package com.turkcell.tunnel.store.impl;

import com.lzy.okgo.cache.CacheEntity;
import com.turkcell.tunnel.exception.DataSignatureMismatchException;
import com.turkcell.tunnel.exception.SessionKeyNotInitializedException;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import o.cx2;
import o.d72;
import o.gj4;
import o.mi4;
import o.ml7;
import o.o92;
import o.pg;
import o.q92;
import o.qb4;
import o.r92;
import org.signal.libsignal.protocol.kdf.HKDF;

/* loaded from: classes8.dex */
public final class a implements q92 {

    /* renamed from: a, reason: collision with root package name */
    public final cx2 f3764a;
    public final gj4 b;
    public final ml7 c;
    public byte[] d;
    public final qb4 e;
    public final qb4 f;

    public a(cx2 cx2Var, gj4 gj4Var, ml7 ml7Var) {
        mi4.p(cx2Var, "getMyMsisdn");
        mi4.p(gj4Var, "loginSessionDao");
        mi4.p(ml7Var, "serializer");
        this.f3764a = cx2Var;
        this.b = gj4Var;
        this.c = ml7Var;
        this.e = kotlin.a.d(new cx2() { // from class: com.turkcell.tunnel.store.impl.EncryptionKeyStoreImpl$random$2
            @Override // o.cx2
            /* renamed from: invoke */
            public final SecureRandom mo4559invoke() {
                return new SecureRandom();
            }
        });
        this.f = kotlin.a.d(new cx2() { // from class: com.turkcell.tunnel.store.impl.EncryptionKeyStoreImpl$saltProvider$2
            {
                super(0);
            }

            @Override // o.cx2
            /* renamed from: invoke */
            public final r92 mo4559invoke() {
                a aVar = a.this;
                return new r92(aVar, aVar.f3764a);
            }
        });
    }

    public static Cipher d(d72 d72Var, boolean z) {
        SecretKeySpec secretKeySpec = new SecretKeySpec((byte[]) d72Var.d, "AES");
        IvParameterSpec ivParameterSpec = new IvParameterSpec((byte[]) d72Var.f);
        int i = z ? 1 : 2;
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        cipher.init(i, secretKeySpec, ivParameterSpec);
        return cipher;
    }

    public final byte[] a(o92 o92Var) {
        byte[] bArr = this.d;
        if (bArr == null) {
            throw new SessionKeyNotInitializedException();
        }
        com.turkcell.tunnel.service.impl.a aVar = (com.turkcell.tunnel.service.impl.a) this.c;
        byte[] a2 = aVar.a(o92Var.f6555a);
        if (a2.length < 32) {
            throw new IllegalArgumentException(freemarker.core.c.n(new StringBuilder("data size incorrect ["), a2.length, ']'));
        }
        byte[] W = pg.W(0, 32, a2);
        byte[] W2 = pg.W(32, a2.length, a2);
        d72 c = c(bArr, W);
        byte[] bArr2 = (byte[]) c.e;
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(bArr2, "HmacSHA256"));
        byte[] doFinal = mac.doFinal(a2);
        mi4.o(doFinal, "mac.doFinal(message)");
        if (!Arrays.equals(aVar.a(o92Var.b), doFinal)) {
            throw new DataSignatureMismatchException();
        }
        byte[] doFinal2 = d(c, false).doFinal(W2);
        mi4.o(doFinal2, "getCipher(cipherInfo, false).doFinal(encData)");
        return doFinal2;
    }

    public final o92 b(byte[] bArr) {
        byte[] bArr2 = this.d;
        if (bArr2 == null) {
            throw new SessionKeyNotInitializedException();
        }
        byte[] generateSeed = ((SecureRandom) this.e.getValue()).generateSeed(32);
        mi4.o(generateSeed, "random.generateSeed(TICKER_SIZE)");
        d72 c = c(bArr2, generateSeed);
        byte[] doFinal = d(c, true).doFinal(bArr);
        byte[] bArr3 = (byte[]) c.g;
        mi4.o(doFinal, "encData");
        byte[] c0 = pg.c0(bArr3, doFinal);
        byte[] bArr4 = (byte[]) c.e;
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(bArr4, "HmacSHA256"));
        byte[] doFinal2 = mac.doFinal(c0);
        mi4.o(doFinal2, "mac.doFinal(message)");
        com.turkcell.tunnel.service.impl.a aVar = (com.turkcell.tunnel.service.impl.a) this.c;
        return new o92(aVar.c(c0), aVar.c(doFinal2));
    }

    public final d72 c(byte[] bArr, byte[] bArr2) {
        byte[] deriveSecrets = HKDF.deriveSecrets(pg.c0(bArr, bArr2), ((r92) this.f.getValue()).a(), new byte[0], 80);
        mi4.o(deriveSecrets, CacheEntity.KEY);
        return new d72(pg.W(0, 32, deriveSecrets), pg.W(32, 64, deriveSecrets), pg.W(64, 80, deriveSecrets), bArr2);
    }

    public final void e(byte[] bArr) {
        if (bArr.length != 64) {
            throw new IllegalArgumentException(freemarker.core.c.n(new StringBuilder("master key length != 64 ["), bArr.length, ']'));
        }
        this.d = pg.W(0, 64, bArr);
    }

    public final void f() {
        this.b.a();
        byte[] bArr = this.d;
        if (bArr != null) {
            Arrays.fill(bArr, 0, bArr.length, (byte) 0);
        }
        this.d = null;
    }
}
