package com.citrixonline.universal.helpers;

import android.util.Base64;
import com.citrixonline.foundation.utils.DataBuffer;
import com.citrixonline.foundation.utils.ECContainer;
import com.citrixonline.foundation.utils.IntegerSet;
import com.citrixonline.platform.MCAPI.E2ESec.SecurityPolicy;
import com.citrixonline.platform.MCAPI.IChannelListener;
import com.citrixonline.platform.MCAPI.IMChannel;
import com.citrixonline.platform.MCAPI.ISecureSession;
import com.citrixonline.platform.MCAPI.ISecureSessionListener;
import com.citrixonline.platform.MCAPI.MEpoch;
import com.citrixonline.platform.MCAPI.MPacket;
import com.citrixonline.sharedlib.shared.ExceptionLogger;
import com.citrixonline.universal.miscellaneous.Log;
import com.citrixonline.universal.models.MeetingModel;
import java.util.Arrays;
import java.util.Random;
import java.util.Vector;

/* loaded from: classes.dex */
public class E2EAuthenticator implements ISecureSessionListener, IChannelListener {
    private static final int MAX_PASSWORD_ATTEMPTS = 3;
    private static final int SALT_LENGTH = 16;
    private IMChannel _channel;
    private IE2EAuthenticatorListener _listener;
    private ISecureSession _session;
    private KeyGenerator _keyGen = null;
    private byte[] _sessionSecret = null;
    private int _saltVersion = 2;
    private int _e2eVersion = 0;
    private byte[] _salt = null;
    private byte[] _validSignature = null;
    private int _passwordAttemptCount = 0;

    private void _injectKeySet(ISecureSession iSecureSession, int i) {
        Log.info("Injecting E2Esec key " + i + " for participant " + iSecureSession.getParticipantId());
        iSecureSession.createSA(i, SecurityPolicy.eCryptoAES128_CTR, this._keyGen.getEncryptionKey(i), SecurityPolicy.eIntegrityHMAC_SHA1, this._keyGen.getIntegrityKey(i));
    }

    private void injectKeySets() {
        if (!(this._session instanceof ISecureSession)) {
            Log.error("Unable to inject keys since session is not of type ISecureSession");
            return;
        }
        ISecureSession iSecureSession = this._session;
        iSecureSession.createSA(1, SecurityPolicy.eCryptoNone, null, SecurityPolicy.eIntegrityHMAC_SHA1, this._keyGen.getIntegrityKey(1));
        iSecureSession.createSA(2, SecurityPolicy.eCryptoAES128_CTR, this._keyGen.getEncryptionKey(2), SecurityPolicy.eIntegrityHMAC_SHA1, this._keyGen.getIntegrityKey(2));
        iSecureSession.setDefaultSAs(1, 2);
        iSecureSession.setSecurityListener(this);
    }

    private void sendSecurityFailedEvent(int i) {
        if (this._listener != null) {
            this._listener.e2eSecurityFailed(i);
        }
    }

    private synchronized void verifyPassword(String str) {
        if ((this._e2eVersion == 1 && (str == null || str.length() == 0)) || this._e2eVersion == this._saltVersion) {
            this._passwordAttemptCount++;
            this._keyGen = new KeyGenerator(this._sessionSecret, str, this._salt);
            if (Arrays.equals(this._keyGen.getSaltSignature(), this._validSignature)) {
                injectKeySets();
                Log.info("E2ESec is initialized.");
                if (this._listener != null) {
                    try {
                        this._listener.e2eSecurityAuthenticated();
                    } catch (Exception e) {
                        ExceptionLogger.log("SaltChannelHandler.verifyPassword: Error notifying listeners", e);
                        sendSecurityFailedEvent(1);
                    }
                }
            } else {
                this._keyGen = null;
                if (this._passwordAttemptCount >= 3) {
                    Log.info("Maximum number of password attempts expired.");
                    sendSecurityFailedEvent(4);
                } else if (str == null || str.length() == 0) {
                    Log.error("There was a problem with the salt channel data");
                    sendSecurityFailedEvent(1);
                } else {
                    Log.info("An invalid meeting password was used");
                    sendSecurityFailedEvent(3);
                }
            }
        } else {
            Log.error("Incompatible E2ESec version received: " + this._e2eVersion + " expected: " + this._saltVersion);
            sendSecurityFailedEvent(1);
        }
    }

    public void attemptNewPassword(String str) {
        verifyPassword(str);
    }

    public synchronized void beginAuthentication(ISecureSession iSecureSession, byte[] bArr, int i, int i2) {
        this._session = iSecureSession;
        this._sessionSecret = bArr;
        try {
            this._channel = this._session.subscribe(i2, i, 1);
        } catch (Exception e) {
            ExceptionLogger.log("Unable to subscribe to channel", e);
        }
        if (this._channel != null) {
            this._channel.subscribe(this);
        } else {
            Log.error("Failed to subscribe to salt channel");
            sendSecurityFailedEvent(1);
        }
    }

    public void dispose() {
        Log.debug("E2EAuthenticator.dispose()");
        this._session = null;
        this._sessionSecret = null;
        this._salt = null;
        this._validSignature = null;
    }

    @Override // com.citrixonline.platform.MCAPI.IChannelListener
    public void handleChannelEnable(IMChannel iMChannel) {
    }

    @Override // com.citrixonline.platform.MCAPI.IChannelListener
    public synchronized void handleEpoch(IMChannel iMChannel, MEpoch mEpoch) {
        try {
            Log.info(".handleEpoch()");
            if (mEpoch.working == null || mEpoch.working.isEmpty()) {
                Log.error("SaltChannelHandler.handelEpoch: epoch working set is empty.");
            } else {
                MPacket packet = iMChannel.getPacket(mEpoch.getStream(), mEpoch.working.any());
                ECContainer eCContainer = new ECContainer();
                eCContainer.unserializeFromByteArray(packet.data.exportBuffer());
                Log.info("Initializing E2Esec.");
                this._e2eVersion = eCContainer.getInt("Version");
                this._salt = Base64.decode(eCContainer.getBase64("Salt"), 0);
                this._validSignature = Base64.decode(eCContainer.getBase64("Signature"), 0);
                iMChannel.unsubscribe();
                if (MeetingModel.getInstance().getMeetingInfo().isPasswordRequired().booleanValue()) {
                    sendSecurityFailedEvent(2);
                } else {
                    verifyPassword(null);
                }
            }
        } catch (Exception e) {
            ExceptionLogger.log("SaltChannelHandler.handelEpoch: channel " + iMChannel.getAnchor() + ":" + iMChannel.getNumber() + " epoch stream " + mEpoch.getStream(), e);
            sendSecurityFailedEvent(1);
        }
    }

    @Override // com.citrixonline.platform.MCAPI.ISecureSessionListener
    public void handleMissingKeySet(ISecureSession iSecureSession, int i) {
        Log.info("Handle missing key set " + i + " for participant " + iSecureSession.getParticipantId());
        _injectKeySet(iSecureSession, i);
    }

    public synchronized void publishAuthentication(ISecureSession iSecureSession, byte[] bArr, int i) {
        this._session = iSecureSession;
        this._sessionSecret = bArr;
        iSecureSession.setSpecialSAs(i, 0, 0);
        new IntegerSet().add(2);
        this._channel = this._session.activate(i, 1);
        this._salt = new byte[16];
        Random random = new Random();
        random.setSeed(System.currentTimeMillis());
        random.nextBytes(this._salt);
        this._keyGen = new KeyGenerator(this._sessionSecret, null, this._salt);
        this._validSignature = this._keyGen.getSaltSignature();
        ECContainer eCContainer = new ECContainer();
        eCContainer.setBase64("Salt", Base64.encodeToString(this._salt, 2));
        eCContainer.setBase64("Signature", Base64.encodeToString(this._validSignature, 2));
        eCContainer.setInt("Version", this._saltVersion);
        DataBuffer dataBuffer = new DataBuffer();
        try {
            byte[] serializeToByteArray = eCContainer.serializeToByteArray();
            dataBuffer.writeInt(serializeToByteArray.length);
            dataBuffer.write(serializeToByteArray);
            dataBuffer.rewind();
            Vector vector = new Vector();
            vector.add(dataBuffer);
            if (this._channel.sendEpochAtomic(vector)) {
                injectKeySets();
            } else {
                Log.error("Failed to write epoch to publish salt for end to end encryption.");
                sendSecurityFailedEvent(1);
            }
        } catch (Exception e) {
            Log.error("Failed to serialize data to publish salt for end to end encryption.");
            sendSecurityFailedEvent(1);
        }
    }

    public synchronized void registerListener(IE2EAuthenticatorListener iE2EAuthenticatorListener) {
        this._listener = iE2EAuthenticatorListener;
    }

    public synchronized void unregisterListener() {
        this._listener = null;
    }
}
