package com.netflix.msl.keyx;

import com.netflix.msl.MslCryptoException;
import com.netflix.msl.MslEncodingException;
import com.netflix.msl.MslEntityAuthException;
import com.netflix.msl.MslError;
import com.netflix.msl.MslException;
import com.netflix.msl.MslInternalException;
import com.netflix.msl.MslKeyExchangeException;
import com.netflix.msl.MslMasterTokenException;
import com.netflix.msl.crypto.ICryptoContext;
import com.netflix.msl.crypto.JcaAlgorithm;
import com.netflix.msl.crypto.SessionCryptoContext;
import com.netflix.msl.entityauth.EntityAuthenticationData;
import com.netflix.msl.entityauth.EntityAuthenticationFactory;
import com.netflix.msl.entityauth.EntityAuthenticationScheme;
import com.netflix.msl.entityauth.PresharedAuthenticationData;
import com.netflix.msl.io.MslEncoderException;
import com.netflix.msl.io.MslEncoderFactory;
import com.netflix.msl.io.MslEncoderFormat;
import com.netflix.msl.io.MslObject;
import com.netflix.msl.keyx.KeyExchangeFactory;
import com.netflix.msl.tokens.MasterToken;
import com.netflix.msl.util.AuthenticationUtils;
import com.netflix.msl.util.MslContext;
import java.util.Arrays;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:WEB-INF/lib/msl-core-1.1223.0.jar:com/netflix/msl/keyx/SymmetricWrappedExchange.class */
public class SymmetricWrappedExchange extends KeyExchangeFactory {
    private final AuthenticationUtils authutils;

    /* loaded from: input_file:WEB-INF/lib/msl-core-1.1223.0.jar:com/netflix/msl/keyx/SymmetricWrappedExchange$KeyId.class */
    public enum KeyId {
        PSK,
        SESSION
    }

    /* loaded from: input_file:WEB-INF/lib/msl-core-1.1223.0.jar:com/netflix/msl/keyx/SymmetricWrappedExchange$RequestData.class */
    public static class RequestData extends KeyRequestData {
        private static final String KEY_KEY_ID = "keyid";
        private final KeyId keyId;

        public RequestData(KeyId keyId) {
            super(KeyExchangeScheme.SYMMETRIC_WRAPPED);
            this.keyId = keyId;
        }

        public RequestData(MslObject mslObject) throws MslEncodingException, MslKeyExchangeException {
            super(KeyExchangeScheme.SYMMETRIC_WRAPPED);
            try {
                String string = mslObject.getString(KEY_KEY_ID);
                try {
                    this.keyId = KeyId.valueOf(string);
                } catch (IllegalArgumentException e) {
                    throw new MslKeyExchangeException(MslError.UNIDENTIFIED_KEYX_KEY_ID, string, e);
                }
            } catch (MslEncoderException e2) {
                throw new MslEncodingException(MslError.MSL_PARSE_ERROR, "keydata " + mslObject, e2);
            }
        }

        public KeyId getKeyId() {
            return this.keyId;
        }

        @Override // com.netflix.msl.keyx.KeyRequestData
        protected MslObject getKeydata(MslEncoderFactory mslEncoderFactory, MslEncoderFormat mslEncoderFormat) throws MslEncoderException {
            MslObject createObject = mslEncoderFactory.createObject();
            createObject.put(KEY_KEY_ID, this.keyId.name());
            return createObject;
        }

        @Override // com.netflix.msl.keyx.KeyRequestData
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (obj instanceof RequestData) {
                return super.equals(obj) && this.keyId.equals(((RequestData) obj).keyId);
            }
            return false;
        }

        @Override // com.netflix.msl.keyx.KeyRequestData
        public int hashCode() {
            return super.hashCode() ^ this.keyId.hashCode();
        }
    }

    /* loaded from: input_file:WEB-INF/lib/msl-core-1.1223.0.jar:com/netflix/msl/keyx/SymmetricWrappedExchange$ResponseData.class */
    public static class ResponseData extends KeyResponseData {
        private static final String KEY_KEY_ID = "keyid";
        private static final String KEY_ENCRYPTION_KEY = "encryptionkey";
        private static final String KEY_HMAC_KEY = "hmackey";
        private final KeyId keyId;
        private final byte[] encryptionKey;
        private final byte[] hmacKey;

        public ResponseData(MasterToken masterToken, KeyId keyId, byte[] bArr, byte[] bArr2) {
            super(masterToken, KeyExchangeScheme.SYMMETRIC_WRAPPED);
            this.keyId = keyId;
            this.encryptionKey = bArr;
            this.hmacKey = bArr2;
        }

        public ResponseData(MasterToken masterToken, MslObject mslObject) throws MslEncodingException, MslKeyExchangeException {
            super(masterToken, KeyExchangeScheme.SYMMETRIC_WRAPPED);
            try {
                String string = mslObject.getString(KEY_KEY_ID);
                try {
                    this.keyId = KeyId.valueOf(string);
                    this.encryptionKey = mslObject.getBytes(KEY_ENCRYPTION_KEY);
                    this.hmacKey = mslObject.getBytes(KEY_HMAC_KEY);
                } catch (IllegalArgumentException e) {
                    throw new MslKeyExchangeException(MslError.UNIDENTIFIED_KEYX_KEY_ID, string, e);
                }
            } catch (MslEncoderException e2) {
                throw new MslEncodingException(MslError.MSL_PARSE_ERROR, "keydata " + mslObject, e2);
            }
        }

        public KeyId getKeyId() {
            return this.keyId;
        }

        public byte[] getEncryptionKey() {
            return this.encryptionKey;
        }

        public byte[] getHmacKey() {
            return this.hmacKey;
        }

        @Override // com.netflix.msl.keyx.KeyResponseData
        protected MslObject getKeydata(MslEncoderFactory mslEncoderFactory, MslEncoderFormat mslEncoderFormat) {
            MslObject createObject = mslEncoderFactory.createObject();
            createObject.put(KEY_KEY_ID, this.keyId.name());
            createObject.put(KEY_ENCRYPTION_KEY, this.encryptionKey);
            createObject.put(KEY_HMAC_KEY, this.hmacKey);
            return createObject;
        }

        @Override // com.netflix.msl.keyx.KeyResponseData
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof ResponseData)) {
                return false;
            }
            ResponseData responseData = (ResponseData) obj;
            return super.equals(obj) && this.keyId.equals(responseData.keyId) && Arrays.equals(this.encryptionKey, responseData.encryptionKey) && Arrays.equals(this.hmacKey, responseData.hmacKey);
        }

        @Override // com.netflix.msl.keyx.KeyResponseData
        public int hashCode() {
            return ((super.hashCode() ^ this.keyId.hashCode()) ^ Arrays.hashCode(this.encryptionKey)) ^ Arrays.hashCode(this.hmacKey);
        }
    }

    private static ICryptoContext createCryptoContext(MslContext mslContext, KeyId keyId, MasterToken masterToken, String str) throws MslCryptoException, MslKeyExchangeException, MslEntityAuthException, MslMasterTokenException {
        switch (keyId) {
            case SESSION:
                if (masterToken == null) {
                    throw new MslKeyExchangeException(MslError.KEYX_MASTER_TOKEN_MISSING, keyId.name());
                }
                ICryptoContext cryptoContext = mslContext.getMslStore().getCryptoContext(masterToken);
                if (cryptoContext != null) {
                    return cryptoContext;
                }
                if (masterToken.isDecrypted()) {
                    return new SessionCryptoContext(mslContext, masterToken);
                }
                throw new MslMasterTokenException(MslError.MASTERTOKEN_UNTRUSTED, masterToken);
            case PSK:
                PresharedAuthenticationData presharedAuthenticationData = new PresharedAuthenticationData(str);
                EntityAuthenticationFactory entityAuthenticationFactory = mslContext.getEntityAuthenticationFactory(EntityAuthenticationScheme.PSK);
                if (entityAuthenticationFactory == null) {
                    throw new MslKeyExchangeException(MslError.UNSUPPORTED_KEYX_KEY_ID, keyId.name());
                }
                return entityAuthenticationFactory.getCryptoContext(mslContext, presharedAuthenticationData);
            default:
                throw new MslKeyExchangeException(MslError.UNSUPPORTED_KEYX_KEY_ID, keyId.name());
        }
    }

    public SymmetricWrappedExchange(AuthenticationUtils authenticationUtils) {
        super(KeyExchangeScheme.SYMMETRIC_WRAPPED);
        this.authutils = authenticationUtils;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyRequestData createRequestData(MslContext mslContext, MslObject mslObject) throws MslEncodingException, MslKeyExchangeException {
        return new RequestData(mslObject);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyResponseData createResponseData(MslContext mslContext, MasterToken masterToken, MslObject mslObject) throws MslEncodingException, MslKeyExchangeException {
        return new ResponseData(masterToken, mslObject);
    }

    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyExchangeFactory.KeyExchangeData generateResponse(MslContext mslContext, MslEncoderFormat mslEncoderFormat, KeyRequestData keyRequestData, MasterToken masterToken) throws MslException {
        if (!(keyRequestData instanceof RequestData)) {
            throw new MslInternalException("Key request data " + keyRequestData.getClass().getName() + " was not created by this factory.");
        }
        RequestData requestData = (RequestData) keyRequestData;
        String identity = masterToken.getIdentity();
        if (!this.authutils.isSchemePermitted(identity, getScheme())) {
            throw new MslKeyExchangeException(MslError.KEYX_INCORRECT_DATA, "Authentication Scheme for Device Type Not Supported " + identity + ":" + getScheme()).setMasterToken(masterToken);
        }
        if (!masterToken.isVerified()) {
            throw new MslMasterTokenException(MslError.MASTERTOKEN_UNTRUSTED, masterToken).setMasterToken(masterToken);
        }
        byte[] bArr = new byte[16];
        byte[] bArr2 = new byte[32];
        mslContext.getRandom().nextBytes(bArr);
        mslContext.getRandom().nextBytes(bArr2);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        SecretKeySpec secretKeySpec2 = new SecretKeySpec(bArr2, JcaAlgorithm.HMAC_SHA256);
        KeyId keyId = requestData.getKeyId();
        MslEncoderFactory mslEncoderFactory = mslContext.getMslEncoderFactory();
        ICryptoContext createCryptoContext = createCryptoContext(mslContext, keyId, masterToken, masterToken.getIdentity());
        byte[] wrap = createCryptoContext.wrap(bArr, mslEncoderFactory, mslEncoderFormat);
        byte[] wrap2 = createCryptoContext.wrap(bArr2, mslEncoderFactory, mslEncoderFormat);
        MasterToken renewMasterToken = mslContext.getTokenFactory().renewMasterToken(mslContext, masterToken, secretKeySpec, secretKeySpec2, null);
        return new KeyExchangeFactory.KeyExchangeData(new ResponseData(renewMasterToken, keyId, wrap, wrap2), new SessionCryptoContext(mslContext, renewMasterToken));
    }

    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyExchangeFactory.KeyExchangeData generateResponse(MslContext mslContext, MslEncoderFormat mslEncoderFormat, KeyRequestData keyRequestData, EntityAuthenticationData entityAuthenticationData) throws MslException {
        if (!(keyRequestData instanceof RequestData)) {
            throw new MslInternalException("Key request data " + keyRequestData.getClass().getName() + " was not created by this factory.");
        }
        RequestData requestData = (RequestData) keyRequestData;
        String identity = entityAuthenticationData.getIdentity();
        if (!this.authutils.isSchemePermitted(identity, getScheme())) {
            throw new MslKeyExchangeException(MslError.KEYX_INCORRECT_DATA, "Authentication Scheme for Device Type Not Supported " + identity + ":" + getScheme());
        }
        byte[] bArr = new byte[16];
        byte[] bArr2 = new byte[32];
        mslContext.getRandom().nextBytes(bArr);
        mslContext.getRandom().nextBytes(bArr2);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        SecretKeySpec secretKeySpec2 = new SecretKeySpec(bArr2, JcaAlgorithm.HMAC_SHA256);
        KeyId keyId = requestData.getKeyId();
        MslEncoderFactory mslEncoderFactory = mslContext.getMslEncoderFactory();
        try {
            ICryptoContext createCryptoContext = createCryptoContext(mslContext, keyId, null, identity);
            byte[] wrap = createCryptoContext.wrap(bArr, mslEncoderFactory, mslEncoderFormat);
            byte[] wrap2 = createCryptoContext.wrap(bArr2, mslEncoderFactory, mslEncoderFormat);
            MasterToken createMasterToken = mslContext.getTokenFactory().createMasterToken(mslContext, entityAuthenticationData, secretKeySpec, secretKeySpec2, null);
            try {
                return new KeyExchangeFactory.KeyExchangeData(new ResponseData(createMasterToken, keyId, wrap, wrap2), new SessionCryptoContext(mslContext, createMasterToken));
            } catch (MslMasterTokenException e) {
                throw new MslInternalException("Master token constructed by token factory is not trusted.", e);
            }
        } catch (MslMasterTokenException e2) {
            throw new MslInternalException("Master token exception thrown when the master token is null.", e2);
        }
    }

    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public ICryptoContext getCryptoContext(MslContext mslContext, KeyRequestData keyRequestData, KeyResponseData keyResponseData, MasterToken masterToken) throws MslKeyExchangeException, MslCryptoException, MslEncodingException, MslMasterTokenException, MslEntityAuthException {
        if (!(keyRequestData instanceof RequestData)) {
            throw new MslInternalException("Key request data " + keyRequestData.getClass().getName() + " was not created by this factory.");
        }
        RequestData requestData = (RequestData) keyRequestData;
        if (!(keyResponseData instanceof ResponseData)) {
            throw new MslInternalException("Key response data " + keyResponseData.getClass().getName() + " was not created by this factory.");
        }
        ResponseData responseData = (ResponseData) keyResponseData;
        KeyId keyId = requestData.getKeyId();
        KeyId keyId2 = responseData.getKeyId();
        if (!keyId.equals(keyId2)) {
            throw new MslKeyExchangeException(MslError.KEYX_RESPONSE_REQUEST_MISMATCH, "request " + keyId + "; response " + keyId2).setMasterToken(masterToken);
        }
        String identity = mslContext.getEntityAuthenticationData(null).getIdentity();
        MslEncoderFactory mslEncoderFactory = mslContext.getMslEncoderFactory();
        ICryptoContext createCryptoContext = createCryptoContext(mslContext, keyId2, masterToken, identity);
        return new SessionCryptoContext(mslContext, responseData.getMasterToken(), identity, new SecretKeySpec(createCryptoContext.unwrap(responseData.getEncryptionKey(), mslEncoderFactory), "AES"), new SecretKeySpec(createCryptoContext.unwrap(responseData.getHmacKey(), mslEncoderFactory), JcaAlgorithm.HMAC_SHA256));
    }
}
