package com.keepassdroid.database;

import com.keepassdroid.crypto.keyDerivation.AesKdf;
import com.keepassdroid.crypto.keyDerivation.KdfParameters;
import com.keepassdroid.database.exception.InvalidDBVersionException;
import com.keepassdroid.database.security.ProtectedBinary;
import com.keepassdroid.stream.CopyInputStream;
import com.keepassdroid.stream.HmacBlockStream;
import com.keepassdroid.stream.LEDataInputStream;
import com.keepassdroid.utils.Types;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.DigestInputStream;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.spongycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

/* loaded from: classes.dex */
public class PwDbHeaderV4 extends PwDbHeader {
    static final /* synthetic */ boolean $assertionsDisabled;
    public static final int DBSIG_2 = -1253311641;
    public static final int DBSIG_PRE2 = -1253311642;
    public static final int FILE_VERSION_32 = 262144;
    public static final int FILE_VERSION_32_3 = 196609;
    public static final int FILE_VERSION_32_4 = 262144;
    private static final int FILE_VERSION_CRITICAL_MASK = -65536;
    private PwDatabaseV4 db;
    public CrsAlgorithm innerRandomStream;
    public long version;
    public byte[] innerRandomStreamKey = new byte[32];
    public byte[] streamStartBytes = new byte[32];
    public List<ProtectedBinary> binaries = new ArrayList();

    /* loaded from: classes.dex */
    public class HeaderAndHash {
        public byte[] hash;
        public byte[] header;

        public HeaderAndHash(byte[] bArr, byte[] bArr2) {
            this.header = bArr;
            this.hash = bArr2;
        }
    }

    /* loaded from: classes.dex */
    public class KdbxBinaryFlags {
        public static final byte None = 0;
        public static final byte Protected = 1;

        public KdbxBinaryFlags() {
        }
    }

    /* loaded from: classes.dex */
    public class PwDbHeaderV4Fields {
        public static final byte CipherID = 2;
        public static final byte Comment = 1;
        public static final byte CompressionFlags = 3;
        public static final byte EncryptionIV = 7;
        public static final byte EndOfHeader = 0;
        public static final byte InnerRandomStreamID = 10;
        public static final byte InnerRandomstreamKey = 8;
        public static final byte KdfParameters = 11;
        public static final byte MasterSeed = 4;
        public static final byte PublicCustomData = 12;
        public static final byte StreamStartBytes = 9;
        public static final byte TransformRounds = 6;
        public static final byte TransformSeed = 5;

        public PwDbHeaderV4Fields() {
        }
    }

    /* loaded from: classes.dex */
    public class PwDbInnerHeaderV4Fields {
        public static final byte Binary = 3;
        public static final byte EndOfHeader = 0;
        public static final byte InnerRandomStreamID = 1;
        public static final byte InnerRandomstreamKey = 2;

        public PwDbInnerHeaderV4Fields() {
        }
    }

    static {
        $assertionsDisabled = !PwDbHeaderV4.class.desiredAssertionStatus();
    }

    public PwDbHeaderV4(PwDatabaseV4 pwDatabaseV4) {
        this.db = pwDatabaseV4;
        this.version = pwDatabaseV4.getMinKdbxVersion();
        this.masterSeed = new byte[32];
    }

    public static byte[] computeHeaderHmac(byte[] bArr, byte[] bArr2) throws IOException {
        byte[] GetHmacKey64 = HmacBlockStream.GetHmacKey64(bArr2, Types.ULONG_MAX_VALUE);
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(GetHmacKey64, "HmacSHA256"));
            return mac.doFinal(bArr);
        } catch (InvalidKeyException e) {
            throw new IOException("Invalid Hmac Key");
        } catch (NoSuchAlgorithmException e2) {
            throw new IOException("No HmacAlogirthm");
        }
    }

    public static boolean matchesHeader(int i, int i2) {
        return i == -1700603645 && (i2 == -1253311641 || i2 == -1253311641);
    }

    private boolean readHeaderField(LEDataInputStream lEDataInputStream) throws IOException {
        byte read = (byte) lEDataInputStream.read();
        int readUShort = this.version < 262144 ? lEDataInputStream.readUShort() : lEDataInputStream.readInt();
        byte[] bArr = null;
        if (readUShort > 0) {
            bArr = new byte[readUShort];
            if (lEDataInputStream.read(bArr) != readUShort) {
                throw new IOException("Header ended early.");
            }
        }
        switch (read) {
            case 0:
                return true;
            case 2:
                setCipher(bArr);
                return false;
            case 3:
                setCompressionFlags(bArr);
                return false;
            case 4:
                this.masterSeed = bArr;
                return false;
            case 5:
                if (!$assertionsDisabled && this.version >= 262144) {
                    throw new AssertionError();
                }
                AesKdf aesKdf = new AesKdf();
                if (!this.db.kdfParameters.kdfUUID.equals(aesKdf.uuid)) {
                    this.db.kdfParameters = aesKdf.getDefaultParameters();
                }
                this.db.kdfParameters.setByteArray("S", bArr);
                return false;
            case 6:
                if (!$assertionsDisabled && this.version >= 262144) {
                    throw new AssertionError();
                }
                AesKdf aesKdf2 = new AesKdf();
                if (!this.db.kdfParameters.kdfUUID.equals(aesKdf2.uuid)) {
                    this.db.kdfParameters = aesKdf2.getDefaultParameters();
                }
                this.db.kdfParameters.setUInt64(AesKdf.ParamRounds, LEDataInputStream.readLong(bArr, 0));
                return false;
            case 7:
                this.encryptionIV = bArr;
                return false;
            case 8:
                if (!$assertionsDisabled && this.version >= 262144) {
                    throw new AssertionError();
                }
                this.innerRandomStreamKey = bArr;
                return false;
            case 9:
                this.streamStartBytes = bArr;
                return false;
            case 10:
                if (!$assertionsDisabled && this.version >= 262144) {
                    throw new AssertionError();
                }
                setRandomStreamID(bArr);
                return false;
            case 11:
                this.db.kdfParameters = KdfParameters.deserialize(bArr);
                return false;
            case 12:
                this.db.publicCustomData = KdfParameters.deserialize(bArr);
                break;
        }
        throw new IOException("Invalid header type: " + ((int) read));
    }

    private void setCipher(byte[] bArr) throws IOException {
        if (bArr == null || bArr.length != 16) {
            throw new IOException("Invalid cipher ID.");
        }
        this.db.dataCipher = Types.bytestoUUID(bArr);
    }

    private void setCompressionFlags(byte[] bArr) throws IOException {
        if (bArr == null || bArr.length != 4) {
            throw new IOException("Invalid compression flags.");
        }
        int readInt = LEDataInputStream.readInt(bArr, 0);
        if (readInt < 0 || readInt >= 2) {
            throw new IOException("Unrecognized compression flag.");
        }
        this.db.compressionAlgorithm = PwCompressionAlgorithm.fromId(readInt);
    }

    private void setTransformRounds(byte[] bArr) throws IOException {
        if (bArr == null || bArr.length != 8) {
            throw new IOException("Invalid rounds.");
        }
        long readLong = LEDataInputStream.readLong(bArr, 0);
        if (readLong < 0 || readLong > 2147483647L) {
            throw new IOException("Rounds higher than 2147483647 are not currently supported.");
        }
        this.db.numKeyEncRounds = readLong;
    }

    private boolean validVersion(long j) {
        return ((-65536) & j) <= 262144;
    }

    public byte[] getTransformSeed() {
        if ($assertionsDisabled || this.version < 262144) {
            return this.db.kdfParameters.getByteArray("S");
        }
        throw new AssertionError();
    }

    public HeaderAndHash loadFromFile(InputStream inputStream) throws IOException, InvalidDBVersionException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA256);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            LEDataInputStream lEDataInputStream = new LEDataInputStream(new DigestInputStream(new CopyInputStream(inputStream, byteArrayOutputStream), messageDigest));
            if (!matchesHeader(lEDataInputStream.readInt(), lEDataInputStream.readInt())) {
                throw new InvalidDBVersionException();
            }
            this.version = lEDataInputStream.readUInt();
            if (!validVersion(this.version)) {
                throw new InvalidDBVersionException();
            }
            boolean z = false;
            while (!z) {
                z = readHeaderField(lEDataInputStream);
            }
            return new HeaderAndHash(byteArrayOutputStream.toByteArray(), messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            throw new IOException("No SHA-256 implementation");
        }
    }

    public void setRandomStreamID(byte[] bArr) throws IOException {
        if (bArr == null || bArr.length != 4) {
            throw new IOException("Invalid stream id.");
        }
        int readInt = LEDataInputStream.readInt(bArr, 0);
        if (readInt < 0 || readInt >= 4) {
            throw new IOException("Invalid stream id.");
        }
        this.innerRandomStream = CrsAlgorithm.fromId(readInt);
    }
}
