package com.netflix.mediaclient.service.msl.client;

import com.netflix.android.org.json.JSONObject;
import com.netflix.mediaclient.Log;
import com.netflix.mediaclient.StatusCode;
import com.netflix.mediaclient.service.configuration.crypto.CryptoManager;
import com.netflix.mediaclient.service.configuration.crypto.CryptoManagerRegistry;
import com.netflix.mediaclient.util.StringUtils;
import com.netflix.msl.MslCryptoException;
import com.netflix.msl.MslEncodingException;
import com.netflix.msl.MslError;
import com.netflix.msl.crypto.ICryptoContext;
import com.netflix.msl.crypto.MslCiphertextEnvelope;
import com.netflix.msl.crypto.MslSignatureEnvelope;
import com.netflix.msl.io.MslEncoderFactory;
import com.netflix.msl.io.MslEncoderFormat;
import com.netflix.msl.keyx.WidevineKeyRequestData;
import com.netflix.msl.keyx.WidevineKeyResponseData;
import com.netflix.msl.tokens.MasterToken;
import com.netflix.msl.util.MslContext;

/* loaded from: classes.dex */
public class WidevineCryptoContext implements ICryptoContext {
    private static final int AES_IV_SIZE = 16;
    public static boolean DEBUG_FORCE_VERIFY_ERROR = false;
    private static final String KEY_ENCRYPTION_KEY_ID = "encryptionKeyId";
    private static final String KEY_ENVELOPE_ID = "envelopeId";
    private static final String KEY_HMAC_KEY_ID = "hmacKeyId";
    private static final String KEY_SET_ID = "keySetId";
    private static final String TAG = "nf_msl";
    private transient CryptoManager.CryptoSession cryptoSession;
    private MslContext ctx;
    private CryptoManager.KeyId encryptionKeyId;
    private String envelopeId;
    private CryptoManager.KeyId hmacKeyId;

    private WidevineCryptoContext(MslContext mslContext, JSONObject jSONObject) {
        String string = jSONObject.getString(KEY_ENCRYPTION_KEY_ID);
        String optString = jSONObject.optString(KEY_HMAC_KEY_ID);
        String optString2 = jSONObject.optString(KEY_ENVELOPE_ID);
        String optString3 = jSONObject.optString(KEY_SET_ID);
        Log.d(TAG, "WidevineCryptoContex:: restoring crypto session....");
        if (mslContext == null) {
            throw new IllegalStateException("MSL context is null!");
        }
        if (StringUtils.isEmpty(optString2)) {
            throw new IllegalStateException("envelopeId is null!");
        }
        this.ctx = mslContext;
        this.encryptionKeyId = new CryptoManager.KeyId(string);
        this.hmacKeyId = new CryptoManager.KeyId(optString);
        this.envelopeId = optString2;
        this.cryptoSession = CryptoManagerRegistry.getCryptoManager().restoreCryptoSession(new CryptoManager.KeyId(optString3));
        if (this.cryptoSession == null) {
            throw new IllegalStateException("Unable to restore crypto session!");
        }
    }

    public WidevineCryptoContext(MslContext mslContext, String str, WidevineKeyRequestData widevineKeyRequestData, WidevineKeyResponseData widevineKeyResponseData, MasterToken masterToken) {
        Log.d(TAG, "WidevineCryptoContex::");
        if (mslContext == null) {
            throw new IllegalStateException("MSL context is null!");
        }
        if (widevineKeyRequestData == null) {
            throw new IllegalStateException("CDM request is null!");
        }
        if (widevineKeyResponseData == null) {
            throw new IllegalStateException("CDM response is null!");
        }
        this.ctx = mslContext;
        this.encryptionKeyId = new CryptoManager.KeyId(widevineKeyResponseData.getEncryptionKeyId());
        this.hmacKeyId = new CryptoManager.KeyId(widevineKeyResponseData.getHmacKeyId());
        this.envelopeId = str + "_" + widevineKeyResponseData.getMasterToken().getSequenceNumber();
        this.cryptoSession = CryptoManagerRegistry.getCryptoManager().updateKeyResponse(widevineKeyRequestData, widevineKeyResponseData.getKeyResponse(), this.encryptionKeyId, this.hmacKeyId);
    }

    public static WidevineCryptoContext restoreWidevineCryptoContext(MslContext mslContext, JSONObject jSONObject) {
        return new WidevineCryptoContext(mslContext, jSONObject);
    }

    @Override // com.netflix.msl.crypto.ICryptoContext
    public byte[] decrypt(byte[] bArr, MslEncoderFactory mslEncoderFactory) {
        if (this.encryptionKeyId == null) {
            throw new MslCryptoException(MslError.DECRYPT_NOT_SUPPORTED, "no encryption/decryption key");
        }
        try {
            MslCiphertextEnvelope mslCiphertextEnvelope = new MslCiphertextEnvelope(mslEncoderFactory.parseObject(bArr), MslCiphertextEnvelope.Version.V1);
            if (!mslCiphertextEnvelope.getKeyId().equals(this.envelopeId)) {
                throw new MslCryptoException(MslError.ENVELOPE_KEY_ID_MISMATCH);
            }
            byte[] ciphertext = mslCiphertextEnvelope.getCiphertext();
            if (ciphertext.length == 0) {
                return new byte[0];
            }
            return CryptoManagerRegistry.getCryptoManager().decrypt(this.cryptoSession, this.encryptionKeyId, ciphertext, mslCiphertextEnvelope.getIv());
        } catch (Throwable th) {
            throw new WidevineContextException("WidevineCryptoContext::decrypt failed.", StatusCode.MSL_WV_DECRYPT_ERROR, th);
        }
    }

    @Override // com.netflix.msl.crypto.ICryptoContext
    public byte[] encrypt(byte[] bArr, MslEncoderFactory mslEncoderFactory, MslEncoderFormat mslEncoderFormat) {
        if (this.encryptionKeyId == null) {
            throw new MslCryptoException(MslError.ENCRYPT_NOT_SUPPORTED, "no encryption/decryption key");
        }
        try {
            byte[] bArr2 = new byte[16];
            this.ctx.getRandom().nextBytes(bArr2);
            return new MslCiphertextEnvelope(this.envelopeId, bArr2, bArr.length != 0 ? CryptoManagerRegistry.getCryptoManager().encrypt(this.cryptoSession, this.encryptionKeyId, bArr, bArr2) : new byte[0]).toMslEncoding(mslEncoderFactory, mslEncoderFormat);
        } catch (Throwable th) {
            throw new WidevineContextException("WidevineCryptoContext::encrypt failed.", StatusCode.MSL_WV_ENCRYPT_ERROR, th);
        }
    }

    public CryptoManager.KeyId getEncryptionKeyId() {
        return this.encryptionKeyId;
    }

    public CryptoManager.KeyId getHmacKeyId() {
        return this.hmacKeyId;
    }

    public void release() {
        Log.d(TAG, "Widevine crypto context, release crypto session!");
        CryptoManagerRegistry.getCryptoManager().releaseCryptoSession(this.cryptoSession);
    }

    @Override // com.netflix.msl.crypto.ICryptoContext
    public byte[] sign(byte[] bArr, MslEncoderFactory mslEncoderFactory, MslEncoderFormat mslEncoderFormat) {
        if (this.hmacKeyId == null) {
            throw new MslCryptoException(MslError.SIGN_NOT_SUPPORTED, "No signature key.");
        }
        try {
            return new MslSignatureEnvelope(CryptoManagerRegistry.getCryptoManager().sign(this.cryptoSession, this.hmacKeyId, bArr)).getBytes(mslEncoderFactory, mslEncoderFormat);
        } catch (Throwable th) {
            throw new WidevineContextException("WidevineCryptoContext::sign failed.", StatusCode.MSL_WV_SIGN_ERROR, th);
        }
    }

    public JSONObject toJSONObject() {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(KEY_ENCRYPTION_KEY_ID, this.encryptionKeyId.getAsBase64EncodedString());
        jSONObject.put(KEY_HMAC_KEY_ID, this.hmacKeyId.getAsBase64EncodedString());
        jSONObject.put(KEY_ENVELOPE_ID, this.envelopeId);
        jSONObject.put(KEY_SET_ID, this.cryptoSession.keySetId.getAsBase64EncodedString());
        return jSONObject;
    }

    public String toString() {
        return "WidevineCryptoContext{encryptionKeyId='" + this.encryptionKeyId + "', hmacKeyId='" + this.hmacKeyId + "', ctx=" + this.ctx + ", envelopeId='" + this.envelopeId + "', cryptoSession='" + this.cryptoSession + "'}";
    }

    @Override // com.netflix.msl.crypto.ICryptoContext
    public byte[] unwrap(byte[] bArr, MslEncoderFactory mslEncoderFactory) {
        throw new MslCryptoException(MslError.UNWRAP_NOT_SUPPORTED, "no wrap/unwrap key");
    }

    @Override // com.netflix.msl.crypto.ICryptoContext
    public boolean verify(byte[] bArr, byte[] bArr2, MslEncoderFactory mslEncoderFactory) {
        if (this.hmacKeyId == null) {
            throw new MslCryptoException(MslError.VERIFY_NOT_SUPPORTED, "No signature key.");
        }
        try {
            return CryptoManagerRegistry.getCryptoManager().verify(this.cryptoSession, this.hmacKeyId, bArr, MslSignatureEnvelope.parse(bArr2, mslEncoderFactory).getSignature());
        } catch (MslCryptoException e) {
            throw e;
        } catch (MslEncodingException e2) {
            throw new MslCryptoException(MslError.SIGNATURE_ENVELOPE_PARSE_ERROR, e2);
        } catch (Throwable th) {
            throw new WidevineContextException("WidevineCryptoContext::verify failed.", StatusCode.MSL_WV_VERIFY_ERROR, th);
        }
    }

    @Override // com.netflix.msl.crypto.ICryptoContext
    public byte[] wrap(byte[] bArr, MslEncoderFactory mslEncoderFactory, MslEncoderFormat mslEncoderFormat) {
        throw new MslCryptoException(MslError.WRAP_NOT_SUPPORTED, "no wrap/unwrap key");
    }
}
