package com.heytap.omas.a.c;

import android.content.Context;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import androidx.annotation.NonNull;
import com.google.gson.JsonSyntaxException;
import com.heytap.omas.a.e.h;
import com.heytap.omas.a.e.i;
import com.heytap.omas.a.e.l;
import com.heytap.omas.omkms.exception.AuthenticationException;
import com.heytap.omas.proto.Omkms3;
import com.heytap.omas.wb.WbkitAndr;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes20.dex */
public class f {
    private static final String a = "SignatureUtil";
    private static final String b = "HMAC";
    private static final String c = "SHA256";
    private static final String d = "WB";
    private static final String e = "SessionKey";
    private static final String f = "HmacSHA256";
    private static final int g = 0;

    public static Omkms3.CMSSignedData a(com.heytap.omas.omkms.data.d dVar, byte[] bArr) {
        if (dVar != null && bArr != null && bArr.length != 0) {
            byte[] signature = WbkitAndr.signature(dVar.b(), dVar.d(), bArr, dVar.c().getWbId(), dVar.c().getWbKeyId(), dVar.c().getWbVersion());
            if (signature != null && signature.length != 0) {
                return Omkms3.CMSSignedData.newBuilder().setHashId("SHA256").setSignedContent(Base64.encodeToString(signature, 2)).setSignAlg(b).build();
            }
            i.h(a, "commProtoCmsWbSign:  WbkitAndr.signature return null.that indicate user'info auth fail.");
        }
        return null;
    }

    public static Omkms3.CMSSignedData b(byte[] bArr, byte[] bArr2) {
        if (bArr == null || bArr2 == null) {
            String str = "commProtoCmsSign: Parameters invalid,any of parameters must not be null.detail:data:" + bArr + ",signKey:" + bArr2;
            return null;
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, f);
            Mac mac = Mac.getInstance(f);
            mac.init(secretKeySpec);
            Omkms3.CMSSignedData build = Omkms3.CMSSignedData.newBuilder().setHashId("SHA256").setSignedContent(Base64.encodeToString(mac.doFinal(bArr), 2)).setSignAlg(b).build();
            String str2 = "commProtoCmsSign: " + build.toString();
            return build;
        } catch (Exception e2) {
            i.h(a, "commProtoCmsSign: Mac exception:" + e2.getMessage());
            return null;
        }
    }

    public static Omkms3.CMSSignedData c(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        if (bArr == null || bArr2 == null || bArr3 == null) {
            String str = "Parameters invalid,any of parameters must not be null.detail:header:" + bArr + ",payload:" + bArr2 + ",signKey:" + bArr3;
            throw new IllegalArgumentException("Parameters invalid.");
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr3, f);
            Mac mac = Mac.getInstance(f);
            mac.init(secretKeySpec);
            return Omkms3.CMSSignedData.newBuilder().setHashId("SHA256").setSignedContent(Base64.encodeToString(mac.doFinal(com.heytap.omas.a.e.c.a(bArr, bArr2)), 2)).setSignAlg(b).build();
        } catch (InvalidKeyException | NoSuchAlgorithmException e2) {
            i.h(a, "commProtoCmsSign: Mac exception:" + e2);
            return null;
        }
    }

    private static String d(Context context, com.heytap.omas.omkms.data.d dVar, byte[] bArr) {
        if (dVar != null && bArr != null && bArr.length != 0) {
            byte[] signature = WbkitAndr.signature(dVar.b(), dVar.d(), bArr, dVar.c().getWbId(), dVar.c().getWbKeyId(), dVar.c().getWbVersion());
            if (signature != null && signature.length != 0) {
                return h.b(Omkms3.Pack.newBuilder().setSignature(h.b(Omkms3.CMSSignedData.newBuilder().setHashId("SHA256").setSignedContent(Base64.encodeToString(signature, 2)).setSignAlg(b).build(), Omkms3.CMSSignedData.class)).setHeader(h.b(com.heytap.omas.omkms.feature.e.f(dVar, l.c().a(context)), Omkms3.Header.class)).build(), Omkms3.Pack.class);
            }
            i.h(a, "commProtoCmsWbSign:  WbkitAndr.signature return null.that indicate user'info auth fail.");
        }
        return null;
    }

    public static String e(Context context, com.heytap.omas.omkms.data.l lVar, byte[] bArr, @NonNull com.heytap.omas.omkms.feature.b bVar) throws AuthenticationException {
        if (context == null || lVar == null || bArr == null || bVar == null) {
            throw new IllegalArgumentException("Parameters invalid.");
        }
        String c2 = lVar.c();
        char c3 = 65535;
        int hashCode = c2.hashCode();
        if (hashCode != -639668215) {
            if (hashCode == 2763 && c2.equals("WB")) {
                c3 = 0;
            }
        } else if (c2.equals("SessionKey")) {
            c3 = 1;
        }
        if (c3 == 0) {
            i.h(a, "businessMacSign: case:WB");
            return d(context, lVar.a(), bArr);
        }
        if (c3 == 1) {
            i.h(a, "businessMacSign: case:SessionKey");
            return k(context, lVar, bArr, bVar);
        }
        throw new IllegalStateException("Unexpected value: " + lVar.c());
    }

    public static boolean f(Context context, com.heytap.omas.omkms.data.l lVar, String str, byte[] bArr, com.heytap.omas.omkms.feature.b bVar) throws AuthenticationException {
        if (context == null || lVar == null) {
            throw new IllegalArgumentException("Parameters invalid.");
        }
        if (TextUtils.isEmpty(str)) {
            throw new IllegalArgumentException("Parameters invalid,macSignedData cannot be null or empty.");
        }
        try {
            Omkms3.Pack pack = (Omkms3.Pack) h.a(str, Omkms3.Pack.class);
            Omkms3.Header header = pack.getHeader();
            Omkms3.CMSSignedData signature = pack.getSignature();
            if (header == null) {
                throw new AuthenticationException("Parameters invalid.macSignedData not contains header content.");
            }
            if (signature == null) {
                throw new AuthenticationException("Parameters invalid.macSignedData not contains signature content.");
            }
            if (!"SHA256".equals(signature.getHashId())) {
                throw new AuthenticationException("Not support this hashId:" + signature.getHashId());
            }
            if (!b.equals(signature.getSignAlg())) {
                throw new AuthenticationException("Not support this algorithm:" + signature.getSignAlg());
            }
            if (!lVar.c().equals(header.getKeyType())) {
                i.j(a, "Key type not mach,type of init is:" + lVar.c() + ",while key type of cmsMacSignedData is:" + header.getKeyType());
            }
            if (TextUtils.isEmpty(signature.getSignedContent())) {
                throw new AuthenticationException("signed content cannot be null or empty,signed data invalid.");
            }
            String keyType = header.getKeyType();
            char c2 = 65535;
            int hashCode = keyType.hashCode();
            if (hashCode != -639668215) {
                if (hashCode == 2763 && keyType.equals("WB")) {
                    c2 = 0;
                }
            } else if (keyType.equals("SessionKey")) {
                c2 = 1;
            }
            if (c2 == 0) {
                return h(lVar.a(), Base64.decode(signature.getSignedContent().getBytes(), 2), bArr);
            }
            if (c2 != 1) {
                throw new IllegalStateException("Unexpected value: " + lVar.c());
            }
            byte[] a2 = bVar.a();
            if (a2 == null || a2.length == 0) {
                i.h(a, "businessDataDecrypt: fatal error,cannot found local kek,always should not take place.");
                throw new AuthenticationException("businessDataDecrypt: fatal error,cannot found local kek, always should not take place.");
            }
            if (TextUtils.isEmpty(header.getNonce())) {
                i.h(a, "businessMacVerify: nonce of header cannot be null or empty, signed data invalid.");
                throw new AuthenticationException("nonce of header cannot be null or empty, signed data invalid.");
            }
            Omkms3.NonceClass nonceClass = (Omkms3.NonceClass) h.a(header.getNonce(), Omkms3.NonceClass.class);
            if (TextUtils.isEmpty(nonceClass.getEncryptedMkJsonString())) {
                i.h(a, "businessMacVerify: nonce of header not contain encryptedMk, signed data invalid.");
                throw new AuthenticationException("businessMacVerify: nonce of header not contain encryptedMk, signed data invalid.");
            }
            byte[] a3 = a.b(lVar.a().c()).a(nonceClass.getEncryptedMk(), a2);
            if (a3 != null && a3.length != 0) {
                return i(lVar, Base64.decode(signature.getSignedContent(), 2), bArr, a3);
            }
            i.h(a, "businessMacVerify: encrypted mk decrypt fail,always should not take place.");
            throw new AuthenticationException("businessMacVerify: encrypted mk decrypt fail,always should not take place.");
        } catch (JsonSyntaxException e2) {
            i.h(a, "businessMacVerify: I" + e2);
            throw new AuthenticationException("CmsMacSignedData invalid.");
        }
    }

    public static boolean g(com.heytap.omas.omkms.data.d dVar, byte[] bArr, Omkms3.CMSSignedData cMSSignedData) {
        StringBuilder sb;
        String sb2;
        String hashId;
        if (dVar == null) {
            sb2 = "commProtoCmsWbVerify: Parameters invalid.initParamData:" + dVar;
        } else {
            if (bArr == null || bArr.length == 0) {
                sb = new StringBuilder();
                sb.append("commProtoCmsWbVerify: Parameters invalid.srcData:");
                sb.append(bArr);
            } else if (cMSSignedData == null) {
                sb2 = "commProtoCmsWbVerify: Parameters invalid.cmsSignedData:null";
            } else {
                if (!b.equals(cMSSignedData.getSignAlg())) {
                    sb = new StringBuilder();
                    sb.append("commProtoCmsWbVerify: Parameters invalid,Signature'signAlg not match ,cmsSignedData'signAlg:");
                    hashId = cMSSignedData.getSignAlg();
                } else if (!"SHA256".equals(cMSSignedData.getHashId())) {
                    sb = new StringBuilder();
                    sb.append("commProtoCmsWbVerify: Parameters invalid,Signature'hashId not match ,cmsSignedData'hashId:");
                    hashId = cMSSignedData.getHashId();
                } else if (cMSSignedData.getSignedContent() == null || cMSSignedData.getSignedContent().getBytes().length == 0) {
                    sb2 = "commProtoCmsWbVerify: Server data error,cmsSignedData'Content must not be null or length ==0 ";
                } else {
                    if (WbkitAndr.verify(dVar.b(), dVar.d(), Base64.decode(cMSSignedData.getSignedContent(), 2), bArr, dVar.c().getWbId(), dVar.c().getWbKeyId(), dVar.c().getWbVersion()) == 0) {
                        return true;
                    }
                    sb2 = "commProtoCmsWbVerify: fail.";
                }
                sb.append(hashId);
            }
            sb2 = sb.toString();
        }
        i.h(a, sb2);
        return false;
    }

    private static boolean h(com.heytap.omas.omkms.data.d dVar, byte[] bArr, byte[] bArr2) {
        if (dVar == null) {
            i.h(a, "businessWbMacVerify: Parameters invalid,initParamData must not be null.");
            throw new IllegalArgumentException("Parameters invalid,initParamData must not be null.");
        }
        if (bArr == null || bArr.length == 0) {
            i.h(a, "businessWbMacVerify: Parameters invalid,omasMacSignedData must not be null or length == 0");
            throw new IllegalArgumentException("Parameters invalid,omasMacSignedData cannot be null.");
        }
        if (bArr2 == null || bArr2.length == 0) {
            throw new IllegalArgumentException("Parameters invalid,data cannot be null.");
        }
        int verify = WbkitAndr.verify(dVar.b(), dVar.d(), bArr, bArr2, dVar.c().getWbId(), dVar.c().getWbKeyId(), dVar.c().getWbVersion());
        if (verify == 0) {
            return true;
        }
        i.h(a, "businessWbMacVerify: fail. ret:" + verify);
        return false;
    }

    private static boolean i(com.heytap.omas.omkms.data.l lVar, byte[] bArr, byte[] bArr2, byte[] bArr3) throws AuthenticationException {
        String str;
        if (lVar == null || lVar.a() == null) {
            throw new AuthenticationException("userInitInfo or InitParamData must not be null");
        }
        if (lVar.a().c() == null) {
            return false;
        }
        if (bArr2 == null || bArr2.length == 0) {
            str = "businessSessionKeyMacVerify: Parameters invalid,metaContentData must not be null or length == 0";
        } else {
            try {
                Mac mac = Mac.getInstance(f);
                mac.init(new SecretKeySpec(bArr3, f));
                return Arrays.equals(mac.doFinal(bArr2), bArr);
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
                str = "businessSessionKeyMacSign: all ways should not log out here.";
            }
        }
        i.h(a, str);
        return false;
    }

    public static boolean j(byte[] bArr, byte[] bArr2, Omkms3.CMSSignedData cMSSignedData) {
        String str;
        if (bArr == null || bArr2 == null) {
            str = "commProtoCmsVerify: Parameters invalid.data:" + bArr + ",signKey:" + bArr2;
        } else {
            try {
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, f);
                Mac mac = Mac.getInstance(f);
                mac.init(secretKeySpec);
                if (Arrays.equals(Base64.decode(cMSSignedData.getSignedContent(), 2), mac.doFinal(bArr))) {
                    return true;
                }
                i.h(a, "commProtoCmsVerify: unSuccessful.");
                return false;
            } catch (InvalidKeyException | NoSuchAlgorithmException e2) {
                str = "commProtoCmsVerify: Mac Exception:" + e2.getMessage();
            }
        }
        i.h(a, str);
        return false;
    }

    private static String k(Context context, com.heytap.omas.omkms.data.l lVar, byte[] bArr, com.heytap.omas.omkms.feature.b bVar) throws AuthenticationException {
        if (lVar == null || lVar.a() == null) {
            throw new AuthenticationException("userInitInfo must not be null");
        }
        if (bArr == null || bArr.length == 0) {
            throw new AuthenticationException("data cannot be null or empty.");
        }
        if (bVar == null) {
            i.h(a, "ticketManager cannot be null or empty.");
            return null;
        }
        Omkms3.ServiceSessionInfo b2 = lVar.b();
        if (b2 == null) {
            Log.e(a, "businessSessionKeyMacSign: serviceSessionInfo is null,should not take place always.");
            return null;
        }
        try {
            byte[] a2 = bVar.a();
            Omkms3.CMSEncryptedData d2 = a.b(lVar.a().c()).d(Base64.decode(lVar.b().getDek(), 2), a2);
            Omkms3.CMSEncryptedData d3 = a.b(lVar.a().c()).d(Base64.decode(lVar.b().getMk(), 2), a2);
            if (d2 != null && d3 != null) {
                String b3 = h.b(d2, Omkms3.CMSEncryptedData.class);
                String b4 = h.b(Omkms3.NonceClass.newBuilder().setEncryptedDekString(b3).setEncryptedMkString(h.b(d3, Omkms3.CMSEncryptedData.class)).build(), Omkms3.NonceClass.class);
                Mac mac = Mac.getInstance(f);
                mac.init(new SecretKeySpec(Base64.decode(b2.getMk(), 2), f));
                return h.b(Omkms3.Pack.newBuilder().setSignature(h.b(Omkms3.CMSSignedData.newBuilder().setHashId("SHA256").setSignedContent(Base64.encodeToString(mac.doFinal(bArr), 2)).setSignAlg(b).build(), Omkms3.CMSSignedData.class)).setHeader(h.b(com.heytap.omas.omkms.feature.e.e(context, lVar.a(), b2.getTicket(), b4), Omkms3.Header.class)).build(), Omkms3.Pack.class);
            }
            i.h(a, "sessionEncrypt: commProtoCmsEncrypt return null,slways shopuld not take place.");
            return null;
        } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
            i.h(a, "businessSessionKeyMacSign: all ways should not log out here.");
            return null;
        }
    }
}
