package com.heytap.omas.a.a;

import android.content.Context;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.google.gson.JsonSyntaxException;
import com.heytap.omas.a.c.f;
import com.heytap.omas.a.e.i;
import com.heytap.omas.a.e.m;
import com.heytap.omas.a.e.n;
import com.heytap.omas.omkms.data.d;
import com.heytap.omas.omkms.data.h;
import com.heytap.omas.omkms.data.l;
import com.heytap.omas.omkms.exception.AuthenticationException;
import com.heytap.omas.proto.Omkms3;
import com.heytap.omas.wb.WbkitAndr;
import java.util.Arrays;
import java.util.Objects;

/* loaded from: classes4.dex */
public final class a {

    /* renamed from: a, reason: collision with root package name */
    private static final String f15530a = "OmkmsAuth";

    /* renamed from: b, reason: collision with root package name */
    private static final String f15531b = "AndroidKeyStore";

    /* renamed from: c, reason: collision with root package name */
    private static final String f15532c = "HMAC";

    /* renamed from: d, reason: collision with root package name */
    private static final String f15533d = "SHA256";

    private a() {
    }

    public static d a(Context context, h hVar) {
        byte[] a10 = a(hVar);
        if (a10 != null && a10.length != 0) {
            byte[] hmac = WbkitAndr.hmac(com.heytap.omas.a.e.c.a(new String(hVar.getWbId()).getBytes(), new String(hVar.getAppName()).getBytes()), a10);
            if (hmac != null && hmac.length != 0) {
                byte[] b10 = b(context, hVar);
                if (a(hVar, a10, hmac, b10)) {
                    return d.a(hVar).a(hmac).b(b10).a();
                }
                return null;
            }
            i.b(f15530a, "auth: WbkitAndr.hmac return null,this always should not happen,bug here.");
        }
        return null;
    }

    public static void a(@NonNull Omkms3.Pack pack, @NonNull l lVar, @NonNull com.heytap.omas.omkms.feature.b bVar) throws AuthenticationException {
        if (pack == null || lVar == null || lVar.a() == null || lVar.a().b() == null) {
            throw new AuthenticationException("Parameters invalid.");
        }
        if (TextUtils.isEmpty(pack.getHeaderString())) {
            StringBuilder b10 = a.h.b("cipherTextAuth: headerString:");
            b10.append(pack.getHeaderString());
            i.b(f15530a, b10.toString());
            throw new AuthenticationException("cipher text auth fail,pack not contains header content.");
        }
        if (TextUtils.isEmpty(pack.getPayloadString())) {
            StringBuilder b11 = a.h.b("cipherTextAuth: payloadString:");
            b11.append(pack.getPayloadString());
            i.b(f15530a, b11.toString());
            throw new AuthenticationException("cipher text auth fail,pack not contains payload content.");
        }
        if (TextUtils.isEmpty(pack.getSignatureString())) {
            StringBuilder b12 = a.h.b("cipherTextAuth: signatureString:");
            b12.append(pack.getSignatureString());
            i.b(f15530a, b12.toString());
            throw new AuthenticationException("cipher text auth fail,pack not contains signature content.");
        }
        Omkms3.CMSSignedData signature = pack.getSignature();
        byte[] a10 = com.heytap.omas.a.e.c.a(pack.getHeaderString().getBytes(), pack.getPayloadString().getBytes());
        if (!f15532c.equals(signature.getSignAlg()) || !f15533d.equals(signature.getHashId())) {
            StringBuilder b13 = a.h.b("cipherTextAu: only support sigAlg=HMAC,hashId=SHA256. sigAlg=");
            b13.append(signature.getSignAlg());
            b13.append(",hashId=");
            b13.append(signature.getHashId());
            i.b(f15530a, b13.toString());
            throw new AuthenticationException("cipher text auth fail,only support sigAlg=HMAC,hashId=SHA256.");
        }
        if (signature.getSignedContent() == null) {
            throw new AuthenticationException("cipher text auth fail,signature not contains signed content data.");
        }
        String keyType = pack.getHeader().getKeyType();
        Objects.requireNonNull(keyType);
        if (!keyType.equals("SessionKey")) {
            if (!keyType.equals("WB")) {
                StringBuilder b14 = a.h.b("Should not take place always,Unexpected value: ");
                b14.append(lVar.c());
                throw new IllegalStateException(b14.toString());
            }
            if (WbkitAndr.verify(lVar.a().a(), lVar.a().c(), Base64.decode(signature.getSignedContent(), 2), a10, lVar.a().b().getWbId(), lVar.a().b().getWbKeyId(), lVar.a().b().getWbVersion()) == 0) {
                return;
            }
            i.b(f15530a, "cipherTextAuth: signature authentication failed.");
            throw new AuthenticationException("cipher text auth fail,signature authentication failed.");
        }
        if (!pack.getHeader().getKeyType().equals(lVar.c())) {
            StringBuilder b15 = a.h.b("cipherTextAuth: keyType not match. header key type:");
            b15.append(pack.getHeader().getKeyType());
            b15.append(",secKitClient key type:");
            b15.append(lVar.c());
            i.c(f15530a, b15.toString());
        }
        String nonce = pack.getHeader().getNonce();
        if (TextUtils.isEmpty(nonce)) {
            StringBuilder b16 = a.h.b("cipherTextAuth: nonce:");
            b16.append(pack.getHeader().getNonce());
            i.b(f15530a, b16.toString());
            throw new AuthenticationException("cipher text auth fail,header of pack not contains nonce content.always should not take place.");
        }
        try {
            Omkms3.NonceClass nonceClass = (Omkms3.NonceClass) com.heytap.omas.a.e.h.a(nonce, Omkms3.NonceClass.class);
            if (TextUtils.isEmpty(nonceClass.getEncryptedDekJsonString())) {
                StringBuilder b17 = a.h.b("cipherTextAuth: encryptedDek:");
                b17.append(nonceClass.getEncryptedDekJsonString());
                i.b(f15530a, b17.toString());
                throw new AuthenticationException("cipher text auth fail,header of pack not contains encryptedDek content.always should not take place.");
            }
            byte[] a11 = com.heytap.omas.a.e.c.a(pack.getHeaderString().getBytes(), pack.getPayloadString().getBytes());
            byte[] a12 = bVar.a();
            if (a12 == null || a12.length == 0) {
                throw new AuthenticationException("internal error,not found local kek,always should not take place.");
            }
            if (TextUtils.isEmpty(nonceClass.getEncryptedMkJsonString())) {
                StringBuilder b18 = a.h.b("cipherTextAuth: encryptedMk:");
                b18.append(nonceClass.getEncryptedMkJsonString());
                i.b(f15530a, b18.toString());
                throw new AuthenticationException("cipher text auth fail,header of pack not contains encryptedMk content.always should not take place.");
            }
            byte[] a13 = com.heytap.omas.a.c.a.a(lVar.a().b()).a(nonceClass.getEncryptedMk(), a12);
            if (a13 == null || a13.length == 0) {
                throw new AuthenticationException("cipher text invalid,cannot decrypt encrypted mk.");
            }
            if (!f.a(a11, a13, signature)) {
                throw new AuthenticationException("data signature verify fail,cipherText invalid.");
            }
        } catch (JsonSyntaxException e3) {
            i.b(f15530a, "cipherTextAuth: nonce illegal," + e3);
            throw new AuthenticationException("cipher text auth fail,nonce of header invalid,always should not take place.");
        }
    }

    public static boolean a(Context context, long j10, long j11) {
        String str;
        if (context == null) {
            throw new IllegalArgumentException("checkSessionKeyTimeValid: context cannot be null.");
        }
        long a10 = m.a().a(context);
        long b10 = n.b() + a10;
        long j12 = m.f15641d;
        if (a10 == j12 || j10 == j12 || j11 == j12 || j10 >= j11) {
            str = "timeStampAuth,parameters invalid.";
        } else {
            if (b10 >= j10 && 10 + b10 <= j11) {
                return true;
            }
            StringBuilder b11 = a.i.b("timeStampAuth,time not between begin time with end time.calibratedTime:", b10, ",sessionKeyBeginTime:");
            b11.append(j10);
            b11.append(",sessionKeyEndTime:");
            b11.append(j11);
            str = b11.toString();
        }
        i.b(f15530a, str);
        return false;
    }

    private static boolean a(h hVar, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        String str;
        if (hVar == null) {
            str = "appNameAuth: parameter invalid,initParamSpec cannot be null.";
        } else {
            if (bArr == null || bArr.length == 0) {
                i.b(f15530a, "appNameAuth: parameter invalid,secretKey cannot be null or length == 0.");
                return false;
            }
            if (bArr2 == null || bArr2.length == 0) {
                i.b(f15530a, "appNameAuth: parameter invalid,secretKey cannot be null or length == 0.");
                return false;
            }
            if (bArr3 == null) {
                i.c(f15530a, "appNameAuth: pkgInfo not specify.");
            }
            byte[] appid = WbkitAndr.getAppid(bArr2, bArr3, hVar.getWbId(), hVar.getWbVersion());
            if (appid == null) {
                str = "appNameAuth: auth fail. cannot getAppName.";
            } else {
                if (Arrays.equals(appid, hVar.getAppName())) {
                    return true;
                }
                Arrays.toString(appid);
                Arrays.toString(hVar.getAppName());
                str = "appNameAuth,auth fail.";
            }
        }
        i.b(f15530a, str);
        return false;
    }

    private static byte[] a(h hVar) {
        String str;
        if (hVar == null) {
            str = "appNameAuth: parameter invalid,initParamSpec cannot be null.";
        } else {
            byte[] sk = WbkitAndr.getSk(hVar.getAccessKey(), hVar.getWbId(), hVar.getWbVersion());
            if (sk != null && sk.length != 0) {
                return sk;
            }
            str = "accessKeyAuth: accessKey auth fail.";
        }
        i.b(f15530a, str);
        return null;
    }

    @Nullable
    private static byte[] b(Context context, h hVar) {
        if (context == null || hVar == null) {
            i.c(f15530a, "genPkgInfo: Parameters invalid.");
            return null;
        }
        String packageName = context.getPackageName();
        return (packageName + "^" + com.heytap.omas.a.e.b.b(context, packageName)).getBytes();
    }
}
