package com.sec.android.easyMover.iosmigrationlib.backupInfo;

import android.util.SparseArray;
import androidx.annotation.NonNull;
import com.sec.android.easyMoverCommon.CRLog;
import com.sec.android.easyMoverCommon.Constants;
import com.sec.android.easyMoverCommon.eventframework.error.ISSError;
import com.sec.android.easyMoverCommon.eventframework.error.SSError;
import com.sec.android.easyMoverCommon.eventframework.result.ISSResult;
import com.sec.android.easyMoverCommon.eventframework.result.SSResult;
import com.sec.android.easyMoverCommon.utility.ByteUtil;
import com.sec.android.easyMoverCommon.utility.StringUtil;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.crypto.PBEParametersGenerator;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.engines.AESWrapEngine;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.bouncycastle.crypto.params.KeyParameter;

/* loaded from: classes.dex */
public class IosKeyBag implements Iterable<IosTLV> {
    private static final int KEY_BAG_TYPE_BACKUP = 1;
    private static final int KEY_BAG_TYPE_ESCROW = 2;
    private static final int KEY_BAG_TYPE_OTA = 3;
    private static final int KEY_BAG_TYPE_SYSTEM = 0;
    private static final String TAG = Constants.PREFIX + IosKeyBag.class.getSimpleName();
    private static final int WRAP_FLAG_DEVICE_KEY = 1;
    private static final int WRAP_FLAG_PASSCODE = 2;
    private final byte[] iosKeyBagBytes;
    private final String password;
    private final boolean useNative;
    private int version = -1;
    private int type = -1;
    private byte[] derivedKekBytes = null;
    private IosKeyBagRecord metaRecord = null;
    private final SparseArray<IosKeyBagRecord> protectionClassRecords = new SparseArray<>();
    private byte[] deviceKeyBytes = null;

    private IosKeyBag(byte[] bArr, String str, boolean z) {
        this.iosKeyBagBytes = bArr;
        this.password = str;
        this.useNative = z;
    }

    private static byte[] aesUnWrap(byte[] bArr, byte[] bArr2, boolean z) {
        if (z) {
            CRLog.e(TAG, StringUtil.format("[%s] Using the native library not supported yet.", "aesUnWrap"));
            return new byte[0];
        }
        try {
            AESWrapEngine aESWrapEngine = new AESWrapEngine();
            aESWrapEngine.init(false, new KeyParameter(bArr));
            return aESWrapEngine.unwrap(bArr2, 0, bArr2.length);
        } catch (Exception e) {
            CRLog.e(TAG, StringUtil.format("[%s]Exception[%s]", "aesUnWrap", e));
            return new byte[0];
        }
    }

    private static ISSError checkArguments(String str, byte[] bArr, String str2, boolean z) {
        if (bArr == null || bArr.length == 0) {
            String format = StringUtil.format("[%s] iosKeyBagBytes argument is null or empty.", str);
            CRLog.e(TAG, format);
            return SSError.create(-3, format);
        }
        if (StringUtil.isEmpty(str2)) {
            String format2 = StringUtil.format("[%s] password argument is null or empty.", str);
            CRLog.e(TAG, format2);
            return SSError.create(-3, format2);
        }
        if (!z) {
            return SSError.createNoError();
        }
        String format3 = StringUtil.format("[%s] Using the native library not supported yet.", str);
        CRLog.e(TAG, format3);
        return SSError.create(-3, format3);
    }

    public static ISSResult<IosKeyBag> create(byte[] bArr, String str) {
        return create(bArr, str, false);
    }

    public static ISSResult<IosKeyBag> create(byte[] bArr, String str, boolean z) {
        SSResult sSResult = new SSResult();
        ISSError checkArguments = checkArguments("create", bArr, str, z);
        if (checkArguments.isError()) {
            CRLog.e(TAG, checkArguments.getMessage());
            sSResult.setError(checkArguments);
            return sSResult;
        }
        IosKeyBag iosKeyBag = new IosKeyBag(bArr, str, z);
        ISSError parseIosTLVs = iosKeyBag.parseIosTLVs();
        if (parseIosTLVs.isError()) {
            CRLog.e(TAG, parseIosTLVs.getMessage());
            sSResult.setError(parseIosTLVs);
            return sSResult;
        }
        ISSError deriveKekToUnwrapProtectionClassKeys = iosKeyBag.deriveKekToUnwrapProtectionClassKeys();
        if (deriveKekToUnwrapProtectionClassKeys.isError()) {
            CRLog.e(TAG, deriveKekToUnwrapProtectionClassKeys.getMessage());
            sSResult.setError(deriveKekToUnwrapProtectionClassKeys);
            return sSResult;
        }
        ISSError unwrapProtectionClassKeys = iosKeyBag.unwrapProtectionClassKeys();
        if (!unwrapProtectionClassKeys.isError()) {
            sSResult.setResult(iosKeyBag);
            return sSResult;
        }
        CRLog.e(TAG, unwrapProtectionClassKeys.getMessage());
        sSResult.setError(unwrapProtectionClassKeys);
        return sSResult;
    }

    private static byte[] decryptWithAesCbcNoPaddingAndZeroIv(byte[] bArr, byte[] bArr2, boolean z) {
        if (z) {
            return new byte[0];
        }
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            cipher.init(2, new SecretKeySpec(bArr, "AES"), new IvParameterSpec(new byte[16]));
            return cipher.doFinal(bArr2);
        } catch (Exception e) {
            CRLog.e(TAG, StringUtil.format("[%s]Exception[%s]", "decryptWithAesCbcNoPaddingAndZeroIv", e));
            return new byte[0];
        }
    }

    private ISSError deriveKekToUnwrapProtectionClassKeys() {
        byte[] bArr;
        IosTLV iosTLV = this.metaRecord.get(IosTLV.TAG_DPSL);
        IosTLV iosTLV2 = this.metaRecord.get(IosTLV.TAG_DPIC);
        if (iosTLV == null || iosTLV2 == null) {
            bArr = null;
        } else {
            byte[] value = iosTLV.getValue();
            int valueInt = iosTLV2.getValueInt(true);
            CRLog.d(TAG, "[%s][DPSL=%s]", "deriveKekToUnwrapProtectionClassKeys", ByteUtil.byteArrayToHexStr(value));
            CRLog.d(TAG, "[%s][DPIC=%d]", "deriveKekToUnwrapProtectionClassKeys", Integer.valueOf(valueInt));
            bArr = pbkdf2WithHmacSha256OrNot(PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(this.password.toCharArray()), value, valueInt, true, 256, this.useNative);
            CRLog.d(TAG, "[%s][key1=%s]", "deriveKekToUnwrapProtectionClassKeys", ByteUtil.byteArrayToHexStr(bArr));
        }
        IosTLV iosTLV3 = this.metaRecord.get(IosTLV.TAG_SALT);
        IosTLV iosTLV4 = this.metaRecord.get(IosTLV.TAG_ITER);
        if (iosTLV3 != null && iosTLV4 != null) {
            byte[] value2 = iosTLV3.getValue();
            int valueInt2 = iosTLV4.getValueInt(true);
            CRLog.d(TAG, "[%s][SALT=%s]", "deriveKekToUnwrapProtectionClassKeys", ByteUtil.byteArrayToHexStr(value2));
            CRLog.d(TAG, "[%s][ITER=%d]", "deriveKekToUnwrapProtectionClassKeys", Integer.valueOf(valueInt2));
            if (bArr == null) {
                bArr = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(this.password.toCharArray());
            }
            bArr = pbkdf2WithHmacSha256OrNot(bArr, value2, valueInt2, false, 256, this.useNative);
            CRLog.d(TAG, "[%s][key2=%s]", "deriveKekToUnwrapProtectionClassKeys", ByteUtil.byteArrayToHexStr(bArr));
        }
        if (bArr == null || bArr.length <= 0) {
            String format = StringUtil.format("[%s]failed to derive the key encryption key", "deriveKekToUnwrapProtectionClassKeys");
            CRLog.e(TAG, format);
            return SSError.create(-36, format);
        }
        this.derivedKekBytes = bArr;
        CRLog.d(TAG, "[%s][derivedKey=%s]", "deriveKekToUnwrapProtectionClassKeys", ByteUtil.byteArrayToHexStr(this.derivedKekBytes));
        return SSError.createNoError();
    }

    private ISSError parseIosTLVs() {
        Iterator<IosTLV> it = iterator();
        IosKeyBagRecord iosKeyBagRecord = null;
        while (it.hasNext()) {
            IosTLV next = it.next();
            if (next != null) {
                if (next.isVersTag()) {
                    this.version = next.getValueInt(true);
                } else if (next.isTypeTag()) {
                    this.type = next.getValueInt(true);
                } else if (next.isUuidTag()) {
                    if (iosKeyBagRecord != null) {
                        if (iosKeyBagRecord.isProtectionClassRecord()) {
                            putClassRecord(iosKeyBagRecord);
                        } else {
                            setMetaRecord(iosKeyBagRecord);
                        }
                    }
                    iosKeyBagRecord = new IosKeyBagRecord();
                    iosKeyBagRecord.add(next);
                } else if (iosKeyBagRecord != null) {
                    iosKeyBagRecord.add(next);
                }
            }
        }
        if (iosKeyBagRecord != null) {
            if (iosKeyBagRecord.isProtectionClassRecord()) {
                putClassRecord(iosKeyBagRecord);
            } else {
                setMetaRecord(iosKeyBagRecord);
            }
        }
        if (this.metaRecord != null) {
            return SSError.createNoError();
        }
        String format = StringUtil.format("[%s]failed to get the meta record.", "parseIosTLVs");
        CRLog.e(TAG, format);
        return SSError.create(-13, format);
    }

    private static byte[] pbkdf2WithHmacSha256OrNot(byte[] bArr, byte[] bArr2, int i, boolean z, int i2, boolean z2) {
        if (z2) {
            CRLog.e(TAG, StringUtil.format("[%s] Using the native library not supported yet.", "pbkdf2WithHmacSha256OrNot"));
            return new byte[0];
        }
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = z ? new PKCS5S2ParametersGenerator(new SHA256Digest()) : new PKCS5S2ParametersGenerator();
        pKCS5S2ParametersGenerator.init(bArr, bArr2, i);
        return ((KeyParameter) pKCS5S2ParametersGenerator.generateDerivedParameters(i2)).getKey();
    }

    private IosKeyBag putClassRecord(IosKeyBagRecord iosKeyBagRecord) {
        int protectionClass;
        if (iosKeyBagRecord == null || (protectionClass = iosKeyBagRecord.getProtectionClass()) < 0) {
            return this;
        }
        this.protectionClassRecords.put(protectionClass, iosKeyBagRecord);
        return this;
    }

    private ISSError unwrapProtectionClassKeys() {
        byte[] wrappedKey;
        ISSError createNoError = SSError.createNoError();
        int size = this.protectionClassRecords.size();
        for (int i = 0; i < size; i++) {
            IosKeyBagRecord valueAt = this.protectionClassRecords.valueAt(i);
            if (valueAt != null && (wrappedKey = valueAt.getWrappedKey()) != null && wrappedKey.length != 0) {
                int wrapFlag = valueAt.getWrapFlag();
                int i2 = wrapFlag & 1;
                if (i2 <= 0 || isDeviceKeyExist()) {
                    byte[] aesUnWrap = (wrapFlag & 2) > 0 ? aesUnWrap(this.derivedKekBytes, wrappedKey, this.useNative) : null;
                    if (i2 > 0 && isDeviceKeyExist()) {
                        aesUnWrap = decryptWithAesCbcNoPaddingAndZeroIv(this.deviceKeyBytes, aesUnWrap, this.useNative);
                    }
                    if (aesUnWrap != null && aesUnWrap.length > 0) {
                        valueAt.add(new IosTLV(IosTLV.TAG_CKEY, aesUnWrap.length, aesUnWrap));
                    }
                }
            }
        }
        return createNoError;
    }

    public byte[] aesUnwrapKey(int i, byte[] bArr, boolean z) {
        byte[] protectionClassKey = getProtectionClassKey(i);
        return (protectionClassKey == null || protectionClassKey.length == 0) ? new byte[0] : aesUnWrap(protectionClassKey, bArr, z);
    }

    public byte[] getDeviceKeyBytes() {
        return this.deviceKeyBytes;
    }

    public IosKeyBagRecord getMetaRecord() {
        return this.metaRecord;
    }

    public byte[] getProtectionClassKey(int i) {
        IosKeyBagRecord iosKeyBagRecord = this.protectionClassRecords.get(i);
        byte[] unwrappedKey = iosKeyBagRecord != null ? iosKeyBagRecord.getUnwrappedKey() : new byte[0];
        return unwrappedKey == null ? new byte[0] : unwrappedKey;
    }

    public SparseArray<byte[]> getProtectionClassKeys() {
        int keyAt;
        byte[] unwrappedKey;
        SparseArray<byte[]> sparseArray = new SparseArray<>();
        int size = this.protectionClassRecords.size();
        for (int i = 0; i < size; i++) {
            IosKeyBagRecord valueAt = this.protectionClassRecords.valueAt(i);
            if (valueAt != null && (keyAt = this.protectionClassRecords.keyAt(i)) > 0 && (unwrappedKey = valueAt.getUnwrappedKey()) != null && unwrappedKey.length > 0) {
                sparseArray.put(keyAt, unwrappedKey);
            }
        }
        return sparseArray;
    }

    public int getType() {
        return this.type;
    }

    public int getVersion() {
        return this.version;
    }

    public boolean isDeviceKeyExist() {
        byte[] bArr = this.deviceKeyBytes;
        return bArr != null && bArr.length > 0;
    }

    @Override // java.lang.Iterable
    @NonNull
    public Iterator<IosTLV> iterator() {
        return new IosTLVIterator(this.iosKeyBagBytes);
    }

    public void setDeviceKeyBytes(byte[] bArr) {
        this.deviceKeyBytes = bArr;
    }

    public void setMetaRecord(IosKeyBagRecord iosKeyBagRecord) {
        this.metaRecord = iosKeyBagRecord;
    }
}
