package com.amazon.tahoe.authentication.recovery;

import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.SecureRandom;
import java.util.Locale;
import org.apache.commons.codec.binary.Base32;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes.dex */
public class OfflineRecovery {
    private static final int BASE32_BITS_PER_CHAR = 5;
    private static final int BASE32_ENCODED_LENGTH_FACTOR = 8;
    private static final String BASE32_PADDING_CHAR = "=";
    private static final String BASE32_SHIFT_CHAR = "A";
    private static final int DECODED_DIRECTED_ID_BITS = 140;
    private static final int DIRECTED_ID_COMPONENT_BITS = 15;
    private static final String DIRECTED_ID_PREFIX_PATTERN = "^amzn1.account.";
    private static final int ENCODED_DIRECTED_ID_BYTES = 28;
    private static final int ENCODED_OTP_LENGTH = 4;
    private static final int ENCODED_TOKEN_LENGTH = 6;
    private static final String EXPECTED_DIRECTED_ID_PATTERN = "^amzn1.account.[A-Z2-7]{3,}+";
    private static final String EXPECTED_TOKEN_PATTERN = "^[a-zA-Z2-7]+";
    private static final int INT_SIZE_IN_BYTES = 4;
    private static final int LATEST_VERSION = 1;
    private static final int OTP_LENGTH_BITS = 20;
    private static final int RANDOM_BITS = 11;
    private static final int TOKEN_LENGTH_BITS = 30;
    private static final int VERSION_BITS = 4;
    private final Base32 mBase32 = new Base32();
    private static final int DECODED_DIRECTED_ID_BYTES = (int) Math.ceil(17.5d);
    private static final int TOKEN_LENGTH_BYTES = (int) Math.ceil(3.75d);
    private static final int OTP_LENGTH_BYTES = (int) Math.ceil(2.5d);
    private static final int MAX_DIRECTED_ID_COMPONENT_VALUE = ((int) Math.pow(2.0d, 15.0d)) - 1;
    private static final int MAX_RANDOM_VALUE = ((int) Math.pow(2.0d, 11.0d)) - 1;
    private static final int MAX_OTP_VALUE = ((int) Math.pow(2.0d, 20.0d)) - 1;
    private static final SecureRandom RANDOM = new SecureRandom();

    private String addBase32Padding(String str) {
        if (str.length() % 8 == 0) {
            return str;
        }
        return str + BASE32_SHIFT_CHAR + StringUtils.repeat(BASE32_PADDING_CHAR, (8 - (str.length() % 8)) - 1);
    }

    private int byteArrayToInt(byte[] bArr) {
        return ByteBuffer.wrap(bArr).getInt();
    }

    private String computeOneTimePasscodeV1(BigInteger bigInteger, int i) {
        validateDirectedId(bigInteger, i);
        return encodeOneTimePasscode(BigInteger.valueOf(i).shiftLeft(DECODED_DIRECTED_ID_BITS).or(bigInteger).mod(BigInteger.valueOf(MAX_OTP_VALUE)).intValue());
    }

    private BigInteger decodeDirectedId(String str) {
        return new BigInteger(1, this.mBase32.decode(prepareDirectedIdForDecoding(str))).shiftRight(getRequiredDirectedIdShift());
    }

    private int decodeSessionToken(String str) {
        return byteArrayToInt(this.mBase32.decode(prepareSessionTokenForDecoding(str))) >>> getRequiredSessionTokenShift();
    }

    private String encodeOneTimePasscode(int i) {
        return this.mBase32.encodeAsString(intToByteArray(i << getRequiredOTPShift(), OTP_LENGTH_BYTES)).substring(0, 4);
    }

    private String encodeSessionToken(int i) {
        return this.mBase32.encodeAsString(intToByteArray(i << getRequiredSessionTokenShift(), 4)).substring(0, 6);
    }

    private int extractDirectedIdComponentFromDirectedId(BigInteger bigInteger) {
        return bigInteger.and(BigInteger.valueOf(MAX_DIRECTED_ID_COMPONENT_VALUE)).intValue();
    }

    private int extractDirectedIdComponentFromToken(int i) {
        return (i >>> 11) & MAX_DIRECTED_ID_COMPONENT_VALUE;
    }

    private int extractVersionComponentFromToken(int i) {
        return i >>> 26;
    }

    private int getRequiredDirectedIdShift() {
        return (DECODED_DIRECTED_ID_BYTES * 8) - 140;
    }

    private int getRequiredOTPShift() {
        return (OTP_LENGTH_BYTES * 8) - 20;
    }

    private int getRequiredSessionTokenShift() {
        return (TOKEN_LENGTH_BYTES * 8) - 30;
    }

    private byte[] intToByteArray(int i, int i2) {
        if (i2 < 0 || i2 > 4) {
            throw new IllegalArgumentException("byteArraySize for integer must be between 0 and 4");
        }
        byte[] bArr = new byte[i2];
        for (int i3 = 0; i3 < i2; i3++) {
            bArr[i3] = (byte) (i >> (((i2 - i3) - 1) * 8));
        }
        return bArr;
    }

    private String prepareDirectedIdForDecoding(String str) {
        if (str.matches(EXPECTED_DIRECTED_ID_PATTERN)) {
            return addBase32Padding(str.replaceFirst(DIRECTED_ID_PREFIX_PATTERN, ""));
        }
        throw new IllegalArgumentException(String.format(Locale.US, "The format of directedId: %s is invalid", str));
    }

    private String prepareSessionTokenForDecoding(String str) {
        if (!str.matches(EXPECTED_TOKEN_PATTERN)) {
            throw new IllegalArgumentException(String.format(Locale.US, "The format of session token: %s is invalid", str));
        }
        if (str.length() != 6) {
            throw new IllegalArgumentException("sessionToken is not of expectedLength");
        }
        return addBase32Padding(str.toUpperCase(Locale.US));
    }

    private void validateDirectedId(BigInteger bigInteger, int i) {
        if (extractDirectedIdComponentFromDirectedId(bigInteger) != extractDirectedIdComponentFromToken(i)) {
            throw new IllegalArgumentException(String.format(Locale.US, "decoded sessionToken %d is not valid for decoded directedId %d", bigInteger, Integer.valueOf(i)));
        }
    }

    public String computeOneTimePasscode(String str, String str2) {
        BigInteger decodeDirectedId = decodeDirectedId(str);
        int decodeSessionToken = decodeSessionToken(str2);
        int extractVersionComponentFromToken = extractVersionComponentFromToken(decodeSessionToken);
        switch (extractVersionComponentFromToken) {
            case 1:
                return computeOneTimePasscodeV1(decodeDirectedId, decodeSessionToken);
            default:
                throw new IllegalArgumentException(String.format(Locale.US, "Session token format version %d does not match any supported algorithm version. Latest supported version is %d.", Integer.valueOf(extractVersionComponentFromToken), 1));
        }
    }

    public String generateSessionToken(String str) {
        int extractDirectedIdComponentFromDirectedId = extractDirectedIdComponentFromDirectedId(decodeDirectedId(str));
        return encodeSessionToken(67108864 | (extractDirectedIdComponentFromDirectedId << 11) | RANDOM.nextInt(MAX_RANDOM_VALUE + 1));
    }

    public boolean validateOneTimePasscode(String str, String str2, String str3) {
        return computeOneTimePasscode(str, str2).equals(str3.toUpperCase(Locale.US));
    }
}
