package com.avast.android.ffl.v2;

import com.avast.android.ffl.AbstractFFLClient;
import com.avast.android.ffl.EncryptionException;
import com.avast.android.ffl.Hex;
import com.avast.android.ffl.KeyExpiredException;
import com.avast.android.ffl.LoggingProvider;
import com.avast.android.ffl.NonFFLResponseException;
import com.avast.android.ffl.RegistrationException;
import com.avast.crypto.FFLSpec;
import com.avast.crypto.KeyUtilityException;
import com.avast.crypto.PayloadException;
import com.avast.crypto.SymKeyUtility;
import com.avast.ffl.auth.proto.AuthProto;
import com.google.protobuf.ByteString;
import com.google.protobuf.InvalidProtocolBufferException;
import com.integralads.avid.library.mopub.session.internal.InternalAvidAdSessionContext;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Locale;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.commons.codec.binary.Base64;
import org.jsoup.helper.HttpConnection;
import retrofit.client.Client;
import retrofit.client.Header;
import retrofit.client.Request;
import retrofit.client.Response;
import retrofit.mime.TypedInput;
import retrofit.mime.TypedOutput;

/* loaded from: classes.dex */
public class FFLV2ClientImpl extends AbstractFFLClient implements FFLV2Client {

    /* renamed from: ʻ, reason: contains not printable characters */
    private final AuthProto.Identity f16737;

    /* renamed from: ʼ, reason: contains not printable characters */
    private final boolean f16738;

    /* renamed from: ˏ, reason: contains not printable characters */
    private final AuthStorage f16739;

    /* renamed from: ᐝ, reason: contains not printable characters */
    private final AtomicReference<AuthClock> f16740;

    public FFLV2ClientImpl(Client client, LoggingProvider loggingProvider, AuthStorage authStorage, AuthProto.Identity identity, String str) {
        this(client, loggingProvider, authStorage, identity, str, false);
    }

    public FFLV2ClientImpl(Client client, LoggingProvider loggingProvider, AuthStorage authStorage, AuthProto.Identity identity, String str, boolean z) {
        super(client, loggingProvider, str);
        this.f16740 = new AtomicReference<>();
        this.f16739 = authStorage;
        this.f16737 = identity;
        this.f16738 = z;
    }

    /* renamed from: ʾ, reason: contains not printable characters */
    private ClientKey m20345() throws IOException {
        return this.f16738 ? this.f16739.mo20330() : this.f16739.mo20329();
    }

    /* renamed from: ʿ, reason: contains not printable characters */
    private ClientIdentity m20346() throws IOException {
        return this.f16738 ? this.f16739.mo20322() : this.f16739.mo20326();
    }

    /* renamed from: ˊ, reason: contains not printable characters */
    private ClientKey m20347(ClientIdentity clientIdentity, ClientKey clientKey) throws IOException {
        final byte[] E = AuthProto.FFLAuthGenerateKeyRequest.m23141().m23158(clientIdentity.m20332()).m23160(clientIdentity.m20334()).m23155(clientKey.m20337()).m23157(this.f16737).m23162().E();
        Response execute = this.f16726.execute(new Request("POST", m20363(), null, new TypedOutput() { // from class: com.avast.android.ffl.v2.FFLV2ClientImpl.4
            @Override // retrofit.mime.TypedOutput
            public String fileName() {
                return null;
            }

            @Override // retrofit.mime.TypedOutput
            public long length() {
                return E.length;
            }

            @Override // retrofit.mime.TypedOutput
            public String mimeType() {
                return "application/octet-stream";
            }

            @Override // retrofit.mime.TypedOutput
            public void writeTo(OutputStream outputStream) throws IOException {
                outputStream.write(E);
            }
        }));
        if (execute.getStatus() == 409) {
            throw new KeyVersionConflictException("Conflict when requesting new key with previous version: " + clientKey.m20337());
        }
        if (execute.getStatus() != 200) {
            throw new GenerateKeyException("Return code of AUTH service should be 200, is " + execute.getStatus());
        }
        try {
            AuthProto.FFLAuthGenerateKeyResponse parseFrom = AuthProto.FFLAuthGenerateKeyResponse.parseFrom(execute.getBody().in());
            Calendar calendar = Calendar.getInstance();
            calendar.setTimeInMillis(parseFrom.m23168());
            this.f16725.mo20319("Received new AUTH key ID %s, version %s, expiration %s", Hex.m20317(parseFrom.m23165().m46094()), Long.valueOf(parseFrom.m23167()), new SimpleDateFormat("yyyy-MM-dd HH:mm:ss", Locale.US).format(calendar.getTime()));
            ClientKey clientKey2 = new ClientKey(parseFrom.m23165(), parseFrom.m23166(), parseFrom.m23167(), parseFrom.m23168());
            m20354(clientKey2);
            return clientKey2;
        } catch (InvalidProtocolBufferException e) {
            throw new GenerateKeyException("Could not parse generate key GPB response", e);
        }
    }

    /* renamed from: ˊ, reason: contains not printable characters */
    private String m20348(String str) throws UnsupportedEncodingException {
        return URLEncoder.encode(str, "UTF-8");
    }

    /* renamed from: ˊ, reason: contains not printable characters */
    private String m20349(byte[] bArr) throws UnsupportedEncodingException {
        return m20348(new String(Base64.encodeBase64(bArr), "UTF-8"));
    }

    /* renamed from: ˊ, reason: contains not printable characters */
    private Response m20350(Request request, ClientKey clientKey) throws IOException {
        try {
            return m20351(request, clientKey, m20360());
        } catch (InvalidRequestTimeException e) {
            this.f16725.mo20319("Server rejected request due to invalid time. Updating offset to server time ($s)", Long.valueOf(e.m20364()));
            m20352(e.m20364());
            return m20351(request, clientKey, m20360());
        }
    }

    /* renamed from: ˊ, reason: contains not printable characters */
    private Response m20351(Request request, ClientKey clientKey, long j) throws IOException {
        byte[] bArr;
        try {
            final TypedOutput body = request.getBody();
            ArrayList arrayList = new ArrayList(request.getHeaders());
            String m20334 = m20346().m20334();
            byte[] m23116 = SymKeyUtility.m23116();
            byte[] m23119 = SymKeyUtility.m23119(m23116, clientKey.m20336().m46094(), j, FFLSpec.V2.mo23097());
            if (body != null) {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream((int) body.length());
                body.writeTo(byteArrayOutputStream);
                bArr = byteArrayOutputStream.toByteArray();
            } else {
                bArr = new byte[0];
            }
            final byte[] m23094 = (bArr == null || bArr.length <= 0) ? new byte[0] : FFLSpec.V2.mo23098().m23094(bArr, m23116);
            arrayList.add(new Header(HttpConnection.CONTENT_ENCODING, "x-ffl"));
            arrayList.add(new Header("X-AVAST-FFL-Version", InternalAvidAdSessionContext.AVID_API_LEVEL));
            arrayList.add(new Header("X-AVAST-FFL-Mode", "SFSR"));
            arrayList.add(new Header("X-AVAST-Request-Time", Long.toString(j)));
            arrayList.add(new Header("X-AVAST-Client-Id-0", m20348(m20334)));
            arrayList.add(new Header("X-AVAST-Key-Id-0", m20349(clientKey.m20335().m46094())));
            arrayList.add(new Header("X-AVAST-ETEK-0", m20349(m23119)));
            Response execute = this.f16726.execute(new Request(request.getMethod(), request.getUrl(), arrayList, body != null ? new TypedOutput() { // from class: com.avast.android.ffl.v2.FFLV2ClientImpl.2
                @Override // retrofit.mime.TypedOutput
                public String fileName() {
                    return body.fileName();
                }

                @Override // retrofit.mime.TypedOutput
                public long length() {
                    return m23094.length;
                }

                @Override // retrofit.mime.TypedOutput
                public String mimeType() {
                    return body.mimeType();
                }

                @Override // retrofit.mime.TypedOutput
                public void writeTo(OutputStream outputStream) throws IOException {
                    outputStream.write(m23094);
                }
            } : null));
            final TypedInput body2 = execute.getBody();
            long length = body2 != null ? body2.length() : 0L;
            this.f16725.mo20318("Received response with status " + execute.getStatus() + "(" + execute.getReason() + ") and payload size " + length, new Object[0]);
            if (execute.getStatus() == 442) {
                throw new KeyExpiredException("Status code 442 from server");
            }
            final byte[] m23095 = body2 != null ? FFLSpec.V2.mo23098().m23095(m20316(body2.in()), SymKeyUtility.m23120(m20355(execute), clientKey.m20336().m46094(), j, FFLSpec.V2.mo23097())) : new byte[0];
            if (execute.getStatus() != 443) {
                return new Response(execute.getUrl(), execute.getStatus(), execute.getReason(), execute.getHeaders(), new TypedInput() { // from class: com.avast.android.ffl.v2.FFLV2ClientImpl.3
                    @Override // retrofit.mime.TypedInput
                    public InputStream in() throws IOException {
                        return new ByteArrayInputStream(m23095);
                    }

                    @Override // retrofit.mime.TypedInput
                    public long length() {
                        return m23095.length;
                    }

                    @Override // retrofit.mime.TypedInput
                    public String mimeType() {
                        TypedInput typedInput = body2;
                        return typedInput != null ? typedInput.mimeType() : "application/octet-stream";
                    }
                });
            }
            throw new InvalidRequestTimeException(m20356(m23095));
        } catch (KeyUtilityException e) {
            e = e;
            throw new EncryptionException(e);
        } catch (PayloadException e2) {
            e = e2;
            throw new EncryptionException(e);
        } catch (InvalidKeyException e3) {
            e = e3;
            throw new EncryptionException(e);
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            throw new EncryptionException(e);
        }
    }

    /* renamed from: ˊ, reason: contains not printable characters */
    private void m20352(long j) throws IOException {
        long m20339 = DefaultClock.m20339(j);
        this.f16739.mo20323(m20339);
        this.f16740.set(new DefaultClock(m20339));
    }

    /* renamed from: ˊ, reason: contains not printable characters */
    private void m20353(ClientIdentity clientIdentity) throws IOException {
        ByteString m20359 = m20359();
        AuthProto.FFLAuthRegistrationRequest.Builder m23191 = AuthProto.FFLAuthRegistrationRequest.m23170().m23192(m20359).m23191(this.f16737);
        if (clientIdentity != null) {
            m23191.m23188(AuthProto.FFLAuthRegistrationRequest.Parent.m23197().m23218(clientIdentity.m20334()).m23216(clientIdentity.m20332()));
        }
        final byte[] E = m23191.m23195().E();
        Response execute = this.f16726.execute(new Request("POST", m20362(), null, new TypedOutput() { // from class: com.avast.android.ffl.v2.FFLV2ClientImpl.1
            @Override // retrofit.mime.TypedOutput
            public String fileName() {
                return null;
            }

            @Override // retrofit.mime.TypedOutput
            public long length() {
                return E.length;
            }

            @Override // retrofit.mime.TypedOutput
            public String mimeType() {
                return "application/octet-stream";
            }

            @Override // retrofit.mime.TypedOutput
            public void writeTo(OutputStream outputStream) throws IOException {
                outputStream.write(E);
            }
        }));
        if (execute.getStatus() != 200) {
            throw new RegistrationException("Return code of AUTH service should be 200, is " + execute.getStatus());
        }
        try {
            AuthProto.FFLAuthRegistrationResponse parseFrom = AuthProto.FFLAuthRegistrationResponse.parseFrom(execute.getBody().in());
            Calendar calendar = Calendar.getInstance();
            calendar.setTimeInMillis(parseFrom.m23222());
            this.f16725.mo20319("Registered as %s Client ID %s with CIGT %s", clientIdentity != null ? "app" : "root", parseFrom.m23223(), Hex.m20317(m20359.m46094()));
            this.f16725.mo20319("Received new AUTH key ID %s, version %s, expiration %s", Hex.m20317(parseFrom.m23225().m46094()), Long.valueOf(parseFrom.m23227()), new SimpleDateFormat("yyyy-MM-dd HH:mm:ss", Locale.US).format(calendar.getTime()));
            ClientIdentity clientIdentity2 = new ClientIdentity(m20359, parseFrom.m23223());
            ClientKey clientKey = new ClientKey(parseFrom.m23225(), parseFrom.m23226(), parseFrom.m23227(), parseFrom.m23222());
            if (clientIdentity != null) {
                this.f16739.mo20327(clientIdentity2, clientKey);
            } else {
                this.f16739.mo20324(clientIdentity2, clientKey);
            }
        } catch (InvalidProtocolBufferException e) {
            throw new RegistrationException(e, "Could not parse registration GPB response");
        }
    }

    /* renamed from: ˊ, reason: contains not printable characters */
    private void m20354(ClientKey clientKey) throws IOException {
        if (this.f16738) {
            this.f16739.mo20328(clientKey);
        } else {
            this.f16739.mo20325(clientKey);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    /* renamed from: ˊ, reason: contains not printable characters */
    private byte[] m20355(Response response) throws EncryptionException, UnsupportedEncodingException, NonFFLResponseException {
        String str = null;
        String str2 = null;
        String str3 = null;
        for (Header header : response.getHeaders()) {
            if ("X-AVAST-FFL-Version".equalsIgnoreCase(header.getName())) {
                str = header.getValue();
            } else if ("X-AVAST-FFL-Mode".equalsIgnoreCase(header.getName())) {
                str2 = header.getValue();
            } else if ("X-AVAST-ETEK-0".equalsIgnoreCase(header.getName())) {
                str3 = header.getValue();
            }
        }
        if (!InternalAvidAdSessionContext.AVID_API_LEVEL.equals(str)) {
            throw new NonFFLResponseException("Invalid FFL version in server response: " + str, response);
        }
        if (!"SFSR".equals(str2)) {
            if (!"SFMR".equals(str2)) {
                throw new EncryptionException("Invalid FFL mode in server response: " + str2);
            }
            this.f16725.mo20320("Ignoring all but the first recipient in SFMR mode", new Object[0]);
        }
        if (str3 != null) {
            return m20358(str3);
        }
        throw new EncryptionException("Missing ETEK in server response");
    }

    /* renamed from: ˋ, reason: contains not printable characters */
    private long m20356(byte[] bArr) throws IOException {
        try {
            return Long.parseLong(new String(bArr, "UTF-8"));
        } catch (NumberFormatException e) {
            throw new EncryptionException(e, "Cannot parse server time from respnse");
        }
    }

    /* renamed from: ˋ, reason: contains not printable characters */
    private String m20357(String str) throws UnsupportedEncodingException {
        return URLDecoder.decode(str, "UTF-8");
    }

    /* renamed from: ˎ, reason: contains not printable characters */
    private byte[] m20358(String str) throws UnsupportedEncodingException {
        return Base64.decodeBase64(m20357(str).getBytes("UTF-8"));
    }

    /* renamed from: ͺ, reason: contains not printable characters */
    private ByteString m20359() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return ByteString.m46081(bArr);
    }

    /* renamed from: ι, reason: contains not printable characters */
    private long m20360() throws IOException {
        AuthClock authClock = this.f16740.get();
        if (authClock == null) {
            authClock = new DefaultClock(this.f16739.mo20331());
            this.f16740.set(authClock);
        }
        return authClock.mo20321();
    }

    @Override // retrofit.client.Client
    public Response execute(Request request) throws IOException, KeyExpiredException {
        ClientIdentity mo20322 = this.f16739.mo20322();
        if (mo20322 == null) {
            throw new IllegalStateException("Root Client ID not registered");
        }
        ClientIdentity mo20326 = this.f16739.mo20326();
        if (mo20326 == null) {
            throw new IllegalStateException("App Client ID not registered");
        }
        if (mo20326.m20333(mo20322)) {
            return m20350(request, m20345());
        }
        throw new AppClientIdMismatchException("App Client ID is not derived from root Client ID");
    }

    /* renamed from: ʻ, reason: contains not printable characters */
    public FFLV2ClientImpl m20361() {
        return this.f16738 ? this : new FFLV2ClientImpl(this.f16726, this.f16725, this.f16739, this.f16737, this.f16727, true);
    }

    /* renamed from: ʼ, reason: contains not printable characters */
    protected String m20362() {
        return "https://" + this.f16727 + "/V2/REG";
    }

    /* renamed from: ʽ, reason: contains not printable characters */
    protected String m20363() {
        return "https://" + this.f16727 + "/V2/KEY";
    }

    @Override // com.avast.android.ffl.v2.FFLV2Client
    /* renamed from: ˊ */
    public boolean mo20340() throws IOException {
        return this.f16739.mo20322() != null;
    }

    @Override // com.avast.android.ffl.v2.FFLV2Client
    /* renamed from: ˋ */
    public void mo20341() throws IOException {
        m20353((ClientIdentity) null);
    }

    @Override // com.avast.android.ffl.v2.FFLV2Client
    /* renamed from: ˎ */
    public boolean mo20342() throws IOException {
        return (this.f16739.mo20326() == null || this.f16739.mo20329() == null) ? false : true;
    }

    @Override // com.avast.android.ffl.v2.FFLV2Client
    /* renamed from: ˏ */
    public void mo20343() throws IOException {
        ClientIdentity mo20322 = this.f16739.mo20322();
        if (mo20322 == null) {
            throw new IllegalStateException("Root client id must be registered before registering app client id.");
        }
        m20353(mo20322);
    }

    @Override // com.avast.android.ffl.v2.FFLV2Client
    /* renamed from: ᐝ */
    public void mo20344() throws IOException {
        ClientKey m20345 = m20345();
        ClientIdentity m20346 = m20346();
        if (m20345 == null || m20346 == null) {
            throw new IllegalStateException("App client is not registered with auth server");
        }
        m20354(new ClientKey(m20345.m20335(), m20345.m20336(), m20345.m20337() + 1, m20345.m20338()));
        m20347(m20346, m20345);
    }
}
