package org.mozilla.gecko.background.fxa;

import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import org.json.simple.JSONObject;
import org.mozilla.gecko.background.fxa.FxAccountClient;
import org.mozilla.gecko.sync.ExtendedJSONObject;
import org.mozilla.gecko.sync.Utils;
import org.mozilla.gecko.sync.net.SRPConstants;
import org.mozilla.gecko.sync.setup.Constants;

/* loaded from: classes.dex */
public class FxAccount10AuthDelegate implements FxAccountClient.AuthDelegate {
    protected final String email;
    protected final byte[] stretchedPWBytes;
    protected AuthState internalAuthState = null;
    protected final BigInteger N = SRPConstants._2048.N;
    protected final BigInteger g = SRPConstants._2048.g;
    protected final int modNLengthBytes = SRPConstants._2048.byteLength;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes.dex */
    public static class AuthState {
        protected BigInteger A;
        protected byte[] Kbytes;
        protected byte[] Mbytes;
        protected String mainSalt;
        protected String srpSalt;
        protected String srpToken;
        protected BigInteger x;

        protected AuthState() {
        }
    }

    /* loaded from: classes.dex */
    public static class FxAccountClientMalformedAuthException extends FxAccountClientException {
        private static final long serialVersionUID = 3585262174699395505L;

        public FxAccountClientMalformedAuthException(String str) {
            super(str);
        }
    }

    public FxAccount10AuthDelegate(String str, byte[] bArr) {
        this.email = str;
        this.stretchedPWBytes = bArr;
    }

    protected AuthState authStateFromParameters(String str, String str2, String str3, String str4, BigInteger bigInteger) throws NoSuchAlgorithmException, UnsupportedEncodingException {
        AuthState authState = new AuthState();
        authState.srpToken = str;
        authState.mainSalt = str2;
        authState.srpSalt = str3;
        authState.x = FxAccountUtils.srpVerifierLowercaseX(this.email.getBytes("UTF-8"), this.stretchedPWBytes, Utils.hex2Byte(str3, 32));
        authState.A = this.g.modPow(bigInteger, this.N);
        String hexModN = FxAccountUtils.hexModN(authState.A, this.N);
        BigInteger bigInteger2 = new BigInteger(str4, 16);
        byte[] hex2Byte = Utils.hex2Byte(hexModN, this.modNLengthBytes);
        byte[] hex2Byte2 = Utils.hex2Byte(str4, this.modNLengthBytes);
        BigInteger bigInteger3 = new BigInteger(Utils.byte2Hex(Utils.sha256(Utils.concatAll(hex2Byte, hex2Byte2)), 32), 16);
        int bitLength = (this.N.bitLength() + 7) / 8;
        byte[] hex2Byte3 = Utils.hex2Byte(FxAccountUtils.hexModN(bigInteger2.subtract(new BigInteger(Utils.byte2Hex(Utils.sha256(Utils.concatAll(Utils.hex2Byte(this.N.toString(16), bitLength), Utils.hex2Byte(this.g.toString(16), bitLength))), 32), 16).multiply(this.g.modPow(authState.x, this.N)).mod(this.N)).mod(this.N).modPow(bigInteger.add(bigInteger3.multiply(authState.x)), this.N), this.N), this.modNLengthBytes);
        authState.Mbytes = Utils.sha256(Utils.concatAll(hex2Byte, hex2Byte2, hex2Byte3));
        authState.Kbytes = Utils.sha256(hex2Byte3);
        return authState;
    }

    protected BigInteger generateSecretValue() {
        return Utils.generateBigIntegerLessThan(this.N);
    }

    @Override // org.mozilla.gecko.background.fxa.FxAccountClient.AuthDelegate
    public JSONObject getAuthFinishBody() throws FxAccountClientException {
        if (this.internalAuthState == null) {
            throw new FxAccountClientException("auth must be successfully written before calling getAuthFinishBody.");
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("srpToken", this.internalAuthState.srpToken);
        jSONObject.put(Constants.ZKP_KEY_A, FxAccountUtils.hexModN(this.internalAuthState.A, this.N));
        jSONObject.put("M", Utils.byte2Hex(this.internalAuthState.Mbytes, 32));
        return jSONObject;
    }

    @Override // org.mozilla.gecko.background.fxa.FxAccountClient.AuthDelegate
    public JSONObject getAuthStartBody() throws FxAccountClientException {
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("email", FxAccountUtils.bytes(this.email));
            return jSONObject;
        } catch (UnsupportedEncodingException e) {
            throw new FxAccountClientException(e);
        }
    }

    @Override // org.mozilla.gecko.background.fxa.FxAccountClient.AuthDelegate
    public byte[] getSharedBytes() throws FxAccountClientException {
        if (this.internalAuthState == null) {
            throw new FxAccountClientException("auth must be successfully finished before calling getSharedBytes.");
        }
        return this.internalAuthState.Kbytes;
    }

    @Override // org.mozilla.gecko.background.fxa.FxAccountClient.AuthDelegate
    public void onAuthStartResponse(ExtendedJSONObject extendedJSONObject) throws FxAccountClientException {
        if (this.internalAuthState != null) {
            throw new FxAccountClientException("auth must not be written before calling onAuthStartResponse");
        }
        try {
            String string = extendedJSONObject.getString("srpToken");
            if (string == null) {
                throw new FxAccountClientMalformedAuthException("srpToken must be a non-null object");
            }
            ExtendedJSONObject object = extendedJSONObject.getObject("srp");
            if (object == null) {
                throw new FxAccountClientMalformedAuthException("srp must be a non-null object");
            }
            String string2 = object.getString("salt");
            if (string2 == null) {
                throw new FxAccountClientMalformedAuthException("srp.salt must not be null");
            }
            String string3 = object.getString("B");
            if (string3 == null) {
                throw new FxAccountClientMalformedAuthException("srp.B must not be null");
            }
            ExtendedJSONObject object2 = extendedJSONObject.getObject("passwordStretching");
            if (object2 == null) {
                throw new FxAccountClientMalformedAuthException("passwordStretching must be a non-null object");
            }
            String string4 = object2.getString("salt");
            if (string4 == null) {
                throw new FxAccountClientMalformedAuthException("srp.passwordStretching.salt must not be null");
            }
            throwIfParametersAreBad(object2);
            this.internalAuthState = authStateFromParameters(string, string4, string2, string3, generateSecretValue());
        } catch (FxAccountClientException e) {
            throw e;
        } catch (Exception e2) {
            throw new FxAccountClientException(e2);
        }
    }

    protected void throwIfParametersAreBad(ExtendedJSONObject extendedJSONObject) throws FxAccountClientMalformedAuthException {
        if (extendedJSONObject == null || extendedJSONObject.size() != 7 || extendedJSONObject.getString("salt") == null || !"PBKDF2/scrypt/PBKDF2/v1".equals(extendedJSONObject.getString("type")) || 20000 != extendedJSONObject.getLong("PBKDF2_rounds_1").longValue() || 65536 != extendedJSONObject.getLong("scrypt_N").longValue() || 8 != extendedJSONObject.getLong("scrypt_r").longValue() || 1 != extendedJSONObject.getLong("scrypt_p").longValue() || 20000 != extendedJSONObject.getLong("PBKDF2_rounds_2").longValue()) {
            throw new FxAccountClientMalformedAuthException("malformed passwordStretching parameters: '" + extendedJSONObject.toJSONString() + "'.");
        }
    }
}
