package com.heytap.omas.omkms.feature;

import android.content.Context;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.google.gson.JsonSyntaxException;
import com.heytap.omas.a.e.i;
import com.heytap.omas.a.e.l;
import com.heytap.omas.a.e.m;
import com.heytap.omas.omkms.data.j;
import com.heytap.omas.omkms.exception.AuthenticationException;
import com.heytap.omas.omkms.exception.NetIOException;
import com.heytap.omas.omkms.network.response.d;
import com.heytap.omas.omkms.security.CertException;
import com.heytap.omas.proto.Omkms3;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;

/* loaded from: classes20.dex */
public class f implements com.heytap.omas.omkms.feature.b {
    private static final String b = "SessionTicketManagerCertAuthModeImp";
    private static final byte[] c = new byte[32];
    private final SessionTicketLoader a;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes20.dex */
    public class b {
        private static final String e = "cert_from_local_android_key_store";
        private static final String f = "cert_from_get_from_server";
        private int a;
        private String b;
        private String c;

        private b(int i, @Nullable String str, @Nullable String str2) {
            this.a = 0;
            this.b = e;
            if (i == 0 && (str == null || str2 == null)) {
                throw new IllegalArgumentException("certFromType or trustLeafCert must not be null while code:0");
            }
            this.a = i;
            this.c = str2;
            this.b = str;
        }
    }

    /* loaded from: classes20.dex */
    private static class c {
        private static final f a = new f();

        private c() {
        }
    }

    private f() {
        this.a = new SessionTicketLoader();
        new SecureRandom().nextBytes(c);
    }

    @NonNull
    private j d(Context context, Omkms3.KmsSessionInfo kmsSessionInfo, com.heytap.omas.omkms.data.d dVar) throws AuthenticationException {
        if (context == null || kmsSessionInfo == null || dVar == null) {
            i.h(b, "updateServiceSessionTicket: parameters invalid.");
            throw new IllegalArgumentException("parameters invalid");
        }
        try {
            com.heytap.omas.omkms.network.response.d f = f(context, dVar, kmsSessionInfo);
            if (f.getCode() == 0) {
                Omkms3.ResGetServiceTicket resGetServiceTicket = (Omkms3.ResGetServiceTicket) com.heytap.omas.a.e.h.a(f.getMetaResponse(), Omkms3.ResGetServiceTicket.class);
                if (this.a.saveServiceSessionTicketInfo(context, dVar.c(), Omkms3.ServiceSessionInfo.newBuilder().setMk(resGetServiceTicket.getMk()).setDek(resGetServiceTicket.getDek()).setBeginTime(resGetServiceTicket.getBeginTime()).setEndTime(resGetServiceTicket.getEndTime()).setHeader(f.getHeader()).setUserInitInfo(com.heytap.omas.a.e.g.a(dVar.c())).setTicket(resGetServiceTicket.getTicket()).build()) == null) {
                    return j.d().c(dVar.c()).b(1003).e();
                }
            } else {
                i.h(b, "updateServiceSessionTicket: fail,code:" + f.getCode());
            }
            return j.d().c(dVar.c()).b(f.getCode()).e();
        } catch (JsonSyntaxException e) {
            i.h(b, "updateServiceSessionTicket: InvalidProtocolBufferException:" + e);
            return j.d().c(dVar.c()).b(1001).e();
        }
    }

    @NonNull
    private j e(@NonNull com.heytap.omas.omkms.data.h hVar, @NonNull int i, @Nullable Exception exc) {
        j e = j.d().c(hVar).b(i).d(exc).e();
        e.toString();
        return e;
    }

    private com.heytap.omas.omkms.network.response.d f(Context context, com.heytap.omas.omkms.data.d dVar, Omkms3.KmsSessionInfo kmsSessionInfo) throws AuthenticationException {
        d.b a2;
        int i;
        if (context == null) {
            throw new IllegalArgumentException("applyServiceSessionTicket: context cannot be null.");
        }
        if (dVar == null || dVar.c() == null || kmsSessionInfo == null) {
            throw new IllegalArgumentException("applyServiceSessionTicket: parameters invalid.");
        }
        try {
            com.heytap.omas.omkms.network.response.d j = e.j(context, kmsSessionInfo.getTicket(), dVar, Base64.decode(kmsSessionInfo.getDek(), 2), Base64.decode(kmsSessionInfo.getMk(), 2));
            if (7 == j.getCode()) {
                i.j(b, "applyServiceSessionTicket: request time expired,try sync kms3.0 server time now.");
                j o = o(context, dVar);
                if (o.a() != 0) {
                    i.h(b, "applyServiceSessionTicket: request expired,synServiceTime fail,code:" + o.a());
                    return com.heytap.omas.omkms.network.response.d.a().a(o.a()).d();
                }
                i.j(b, "applyServiceSessionTicket: request expired,synServiceTime ok, try apply service session ticket again now.");
                j = e.j(context, kmsSessionInfo.getTicket(), dVar, Base64.decode(kmsSessionInfo.getDek(), 2), Base64.decode(kmsSessionInfo.getMk(), 2));
            }
            if (6 != j.getCode()) {
                return j;
            }
            com.heytap.omas.omkms.network.response.c k = k(context, dVar);
            if (k.getCode() != 0) {
                i.h(b, "applyServiceSessionTicket: kms ticket time expired,then update it,fail,cannot init client.");
                return com.heytap.omas.omkms.network.response.d.a().a(k.getCode()).d();
            }
            Omkms3.ResGetKMSTicket resGetKMSTicket = (Omkms3.ResGetKMSTicket) com.heytap.omas.a.e.h.a(k.getMetaResponse(), Omkms3.ResGetKMSTicket.class);
            Omkms3.KmsSessionInfo build = Omkms3.KmsSessionInfo.newBuilder().setMk(resGetKMSTicket.getMk()).setDek(resGetKMSTicket.getDek()).setBeginTime(resGetKMSTicket.getBeginTime()).setEndTime(resGetKMSTicket.getEndTime()).setHeader(k.getHeader()).setTicket(resGetKMSTicket.getTicket()).setUserInitInfo(com.heytap.omas.a.e.g.a(dVar.c())).build();
            if (this.a.saveKmsSessionTicketInfo(context, dVar.c(), build) == null) {
                return com.heytap.omas.omkms.network.response.d.a().a(1002).d();
            }
            i.j(b, "applyServiceSessionTicket: kms session ticket time expired,then update it,success.");
            return e.b(context, build.getTicket(), dVar, Base64.decode(build.getDek(), 2), Base64.decode(build.getMk(), 2));
        } catch (JsonSyntaxException e) {
            i.h(b, "applyServiceSessionTicket: " + e);
            a2 = com.heytap.omas.omkms.network.response.d.a();
            i = 1001;
            return a2.a(i).d();
        } catch (NetIOException e2) {
            i.h(b, "applyServiceSessionTicket: " + e2);
            a2 = com.heytap.omas.omkms.network.response.d.a();
            i = 1008;
            return a2.a(i).d();
        }
    }

    private boolean g(Context context, com.heytap.omas.omkms.data.h hVar, Omkms3.KmsSessionInfo kmsSessionInfo) {
        l c2 = l.c();
        long beginTime = kmsSessionInfo.getBeginTime();
        long endTime = kmsSessionInfo.getEndTime();
        long a2 = c2.a(context);
        long b2 = m.b();
        String str = "checkTimeValidate :beginTime=" + beginTime + ",endTime=" + endTime + ",diffTime=" + a2 + "localTime=" + b2;
        if (beginTime < 0 || endTime < 0 || beginTime >= endTime) {
            i.h(b, "checkTimeValidate: parameter invalid.server bug here.");
            return false;
        }
        long j = b2 + a2;
        return j >= beginTime && j + 10 <= endTime;
    }

    private boolean h(Context context, com.heytap.omas.omkms.data.h hVar, Omkms3.ServiceSessionInfo serviceSessionInfo) {
        l c2 = l.c();
        long beginTime = serviceSessionInfo.getBeginTime();
        long endTime = serviceSessionInfo.getEndTime();
        long a2 = c2.a(context);
        long b2 = m.b();
        String str = "checkTimeValidate :beginTime=" + beginTime + ",endTime=" + endTime + ",diffTime=" + a2 + "localTime=" + b2;
        if (beginTime < 0 || endTime < 0 || beginTime >= endTime) {
            i.h(b, "checkTimeValidate: parameter invalid.server bug here.");
            return false;
        }
        long j = b2 + a2;
        return j >= beginTime && j + 10 <= endTime;
    }

    public static f i() {
        return c.a;
    }

    @Nullable
    private Omkms3.KmsSessionInfo j(Context context, com.heytap.omas.omkms.data.h hVar) {
        String str;
        Omkms3.KmsSessionInfo loadKmsSessionTicketInfo = this.a.loadKmsSessionTicketInfo(context, hVar);
        if (loadKmsSessionTicketInfo == null) {
            str = "checkKmsSessionTicket: loadServiceSessionKey return null.";
        } else {
            if (g(context, hVar, loadKmsSessionTicketInfo)) {
                return loadKmsSessionTicketInfo;
            }
            str = "checkKmsSessionTicket: checkTimeValidate ,invalid.";
        }
        i.h(b, str);
        return null;
    }

    @NonNull
    private com.heytap.omas.omkms.network.response.c k(@NonNull Context context, @NonNull com.heytap.omas.omkms.data.d dVar) throws AuthenticationException {
        if (context == null || dVar == null) {
            throw new IllegalArgumentException("applyKmsSessionTicket:Parameters invalid.");
        }
        try {
            b n = n(context, dVar);
            if (n.a != 0) {
                i.h(b, "applyKmsSessionTicket: get trust cert fail,code:" + n.a);
                return com.heytap.omas.omkms.network.response.c.a().a(n.a).d();
            }
            com.heytap.omas.omkms.network.response.c l = e.l(context, dVar, n.c);
            if (19 == l.getCode() || (201099 == l.getCode() && "cert_from_local_android_key_store".equals(n.b))) {
                com.heytap.omas.a.d.b.h(context, dVar.c());
                n = n(context, dVar);
                if (n.a != 0) {
                    i.h(b, "applyKmsSessionTicket: server envelop decrypt fail && cert_from_type:" + n.b + ",and get cert from server fail,code:" + n.a);
                    return com.heytap.omas.omkms.network.response.c.a().a(n.a).d();
                }
                l = e.l(context, dVar, n.c);
                i.j(b, "applyKmsSessionTicket: server envelop decrypt fail && cert_from_type:" + n.b + ",and getKmsTicketByCert again,code:" + n.a);
            }
            int code = l.getCode();
            if (code == 0) {
                return l;
            }
            if (code != 7) {
                i.h(b, "applyKmsSessionTicket: fail,code:" + l.getCode());
                return com.heytap.omas.omkms.network.response.c.a().a(l.getCode()).d();
            }
            j o = o(context, dVar);
            if (o.a() != 0) {
                i.h(b, "applyKmsSessionTicket: request time expired,and then sync device local time with kms3.0 server system time fail.");
                return com.heytap.omas.omkms.network.response.c.a().a(o.a()).d();
            }
            i.j(b, "applyKmsSessionTicket: request time expired,and then sync device local time with kms3.0 server system time success.");
            com.heytap.omas.omkms.network.response.c l2 = e.l(context, dVar, n.c);
            if (l2.getCode() != 0) {
                i.h(b, "applyKmsSessionTicket: request time expired,and then sync device local time with kms3.0 server system time ,and then get kms ticket by cert fail.");
            }
            return l2;
        } catch (NetIOException e) {
            i.h(b, "applyKmsSessionTicket: " + e);
            return com.heytap.omas.omkms.network.response.c.a().a(1008).d();
        }
    }

    @Nullable
    private Omkms3.ServiceSessionInfo l(Context context, com.heytap.omas.omkms.data.h hVar) {
        String str;
        Omkms3.ServiceSessionInfo loadServiceSessionTicketInfo = this.a.loadServiceSessionTicketInfo(context, hVar);
        if (loadServiceSessionTicketInfo == null) {
            str = "checkServiceSessionTicket: loadServiceSessionKey return null.";
        } else {
            if (h(context, hVar, loadServiceSessionTicketInfo)) {
                return loadServiceSessionTicketInfo;
            }
            str = "checkServiceSessionTicket: checkTimeValidate ,invalid.";
        }
        i.h(b, str);
        return null;
    }

    @NonNull
    private j m(Context context, com.heytap.omas.omkms.data.d dVar) throws AuthenticationException {
        try {
            j o = o(context, dVar);
            o.toString();
            if (o.a() != 0) {
                i.h(b, "applySessionTicket: synKmsServerSystemTime fail,code:" + o.a());
                return j.d().c(dVar.c()).b(o.a()).d(o.b()).e();
            }
            com.heytap.omas.omkms.network.response.c k = k(context, dVar);
            if (k.getCode() != 0) {
                i.h(b, "applySessionTicket: applyKmsSessionTicket,fail,code:" + k.getCode());
                return j.d().c(dVar.c()).b(k.getCode()).e();
            }
            Omkms3.ResGetKMSTicket resGetKMSTicket = (Omkms3.ResGetKMSTicket) com.heytap.omas.a.e.h.a(k.getMetaResponse(), Omkms3.ResGetKMSTicket.class);
            Omkms3.KmsSessionInfo build = Omkms3.KmsSessionInfo.newBuilder().setMk(resGetKMSTicket.getMk()).setDek(resGetKMSTicket.getDek()).setBeginTime(resGetKMSTicket.getBeginTime()).setEndTime(resGetKMSTicket.getEndTime()).setHeader(k.getHeader()).setTicket(resGetKMSTicket.getTicket()).setUserInitInfo(com.heytap.omas.a.e.g.a(dVar.c())).build();
            if (this.a.saveKmsSessionTicketInfo(context, dVar.c(), build) == null) {
                return j.d().c(dVar.c()).b(1002).e();
            }
            i.j(b, "applySessionTicket: kms session ticket has been successfully persisted.");
            com.heytap.omas.omkms.network.response.d f = f(context, dVar, build);
            if (f.getCode() == 0) {
                Omkms3.ResGetServiceTicket resGetServiceTicket = (Omkms3.ResGetServiceTicket) com.heytap.omas.a.e.h.a(f.getMetaResponse(), Omkms3.ResGetServiceTicket.class);
                return this.a.saveServiceSessionTicketInfo(context, dVar.c(), Omkms3.ServiceSessionInfo.newBuilder().setMk(resGetServiceTicket.getMk()).setDek(resGetServiceTicket.getDek()).setBeginTime(resGetServiceTicket.getBeginTime()).setEndTime(resGetServiceTicket.getEndTime()).setHeader(f.getHeader()).setUserInitInfo(com.heytap.omas.a.e.g.a(dVar.c())).setTicket(resGetServiceTicket.getTicket()).build()) == null ? j.d().c(dVar.c()).b(1003).e() : j.d().c(dVar.c()).b(0).e();
            }
            i.h(b, "applySessionTicket: fail,code:" + f.getCode());
            return j.d().c(dVar.c()).b(f.getCode()).e();
        } catch (JsonSyntaxException e) {
            i.h(b, "applySessionTicket: " + e);
            return j.d().c(dVar.c()).b(1001).d(e).e();
        }
    }

    @NonNull
    private b n(Context context, com.heytap.omas.omkms.data.d dVar) throws AuthenticationException {
        if (context == null || dVar == null) {
            throw new IllegalArgumentException("Parameters invalid.");
        }
        try {
            List<X509Certificate> b2 = com.heytap.omas.a.d.b.b(context);
            List<String> c2 = com.heytap.omas.a.d.b.c(context, dVar.c());
            if (c2 != null && c2.size() != 0) {
                i.j(b, "getTrustCert: found the local kms cert.");
                return new b(0, "cert_from_local_android_key_store", c2.get(0));
            }
            i.j(b, "getTrustCert: not found the local kms cert chain.");
            com.heytap.omas.omkms.network.response.a a2 = e.a(context, dVar);
            if (a2.getCode() != 0) {
                i.h(b, "getTrustCert: getKmsCerts,fail,code:" + a2.getCode());
                return new b(a2.getCode(), null, null);
            }
            Omkms3.ResGetKmsCerts resGetKmsCerts = (Omkms3.ResGetKmsCerts) com.heytap.omas.a.e.h.a(a2.getMetaResponse(), Omkms3.ResGetKmsCerts.class);
            List<String> kmsCertChain = resGetKmsCerts.getKmsCertChain();
            if (kmsCertChain != null && kmsCertChain.size() != 0) {
                ArrayList arrayList = new ArrayList();
                for (String str : kmsCertChain) {
                    X509Certificate a3 = com.heytap.omas.a.d.b.a(str);
                    String str2 = "getTrustCert: cert of server cert chainList[" + kmsCertChain.indexOf(str) + "]:" + str;
                    arrayList.add(a3);
                }
                com.heytap.omas.a.d.b.d(context, b2, arrayList);
                if (com.heytap.omas.a.d.b.g(context, dVar.c(), arrayList) == null) {
                    i.h(b, "getTrustCert: save cert chain fail,should not take place always.");
                    return new b(1004, null, null);
                }
                return new b(0, "cert_from_get_from_server", resGetKmsCerts.getKmsCertChain().get(0));
            }
            i.h(b, "getTrustCert: Server internal error,certChain list is empty.");
            return new b(1013, null, null);
        } catch (JsonSyntaxException e) {
            i.h(b, "getTrustCert: " + e);
            return new b(1001, null, null);
        } catch (NetIOException e2) {
            i.h(b, "getTrustCert: " + e2);
            return new b(1008, null, null);
        } catch (CertException.CertChainException e3) {
            e = e3;
            i.h(b, "getTrustCert: " + e);
            return new b(1013, null, null);
        } catch (CertException.CertChainVerifyException e4) {
            e = e4;
            i.h(b, "getTrustCert: " + e);
            return new b(1013, null, null);
        } catch (CertException.LoadEccCertException e5) {
            i.h(b, "getTrustCert: " + e5);
            return new b(1010, null, null);
        } catch (CertificateException e6) {
            e = e6;
            i.h(b, "getTrustCert: " + e);
            return new b(1013, null, null);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:19:0x00fc A[Catch: NetIOException -> 0x019b, JsonSyntaxException -> 0x01c0, TryCatch #0 {JsonSyntaxException -> 0x01c0, blocks: (B:3:0x0006, B:5:0x0010, B:8:0x0041, B:10:0x0059, B:13:0x0064, B:17:0x00f6, B:19:0x00fc, B:21:0x0115, B:24:0x0130, B:30:0x0165, B:32:0x017f, B:40:0x0073, B:43:0x0086, B:45:0x00c1), top: B:2:0x0006 }] */
    /* JADX WARN: Removed duplicated region for block: B:21:0x0115 A[Catch: NetIOException -> 0x019b, JsonSyntaxException -> 0x01c0, TRY_LEAVE, TryCatch #0 {JsonSyntaxException -> 0x01c0, blocks: (B:3:0x0006, B:5:0x0010, B:8:0x0041, B:10:0x0059, B:13:0x0064, B:17:0x00f6, B:19:0x00fc, B:21:0x0115, B:24:0x0130, B:30:0x0165, B:32:0x017f, B:40:0x0073, B:43:0x0086, B:45:0x00c1), top: B:2:0x0006 }] */
    /* JADX WARN: Type inference failed for: r1v0 */
    /* JADX WARN: Type inference failed for: r1v18, types: [com.heytap.omas.a.e.l] */
    /* JADX WARN: Type inference failed for: r1v19 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private com.heytap.omas.omkms.data.j o(android.content.Context r17, com.heytap.omas.omkms.data.d r18) throws com.heytap.omas.omkms.exception.AuthenticationException {
        /*
            Method dump skipped, instructions count: 492
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.heytap.omas.omkms.feature.f.o(android.content.Context, com.heytap.omas.omkms.data.d):com.heytap.omas.omkms.data.j");
    }

    @Override // com.heytap.omas.omkms.feature.b
    @Nullable
    public Omkms3.ServiceSessionInfo a(Context context, com.heytap.omas.omkms.data.h hVar) {
        Omkms3.ServiceSessionInfo loadServiceSessionTicketInfo = this.a.loadServiceSessionTicketInfo(context, hVar);
        if (loadServiceSessionTicketInfo == null) {
            i.h(b, "getServiceSessionTicket: fail,not found serviceSessionInfo.");
        }
        return loadServiceSessionTicketInfo;
    }

    @Override // com.heytap.omas.omkms.feature.b
    public byte[] a() {
        return c;
    }

    @Override // com.heytap.omas.omkms.feature.b
    public void b(Context context, com.heytap.omas.omkms.data.d dVar) {
        try {
            c(context, dVar);
        } catch (AuthenticationException unused) {
            i.h(b, "initSessionTicketAsyncTask: should not take place always.");
        }
    }

    @Override // com.heytap.omas.omkms.feature.b
    @NonNull
    public j c(Context context, com.heytap.omas.omkms.data.d dVar) throws AuthenticationException {
        if (context == null) {
            throw new IllegalArgumentException("Context cannot be null.");
        }
        if (dVar == null || dVar.c() == null) {
            throw new IllegalArgumentException("Parameter invalid.");
        }
        if (l(context, dVar.c()) != null) {
            return e(dVar.c(), 0, null);
        }
        Omkms3.KmsSessionInfo j = j(context, dVar.c());
        return j != null ? d(context, j, dVar) : m(context, dVar);
    }
}
