package com.amazon.whisperlink.android.transport.tcomm.security;

import com.amazon.whisperlink.android.transport.tcomm.security.encryption.AESGCMEncryptionEngine;
import com.amazon.whisperlink.android.transport.tcomm.security.encryption.EncryptionEngine;
import com.amazon.whisperlink.android.transport.tcomm.security.encryption.SymmetricKey;
import com.amazon.whisperlink.android.transport.tcomm.security.encryption.utils.AsymmetricEncryptionUtil;
import com.amazon.whisperlink.android.transport.tcomm.security.exceptions.SecureTCommException;
import com.amazon.whisperlink.platform.PlatformManager;
import com.amazon.whisperlink.port.android.feature.AuthenticationControl;
import com.amazon.whisperlink.util.Log;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;

/* loaded from: classes2.dex */
public class SecureEncryption {
    private static final int DEFAULT_UPDATE_TIMEOUT_SEC = 10;
    private static final String TAG = SecureEncryption.class.getSimpleName();
    private SymmetricKey decryptionKey;
    private EncryptionEngine encryptionEngine;
    private SymmetricKey encryptionKey;
    private boolean isClient;
    private long lastUpdatedTime;
    private PrivateKey localPrivateKey;
    private PublicKey remotePublicKey;
    private long symmetricKeyRotationPeriodInMillis;

    public SecureEncryption(PublicKey publicKey, PrivateKey privateKey) {
        this(publicKey, privateKey, false, 0L);
    }

    public SecureEncryption(PublicKey publicKey, PrivateKey privateKey, boolean z, long j) {
        this.remotePublicKey = publicKey;
        this.localPrivateKey = privateKey;
        this.isClient = z;
        this.symmetricKeyRotationPeriodInMillis = j;
        this.encryptionEngine = new AESGCMEncryptionEngine();
        this.encryptionKey = new SymmetricKey(publicKey, privateKey);
        this.decryptionKey = new SymmetricKey(publicKey, privateKey);
    }

    private boolean forceAuthUpdate() {
        AuthenticationControl authenticationControl;
        Log.debug(TAG, "verify failed, updating key");
        PlatformManager platformManager = PlatformManager.getPlatformManager();
        if (platformManager == null || (authenticationControl = (AuthenticationControl) platformManager.getFeature(AuthenticationControl.class)) == null) {
            return false;
        }
        try {
            Future<Boolean> forceUpdate = authenticationControl.getDeviceTrackerPlugin().forceUpdate();
            if (forceUpdate != null) {
                return forceUpdate.get(10L, TimeUnit.SECONDS).booleanValue();
            }
            return false;
        } catch (Exception e) {
            Log.error(TAG, "Exception while calling forceAuthUpdate().", e);
            throw new SecureTCommException(TCommSecureCommsErrors.VERIFICATION_FAILED);
        }
    }

    private SymmetricKey getDecryptSymmetricKey(String str, String str2) {
        Log.debug(TAG, "getDecryptSymmetricKey ");
        if (this.decryptionKey.isSameKey(str, str2)) {
            return this.decryptionKey;
        }
        byte[] decrypt = AsymmetricEncryptionUtil.decrypt(str, this.localPrivateKey);
        if (AsymmetricEncryptionUtil.verify(decrypt, str2, this.remotePublicKey)) {
            this.decryptionKey.setKeySpecAndSignature(this.encryptionEngine.getKeySpec(decrypt), str, str2);
        } else {
            if (!forceAuthUpdate()) {
                Log.error(TAG, TCommSecureCommsErrors.VERIFICATION_FAILED);
                throw new SecureTCommException(TCommSecureCommsErrors.VERIFICATION_FAILED);
            }
            if (!AsymmetricEncryptionUtil.verify(decrypt, str2, this.remotePublicKey)) {
                Log.error(TAG, TCommSecureCommsErrors.VERIFICATION_FAILED);
                throw new SecureTCommException(TCommSecureCommsErrors.VERIFICATION_FAILED);
            }
            this.decryptionKey.setKeySpecAndSignature(this.encryptionEngine.getKeySpec(decrypt), str, str2);
        }
        return this.decryptionKey;
    }

    private SymmetricKey getEncryptSymmetricKey() {
        Log.debug(TAG, "getEncryptSymmetricKey");
        if (this.isClient) {
            long currentTimeMillis = System.currentTimeMillis() - this.lastUpdatedTime;
            if (this.encryptionKey.getKey() == null || currentTimeMillis > this.symmetricKeyRotationPeriodInMillis) {
                this.encryptionKey.setKeySpec(this.encryptionEngine.generateKey());
                this.lastUpdatedTime = System.currentTimeMillis();
            }
        } else if (!this.decryptionKey.getKey().equals(this.encryptionKey.getKey())) {
            this.encryptionKey.setKeySpec(this.decryptionKey.getKeySpec());
        }
        return this.encryptionKey;
    }

    public byte[] decrypt(SecurePayload securePayload) {
        if (securePayload.getVersion() != this.encryptionEngine.getSchemaId()) {
            throw new SecureTCommException(TCommSecureCommsErrors.UNSUPPORTED_PAYLOAD_VERSION);
        }
        return this.encryptionEngine.decrypt(securePayload.getEncryptedMessage(), getDecryptSymmetricKey(securePayload.getEncryptedSymmetricKey(), securePayload.getSignature()).getKeySpec());
    }

    public SecurePayload encrypt(byte[] bArr) {
        SymmetricKey encryptSymmetricKey = getEncryptSymmetricKey();
        return new SecurePayload(encryptSymmetricKey.getEncryptedKey(), this.encryptionEngine.encrypt(bArr, encryptSymmetricKey.getKeySpec()), encryptSymmetricKey.getSignature(), this.encryptionEngine.getSchemaId());
    }

    public int getSchema() {
        return this.encryptionEngine.getSchemaId();
    }
}
