package com.avast.android.mobilesecurity.o;

import com.avast.android.ffl.EncryptionException;
import com.avast.android.ffl.KeyExpiredException;
import com.avast.android.ffl.NonFFLResponseException;
import com.avast.android.ffl.RegistrationException;
import com.avast.android.ffl.v2.AppClientIdMismatchException;
import com.avast.android.ffl.v2.GenerateKeyException;
import com.avast.android.ffl.v2.InvalidRequestTimeException;
import com.avast.android.ffl.v2.KeyVersionConflictException;
import com.avast.crypto.KeyUtilityException;
import com.avast.crypto.PayloadException;
import com.avast.ffl.auth.proto.FFLAuthGenerateKeyRequest;
import com.avast.ffl.auth.proto.FFLAuthGenerateKeyResponse;
import com.avast.ffl.auth.proto.FFLAuthRegistrationRequest;
import com.avast.ffl.auth.proto.FFLAuthRegistrationResponse;
import com.avast.ffl.auth.proto.Identity;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Locale;
import java.util.concurrent.atomic.AtomicReference;
import okio.ByteString;
import org.apache.commons.codec.binary.Base64;
import retrofit.client.Client;
import retrofit.client.Header;
import retrofit.client.Request;
import retrofit.client.Response;
import retrofit.mime.TypedInput;
import retrofit.mime.TypedOutput;

/* loaded from: classes2.dex */
public class rw1 extends d1 implements qw1 {
    private final qv d;
    private final AtomicReference<pv> e;
    private final Identity f;
    private final boolean g;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public class a implements TypedOutput {
        final /* synthetic */ byte[] a;

        a(byte[] bArr) {
            this.a = bArr;
        }

        @Override // retrofit.mime.TypedOutput
        public String fileName() {
            return null;
        }

        @Override // retrofit.mime.TypedOutput
        public long length() {
            return this.a.length;
        }

        @Override // retrofit.mime.TypedOutput
        public String mimeType() {
            return "application/octet-stream";
        }

        @Override // retrofit.mime.TypedOutput
        public void writeTo(OutputStream outputStream) throws IOException {
            outputStream.write(this.a);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public class b implements TypedOutput {
        final /* synthetic */ TypedOutput a;
        final /* synthetic */ byte[] b;

        b(TypedOutput typedOutput, byte[] bArr) {
            this.a = typedOutput;
            this.b = bArr;
        }

        @Override // retrofit.mime.TypedOutput
        public String fileName() {
            return this.a.fileName();
        }

        @Override // retrofit.mime.TypedOutput
        public long length() {
            return this.b.length;
        }

        @Override // retrofit.mime.TypedOutput
        public String mimeType() {
            return this.a.mimeType();
        }

        @Override // retrofit.mime.TypedOutput
        public void writeTo(OutputStream outputStream) throws IOException {
            outputStream.write(this.b);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public class c implements TypedInput {
        final /* synthetic */ TypedInput a;
        final /* synthetic */ byte[] b;

        c(TypedInput typedInput, byte[] bArr) {
            this.a = typedInput;
            this.b = bArr;
        }

        @Override // retrofit.mime.TypedInput
        public InputStream in() throws IOException {
            return new ByteArrayInputStream(this.b);
        }

        @Override // retrofit.mime.TypedInput
        public long length() {
            return this.b.length;
        }

        @Override // retrofit.mime.TypedInput
        public String mimeType() {
            TypedInput typedInput = this.a;
            return typedInput != null ? typedInput.mimeType() : "application/octet-stream";
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public class d implements TypedOutput {
        final /* synthetic */ byte[] a;

        d(byte[] bArr) {
            this.a = bArr;
        }

        @Override // retrofit.mime.TypedOutput
        public String fileName() {
            return null;
        }

        @Override // retrofit.mime.TypedOutput
        public long length() {
            return this.a.length;
        }

        @Override // retrofit.mime.TypedOutput
        public String mimeType() {
            return "application/octet-stream";
        }

        @Override // retrofit.mime.TypedOutput
        public void writeTo(OutputStream outputStream) throws IOException {
            outputStream.write(this.a);
        }
    }

    public rw1(Client client, qp3 qp3Var, qv qvVar, Identity identity, String str) {
        this(client, qp3Var, qvVar, identity, str, false);
    }

    public rw1(Client client, qp3 qp3Var, qv qvVar, Identity identity, String str, boolean z) {
        super(client, qp3Var, str);
        this.e = new AtomicReference<>();
        this.d = qvVar;
        this.f = identity;
        this.g = z;
    }

    private byte[] g(String str) throws UnsupportedEncodingException {
        return Base64.decodeBase64(h(str).getBytes("UTF-8"));
    }

    private String h(String str) throws UnsupportedEncodingException {
        return URLDecoder.decode(str, "UTF-8");
    }

    private String i(byte[] bArr) throws UnsupportedEncodingException {
        return j(new String(Base64.encodeBase64(bArr), "UTF-8"));
    }

    private String j(String str) throws UnsupportedEncodingException {
        return URLEncoder.encode(str, "UTF-8");
    }

    private Response k(Request request, om0 om0Var) throws IOException {
        try {
            return l(request, om0Var, s());
        } catch (InvalidRequestTimeException e) {
            this.a.c("Server rejected request due to invalid time. Updating offset to server time ($s)", Long.valueOf(e.a()));
            y(e.a());
            return l(request, om0Var, s());
        }
    }

    private Response l(Request request, om0 om0Var, long j) throws IOException {
        byte[] bArr;
        try {
            TypedOutput body = request.getBody();
            ArrayList arrayList = new ArrayList(request.getHeaders());
            String a2 = p().a();
            byte[] d2 = gl6.d();
            byte[] byteArray = om0Var.c().toByteArray();
            pw1 pw1Var = pw1.c;
            byte[] c2 = gl6.c(d2, byteArray, j, pw1Var.c());
            if (body != null) {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream((int) body.length());
                body.writeTo(byteArrayOutputStream);
                bArr = byteArrayOutputStream.toByteArray();
            } else {
                bArr = new byte[0];
            }
            byte[] c3 = (bArr == null || bArr.length <= 0) ? new byte[0] : pw1Var.a().c(bArr, d2);
            arrayList.add(new Header("Content-Encoding", "x-ffl"));
            arrayList.add(new Header("X-AVAST-FFL-Version", "2"));
            arrayList.add(new Header("X-AVAST-FFL-Mode", "SFSR"));
            arrayList.add(new Header("X-AVAST-Request-Time", Long.toString(j)));
            arrayList.add(new Header("X-AVAST-Client-Id-0", j(a2)));
            arrayList.add(new Header("X-AVAST-Key-Id-0", i(om0Var.b().toByteArray())));
            arrayList.add(new Header("X-AVAST-ETEK-0", i(c2)));
            Response execute = this.b.execute(new Request(request.getMethod(), request.getUrl(), arrayList, body != null ? new b(body, c3) : null));
            TypedInput body2 = execute.getBody();
            long length = body2 != null ? body2.length() : 0L;
            this.a.b("Received response with status " + execute.getStatus() + "(" + execute.getReason() + ") and payload size " + length, new Object[0]);
            if (execute.getStatus() == 442) {
                throw new KeyExpiredException("Status code 442 from server");
            }
            byte[] b2 = body2 != null ? pw1Var.a().b(d1.f(body2.in()), gl6.a(n(execute), om0Var.c().toByteArray(), j, pw1Var.c())) : new byte[0];
            if (execute.getStatus() != 443) {
                return new Response(execute.getUrl(), execute.getStatus(), execute.getReason(), execute.getHeaders(), new c(body2, b2));
            }
            throw new InvalidRequestTimeException(o(b2));
        } catch (KeyUtilityException | PayloadException | InvalidKeyException | NoSuchAlgorithmException e) {
            throw new EncryptionException(e);
        }
    }

    private ByteString m() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return ByteString.of(bArr);
    }

    private byte[] n(Response response) throws EncryptionException, UnsupportedEncodingException, NonFFLResponseException {
        String str = null;
        String str2 = null;
        String str3 = null;
        for (Header header : response.getHeaders()) {
            if ("X-AVAST-FFL-Version".equalsIgnoreCase(header.getName())) {
                str = header.getValue();
            } else if ("X-AVAST-FFL-Mode".equalsIgnoreCase(header.getName())) {
                str2 = header.getValue();
            } else if ("X-AVAST-ETEK-0".equalsIgnoreCase(header.getName())) {
                str3 = header.getValue();
            }
        }
        if (!"2".equals(str)) {
            throw new NonFFLResponseException("Invalid FFL version in server response: " + str, response);
        }
        if (!"SFSR".equals(str2)) {
            if (!"SFMR".equals(str2)) {
                throw new EncryptionException("Invalid FFL mode in server response: " + str2);
            }
            this.a.a("Ignoring all but the first recipient in SFMR mode", new Object[0]);
        }
        if (str3 != null) {
            return g(str3);
        }
        throw new EncryptionException("Missing ETEK in server response");
    }

    private long o(byte[] bArr) throws IOException {
        try {
            return Long.parseLong(new String(bArr, "UTF-8"));
        } catch (NumberFormatException e) {
            throw new EncryptionException(e, "Cannot parse server time from respnse");
        }
    }

    private jm0 p() throws IOException {
        return this.g ? this.d.d() : this.d.o();
    }

    private om0 q() throws IOException {
        return this.g ? this.d.m() : this.d.c();
    }

    private long s() throws IOException {
        pv pvVar = this.e.get();
        if (pvVar == null) {
            pvVar = new be1(this.d.h());
            this.e.set(pvVar);
        }
        return pvVar.a();
    }

    private void t(jm0 jm0Var) throws IOException {
        ByteString m = m();
        FFLAuthRegistrationRequest.Builder identity = new FFLAuthRegistrationRequest.Builder().client_id_generation_token(m).identity(this.f);
        if (jm0Var != null) {
            identity.parent(new FFLAuthRegistrationRequest.Parent.Builder().client_id(jm0Var.a()).client_id_generation_token(jm0Var.b()).build());
        }
        Response execute = this.b.execute(new Request("POST", u(), null, new a(identity.build().encode())));
        if (execute.getStatus() != 200) {
            throw new RegistrationException("Return code of AUTH service should be 200, is " + execute.getStatus());
        }
        try {
            FFLAuthRegistrationResponse decode = FFLAuthRegistrationResponse.ADAPTER.decode(execute.getBody().in());
            Calendar calendar = Calendar.getInstance();
            calendar.setTimeInMillis(decode.key_expiration.longValue());
            this.a.c("Registered as %s Client ID %s with CIGT %s", jm0Var != null ? "app" : "root", decode.client_id, bp2.a(m.toByteArray()));
            this.a.c("Received new AUTH key ID %s, version %s, expiration %s", bp2.a(decode.key_id.toByteArray()), decode.key_version, new SimpleDateFormat("yyyy-MM-dd HH:mm:ss", Locale.US).format(calendar.getTime()));
            jm0 jm0Var2 = new jm0(m, decode.client_id);
            om0 om0Var = new om0(decode.key_id, decode.key, decode.key_version.longValue(), decode.key_expiration.longValue());
            if (jm0Var != null) {
                this.d.i(jm0Var2, om0Var);
            } else {
                this.d.p(jm0Var2, om0Var);
            }
        } catch (IOException e) {
            throw new RegistrationException(e, "Could not parse registration GPB response");
        }
    }

    private om0 v(jm0 jm0Var, om0 om0Var) throws IOException {
        Response execute = this.b.execute(new Request("POST", r(), null, new d(new FFLAuthGenerateKeyRequest.Builder().client_id_generation_token(jm0Var.b()).client_id(jm0Var.a()).previous_key_version(Long.valueOf(om0Var.d())).identity(this.f).build().encode())));
        if (execute.getStatus() == 409) {
            throw new KeyVersionConflictException("Conflict when requesting new key with previous version: " + om0Var.d());
        }
        if (execute.getStatus() != 200) {
            throw new GenerateKeyException("Return code of AUTH service should be 200, is " + execute.getStatus());
        }
        try {
            FFLAuthGenerateKeyResponse decode = FFLAuthGenerateKeyResponse.ADAPTER.decode(execute.getBody().in());
            Calendar calendar = Calendar.getInstance();
            calendar.setTimeInMillis(decode.key_expiration.longValue());
            this.a.c("Received new AUTH key ID %s, version %s, expiration %s", bp2.a(decode.key_id.toByteArray()), decode.key_version, new SimpleDateFormat("yyyy-MM-dd HH:mm:ss", Locale.US).format(calendar.getTime()));
            om0 om0Var2 = new om0(decode.key_id, decode.key, decode.key_version.longValue(), decode.key_expiration.longValue());
            w(om0Var2);
            return om0Var2;
        } catch (IOException e) {
            throw new GenerateKeyException("Could not parse generate key GPB response", e);
        }
    }

    private void w(om0 om0Var) throws IOException {
        if (this.g) {
            this.d.b(om0Var);
        } else {
            this.d.l(om0Var);
        }
    }

    private void y(long j) throws IOException {
        long b2 = be1.b(j);
        this.d.k(b2);
        this.e.set(new be1(b2));
    }

    @Override // com.avast.android.mobilesecurity.o.qw1
    public void a() throws IOException {
        jm0 d2 = this.d.d();
        if (d2 == null) {
            throw new IllegalStateException("Root client id must be registered before registering app client id.");
        }
        t(d2);
    }

    @Override // com.avast.android.mobilesecurity.o.qw1
    public void b() throws IOException {
        om0 q = q();
        jm0 p = p();
        if (q == null || p == null) {
            throw new IllegalStateException("App client is not registered with auth server");
        }
        w(new om0(q.b(), q.c(), q.d() + 1, q.a()));
        v(p, q);
    }

    @Override // com.avast.android.mobilesecurity.o.qw1
    public void c() throws IOException {
        t(null);
    }

    @Override // com.avast.android.mobilesecurity.o.qw1
    public boolean d() throws IOException {
        return (this.d.o() == null || this.d.c() == null) ? false : true;
    }

    @Override // com.avast.android.mobilesecurity.o.qw1
    public boolean e() throws IOException {
        return this.d.d() != null;
    }

    @Override // retrofit.client.Client
    public Response execute(Request request) throws IOException, KeyExpiredException {
        jm0 d2 = this.d.d();
        if (d2 == null) {
            throw new IllegalStateException("Root Client ID not registered");
        }
        jm0 o = this.d.o();
        if (o == null) {
            throw new IllegalStateException("App Client ID not registered");
        }
        if (o.c(d2)) {
            return k(request, q());
        }
        throw new AppClientIdMismatchException("App Client ID is not derived from root Client ID");
    }

    protected String r() {
        return "https://" + this.c + "/V2/KEY";
    }

    protected String u() {
        return "https://" + this.c + "/V2/REG";
    }

    public rw1 x() {
        return this.g ? this : new rw1(this.b, this.a, this.d, this.f, this.c, true);
    }
}
