package com.heytap.omas.a.a;

import android.content.Context;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.google.gson.JsonSyntaxException;
import com.heytap.omas.a.c.f;
import com.heytap.omas.a.e.i;
import com.heytap.omas.a.e.m;
import com.heytap.omas.a.e.n;
import com.heytap.omas.omkms.data.d;
import com.heytap.omas.omkms.data.h;
import com.heytap.omas.omkms.data.l;
import com.heytap.omas.omkms.exception.AuthenticationException;
import com.heytap.omas.proto.Omkms3;
import com.heytap.omas.wb.WbkitAndr;
import java.util.Arrays;

/* loaded from: classes5.dex */
public final class a {

    /* renamed from: a, reason: collision with root package name */
    private static final String f6839a = "OmkmsAuth";

    /* renamed from: b, reason: collision with root package name */
    private static final String f6840b = "AndroidKeyStore";

    /* renamed from: c, reason: collision with root package name */
    private static final String f6841c = "HMAC";

    /* renamed from: d, reason: collision with root package name */
    private static final String f6842d = "SHA256";

    private a() {
    }

    public static d a(Context context, h hVar) {
        byte[] a10 = a(hVar);
        if (a10 != null && a10.length != 0) {
            byte[] hmac = WbkitAndr.hmac(com.heytap.omas.a.e.c.a(new String(hVar.getWbId()).getBytes(), new String(hVar.getAppName()).getBytes()), a10);
            if (hmac != null && hmac.length != 0) {
                byte[] b6 = b(context, hVar);
                if (a(hVar, a10, hmac, b6)) {
                    return d.a(hVar).a(hmac).b(b6).a();
                }
                return null;
            }
            i.b(f6839a, "auth: WbkitAndr.hmac return null,this always should not happen,bug here.");
        }
        return null;
    }

    public static void a(@NonNull Omkms3.Pack pack, @NonNull l lVar, @NonNull com.heytap.omas.omkms.feature.b bVar) throws AuthenticationException {
        if (pack == null || lVar == null || lVar.a() == null || lVar.a().b() == null) {
            throw new AuthenticationException("Parameters invalid.");
        }
        if (TextUtils.isEmpty(pack.getHeaderString())) {
            i.b(f6839a, "cipherTextAuth: headerString:" + pack.getHeaderString());
            throw new AuthenticationException("cipher text auth fail,pack not contains header content.");
        }
        if (TextUtils.isEmpty(pack.getPayloadString())) {
            i.b(f6839a, "cipherTextAuth: payloadString:" + pack.getPayloadString());
            throw new AuthenticationException("cipher text auth fail,pack not contains payload content.");
        }
        if (TextUtils.isEmpty(pack.getSignatureString())) {
            i.b(f6839a, "cipherTextAuth: signatureString:" + pack.getSignatureString());
            throw new AuthenticationException("cipher text auth fail,pack not contains signature content.");
        }
        Omkms3.CMSSignedData signature = pack.getSignature();
        byte[] a10 = com.heytap.omas.a.e.c.a(pack.getHeaderString().getBytes(), pack.getPayloadString().getBytes());
        if (!f6841c.equals(signature.getSignAlg()) || !f6842d.equals(signature.getHashId())) {
            i.b(f6839a, "cipherTextAu: only support sigAlg=HMAC,hashId=SHA256. sigAlg=" + signature.getSignAlg() + ",hashId=" + signature.getHashId());
            throw new AuthenticationException("cipher text auth fail,only support sigAlg=HMAC,hashId=SHA256.");
        }
        if (signature.getSignedContent() == null) {
            throw new AuthenticationException("cipher text auth fail,signature not contains signed content data.");
        }
        String keyType = pack.getHeader().getKeyType();
        keyType.hashCode();
        if (!keyType.equals("SessionKey")) {
            if (keyType.equals("WB")) {
                if (WbkitAndr.verify(lVar.a().a(), lVar.a().c(), Base64.decode(signature.getSignedContent(), 2), a10, lVar.a().b().getWbId(), lVar.a().b().getWbKeyId(), lVar.a().b().getWbVersion()) == 0) {
                    return;
                }
                i.b(f6839a, "cipherTextAuth: signature authentication failed.");
                throw new AuthenticationException("cipher text auth fail,signature authentication failed.");
            }
            throw new IllegalStateException("Should not take place always,Unexpected value: " + lVar.c());
        }
        if (!pack.getHeader().getKeyType().equals(lVar.c())) {
            i.c(f6839a, "cipherTextAuth: keyType not match. header key type:" + pack.getHeader().getKeyType() + ",secKitClient key type:" + lVar.c());
        }
        String nonce = pack.getHeader().getNonce();
        if (TextUtils.isEmpty(nonce)) {
            i.b(f6839a, "cipherTextAuth: nonce:" + pack.getHeader().getNonce());
            throw new AuthenticationException("cipher text auth fail,header of pack not contains nonce content.always should not take place.");
        }
        try {
            Omkms3.NonceClass nonceClass = (Omkms3.NonceClass) com.heytap.omas.a.e.h.a(nonce, Omkms3.NonceClass.class);
            if (TextUtils.isEmpty(nonceClass.getEncryptedDekJsonString())) {
                i.b(f6839a, "cipherTextAuth: encryptedDek:" + nonceClass.getEncryptedDekJsonString());
                throw new AuthenticationException("cipher text auth fail,header of pack not contains encryptedDek content.always should not take place.");
            }
            byte[] a11 = com.heytap.omas.a.e.c.a(pack.getHeaderString().getBytes(), pack.getPayloadString().getBytes());
            byte[] a12 = bVar.a();
            if (a12 == null || a12.length == 0) {
                throw new AuthenticationException("internal error,not found local kek,always should not take place.");
            }
            if (TextUtils.isEmpty(nonceClass.getEncryptedMkJsonString())) {
                i.b(f6839a, "cipherTextAuth: encryptedMk:" + nonceClass.getEncryptedMkJsonString());
                throw new AuthenticationException("cipher text auth fail,header of pack not contains encryptedMk content.always should not take place.");
            }
            byte[] a13 = com.heytap.omas.a.c.a.a(lVar.a().b()).a(nonceClass.getEncryptedMk(), a12);
            if (a13 == null || a13.length == 0) {
                throw new AuthenticationException("cipher text invalid,cannot decrypt encrypted mk.");
            }
            if (!f.a(a11, a13, signature)) {
                throw new AuthenticationException("data signature verify fail,cipherText invalid.");
            }
        } catch (JsonSyntaxException e10) {
            i.b(f6839a, "cipherTextAuth: nonce illegal," + e10);
            throw new AuthenticationException("cipher text auth fail,nonce of header invalid,always should not take place.");
        }
    }

    public static boolean a(Context context, long j10, long j11) {
        String str;
        if (context == null) {
            throw new IllegalArgumentException("checkSessionKeyTimeValid: context cannot be null.");
        }
        long a10 = m.a().a(context);
        long b6 = n.b() + a10;
        long j12 = m.f6953d;
        if (a10 == j12 || j10 == j12 || j11 == j12 || j10 >= j11) {
            str = "timeStampAuth,parameters invalid.";
        } else {
            if (b6 >= j10 && 10 + b6 <= j11) {
                return true;
            }
            str = "timeStampAuth,time not between begin time with end time.calibratedTime:" + b6 + ",sessionKeyBeginTime:" + j10 + ",sessionKeyEndTime:" + j11;
        }
        i.b(f6839a, str);
        return false;
    }

    private static boolean a(h hVar, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        String str;
        if (hVar == null) {
            str = "appNameAuth: parameter invalid,initParamSpec cannot be null.";
        } else {
            if (bArr == null || bArr.length == 0) {
                i.b(f6839a, "appNameAuth: parameter invalid,secretKey cannot be null or length == 0.");
                return false;
            }
            if (bArr2 == null || bArr2.length == 0) {
                i.b(f6839a, "appNameAuth: parameter invalid,secretKey cannot be null or length == 0.");
                return false;
            }
            if (bArr3 == null) {
                i.c(f6839a, "appNameAuth: pkgInfo not specify.");
            }
            byte[] appid = WbkitAndr.getAppid(bArr2, bArr3, hVar.getWbId(), hVar.getWbVersion());
            if (appid == null) {
                str = "appNameAuth: auth fail. cannot getAppName.";
            } else {
                if (Arrays.equals(appid, hVar.getAppName())) {
                    return true;
                }
                Arrays.toString(appid);
                Arrays.toString(hVar.getAppName());
                str = "appNameAuth,auth fail.";
            }
        }
        i.b(f6839a, str);
        return false;
    }

    private static byte[] a(h hVar) {
        String str;
        if (hVar == null) {
            str = "appNameAuth: parameter invalid,initParamSpec cannot be null.";
        } else {
            byte[] sk2 = WbkitAndr.getSk(hVar.getAccessKey(), hVar.getWbId(), hVar.getWbVersion());
            if (sk2 != null && sk2.length != 0) {
                return sk2;
            }
            str = "accessKeyAuth: accessKey auth fail.";
        }
        i.b(f6839a, str);
        return null;
    }

    @Nullable
    private static byte[] b(Context context, h hVar) {
        if (context == null || hVar == null) {
            i.c(f6839a, "genPkgInfo: Parameters invalid.");
            return null;
        }
        String packageName = context.getPackageName();
        return (packageName + "^" + com.heytap.omas.a.e.b.b(context, packageName)).getBytes();
    }
}
