package org.whispersystems.signalservice.api;

import java.io.IOException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.util.Locale;
import org.whispersystems.libsignal.logging.Log;
import org.whispersystems.signalservice.api.crypto.InvalidCiphertextException;
import org.whispersystems.signalservice.api.kbs.HashedPin;
import org.whispersystems.signalservice.api.kbs.KbsData;
import org.whispersystems.signalservice.api.kbs.MasterKey;
import org.whispersystems.signalservice.internal.contacts.crypto.KeyBackupCipher;
import org.whispersystems.signalservice.internal.contacts.crypto.Quote;
import org.whispersystems.signalservice.internal.contacts.crypto.RemoteAttestation;
import org.whispersystems.signalservice.internal.contacts.crypto.UnauthenticatedQuoteException;
import org.whispersystems.signalservice.internal.contacts.crypto.UnauthenticatedResponseException;
import org.whispersystems.signalservice.internal.contacts.entities.TokenResponse;
import org.whispersystems.signalservice.internal.keybackup.protos.BackupResponse;
import org.whispersystems.signalservice.internal.keybackup.protos.RestoreResponse;
import org.whispersystems.signalservice.internal.push.PushServiceSocket;
import org.whispersystems.signalservice.internal.push.RemoteAttestationUtil;
import org.whispersystems.signalservice.internal.util.Hex;
import org.whispersystems.signalservice.internal.util.Util;

/* loaded from: classes2.dex */
public final class KeyBackupService {
    private static final String TAG = "KeyBackupService";
    private final String enclaveName;
    private final KeyStore iasKeyStore;
    private final int maxTries;
    private final String mrenclave;
    private final PushServiceSocket pushServiceSocket;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.whispersystems.signalservice.api.KeyBackupService$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$whispersystems$signalservice$internal$keybackup$protos$BackupResponse$Status = new int[BackupResponse.Status.values().length];
        static final /* synthetic */ int[] $SwitchMap$org$whispersystems$signalservice$internal$keybackup$protos$RestoreResponse$Status;

        static {
            try {
                $SwitchMap$org$whispersystems$signalservice$internal$keybackup$protos$BackupResponse$Status[BackupResponse.Status.OK.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$whispersystems$signalservice$internal$keybackup$protos$BackupResponse$Status[BackupResponse.Status.ALREADY_EXISTS.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$org$whispersystems$signalservice$internal$keybackup$protos$BackupResponse$Status[BackupResponse.Status.NOT_YET_VALID.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            $SwitchMap$org$whispersystems$signalservice$internal$keybackup$protos$RestoreResponse$Status = new int[RestoreResponse.Status.values().length];
            try {
                $SwitchMap$org$whispersystems$signalservice$internal$keybackup$protos$RestoreResponse$Status[RestoreResponse.Status.OK.ordinal()] = 1;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$org$whispersystems$signalservice$internal$keybackup$protos$RestoreResponse$Status[RestoreResponse.Status.PIN_MISMATCH.ordinal()] = 2;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                $SwitchMap$org$whispersystems$signalservice$internal$keybackup$protos$RestoreResponse$Status[RestoreResponse.Status.TOKEN_MISMATCH.ordinal()] = 3;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                $SwitchMap$org$whispersystems$signalservice$internal$keybackup$protos$RestoreResponse$Status[RestoreResponse.Status.MISSING.ordinal()] = 4;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                $SwitchMap$org$whispersystems$signalservice$internal$keybackup$protos$RestoreResponse$Status[RestoreResponse.Status.NOT_YET_VALID.ordinal()] = 5;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* loaded from: classes2.dex */
    public interface HashSession {
        byte[] hashSalt();
    }

    /* loaded from: classes2.dex */
    public interface PinChangeSession extends HashSession {
        void removePin() throws IOException, UnauthenticatedResponseException;

        RegistrationLockData setPin(HashedPin hashedPin, MasterKey masterKey) throws IOException, UnauthenticatedResponseException;
    }

    /* loaded from: classes2.dex */
    public interface RestoreSession extends HashSession {
        RegistrationLockData restorePin(HashedPin hashedPin) throws UnauthenticatedResponseException, IOException, KeyBackupServicePinException, KeyBackupSystemNoDataException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public class Session implements RestoreSession, PinChangeSession {
        private final String authorization;
        private final TokenResponse currentToken;

        Session(String str, TokenResponse tokenResponse) {
            this.authorization = str;
            this.currentToken = tokenResponse;
        }

        private void deleteKbsData() throws IOException, UnauthenticatedResponseException {
            try {
                RemoteAttestation andVerifyRemoteAttestation = getAndVerifyRemoteAttestation();
                KeyBackupCipher.getKeyDeleteResponseStatus(KeyBackupService.this.pushServiceSocket.putKbsData(this.authorization, KeyBackupCipher.createKeyDeleteRequest(this.currentToken, andVerifyRemoteAttestation, Hex.fromStringCondensed(KeyBackupService.this.enclaveName)), andVerifyRemoteAttestation.getCookies(), KeyBackupService.this.enclaveName), andVerifyRemoteAttestation);
            } catch (InvalidCiphertextException e) {
                throw new UnauthenticatedResponseException(e);
            }
        }

        private RemoteAttestation getAndVerifyRemoteAttestation() throws UnauthenticatedResponseException, IOException {
            try {
                return RemoteAttestationUtil.getAndVerifyRemoteAttestation(KeyBackupService.this.pushServiceSocket, PushServiceSocket.ClientSet.KeyBackup, KeyBackupService.this.iasKeyStore, KeyBackupService.this.enclaveName, KeyBackupService.this.mrenclave, this.authorization);
            } catch (SignatureException | InvalidCiphertextException | Quote.InvalidQuoteFormatException | UnauthenticatedQuoteException e) {
                throw new UnauthenticatedResponseException(e);
            }
        }

        private TokenResponse putKbsData(byte[] bArr, byte[] bArr2, String str, TokenResponse tokenResponse) throws IOException, UnauthenticatedResponseException {
            try {
                RemoteAttestation andVerifyRemoteAttestation = getAndVerifyRemoteAttestation();
                BackupResponse keyBackupResponse = KeyBackupCipher.getKeyBackupResponse(KeyBackupService.this.pushServiceSocket.putKbsData(this.authorization, KeyBackupCipher.createKeyBackupRequest(bArr, bArr2, tokenResponse, andVerifyRemoteAttestation, Hex.fromStringCondensed(str), KeyBackupService.this.maxTries), andVerifyRemoteAttestation.getCookies(), str), andVerifyRemoteAttestation);
                BackupResponse.Status status = keyBackupResponse.getStatus();
                int i = AnonymousClass1.$SwitchMap$org$whispersystems$signalservice$internal$keybackup$protos$BackupResponse$Status[status.ordinal()];
                if (i == 1) {
                    return keyBackupResponse.hasToken() ? new TokenResponse(tokenResponse.getBackupId(), keyBackupResponse.getToken().toByteArray(), KeyBackupService.this.maxTries) : tokenResponse;
                }
                if (i == 2) {
                    throw new UnauthenticatedResponseException("Already exists");
                }
                if (i == 3) {
                    throw new UnauthenticatedResponseException("Key is not valid yet, clock mismatch");
                }
                throw new AssertionError("Unknown response status " + status);
            } catch (InvalidCiphertextException e) {
                throw new UnauthenticatedResponseException(e);
            }
        }

        private RegistrationLockData restorePin(HashedPin hashedPin, TokenResponse tokenResponse) throws UnauthenticatedResponseException, IOException, TokenException, KeyBackupSystemNoDataException {
            try {
                int tries = tokenResponse.getTries();
                RemoteAttestation andVerifyRemoteAttestation = getAndVerifyRemoteAttestation();
                RestoreResponse keyRestoreResponse = KeyBackupCipher.getKeyRestoreResponse(KeyBackupService.this.pushServiceSocket.putKbsData(this.authorization, KeyBackupCipher.createKeyRestoreRequest(hashedPin.getKbsAccessKey(), tokenResponse, andVerifyRemoteAttestation, Hex.fromStringCondensed(KeyBackupService.this.enclaveName)), andVerifyRemoteAttestation.getCookies(), KeyBackupService.this.enclaveName), andVerifyRemoteAttestation);
                TokenResponse tokenResponse2 = keyRestoreResponse.hasToken() ? new TokenResponse(tokenResponse.getBackupId(), keyRestoreResponse.getToken().toByteArray(), keyRestoreResponse.getTries()) : tokenResponse;
                Log.i(KeyBackupService.TAG, "Restore " + keyRestoreResponse.getStatus());
                int i = AnonymousClass1.$SwitchMap$org$whispersystems$signalservice$internal$keybackup$protos$RestoreResponse$Status[keyRestoreResponse.getStatus().ordinal()];
                if (i == 1) {
                    Log.i(KeyBackupService.TAG, String.format(Locale.US, "Restore OK! data: %s tries: %d", Hex.toStringCondensed(keyRestoreResponse.getData().toByteArray()), Integer.valueOf(keyRestoreResponse.getTries())));
                    return new RegistrationLockData(hashedPin.decryptKbsDataIVCipherText(keyRestoreResponse.getData().toByteArray()).getMasterKey(), tokenResponse2);
                }
                if (i == 2) {
                    Log.i(KeyBackupService.TAG, "Restore PIN_MISMATCH");
                    throw new KeyBackupServicePinException(tokenResponse2);
                }
                if (i != 3) {
                    if (i == 4) {
                        Log.i(KeyBackupService.TAG, "Restore OK! No data though");
                        throw new KeyBackupSystemNoDataException();
                    }
                    if (i != 5) {
                        throw new AssertionError("Unexpected case");
                    }
                    throw new UnauthenticatedResponseException("Key is not valid yet, clock mismatch");
                }
                Log.i(KeyBackupService.TAG, "Restore TOKEN_MISMATCH");
                boolean z = tries == keyRestoreResponse.getTries();
                Log.i(KeyBackupService.TAG, String.format(Locale.US, "Token MISMATCH %d %d", Integer.valueOf(tries), Integer.valueOf(keyRestoreResponse.getTries())));
                Log.i(KeyBackupService.TAG, String.format("Last token %s", Hex.toStringCondensed(tokenResponse.getToken())));
                Log.i(KeyBackupService.TAG, String.format("Next token %s", Hex.toStringCondensed(tokenResponse2.getToken())));
                throw new TokenException(tokenResponse2, z);
            } catch (InvalidCiphertextException e) {
                throw new UnauthenticatedResponseException(e);
            }
        }

        @Override // org.whispersystems.signalservice.api.KeyBackupService.HashSession
        public byte[] hashSalt() {
            return this.currentToken.getBackupId();
        }

        @Override // org.whispersystems.signalservice.api.KeyBackupService.PinChangeSession
        public void removePin() throws IOException, UnauthenticatedResponseException {
            deleteKbsData();
            KeyBackupService.this.pushServiceSocket.removePinV2();
        }

        @Override // org.whispersystems.signalservice.api.KeyBackupService.RestoreSession
        public RegistrationLockData restorePin(HashedPin hashedPin) throws UnauthenticatedResponseException, IOException, KeyBackupServicePinException, KeyBackupSystemNoDataException {
            SecureRandom secureRandom = new SecureRandom();
            TokenResponse tokenResponse = this.currentToken;
            int i = 0;
            while (true) {
                i++;
                try {
                    return restorePin(hashedPin, tokenResponse);
                } catch (TokenException e) {
                    TokenResponse token = e.getToken();
                    if (e instanceof KeyBackupServicePinException) {
                        throw ((KeyBackupServicePinException) e);
                    }
                    if (!e.isCanAutomaticallyRetry() || i >= 5) {
                        throw new UnauthenticatedResponseException("Token mismatch, expended all automatic retries");
                    }
                    int i2 = (1 << (i - 1)) * 250;
                    Util.sleep(i2 + secureRandom.nextInt(i2));
                    tokenResponse = token;
                }
            }
            throw new UnauthenticatedResponseException("Token mismatch, expended all automatic retries");
        }

        @Override // org.whispersystems.signalservice.api.KeyBackupService.PinChangeSession
        public RegistrationLockData setPin(HashedPin hashedPin, MasterKey masterKey) throws IOException, UnauthenticatedResponseException {
            KbsData createNewKbsData = hashedPin.createNewKbsData(masterKey);
            TokenResponse putKbsData = putKbsData(createNewKbsData.getKbsAccessKey(), createNewKbsData.getCipherText(), KeyBackupService.this.enclaveName, this.currentToken);
            KeyBackupService.this.pushServiceSocket.setRegistrationLock(masterKey.deriveRegistrationLock());
            return new RegistrationLockData(masterKey, putKbsData);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyBackupService(KeyStore keyStore, String str, String str2, PushServiceSocket pushServiceSocket, int i) {
        this.iasKeyStore = keyStore;
        this.enclaveName = str;
        this.mrenclave = str2;
        this.pushServiceSocket = pushServiceSocket;
        this.maxTries = i;
    }

    private Session newSession(String str, TokenResponse tokenResponse) throws IOException {
        if (tokenResponse == null) {
            tokenResponse = this.pushServiceSocket.getKeyBackupServiceToken(str, this.enclaveName);
        }
        return new Session(str, tokenResponse);
    }

    public TokenResponse getToken(String str) throws IOException {
        return this.pushServiceSocket.getKeyBackupServiceToken(str, this.enclaveName);
    }

    public PinChangeSession newPinChangeSession() throws IOException {
        return newSession(this.pushServiceSocket.getKeyBackupServiceAuthorization(), null);
    }

    public PinChangeSession newPinChangeSession(TokenResponse tokenResponse) throws IOException {
        return newSession(this.pushServiceSocket.getKeyBackupServiceAuthorization(), tokenResponse);
    }

    public RestoreSession newRegistrationSession(String str, TokenResponse tokenResponse) throws IOException {
        return newSession(str, tokenResponse);
    }
}
