 442) {
                throw new KeyExpiredException("Status code 442 from server");
            }
            final byte[] m25902 = body2 != null ? fFLSpec.mo25905().m25902(AbstractFFLClient.m23439(body2.in()), SymKeyUtility.m25925(m23474(execute), clientKey.m23460().m49495(), j, fFLSpec.mo25906())) : new byte[0];
            if (execute.getStatus() != 443) {
                return new Response(execute.getUrl(), execute.getStatus(), execute.getReason(), execute.getHeaders(), new TypedInput(this) { // from class: com.avast.android.ffl.v2.FFLV2ClientImpl.3
                    @Override // retrofit.mime.TypedInput
                    public InputStream in() throws IOException {
                        return new ByteArrayInputStream(m25902);
                    }

                    @Override // retrofit.mime.TypedInput
                    public long length() {
                        return m25902.length;
                    }

                    @Override // retrofit.mime.TypedInput
                    public String mimeType() {
                        TypedInput typedInput = body2;
                        return typedInput != null ? typedInput.mimeType() : "application/octet-stream";
                    }
                });
            }
            throw new InvalidRequestTimeException(m23475(m25902));
        } catch (KeyUtilityException | PayloadException | InvalidKeyException | NoSuchAlgorithmException e) {
            throw new EncryptionException(e);
        }
    }

    /* renamed from: ˈ, reason: contains not printable characters */
    private ByteString m23473() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return ByteString.m49490(bArr);
    }

    /* renamed from: ˉ, reason: contains not printable characters */
    private byte[] m23474(Response response) throws EncryptionException, UnsupportedEncodingException, NonFFLResponseException {
        String str = null;
        String str2 = null;
        String str3 = null;
        for (Header header : response.getHeaders()) {
            if ("X-AVAST-FFL-Version".equalsIgnoreCase(header.getName())) {
                str = header.getValue();
            } else if ("X-AVAST-FFL-Mode".equalsIgnoreCase(header.getName())) {
                str2 = header.getValue();
            } else if ("X-AVAST-ETEK-0".equalsIgnoreCase(header.getName())) {
                str3 = header.getValue();
            }
        }
        if (!"2".equals(str)) {
            throw new NonFFLResponseException("Invalid FFL version in server response: " + str, response);
        }
        if (!"SFSR".equals(str2)) {
            if (!"SFMR".equals(str2)) {
                throw new EncryptionException("Invalid FFL mode in server response: " + str2);
            }
            this.f23512.mo23441("Ignoring all but the first recipient in SFMR mode", new Object[0]);
        }
        if (str3 != null) {
            return m23469(str3);
        }
        throw new EncryptionException("Missing ETEK in server response");
    }

    /* renamed from: ˌ, reason: contains not printable characters */
    private long m23475(byte[] bArr) throws IOException {
        try {
            return Long.parseLong(new String(bArr, "UTF-8"));
        } catch (NumberFormatException e) {
            throw new EncryptionException(e, "Cannot parse server time from respnse");
        }
    }

    /* renamed from: ˍ, reason: contains not printable characters */
    private ClientIdentity m23476() throws IOException {
        return this.f23524 ? this.f23525.mo23447() : this.f23525.mo23449();
    }

    /* renamed from: ˑ, reason: contains not printable characters */
    private ClientKey m23477() throws IOException {
        return this.f23524 ? this.f23525.mo23454() : this.f23525.mo23446();
    }

    /* renamed from: ͺ, reason: contains not printable characters */
    private String m23478(byte[] bArr) throws UnsupportedEncodingException {
        return m23482(new String(Base64.encodeBase64(bArr), "UTF-8"));
    }

    /* renamed from: י, reason: contains not printable characters */
    private void m23479(long j) throws IOException {
        long m23462 = DefaultClock.m23462(j);
        this.f23525.mo23445(m23462);
        this.f23526.set(new DefaultClock(m23462));
    }

    /* renamed from: ᐧ, reason: contains not printable characters */
    private long m23480() throws IOException {
        AuthClock authClock = this.f23526.get();
        if (authClock == null) {
            authClock = new DefaultClock(this.f23525.mo23451());
            this.f23526.set(authClock);
        }
        return authClock.mo23444();
    }

    /* renamed from: ᐨ, reason: contains not printable characters */
    private void m23481(ClientIdentity clientIdentity) throws IOException {
        ByteString m23473 = m23473();
        AuthProto$FFLAuthRegistrationRequest.Builder m26075 = AuthProto$FFLAuthRegistrationRequest.m26075();
        m26075.m26092(m23473);
        m26075.m26094(this.f23523);
        if (clientIdentity != null) {
            AuthProto$FFLAuthRegistrationRequest.Parent.Builder m26101 = AuthProto$FFLAuthRegistrationRequest.Parent.m26101();
            m26101.m26116(clientIdentity.m23455());
            m26101.m26117(clientIdentity.m23456());
            m26075.m26095(m26101);
        }
        final byte[] m49476 = m26075.m26093().m49476();
        Response execute = this.f23513.execute(new Request("POST", m23486(), null, new TypedOutput(this) { // from class: com.avast.android.ffl.v2.FFLV2ClientImpl.1
            @Override // retrofit.mime.TypedOutput
            public String fileName() {
                return null;
            }

            @Override // retrofit.mime.TypedOutput
            public long length() {
                return m49476.length;
            }

            @Override // retrofit.mime.TypedOutput
            public String mimeType() {
                return "application/octet-stream";
            }

            @Override // retrofit.mime.TypedOutput
            public void writeTo(OutputStream outputStream) throws IOException {
                outputStream.write(m49476);
            }
        }));
        if (execute.getStatus() != 200) {
            throw new RegistrationException("Return code of AUTH service should be 200, is " + execute.getStatus());
        }
        try {
            AuthProto$FFLAuthRegistrationResponse parseFrom = AuthProto$FFLAuthRegistrationResponse.parseFrom(execute.getBody().in());
            Calendar calendar = Calendar.getInstance();
            calendar.setTimeInMillis(parseFrom.m26121());
            this.f23512.mo23443("Registered as %s Client ID %s with CIGT %s", clientIdentity != null ? "app" : "root", parseFrom.m26120(), Hex.m23440(m23473.m49495()));
            this.f23512.mo23443("Received new AUTH key ID %s, version %s, expiration %s", Hex.m23440(parseFrom.m26122().m49495()), Long.valueOf(parseFrom.m26123()), new SimpleDateFormat("yyyy-MM-dd HH:mm:ss", Locale.US).format(calendar.getTime()));
            ClientIdentity clientIdentity2 = new ClientIdentity(m23473, parseFrom.m26120());
            ClientKey clientKey = new ClientKey(parseFrom.m26122(), parseFrom.m26125(), parseFrom.m26123(), parseFrom.m26121());
            if (clientIdentity != null) {
                this.f23525.mo23452(clientIdentity2, clientKey);
            } else {
                this.f23525.mo23448(clientIdentity2, clientKey);
            }
        } catch (InvalidProtocolBufferException e) {
            throw new RegistrationException(e, "Could not parse registration GPB response");
        }
    }

    /* renamed from: ι, reason: contains not printable characters */
    private String m23482(String str) throws UnsupportedEncodingException {
        return URLEncoder.encode(str, "UTF-8");
    }

    /* renamed from: ﾞ, reason: contains not printable characters */
    private ClientKey m23483(ClientIdentity clientIdentity, ClientKey clientKey) throws IOException {
        AuthProto$FFLAuthGenerateKeyRequest.Builder m26041 = AuthProto$FFLAuthGenerateKeyRequest.m26041();
        m26041.m26060(clientIdentity.m23456());
        m26041.m26059(clientIdentity.m23455());
        m26041.m26063(clientKey.m23461());
        m26041.m26062(this.f23523);
        final byte[] m49476 = m26041.m26061().m49476();
        Response execute = this.f23513.execute(new Request("POST", m23485(), null, new TypedOutput(this) { // from class: com.avast.android.ffl.v2.FFLV2ClientImpl.4
            @Override // retrofit.mime.TypedOutput
            public String fileName() {
                return null;
            }

            @Override // retrofit.mime.TypedOutput
            public long length() {
                return m49476.length;
            }

            @Override // retrofit.mime.TypedOutput
            public String mimeType() {
                return "application/octet-stream";
            }

            @Override // retrofit.mime.TypedOutput
            public void writeTo(OutputStream outputStream) throws IOException {
                outputStream.write(m49476);
            }
        }));
        if (execute.getStatus() == 409) {
            throw new KeyVersionConflictException("Conflict when requesting new key with previous version: " + clientKey.m23461());
        }
        if (execute.getStatus() != 200) {
            throw new GenerateKeyException("Return code of AUTH service should be 200, is " + execute.getStatus());
        }
        try {
            AuthProto$FFLAuthGenerateKeyResponse parseFrom = AuthProto$FFLAuthGenerateKeyResponse.parseFrom(execute.getBody().in());
            Calendar calendar = Calendar.getInstance();
            calendar.setTimeInMillis(parseFrom.m26067());
            this.f23512.mo23443("Received new AUTH key ID %s, version %s, expiration %s", Hex.m23440(parseFrom.m26068().m49495()), Long.valueOf(parseFrom.m26066()), new SimpleDateFormat("yyyy-MM-dd HH:mm:ss", Locale.US).format(calendar.getTime()));
            ClientKey clientKey2 = new ClientKey(parseFrom.m26068(), parseFrom.m26065(), parseFrom.m26066(), parseFrom.m26067());
            m23468(clientKey2);
            return clientKey2;
        } catch (InvalidProtocolBufferException e) {
            throw new GenerateKeyException("Could not parse generate key GPB response", e);
        }
    }

    @Override // retrofit.client.Client
    public Response execute(Request request) throws IOException, KeyExpiredException {
        ClientIdentity mo23447 = this.f23525.mo23447();
        if (mo23447 == null) {
            throw new IllegalStateException("Root Client ID not registered");
        }
        ClientIdentity mo23449 = this.f23525.mo23449();
        if (mo23449 == null) {
            throw new IllegalStateException("App Client ID not registered");
        }
        if (mo23449.m23457(mo23447)) {
            return m23471(request, m23477());
        }
        throw new AppClientIdMismatchException("App Client ID is not derived from root Client ID");
    }

    @Override // com.avast.android.ffl.v2.FFLV2Client
    /* renamed from: ˊ */
    public void mo23463() throws IOException {
        ClientIdentity mo23447 = this.f23525.mo23447();
        if (mo23447 == null) {
            throw new IllegalStateException("Root client id must be registered before registering app client id.");
        }
        m23481(mo23447);
    }

    @Override // com.avast.android.ffl.v2.FFLV2Client
    /* renamed from: ˋ */
    public void mo23464() throws IOException {
        ClientKey m23477 = m23477();
        ClientIdentity m23476 = m23476();
        if (m23477 == null || m23476 == null) {
            throw new IllegalStateException("App client is not registered with auth server");
        }
        m23468(new ClientKey(m23477.m23459(), m23477.m23460(), m23477.m23461() + 1, m23477.m23458()));
        m23483(m23476, m23477);
    }

    @Override // com.avast.android.ffl.v2.FFLV2Client
    /* renamed from: ˎ */
    public void mo23465() throws IOException {
        m23481(null);
    }

    @Override // com.avast.android.ffl.v2.FFLV2Client
    /* renamed from: ˏ */
    public boolean mo23466() throws IOException {
        return (this.f23525.mo23449() == null || this.f23525.mo23446() == null) ? false : true;
    }

    /* renamed from: ՙ, reason: contains not printable characters */
    public FFLV2ClientImpl m23484() {
        return this.f23524 ? this : new FFLV2ClientImpl(this.f23513, this.f23512, this.f23525, this.f23523, this.f23514, true);
    }

    /* renamed from: ـ, reason: contains not printable characters */
    protected String m23485() {
        return "https://" + this.f23514 + "/V2/KEY";
    }

    @Override // com.avast.android.ffl.v2.FFLV2Client
    /* renamed from: ᐝ */
    public boolean mo23467() throws IOException {
        return this.f23525.mo23447() != null;
    }

    /* renamed from: ﹳ, reason: contains not printable characters */
    protected String m23486() {
        return "https://" + this.f23514 + "/V2/REG";
    }
}
