package org.thoughtcrime.securesms.crypto;

import com.annimon.stream.Stream;
import j$.util.Collection;
import j$.util.Optional;
import j$.util.function.Function;
import j$.util.stream.Collectors;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.signal.core.util.Base64;
import org.signal.core.util.logging.Log;
import org.signal.libsignal.metadata.certificate.CertificateValidator;
import org.signal.libsignal.metadata.certificate.InvalidCertificateException;
import org.signal.libsignal.metadata.certificate.SenderCertificate;
import org.signal.libsignal.protocol.InvalidKeyException;
import org.signal.libsignal.protocol.ecc.Curve;
import org.signal.libsignal.zkgroup.profiles.ProfileKey;
import org.thoughtcrime.securesms.BuildConfig;
import org.thoughtcrime.securesms.database.RecipientTable;
import org.thoughtcrime.securesms.keyvalue.CertificateType;
import org.thoughtcrime.securesms.keyvalue.SignalStore;
import org.thoughtcrime.securesms.recipients.Recipient;
import org.thoughtcrime.securesms.recipients.RecipientId;
import org.whispersystems.signalservice.api.crypto.SealedSenderAccess;
import org.whispersystems.signalservice.api.crypto.UnidentifiedAccess;

/* loaded from: classes5.dex */
public class SealedSenderAccessUtil {
    private static final String TAG = Log.tag((Class<?>) SealedSenderAccessUtil.class);
    private static final byte[] UNRESTRICTED_KEY = new byte[16];

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.thoughtcrime.securesms.crypto.SealedSenderAccessUtil$1, reason: invalid class name */
    /* loaded from: classes5.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$thoughtcrime$securesms$database$RecipientTable$SealedSenderAccessMode;

        static {
            int[] iArr = new int[RecipientTable.SealedSenderAccessMode.values().length];
            $SwitchMap$org$thoughtcrime$securesms$database$RecipientTable$SealedSenderAccessMode = iArr;
            try {
                iArr[RecipientTable.SealedSenderAccessMode.UNKNOWN.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$thoughtcrime$securesms$database$RecipientTable$SealedSenderAccessMode[RecipientTable.SealedSenderAccessMode.DISABLED.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$org$thoughtcrime$securesms$database$RecipientTable$SealedSenderAccessMode[RecipientTable.SealedSenderAccessMode.ENABLED.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$org$thoughtcrime$securesms$database$RecipientTable$SealedSenderAccessMode[RecipientTable.SealedSenderAccessMode.UNRESTRICTED.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes5.dex */
    public enum CertificateValidatorHolder {
        INSTANCE;

        final CertificateValidator certificateValidator = buildCertificateValidator();

        CertificateValidatorHolder() {
        }

        private static CertificateValidator buildCertificateValidator() {
            try {
                return new CertificateValidator(Curve.decodePoint(Base64.decode(BuildConfig.UNIDENTIFIED_SENDER_TRUST_ROOT), 0));
            } catch (IOException | InvalidKeyException e) {
                throw new AssertionError(e);
            }
        }
    }

    private static List<Optional<UnidentifiedAccess>> getAccessFor(List<Recipient> list, final boolean z, boolean z2) {
        final byte[] unidentifiedAccessCertificate = SignalStore.certificate().getUnidentifiedAccessCertificate(getUnidentifiedAccessCertificateType());
        List<Optional<UnidentifiedAccess>> list2 = (List) Collection.EL.parallelStream(list).map(new Function() { // from class: org.thoughtcrime.securesms.crypto.SealedSenderAccessUtil$$ExternalSyntheticLambda0
            @Override // j$.util.function.Function
            public /* synthetic */ Function andThen(Function function) {
                return Function.CC.$default$andThen(this, function);
            }

            @Override // j$.util.function.Function
            public final Object apply(Object obj) {
                Optional lambda$getAccessFor$0;
                lambda$getAccessFor$0 = SealedSenderAccessUtil.lambda$getAccessFor$0(unidentifiedAccessCertificate, z, (Recipient) obj);
                return lambda$getAccessFor$0;
            }

            @Override // j$.util.function.Function
            public /* synthetic */ Function compose(Function function) {
                return Function.CC.$default$compose(this, function);
            }
        }).collect(Collectors.toList());
        int size = Stream.of(list2).filter(new SealedSenderAccessUtil$$ExternalSyntheticLambda1()).toList().size();
        int size2 = list2.size() - size;
        if (z2) {
            Log.i(TAG, "Unidentified: " + size + ", Other: " + size2);
        }
        return list2;
    }

    private static UnidentifiedAccess getAccessFor(Recipient recipient, boolean z) {
        return getAccessFor(Collections.singletonList(recipient), false, z).get(0).orElse(null);
    }

    public static Map<RecipientId, Optional<UnidentifiedAccess>> getAccessMapFor(List<Recipient> list, boolean z) {
        List<Optional<UnidentifiedAccess>> accessFor = getAccessFor(list, z, true);
        Iterator<Recipient> it = list.iterator();
        Iterator<Optional<UnidentifiedAccess>> it2 = accessFor.iterator();
        HashMap hashMap = new HashMap(list.size());
        while (it.hasNext()) {
            hashMap.put(it.next().getId(), it2.next());
        }
        return hashMap;
    }

    public static CertificateValidator getCertificateValidator() {
        return CertificateValidatorHolder.INSTANCE.certificateValidator;
    }

    public static SealedSenderAccess getSealedSenderAccessFor(Recipient recipient) {
        return getSealedSenderAccessFor(recipient, true);
    }

    public static SealedSenderAccess getSealedSenderAccessFor(Recipient recipient, SealedSenderAccess.CreateGroupSendToken createGroupSendToken) {
        return SealedSenderAccess.forIndividualWithGroupFallback(getAccessFor(recipient, true), getSealedSenderCertificate(), createGroupSendToken);
    }

    public static SealedSenderAccess getSealedSenderAccessFor(Recipient recipient, boolean z) {
        return SealedSenderAccess.forIndividual(getAccessFor(recipient, z));
    }

    public static SenderCertificate getSealedSenderCertificate() {
        byte[] unidentifiedAccessCertificate = getUnidentifiedAccessCertificate();
        if (unidentifiedAccessCertificate == null) {
            return null;
        }
        try {
            return new SenderCertificate(unidentifiedAccessCertificate);
        } catch (InvalidCertificateException e) {
            Log.w(TAG, e);
            return null;
        }
    }

    private static UnidentifiedAccess getTargetUnidentifiedAccess(Recipient recipient, byte[] bArr, boolean z) throws InvalidCertificateException {
        byte[] deriveAccessKey;
        ProfileKey profileKeyOrNull = ProfileKeyUtil.profileKeyOrNull(recipient.resolve().getProfileKey());
        int i = AnonymousClass1.$SwitchMap$org$thoughtcrime$securesms$database$RecipientTable$SealedSenderAccessMode[recipient.resolve().getSealedSenderAccessMode().ordinal()];
        if (i != 1) {
            if (i != 2) {
                if (i != 3) {
                    if (i != 4) {
                        throw new AssertionError("Unknown mode: " + recipient.getSealedSenderAccessMode().getMode());
                    }
                    deriveAccessKey = UNRESTRICTED_KEY;
                } else if (profileKeyOrNull != null) {
                    deriveAccessKey = profileKeyOrNull.deriveAccessKey();
                }
            }
            deriveAccessKey = null;
        } else if (profileKeyOrNull == null) {
            if (!z) {
                deriveAccessKey = UNRESTRICTED_KEY;
            }
            deriveAccessKey = null;
        } else {
            deriveAccessKey = profileKeyOrNull.deriveAccessKey();
        }
        if (deriveAccessKey == null && z) {
            return new UnidentifiedAccess(UNRESTRICTED_KEY, bArr, true);
        }
        if (deriveAccessKey != null) {
            return new UnidentifiedAccess(deriveAccessKey, bArr, false);
        }
        return null;
    }

    private static byte[] getUnidentifiedAccessCertificate() {
        return SignalStore.certificate().getUnidentifiedAccessCertificate(getUnidentifiedAccessCertificateType());
    }

    private static CertificateType getUnidentifiedAccessCertificateType() {
        return SignalStore.phoneNumberPrivacy().isPhoneNumberSharingEnabled() ? CertificateType.ACI_AND_E164 : CertificateType.ACI_ONLY;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ Optional lambda$getAccessFor$0(byte[] bArr, boolean z, Recipient recipient) {
        UnidentifiedAccess targetUnidentifiedAccess;
        if (bArr != null) {
            try {
                targetUnidentifiedAccess = getTargetUnidentifiedAccess(recipient, bArr, z);
            } catch (InvalidCertificateException e) {
                Log.w(TAG, "Invalid unidentified access certificate!", e);
            }
            return Optional.ofNullable(targetUnidentifiedAccess);
        }
        Log.w(TAG, "Missing our unidentified access certificate!");
        targetUnidentifiedAccess = null;
        return Optional.ofNullable(targetUnidentifiedAccess);
    }
}
