package me.digi.sdk.crypto;

import android.support.annotation.NonNull;
import android.util.Base64InputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.PrivateKey;
import java.util.Iterator;
import org.spongycastle.util.Arrays;

/* loaded from: classes.dex */
public class CACryptoProvider {
    private static final int DIV_LENGTH = 16;
    private static final int ENCRYPTED_DSK_LENGTH = 256;
    private static final int HASH_LENGTH = 64;
    private CAKeyStore providerKeys;

    public CACryptoProvider(@NonNull PrivateKey privateKey) {
        this.providerKeys = new CAKeyStore(privateKey);
    }

    public CACryptoProvider(@NonNull CAKeyStore cAKeyStore) {
        this.providerKeys = cAKeyStore;
    }

    private byte[] readAndVerify(InputStream inputStream) throws DGMCryptoFailureException, IOException {
        byte[] bArr = new byte[64];
        if (inputStream.read(bArr) != bArr.length) {
            throw new DGMCryptoFailureException(FailureCause.CHECKSUM_CORRUPTED_FAILURE);
        }
        byte[] readBytesFromStream = ByteUtils.readBytesFromStream(inputStream);
        verifyHashForData(readBytesFromStream, bArr);
        return readBytesFromStream;
    }

    private void verifyHashForData(byte[] bArr, byte[] bArr2) throws DGMCryptoFailureException {
        if (!Arrays.areEqual(CryptoUtils.hashSha512(bArr), bArr2)) {
            throw new DGMCryptoFailureException(FailureCause.DATA_CORRUPTED_FAILURE);
        }
    }

    public String decryptStream(@NonNull InputStream inputStream) throws IOException, DGMCryptoFailureException {
        return decryptStream(inputStream, true);
    }

    public String decryptStream(@NonNull InputStream inputStream, boolean z) throws IOException, DGMCryptoFailureException {
        byte[] decryptRSA;
        byte[] readBytesFromStream;
        int length;
        byte[] bArr = new byte[256];
        byte[] bArr2 = new byte[16];
        if (this.providerKeys.isEmpty()) {
            throw new DGMCryptoFailureException(FailureCause.INVALID_KEY_FAILURE);
        }
        InputStream inputStream2 = inputStream;
        if (z) {
            inputStream2 = new Base64InputStream(inputStream, 0);
        }
        if (inputStream2.read(bArr) != bArr.length || inputStream2.read(bArr2) != bArr2.length) {
            throw new DGMCryptoFailureException(FailureCause.FILE_READING_FAILURE);
        }
        ByteArrayInputStream byteArrayInputStream = null;
        Iterator<PrivateKey> it = this.providerKeys.iterator();
        boolean z2 = true;
        while (it.hasNext() && z2) {
            try {
                decryptRSA = CryptoUtils.decryptRSA(bArr, it.next());
                readBytesFromStream = ByteUtils.readBytesFromStream(inputStream2);
                length = readBytesFromStream.length + 256 + 16;
            } catch (Exception e) {
                if (!it.hasNext()) {
                    throw new DGMCryptoFailureException(FailureCause.DATA_CORRUPTED_FAILURE, e);
                }
            }
            if (length < 352 || length % 16 != 0) {
                throw new DGMCryptoFailureException(FailureCause.CHECKSUM_CORRUPTED_FAILURE);
                break;
            }
            z2 = false;
            byteArrayInputStream = new ByteArrayInputStream(CryptoUtils.decryptAES(readBytesFromStream, decryptRSA, bArr2));
        }
        return ByteUtils.bytesToString(readAndVerify(byteArrayInputStream));
    }

    public boolean hasValidKeys() {
        return !this.providerKeys.isEmpty();
    }
}
