package com.heytap.omas.a.a;

import android.content.Context;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.google.gson.JsonSyntaxException;
import com.heytap.omas.a.b.f;
import com.heytap.omas.a.d.g;
import com.heytap.omas.a.d.h;
import com.heytap.omas.a.d.l;
import com.heytap.omas.a.d.m;
import com.heytap.omas.omkms.data.b;
import com.heytap.omas.omkms.data.c;
import com.heytap.omas.omkms.data.e;
import com.heytap.omas.omkms.exception.AuthenticationException;
import com.heytap.omas.proto.Omkms3;
import com.heytap.omas.wb.WbkitAndr;
import java.util.Arrays;

/* loaded from: classes3.dex */
public final class a {
    public static b a(Context context, c cVar) {
        byte[] e2 = e(cVar);
        if (e2 != null && e2.length != 0) {
            String str = new String(cVar.getWbId());
            String str2 = new String(cVar.getAppName());
            String str3 = "auth: wbId:" + str + ",appName:" + str2;
            byte[] hmac = WbkitAndr.hmac(com.heytap.omas.a.d.b.a(str.getBytes(), str2.getBytes()), e2);
            if (hmac != null && hmac.length != 0) {
                byte[] f = f(context, cVar);
                if (d(cVar, e2, hmac, f)) {
                    return b.a(cVar).a(hmac).d(f).b();
                }
                return null;
            }
            h.e("OmkmsAuth", "auth: WbkitAndr.hmac return null,this always should not happen,bug here.");
        }
        return null;
    }

    public static void b(@NonNull Omkms3.Pack pack, @NonNull e eVar, @NonNull com.heytap.omas.omkms.feature.b bVar) throws AuthenticationException {
        if (pack == null || eVar == null || eVar.a() == null || eVar.a().c() == null) {
            throw new AuthenticationException("Parameters invalid.");
        }
        if (TextUtils.isEmpty(pack.getHeaderString())) {
            h.e("OmkmsAuth", "cipherTextAuth: headerString:" + pack.getHeaderString());
            throw new AuthenticationException("cipher text auth fail,pack not contains header content.");
        }
        if (TextUtils.isEmpty(pack.getPayloadString())) {
            h.e("OmkmsAuth", "cipherTextAuth: payloadString:" + pack.getPayloadString());
            throw new AuthenticationException("cipher text auth fail,pack not contains payload content.");
        }
        if (TextUtils.isEmpty(pack.getSignatureString())) {
            h.e("OmkmsAuth", "cipherTextAuth: signatureString:" + pack.getSignatureString());
            throw new AuthenticationException("cipher text auth fail,pack not contains signature content.");
        }
        Omkms3.CMSSignedData signature = pack.getSignature();
        byte[] a2 = com.heytap.omas.a.d.b.a(pack.getHeaderString().getBytes(), pack.getPayloadString().getBytes());
        if (!"HMAC".equals(signature.getSignAlg()) || !"SHA256".equals(signature.getHashId())) {
            h.e("OmkmsAuth", "cipherTextAu: only support sigAlg=HMAC,hashId=SHA256. sigAlg=" + signature.getSignAlg() + ",hashId=" + signature.getHashId());
            throw new AuthenticationException("cipher text auth fail,only support sigAlg=HMAC,hashId=SHA256.");
        }
        if (signature.getSignedContent() == null) {
            throw new AuthenticationException("cipher text auth fail,signature not contains signed content data.");
        }
        String keyType = pack.getHeader().getKeyType();
        keyType.hashCode();
        if (!keyType.equals("SessionKey")) {
            if (keyType.equals("WB")) {
                if (WbkitAndr.verify(eVar.a().b(), eVar.a().d(), Base64.decode(signature.getSignedContent(), 2), a2, eVar.a().c().getWbId(), eVar.a().c().getWbKeyId(), eVar.a().c().getWbVersion()) == 0) {
                    return;
                }
                h.e("OmkmsAuth", "cipherTextAuth: signature authentication failed.");
                throw new AuthenticationException("cipher text auth fail,signature authentication failed.");
            }
            throw new IllegalStateException("Should not take place always,Unexpected value: " + eVar.c());
        }
        if (!pack.getHeader().getKeyType().equals(eVar.c())) {
            h.g("OmkmsAuth", "cipherTextAuth: keyType not match. header key type:" + pack.getHeader().getKeyType() + ",secKitClient key type:" + eVar.c());
        }
        String nonce = pack.getHeader().getNonce();
        if (TextUtils.isEmpty(nonce)) {
            h.e("OmkmsAuth", "cipherTextAuth: nonce:" + pack.getHeader().getNonce());
            throw new AuthenticationException("cipher text auth fail,header of pack not contains nonce content.always should not take place.");
        }
        try {
            Omkms3.NonceClass nonceClass = (Omkms3.NonceClass) g.a(nonce, Omkms3.NonceClass.class);
            if (TextUtils.isEmpty(nonceClass.getEncryptedDekJsonString())) {
                h.e("OmkmsAuth", "cipherTextAuth: encryptedDek:" + nonceClass.getEncryptedDekJsonString());
                throw new AuthenticationException("cipher text auth fail,header of pack not contains encryptedDek content.always should not take place.");
            }
            byte[] a3 = com.heytap.omas.a.d.b.a(pack.getHeaderString().getBytes(), pack.getPayloadString().getBytes());
            byte[] a4 = bVar.a();
            if (a4 == null || a4.length == 0) {
                throw new AuthenticationException("internal error,not found local kek,always should not take place.");
            }
            if (TextUtils.isEmpty(nonceClass.getEncryptedMkJsonString())) {
                h.e("OmkmsAuth", "cipherTextAuth: encryptedMk:" + nonceClass.getEncryptedMkJsonString());
                throw new AuthenticationException("cipher text auth fail,header of pack not contains encryptedMk content.always should not take place.");
            }
            byte[] a5 = com.heytap.omas.a.b.a.b(eVar.a().c()).a(nonceClass.getEncryptedMk(), a4);
            if (a5 == null || a5.length == 0) {
                throw new AuthenticationException("cipher text invalid,cannot decrypt encrypted mk.");
            }
            if (!f.j(a3, a5, signature)) {
                throw new AuthenticationException("data signature verify fail,cipherText invalid.");
            }
        } catch (JsonSyntaxException e2) {
            h.e("OmkmsAuth", "cipherTextAuth: nonce illegal," + e2);
            throw new AuthenticationException("cipher text auth fail,nonce of header invalid,always should not take place.");
        }
    }

    public static boolean c(Context context, long j, long j2) {
        String str;
        if (context == null) {
            throw new IllegalArgumentException("checkSessionKeyTimeValid: context cannot be null.");
        }
        long a2 = l.c().a(context);
        long a3 = m.a() + a2;
        String str2 = "timeStampAuth: diffTime:" + a2 + ",calibratedTime:" + a3 + ",sessionKeyBeginTime:" + j + ",sessionKeyEndTime:" + j2;
        long j3 = l.f5915a;
        if (a2 == j3 || j == j3 || j2 == j3 || j >= j2) {
            str = "timeStampAuth,parameters invalid.";
        } else {
            if (a3 >= j && 10 + a3 <= j2) {
                return true;
            }
            str = "timeStampAuth,time not between begin time with end time.calibratedTime:" + a3 + ",sessionKeyBeginTime:" + j + ",sessionKeyEndTime:" + j2;
        }
        h.e("OmkmsAuth", str);
        return false;
    }

    private static boolean d(c cVar, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        String str;
        if (cVar == null) {
            str = "appNameAuth: parameter invalid,initParamSpec cannot be null.";
        } else {
            if (bArr == null || bArr.length == 0) {
                h.e("OmkmsAuth", "appNameAuth: parameter invalid,secretKey cannot be null or length == 0.");
                return false;
            }
            if (bArr2 == null || bArr2.length == 0) {
                h.e("OmkmsAuth", "appNameAuth: parameter invalid,secretKey cannot be null or length == 0.");
                return false;
            }
            if (bArr3 == null) {
                h.g("OmkmsAuth", "appNameAuth: pkgInfo not specify.");
            }
            byte[] appid = WbkitAndr.getAppid(bArr2, bArr3, cVar.getWbId(), cVar.getWbVersion());
            if (appid == null) {
                str = "appNameAuth: auth fail. cannot getAppName.";
            } else {
                if (Arrays.equals(appid, cVar.getAppName())) {
                    return true;
                }
                String str2 = "appNameAuth: fail,authAppName:" + Arrays.toString(appid) + ",appName:" + Arrays.toString(cVar.getAppName());
                str = "appNameAuth,auth fail.";
            }
        }
        h.e("OmkmsAuth", str);
        return false;
    }

    private static byte[] e(c cVar) {
        String str;
        if (cVar == null) {
            str = "appNameAuth: parameter invalid,initParamSpec cannot be null.";
        } else {
            byte[] sk = WbkitAndr.getSk(cVar.getAccessKey(), cVar.getWbId(), cVar.getWbVersion());
            if (sk != null && sk.length != 0) {
                return sk;
            }
            str = "accessKeyAuth: accessKey auth fail.";
        }
        h.e("OmkmsAuth", str);
        return null;
    }

    @Nullable
    private static byte[] f(Context context, c cVar) {
        if (context == null || cVar == null) {
            h.g("OmkmsAuth", "genPkgInfo: Parameters invalid.");
            return null;
        }
        String packageName = context.getPackageName();
        String e2 = com.heytap.omas.a.d.a.e(context, packageName);
        String str = "genPkgInfo: pkgName:" + packageName;
        String str2 = "genPkgInfo: signature:" + e2;
        String str3 = packageName + "^" + e2;
        String str4 = "genPkgInfo: pkgInfo=" + str3;
        return str3.getBytes();
    }
}
