package com.heytap.omas.a.a;

import android.content.Context;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.google.gson.JsonSyntaxException;
import com.heytap.omas.a.c.f;
import com.heytap.omas.a.e.i;
import com.heytap.omas.a.e.m;
import com.heytap.omas.omkms.data.d;
import com.heytap.omas.omkms.data.h;
import com.heytap.omas.omkms.data.l;
import com.heytap.omas.omkms.exception.AuthenticationException;
import com.heytap.omas.proto.Omkms3;
import com.heytap.omas.wb.WbkitAndr;
import java.util.Arrays;

/* loaded from: classes15.dex */
public final class a {

    /* renamed from: a, reason: collision with root package name */
    private static final String f23424a = "OmkmsAuth";

    /* renamed from: b, reason: collision with root package name */
    private static final String f23425b = "AndroidKeyStore";

    /* renamed from: c, reason: collision with root package name */
    private static final String f23426c = "HMAC";

    /* renamed from: d, reason: collision with root package name */
    private static final String f23427d = "SHA256";

    private a() {
    }

    public static d a(Context context, h hVar) {
        byte[] e2 = e(hVar);
        if (e2 != null && e2.length != 0) {
            byte[] hmac = WbkitAndr.hmac(com.heytap.omas.a.e.c.a(new String(hVar.getWbId()).getBytes(), new String(hVar.getAppName()).getBytes()), e2);
            if (hmac != null && hmac.length != 0) {
                byte[] f2 = f(context, hVar);
                if (d(hVar, e2, hmac, f2)) {
                    return d.a(hVar).a(hmac).d(f2).b();
                }
                return null;
            }
            i.h(f23424a, "auth: WbkitAndr.hmac return null,this always should not happen,bug here.");
        }
        return null;
    }

    public static void b(@NonNull Omkms3.Pack pack, @NonNull l lVar, @NonNull com.heytap.omas.omkms.feature.b bVar) throws AuthenticationException {
        if (pack == null || lVar == null || lVar.a() == null || lVar.a().c() == null) {
            throw new AuthenticationException("Parameters invalid.");
        }
        if (TextUtils.isEmpty(pack.getHeaderString())) {
            i.h(f23424a, "cipherTextAuth: headerString:" + pack.getHeaderString());
            throw new AuthenticationException("cipher text auth fail,pack not contains header content.");
        }
        if (TextUtils.isEmpty(pack.getPayloadString())) {
            i.h(f23424a, "cipherTextAuth: payloadString:" + pack.getPayloadString());
            throw new AuthenticationException("cipher text auth fail,pack not contains payload content.");
        }
        if (TextUtils.isEmpty(pack.getSignatureString())) {
            i.h(f23424a, "cipherTextAuth: signatureString:" + pack.getSignatureString());
            throw new AuthenticationException("cipher text auth fail,pack not contains signature content.");
        }
        Omkms3.CMSSignedData signature = pack.getSignature();
        byte[] a2 = com.heytap.omas.a.e.c.a(pack.getHeaderString().getBytes(), pack.getPayloadString().getBytes());
        if (!f23426c.equals(signature.getSignAlg()) || !f23427d.equals(signature.getHashId())) {
            i.h(f23424a, "cipherTextAu: only support sigAlg=HMAC,hashId=SHA256. sigAlg=" + signature.getSignAlg() + ",hashId=" + signature.getHashId());
            throw new AuthenticationException("cipher text auth fail,only support sigAlg=HMAC,hashId=SHA256.");
        }
        if (signature.getSignedContent() == null) {
            throw new AuthenticationException("cipher text auth fail,signature not contains signed content data.");
        }
        String keyType = pack.getHeader().getKeyType();
        keyType.hashCode();
        if (keyType.equals("WB")) {
            if (WbkitAndr.verify(lVar.a().b(), lVar.a().d(), Base64.decode(signature.getSignedContent(), 2), a2, lVar.a().c().getWbId(), lVar.a().c().getWbKeyId(), lVar.a().c().getWbVersion()) == 0) {
                return;
            }
            i.h(f23424a, "cipherTextAuth: signature authentication failed.");
            throw new AuthenticationException("cipher text auth fail,signature authentication failed.");
        }
        if (!keyType.equals("SessionKey")) {
            throw new IllegalStateException("Should not take place always,Unexpected value: " + lVar.c());
        }
        if (!pack.getHeader().getKeyType().equals(lVar.c())) {
            i.j(f23424a, "cipherTextAuth: keyType not match. header key type:" + pack.getHeader().getKeyType() + ",secKitClient key type:" + lVar.c());
        }
        String nonce = pack.getHeader().getNonce();
        if (TextUtils.isEmpty(nonce)) {
            i.h(f23424a, "cipherTextAuth: nonce:" + pack.getHeader().getNonce());
            throw new AuthenticationException("cipher text auth fail,header of pack not contains nonce content.always should not take place.");
        }
        try {
            Omkms3.NonceClass nonceClass = (Omkms3.NonceClass) com.heytap.omas.a.e.h.a(nonce, Omkms3.NonceClass.class);
            if (TextUtils.isEmpty(nonceClass.getEncryptedDekJsonString())) {
                i.h(f23424a, "cipherTextAuth: encryptedDek:" + nonceClass.getEncryptedDekJsonString());
                throw new AuthenticationException("cipher text auth fail,header of pack not contains encryptedDek content.always should not take place.");
            }
            byte[] a3 = com.heytap.omas.a.e.c.a(pack.getHeaderString().getBytes(), pack.getPayloadString().getBytes());
            byte[] a4 = bVar.a();
            if (a4 == null || a4.length == 0) {
                throw new AuthenticationException("internal error,not found local kek,always should not take place.");
            }
            if (TextUtils.isEmpty(nonceClass.getEncryptedMkJsonString())) {
                i.h(f23424a, "cipherTextAuth: encryptedMk:" + nonceClass.getEncryptedMkJsonString());
                throw new AuthenticationException("cipher text auth fail,header of pack not contains encryptedMk content.always should not take place.");
            }
            byte[] a5 = com.heytap.omas.a.c.a.b(lVar.a().c()).a(nonceClass.getEncryptedMk(), a4);
            if (a5 == null || a5.length == 0) {
                throw new AuthenticationException("cipher text invalid,cannot decrypt encrypted mk.");
            }
            if (!f.j(a3, a5, signature)) {
                throw new AuthenticationException("data signature verify fail,cipherText invalid.");
            }
        } catch (JsonSyntaxException e2) {
            i.h(f23424a, "cipherTextAuth: nonce illegal," + e2);
            throw new AuthenticationException("cipher text auth fail,nonce of header invalid,always should not take place.");
        }
    }

    public static boolean c(Context context, long j2, long j3) {
        String str;
        if (context == null) {
            throw new IllegalArgumentException("checkSessionKeyTimeValid: context cannot be null.");
        }
        long a2 = com.heytap.omas.a.e.l.c().a(context);
        long b2 = m.b() + a2;
        long j4 = com.heytap.omas.a.e.l.f23536e;
        if (a2 == j4 || j2 == j4 || j3 == j4 || j2 >= j3) {
            str = "timeStampAuth,parameters invalid.";
        } else {
            if (b2 >= j2 && 10 + b2 <= j3) {
                return true;
            }
            str = "timeStampAuth,time not between begin time with end time.calibratedTime:" + b2 + ",sessionKeyBeginTime:" + j2 + ",sessionKeyEndTime:" + j3;
        }
        i.h(f23424a, str);
        return false;
    }

    private static boolean d(h hVar, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        String str;
        if (hVar == null) {
            str = "appNameAuth: parameter invalid,initParamSpec cannot be null.";
        } else {
            if (bArr == null || bArr.length == 0) {
                i.h(f23424a, "appNameAuth: parameter invalid,secretKey cannot be null or length == 0.");
                return false;
            }
            if (bArr2 == null || bArr2.length == 0) {
                i.h(f23424a, "appNameAuth: parameter invalid,secretKey cannot be null or length == 0.");
                return false;
            }
            if (bArr3 == null) {
                i.j(f23424a, "appNameAuth: pkgInfo not specify.");
            }
            byte[] appid = WbkitAndr.getAppid(bArr2, bArr3, hVar.getWbId(), hVar.getWbVersion());
            if (appid == null) {
                str = "appNameAuth: auth fail. cannot getAppName.";
            } else {
                if (Arrays.equals(appid, hVar.getAppName())) {
                    return true;
                }
                Arrays.toString(appid);
                Arrays.toString(hVar.getAppName());
                str = "appNameAuth,auth fail.";
            }
        }
        i.h(f23424a, str);
        return false;
    }

    private static byte[] e(h hVar) {
        String str;
        if (hVar == null) {
            str = "appNameAuth: parameter invalid,initParamSpec cannot be null.";
        } else {
            byte[] sk = WbkitAndr.getSk(hVar.getAccessKey(), hVar.getWbId(), hVar.getWbVersion());
            if (sk != null && sk.length != 0) {
                return sk;
            }
            str = "accessKeyAuth: accessKey auth fail.";
        }
        i.h(f23424a, str);
        return null;
    }

    @Nullable
    private static byte[] f(Context context, h hVar) {
        if (context == null || hVar == null) {
            i.j(f23424a, "genPkgInfo: Parameters invalid.");
            return null;
        }
        String packageName = context.getPackageName();
        return (packageName + "^" + com.heytap.omas.a.e.b.e(context, packageName)).getBytes();
    }
}
