package com.mpaas.security.android.api;

import android.content.Context;
import android.content.ContextWrapper;
import android.text.TextUtils;
import com.alibaba.wireless.security.open.SecException;
import com.alibaba.wireless.security.open.SecurityGuardManager;
import com.alibaba.wireless.security.open.SecurityGuardParamContext;
import com.alibaba.wireless.security.open.securesignature.ISecureSignatureComponent;
import com.alipay.android.phone.mobilesdk.storage.encryption.TaobaoSecurityEncryptor;
import com.alipay.blueshield.ISafeSignatureModule;
import com.alipay.blueshield.IStaticCryptoModule;
import com.alipay.blueshield.TrustedTerminalManager;
import com.alipay.mobile.common.logging.api.LoggerFactory;
import com.alipay.mobile.common.netsdkextdependapi.security.SignRequest;
import com.alipay.mobile.common.netsdkextdependapi.security.SignResult;
import com.mpaas.security.android.a.a;
import com.mpaas.security.android.a.b;
import com.mpaas.security.android.api.util.EnvUtil;
import com.umeng.analytics.pro.bh;
import java.util.HashMap;

/* loaded from: classes3.dex */
public class DefaultSecurityManager implements SecurityManager {
    private static final String ANT_GUARD_AUTH_CODE = "ant_guard_auth_code";
    private static final String SECURITY_GUARD_AUTH_CODE = "security_guard_auth_code";
    private static final String TAG = "SecurityManager";
    private static final String WRONG_SIGN_MODE = "4012";
    private static String bsAuthCode;
    private static DefaultSecurityManager instance;
    private static String sAuthCode;

    public static SignResult antSign(Context context, SignRequest signRequest) {
        if (TextUtils.isEmpty(signRequest.bsAuthCode)) {
            signRequest.bsAuthCode = getBsAuthCodeFromMetaData();
        }
        if (TextUtils.isEmpty(signRequest.bsAuthCode)) {
            signRequest.bsAuthCode = "abs_1222";
        }
        ISafeSignatureModule iSafeSignatureModule = (ISafeSignatureModule) TrustedTerminalManager.getInstance(context, signRequest.bsAuthCode).getModule(ISafeSignatureModule.class);
        SignResult signResult = new SignResult();
        signResult.signType = signRequest.signType;
        int i = signRequest.signType;
        String signString = i != 1 ? i != 3 ? i != 4 ? i != 5 ? iSafeSignatureModule.signString(97, signRequest.appkey, signRequest.content) : iSafeSignatureModule.signString(96, signRequest.appkey, signRequest.content) : iSafeSignatureModule.signString(99, signRequest.appkey, signRequest.content) : iSafeSignatureModule.signString(35, signRequest.appkey, signRequest.content) : iSafeSignatureModule.signString(34, signRequest.appkey, signRequest.content);
        if (TextUtils.isEmpty(signString)) {
            signResult.setSuccess(false);
            signResult.setErrorCode("landun sign failed");
            return signResult;
        }
        signResult.sign = signString;
        signResult.setSuccess(true);
        return signResult;
    }

    private static boolean checkAntGuardExist() {
        try {
            return Class.forName("com.alipay.blueshield.TrustedTerminalManager") != null;
        } catch (Throwable unused) {
            LoggerFactory.getTraceLogger().debug(TAG, "ant guard reflect failed");
            return false;
        }
    }

    private static boolean checkSecurityGuardExist() {
        try {
            return Class.forName("com.alibaba.wireless.security.open.SecurityGuardManager") != null;
        } catch (Throwable unused) {
            LoggerFactory.getTraceLogger().debug(TAG, "security guard reflect failed");
            return false;
        }
    }

    private SignResult doSignature(SignRequest signRequest) {
        int securityModeFromReflect = getSecurityModeFromReflect();
        if (TextUtils.isEmpty(signRequest.appkey)) {
            signRequest.appkey = getAppKeyFromMetaData(EnvUtil.getContext());
        }
        if (securityModeFromReflect == 1) {
            LoggerFactory.getTraceLogger().info(TAG, "use wireless sign");
            return wirelessSign(signRequest);
        }
        if (securityModeFromReflect == 2) {
            LoggerFactory.getTraceLogger().info(TAG, "use landun sign");
            return antSign(EnvUtil.getContext(), signRequest);
        }
        if (securityModeFromReflect == 3) {
            LoggerFactory.getTraceLogger().info(TAG, "use client sign");
            return a.a(signRequest);
        }
        SignResult signResult = new SignResult();
        signResult.setErrorCode(WRONG_SIGN_MODE);
        return signResult;
    }

    private static String getAppKeyFromMetaData(Context context) {
        try {
            Object obj = context.getPackageManager().getApplicationInfo(context.getPackageName(), 128).metaData.get("appkey");
            String obj2 = obj != null ? obj.toString() : null;
            if (TextUtils.isEmpty(obj2)) {
                return "";
            }
            LoggerFactory.getTraceLogger().info(TAG, "getAppKeyFromMetaData. appkey=[" + obj2 + "]");
            return obj2;
        } catch (Throwable th) {
            LoggerFactory.getTraceLogger().warn(TAG, "getAppKeyFromMetaData get appkey fail", th);
            return "";
        }
    }

    public static String getAuthCodeFromMetaData() {
        if (sAuthCode == null) {
            try {
                Context applicationContext = LoggerFactory.getLogContext().getApplicationContext();
                Object obj = applicationContext.getPackageManager().getApplicationInfo(applicationContext.getPackageName(), 128).metaData.get(SECURITY_GUARD_AUTH_CODE);
                String obj2 = obj != null ? obj.toString() : null;
                if (TextUtils.isEmpty(obj2)) {
                    sAuthCode = "";
                } else {
                    sAuthCode = obj2;
                }
            } catch (Throwable th) {
                LoggerFactory.getTraceLogger().error(TAG, th);
                sAuthCode = "";
            }
        }
        return sAuthCode;
    }

    private String getBsAuthCode() {
        String bsAuthCodeFromMetaData = getBsAuthCodeFromMetaData();
        return TextUtils.isEmpty(bsAuthCodeFromMetaData) ? "abs_1222" : bsAuthCodeFromMetaData;
    }

    public static String getBsAuthCodeFromMetaData() {
        if (sAuthCode == null) {
            try {
                Context applicationContext = LoggerFactory.getLogContext().getApplicationContext();
                Object obj = applicationContext.getPackageManager().getApplicationInfo(applicationContext.getPackageName(), 128).metaData.get(ANT_GUARD_AUTH_CODE);
                String obj2 = obj != null ? obj.toString() : null;
                if (TextUtils.isEmpty(obj2)) {
                    sAuthCode = "";
                } else {
                    sAuthCode = obj2;
                }
            } catch (Throwable th) {
                LoggerFactory.getTraceLogger().error(TAG, th);
                sAuthCode = "";
            }
        }
        return sAuthCode;
    }

    public static SecurityManager getInstance() {
        if (instance == null) {
            synchronized (DefaultSecurityManager.class) {
                if (instance == null) {
                    instance = new DefaultSecurityManager();
                }
            }
        }
        return instance;
    }

    private static int getSecurityModeFromMetaData(Context context) {
        try {
            Object obj = context.getPackageManager().getApplicationInfo(context.getPackageName(), 128).metaData.get("mpaas_security_mode");
            String obj2 = obj != null ? obj.toString() : null;
            if (TextUtils.equals("alibaba", obj2)) {
                return 1;
            }
            return TextUtils.equals("antGroup", obj2) ? 2 : -1;
        } catch (Throwable th) {
            LoggerFactory.getTraceLogger().warn(TAG, "getAppKeyFromMetaData get appkey fail", th);
            return -1;
        }
    }

    private static int getSecurityModeFromReflect() {
        int securityModeFromMetaData = getSecurityModeFromMetaData(EnvUtil.getContext());
        if (securityModeFromMetaData != -1) {
            return securityModeFromMetaData;
        }
        if (checkSecurityGuardExist()) {
            return 1;
        }
        return checkAntGuardExist() ? 2 : 3;
    }

    private static SignResult wirelessSign(SignRequest signRequest) {
        SecurityGuardManager securityGuardManager = SecurityGuardManager.getInstance(EnvUtil.getContext());
        if (securityGuardManager == null) {
            LoggerFactory.getTraceLogger().warn(TAG, "[doSignature] request data sign fail, sgMng is null");
            return SignResult.newEmptySignData();
        }
        ISecureSignatureComponent secureSignatureComp = securityGuardManager.getSecureSignatureComp();
        if (secureSignatureComp == null) {
            LoggerFactory.getTraceLogger().warn(TAG, "[doSignature] request data sign fail, ssComp is null");
            return SignResult.newEmptySignData();
        }
        SignResult signResult = new SignResult();
        HashMap hashMap = new HashMap();
        hashMap.put("INPUT", signRequest.content);
        SecurityGuardParamContext securityGuardParamContext = new SecurityGuardParamContext();
        securityGuardParamContext.paramMap = hashMap;
        securityGuardParamContext.appKey = signRequest.appkey;
        if (signRequest.isSignTypeCustom()) {
            String a = b.a(signRequest.content);
            if (a == null) {
                return SignResult.newEmptySignData();
            }
            signResult.sign = a;
            signResult.signType = 10;
        } else if (signRequest.isSignTypeMD5()) {
            securityGuardParamContext.requestType = 4;
        } else if (signRequest.isSignTypeHmacSha1()) {
            securityGuardParamContext.requestType = 3;
            signResult.signType = 1;
        } else if (signRequest.isSignTypeAtlas()) {
            hashMap.put("ATLAS", bh.ay);
            securityGuardParamContext.requestType = 5;
            signResult.signType = 2;
        } else if (signRequest.isSignTypeHMACSHA256()) {
            securityGuardParamContext.requestType = 10;
            signResult.signType = 3;
        } else if (signRequest.isSignTypeSHA256()) {
            securityGuardParamContext.requestType = 11;
            signResult.signType = 4;
        } else if (signRequest.isSignTypeSM3()) {
            securityGuardParamContext.requestType = 12;
            signResult.signType = 5;
        }
        if (TextUtils.isEmpty(signRequest.authCode)) {
            signRequest.authCode = getAuthCodeFromMetaData();
        }
        signResult.sign = secureSignatureComp.signRequest(securityGuardParamContext, signRequest.authCode);
        signResult.setSuccess(true);
        LoggerFactory.getTraceLogger().warn(TAG, "[doSignature] Get security signed string: " + signResult.sign + ",  requestType: " + securityGuardParamContext.requestType + ",  appKey: " + securityGuardParamContext.appKey);
        return signResult;
    }

    @Override // com.mpaas.security.android.api.SecurityManager
    public String decrypt(String str) {
        int securityModeFromReflect = getSecurityModeFromReflect();
        if (1 == securityModeFromReflect) {
            return TaobaoSecurityEncryptor.decrypt((ContextWrapper) EnvUtil.getContext(), str);
        }
        if (2 == securityModeFromReflect) {
            return ((IStaticCryptoModule) TrustedTerminalManager.getInstance(EnvUtil.getContext(), getBsAuthCode()).getModule(IStaticCryptoModule.class)).decryptStringBase64(16, getAppKeyFromMetaData(EnvUtil.getContext()), str, getBsAuthCode());
        }
        throw new IllegalAccessException("decrypt not wireless or landun module encrypt");
    }

    @Override // com.mpaas.security.android.api.SecurityManager
    public byte[] decrypt(byte[] bArr) {
        if (EnvUtil.getContext() == null) {
            throw new IllegalStateException("The context in EnvUtil is null");
        }
        int securityModeFromReflect = getSecurityModeFromReflect();
        if (1 == securityModeFromReflect) {
            return TaobaoSecurityEncryptor.decrypt((ContextWrapper) EnvUtil.getContext(), bArr);
        }
        if (2 == securityModeFromReflect) {
            return ((IStaticCryptoModule) TrustedTerminalManager.getInstance(EnvUtil.getContext(), getBsAuthCode()).getModule(IStaticCryptoModule.class)).decryptBase64(16, getAppKeyFromMetaData(EnvUtil.getContext()), bArr, getBsAuthCode());
        }
        throw new IllegalAccessException("decrypt not wireless or landun module encrypt");
    }

    @Override // com.mpaas.security.android.api.SecurityManager
    public byte[] decrypt(byte[] bArr, String str) {
        if (EnvUtil.getContext() != null) {
            return TaobaoSecurityEncryptor.decrypt((ContextWrapper) EnvUtil.getContext(), bArr, str);
        }
        throw new IllegalStateException("The context in EnvUtil is null");
    }

    @Override // com.mpaas.security.android.api.SecurityManager
    public byte[] dynamicDecrypt(byte[] bArr) {
        return new byte[0];
    }

    @Override // com.mpaas.security.android.api.SecurityManager
    public byte[] dynamicEncrypt(byte[] bArr) {
        return new byte[0];
    }

    @Override // com.mpaas.security.android.api.SecurityManager
    public String encrypt(String str) {
        int securityModeFromReflect = getSecurityModeFromReflect();
        if (1 == securityModeFromReflect) {
            return TaobaoSecurityEncryptor.encrypt((ContextWrapper) EnvUtil.getContext(), str);
        }
        if (2 == securityModeFromReflect) {
            return ((IStaticCryptoModule) TrustedTerminalManager.getInstance(EnvUtil.getContext(), getBsAuthCode()).getModule(IStaticCryptoModule.class)).encryptStringBase64(16, getAppKeyFromMetaData(EnvUtil.getContext()), str, getBsAuthCode());
        }
        throw new IllegalAccessException("decrypt not wireless or landun module encrypt");
    }

    @Override // com.mpaas.security.android.api.SecurityManager
    public byte[] encrypt(byte[] bArr) {
        if (EnvUtil.getContext() == null) {
            throw new IllegalStateException("The context in EnvUtil is null");
        }
        int securityModeFromReflect = getSecurityModeFromReflect();
        if (1 == securityModeFromReflect) {
            return TaobaoSecurityEncryptor.encrypt((ContextWrapper) EnvUtil.getContext(), bArr);
        }
        if (2 == securityModeFromReflect) {
            return ((IStaticCryptoModule) TrustedTerminalManager.getInstance(EnvUtil.getContext(), getBsAuthCode()).getModule(IStaticCryptoModule.class)).encryptBase64(16, getAppKeyFromMetaData(EnvUtil.getContext()), bArr, getBsAuthCode());
        }
        throw new IllegalAccessException("encrypt not wireless or landun module encrypt");
    }

    @Override // com.mpaas.security.android.api.SecurityManager
    public byte[] encrypt(byte[] bArr, String str) {
        if (EnvUtil.getContext() != null) {
            return TaobaoSecurityEncryptor.encrypt((ContextWrapper) EnvUtil.getContext(), bArr, str);
        }
        throw new IllegalStateException("The context in EnvUtil is null");
    }

    @Override // com.mpaas.security.android.api.SecurityManager
    public String getApDid() {
        return "";
    }

    @Override // com.mpaas.security.android.api.SecurityManager
    public String getAuthCodeForSecurityGuard(SignRequest signRequest) {
        return null;
    }

    @Override // com.mpaas.security.android.api.SecurityManager
    public SignResult signature(SignRequest signRequest) {
        try {
            return doSignature(signRequest);
        } catch (SecException e) {
            LoggerFactory.getTraceLogger().error(TAG, "[signature] Exception: " + e.toString(), e);
            return SignResult.newErrorResult(String.valueOf(e.getErrorCode()));
        } catch (Throwable th) {
            LoggerFactory.getTraceLogger().error(TAG, "[signature] Exception: " + th.toString(), th);
            return SignResult.newEmptySignData();
        }
    }

    @Override // com.mpaas.security.android.api.SecurityManager
    public SignResult signatureExt(SignRequest signRequest) {
        return null;
    }
}
