package com.huawei.health.industry.secauth;

import com.huawei.health.industry.secauth.constants.AuthConstant;
import com.huawei.health.industry.secauth.entity.AuthInfo;
import com.huawei.health.industry.secauth.entity.ResponseInfo;
import com.huawei.health.industry.secauth.utils.LogUtil;
import com.huawei.health.industry.secauth.utils.StringUtil;
import com.huawei.secure.android.common.encrypt.hash.SHA;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.json.JSONObject;

/* loaded from: classes3.dex */
public class AuthHelper {
    public static final int CERTIFICATE_EXHAUSTED = 27;
    public static final String CERT_TYPE_DEVELOPMENT = "certType:development";
    public static final String HEM_INFO_KEY = "validity_period_info";
    public static final int HEX_RADIX = 16;
    public static final String INVALID_TIME = "the certificate validity period expires";
    public static final String MGF_NAME = "MGF1";
    public static final int MIN_KEY_LEN = 2048;
    public static final int PEER_DEVICE_SUB = 3;
    public static final String RSA = "RSA";
    public static final String SHAREDPREFERENCES_CAK_CONFIG = "sharedpreferences_cak_config";
    public static final String SHA_256_WITH_RSA = "SHA256withRSA/PSS";
    public static final String SHA_256_WITH_RSA_PSS = "SHA256WithRSA/PSS";
    public static final int SIGNATURE_SALT_LENGTH = 32;
    public static final int SIGN_NUM = 1;
    public static final String TAG = "AuthHelper";
    public static final int TRAILER_FIELD_BC = 1;
    public static final String VERIFY_FAIL = "signature verify fail";
    public static final String VERSION_NUMBER = "1.0";

    private void checkKeyLength(KeyFactory keyFactory, PublicKey publicKey) {
        int bitLength = ((RSAPublicKeySpec) keyFactory.getKeySpec(publicKey, RSAPublicKeySpec.class)).getModulus().bitLength();
        if (bitLength >= 2048) {
            return;
        }
        throw new InvalidKeyException("Public key length = " + bitLength + " < 2048.");
    }

    private native String generateAnonymousDeviceId(String str);

    private String generateContent(AuthInfo authInfo, JSONObject jSONObject) {
        return new BigInteger(1, SHA.shaEncryptByte((authInfo.getPackageName() + authInfo.getAppFingerPrint() + authInfo.getCurrentAppType() + authInfo.getPeerDeviceProductId() + authInfo.getSystemTime() + jSONObject.getString(AuthConstant.VALID_FROM) + jSONObject.getString(AuthConstant.VALID_TO) + jSONObject.getString(AuthConstant.CAK) + jSONObject.getString(AuthConstant.LINK_NUM) + jSONObject.getString(AuthConstant.SYSTEM_TIME)).getBytes(StandardCharsets.UTF_8), "SHA-256")).toString(16);
    }

    private native String generatePackageFingerprint(String str);

    private native String generateSignature(long j);

    private native String getCak(String str);

    private native String getDataPartOne();

    private native String getDataPartTwo();

    private native String getPublicKey();

    private native String getPublicKeyData();

    private native ResponseInfo handleAuthResponse(String str, AuthInfo authInfo);

    private native int handleRtnCode(int i);

    private native boolean isCertificateValid(String str, String str2);

    private boolean verifySign(String str, String str2, String str3) {
        if (StringUtil.isAnyEmpty(str, str2, str3)) {
            LogUtil.error(TAG, "parameter is invalid in verifySign.");
            return false;
        }
        byte[] decode = Base64.decode(str3);
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        byte[] decode2 = Base64.decode(str2.getBytes(StandardCharsets.UTF_8));
        try {
            KeyFactory keyFactory = KeyFactory.getInstance(RSA, new BouncyCastleProvider());
            PublicKey generatePublic = keyFactory.generatePublic(new X509EncodedKeySpec(decode));
            checkKeyLength(keyFactory, generatePublic);
            PSSParameterSpec pSSParameterSpec = new PSSParameterSpec(MGF1ParameterSpec.SHA256.getDigestAlgorithm(), MGF_NAME, MGF1ParameterSpec.SHA256, 32, 1);
            Signature signature = Signature.getInstance(SHA_256_WITH_RSA_PSS, new BouncyCastleProvider());
            signature.setParameter(pSSParameterSpec);
            signature.initVerify(generatePublic);
            signature.update(bytes);
            return signature.verify(decode2);
        } catch (InvalidAlgorithmParameterException e) {
            LogUtil.error(TAG, "has invalid Algorithm exception in verifySign.");
            throw new InvalidKeyException("Invalid Algorithm.", e);
        } catch (NoSuchAlgorithmException e2) {
            LogUtil.error(TAG, "has no such algorithm exception in verifySign.");
            throw new SignatureException("No Such Algorithm.", e2);
        } catch (InvalidKeySpecException e3) {
            LogUtil.error(TAG, "has invalid key spec exception in verifySign.");
            throw new InvalidKeyException("Invalid private key.", e3);
        }
    }

    public native boolean generateAuthInfo(String str, String str2, String str3, AuthInfo authInfo);

    public native boolean generateWatchAuthInfo(String str, String str2, long j, String str3, AuthInfo authInfo);

    public native ResponseInfo handleAuthResult(String str, AuthInfo authInfo);

    public native ResponseInfo handleWearableAuthResult(String str, AuthInfo authInfo);
}
