package com.limelight.nvstream.http;

import com.limelight.LimeLog;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Locale;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;
import org.xmlpull.v1.XmlPullParserException;

/* loaded from: classes.dex */
public class PairingManager {
    private static final char[] hexArray = "0123456789ABCDEF".toCharArray();
    private SecretKey aesKey;
    private X509Certificate cert;
    private NvHTTP http;
    private byte[] pemCertBytes;
    private PrivateKey pk;
    private X509Certificate serverCert;

    /* loaded from: classes.dex */
    public enum PairState {
        NOT_PAIRED,
        PAIRED,
        PIN_WRONG,
        FAILED,
        ALREADY_IN_PROGRESS
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public interface PairingHashAlgorithm {
        int getHashLength();

        byte[] hashData(byte[] bArr);
    }

    /* loaded from: classes.dex */
    private static class Sha1PairingHash implements PairingHashAlgorithm {
        private Sha1PairingHash() {
        }

        @Override // com.limelight.nvstream.http.PairingManager.PairingHashAlgorithm
        public int getHashLength() {
            return 20;
        }

        @Override // com.limelight.nvstream.http.PairingManager.PairingHashAlgorithm
        public byte[] hashData(byte[] bArr) {
            try {
                return MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA1).digest(bArr);
            } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();
                return null;
            }
        }
    }

    /* loaded from: classes.dex */
    private static class Sha256PairingHash implements PairingHashAlgorithm {
        private Sha256PairingHash() {
        }

        @Override // com.limelight.nvstream.http.PairingManager.PairingHashAlgorithm
        public int getHashLength() {
            return 32;
        }

        @Override // com.limelight.nvstream.http.PairingManager.PairingHashAlgorithm
        public byte[] hashData(byte[] bArr) {
            try {
                return MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA256).digest(bArr);
            } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();
                return null;
            }
        }
    }

    public PairingManager(NvHTTP nvHTTP, LimelightCryptoProvider limelightCryptoProvider) {
        this.http = nvHTTP;
        this.cert = limelightCryptoProvider.getClientCertificate();
        this.pemCertBytes = limelightCryptoProvider.getPemEncodedClientCertificate();
        this.pk = limelightCryptoProvider.getClientPrivateKey();
    }

    private static String bytesToHex(byte[] bArr) {
        char[] cArr = new char[bArr.length * 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = bArr[i] & 255;
            int i3 = i * 2;
            cArr[i3] = hexArray[i2 >>> 4];
            cArr[i3 + 1] = hexArray[i2 & 15];
        }
        return new String(cArr);
    }

    private static byte[] concatBytes(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }

    private static byte[] decryptAes(byte[] bArr, SecretKey secretKey) {
        try {
            Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding");
            int length = ((bArr.length + 15) / 16) * 16;
            byte[] copyOf = Arrays.copyOf(bArr, length);
            byte[] bArr2 = new byte[length];
            cipher.init(2, secretKey);
            cipher.doFinal(copyOf, 0, length, bArr2);
            return bArr2;
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        }
    }

    private static byte[] encryptAes(byte[] bArr, SecretKey secretKey) {
        try {
            Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding");
            byte[] copyOf = Arrays.copyOf(bArr, ((bArr.length + 15) / 16) * 16);
            cipher.init(1, secretKey);
            return cipher.doFinal(copyOf);
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        }
    }

    private X509Certificate extractPlainCert(String str) throws XmlPullParserException, IOException {
        String xmlString = NvHTTP.getXmlString(str, "plaincert");
        if (xmlString == null) {
            return null;
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(hexToBytes(xmlString)));
        } catch (CertificateException e) {
            e.printStackTrace();
            return null;
        }
    }

    private static SecretKey generateAesKey(PairingHashAlgorithm pairingHashAlgorithm, byte[] bArr) {
        return new SecretKeySpec(Arrays.copyOf(pairingHashAlgorithm.hashData(bArr), 16), "AES");
    }

    public static String generatePinString() {
        Random random = new Random();
        return String.format((Locale) null, "%d%d%d%d", Integer.valueOf(random.nextInt(10)), Integer.valueOf(random.nextInt(10)), Integer.valueOf(random.nextInt(10)), Integer.valueOf(random.nextInt(10)));
    }

    private byte[] generateRandomBytes(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private static byte[] hexToBytes(String str) {
        int length = str.length();
        byte[] bArr = new byte[length / 2];
        for (int i = 0; i < length; i += 2) {
            bArr[i / 2] = (byte) ((Character.digit(str.charAt(i), 16) << 4) + Character.digit(str.charAt(i + 1), 16));
        }
        return bArr;
    }

    private static byte[] saltPin(byte[] bArr, String str) throws UnsupportedEncodingException {
        byte[] bArr2 = new byte[bArr.length + str.length()];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        System.arraycopy(str.getBytes("UTF-8"), 0, bArr2, bArr.length, str.length());
        return bArr2;
    }

    private static byte[] signData(byte[] bArr, PrivateKey privateKey) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(privateKey);
            signature.update(bArr);
            byte[] bArr2 = new byte[256];
            signature.sign(bArr2, 0, bArr2.length);
            return bArr2;
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        }
    }

    private static boolean verifySignature(byte[] bArr, byte[] bArr2, Certificate certificate) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(certificate.getPublicKey());
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        }
    }

    public PairState getPairState(String str) throws IOException, XmlPullParserException {
        return !NvHTTP.getXmlString(str, "PairStatus").equals("1") ? PairState.NOT_PAIRED : PairState.PAIRED;
    }

    public X509Certificate getPairedCert() {
        return this.serverCert;
    }

    public PairState pair(String str, String str2) throws IOException, XmlPullParserException {
        int serverMajorVersion = this.http.getServerMajorVersion(str);
        LimeLog.info("Pairing with server generation: " + serverMajorVersion);
        PairingHashAlgorithm sha256PairingHash = serverMajorVersion >= 7 ? new Sha256PairingHash() : new Sha1PairingHash();
        byte[] generateRandomBytes = generateRandomBytes(16);
        this.aesKey = generateAesKey(sha256PairingHash, saltPin(generateRandomBytes, str2));
        String openHttpConnectionToString = this.http.openHttpConnectionToString(this.http.baseUrlHttp + "/pair?" + this.http.buildUniqueIdUuidString() + "&devicename=roth&updateState=1&phrase=getservercert&salt=" + bytesToHex(generateRandomBytes) + "&clientcert=" + bytesToHex(this.pemCertBytes), false);
        if (!NvHTTP.getXmlString(openHttpConnectionToString, "paired").equals("1")) {
            return PairState.FAILED;
        }
        this.serverCert = extractPlainCert(openHttpConnectionToString);
        if (this.serverCert == null) {
            return PairState.ALREADY_IN_PROGRESS;
        }
        this.http.setServerCert(this.serverCert);
        byte[] generateRandomBytes2 = generateRandomBytes(16);
        byte[] encryptAes = encryptAes(generateRandomBytes2, this.aesKey);
        String openHttpConnectionToString2 = this.http.openHttpConnectionToString(this.http.baseUrlHttp + "/pair?" + this.http.buildUniqueIdUuidString() + "&devicename=roth&updateState=1&clientchallenge=" + bytesToHex(encryptAes), true);
        if (!NvHTTP.getXmlString(openHttpConnectionToString2, "paired").equals("1")) {
            this.http.openHttpConnectionToString(this.http.baseUrlHttp + "/unpair?" + this.http.buildUniqueIdUuidString(), true);
            return PairState.FAILED;
        }
        byte[] decryptAes = decryptAes(hexToBytes(NvHTTP.getXmlString(openHttpConnectionToString2, "challengeresponse")), this.aesKey);
        byte[] copyOfRange = Arrays.copyOfRange(decryptAes, 0, sha256PairingHash.getHashLength());
        byte[] copyOfRange2 = Arrays.copyOfRange(decryptAes, sha256PairingHash.getHashLength(), sha256PairingHash.getHashLength() + 16);
        byte[] generateRandomBytes3 = generateRandomBytes(16);
        byte[] encryptAes2 = encryptAes(sha256PairingHash.hashData(concatBytes(concatBytes(copyOfRange2, this.cert.getSignature()), generateRandomBytes3)), this.aesKey);
        String openHttpConnectionToString3 = this.http.openHttpConnectionToString(this.http.baseUrlHttp + "/pair?" + this.http.buildUniqueIdUuidString() + "&devicename=roth&updateState=1&serverchallengeresp=" + bytesToHex(encryptAes2), true);
        if (!NvHTTP.getXmlString(openHttpConnectionToString3, "paired").equals("1")) {
            this.http.openHttpConnectionToString(this.http.baseUrlHttp + "/unpair?" + this.http.buildUniqueIdUuidString(), true);
            return PairState.FAILED;
        }
        byte[] hexToBytes = hexToBytes(NvHTTP.getXmlString(openHttpConnectionToString3, "pairingsecret"));
        byte[] copyOfRange3 = Arrays.copyOfRange(hexToBytes, 0, 16);
        if (!verifySignature(copyOfRange3, Arrays.copyOfRange(hexToBytes, 16, 272), this.serverCert)) {
            this.http.openHttpConnectionToString(this.http.baseUrlHttp + "/unpair?" + this.http.buildUniqueIdUuidString(), true);
            return PairState.FAILED;
        }
        if (!Arrays.equals(sha256PairingHash.hashData(concatBytes(concatBytes(generateRandomBytes2, this.serverCert.getSignature()), copyOfRange3)), copyOfRange)) {
            this.http.openHttpConnectionToString(this.http.baseUrlHttp + "/unpair?" + this.http.buildUniqueIdUuidString(), true);
            return PairState.PIN_WRONG;
        }
        byte[] concatBytes = concatBytes(generateRandomBytes3, signData(generateRandomBytes3, this.pk));
        if (!NvHTTP.getXmlString(this.http.openHttpConnectionToString(this.http.baseUrlHttp + "/pair?" + this.http.buildUniqueIdUuidString() + "&devicename=roth&updateState=1&clientpairingsecret=" + bytesToHex(concatBytes), true), "paired").equals("1")) {
            this.http.openHttpConnectionToString(this.http.baseUrlHttp + "/unpair?" + this.http.buildUniqueIdUuidString(), true);
            return PairState.FAILED;
        }
        if (NvHTTP.getXmlString(this.http.openHttpConnectionToString(this.http.baseUrlHttps + "/pair?" + this.http.buildUniqueIdUuidString() + "&devicename=roth&updateState=1&phrase=pairchallenge", true), "paired").equals("1")) {
            return PairState.PAIRED;
        }
        this.http.openHttpConnectionToString(this.http.baseUrlHttp + "/unpair?" + this.http.buildUniqueIdUuidString(), true);
        return PairState.FAILED;
    }
}
