package com.xiaomi.keychainsdk.request.data;

import com.xiaomi.keychainsdk.exception.CryptoException;
import com.xiaomi.keychainsdk.request.context.TransferPublicKey;
import com.xiaomi.keychainsdk.util.DataUtil;
import com.xiaomi.keychainsdk.util.KeyBagDataUtil;
import com.zeus.gmc.sdk.mobileads.msa.adjump.module.AdJumpModule;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import org.jaudiotagger.tag.id3.AbstractTag;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes3.dex */
public class EncryptedClientTicketCalculator {
    private final short mHSid;
    private final long mHUser;
    private final byte[] mHsmAAD;
    private final int mHsmZone;
    private String mNewPassword;
    private final String mNonce;
    private final String mPassword;
    private final int mSecureLevel;
    private final TransferPublicKey mTPub;
    private final short mTag;

    public EncryptedClientTicketCalculator(short s6, long j, int i2, short s7, String str, TransferPublicKey transferPublicKey, int i7, String str2, byte[] bArr) {
        this.mHSid = s6;
        this.mHUser = j;
        this.mSecureLevel = i2;
        this.mTag = s7;
        this.mPassword = str;
        this.mTPub = transferPublicKey;
        this.mHsmZone = i7;
        this.mNonce = str2;
        this.mHsmAAD = bArr;
    }

    private String calculateStrongPasswordHashBase64(String str) {
        try {
            return KeyBagDataUtil.encodeBase64(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(str.toCharArray(), DataUtil.utf8bytes("Encrypt"), 1000, 96)).getEncoded());
        } catch (NoSuchAlgorithmException unused) {
            throw new RuntimeException("PBKDF2WithHmacSHA1 not supported");
        } catch (InvalidKeySpecException unused2) {
            throw new RuntimeException("PBKDF2WithHmacSHA1 error");
        }
    }

    private byte[] getEncryptionUnit() {
        String calculateStrongPasswordHashBase64 = calculateStrongPasswordHashBase64(this.mPassword);
        String str = this.mNewPassword;
        String calculateStrongPasswordHashBase642 = str != null ? calculateStrongPasswordHashBase64(str) : null;
        try {
            String[] strArr = new String[8];
            strArr[0] = String.valueOf((int) this.mHSid);
            strArr[1] = String.valueOf(this.mHUser);
            strArr[2] = String.valueOf(this.mSecureLevel);
            strArr[3] = calculateStrongPasswordHashBase64;
            strArr[4] = String.valueOf((int) this.mTag);
            strArr[5] = this.mTPub.getEncoded();
            strArr[6] = this.mNonce;
            strArr[7] = calculateStrongPasswordHashBase642 != null ? calculateStrongPasswordHashBase642 : "";
            String encodeBase64 = KeyBagDataUtil.encodeBase64(DataUtil.sha256(DataUtil.utf8bytes(KeyBagDataUtil.mixData(strArr))));
            try {
                JSONObject jSONObject = new JSONObject();
                jSONObject.put("hsid", (int) this.mHSid);
                jSONObject.put("userId", String.valueOf(this.mHUser));
                jSONObject.put("clientSecureLevel", this.mSecureLevel);
                jSONObject.put("userpasscodeKey", calculateStrongPasswordHashBase64);
                jSONObject.put(AbstractTag.TYPE_TAG, (int) this.mTag);
                jSONObject.put(AdJumpModule.KEY_NONCE, this.mNonce);
                jSONObject.put("clientSign", encodeBase64);
                if (calculateStrongPasswordHashBase642 != null) {
                    jSONObject.put("newUserpasscodeKey", calculateStrongPasswordHashBase642);
                }
                return DataUtil.utf8bytes(jSONObject.toString());
            } catch (JSONException unused) {
                throw new IllegalStateException("never reach here");
            }
        } catch (CertificateEncodingException e7) {
            throw new CryptoException(e7);
        }
    }

    public String calculate(PublicKey publicKey) {
        byte[] encryptionUnit = getEncryptionUnit();
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            Cipher cipher2 = Cipher.getInstance("RSA/ECB/OAEPPadding");
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                keyGenerator.init(256);
                SecretKey generateKey = keyGenerator.generateKey();
                byte[] bArr = new byte[12];
                new SecureRandom().nextBytes(bArr);
                try {
                    cipher.init(1, generateKey, new GCMParameterSpec(128, bArr));
                    cipher.updateAAD(this.mHsmAAD);
                    byte[] doFinal = cipher.doFinal(encryptionUnit);
                    cipher2.init(1, publicKey);
                    return KeyBagDataUtil.joinFields(String.valueOf(this.mHsmZone), KeyBagDataUtil.encodeBase64(cipher2.doFinal(generateKey.getEncoded())), KeyBagDataUtil.encodeBase64(bArr), KeyBagDataUtil.encodeBase64(doFinal), KeyBagDataUtil.encodeBase64(this.mHsmAAD));
                } catch (InvalidAlgorithmParameterException e7) {
                    throw new IllegalStateException("should not happen", e7);
                } catch (InvalidKeyException e8) {
                    throw new CryptoException(e8);
                } catch (BadPaddingException e9) {
                    throw new CryptoException(e9);
                } catch (IllegalBlockSizeException e10) {
                    throw new CryptoException(e10);
                }
            } catch (NoSuchAlgorithmException unused) {
                throw new RuntimeException("AES not supported");
            }
        } catch (NoSuchAlgorithmException unused2) {
            throw new RuntimeException("AES/GCM/NoPadding or RSA/ECB/OAEPPadding not supported");
        } catch (NoSuchPaddingException unused3) {
            throw new RuntimeException("AES/GCM/NoPadding or RSA/ECB/OAEPPadding not supported");
        }
    }

    public EncryptedClientTicketCalculator setNewPassword(String str) {
        this.mNewPassword = str;
        return this;
    }
}
