package org.cryptomator.data.cloud.crypto;

import com.google.common.base.Optional;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.URI;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.text.Normalizer;
import java.util.Arrays;
import java.util.Objects;
import kotlin.Metadata;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.StringCompanionObject;
import org.apache.http.cookie.ClientCookie;
import org.cryptomator.cryptolib.api.Cryptor;
import org.cryptomator.cryptolib.api.CryptorProvider;
import org.cryptomator.cryptolib.api.InvalidPassphraseException;
import org.cryptomator.cryptolib.api.Masterkey;
import org.cryptomator.cryptolib.api.UnsupportedVaultFormatException;
import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
import org.cryptomator.data.cloud.crypto.VaultConfig;
import org.cryptomator.domain.Cloud;
import org.cryptomator.domain.CloudFile;
import org.cryptomator.domain.CloudFolder;
import org.cryptomator.domain.CloudNode;
import org.cryptomator.domain.UnverifiedVaultConfig;
import org.cryptomator.domain.Vault;
import org.cryptomator.domain.exception.BackendException;
import org.cryptomator.domain.exception.CancellationException;
import org.cryptomator.domain.exception.FatalBackendException;
import org.cryptomator.domain.exception.vaultconfig.UnsupportedMasterkeyLocationException;
import org.cryptomator.domain.repository.CloudContentRepository;
import org.cryptomator.domain.usecases.ProgressAware;
import org.cryptomator.domain.usecases.cloud.ByteArrayDataSource;
import org.cryptomator.domain.usecases.cloud.DataSource;
import org.cryptomator.domain.usecases.cloud.DownloadState;
import org.cryptomator.domain.usecases.cloud.Flag;
import org.cryptomator.domain.usecases.cloud.UploadState;
import org.cryptomator.domain.usecases.vault.UnlockToken;

/* compiled from: MasterkeyCryptoCloudProvider.kt */
@Metadata(d1 = {"\u0000\u009a\u0001\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0000\n\u0002\u0010\b\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0010\r\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\b\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018\u00002\u00020\u0001:\u0001>B5\u0012\u001e\u0010\u0002\u001a\u001a\u0012\u0004\u0012\u00020\u0004\u0012\u0004\u0012\u00020\u0005\u0012\u0004\u0012\u00020\u0006\u0012\u0004\u0012\u00020\u00070\u0003\u0012\u0006\u0010\b\u001a\u00020\t\u0012\u0006\u0010\n\u001a\u00020\u000b¢\u0006\u0002\u0010\fJ\u0010\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u0010H\u0002J\u0010\u0010\u0011\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u0010H\u0002J.\u0010\u0012\u001a\u00020\u000e2\u0006\u0010\u0013\u001a\u00020\u00142\f\u0010\u0015\u001a\b\u0012\u0004\u0012\u00020\u00170\u00162\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u001a\u001a\u00020\u0019H\u0016J\u0018\u0010\u001b\u001a\u00020\u000e2\u0006\u0010\u001c\u001a\u00020\u00062\u0006\u0010\u001d\u001a\u00020\u001eH\u0016J \u0010\u001b\u001a\u00020\u000e2\u0006\u0010\u001c\u001a\u00020\u00062\b\u0010\u001d\u001a\u0004\u0018\u00010\u001e2\u0006\u0010\u001f\u001a\u00020 J\u0018\u0010!\u001a\u00020\u000e2\u0006\u0010\"\u001a\u00020#2\u0006\u0010$\u001a\u00020\u0007H\u0002J0\u0010%\u001a\u00020\u000e2\u0006\u0010\"\u001a\u00020#2\u0006\u0010&\u001a\u00020\u00102\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u001a\u001a\u00020\u00192\u0006\u0010$\u001a\u00020\u0007H\u0002J\u0018\u0010'\u001a\u00020\u000e2\u0006\u0010\u001c\u001a\u00020\u00062\u0006\u0010(\u001a\u00020)H\u0002J\u001e\u0010*\u001a\u00020+2\u0006\u0010\u0013\u001a\u00020\u00142\f\u0010\u0015\u001a\b\u0012\u0004\u0012\u00020\u00170\u0016H\u0016J\u0018\u0010*\u001a\u00020+2\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u001c\u001a\u00020\u0007H\u0002J\u0018\u0010,\u001a\u00020)2\b\u0010-\u001a\u0004\u0018\u00010.2\u0006\u0010/\u001a\u000200J&\u00101\u001a\u0002022\u0006\u0010\u0013\u001a\u00020\u00142\f\u0010\u0015\u001a\b\u0012\u0004\u0012\u00020\u00170\u00162\u0006\u0010\u001d\u001a\u00020\u001eH\u0016J\u0010\u00103\u001a\u00020\u00072\u0006\u0010\u001c\u001a\u00020\u0006H\u0002J\u0010\u00104\u001a\u00020\u000e2\u0006\u0010\u0013\u001a\u00020\u0014H\u0016J\u0018\u00105\u001a\u00020\u00072\u0006\u0010$\u001a\u00020\u00072\u0006\u0010\"\u001a\u00020#H\u0002J\u0018\u0010$\u001a\u00020\u00072\u0006\u00106\u001a\u00020\u00062\u0006\u0010\u0015\u001a\u00020\u0017H\u0002J\u0018\u00107\u001a\u00020\u001e2\u0006\u0010\u001d\u001a\u00020\u001e2\u0006\u0010&\u001a\u00020\u0010H\u0002J\u0010\u00108\u001a\u00020#2\u0006\u0010$\u001a\u00020\u0007H\u0002J.\u00109\u001a\u00020\u00142\u0006\u0010\u0013\u001a\u00020\u00142\f\u0010\u0015\u001a\b\u0012\u0004\u0012\u00020\u00170\u00162\u0006\u0010\u001d\u001a\u00020\u001e2\u0006\u0010:\u001a\u00020;H\u0016J.\u00109\u001a\u00020\u00142\u0006\u0010<\u001a\u00020=2\f\u0010\u0015\u001a\b\u0012\u0004\u0012\u00020\u00170\u00162\u0006\u0010\u001d\u001a\u00020\u001e2\u0006\u0010:\u001a\u00020;H\u0016J\u0010\u00106\u001a\u00020\u00062\u0006\u0010\u0013\u001a\u00020\u0014H\u0002R&\u0010\u0002\u001a\u001a\u0012\u0004\u0012\u00020\u0004\u0012\u0004\u0012\u00020\u0005\u0012\u0004\u0012\u00020\u0006\u0012\u0004\u0012\u00020\u00070\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u000bX\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006?"}, d2 = {"Lorg/cryptomator/data/cloud/crypto/MasterkeyCryptoCloudProvider;", "Lorg/cryptomator/data/cloud/crypto/CryptoCloudProvider;", "cloudContentRepository", "Lorg/cryptomator/domain/repository/CloudContentRepository;", "Lorg/cryptomator/domain/Cloud;", "Lorg/cryptomator/domain/CloudNode;", "Lorg/cryptomator/domain/CloudFolder;", "Lorg/cryptomator/domain/CloudFile;", "cryptoCloudContentRepositoryFactory", "Lorg/cryptomator/data/cloud/crypto/CryptoCloudContentRepositoryFactory;", "secureRandom", "Ljava/security/SecureRandom;", "(Lorg/cryptomator/domain/repository/CloudContentRepository;Lorg/cryptomator/data/cloud/crypto/CryptoCloudContentRepositoryFactory;Ljava/security/SecureRandom;)V", "assertLegacyVaultVersionIsSupported", "", ClientCookie.VERSION_ATTR, "", "assertVaultVersionIsSupported", "changePassword", "vault", "Lorg/cryptomator/domain/Vault;", "unverifiedVaultConfig", "Lcom/google/common/base/Optional;", "Lorg/cryptomator/domain/UnverifiedVaultConfig;", "oldPassword", "", "newPassword", "create", "location", "password", "", "vaultConfigBuilder", "Lorg/cryptomator/data/cloud/crypto/VaultConfig$VaultConfigBuilder;", "createBackupMasterKeyFile", "data", "", "masterkeyFile", "createNewMasterKeyFile", "vaultVersion", "createRootFolder", "cryptor", "Lorg/cryptomator/cryptolib/api/Cryptor;", "createUnlockToken", "Lorg/cryptomator/data/cloud/crypto/MasterkeyCryptoCloudProvider$UnlockTokenImpl;", "cryptorFor", "keyFile", "Lorg/cryptomator/cryptolib/api/Masterkey;", "vaultCipherCombo", "Lorg/cryptomator/cryptolib/api/CryptorProvider$Scheme;", "isVaultPasswordValid", "", "legacyMasterkeyFile", "lock", "masterkeyBackupFile", "vaultLocation", "normalizePassword", "readKeyFileData", "unlock", "cancelledFlag", "Lorg/cryptomator/domain/usecases/cloud/Flag;", "token", "Lorg/cryptomator/domain/usecases/vault/UnlockToken;", "UnlockTokenImpl", "data_playstoreRelease"}, k = 1, mv = {1, 5, 1}, xi = 48)
/* loaded from: classes5.dex */
public final class MasterkeyCryptoCloudProvider implements CryptoCloudProvider {
    private final CloudContentRepository<Cloud, CloudNode, CloudFolder, CloudFile> cloudContentRepository;
    private final CryptoCloudContentRepositoryFactory cryptoCloudContentRepositoryFactory;
    private final SecureRandom secureRandom;

    /* compiled from: MasterkeyCryptoCloudProvider.kt */
    @Metadata(d1 = {"\u0000&\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\r\n\u0002\b\u0002\u0018\u00002\u00020\u0001B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u0010\u0010\t\u001a\u00020\n2\b\u0010\u000b\u001a\u0004\u0018\u00010\fJ\b\u0010\r\u001a\u00020\u0003H\u0016R\u0011\u0010\u0004\u001a\u00020\u0005¢\u0006\b\n\u0000\u001a\u0004\b\u0007\u0010\bR\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u000e"}, d2 = {"Lorg/cryptomator/data/cloud/crypto/MasterkeyCryptoCloudProvider$UnlockTokenImpl;", "Lorg/cryptomator/domain/usecases/vault/UnlockToken;", "vault", "Lorg/cryptomator/domain/Vault;", "keyFileData", "", "(Lorg/cryptomator/domain/Vault;[B)V", "getKeyFileData", "()[B", "getKeyFile", "Lorg/cryptomator/cryptolib/api/Masterkey;", "password", "", "getVault", "data_playstoreRelease"}, k = 1, mv = {1, 5, 1}, xi = 48)
    /* loaded from: classes5.dex */
    public static final class UnlockTokenImpl implements UnlockToken {
        private final byte[] keyFileData;
        private final Vault vault;

        public UnlockTokenImpl(Vault vault, byte[] keyFileData) {
            Intrinsics.checkNotNullParameter(vault, "vault");
            Intrinsics.checkNotNullParameter(keyFileData, "keyFileData");
            this.vault = vault;
            this.keyFileData = keyFileData;
        }

        public final Masterkey getKeyFile(CharSequence password) throws IOException {
            Masterkey load = new MasterkeyFileAccess(CryptoConstants.INSTANCE.getPEPPER(), new SecureRandom()).load(new ByteArrayInputStream(this.keyFileData), password);
            Intrinsics.checkNotNullExpressionValue(load, "MasterkeyFileAccess(Cryp…m(keyFileData), password)");
            return load;
        }

        public final byte[] getKeyFileData() {
            return this.keyFileData;
        }

        @Override // org.cryptomator.domain.usecases.vault.UnlockToken
        public Vault getVault() {
            return this.vault;
        }
    }

    public MasterkeyCryptoCloudProvider(CloudContentRepository<Cloud, CloudNode, CloudFolder, CloudFile> cloudContentRepository, CryptoCloudContentRepositoryFactory cryptoCloudContentRepositoryFactory, SecureRandom secureRandom) {
        Intrinsics.checkNotNullParameter(cloudContentRepository, "cloudContentRepository");
        Intrinsics.checkNotNullParameter(cryptoCloudContentRepositoryFactory, "cryptoCloudContentRepositoryFactory");
        Intrinsics.checkNotNullParameter(secureRandom, "secureRandom");
        this.cloudContentRepository = cloudContentRepository;
        this.cryptoCloudContentRepositoryFactory = cryptoCloudContentRepositoryFactory;
        this.secureRandom = secureRandom;
    }

    private final void assertLegacyVaultVersionIsSupported(int version) {
        if (version < 5) {
            throw new UnsupportedVaultFormatException(Integer.valueOf(version), 5);
        }
        if (version > 7) {
            throw new UnsupportedVaultFormatException(Integer.valueOf(version), 7);
        }
    }

    private final void assertVaultVersionIsSupported(int version) {
        if (version < 5) {
            throw new UnsupportedVaultFormatException(Integer.valueOf(version), 5);
        }
        if (version > 8) {
            throw new UnsupportedVaultFormatException(Integer.valueOf(version), 8);
        }
    }

    private final void createBackupMasterKeyFile(byte[] data, CloudFile masterkeyFile) throws BackendException {
        CloudContentRepository<Cloud, CloudNode, CloudFolder, CloudFile> cloudContentRepository = this.cloudContentRepository;
        CloudFile masterkeyBackupFile = masterkeyBackupFile(masterkeyFile, data);
        DataSource from = ByteArrayDataSource.INSTANCE.from(data);
        ProgressAware<UploadState> NO_OP_PROGRESS_AWARE_UPLOAD = ProgressAware.NO_OP_PROGRESS_AWARE_UPLOAD;
        Intrinsics.checkNotNullExpressionValue(NO_OP_PROGRESS_AWARE_UPLOAD, "NO_OP_PROGRESS_AWARE_UPLOAD");
        cloudContentRepository.write(masterkeyBackupFile, from, NO_OP_PROGRESS_AWARE_UPLOAD, true, data.length);
    }

    private final void createNewMasterKeyFile(byte[] data, int vaultVersion, String oldPassword, String newPassword, CloudFile masterkeyFile) throws BackendException {
        try {
            byte[] newMasterKeyFile = new MasterkeyFileAccess(CryptoConstants.INSTANCE.getPEPPER(), this.secureRandom).changePassphrase(data, normalizePassword(oldPassword, vaultVersion), normalizePassword(newPassword, vaultVersion));
            CloudContentRepository<Cloud, CloudNode, CloudFolder, CloudFile> cloudContentRepository = this.cloudContentRepository;
            ByteArrayDataSource.Companion companion = ByteArrayDataSource.INSTANCE;
            Intrinsics.checkNotNullExpressionValue(newMasterKeyFile, "newMasterKeyFile");
            DataSource from = companion.from(newMasterKeyFile);
            ProgressAware<UploadState> NO_OP_PROGRESS_AWARE_UPLOAD = ProgressAware.NO_OP_PROGRESS_AWARE_UPLOAD;
            Intrinsics.checkNotNullExpressionValue(NO_OP_PROGRESS_AWARE_UPLOAD, "NO_OP_PROGRESS_AWARE_UPLOAD");
            cloudContentRepository.write(masterkeyFile, from, NO_OP_PROGRESS_AWARE_UPLOAD, true, newMasterKeyFile.length);
        } catch (IOException e) {
            throw new FatalBackendException("Failed to read legacy vault version", e);
        }
    }

    private final void createRootFolder(CloudFolder location, Cryptor cryptor) throws BackendException {
        CloudFolder create = this.cloudContentRepository.create(this.cloudContentRepository.folder(location, CryptoConstants.DATA_DIR_NAME));
        String rootDirHash = cryptor.fileNameCryptor().hashDirectoryId("");
        CloudContentRepository<Cloud, CloudNode, CloudFolder, CloudFile> cloudContentRepository = this.cloudContentRepository;
        Intrinsics.checkNotNullExpressionValue(rootDirHash, "rootDirHash");
        String substring = rootDirHash.substring(0, 2);
        Intrinsics.checkNotNullExpressionValue(substring, "(this as java.lang.Strin…ing(startIndex, endIndex)");
        CloudFolder create2 = this.cloudContentRepository.create(cloudContentRepository.folder(create, substring));
        CloudContentRepository<Cloud, CloudNode, CloudFolder, CloudFile> cloudContentRepository2 = this.cloudContentRepository;
        String substring2 = rootDirHash.substring(2);
        Intrinsics.checkNotNullExpressionValue(substring2, "(this as java.lang.String).substring(startIndex)");
        this.cloudContentRepository.create(cloudContentRepository2.folder(create2, substring2));
    }

    private final UnlockTokenImpl createUnlockToken(Vault vault, CloudFile location) throws BackendException {
        return new UnlockTokenImpl(vault, readKeyFileData(location));
    }

    private final CloudFile legacyMasterkeyFile(CloudFolder location) throws BackendException {
        return this.cloudContentRepository.file(location, CryptoConstants.MASTERKEY_FILE_NAME);
    }

    private final CloudFile masterkeyBackupFile(CloudFile masterkeyFile, byte[] data) throws BackendException {
        return this.cloudContentRepository.file(masterkeyFile.getParent(), masterkeyFile.getName() + BackupFileIdSuffixGenerator.generate(data) + CryptoConstants.MASTERKEY_BACKUP_FILE_EXT);
    }

    private final CloudFile masterkeyFile(CloudFolder vaultLocation, UnverifiedVaultConfig unverifiedVaultConfig) throws BackendException {
        String path = unverifiedVaultConfig.getKeyId().getSchemeSpecificPart();
        if (!Intrinsics.areEqual(path, CryptoConstants.MASTERKEY_FILE_NAME)) {
            throw new UnsupportedMasterkeyLocationException(unverifiedVaultConfig);
        }
        CloudContentRepository<Cloud, CloudNode, CloudFolder, CloudFile> cloudContentRepository = this.cloudContentRepository;
        Intrinsics.checkNotNullExpressionValue(path, "path");
        return cloudContentRepository.file(vaultLocation, path);
    }

    private final CharSequence normalizePassword(CharSequence password, int vaultVersion) {
        if (vaultVersion < 6) {
            return password;
        }
        String normalize = Normalizer.normalize(password, Normalizer.Form.NFC);
        Intrinsics.checkNotNullExpressionValue(normalize, "{\n\t\t\tNormalizer.normaliz… Normalizer.Form.NFC)\n\t\t}");
        return normalize;
    }

    private final byte[] readKeyFileData(CloudFile masterkeyFile) throws BackendException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProgressAware<DownloadState> NO_OP_PROGRESS_AWARE_DOWNLOAD = ProgressAware.NO_OP_PROGRESS_AWARE_DOWNLOAD;
        Intrinsics.checkNotNullExpressionValue(NO_OP_PROGRESS_AWARE_DOWNLOAD, "NO_OP_PROGRESS_AWARE_DOWNLOAD");
        this.cloudContentRepository.read(masterkeyFile, null, byteArrayOutputStream, NO_OP_PROGRESS_AWARE_DOWNLOAD);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        Intrinsics.checkNotNullExpressionValue(byteArray, "data.toByteArray()");
        return byteArray;
    }

    private final CloudFolder vaultLocation(Vault vault) throws BackendException {
        CloudContentRepository<Cloud, CloudNode, CloudFolder, CloudFile> cloudContentRepository = this.cloudContentRepository;
        Cloud cloud = vault.getCloud();
        Intrinsics.checkNotNullExpressionValue(cloud, "vault.cloud");
        String path = vault.getPath();
        Intrinsics.checkNotNullExpressionValue(path, "vault.path");
        return cloudContentRepository.resolve(cloud, path);
    }

    @Override // org.cryptomator.data.cloud.crypto.CryptoCloudProvider
    public void changePassword(Vault vault, Optional<UnverifiedVaultConfig> unverifiedVaultConfig, String oldPassword, String newPassword) throws BackendException {
        CloudFile legacyMasterkeyFile;
        int readAllegedVaultVersion;
        Intrinsics.checkNotNullParameter(vault, "vault");
        Intrinsics.checkNotNullParameter(unverifiedVaultConfig, "unverifiedVaultConfig");
        Intrinsics.checkNotNullParameter(oldPassword, "oldPassword");
        Intrinsics.checkNotNullParameter(newPassword, "newPassword");
        CloudFolder vaultLocation = vaultLocation(vault);
        if (unverifiedVaultConfig.isPresent()) {
            UnverifiedVaultConfig unverifiedVaultConfig2 = unverifiedVaultConfig.get();
            Intrinsics.checkNotNullExpressionValue(unverifiedVaultConfig2, "unverifiedVaultConfig.get()");
            legacyMasterkeyFile = masterkeyFile(vaultLocation, unverifiedVaultConfig2);
        } else {
            legacyMasterkeyFile = legacyMasterkeyFile(vaultLocation);
        }
        CloudFile cloudFile = legacyMasterkeyFile;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProgressAware<DownloadState> NO_OP_PROGRESS_AWARE_DOWNLOAD = ProgressAware.NO_OP_PROGRESS_AWARE_DOWNLOAD;
        Intrinsics.checkNotNullExpressionValue(NO_OP_PROGRESS_AWARE_DOWNLOAD, "NO_OP_PROGRESS_AWARE_DOWNLOAD");
        this.cloudContentRepository.read(cloudFile, null, byteArrayOutputStream, NO_OP_PROGRESS_AWARE_DOWNLOAD);
        byte[] data = byteArrayOutputStream.toByteArray();
        if (unverifiedVaultConfig.isPresent()) {
            readAllegedVaultVersion = unverifiedVaultConfig.get().getVaultFormat();
            assertVaultVersionIsSupported(readAllegedVaultVersion);
        } else {
            try {
                readAllegedVaultVersion = MasterkeyFileAccess.readAllegedVaultVersion(data);
                assertLegacyVaultVersionIsSupported(readAllegedVaultVersion);
            } catch (IOException e) {
                throw new FatalBackendException("Failed to read legacy vault version", e);
            }
        }
        int i = readAllegedVaultVersion;
        Intrinsics.checkNotNullExpressionValue(data, "data");
        createBackupMasterKeyFile(data, cloudFile);
        createNewMasterKeyFile(data, i, oldPassword, newPassword, cloudFile);
    }

    @Override // org.cryptomator.data.cloud.crypto.CryptoCloudProvider
    public void create(CloudFolder location, CharSequence password) throws BackendException {
        Intrinsics.checkNotNullParameter(location, "location");
        Intrinsics.checkNotNullParameter(password, "password");
        create(location, password, VaultConfig.INSTANCE.createVaultConfig());
    }

    public final void create(CloudFolder location, CharSequence password, VaultConfig.VaultConfigBuilder vaultConfigBuilder) throws BackendException {
        Intrinsics.checkNotNullParameter(location, "location");
        Intrinsics.checkNotNullParameter(vaultConfigBuilder, "vaultConfigBuilder");
        Masterkey generate = Masterkey.generate(this.secureRandom);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            Throwable th = (Throwable) null;
            try {
                ByteArrayOutputStream byteArrayOutputStream2 = byteArrayOutputStream;
                new MasterkeyFileAccess(CryptoConstants.INSTANCE.getPEPPER(), this.secureRandom).persist(generate, byteArrayOutputStream2, password, CryptoConstants.DEFAULT_MASTERKEY_FILE_VERSION);
                CloudContentRepository<Cloud, CloudNode, CloudFolder, CloudFile> cloudContentRepository = this.cloudContentRepository;
                CloudFile legacyMasterkeyFile = legacyMasterkeyFile(location);
                ByteArrayDataSource.Companion companion = ByteArrayDataSource.INSTANCE;
                byte[] byteArray = byteArrayOutputStream2.toByteArray();
                Intrinsics.checkNotNullExpressionValue(byteArray, "data.toByteArray()");
                DataSource from = companion.from(byteArray);
                ProgressAware<UploadState> NO_OP_PROGRESS_AWARE_UPLOAD = ProgressAware.NO_OP_PROGRESS_AWARE_UPLOAD;
                Intrinsics.checkNotNullExpressionValue(NO_OP_PROGRESS_AWARE_UPLOAD, "NO_OP_PROGRESS_AWARE_UPLOAD");
                cloudContentRepository.write(legacyMasterkeyFile, from, NO_OP_PROGRESS_AWARE_UPLOAD, false, byteArrayOutputStream2.size());
                CloseableKt.closeFinally(byteArrayOutputStream, th);
                VaultConfig.VaultConfigBuilder cipherCombo = vaultConfigBuilder.vaultFormat(8).cipherCombo(CryptoConstants.INSTANCE.getDEFAULT_CIPHER_COMBO());
                StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
                String format = String.format("%s:%s", Arrays.copyOf(new Object[]{CryptoConstants.MASTERKEY_SCHEME, CryptoConstants.MASTERKEY_FILE_NAME}, 2));
                Intrinsics.checkNotNullExpressionValue(format, "java.lang.String.format(format, *args)");
                URI create = URI.create(format);
                Intrinsics.checkNotNullExpressionValue(create, "create(String.format(\"%s…nts.MASTERKEY_FILE_NAME))");
                VaultConfig build = cipherCombo.keyId(create).shorteningThreshold(CryptoConstants.DEFAULT_MAX_FILE_NAME).build();
                byte[] encoded = generate.getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded, "masterkey.encoded");
                String token = build.toToken(encoded);
                Charset UTF_8 = StandardCharsets.UTF_8;
                Intrinsics.checkNotNullExpressionValue(UTF_8, "UTF_8");
                Objects.requireNonNull(token, "null cannot be cast to non-null type java.lang.String");
                byte[] bytes = token.getBytes(UTF_8);
                Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
                CloudFile file = this.cloudContentRepository.file(location, CryptoConstants.VAULT_FILE_NAME);
                CloudContentRepository<Cloud, CloudNode, CloudFolder, CloudFile> cloudContentRepository2 = this.cloudContentRepository;
                DataSource from2 = ByteArrayDataSource.INSTANCE.from(bytes);
                ProgressAware<UploadState> NO_OP_PROGRESS_AWARE_UPLOAD2 = ProgressAware.NO_OP_PROGRESS_AWARE_UPLOAD;
                Intrinsics.checkNotNullExpressionValue(NO_OP_PROGRESS_AWARE_UPLOAD2, "NO_OP_PROGRESS_AWARE_UPLOAD");
                cloudContentRepository2.write(file, from2, NO_OP_PROGRESS_AWARE_UPLOAD2, false, bytes.length);
                createRootFolder(location, cryptorFor(generate, build.getCipherCombo()));
            } finally {
            }
        } catch (IOException e) {
            throw new FatalBackendException("Failed to write masterkey", e);
        }
    }

    @Override // org.cryptomator.data.cloud.crypto.CryptoCloudProvider
    public UnlockTokenImpl createUnlockToken(Vault vault, Optional<UnverifiedVaultConfig> unverifiedVaultConfig) throws BackendException {
        Intrinsics.checkNotNullParameter(vault, "vault");
        Intrinsics.checkNotNullParameter(unverifiedVaultConfig, "unverifiedVaultConfig");
        CloudFolder vaultLocation = vaultLocation(vault);
        if (!unverifiedVaultConfig.isPresent()) {
            return createUnlockToken(vault, legacyMasterkeyFile(vaultLocation));
        }
        UnverifiedVaultConfig unverifiedVaultConfig2 = unverifiedVaultConfig.get();
        Intrinsics.checkNotNullExpressionValue(unverifiedVaultConfig2, "unverifiedVaultConfig.get()");
        return createUnlockToken(vault, masterkeyFile(vaultLocation, unverifiedVaultConfig2));
    }

    @Override // org.cryptomator.data.cloud.crypto.CryptoCloudProvider
    public /* bridge */ /* synthetic */ UnlockToken createUnlockToken(Vault vault, Optional optional) {
        return createUnlockToken(vault, (Optional<UnverifiedVaultConfig>) optional);
    }

    public final Cryptor cryptorFor(Masterkey keyFile, CryptorProvider.Scheme vaultCipherCombo) {
        Intrinsics.checkNotNullParameter(vaultCipherCombo, "vaultCipherCombo");
        Cryptor provide = CryptorProvider.forScheme(vaultCipherCombo).provide(keyFile, this.secureRandom);
        Intrinsics.checkNotNullExpressionValue(provide, "forScheme(vaultCipherCom…de(keyFile, secureRandom)");
        return provide;
    }

    @Override // org.cryptomator.data.cloud.crypto.CryptoCloudProvider
    public boolean isVaultPasswordValid(Vault vault, Optional<UnverifiedVaultConfig> unverifiedVaultConfig, CharSequence password) throws BackendException {
        CryptorProvider.Scheme scheme;
        Intrinsics.checkNotNullParameter(vault, "vault");
        Intrinsics.checkNotNullParameter(unverifiedVaultConfig, "unverifiedVaultConfig");
        Intrinsics.checkNotNullParameter(password, "password");
        try {
            UnlockTokenImpl createUnlockToken = createUnlockToken(vault, unverifiedVaultConfig);
            Masterkey keyFile = createUnlockToken.getKeyFile(password);
            if (unverifiedVaultConfig.isPresent()) {
                VaultConfig.Companion companion = VaultConfig.INSTANCE;
                byte[] encoded = keyFile.getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded, "masterkey.encoded");
                UnverifiedVaultConfig unverifiedVaultConfig2 = unverifiedVaultConfig.get();
                Intrinsics.checkNotNullExpressionValue(unverifiedVaultConfig2, "unverifiedVaultConfig.get()");
                VaultConfig verify = companion.verify(encoded, unverifiedVaultConfig2);
                assertVaultVersionIsSupported(verify.getVaultFormat());
                scheme = verify.getCipherCombo();
            } else {
                assertLegacyVaultVersionIsSupported(MasterkeyFileAccess.readAllegedVaultVersion(createUnlockToken.getKeyFileData()));
                scheme = CryptorProvider.Scheme.SIV_CTRMAC;
            }
            cryptorFor(keyFile, scheme).destroy();
            return true;
        } catch (IOException e) {
            throw new FatalBackendException(e);
        } catch (InvalidPassphraseException unused) {
            return false;
        }
    }

    @Override // org.cryptomator.data.cloud.crypto.CryptoCloudProvider
    public void lock(Vault vault) {
        Intrinsics.checkNotNullParameter(vault, "vault");
        this.cryptoCloudContentRepositoryFactory.deregisterCryptor(vault);
    }

    @Override // org.cryptomator.data.cloud.crypto.CryptoCloudProvider
    public Vault unlock(Vault vault, Optional<UnverifiedVaultConfig> unverifiedVaultConfig, CharSequence password, Flag cancelledFlag) throws BackendException {
        Intrinsics.checkNotNullParameter(vault, "vault");
        Intrinsics.checkNotNullParameter(unverifiedVaultConfig, "unverifiedVaultConfig");
        Intrinsics.checkNotNullParameter(password, "password");
        Intrinsics.checkNotNullParameter(cancelledFlag, "cancelledFlag");
        return unlock(createUnlockToken(vault, unverifiedVaultConfig), unverifiedVaultConfig, password, cancelledFlag);
    }

    @Override // org.cryptomator.data.cloud.crypto.CryptoCloudProvider
    public Vault unlock(UnlockToken token, Optional<UnverifiedVaultConfig> unverifiedVaultConfig, CharSequence password, Flag cancelledFlag) throws BackendException {
        int readAllegedVaultVersion;
        int i;
        Cryptor cryptorFor;
        Intrinsics.checkNotNullParameter(token, "token");
        Intrinsics.checkNotNullParameter(unverifiedVaultConfig, "unverifiedVaultConfig");
        Intrinsics.checkNotNullParameter(password, "password");
        Intrinsics.checkNotNullParameter(cancelledFlag, "cancelledFlag");
        UnlockTokenImpl unlockTokenImpl = (UnlockTokenImpl) token;
        try {
            Masterkey keyFile = unlockTokenImpl.getKeyFile(password);
            if (unverifiedVaultConfig.isPresent()) {
                VaultConfig.Companion companion = VaultConfig.INSTANCE;
                byte[] encoded = keyFile.getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded, "masterkey.encoded");
                UnverifiedVaultConfig unverifiedVaultConfig2 = unverifiedVaultConfig.get();
                Intrinsics.checkNotNullExpressionValue(unverifiedVaultConfig2, "unverifiedVaultConfig.get()");
                VaultConfig verify = companion.verify(encoded, unverifiedVaultConfig2);
                readAllegedVaultVersion = verify.getVaultFormat();
                assertVaultVersionIsSupported(verify.getVaultFormat());
                i = verify.getShorteningThreshold();
                cryptorFor = cryptorFor(keyFile, verify.getCipherCombo());
            } else {
                readAllegedVaultVersion = MasterkeyFileAccess.readAllegedVaultVersion(unlockTokenImpl.getKeyFileData());
                assertLegacyVaultVersionIsSupported(readAllegedVaultVersion);
                i = readAllegedVaultVersion > 6 ? CryptoConstants.DEFAULT_MAX_FILE_NAME : CryptoImplVaultFormatPre7.SHORTENING_THRESHOLD;
                cryptorFor = cryptorFor(keyFile, CryptorProvider.Scheme.SIV_CTRMAC);
            }
            if (cancelledFlag.get()) {
                throw new CancellationException();
            }
            Vault build = Vault.aCopyOf(((UnlockTokenImpl) token).getVault()).withUnlocked(true).withFormat(readAllegedVaultVersion).withShorteningThreshold(i).build();
            this.cryptoCloudContentRepositoryFactory.registerCryptor(build, cryptorFor);
            Intrinsics.checkNotNullExpressionValue(build, "{\n\t\t\tval masterkey = imp…lt, cryptor)\n\t\t\tvault\n\t\t}");
            return build;
        } catch (IOException e) {
            throw new FatalBackendException(e);
        }
    }
}
