package nodomain.freeyourgadget.gadgetbridge.service.devices.xiaomi;

import android.content.Context;
import android.os.Build;
import ch.qos.logback.core.CoreConstants;
import com.google.protobuf.ByteString;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import nodomain.freeyourgadget.gadgetbridge.GBApplication;
import nodomain.freeyourgadget.gadgetbridge.R$string;
import nodomain.freeyourgadget.gadgetbridge.impl.GBDevice;
import nodomain.freeyourgadget.gadgetbridge.proto.xiaomi.XiaomiProto;
import nodomain.freeyourgadget.gadgetbridge.service.devices.xiaomi.services.AbstractXiaomiService;
import nodomain.freeyourgadget.gadgetbridge.util.GB;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.shaded.crypto.CryptoException;
import org.bouncycastle.shaded.crypto.engines.AESEngine;
import org.bouncycastle.shaded.crypto.modes.CCMBlockCipher;
import org.bouncycastle.shaded.crypto.params.AEADParameters;
import org.bouncycastle.shaded.crypto.params.KeyParameter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes3.dex */
public class XiaomiAuthService extends AbstractXiaomiService {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) XiaomiAuthService.class);
    private boolean checkDecryptionMac;
    private final byte[] decryptionKey;
    private final byte[] decryptionNonce;
    private boolean encryptionInitialized;
    private final byte[] encryptionKey;
    private final byte[] encryptionNonce;
    private final byte[] nonce;
    private final byte[] secretKey;

    public XiaomiAuthService(XiaomiSupport xiaomiSupport) {
        super(xiaomiSupport);
        this.encryptionInitialized = false;
        this.checkDecryptionMac = true;
        this.secretKey = new byte[16];
        this.nonce = new byte[16];
        this.encryptionKey = new byte[16];
        this.decryptionKey = new byte[16];
        this.encryptionNonce = new byte[4];
        this.decryptionNonce = new byte[4];
    }

    public static XiaomiProto.Command buildNonceCommand(byte[] bArr) {
        XiaomiProto.PhoneNonce.Builder newBuilder = XiaomiProto.PhoneNonce.newBuilder();
        newBuilder.setNonce(ByteString.copyFrom(bArr));
        XiaomiProto.Auth.Builder newBuilder2 = XiaomiProto.Auth.newBuilder();
        newBuilder2.setPhoneNonce(newBuilder.build());
        XiaomiProto.Command.Builder newBuilder3 = XiaomiProto.Command.newBuilder();
        newBuilder3.setType(1);
        newBuilder3.setSubtype(26);
        newBuilder3.setAuth(newBuilder2.build());
        return newBuilder3.build();
    }

    public static byte[] computeAuthStep3Hmac(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[] bytes = "miwear-auth".getBytes();
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(ArrayUtils.addAll(bArr2, bArr3), "HmacSHA256"));
            mac.init(new SecretKeySpec(mac.doFinal(bArr), "HmacSHA256"));
            byte[] bArr4 = new byte[64];
            byte[] bArr5 = new byte[0];
            byte b = 1;
            int i = 0;
            while (i < 64) {
                mac.update(bArr5);
                mac.update(bytes);
                mac.update(b);
                bArr5 = mac.doFinal();
                int i2 = 0;
                while (i2 < bArr5.length && i < 64) {
                    bArr4[i] = bArr5[i2];
                    i2++;
                    i++;
                }
                b = (byte) (b + 1);
            }
            return bArr4;
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new IllegalStateException("Failed to initialize hmac for auth step 2", e);
        }
    }

    public static CCMBlockCipher createBlockCipher(boolean z, SecretKey secretKey, int i, byte[] bArr) {
        AESEngine aESEngine = new AESEngine();
        aESEngine.init(z, new KeyParameter(secretKey.getEncoded()));
        CCMBlockCipher cCMBlockCipher = new CCMBlockCipher(aESEngine);
        cCMBlockCipher.init(z, new AEADParameters(new KeyParameter(secretKey.getEncoded()), i, bArr, null));
        return cCMBlockCipher;
    }

    public static byte[] decrypt(byte[] bArr, byte[] bArr2, byte[] bArr3, boolean z) throws CryptoException {
        int i = z ? 32 : 0;
        int length = z ? bArr3.length : bArr3.length - 4;
        CCMBlockCipher createBlockCipher = createBlockCipher(false, new SecretKeySpec(bArr, "AES"), i, bArr2);
        byte[] bArr4 = new byte[createBlockCipher.getOutputSize(length)];
        createBlockCipher.doFinal(bArr4, createBlockCipher.processBytes(bArr3, 0, length, bArr4, 0));
        return bArr4;
    }

    public static byte[] encrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws CryptoException {
        CCMBlockCipher createBlockCipher = createBlockCipher(true, new SecretKeySpec(bArr, "AES"), 32, bArr2);
        byte[] bArr4 = new byte[createBlockCipher.getOutputSize(bArr3.length)];
        createBlockCipher.doFinal(bArr4, createBlockCipher.processBytes(bArr3, 0, bArr3.length, bArr4, 0));
        return bArr4;
    }

    protected static byte[] getSecretKey(GBDevice gBDevice) {
        byte[] bArr = new byte[16];
        String trim = GBApplication.getDeviceSpecificSharedPrefs(gBDevice.getAddress()).getString("authkey", CoreConstants.EMPTY_STRING).trim();
        if (StringUtils.isNotBlank(trim)) {
            byte[] hexStringToByteArray = (trim.length() == 34 && trim.startsWith("0x")) ? GB.hexStringToByteArray(trim.trim().substring(2)) : GB.hexStringToByteArray(trim.trim());
            System.arraycopy(hexStringToByteArray, 0, bArr, 0, Math.min(hexStringToByteArray.length, 16));
        }
        return bArr;
    }

    protected static String getUserId(GBDevice gBDevice) {
        String string = GBApplication.getDeviceSpecificSharedPrefs(gBDevice.getAddress()).getString("authkey", null);
        return StringUtils.isNotBlank(string) ? string : "0000000000";
    }

    private XiaomiProto.Command handleWatchNonce(XiaomiProto.WatchNonce watchNonce) {
        byte[] computeAuthStep3Hmac = computeAuthStep3Hmac(this.secretKey, this.nonce, watchNonce.getNonce().toByteArray());
        System.arraycopy(computeAuthStep3Hmac, 0, this.decryptionKey, 0, 16);
        System.arraycopy(computeAuthStep3Hmac, 16, this.encryptionKey, 0, 16);
        System.arraycopy(computeAuthStep3Hmac, 32, this.decryptionNonce, 0, 4);
        System.arraycopy(computeAuthStep3Hmac, 36, this.encryptionNonce, 0, 4);
        Logger logger = LOG;
        logger.debug("decryptionKey: {}", GB.hexdump(this.decryptionKey));
        logger.debug("encryptionKey: {}", GB.hexdump(this.encryptionKey));
        logger.debug("decryptionNonce: {}", GB.hexdump(this.decryptionNonce));
        logger.debug("encryptionNonce: {}", GB.hexdump(this.encryptionNonce));
        if (!Arrays.equals(hmacSHA256(this.decryptionKey, ArrayUtils.addAll(watchNonce.getNonce().toByteArray(), this.nonce)), watchNonce.getHmac().toByteArray())) {
            logger.warn("Watch hmac mismatch");
            return null;
        }
        XiaomiProto.AuthStep3 build = XiaomiProto.AuthStep3.newBuilder().setEncryptedNonces(ByteString.copyFrom(hmacSHA256(this.encryptionKey, ArrayUtils.addAll(this.nonce, watchNonce.getNonce().toByteArray())))).setEncryptedDeviceInfo(ByteString.copyFrom(encrypt(XiaomiProto.AuthDeviceInfo.newBuilder().setUnknown1(0).setPhoneApiLevel(Build.VERSION.SDK_INT).setPhoneName(Build.MODEL).setUnknown3(224).setRegion(Locale.getDefault().getLanguage().substring(0, 2).toUpperCase(Locale.ROOT)).build().toByteArray(), 0))).build();
        XiaomiProto.Command.Builder newBuilder = XiaomiProto.Command.newBuilder();
        newBuilder.setType(1);
        newBuilder.setSubtype(27);
        XiaomiProto.Auth.Builder newBuilder2 = XiaomiProto.Auth.newBuilder();
        newBuilder2.setAuthStep3(build);
        return newBuilder.setAuth(newBuilder2.build()).build();
    }

    protected static byte[] hmacSHA256(byte[] bArr, byte[] bArr2) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
            return mac.doFinal(bArr2);
        } catch (Exception e) {
            throw new RuntimeException("Failed to hmac", e);
        }
    }

    public byte[] ctrCrypt(int i, byte[] bArr, byte[] bArr2, byte[] bArr3) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
        cipher.init(i, new SecretKeySpec(bArr, "AES"), new IvParameterSpec(bArr2));
        return cipher.doFinal(bArr3);
    }

    public byte[] decrypt(byte[] bArr) {
        ByteBuffer order = ByteBuffer.allocate(12).order(ByteOrder.LITTLE_ENDIAN);
        order.put(this.decryptionNonce);
        order.putInt(0);
        order.putInt(0);
        try {
            return decrypt(this.decryptionKey, order.array(), bArr, this.checkDecryptionMac);
        } catch (CryptoException e) {
            throw new RuntimeException("failed to decrypt", e);
        }
    }

    public byte[] decryptV2(byte[] bArr) {
        try {
            byte[] bArr2 = this.decryptionKey;
            return ctrCrypt(2, bArr2, bArr2, bArr);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("failed to decrypt message", e);
        }
    }

    public byte[] encrypt(byte[] bArr, int i) {
        try {
            return encrypt(this.encryptionKey, ByteBuffer.allocate(12).order(ByteOrder.LITTLE_ENDIAN).put(this.encryptionNonce).putInt(0).putInt(i).array(), bArr);
        } catch (CryptoException e) {
            throw new RuntimeException("failed to encrypt", e);
        }
    }

    public byte[] encryptV2(byte[] bArr) {
        try {
            byte[] bArr2 = this.encryptionKey;
            return ctrCrypt(1, bArr2, bArr2, bArr);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("failed to encrypt message", e);
        }
    }

    @Override // nodomain.freeyourgadget.gadgetbridge.service.devices.xiaomi.services.AbstractXiaomiService
    public void handleCommand(XiaomiProto.Command command) {
        if (command.getType() != 1) {
            throw new IllegalArgumentException("Not an auth command");
        }
        int subtype = command.getSubtype();
        if (subtype != 5) {
            if (subtype == 26) {
                Logger logger = LOG;
                logger.debug("Got watch nonce");
                XiaomiProto.Command handleWatchNonce = handleWatchNonce(command.getAuth().getWatchNonce());
                if (handleWatchNonce != null) {
                    getSupport().sendCommand("auth step 2", handleWatchNonce);
                    return;
                }
                GB.toast(getSupport().getContext(), R$string.authentication_failed_check_key, 1, 2);
                logger.error("handleWatchNonce returned null, disconnecting");
                GBDevice device = getSupport().getDevice();
                if (device != null) {
                    GBApplication.deviceService(device).disconnect();
                    return;
                }
                return;
            }
            if (subtype != 27) {
                LOG.warn("Unknown auth payload subtype {}", Integer.valueOf(command.getSubtype()));
                return;
            }
        }
        if (command.getSubtype() == 27 || command.getAuth().getStatus() == 1) {
            boolean z = command.getSubtype() == 27;
            this.encryptionInitialized = z;
            LOG.info("Authenticated, further communications are {}", z ? "encrypted" : "in plaintext");
            getSupport().getDevice().setUpdateState(GBDevice.State.INITIALIZED, getSupport().getContext());
            getSupport().onAuthSuccess();
            return;
        }
        LOG.warn("Authentication failed, subtype={}, status={}", Integer.valueOf(command.getSubtype()), Integer.valueOf(command.getStatus()));
        GB.toast(getSupport().getContext(), R$string.authentication_failed_check_key, 1, 2);
        GBDevice device2 = getSupport().getDevice();
        if (device2 != null) {
            GBApplication.deviceService(device2).disconnect();
        }
    }

    public boolean isEncryptionInitialized() {
        return this.encryptionInitialized;
    }

    @Override // nodomain.freeyourgadget.gadgetbridge.service.devices.xiaomi.services.AbstractXiaomiService
    public void setContext(Context context) {
        super.setContext(context);
        this.checkDecryptionMac = getCoordinator().checkDecryptionMac();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void startClearTextHandshake() {
        getSupport().sendCommand("auth step 1", XiaomiProto.Command.newBuilder().setType(1).setSubtype(5).setAuth(XiaomiProto.Auth.newBuilder().setUserId(getUserId(getSupport().getDevice())).build()).build());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void startEncryptedHandshake() {
        this.encryptionInitialized = false;
        System.arraycopy(getSecretKey(getSupport().getDevice()), 0, this.secretKey, 0, 16);
        new SecureRandom().nextBytes(this.nonce);
        getSupport().sendCommand("auth step 1", buildNonceCommand(this.nonce));
    }
}
