package com.heytap.omas.omkms.feature;

import android.content.Context;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.google.gson.JsonSyntaxException;
import com.heytap.omas.a.e.i;
import com.heytap.omas.a.e.m;
import com.heytap.omas.a.e.n;
import com.heytap.omas.omkms.data.j;
import com.heytap.omas.omkms.exception.AuthenticationException;
import com.heytap.omas.omkms.exception.NetIOException;
import com.heytap.omas.omkms.network.response.d;
import com.heytap.omas.omkms.security.CertException;
import com.heytap.omas.proto.Omkms3;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;

/* loaded from: classes5.dex */
public class f implements com.heytap.omas.omkms.feature.b {

    /* renamed from: a, reason: collision with root package name */
    private static final String f7098a = "SessionTicketManagerCertAuthModeImp";

    /* renamed from: b, reason: collision with root package name */
    private static final byte[] f7099b = new byte[32];

    /* renamed from: c, reason: collision with root package name */
    private final SessionTicketLoader f7100c;

    /* loaded from: classes5.dex */
    public class b {

        /* renamed from: a, reason: collision with root package name */
        private static final String f7101a = "cert_from_local_android_key_store";

        /* renamed from: b, reason: collision with root package name */
        private static final String f7102b = "cert_from_get_from_server";

        /* renamed from: c, reason: collision with root package name */
        private int f7103c;

        /* renamed from: d, reason: collision with root package name */
        private String f7104d;

        /* renamed from: e, reason: collision with root package name */
        private String f7105e;

        private b(int i10, @Nullable String str, @Nullable String str2) {
            this.f7103c = 0;
            this.f7104d = f7101a;
            if (i10 == 0 && (str == null || str2 == null)) {
                throw new IllegalArgumentException("certFromType or trustLeafCert must not be null while code:0");
            }
            this.f7103c = i10;
            this.f7105e = str2;
            this.f7104d = str;
        }
    }

    /* loaded from: classes5.dex */
    public static class c {

        /* renamed from: a, reason: collision with root package name */
        private static final f f7107a = new f();

        private c() {
        }
    }

    private f() {
        this.f7100c = new SessionTicketLoader();
        new SecureRandom().nextBytes(f7099b);
    }

    @NonNull
    private j a(Context context, Omkms3.KmsSessionInfo kmsSessionInfo, com.heytap.omas.omkms.data.d dVar) throws AuthenticationException {
        if (context == null || kmsSessionInfo == null || dVar == null) {
            i.b(f7098a, "updateServiceSessionTicket: parameters invalid.");
            throw new IllegalArgumentException("parameters invalid");
        }
        try {
            com.heytap.omas.omkms.network.response.d a10 = a(context, dVar, kmsSessionInfo);
            if (a10.getCode() == 0) {
                Omkms3.ResGetServiceTicket resGetServiceTicket = (Omkms3.ResGetServiceTicket) com.heytap.omas.a.e.h.a(a10.getMetaResponse(), Omkms3.ResGetServiceTicket.class);
                if (this.f7100c.saveServiceSessionTicketInfo(context, dVar.b(), Omkms3.ServiceSessionInfo.newBuilder().setMk(resGetServiceTicket.getMk()).setDek(resGetServiceTicket.getDek()).setBeginTime(resGetServiceTicket.getBeginTime()).setEndTime(resGetServiceTicket.getEndTime()).setHeader(a10.getHeader()).setUserInitInfo(com.heytap.omas.a.e.g.a(dVar.b())).setTicket(resGetServiceTicket.getTicket()).build()) == null) {
                    return j.d().a(dVar.b()).a(1003).a();
                }
            } else {
                i.b(f7098a, "updateServiceSessionTicket: fail,code:" + a10.getCode());
            }
            return j.d().a(dVar.b()).a(a10.getCode()).a();
        } catch (JsonSyntaxException e10) {
            i.b(f7098a, "updateServiceSessionTicket: InvalidProtocolBufferException:" + e10);
            return j.d().a(dVar.b()).a(1001).a();
        }
    }

    @NonNull
    private j a(@NonNull com.heytap.omas.omkms.data.h hVar, @NonNull int i10, @Nullable Exception exc) {
        j a10 = j.d().a(hVar).a(i10).a(exc).a();
        a10.toString();
        return a10;
    }

    private com.heytap.omas.omkms.network.response.d a(Context context, com.heytap.omas.omkms.data.d dVar, Omkms3.KmsSessionInfo kmsSessionInfo) throws AuthenticationException {
        d.b a10;
        int i10;
        if (context == null) {
            throw new IllegalArgumentException("applyServiceSessionTicket: context cannot be null.");
        }
        if (dVar == null || dVar.b() == null || kmsSessionInfo == null) {
            throw new IllegalArgumentException("applyServiceSessionTicket: parameters invalid.");
        }
        try {
            com.heytap.omas.omkms.network.response.d b6 = e.b(context, kmsSessionInfo.getTicket(), dVar, Base64.decode(kmsSessionInfo.getDek(), 2), Base64.decode(kmsSessionInfo.getMk(), 2));
            if (7 == b6.getCode()) {
                i.c(f7098a, "applyServiceSessionTicket: request time expired,try sync kms3.0 server time now.");
                j f10 = f(context, dVar);
                if (f10.a() != 0) {
                    i.b(f7098a, "applyServiceSessionTicket: request expired,synServiceTime fail,code:" + f10.a());
                    return com.heytap.omas.omkms.network.response.d.a().a(f10.a()).a();
                }
                i.c(f7098a, "applyServiceSessionTicket: request expired,synServiceTime ok, try apply service session ticket again now.");
                b6 = e.b(context, kmsSessionInfo.getTicket(), dVar, Base64.decode(kmsSessionInfo.getDek(), 2), Base64.decode(kmsSessionInfo.getMk(), 2));
            }
            if (6 != b6.getCode()) {
                return b6;
            }
            com.heytap.omas.omkms.network.response.c c10 = c(context, dVar);
            if (c10.getCode() != 0) {
                i.b(f7098a, "applyServiceSessionTicket: kms ticket time expired,then update it,fail,cannot init client.");
                return com.heytap.omas.omkms.network.response.d.a().a(c10.getCode()).a();
            }
            Omkms3.ResGetKMSTicket resGetKMSTicket = (Omkms3.ResGetKMSTicket) com.heytap.omas.a.e.h.a(c10.getMetaResponse(), Omkms3.ResGetKMSTicket.class);
            Omkms3.KmsSessionInfo build = Omkms3.KmsSessionInfo.newBuilder().setMk(resGetKMSTicket.getMk()).setDek(resGetKMSTicket.getDek()).setBeginTime(resGetKMSTicket.getBeginTime()).setEndTime(resGetKMSTicket.getEndTime()).setHeader(c10.getHeader()).setTicket(resGetKMSTicket.getTicket()).setUserInitInfo(com.heytap.omas.a.e.g.a(dVar.b())).build();
            if (this.f7100c.saveKmsSessionTicketInfo(context, dVar.b(), build) == null) {
                return com.heytap.omas.omkms.network.response.d.a().a(1002).a();
            }
            i.c(f7098a, "applyServiceSessionTicket: kms session ticket time expired,then update it,success.");
            return e.a(context, build.getTicket(), dVar, Base64.decode(build.getDek(), 2), Base64.decode(build.getMk(), 2));
        } catch (JsonSyntaxException e10) {
            i.b(f7098a, "applyServiceSessionTicket: " + e10);
            a10 = com.heytap.omas.omkms.network.response.d.a();
            i10 = 1001;
            return a10.a(i10).a();
        } catch (NetIOException e11) {
            i.b(f7098a, "applyServiceSessionTicket: " + e11);
            a10 = com.heytap.omas.omkms.network.response.d.a();
            i10 = 1008;
            return a10.a(i10).a();
        }
    }

    private boolean a(Context context, com.heytap.omas.omkms.data.h hVar, Omkms3.KmsSessionInfo kmsSessionInfo) {
        m a10 = m.a();
        long beginTime = kmsSessionInfo.getBeginTime();
        long endTime = kmsSessionInfo.getEndTime();
        long a11 = a10.a(context);
        long b6 = n.b();
        if (beginTime < 0 || endTime < 0 || beginTime >= endTime) {
            i.b(f7098a, "checkTimeValidate: parameter invalid.server bug here.");
            return false;
        }
        long j10 = b6 + a11;
        return j10 >= beginTime && j10 + 10 <= endTime;
    }

    private boolean a(Context context, com.heytap.omas.omkms.data.h hVar, Omkms3.ServiceSessionInfo serviceSessionInfo) {
        m a10 = m.a();
        long beginTime = serviceSessionInfo.getBeginTime();
        long endTime = serviceSessionInfo.getEndTime();
        long a11 = a10.a(context);
        long b6 = n.b();
        if (beginTime < 0 || endTime < 0 || beginTime >= endTime) {
            i.b(f7098a, "checkTimeValidate: parameter invalid.server bug here.");
            return false;
        }
        long j10 = b6 + a11;
        return j10 >= beginTime && j10 + 10 <= endTime;
    }

    public static f b() {
        return c.f7107a;
    }

    @Nullable
    private Omkms3.KmsSessionInfo b(Context context, com.heytap.omas.omkms.data.h hVar) {
        String str;
        Omkms3.KmsSessionInfo loadKmsSessionTicketInfo = this.f7100c.loadKmsSessionTicketInfo(context, hVar);
        if (loadKmsSessionTicketInfo == null) {
            str = "checkKmsSessionTicket: loadServiceSessionKey return null.";
        } else {
            if (a(context, hVar, loadKmsSessionTicketInfo)) {
                return loadKmsSessionTicketInfo;
            }
            str = "checkKmsSessionTicket: checkTimeValidate ,invalid.";
        }
        i.b(f7098a, str);
        return null;
    }

    @NonNull
    private com.heytap.omas.omkms.network.response.c c(@NonNull Context context, @NonNull com.heytap.omas.omkms.data.d dVar) throws AuthenticationException {
        if (context == null || dVar == null) {
            throw new IllegalArgumentException("applyKmsSessionTicket:Parameters invalid.");
        }
        try {
            b e10 = e(context, dVar);
            if (e10.f7103c != 0) {
                i.b(f7098a, "applyKmsSessionTicket: get trust cert fail,code:" + e10.f7103c);
                return com.heytap.omas.omkms.network.response.c.a().a(e10.f7103c).a();
            }
            com.heytap.omas.omkms.network.response.c c10 = e.c(context, dVar, e10.f7105e);
            if (19 == c10.getCode() || (201099 == c10.getCode() && "cert_from_local_android_key_store".equals(e10.f7104d))) {
                com.heytap.omas.a.d.b.b(context, dVar.b());
                e10 = e(context, dVar);
                if (e10.f7103c != 0) {
                    i.b(f7098a, "applyKmsSessionTicket: server envelop decrypt fail && cert_from_type:" + e10.f7104d + ",and get cert from server fail,code:" + e10.f7103c);
                    return com.heytap.omas.omkms.network.response.c.a().a(e10.f7103c).a();
                }
                c10 = e.c(context, dVar, e10.f7105e);
                i.c(f7098a, "applyKmsSessionTicket: server envelop decrypt fail && cert_from_type:" + e10.f7104d + ",and getKmsTicketByCert again,code:" + e10.f7103c);
            }
            int code = c10.getCode();
            if (code == 0) {
                return c10;
            }
            if (code != 7) {
                i.b(f7098a, "applyKmsSessionTicket: fail,code:" + c10.getCode());
                return com.heytap.omas.omkms.network.response.c.a().a(c10.getCode()).a();
            }
            j f10 = f(context, dVar);
            if (f10.a() != 0) {
                i.b(f7098a, "applyKmsSessionTicket: request time expired,and then sync device local time with kms3.0 server system time fail.");
                return com.heytap.omas.omkms.network.response.c.a().a(f10.a()).a();
            }
            i.c(f7098a, "applyKmsSessionTicket: request time expired,and then sync device local time with kms3.0 server system time success.");
            com.heytap.omas.omkms.network.response.c c11 = e.c(context, dVar, e10.f7105e);
            if (c11.getCode() != 0) {
                i.b(f7098a, "applyKmsSessionTicket: request time expired,and then sync device local time with kms3.0 server system time ,and then get kms ticket by cert fail.");
            }
            return c11;
        } catch (NetIOException e11) {
            i.b(f7098a, "applyKmsSessionTicket: " + e11);
            return com.heytap.omas.omkms.network.response.c.a().a(1008).a();
        }
    }

    @Nullable
    private Omkms3.ServiceSessionInfo c(Context context, com.heytap.omas.omkms.data.h hVar) {
        String str;
        Omkms3.ServiceSessionInfo loadServiceSessionTicketInfo = this.f7100c.loadServiceSessionTicketInfo(context, hVar);
        if (loadServiceSessionTicketInfo == null) {
            str = "checkServiceSessionTicket: loadServiceSessionKey return null.";
        } else {
            if (a(context, hVar, loadServiceSessionTicketInfo)) {
                return loadServiceSessionTicketInfo;
            }
            str = "checkServiceSessionTicket: checkTimeValidate ,invalid.";
        }
        i.b(f7098a, str);
        return null;
    }

    @NonNull
    private j d(Context context, com.heytap.omas.omkms.data.d dVar) throws AuthenticationException {
        try {
            j f10 = f(context, dVar);
            f10.toString();
            if (f10.a() != 0) {
                i.b(f7098a, "applySessionTicket: synKmsServerSystemTime fail,code:" + f10.a());
                return j.d().a(dVar.b()).a(f10.a()).a(f10.b()).a();
            }
            com.heytap.omas.omkms.network.response.c c10 = c(context, dVar);
            if (c10.getCode() != 0) {
                i.b(f7098a, "applySessionTicket: applyKmsSessionTicket,fail,code:" + c10.getCode());
                return j.d().a(dVar.b()).a(c10.getCode()).a();
            }
            Omkms3.ResGetKMSTicket resGetKMSTicket = (Omkms3.ResGetKMSTicket) com.heytap.omas.a.e.h.a(c10.getMetaResponse(), Omkms3.ResGetKMSTicket.class);
            Omkms3.KmsSessionInfo build = Omkms3.KmsSessionInfo.newBuilder().setMk(resGetKMSTicket.getMk()).setDek(resGetKMSTicket.getDek()).setBeginTime(resGetKMSTicket.getBeginTime()).setEndTime(resGetKMSTicket.getEndTime()).setHeader(c10.getHeader()).setTicket(resGetKMSTicket.getTicket()).setUserInitInfo(com.heytap.omas.a.e.g.a(dVar.b())).build();
            if (this.f7100c.saveKmsSessionTicketInfo(context, dVar.b(), build) == null) {
                return j.d().a(dVar.b()).a(1002).a();
            }
            i.c(f7098a, "applySessionTicket: kms session ticket has been successfully persisted.");
            com.heytap.omas.omkms.network.response.d a10 = a(context, dVar, build);
            if (a10.getCode() == 0) {
                Omkms3.ResGetServiceTicket resGetServiceTicket = (Omkms3.ResGetServiceTicket) com.heytap.omas.a.e.h.a(a10.getMetaResponse(), Omkms3.ResGetServiceTicket.class);
                return this.f7100c.saveServiceSessionTicketInfo(context, dVar.b(), Omkms3.ServiceSessionInfo.newBuilder().setMk(resGetServiceTicket.getMk()).setDek(resGetServiceTicket.getDek()).setBeginTime(resGetServiceTicket.getBeginTime()).setEndTime(resGetServiceTicket.getEndTime()).setHeader(a10.getHeader()).setUserInitInfo(com.heytap.omas.a.e.g.a(dVar.b())).setTicket(resGetServiceTicket.getTicket()).build()) == null ? j.d().a(dVar.b()).a(1003).a() : j.d().a(dVar.b()).a(0).a();
            }
            i.b(f7098a, "applySessionTicket: fail,code:" + a10.getCode());
            return j.d().a(dVar.b()).a(a10.getCode()).a();
        } catch (JsonSyntaxException e10) {
            i.b(f7098a, "applySessionTicket: " + e10);
            return j.d().a(dVar.b()).a(1001).a(e10).a();
        }
    }

    @NonNull
    private b e(Context context, com.heytap.omas.omkms.data.d dVar) throws AuthenticationException {
        if (context == null || dVar == null) {
            throw new IllegalArgumentException("Parameters invalid.");
        }
        try {
            List<X509Certificate> a10 = com.heytap.omas.a.d.b.a(context);
            List<String> a11 = com.heytap.omas.a.d.b.a(context, dVar.b());
            if (a11 != null && a11.size() != 0) {
                i.c(f7098a, "getTrustCert: found the local kms cert.");
                return new b(0, "cert_from_local_android_key_store", a11.get(0));
            }
            i.c(f7098a, "getTrustCert: not found the local kms cert chain.");
            com.heytap.omas.omkms.network.response.a a12 = e.a(context, dVar);
            if (a12.getCode() != 0) {
                i.b(f7098a, "getTrustCert: getKmsCerts,fail,code:" + a12.getCode());
                return new b(a12.getCode(), null, null);
            }
            Omkms3.ResGetKmsCerts resGetKmsCerts = (Omkms3.ResGetKmsCerts) com.heytap.omas.a.e.h.a(a12.getMetaResponse(), Omkms3.ResGetKmsCerts.class);
            List<String> kmsCertChain = resGetKmsCerts.getKmsCertChain();
            if (kmsCertChain != null && kmsCertChain.size() != 0) {
                ArrayList arrayList = new ArrayList();
                for (String str : kmsCertChain) {
                    X509Certificate a13 = com.heytap.omas.a.d.b.a(str);
                    kmsCertChain.indexOf(str);
                    arrayList.add(a13);
                }
                com.heytap.omas.a.d.b.a(context, a10, arrayList);
                if (com.heytap.omas.a.d.b.b(context, dVar.b(), arrayList) == null) {
                    i.b(f7098a, "getTrustCert: save cert chain fail,should not take place always.");
                    return new b(1004, null, null);
                }
                return new b(0, "cert_from_get_from_server", resGetKmsCerts.getKmsCertChain().get(0));
            }
            i.b(f7098a, "getTrustCert: Server internal error,certChain list is empty.");
            return new b(1013, null, null);
        } catch (JsonSyntaxException e10) {
            i.b(f7098a, "getTrustCert: " + e10);
            return new b(1001, null, null);
        } catch (NetIOException e11) {
            i.b(f7098a, "getTrustCert: " + e11);
            return new b(1008, null, null);
        } catch (CertException.CertChainException e12) {
            e = e12;
            i.b(f7098a, "getTrustCert: " + e);
            return new b(1013, null, null);
        } catch (CertException.CertChainVerifyException e13) {
            e = e13;
            i.b(f7098a, "getTrustCert: " + e);
            return new b(1013, null, null);
        } catch (CertException.LoadEccCertException e14) {
            i.b(f7098a, "getTrustCert: " + e14);
            return new b(1010, null, null);
        } catch (CertificateException e15) {
            e = e15;
            i.b(f7098a, "getTrustCert: " + e);
            return new b(1013, null, null);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:19:0x00f8 A[Catch: NetIOException -> 0x0162, JsonSyntaxException -> 0x0186, TryCatch #2 {JsonSyntaxException -> 0x0186, NetIOException -> 0x0162, blocks: (B:3:0x0002, B:5:0x000c, B:8:0x003d, B:10:0x0055, B:13:0x0060, B:17:0x00f2, B:19:0x00f8, B:21:0x0111, B:23:0x0130, B:25:0x014c, B:27:0x006f, B:30:0x0082, B:32:0x00bd), top: B:2:0x0002 }] */
    /* JADX WARN: Removed duplicated region for block: B:21:0x0111 A[Catch: NetIOException -> 0x0162, JsonSyntaxException -> 0x0186, TryCatch #2 {JsonSyntaxException -> 0x0186, NetIOException -> 0x0162, blocks: (B:3:0x0002, B:5:0x000c, B:8:0x003d, B:10:0x0055, B:13:0x0060, B:17:0x00f2, B:19:0x00f8, B:21:0x0111, B:23:0x0130, B:25:0x014c, B:27:0x006f, B:30:0x0082, B:32:0x00bd), top: B:2:0x0002 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private com.heytap.omas.omkms.data.j f(android.content.Context r11, com.heytap.omas.omkms.data.d r12) throws com.heytap.omas.omkms.exception.AuthenticationException {
        /*
            Method dump skipped, instructions count: 417
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.heytap.omas.omkms.feature.f.f(android.content.Context, com.heytap.omas.omkms.data.d):com.heytap.omas.omkms.data.j");
    }

    @Override // com.heytap.omas.omkms.feature.b
    @Nullable
    public Omkms3.ServiceSessionInfo a(Context context, com.heytap.omas.omkms.data.h hVar) {
        Omkms3.ServiceSessionInfo loadServiceSessionTicketInfo = this.f7100c.loadServiceSessionTicketInfo(context, hVar);
        if (loadServiceSessionTicketInfo == null) {
            i.b(f7098a, "getServiceSessionTicket: fail,not found serviceSessionInfo.");
        }
        return loadServiceSessionTicketInfo;
    }

    @Override // com.heytap.omas.omkms.feature.b
    public void a(Context context, com.heytap.omas.omkms.data.d dVar) {
        try {
            b(context, dVar);
        } catch (AuthenticationException unused) {
            i.b(f7098a, "initSessionTicketAsyncTask: should not take place always.");
        }
    }

    @Override // com.heytap.omas.omkms.feature.b
    public byte[] a() {
        return f7099b;
    }

    @Override // com.heytap.omas.omkms.feature.b
    @NonNull
    public j b(Context context, com.heytap.omas.omkms.data.d dVar) throws AuthenticationException {
        if (context == null) {
            throw new IllegalArgumentException("Context cannot be null.");
        }
        if (dVar == null || dVar.b() == null) {
            throw new IllegalArgumentException("Parameter invalid.");
        }
        if (c(context, dVar.b()) != null) {
            return a(dVar.b(), 0, (Exception) null);
        }
        Omkms3.KmsSessionInfo b6 = b(context, dVar.b());
        return b6 != null ? a(context, b6, dVar) : d(context, dVar);
    }
}
