package org.thoughtcrime.securesms.crypto;

import android.content.Context;
import com.annimon.stream.Stream;
import j$.util.Collection;
import j$.util.Optional;
import j$.util.function.Function;
import j$.util.stream.Collectors;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.signal.core.util.Base64;
import org.signal.core.util.logging.Log;
import org.signal.libsignal.metadata.certificate.CertificateValidator;
import org.signal.libsignal.metadata.certificate.InvalidCertificateException;
import org.signal.libsignal.protocol.InvalidKeyException;
import org.signal.libsignal.protocol.ecc.Curve;
import org.signal.libsignal.zkgroup.profiles.ProfileKey;
import org.thoughtcrime.securesms.BuildConfig;
import org.thoughtcrime.securesms.database.RecipientTable;
import org.thoughtcrime.securesms.keyvalue.CertificateType;
import org.thoughtcrime.securesms.keyvalue.SignalStore;
import org.thoughtcrime.securesms.recipients.Recipient;
import org.thoughtcrime.securesms.recipients.RecipientId;
import org.thoughtcrime.securesms.util.TextSecurePreferences;
import org.whispersystems.signalservice.api.crypto.UnidentifiedAccess;
import org.whispersystems.signalservice.api.crypto.UnidentifiedAccessPair;

/* loaded from: classes4.dex */
public class UnidentifiedAccessUtil {
    private static final String TAG = Log.tag((Class<?>) UnidentifiedAccessUtil.class);
    private static final byte[] UNRESTRICTED_KEY = new byte[16];

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.thoughtcrime.securesms.crypto.UnidentifiedAccessUtil$1, reason: invalid class name */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$thoughtcrime$securesms$database$RecipientTable$UnidentifiedAccessMode;

        static {
            int[] iArr = new int[RecipientTable.UnidentifiedAccessMode.values().length];
            $SwitchMap$org$thoughtcrime$securesms$database$RecipientTable$UnidentifiedAccessMode = iArr;
            try {
                iArr[RecipientTable.UnidentifiedAccessMode.UNKNOWN.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$thoughtcrime$securesms$database$RecipientTable$UnidentifiedAccessMode[RecipientTable.UnidentifiedAccessMode.DISABLED.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$org$thoughtcrime$securesms$database$RecipientTable$UnidentifiedAccessMode[RecipientTable.UnidentifiedAccessMode.ENABLED.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$org$thoughtcrime$securesms$database$RecipientTable$UnidentifiedAccessMode[RecipientTable.UnidentifiedAccessMode.UNRESTRICTED.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public enum CertificateValidatorHolder {
        INSTANCE;

        final CertificateValidator certificateValidator = buildCertificateValidator();

        CertificateValidatorHolder() {
        }

        private static CertificateValidator buildCertificateValidator() {
            try {
                return new CertificateValidator(Curve.decodePoint(Base64.decode(BuildConfig.UNIDENTIFIED_SENDER_TRUST_ROOT), 0));
            } catch (IOException | InvalidKeyException e) {
                throw new AssertionError(e);
            }
        }
    }

    public static Optional<UnidentifiedAccessPair> getAccessFor(Context context, Recipient recipient) {
        return getAccessFor(context, recipient, true);
    }

    public static Optional<UnidentifiedAccessPair> getAccessFor(Context context, Recipient recipient, boolean z) {
        return getAccessFor(context, (List<Recipient>) Collections.singletonList(recipient), z).get(0);
    }

    public static List<Optional<UnidentifiedAccessPair>> getAccessFor(Context context, List<Recipient> list) {
        return getAccessFor(context, list, true);
    }

    public static List<Optional<UnidentifiedAccessPair>> getAccessFor(Context context, List<Recipient> list, boolean z) {
        return getAccessFor(context, list, false, z);
    }

    public static List<Optional<UnidentifiedAccessPair>> getAccessFor(Context context, List<Recipient> list, final boolean z, boolean z2) {
        final byte[] deriveAccessKey = TextSecurePreferences.isUniversalUnidentifiedAccess(context) ? UNRESTRICTED_KEY : ProfileKeyUtil.getSelfProfileKey().deriveAccessKey();
        final byte[] unidentifiedAccessCertificate = SignalStore.certificate().getUnidentifiedAccessCertificate(getUnidentifiedAccessCertificateType());
        List<Optional<UnidentifiedAccessPair>> list2 = (List) Collection.EL.parallelStream(list).map(new Function() { // from class: org.thoughtcrime.securesms.crypto.UnidentifiedAccessUtil$$ExternalSyntheticLambda0
            @Override // j$.util.function.Function
            public /* synthetic */ Function andThen(Function function) {
                return Function.CC.$default$andThen(this, function);
            }

            @Override // j$.util.function.Function
            public final Object apply(Object obj) {
                Optional lambda$getAccessFor$0;
                lambda$getAccessFor$0 = UnidentifiedAccessUtil.lambda$getAccessFor$0(unidentifiedAccessCertificate, z, deriveAccessKey, (Recipient) obj);
                return lambda$getAccessFor$0;
            }

            @Override // j$.util.function.Function
            public /* synthetic */ Function compose(Function function) {
                return Function.CC.$default$compose(this, function);
            }
        }).collect(Collectors.toList());
        int size = Stream.of(list2).filter(new UnidentifiedAccessUtil$$ExternalSyntheticLambda1()).toList().size();
        int size2 = list2.size() - size;
        if (z2) {
            Log.i(TAG, "Unidentified: " + size + ", Other: " + size2);
        }
        return list2;
    }

    public static Optional<UnidentifiedAccessPair> getAccessForSync(Context context) {
        try {
            byte[] deriveAccessKeyFrom = UnidentifiedAccess.deriveAccessKeyFrom(ProfileKeyUtil.getSelfProfileKey());
            byte[] unidentifiedAccessCertificate = getUnidentifiedAccessCertificate();
            if (TextSecurePreferences.isUniversalUnidentifiedAccess(context)) {
                deriveAccessKeyFrom = UNRESTRICTED_KEY;
            }
            return unidentifiedAccessCertificate != null ? Optional.of(new UnidentifiedAccessPair(new UnidentifiedAccess(deriveAccessKeyFrom, unidentifiedAccessCertificate, false), new UnidentifiedAccess(deriveAccessKeyFrom, unidentifiedAccessCertificate, false))) : Optional.empty();
        } catch (InvalidCertificateException e) {
            Log.w(TAG, e);
            return Optional.empty();
        }
    }

    public static Map<RecipientId, Optional<UnidentifiedAccessPair>> getAccessMapFor(Context context, List<Recipient> list, boolean z) {
        List<Optional<UnidentifiedAccessPair>> accessFor = getAccessFor(context, list, z, true);
        Iterator<Recipient> it = list.iterator();
        Iterator<Optional<UnidentifiedAccessPair>> it2 = accessFor.iterator();
        HashMap hashMap = new HashMap(list.size());
        while (it.hasNext()) {
            hashMap.put(it.next().getId(), it2.next());
        }
        return hashMap;
    }

    public static CertificateValidator getCertificateValidator() {
        return CertificateValidatorHolder.INSTANCE.certificateValidator;
    }

    private static UnidentifiedAccess getTargetUnidentifiedAccess(Recipient recipient, byte[] bArr, boolean z) throws InvalidCertificateException {
        byte[] deriveAccessKey;
        ProfileKey profileKeyOrNull = ProfileKeyUtil.profileKeyOrNull(recipient.resolve().getProfileKey());
        int i = AnonymousClass1.$SwitchMap$org$thoughtcrime$securesms$database$RecipientTable$UnidentifiedAccessMode[recipient.resolve().getUnidentifiedAccessMode().ordinal()];
        if (i != 1) {
            if (i != 2) {
                if (i != 3) {
                    if (i != 4) {
                        throw new AssertionError("Unknown mode: " + recipient.getUnidentifiedAccessMode().getMode());
                    }
                    deriveAccessKey = UNRESTRICTED_KEY;
                } else if (profileKeyOrNull != null) {
                    deriveAccessKey = profileKeyOrNull.deriveAccessKey();
                }
            }
            deriveAccessKey = null;
        } else if (profileKeyOrNull == null) {
            if (!z) {
                deriveAccessKey = UNRESTRICTED_KEY;
            }
            deriveAccessKey = null;
        } else {
            deriveAccessKey = profileKeyOrNull.deriveAccessKey();
        }
        if (deriveAccessKey == null && z) {
            return new UnidentifiedAccess(UNRESTRICTED_KEY, bArr, true);
        }
        if (deriveAccessKey != null) {
            return new UnidentifiedAccess(deriveAccessKey, bArr, false);
        }
        return null;
    }

    private static byte[] getUnidentifiedAccessCertificate() {
        return SignalStore.certificate().getUnidentifiedAccessCertificate(getUnidentifiedAccessCertificateType());
    }

    private static CertificateType getUnidentifiedAccessCertificateType() {
        return SignalStore.phoneNumberPrivacy().isPhoneNumberSharingEnabled() ? CertificateType.ACI_AND_E164 : CertificateType.ACI_ONLY;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ Optional lambda$getAccessFor$0(byte[] bArr, boolean z, byte[] bArr2, Recipient recipient) {
        UnidentifiedAccessPair unidentifiedAccessPair = null;
        if (bArr != null) {
            try {
                UnidentifiedAccess targetUnidentifiedAccess = getTargetUnidentifiedAccess(recipient, bArr, z);
                UnidentifiedAccess unidentifiedAccess = new UnidentifiedAccess(bArr2, bArr, false);
                if (targetUnidentifiedAccess != null) {
                    unidentifiedAccessPair = new UnidentifiedAccessPair(targetUnidentifiedAccess, unidentifiedAccess);
                }
            } catch (InvalidCertificateException e) {
                Log.w(TAG, "Invalid unidentified access certificate!", e);
            }
        } else {
            Log.w(TAG, "Missing unidentified access certificate!");
        }
        return Optional.ofNullable(unidentifiedAccessPair);
    }
}
