package org.cryptomator.data.cloud.crypto;

import android.R;
import java.io.ByteArrayOutputStream;
import java.text.Normalizer;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.cryptomator.cryptolib.api.Cryptor;
import org.cryptomator.cryptolib.api.CryptorProvider;
import org.cryptomator.cryptolib.api.InvalidPassphraseException;
import org.cryptomator.cryptolib.api.KeyFile;
import org.cryptomator.cryptolib.api.UnsupportedVaultFormatException;
import org.cryptomator.domain.Cloud;
import org.cryptomator.domain.CloudFile;
import org.cryptomator.domain.CloudFolder;
import org.cryptomator.domain.Vault;
import org.cryptomator.domain.exception.BackendException;
import org.cryptomator.domain.exception.CancellationException;
import org.cryptomator.domain.repository.CloudContentRepository;
import org.cryptomator.domain.usecases.ProgressAware;
import org.cryptomator.domain.usecases.cloud.ByteArrayDataSource;
import org.cryptomator.domain.usecases.cloud.Flag;
import org.cryptomator.domain.usecases.vault.UnlockToken;
import org.cryptomator.util.Optional;

@Singleton
/* loaded from: classes4.dex */
public class CryptoCloudFactory {
    private final CloudContentRepository cloudContentRepository;
    private final CryptoCloudContentRepositoryFactory cryptoCloudContentRepositoryFactory;
    private final CryptorProvider cryptorProvider;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public static class UnlockTokenImpl implements UnlockToken {
        private final byte[] keyFileData;
        private final Vault vault;

        private UnlockTokenImpl(Vault vault, byte[] bArr) {
            this.vault = vault;
            this.keyFileData = bArr;
        }

        public KeyFile getKeyFile() {
            return KeyFile.parse(this.keyFileData);
        }

        @Override // org.cryptomator.domain.usecases.vault.UnlockToken
        public Vault getVault() {
            return this.vault;
        }
    }

    @Inject
    public CryptoCloudFactory(CloudContentRepository cloudContentRepository, CryptoCloudContentRepositoryFactory cryptoCloudContentRepositoryFactory, CryptorProvider cryptorProvider) {
        this.cryptorProvider = cryptorProvider;
        this.cloudContentRepository = cloudContentRepository;
        this.cryptoCloudContentRepositoryFactory = cryptoCloudContentRepositoryFactory;
    }

    private void assertVaultVersionIsSupported(int i) {
        if (i < 5) {
            throw new UnsupportedVaultFormatException(Integer.valueOf(i), 5);
        }
        if (i > 7) {
            throw new UnsupportedVaultFormatException(Integer.valueOf(i), 7);
        }
    }

    private void createBackupMasterKeyFile(byte[] bArr, CloudFolder cloudFolder) throws BackendException {
        this.cloudContentRepository.write(masterkeyBackupFile(cloudFolder, bArr), ByteArrayDataSource.from(bArr), ProgressAware.NO_OP_PROGRESS_AWARE, true, bArr.length);
    }

    private void createNewMasterKeyFile(byte[] bArr, int i, String str, String str2, CloudFolder cloudFolder) throws BackendException {
        this.cloudContentRepository.write(masterkeyFile(cloudFolder), ByteArrayDataSource.from(org.cryptomator.cryptolib.Cryptors.changePassphrase(this.cryptorProvider, bArr, normalizePassword(str, i), normalizePassword(str2, i))), ProgressAware.NO_OP_PROGRESS_AWARE, true, r8.length);
    }

    private void createRootFolder(CloudFolder cloudFolder, Cryptor cryptor) throws BackendException {
        CloudFolder create = this.cloudContentRepository.create(this.cloudContentRepository.folder(cloudFolder, "d"));
        String hashDirectoryId = cryptor.fileNameCryptor().hashDirectoryId("");
        this.cloudContentRepository.create(this.cloudContentRepository.folder(this.cloudContentRepository.create(this.cloudContentRepository.folder(create, hashDirectoryId.substring(0, 2))), hashDirectoryId.substring(2)));
    }

    private UnlockTokenImpl createUnlockToken(Vault vault, CloudFolder cloudFolder) throws BackendException {
        UnlockTokenImpl unlockTokenImpl = new UnlockTokenImpl(vault, readKeyFileData(cloudFolder));
        assertVaultVersionIsSupported(unlockTokenImpl.getKeyFile().getVersion());
        return unlockTokenImpl;
    }

    private Cryptor cryptorFor(KeyFile keyFile, CharSequence charSequence) {
        return this.cryptorProvider.createFromKeyFile(keyFile, normalizePassword(charSequence, keyFile.getVersion()), keyFile.getVersion());
    }

    private CloudFile masterkeyBackupFile(CloudFolder cloudFolder, byte[] bArr) throws BackendException {
        return this.cloudContentRepository.file(cloudFolder, "masterkey.cryptomator" + BackupFileIdSuffixGenerator.generate(bArr) + ".bkup");
    }

    private CloudFile masterkeyFile(CloudFolder cloudFolder) throws BackendException {
        return this.cloudContentRepository.file(cloudFolder, "masterkey.cryptomator");
    }

    private CharSequence normalizePassword(CharSequence charSequence, int i) {
        return i >= 6 ? Normalizer.normalize(charSequence, Normalizer.Form.NFC) : charSequence;
    }

    private byte[] readKeyFileData(CloudFolder cloudFolder) throws BackendException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        this.cloudContentRepository.read(masterkeyFile(cloudFolder), Optional.empty(), byteArrayOutputStream, ProgressAware.NO_OP_PROGRESS_AWARE);
        return byteArrayOutputStream.toByteArray();
    }

    private CloudFolder vaultLocation(Vault vault) throws BackendException {
        return this.cloudContentRepository.resolve(vault.getCloud(), vault.getPath());
    }

    private void writeKeyFile(CloudFolder cloudFolder, KeyFile keyFile) throws BackendException {
        this.cloudContentRepository.write(masterkeyFile(cloudFolder), ByteArrayDataSource.from(keyFile.serialize()), ProgressAware.NO_OP_PROGRESS_AWARE, false, r9.length);
    }

    public void changePassword(Vault vault, String str, String str2) throws BackendException {
        CloudFolder vaultLocation = vaultLocation(vault);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        this.cloudContentRepository.read(masterkeyFile(vaultLocation), Optional.empty(), byteArrayOutputStream, ProgressAware.NO_OP_PROGRESS_AWARE);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        int version = KeyFile.parse(byteArray).getVersion();
        createBackupMasterKeyFile(byteArray, vaultLocation);
        createNewMasterKeyFile(byteArray, version, str, str2, vaultLocation);
    }

    public void create(CloudFolder cloudFolder, CharSequence charSequence) throws BackendException {
        Cryptor createNew = this.cryptorProvider.createNew();
        try {
            writeKeyFile(cloudFolder, createNew.writeKeysToMasterkeyFile(normalizePassword(charSequence, R.attr.version), 7));
            createRootFolder(cloudFolder, createNew);
        } finally {
            createNew.destroy();
        }
    }

    public UnlockTokenImpl createUnlockToken(Vault vault) throws BackendException {
        return createUnlockToken(vault, this.cloudContentRepository.resolve(vault.getCloud(), vault.getPath()));
    }

    public Cloud decryptedViewOf(Vault vault) throws BackendException {
        return new CryptoCloud(Vault.aCopyOf(vault).build());
    }

    public boolean isVaultPasswordValid(Vault vault, CharSequence charSequence) throws BackendException {
        try {
            cryptorFor(createUnlockToken(vault).getKeyFile(), charSequence).destroy();
            return true;
        } catch (InvalidPassphraseException unused) {
            return false;
        }
    }

    public void lock(Vault vault) {
        this.cryptoCloudContentRepositoryFactory.deregisterCryptor(vault);
    }

    public Vault unlock(Vault vault, CharSequence charSequence, Flag flag) throws BackendException {
        return unlock(createUnlockToken(vault), charSequence, flag);
    }

    public Vault unlock(UnlockToken unlockToken, CharSequence charSequence, Flag flag) throws BackendException {
        UnlockTokenImpl unlockTokenImpl = (UnlockTokenImpl) unlockToken;
        Cryptor cryptorFor = cryptorFor(unlockTokenImpl.getKeyFile(), charSequence);
        if (flag.get()) {
            throw new CancellationException();
        }
        this.cryptoCloudContentRepositoryFactory.registerCryptor(unlockTokenImpl.getVault(), cryptorFor);
        return Vault.aCopyOf(unlockToken.getVault()).withVersion(unlockTokenImpl.getKeyFile().getVersion()).build();
    }
}
