package z3;

import a4.h;
import a4.i;
import a4.m;
import android.content.Context;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import androidx.annotation.NonNull;
import com.google.gson.JsonSyntaxException;
import com.heytap.omas.omkms.data.l;
import com.heytap.omas.omkms.exception.AuthenticationException;
import com.heytap.omas.proto.Omkms3;
import com.heytap.omas.wb.WbkitAndr;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public class f {

    /* renamed from: a, reason: collision with root package name */
    public static final String f32776a = "SignatureUtil";

    /* renamed from: b, reason: collision with root package name */
    public static final String f32777b = "HMAC";

    /* renamed from: c, reason: collision with root package name */
    public static final String f32778c = "SHA256";

    /* renamed from: d, reason: collision with root package name */
    public static final String f32779d = "WB";

    /* renamed from: e, reason: collision with root package name */
    public static final String f32780e = "SessionKey";

    /* renamed from: f, reason: collision with root package name */
    public static final String f32781f = "HmacSHA256";

    /* renamed from: g, reason: collision with root package name */
    public static final int f32782g = 0;

    public static Omkms3.CMSSignedData a(com.heytap.omas.omkms.data.d dVar, byte[] bArr) {
        if (dVar != null && bArr != null && bArr.length != 0) {
            byte[] signature = WbkitAndr.signature(dVar.b(), dVar.d(), bArr, dVar.c().getWbId(), dVar.c().getWbKeyId(), dVar.c().getWbVersion());
            if (signature != null && signature.length != 0) {
                return Omkms3.CMSSignedData.newBuilder().setHashId("SHA256").setSignedContent(Base64.encodeToString(signature, 2)).setSignAlg("HMAC").build();
            }
            i.h(f32776a, "commProtoCmsWbSign:  WbkitAndr.signature return null.that indicate user'info auth fail.");
        }
        return null;
    }

    public static Omkms3.CMSSignedData b(byte[] bArr, byte[] bArr2) {
        if (bArr != null && bArr2 != null) {
            try {
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "HmacSHA256");
                Mac mac = Mac.getInstance("HmacSHA256");
                mac.init(secretKeySpec);
                Omkms3.CMSSignedData build = Omkms3.CMSSignedData.newBuilder().setHashId("SHA256").setSignedContent(Base64.encodeToString(mac.doFinal(bArr), 2)).setSignAlg("HMAC").build();
                build.toString();
                return build;
            } catch (Exception e10) {
                i.h(f32776a, "commProtoCmsSign: Mac exception:" + e10.getMessage());
            }
        }
        return null;
    }

    public static Omkms3.CMSSignedData c(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        if (bArr == null || bArr2 == null || bArr3 == null) {
            throw new IllegalArgumentException("Parameters invalid.");
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr3, "HmacSHA256");
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec);
            return Omkms3.CMSSignedData.newBuilder().setHashId("SHA256").setSignedContent(Base64.encodeToString(mac.doFinal(a4.c.a(bArr, bArr2)), 2)).setSignAlg("HMAC").build();
        } catch (InvalidKeyException | NoSuchAlgorithmException e10) {
            i.h(f32776a, "commProtoCmsSign: Mac exception:" + e10);
            return null;
        }
    }

    public static String d(Context context, com.heytap.omas.omkms.data.d dVar, byte[] bArr) {
        if (dVar != null && bArr != null && bArr.length != 0) {
            byte[] signature = WbkitAndr.signature(dVar.b(), dVar.d(), bArr, dVar.c().getWbId(), dVar.c().getWbKeyId(), dVar.c().getWbVersion());
            if (signature != null && signature.length != 0) {
                return h.b(Omkms3.Pack.newBuilder().setSignature(h.b(Omkms3.CMSSignedData.newBuilder().setHashId("SHA256").setSignedContent(Base64.encodeToString(signature, 2)).setSignAlg("HMAC").build(), Omkms3.CMSSignedData.class)).setHeader(h.b(com.heytap.omas.omkms.feature.e.d(dVar, m.c().a(context)), Omkms3.Header.class)).build(), Omkms3.Pack.class);
            }
            i.h(f32776a, "commProtoCmsWbSign:  WbkitAndr.signature return null.that indicate user'info auth fail.");
        }
        return null;
    }

    public static String e(Context context, l lVar, byte[] bArr, @NonNull com.heytap.omas.omkms.feature.b bVar) throws AuthenticationException {
        if (context == null || lVar == null || bArr == null || bVar == null) {
            throw new IllegalArgumentException("Parameters invalid.");
        }
        if (lVar.a().c().getSignMode() != 1) {
            String c10 = lVar.c();
            c10.hashCode();
            if (c10.equals("SessionKey")) {
                return k(context, lVar, bArr, bVar);
            }
            if (!c10.equals("WB")) {
                throw new IllegalStateException("Unexpected value: " + lVar.c());
            }
        }
        return d(context, lVar.a(), bArr);
    }

    public static boolean f(Context context, l lVar, String str, byte[] bArr, com.heytap.omas.omkms.feature.b bVar) throws AuthenticationException {
        if (context == null || lVar == null) {
            throw new IllegalArgumentException("Parameters invalid.");
        }
        if (TextUtils.isEmpty(str)) {
            throw new IllegalArgumentException("Parameters invalid,macSignedData cannot be null or empty.");
        }
        try {
            Omkms3.Pack pack = (Omkms3.Pack) h.a(str, Omkms3.Pack.class);
            Omkms3.Header header = pack.getHeader();
            Omkms3.CMSSignedData signature = pack.getSignature();
            if (header == null) {
                throw new AuthenticationException("Parameters invalid.macSignedData not contains header content.");
            }
            if (signature == null) {
                throw new AuthenticationException("Parameters invalid.macSignedData not contains signature content.");
            }
            if (!"SHA256".equals(signature.getHashId())) {
                throw new AuthenticationException("Not support this hashId:" + signature.getHashId());
            }
            if (!"HMAC".equals(signature.getSignAlg())) {
                throw new AuthenticationException("Not support this algorithm:" + signature.getSignAlg());
            }
            if (!lVar.c().equals(header.getKeyType())) {
                i.j(f32776a, "Key type not mach,type of init is:" + lVar.c() + ",while key type of cmsMacSignedData is:" + header.getKeyType());
            }
            if (TextUtils.isEmpty(signature.getSignedContent())) {
                throw new AuthenticationException("signed content cannot be null or empty,signed data invalid.");
            }
            String keyType = header.getKeyType();
            char c10 = 65535;
            int hashCode = keyType.hashCode();
            if (hashCode != -639668215) {
                if (hashCode == 2763 && keyType.equals("WB")) {
                    c10 = 0;
                }
            } else if (keyType.equals("SessionKey")) {
                c10 = 1;
            }
            if (c10 == 0) {
                return h(lVar.a(), Base64.decode(signature.getSignedContent().getBytes(), 2), bArr);
            }
            if (c10 != 1) {
                throw new IllegalStateException("Unexpected value: " + lVar.c());
            }
            byte[] a10 = bVar.a();
            if (a10 == null || a10.length == 0) {
                i.h(f32776a, "businessDataDecrypt: fatal error,cannot found local kek,always should not take place.");
                throw new AuthenticationException("businessDataDecrypt: fatal error,cannot found local kek, always should not take place.");
            }
            if (TextUtils.isEmpty(header.getNonce())) {
                i.h(f32776a, "businessMacVerify: nonce of header cannot be null or empty, signed data invalid.");
                throw new AuthenticationException("nonce of header cannot be null or empty, signed data invalid.");
            }
            Omkms3.NonceClass nonceClass = (Omkms3.NonceClass) h.a(header.getNonce(), Omkms3.NonceClass.class);
            if (TextUtils.isEmpty(nonceClass.getEncryptedMkJsonString())) {
                i.h(f32776a, "businessMacVerify: nonce of header not contain encryptedMk, signed data invalid.");
                throw new AuthenticationException("businessMacVerify: nonce of header not contain encryptedMk, signed data invalid.");
            }
            byte[] a11 = a.b(lVar.a().c()).a(nonceClass.getEncryptedMk(), a10);
            if (a11 != null && a11.length != 0) {
                return i(lVar, Base64.decode(signature.getSignedContent(), 2), bArr, a11);
            }
            i.h(f32776a, "businessMacVerify: encrypted mk decrypt fail,always should not take place.");
            throw new AuthenticationException("businessMacVerify: encrypted mk decrypt fail,always should not take place.");
        } catch (JsonSyntaxException e10) {
            i.h(f32776a, "businessMacVerify: I" + e10);
            throw new AuthenticationException("CmsMacSignedData invalid.");
        }
    }

    public static boolean g(com.heytap.omas.omkms.data.d dVar, byte[] bArr, Omkms3.CMSSignedData cMSSignedData) {
        StringBuilder sb2;
        String sb3;
        String hashId;
        if (dVar == null) {
            sb3 = "commProtoCmsWbVerify: Parameters invalid.initParamData:" + dVar;
        } else {
            if (bArr == null || bArr.length == 0) {
                sb2 = new StringBuilder();
                sb2.append("commProtoCmsWbVerify: Parameters invalid.srcData:");
                sb2.append(bArr);
            } else if (cMSSignedData == null) {
                sb3 = "commProtoCmsWbVerify: Parameters invalid.cmsSignedData:null";
            } else {
                if (!"HMAC".equals(cMSSignedData.getSignAlg())) {
                    sb2 = new StringBuilder();
                    sb2.append("commProtoCmsWbVerify: Parameters invalid,Signature'signAlg not match ,cmsSignedData'signAlg:");
                    hashId = cMSSignedData.getSignAlg();
                } else if (!"SHA256".equals(cMSSignedData.getHashId())) {
                    sb2 = new StringBuilder();
                    sb2.append("commProtoCmsWbVerify: Parameters invalid,Signature'hashId not match ,cmsSignedData'hashId:");
                    hashId = cMSSignedData.getHashId();
                } else if (cMSSignedData.getSignedContent() == null || cMSSignedData.getSignedContent().getBytes().length == 0) {
                    sb3 = "commProtoCmsWbVerify: Server data error,cmsSignedData'Content must not be null or length ==0 ";
                } else {
                    if (WbkitAndr.verify(dVar.b(), dVar.d(), Base64.decode(cMSSignedData.getSignedContent(), 2), bArr, dVar.c().getWbId(), dVar.c().getWbKeyId(), dVar.c().getWbVersion()) == 0) {
                        return true;
                    }
                    sb3 = "commProtoCmsWbVerify: fail.";
                }
                sb2.append(hashId);
            }
            sb3 = sb2.toString();
        }
        i.h(f32776a, sb3);
        return false;
    }

    public static boolean h(com.heytap.omas.omkms.data.d dVar, byte[] bArr, byte[] bArr2) {
        if (dVar == null) {
            i.h(f32776a, "businessWbMacVerify: Parameters invalid,initParamData must not be null.");
            throw new IllegalArgumentException("Parameters invalid,initParamData must not be null.");
        }
        if (bArr == null || bArr.length == 0) {
            i.h(f32776a, "businessWbMacVerify: Parameters invalid,omasMacSignedData must not be null or length == 0");
            throw new IllegalArgumentException("Parameters invalid,omasMacSignedData cannot be null.");
        }
        if (bArr2 == null || bArr2.length == 0) {
            throw new IllegalArgumentException("Parameters invalid,data cannot be null.");
        }
        int verify = WbkitAndr.verify(dVar.b(), dVar.d(), bArr, bArr2, dVar.c().getWbId(), dVar.c().getWbKeyId(), dVar.c().getWbVersion());
        if (verify == 0) {
            return true;
        }
        i.h(f32776a, "businessWbMacVerify: fail. ret:" + verify);
        return false;
    }

    public static boolean i(l lVar, byte[] bArr, byte[] bArr2, byte[] bArr3) throws AuthenticationException {
        String str;
        if (lVar == null || lVar.a() == null) {
            throw new AuthenticationException("userInitInfo or InitParamData must not be null");
        }
        if (lVar.a().c() == null) {
            return false;
        }
        if (bArr2 == null || bArr2.length == 0) {
            str = "businessSessionKeyMacVerify: Parameters invalid,metaContentData must not be null or length == 0";
        } else {
            try {
                Mac mac = Mac.getInstance("HmacSHA256");
                mac.init(new SecretKeySpec(bArr3, "HmacSHA256"));
                return Arrays.equals(mac.doFinal(bArr2), bArr);
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
                str = "businessSessionKeyMacSign: all ways should not log out here.";
            }
        }
        i.h(f32776a, str);
        return false;
    }

    public static boolean j(byte[] bArr, byte[] bArr2, Omkms3.CMSSignedData cMSSignedData) {
        String str;
        if (bArr == null || bArr2 == null) {
            str = "commProtoCmsVerify: Parameters invalid.data:" + bArr + ",signKey:" + bArr2;
        } else {
            try {
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "HmacSHA256");
                Mac mac = Mac.getInstance("HmacSHA256");
                mac.init(secretKeySpec);
                if (Arrays.equals(Base64.decode(cMSSignedData.getSignedContent(), 2), mac.doFinal(bArr))) {
                    return true;
                }
                i.h(f32776a, "commProtoCmsVerify: unSuccessful.");
                return false;
            } catch (InvalidKeyException | NoSuchAlgorithmException e10) {
                str = "commProtoCmsVerify: Mac Exception:" + e10.getMessage();
            }
        }
        i.h(f32776a, str);
        return false;
    }

    public static String k(Context context, l lVar, byte[] bArr, com.heytap.omas.omkms.feature.b bVar) throws AuthenticationException {
        if (lVar == null || lVar.a() == null) {
            throw new AuthenticationException("userInitInfo must not be null");
        }
        if (bArr == null || bArr.length == 0) {
            throw new AuthenticationException("data cannot be null or empty.");
        }
        if (bVar == null) {
            i.h(f32776a, "ticketManager cannot be null or empty.");
            return null;
        }
        Omkms3.ServiceSessionInfo b10 = lVar.b();
        if (b10 == null) {
            Log.e(f32776a, "businessSessionKeyMacSign: serviceSessionInfo is null,should not take place always.");
            return null;
        }
        try {
            byte[] a10 = bVar.a();
            Omkms3.CMSEncryptedData b11 = a.b(lVar.a().c()).b(Base64.decode(lVar.b().getDek(), 2), a10);
            Omkms3.CMSEncryptedData b12 = a.b(lVar.a().c()).b(Base64.decode(lVar.b().getMk(), 2), a10);
            if (b11 != null && b12 != null) {
                String b13 = h.b(b11, Omkms3.CMSEncryptedData.class);
                String b14 = h.b(Omkms3.NonceClass.newBuilder().setEncryptedDekString(b13).setEncryptedMkString(h.b(b12, Omkms3.CMSEncryptedData.class)).build(), Omkms3.NonceClass.class);
                Mac mac = Mac.getInstance("HmacSHA256");
                mac.init(new SecretKeySpec(Base64.decode(b10.getMk(), 2), "HmacSHA256"));
                return h.b(Omkms3.Pack.newBuilder().setSignature(h.b(Omkms3.CMSSignedData.newBuilder().setHashId("SHA256").setSignedContent(Base64.encodeToString(mac.doFinal(bArr), 2)).setSignAlg("HMAC").build(), Omkms3.CMSSignedData.class)).setHeader(h.b(com.heytap.omas.omkms.feature.e.c(context, lVar.a(), b10.getTicket(), b14), Omkms3.Header.class)).build(), Omkms3.Pack.class);
            }
            i.h(f32776a, "sessionEncrypt: commProtoCmsEncrypt return null,slways shopuld not take place.");
            return null;
        } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
            i.h(f32776a, "businessSessionKeyMacSign: all ways should not log out here.");
            return null;
        }
    }
}
