package org.linguafranca.pwdb.kdbx;

import java.io.InputStream;
import java.io.OutputStream;
import java.nio.ByteBuffer;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.UUID;
import org.linguafranca.pwdb.Credentials;
import org.linguafranca.pwdb.StreamConfiguration;
import org.linguafranca.pwdb.security.Aes;
import org.linguafranca.pwdb.security.ChaCha;
import org.linguafranca.pwdb.security.CipherAlgorithm;
import org.linguafranca.pwdb.security.Encryption;
import org.linguafranca.pwdb.security.KeyDerivationFunction;
import org.linguafranca.pwdb.security.StreamEncryptor;
import org.linguafranca.pwdb.security.VariantDictionary;

/* loaded from: input_file:org/linguafranca/pwdb/kdbx/KdbxHeader.class */
public class KdbxHeader implements StreamConfiguration {
    private final List<Integer> allowableVersions;
    private int version;
    protected UUID cipherUuid;
    private byte[] masterSeed;
    private byte[] encryptionIv;
    private CompressionFlags compressionFlags;
    private byte[] transformSeed;
    private long transformRounds;
    private byte[] innerRandomStreamKey;
    private Encryption.ProtectedStreamAlgorithm protectedStreamAlgorithm;
    private CipherAlgorithm cipherAlgorithm;
    private KeyDerivationFunction keyDerivationFunction;
    private byte[] streamStartBytes;
    private VariantDictionary kdfParameters;
    private VariantDictionary customData;
    List<byte[]> binaries;
    private byte[] headerHash;
    private byte[] headerBytes;
    public static SecureRandom random;

    /* loaded from: input_file:org/linguafranca/pwdb/kdbx/KdbxHeader$CompressionFlags.class */
    public enum CompressionFlags {
        NONE,
        GZIP
    }

    /* loaded from: input_file:org/linguafranca/pwdb/kdbx/KdbxHeader$KdbxHeaderOptions.class */
    interface KdbxHeaderOptions {
        int getVersion();

        CipherAlgorithm getCipherAlgorithm();

        KeyDerivationFunction getKeyDerivationFunction();

        Encryption.ProtectedStreamAlgorithm getProtectedStreamAlgorithm();
    }

    /* loaded from: input_file:org/linguafranca/pwdb/kdbx/KdbxHeader$KdbxHeaderOpts.class */
    enum KdbxHeaderOpts implements KdbxHeaderOptions {
        V3_AES_SALSA_20(3, Encryption.Cipher.AES, Encryption.KeyDerivationFunction.AES, Encryption.ProtectedStreamAlgorithm.SALSA_20),
        V4_AES_ARGON_CHA_CHA(4, Encryption.Cipher.AES, Encryption.KeyDerivationFunction.ARGON2, Encryption.ProtectedStreamAlgorithm.CHA_CHA_20);

        final int version;
        final CipherAlgorithm algorithm;
        final KeyDerivationFunction kdf;
        final Encryption.ProtectedStreamAlgorithm protectedStreamAlgorithm;

        KdbxHeaderOpts(int i, Encryption.Cipher cipher, Encryption.KeyDerivationFunction keyDerivationFunction, Encryption.ProtectedStreamAlgorithm protectedStreamAlgorithm) {
            this.version = i;
            this.algorithm = cipher;
            this.kdf = keyDerivationFunction;
            this.protectedStreamAlgorithm = protectedStreamAlgorithm;
        }

        @Override // org.linguafranca.pwdb.kdbx.KdbxHeader.KdbxHeaderOptions
        public int getVersion() {
            return this.version;
        }

        @Override // org.linguafranca.pwdb.kdbx.KdbxHeader.KdbxHeaderOptions
        public CipherAlgorithm getCipherAlgorithm() {
            return this.algorithm;
        }

        @Override // org.linguafranca.pwdb.kdbx.KdbxHeader.KdbxHeaderOptions
        public KeyDerivationFunction getKeyDerivationFunction() {
            return this.kdf;
        }

        @Override // org.linguafranca.pwdb.kdbx.KdbxHeader.KdbxHeaderOptions
        public Encryption.ProtectedStreamAlgorithm getProtectedStreamAlgorithm() {
            return this.protectedStreamAlgorithm;
        }
    }

    public KdbxHeader() {
        this(KdbxHeaderOpts.V3_AES_SALSA_20);
    }

    public KdbxHeader(int i) {
        this(i == 3 ? KdbxHeaderOpts.V3_AES_SALSA_20 : KdbxHeaderOpts.V4_AES_ARGON_CHA_CHA);
    }

    public KdbxHeader(KdbxHeaderOptions kdbxHeaderOptions) {
        this.allowableVersions = new ArrayList(Arrays.asList(3, 4));
        this.binaries = new ArrayList();
        this.version = kdbxHeaderOptions.getVersion();
        setCipherAlgorithm(kdbxHeaderOptions.getCipherAlgorithm());
        setKeyDerivationFunction(kdbxHeaderOptions.getKeyDerivationFunction());
        setProtectedStreamAlgorithm(kdbxHeaderOptions.getProtectedStreamAlgorithm());
        this.cipherUuid = kdbxHeaderOptions.getCipherAlgorithm().getCipherUuid();
        this.compressionFlags = CompressionFlags.GZIP;
        this.masterSeed = random.generateSeed(32);
        this.transformSeed = random.generateSeed(32);
        this.transformRounds = 6000L;
        this.encryptionIv = random.generateSeed(16);
        this.innerRandomStreamKey = random.generateSeed(32);
        this.streamStartBytes = new byte[32];
    }

    public byte[] getHmacKey(Credentials credentials) {
        MessageDigest sha512MessageDigestInstance = Encryption.getSha512MessageDigestInstance();
        sha512MessageDigestInstance.update(getMasterSeed());
        sha512MessageDigestInstance.update(getTransformedKeyDigest(credentials.getKey()));
        return sha512MessageDigestInstance.digest(new byte[]{1});
    }

    public void verifyHeaderHmac(byte[] bArr, byte[] bArr2) {
        if (!Arrays.equals(Encryption.getHMacSha256Instance(bArr).doFinal(getHeaderBytes()), bArr2)) {
            throw new IllegalStateException("Header HMAC does not match");
        }
    }

    public InputStream createDecryptedStream(byte[] bArr, InputStream inputStream) {
        MessageDigest sha256MessageDigestInstance = Encryption.getSha256MessageDigestInstance();
        sha256MessageDigestInstance.update(this.masterSeed);
        return Encryption.Cipher.getCipherAlgorithm(this.cipherUuid).getDecryptedInputStream(inputStream, sha256MessageDigestInstance.digest(getTransformedKeyDigest(bArr)), this.encryptionIv);
    }

    public StreamEncryptor getInnerStreamEncryptor() {
        return Encryption.ProtectedStreamAlgorithm.getStreamEncryptor(getProtectedStreamAlgorithm(), getInnerRandomStreamKey());
    }

    public byte[] getTransformedKeyDigest(byte[] bArr) {
        return this.kdfParameters == null ? Aes.getTransformedKey(bArr, this.transformSeed, this.transformRounds) : Encryption.KeyDerivationFunction.getKdf(this.kdfParameters.mustGet("$UUID").asUuid()).getTransformedKey(bArr, this.kdfParameters);
    }

    public OutputStream createEncryptedStream(byte[] bArr, OutputStream outputStream) {
        MessageDigest sha256MessageDigestInstance = Encryption.getSha256MessageDigestInstance();
        sha256MessageDigestInstance.update(this.masterSeed);
        return this.cipherAlgorithm.getEncryptedOutputStream(outputStream, sha256MessageDigestInstance.digest(getTransformedKeyDigest(bArr)), getEncryptionIv());
    }

    public byte[] getTransformSeed() {
        return this.version < 4 ? this.transformSeed : this.kdfParameters.mustGet("S").asByteArray();
    }

    public long getTransformRounds() {
        return this.version < 4 ? this.transformRounds : this.kdfParameters.mustGet("R").asLong();
    }

    public UUID getCipherUuid() {
        return this.cipherUuid;
    }

    public CompressionFlags getCompressionFlags() {
        return this.compressionFlags;
    }

    public byte[] getMasterSeed() {
        return this.masterSeed;
    }

    public byte[] getEncryptionIv() {
        return this.encryptionIv;
    }

    public byte[] getInnerRandomStreamKey() {
        return this.innerRandomStreamKey;
    }

    public byte[] getStreamStartBytes() {
        return this.streamStartBytes;
    }

    public CipherAlgorithm getCipherAlgorithm() {
        return this.cipherAlgorithm;
    }

    public KeyDerivationFunction getKeyDerivationFunction() {
        return this.keyDerivationFunction;
    }

    public Encryption.ProtectedStreamAlgorithm getProtectedStreamAlgorithm() {
        return this.protectedStreamAlgorithm;
    }

    public byte[] getHeaderHash() {
        return this.headerHash;
    }

    public int getVersion() {
        return this.version;
    }

    public VariantDictionary getKdfParameters() {
        return this.kdfParameters;
    }

    public StreamEncryptor getStreamEncryptor() {
        return Encryption.ProtectedStreamAlgorithm.getStreamEncryptor(getProtectedStreamAlgorithm(), this.innerRandomStreamKey);
    }

    public void setCompressionFlags(int i) {
        this.compressionFlags = CompressionFlags.values()[i];
    }

    public void setMasterSeed(byte[] bArr) {
        this.masterSeed = bArr;
    }

    public void setTransformSeed(byte[] bArr) {
        this.transformSeed = bArr;
    }

    public void setTransformRounds(long j) {
        this.transformRounds = j;
    }

    public void setEncryptionIv(byte[] bArr) {
        this.encryptionIv = bArr;
    }

    public void setInnerRandomStreamKey(byte[] bArr) {
        this.innerRandomStreamKey = bArr;
    }

    public void setStreamStartBytes(byte[] bArr) {
        this.streamStartBytes = bArr;
    }

    public void setInnerRandomStreamId(int i) {
        this.protectedStreamAlgorithm = Encryption.ProtectedStreamAlgorithm.getAlgorithm(i);
    }

    public void setProtectedStreamAlgorithm(Encryption.ProtectedStreamAlgorithm protectedStreamAlgorithm) {
        this.protectedStreamAlgorithm = protectedStreamAlgorithm;
    }

    public void setKeyDerivationFunction(KeyDerivationFunction keyDerivationFunction) {
        this.keyDerivationFunction = keyDerivationFunction;
        if (this.version > 3) {
            this.kdfParameters = this.keyDerivationFunction.createKdfParameters();
        }
    }

    public void setCipherAlgorithm(CipherAlgorithm cipherAlgorithm) {
        this.cipherAlgorithm = cipherAlgorithm;
        setCipherUuid(this.cipherAlgorithm.getCipherUuid());
        if (cipherAlgorithm.getName().equals("CHA_CHA_20")) {
            this.encryptionIv = random.generateSeed(12);
        }
    }

    public void setCipherUuid(byte[] bArr) {
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        UUID uuid = new UUID(wrap.getLong(), wrap.getLong(8));
        setCipherUuid(uuid);
        this.cipherAlgorithm = Encryption.Cipher.getCipherAlgorithm(uuid);
    }

    public void setCipherUuid(UUID uuid) {
        if (!uuid.equals(Aes.getInstance().getCipherUuid()) && !uuid.equals(ChaCha.getInstance().getCipherUuid())) {
            throw new IllegalStateException("Unknown Cipher UUID " + uuid);
        }
        this.cipherUuid = uuid;
    }

    public void setHeaderHash(byte[] bArr) {
        this.headerHash = bArr;
    }

    public void setVersion(int i) {
        if (!this.allowableVersions.contains(Integer.valueOf(i))) {
            throw new IllegalStateException("File version must be in " + this.allowableVersions);
        }
        this.version = i;
    }

    public void setKdfParameters(VariantDictionary variantDictionary) {
        this.kdfParameters = variantDictionary;
        this.keyDerivationFunction = Encryption.KeyDerivationFunction.getKdf(variantDictionary.get("$UUID").asUuid());
    }

    public void setCustomData(VariantDictionary variantDictionary) {
        this.customData = variantDictionary;
    }

    public void addBinary(byte[] bArr) {
        this.binaries.add(bArr);
    }

    public List<byte[]> getBinaries() {
        return this.binaries;
    }

    public byte[] getHeaderBytes() {
        return this.headerBytes;
    }

    public void setHeaderBytes(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        this.headerBytes = bArr2;
    }

    static {
        try {
            random = SecureRandom.getInstance("SHA1PRNG");
        } catch (NoSuchAlgorithmException e) {
            random = new SecureRandom();
        }
    }
}
