package org.cryptomator.cryptolib.common;

import com.google.common.base.Preconditions;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardCopyOption;
import java.nio.file.StandardOpenOption;
import java.security.InvalidKeyException;
import java.security.SecureRandom;
import java.util.Arrays;
import org.cryptomator.cryptolib.api.InvalidPassphraseException;
import org.cryptomator.cryptolib.api.Masterkey;
import org.cryptomator.cryptolib.api.MasterkeyLoadingFailedException;

/* loaded from: classes5.dex */
public class MasterkeyFileAccess {
    private static final int DEFAULT_MASTERKEY_FILE_VERSION = 999;
    private static final int DEFAULT_SCRYPT_BLOCK_SIZE = 8;
    private static final int DEFAULT_SCRYPT_COST_PARAM = 32768;
    private static final int DEFAULT_SCRYPT_SALT_LENGTH = 8;
    private final SecureRandom csprng;
    private final byte[] pepper;

    public MasterkeyFileAccess(byte[] bArr, SecureRandom secureRandom) {
        this.pepper = bArr;
        this.csprng = secureRandom;
    }

    @Deprecated
    public static int readAllegedVaultVersion(byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            InputStreamReader inputStreamReader = new InputStreamReader(byteArrayInputStream, StandardCharsets.UTF_8);
            try {
                int i = MasterkeyFile.read(inputStreamReader).version;
                inputStreamReader.close();
                byteArrayInputStream.close();
                return i;
            } finally {
            }
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static DestroyableSecretKey scrypt(CharSequence charSequence, byte[] bArr, byte[] bArr2, int i, int i2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        byte[] scrypt = Scrypt.scrypt(charSequence, bArr3, i, i2, 32);
        try {
            return new DestroyableSecretKey(scrypt, Masterkey.ENC_ALG);
        } finally {
            Arrays.fill(scrypt, (byte) 0);
        }
    }

    MasterkeyFile changePassphrase(MasterkeyFile masterkeyFile, CharSequence charSequence, CharSequence charSequence2) throws InvalidPassphraseException {
        Masterkey unlock = unlock(masterkeyFile, charSequence);
        try {
            MasterkeyFile lock = lock(unlock, charSequence2, masterkeyFile.version, masterkeyFile.scryptCostParam);
            if (unlock != null) {
                unlock.close();
            }
            return lock;
        } catch (Throwable th) {
            if (unlock != null) {
                try {
                    unlock.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public void changePassphrase(InputStream inputStream, OutputStream outputStream, CharSequence charSequence, CharSequence charSequence2) throws IOException, InvalidPassphraseException {
        InputStreamReader inputStreamReader = new InputStreamReader(inputStream, StandardCharsets.UTF_8);
        try {
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(outputStream, StandardCharsets.UTF_8);
            try {
                changePassphrase(MasterkeyFile.read(inputStreamReader), charSequence, charSequence2).write(outputStreamWriter);
                outputStreamWriter.close();
                inputStreamReader.close();
            } finally {
            }
        } catch (Throwable th) {
            try {
                inputStreamReader.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public byte[] changePassphrase(byte[] bArr, CharSequence charSequence, CharSequence charSequence2) throws IOException, InvalidPassphraseException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                changePassphrase(byteArrayInputStream, byteArrayOutputStream, charSequence, charSequence2);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                byteArrayOutputStream.close();
                byteArrayInputStream.close();
                return byteArray;
            } finally {
            }
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public Masterkey load(InputStream inputStream, CharSequence charSequence) throws IOException {
        InputStreamReader inputStreamReader = new InputStreamReader(inputStream, StandardCharsets.UTF_8);
        try {
            MasterkeyFile read = MasterkeyFile.read(inputStreamReader);
            if (!read.isValid()) {
                throw new IOException("Invalid key file");
            }
            Masterkey unlock = unlock(read, charSequence);
            inputStreamReader.close();
            return unlock;
        } catch (Throwable th) {
            try {
                inputStreamReader.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public Masterkey load(Path path, CharSequence charSequence) throws MasterkeyLoadingFailedException {
        try {
            InputStream newInputStream = Files.newInputStream(path, StandardOpenOption.READ);
            try {
                Masterkey load = load(newInputStream, charSequence);
                if (newInputStream != null) {
                    newInputStream.close();
                }
                return load;
            } finally {
            }
        } catch (IOException e) {
            throw new MasterkeyLoadingFailedException("I/O error", e);
        }
    }

    MasterkeyFile lock(Masterkey masterkey, CharSequence charSequence, int i, int i2) {
        Preconditions.checkNotNull(masterkey);
        Preconditions.checkNotNull(charSequence);
        Preconditions.checkArgument(!masterkey.isDestroyed(), "masterkey has been destroyed");
        byte[] bArr = new byte[8];
        this.csprng.nextBytes(bArr);
        DestroyableSecretKey scrypt = scrypt(charSequence, bArr, this.pepper, i2, 8);
        try {
            byte[] doFinal = MacSupplier.HMAC_SHA256.withKey(masterkey.getMacKey()).doFinal(ByteBuffer.allocate(4).putInt(i).array());
            MasterkeyFile masterkeyFile = new MasterkeyFile();
            masterkeyFile.version = i;
            masterkeyFile.versionMac = doFinal;
            masterkeyFile.scryptSalt = bArr;
            masterkeyFile.scryptCostParam = i2;
            masterkeyFile.scryptBlockSize = 8;
            masterkeyFile.encMasterKey = AesKeyWrap.wrap(scrypt, masterkey.getEncKey());
            masterkeyFile.macMasterKey = AesKeyWrap.wrap(scrypt, masterkey.getMacKey());
            if (scrypt != null) {
                scrypt.close();
            }
            return masterkeyFile;
        } catch (Throwable th) {
            if (scrypt != null) {
                try {
                    scrypt.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public void persist(Masterkey masterkey, OutputStream outputStream, CharSequence charSequence, @Deprecated int i) throws IOException {
        persist(masterkey, outputStream, charSequence, i, 32768);
    }

    void persist(Masterkey masterkey, OutputStream outputStream, CharSequence charSequence, @Deprecated int i, int i2) throws IOException {
        Preconditions.checkArgument(!masterkey.isDestroyed(), "masterkey has been destroyed");
        MasterkeyFile lock = lock(masterkey, charSequence, i, i2);
        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(outputStream, StandardCharsets.UTF_8);
        try {
            lock.write(outputStreamWriter);
            outputStreamWriter.close();
        } catch (Throwable th) {
            try {
                outputStreamWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public void persist(Masterkey masterkey, Path path, CharSequence charSequence) throws IOException {
        persist(masterkey, path, charSequence, 999);
    }

    public void persist(Masterkey masterkey, Path path, CharSequence charSequence, @Deprecated int i) throws IOException {
        Path resolveSibling = path.resolveSibling(path.getFileName().toString() + ".tmp");
        OutputStream newOutputStream = Files.newOutputStream(resolveSibling, StandardOpenOption.WRITE, StandardOpenOption.CREATE_NEW);
        try {
            persist(masterkey, newOutputStream, charSequence, i);
            if (newOutputStream != null) {
                newOutputStream.close();
            }
            Files.move(resolveSibling, path, StandardCopyOption.REPLACE_EXISTING);
        } catch (Throwable th) {
            if (newOutputStream != null) {
                try {
                    newOutputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    Masterkey unlock(MasterkeyFile masterkeyFile, CharSequence charSequence) throws InvalidPassphraseException {
        Preconditions.checkNotNull(masterkeyFile);
        Preconditions.checkArgument(masterkeyFile.isValid(), "Invalid masterkey file");
        Preconditions.checkNotNull(charSequence);
        try {
            DestroyableSecretKey scrypt = scrypt(charSequence, masterkeyFile.scryptSalt, this.pepper, masterkeyFile.scryptCostParam, masterkeyFile.scryptBlockSize);
            try {
                DestroyableSecretKey unwrap = AesKeyWrap.unwrap(scrypt, masterkeyFile.encMasterKey, Masterkey.ENC_ALG);
                try {
                    DestroyableSecretKey unwrap2 = AesKeyWrap.unwrap(scrypt, masterkeyFile.macMasterKey, Masterkey.MAC_ALG);
                    try {
                        Masterkey from = Masterkey.from(unwrap, unwrap2);
                        if (unwrap2 != null) {
                            unwrap2.close();
                        }
                        if (unwrap != null) {
                            unwrap.close();
                        }
                        if (scrypt != null) {
                            scrypt.close();
                        }
                        return from;
                    } finally {
                    }
                } finally {
                }
            } finally {
            }
        } catch (InvalidKeyException unused) {
            throw new InvalidPassphraseException();
        }
    }
}
