package com.snow.vpnclient.sdk.auth;

import com.huawei.hms.support.api.entity.core.JosStatusCodes;
import com.snow.vpnclient.sdk.LocalStorage;
import com.snow.vpnclient.sdk.appsdk.SnowCloudApplication;
import com.snow.vpnclient.sdk.appsdk.SnowShareManager;
import com.snow.vpnclient.sdk.util.DeviceUuidFactory;
import com.snow.vpnclient.sdk.xlog.SnowXLog;
import com.snowtech.communication.protocol.AuthorizationProto;
import com.snowtech.communication.protocol.BaseProto;
import java.io.IOException;
import java.net.DatagramPacket;
import java.net.DatagramSocket;
import java.net.InetAddress;
import java.net.SocketTimeoutException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Date;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.slf4j.Marker;
import xuenuo.google.protobuf.Any;
import xuenuo.google.protobuf.InvalidProtocolBufferException;
import xuenuo.google.protobuf.Timestamp;
import xuenuo.google.protobuf.util.JsonFormat;

/* loaded from: classes.dex */
public class SecurityAuth {
    private byte[] calculateMac(byte[] bArr, byte[] bArr2, byte[] bArr3) throws Exception {
        byte[] encoded = SecretKeyFactory.getInstance("AES").generateSecret(new SecretKeySpec(bArr3, "AES")).getEncoded();
        ByteBuffer allocate = ByteBuffer.allocate(bArr.length + 16 + bArr2.length);
        allocate.put(bArr2);
        allocate.put(bArr);
        allocate.putInt(0, 0);
        allocate.putInt(4, bArr.length);
        allocate.putInt(8, bArr2.length);
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(encoded, "HmacSHA256"));
        mac.update(allocate.array());
        return Arrays.copyOfRange(mac.doFinal(), 0, 16);
    }

    private byte[] decrypt(byte[] bArr, byte[] bArr2) throws Exception {
        SecretKeyFactory.getInstance("AES");
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "AES");
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, 12);
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, copyOfRange);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, secretKeySpec, gCMParameterSpec);
        byte[] doFinal = cipher.doFinal(bArr, 12, bArr.length - 12);
        byte[] copyOfRange2 = Arrays.copyOfRange(doFinal, 0, doFinal.length - 16);
        if (Arrays.equals(Arrays.copyOfRange(doFinal, doFinal.length - 16, doFinal.length), calculateMac(copyOfRange, copyOfRange2, bArr2))) {
            return copyOfRange2;
        }
        SnowXLog.writeFileLog(getClass(), "decrypt:Mac verification failed");
        throw new Exception("Mac verification failed");
    }

    private String getMD5(String str) {
        try {
            return toHexString(MessageDigest.getInstance(MessageDigestAlgorithms.MD5).digest(str.getBytes()));
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            return null;
        }
    }

    private String getRandomCode() {
        char[] charArray = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ".toCharArray();
        String str = "";
        int i = 0;
        while (i < 12) {
            char c = charArray[(int) (Math.random() * 36.0d)];
            if (str.contains(String.valueOf(c))) {
                i--;
            } else {
                str = str + c;
            }
            i++;
        }
        return str;
    }

    private String getSignatrue(long j, String str, String str2) {
        SnowXLog.writeFileLog(SecurityAuth.class, "getSignatrue:" + j + Marker.ANY_NON_NULL_MARKER + str + Marker.ANY_NON_NULL_MARKER + str2, SnowCloudApplication.INSTANCE.isOpenDebugLog);
        return getMD5("--snowtech_client--" + j + str + str2 + "--snowtech_client--");
    }

    private byte[] hexStringToBytes(String str) {
        int length = str.length();
        if (length % 2 != 0) {
            return null;
        }
        int i = length / 2;
        byte[] bArr = new byte[i];
        for (int i2 = 0; i2 < i; i2++) {
            int i3 = i2 * 2;
            try {
                bArr[i2] = (byte) Integer.parseInt(str.substring(i3, i3 + 2), 16);
            } catch (NumberFormatException unused) {
                return null;
            }
        }
        return bArr;
    }

    private String toHexString(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            String hexString = Integer.toHexString(b & 255);
            if (hexString.length() == 1) {
                hexString = "0" + hexString;
            }
            sb.append(hexString);
        }
        return sb.toString();
    }

    public void Auth(String str, Integer num) throws IOException {
        DatagramSocket datagramSocket;
        DatagramSocket datagramSocket2 = null;
        try {
            try {
                datagramSocket = new DatagramSocket(num.intValue());
            } catch (Throwable th) {
                th = th;
            }
            try {
                InetAddress byName = InetAddress.getByName(str);
                byte[] buildAuthInfo = buildAuthInfo(str, num);
                datagramSocket.send(new DatagramPacket(buildAuthInfo, buildAuthInfo.length, byName, num.intValue()));
                byte[] bArr = new byte[JosStatusCodes.RTN_CODE_COMMON_ERROR];
                DatagramPacket datagramPacket = new DatagramPacket(bArr, JosStatusCodes.RTN_CODE_COMMON_ERROR);
                SnowXLog.writeFileLog(getClass(), "Auth:about to wait to receive");
                datagramSocket.setSoTimeout(10000);
                datagramSocket.receive(datagramPacket);
                AuthorizationProto.AuthorizationResponse parseAuthResponse = parseAuthResponse(bArr, datagramPacket.getLength());
                if (parseAuthResponse == null) {
                    SnowXLog.writeFileLog(getClass(), "Auth:Security auth failed!");
                }
                SnowXLog.writeFileLog(getClass(), "Auth:" + JsonFormat.printer().print(parseAuthResponse), SnowCloudApplication.INSTANCE.isOpenDebugLog);
                LocalStorage.setTcpPort(Integer.valueOf(parseAuthResponse.getTcpPort()));
                LocalStorage.setPortal(parseAuthResponse.getPortal());
                OvpnConfig.setVpnServerCaCert(parseAuthResponse.getVpnServerCaCert());
                OvpnConfig.setVpnServerTaKey(parseAuthResponse.getVpnServerTaKey());
                OvpnConfig.setVpnProtocol(parseAuthResponse.getVpnServerTunnelProto());
                SnowShareManager.INSTANCE.snowVpnConfig.setPortalAddress(parseAuthResponse.getPortal());
                SnowShareManager.INSTANCE.snowVpnConfig.setTcpPort(Integer.valueOf(parseAuthResponse.getTcpPort()));
                SnowShareManager.INSTANCE.snowVpnConfig.setVpnProtocol(parseAuthResponse.getVpnServerTunnelProto());
                Objects.isNull(datagramSocket);
                datagramSocket.close();
            } catch (SocketTimeoutException e) {
            } catch (Exception e2) {
            } catch (Throwable th2) {
                th = th2;
                datagramSocket2 = datagramSocket;
                Objects.isNull(datagramSocket2);
                if (datagramSocket2 != null) {
                    datagramSocket2.close();
                }
                throw th;
            }
        } catch (SocketTimeoutException e3) {
            throw e3;
        } catch (Exception e4) {
            throw e4;
        }
    }

    public byte[] buildAuthInfo(String str, Integer num) {
        Timestamp build = Timestamp.newBuilder().setSeconds(new Date().getTime() / 1000).build();
        String randomCode = getRandomCode();
        String deviceUuid = DeviceUuidFactory.getDeviceUuid();
        BaseProto.ProtocolMsg build2 = BaseProto.ProtocolMsg.newBuilder().setMsgId(1L).setData(Any.pack(AuthorizationProto.BaseCommand.newBuilder().setCommand(AuthorizationProto.Commands.CLIENT_SPA_REQ).setToken("token123456").setData(Any.pack(AuthorizationProto.Authorization.newBuilder().setPlatform(DeviceInfo.getPlatform()).setMachineId(deviceUuid).setClientVersion(DeviceInfo.getClientVersion()).setCid("cid").setPortalIp(str).setNonce(randomCode).setTs(build).setSignature(getSignatrue(build.getSeconds(), randomCode, deviceUuid)).build())).setReqNo(1L).setClientType(AuthorizationProto.ClientType.android).setBrowerVersion(DeviceInfo.getBrowserVersion()).setUserAgent(DeviceInfo.getBrowserUserAgent()).build())).setAction(BaseProto.Action.Notify).build();
        SnowXLog.writeFileLog(getClass(), "buildAuthInfo:" + toHexString("b618759c52a90c6a1e53703112dc5839f3a6d1fc4b3261b7f5f1b16f07e4fe5c".getBytes(StandardCharsets.UTF_8)).length(), SnowCloudApplication.INSTANCE.isOpenDebugLog);
        try {
            byte[] bArr = new byte[12];
            new SecureRandom().nextBytes(bArr);
            SecretKeySpec secretKeySpec = new SecretKeySpec(hexStringToBytes("b618759c52a90c6a1e53703112dc5839f3a6d1fc4b3261b7f5f1b16f07e4fe5c"), "AES");
            GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, bArr);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKeySpec, gCMParameterSpec);
            byte[] doFinal = cipher.doFinal(build2.toByteArray());
            SnowXLog.writeFileLog(getClass(), "buildAuthInfo:" + doFinal.length, SnowCloudApplication.INSTANCE.isOpenDebugLog);
            byte[] bArr2 = new byte[doFinal.length + 12];
            System.arraycopy(bArr, 0, bArr2, 0, 12);
            System.arraycopy(doFinal, 0, bArr2, 12, doFinal.length);
            SnowXLog.writeFileLog(getClass(), "buildAuthInfo:加密数据完成");
            return build2.toByteArray();
        } catch (Exception e) {
            SnowXLog.writeFileLog(getClass(), "buildAuthInfo:加密失败" + e.toString());
            return build2.toByteArray();
        }
    }

    public AuthorizationProto.AuthorizationResponse parseAuthResponse(byte[] bArr, int i) {
        try {
            return (AuthorizationProto.AuthorizationResponse) ((AuthorizationProto.BaseCommand) BaseProto.ProtocolMsg.parseFrom(Arrays.copyOf(bArr, i)).getData().unpack(AuthorizationProto.BaseCommand.class)).getData().unpack(AuthorizationProto.AuthorizationResponse.class);
        } catch (InvalidProtocolBufferException e) {
            e.printStackTrace();
            return null;
        }
    }
}
