package com.liquable.nemo.endpoint.record;

import com.amazonaws.services.s3.internal.Constants;
import com.google.protobuf.ByteString;
import com.liquable.nemo.crypt.Encryption;
import com.liquable.nemo.endpoint.frame.IEpFrame;
import com.liquable.nemo.endpoint.frame.IEpFrameMapper;
import com.liquable.nemo.endpoint.record.LiteSecure;
import com.liquable.nemo.util.Logger;
import com.liquable.util.DesignContract;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.concurrent.atomic.AtomicReference;
import java.util.concurrent.locks.ReentrantLock;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public final class ClientRecordFactory {
    private static final int CURRENT_PROTOCOL_VERSION = 1;
    private static final String UTF8 = "UTF-8";
    private final IEpFrameMapper epFrameMapper;
    private volatile long nonce;
    private final long sessionId;
    private final UniqueDeviceBasedHmac uniqueDeviceBasedHmac;
    private final String uniqueDeviceId;
    private static final Logger logger = Logger.getInstance(ClientRecordFactory.class);
    private static final ByteBufferPool BYTE_BUFFER_POOL = new ByteBufferPool(8192, 8);
    private final AtomicReference<Encryption> encryptionRef = new AtomicReference<>();
    private final ReentrantLock encryptLock = new ReentrantLock();
    private final ReentrantLock decryptLock = new ReentrantLock();
    private final byte[] ivParameters = new byte[16];

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class BackedByteOutputStream extends ByteArrayOutputStream {
        public BackedByteOutputStream(ByteBuffer byteBuffer) {
            super(0);
            this.buf = byteBuffer.array();
        }

        public byte[] getBuf() {
            return this.buf;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class CompressionResult {
        private final byte[] compressed;
        private final int compressedLength;
        private final LiteSecure.BlockCipher.Compression compression;
        private final ByteBuffer intermediateByteBuffer;

        public CompressionResult(LiteSecure.BlockCipher.Compression compression, byte[] bArr, int i, ByteBuffer byteBuffer) {
            this.compression = compression;
            this.compressed = bArr;
            this.compressedLength = i;
            this.intermediateByteBuffer = byteBuffer;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static final class UniqueDeviceBasedHmac {
        private final Mac mac;
        private final ByteBuffer tailSaltBuffer;

        private UniqueDeviceBasedHmac(byte[] bArr) {
            try {
                this.mac = Mac.getInstance(Constants.HMAC_SHA1_ALGORITHM);
                this.mac.init(new SecretKeySpec(bArr, this.mac.getAlgorithm()));
                this.tailSaltBuffer = ByteBuffer.allocate(8);
            } catch (InvalidKeyException e) {
                throw new RuntimeException(e);
            } catch (NoSuchAlgorithmException e2) {
                throw new RuntimeException(e2);
            }
        }

        public static UniqueDeviceBasedHmac create(String str) {
            try {
                return new UniqueDeviceBasedHmac(str.getBytes("UTF-8"));
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException("unexpected", e);
            }
        }

        public synchronized byte[] digest(ByteBuffer byteBuffer, long j) {
            this.mac.update(byteBuffer);
            this.tailSaltBuffer.clear();
            this.tailSaltBuffer.putLong(j);
            this.tailSaltBuffer.flip();
            this.mac.update(this.tailSaltBuffer);
            return this.mac.doFinal();
        }

        public synchronized byte[] digest(byte[] bArr) {
            return this.mac.doFinal(bArr);
        }
    }

    public ClientRecordFactory(IEpFrameMapper iEpFrameMapper, long j, String str) {
        this.epFrameMapper = iEpFrameMapper;
        this.uniqueDeviceId = str;
        this.sessionId = j;
        this.uniqueDeviceBasedHmac = UniqueDeviceBasedHmac.create(str);
    }

    private void checkBlockCipherMac(LiteSecure.Record record, long j, ByteBuffer byteBuffer) throws GeneralSecurityException {
        if (!record.hasMac()) {
            throw new GeneralSecurityException("extract EpFrame but mac not present");
        }
        if (!Arrays.equals(this.uniqueDeviceBasedHmac.digest(byteBuffer, j), record.getMac().toByteArray())) {
            throw new GeneralSecurityException("extract EpFrame but invalid hmac");
        }
    }

    private CompressionResult compress(byte[] bArr, int i) {
        if (i < 860) {
            return new CompressionResult(LiteSecure.BlockCipher.Compression.NONE, bArr, i, null);
        }
        try {
            ByteBuffer allocate = BYTE_BUFFER_POOL.allocate((i / 3) * 2);
            BackedByteOutputStream backedByteOutputStream = new BackedByteOutputStream(allocate);
            GZIPOutputStream gZIPOutputStream = new GZIPOutputStream(backedByteOutputStream);
            gZIPOutputStream.write(bArr, 0, i);
            gZIPOutputStream.flush();
            gZIPOutputStream.close();
            return new CompressionResult(LiteSecure.BlockCipher.Compression.GZIP, backedByteOutputStream.getBuf(), backedByteOutputStream.size(), allocate);
        } catch (IOException e) {
            logger.error("compression error, fallback to no compression", e);
            return new CompressionResult(LiteSecure.BlockCipher.Compression.NONE, bArr, i, null);
        } catch (RuntimeException e2) {
            logger.error("unexpected compression error, fallback to no compression", e2);
            return new CompressionResult(LiteSecure.BlockCipher.Compression.NONE, bArr, i, null);
        }
    }

    private IEpFrame decodeEpFrame(ByteArrayInputStream byteArrayInputStream, LiteSecure.BlockCipher.Compression compression) throws IOException {
        InputStream inputStream = byteArrayInputStream;
        if (compression == LiteSecure.BlockCipher.Compression.GZIP) {
            inputStream = new GZIPInputStream(byteArrayInputStream);
        }
        return this.epFrameMapper.decode(inputStream);
    }

    private byte[] generateEncryptionKey(String str) {
        try {
            byte[] bytes = str.getBytes("UTF-8");
            ByteBuffer allocate = ByteBuffer.allocate(bytes.length + 16);
            allocate.put(bytes);
            allocate.putLong(this.nonce);
            allocate.putLong(this.sessionId);
            byte[] bArr = new byte[16];
            System.arraycopy(this.uniqueDeviceBasedHmac.digest(allocate.array()), 0, bArr, 0, 16);
            return bArr;
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("unexpected", e);
        }
    }

    public static LiteSecure.Record heartbeat(int i) {
        return LiteSecure.Record.newBuilder().setProtocolVersion(1).setCommand(LiteSecure.Command.newBuilder().setHeartbeat(LiteSecure.Heartbeat.newBuilder().setHeartbeatId(i)).build()).build();
    }

    private ByteBuffer serializeBlockCipher(LiteSecure.BlockCipher blockCipher) throws IOException {
        ByteBuffer allocate = BYTE_BUFFER_POOL.allocate(blockCipher.getSerializedSize());
        BackedByteOutputStream backedByteOutputStream = new BackedByteOutputStream(allocate);
        blockCipher.writeTo(backedByteOutputStream);
        allocate.limit(backedByteOutputStream.size());
        return allocate;
    }

    public void acceptNonce(long j) {
        this.nonce = j;
        this.encryptionRef.set(Encryption.createAESEncryption(generateEncryptionKey(this.uniqueDeviceId)));
    }

    public LiteSecure.Record authenticate(String str) {
        LiteSecure.Command build = LiteSecure.Command.newBuilder().setAuthenticate(LiteSecure.Authenticate.newBuilder().setSessionId(this.sessionId).setClientNemoVersion(com.liquable.nemo.Constants.CURRENT_VERSION.toString()).setClientPlatform(LiteSecure.Authenticate.Platform.ANDROID).setUid(str)).build();
        return LiteSecure.Record.newBuilder().setProtocolVersion(1).setCommand(build).setMac(ByteString.copyFrom(this.uniqueDeviceBasedHmac.digest(build.toByteArray()))).build();
    }

    public LiteSecure.Record authenticateResponse() {
        LiteSecure.Command build = LiteSecure.Command.newBuilder().setAuthenticateResponse(LiteSecure.AuthenticateResponse.newBuilder().setSessionId(this.sessionId).setNonce(this.nonce).setServerNemoVersion(com.liquable.nemo.Constants.CURRENT_VERSION.toString())).build();
        return LiteSecure.Record.newBuilder().setProtocolVersion(1).setCommand(build).setMac(ByteString.copyFrom(this.uniqueDeviceBasedHmac.digest(build.toByteArray()))).build();
    }

    public IEpFrame decryptEpFrame(LiteSecure.Record record, long j) throws IOException, GeneralSecurityException {
        DesignContract.preCondition(record.hasBlockCipher(), "not contains Block cipher");
        ByteBuffer serializeBlockCipher = serializeBlockCipher(record.getBlockCipher());
        checkBlockCipherMac(record, j, serializeBlockCipher);
        ByteBuffer asReadOnlyByteBuffer = record.getBlockCipher().getCipherText().asReadOnlyByteBuffer();
        ByteBuffer byteBuffer = null;
        try {
            Encryption encryption = this.encryptionRef.get();
            this.decryptLock.lock();
            try {
                byteBuffer = BYTE_BUFFER_POOL.allocate(encryption.estimateDecryptSize(asReadOnlyByteBuffer.limit()));
                encryption.resetDecryptIvParameter(record.getBlockCipher().getAlgorithmParameter().toByteArray(), 0);
                encryption.decryptInto(asReadOnlyByteBuffer, byteBuffer);
                this.decryptLock.unlock();
                return decodeEpFrame(new ByteArrayInputStream(byteBuffer.array(), 0, byteBuffer.position()), record.getBlockCipher().hasCompression() ? record.getBlockCipher().getCompression() : LiteSecure.BlockCipher.Compression.NONE);
            } catch (Throwable th) {
                this.decryptLock.unlock();
                throw th;
            }
        } finally {
            BYTE_BUFFER_POOL.recycle(serializeBlockCipher);
            BYTE_BUFFER_POOL.recycle(byteBuffer);
        }
    }

    public LiteSecure.Record encryptEpFrame(IEpFrame iEpFrame, long j, SecureRandom secureRandom) throws GeneralSecurityException, IOException {
        ByteBuffer allocate = BYTE_BUFFER_POOL.allocate();
        ByteBuffer byteBuffer = null;
        CompressionResult compressionResult = null;
        try {
            BackedByteOutputStream backedByteOutputStream = new BackedByteOutputStream(allocate);
            this.epFrameMapper.encodeInto(iEpFrame, backedByteOutputStream);
            compressionResult = compress(backedByteOutputStream.getBuf(), backedByteOutputStream.size());
            Encryption encryption = this.encryptionRef.get();
            this.encryptLock.lock();
            try {
                byteBuffer = BYTE_BUFFER_POOL.allocate(encryption.estimateEncryptSize(compressionResult.compressedLength));
                secureRandom.nextBytes(this.ivParameters);
                encryption.resetEncryptIvParameter(this.ivParameters, 0);
                encryption.encryptInto(compressionResult.compressed, compressionResult.compressedLength, byteBuffer);
                ByteString copyFrom = ByteString.copyFrom(this.ivParameters);
                this.encryptLock.unlock();
                LiteSecure.BlockCipher build = LiteSecure.BlockCipher.newBuilder().setCipherText(ByteString.copyFrom(byteBuffer)).setCompression(compressionResult.compression).setAlgorithmParameter(copyFrom).build();
                ByteBuffer serializeBlockCipher = serializeBlockCipher(build);
                LiteSecure.Record build2 = LiteSecure.Record.newBuilder().setProtocolVersion(1).setBlockCipher(build).setMac(ByteString.copyFrom(this.uniqueDeviceBasedHmac.digest(serializeBlockCipher, j))).build();
                BYTE_BUFFER_POOL.recycle(allocate);
                BYTE_BUFFER_POOL.recycle(byteBuffer);
                BYTE_BUFFER_POOL.recycle(serializeBlockCipher);
                if (compressionResult != null) {
                    BYTE_BUFFER_POOL.recycle(compressionResult.intermediateByteBuffer);
                }
                return build2;
            } catch (Throwable th) {
                this.encryptLock.unlock();
                throw th;
            }
        } catch (Throwable th2) {
            BYTE_BUFFER_POOL.recycle(allocate);
            BYTE_BUFFER_POOL.recycle(byteBuffer);
            BYTE_BUFFER_POOL.recycle(null);
            if (compressionResult != null) {
                BYTE_BUFFER_POOL.recycle(compressionResult.intermediateByteBuffer);
            }
            throw th2;
        }
    }

    public boolean validateCommandHmac(LiteSecure.Record record) {
        if (!record.hasCommand()) {
            return true;
        }
        if (!record.getCommand().hasAuthenticate() && !record.getCommand().hasAuthenticateResponse()) {
            return true;
        }
        if (record.hasMac()) {
            return Arrays.equals(this.uniqueDeviceBasedHmac.digest(record.getCommand().toByteArray()), record.getMac().toByteArray());
        }
        return false;
    }
}
