package com.heytap.omas.omkms.feature;

import a3.i;
import a3.m;
import a3.n;
import android.content.Context;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.google.gson.JsonSyntaxException;
import com.heytap.omas.omkms.data.j;
import com.heytap.omas.omkms.exception.AuthenticationException;
import com.heytap.omas.omkms.exception.NetIOException;
import com.heytap.omas.omkms.security.CertException;
import com.heytap.omas.proto.Omkms3;
import e3.d;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;

/* loaded from: classes2.dex */
public class f implements com.heytap.omas.omkms.feature.b {

    /* renamed from: b, reason: collision with root package name */
    public static final String f6820b = "SessionTicketManagerCertAuthModeImp";

    /* renamed from: c, reason: collision with root package name */
    public static final byte[] f6821c = new byte[32];

    /* renamed from: a, reason: collision with root package name */
    public final SessionTicketLoader f6822a;

    /* loaded from: classes2.dex */
    public class b {

        /* renamed from: e, reason: collision with root package name */
        public static final String f6823e = "cert_from_local_android_key_store";

        /* renamed from: f, reason: collision with root package name */
        public static final String f6824f = "cert_from_get_from_server";

        /* renamed from: a, reason: collision with root package name */
        public int f6825a;

        /* renamed from: b, reason: collision with root package name */
        public String f6826b;

        /* renamed from: c, reason: collision with root package name */
        public String f6827c;

        public b(int i10, @Nullable String str, @Nullable String str2) {
            this.f6825a = 0;
            this.f6826b = f6823e;
            if (i10 == 0 && (str == null || str2 == null)) {
                throw new IllegalArgumentException("certFromType or trustLeafCert must not be null while code:0");
            }
            this.f6825a = i10;
            this.f6827c = str2;
            this.f6826b = str;
        }
    }

    /* loaded from: classes2.dex */
    public static class c {

        /* renamed from: a, reason: collision with root package name */
        public static final f f6829a = new f();
    }

    public f() {
        this.f6822a = new SessionTicketLoader();
        new SecureRandom().nextBytes(f6821c);
    }

    public static f i() {
        return c.f6829a;
    }

    @Override // com.heytap.omas.omkms.feature.b
    @Nullable
    public Omkms3.ServiceSessionInfo a(Context context, com.heytap.omas.omkms.data.h hVar) {
        Omkms3.ServiceSessionInfo loadServiceSessionTicketInfo = this.f6822a.loadServiceSessionTicketInfo(context, hVar);
        if (loadServiceSessionTicketInfo == null) {
            i.h(f6820b, "getServiceSessionTicket: fail,not found serviceSessionInfo.");
        }
        return loadServiceSessionTicketInfo;
    }

    @Override // com.heytap.omas.omkms.feature.b
    public byte[] a() {
        return f6821c;
    }

    @Override // com.heytap.omas.omkms.feature.b
    public void b(Context context, com.heytap.omas.omkms.data.d dVar) {
        try {
            c(context, dVar);
        } catch (AuthenticationException unused) {
            i.h(f6820b, "initSessionTicketAsyncTask: should not take place always.");
        }
    }

    @Override // com.heytap.omas.omkms.feature.b
    @NonNull
    public j c(Context context, com.heytap.omas.omkms.data.d dVar) throws AuthenticationException {
        if (context == null) {
            throw new IllegalArgumentException("Context cannot be null.");
        }
        if (dVar == null || dVar.c() == null) {
            throw new IllegalArgumentException("Parameter invalid.");
        }
        if (k(context, dVar.c()) != null) {
            return e(dVar.c(), 0, null);
        }
        Omkms3.KmsSessionInfo j10 = j(context, dVar.c());
        return j10 != null ? d(context, j10, dVar) : m(context, dVar);
    }

    @NonNull
    public final j d(Context context, Omkms3.KmsSessionInfo kmsSessionInfo, com.heytap.omas.omkms.data.d dVar) throws AuthenticationException {
        if (context == null || kmsSessionInfo == null || dVar == null) {
            i.h(f6820b, "updateServiceSessionTicket: parameters invalid.");
            throw new IllegalArgumentException("parameters invalid");
        }
        try {
            e3.d f10 = f(context, dVar, kmsSessionInfo);
            if (f10.getCode() == 0) {
                Omkms3.ResGetServiceTicket resGetServiceTicket = (Omkms3.ResGetServiceTicket) a3.h.a(f10.getMetaResponse(), Omkms3.ResGetServiceTicket.class);
                if (this.f6822a.saveServiceSessionTicketInfo(context, dVar.c(), Omkms3.ServiceSessionInfo.newBuilder().setMk(resGetServiceTicket.getMk()).setDek(resGetServiceTicket.getDek()).setBeginTime(resGetServiceTicket.getBeginTime()).setEndTime(resGetServiceTicket.getEndTime()).setHeader(f10.getHeader()).setUserInitInfo(a3.g.a(dVar.c())).setTicket(resGetServiceTicket.getTicket()).build()) == null) {
                    return j.d().c(dVar.c()).b(1003).e();
                }
            } else {
                i.h(f6820b, "updateServiceSessionTicket: fail,code:" + f10.getCode());
            }
            return j.d().c(dVar.c()).b(f10.getCode()).e();
        } catch (JsonSyntaxException e10) {
            i.h(f6820b, "updateServiceSessionTicket: InvalidProtocolBufferException:" + e10);
            return j.d().c(dVar.c()).b(1001).e();
        }
    }

    @NonNull
    public final j e(@NonNull com.heytap.omas.omkms.data.h hVar, @NonNull int i10, @Nullable Exception exc) {
        j e10 = j.d().c(hVar).b(i10).d(exc).e();
        e10.toString();
        return e10;
    }

    public final e3.d f(Context context, com.heytap.omas.omkms.data.d dVar, Omkms3.KmsSessionInfo kmsSessionInfo) throws AuthenticationException {
        d.b a10;
        int i10;
        if (context == null) {
            throw new IllegalArgumentException("applyServiceSessionTicket: context cannot be null.");
        }
        if (dVar == null || dVar.c() == null || kmsSessionInfo == null) {
            throw new IllegalArgumentException("applyServiceSessionTicket: parameters invalid.");
        }
        try {
            e3.d j10 = e.j(context, kmsSessionInfo.getTicket(), dVar, Base64.decode(kmsSessionInfo.getDek(), 2), Base64.decode(kmsSessionInfo.getMk(), 2));
            if (7 == j10.getCode()) {
                i.j(f6820b, "applyServiceSessionTicket: request time expired,try sync kms3.0 server time now.");
                j o10 = o(context, dVar);
                if (o10.a() != 0) {
                    i.h(f6820b, "applyServiceSessionTicket: request expired,synServiceTime fail,code:" + o10.a());
                    return e3.d.a().b(o10.a()).e();
                }
                i.j(f6820b, "applyServiceSessionTicket: request expired,synServiceTime ok, try apply service session ticket again now.");
                j10 = e.j(context, kmsSessionInfo.getTicket(), dVar, Base64.decode(kmsSessionInfo.getDek(), 2), Base64.decode(kmsSessionInfo.getMk(), 2));
            }
            if (6 != j10.getCode()) {
                return j10;
            }
            e3.c l10 = l(context, dVar);
            if (l10.getCode() != 0) {
                i.h(f6820b, "applyServiceSessionTicket: kms ticket time expired,then update it,fail,cannot init client.");
                return e3.d.a().b(l10.getCode()).e();
            }
            Omkms3.ResGetKMSTicket resGetKMSTicket = (Omkms3.ResGetKMSTicket) a3.h.a(l10.getMetaResponse(), Omkms3.ResGetKMSTicket.class);
            Omkms3.KmsSessionInfo build = Omkms3.KmsSessionInfo.newBuilder().setMk(resGetKMSTicket.getMk()).setDek(resGetKMSTicket.getDek()).setBeginTime(resGetKMSTicket.getBeginTime()).setEndTime(resGetKMSTicket.getEndTime()).setHeader(l10.getHeader()).setTicket(resGetKMSTicket.getTicket()).setUserInitInfo(a3.g.a(dVar.c())).build();
            if (this.f6822a.saveKmsSessionTicketInfo(context, dVar.c(), build) == null) {
                return e3.d.a().b(1002).e();
            }
            i.j(f6820b, "applyServiceSessionTicket: kms session ticket time expired,then update it,success.");
            return e.g(context, build.getTicket(), dVar, Base64.decode(build.getDek(), 2), Base64.decode(build.getMk(), 2));
        } catch (JsonSyntaxException e10) {
            i.h(f6820b, "applyServiceSessionTicket: " + e10);
            a10 = e3.d.a();
            i10 = 1001;
            return a10.b(i10).e();
        } catch (NetIOException e11) {
            i.h(f6820b, "applyServiceSessionTicket: " + e11);
            a10 = e3.d.a();
            i10 = 1008;
            return a10.b(i10).e();
        }
    }

    public final boolean g(Context context, com.heytap.omas.omkms.data.h hVar, Omkms3.KmsSessionInfo kmsSessionInfo) {
        m c10 = m.c();
        long beginTime = kmsSessionInfo.getBeginTime();
        long endTime = kmsSessionInfo.getEndTime();
        long a10 = c10.a(context);
        long b10 = n.b();
        if (beginTime < 0 || endTime < 0 || beginTime >= endTime) {
            i.h(f6820b, "checkTimeValidate: parameter invalid.server bug here.");
            return false;
        }
        long j10 = b10 + a10;
        return j10 >= beginTime && j10 + 10 <= endTime;
    }

    public final boolean h(Context context, com.heytap.omas.omkms.data.h hVar, Omkms3.ServiceSessionInfo serviceSessionInfo) {
        m c10 = m.c();
        long beginTime = serviceSessionInfo.getBeginTime();
        long endTime = serviceSessionInfo.getEndTime();
        long a10 = c10.a(context);
        long b10 = n.b();
        if (beginTime < 0 || endTime < 0 || beginTime >= endTime) {
            i.h(f6820b, "checkTimeValidate: parameter invalid.server bug here.");
            return false;
        }
        long j10 = b10 + a10;
        return j10 >= beginTime && j10 + 10 <= endTime;
    }

    @Nullable
    public final Omkms3.KmsSessionInfo j(Context context, com.heytap.omas.omkms.data.h hVar) {
        String str;
        Omkms3.KmsSessionInfo loadKmsSessionTicketInfo = this.f6822a.loadKmsSessionTicketInfo(context, hVar);
        if (loadKmsSessionTicketInfo == null) {
            str = "checkKmsSessionTicket: loadServiceSessionKey return null.";
        } else {
            if (g(context, hVar, loadKmsSessionTicketInfo)) {
                return loadKmsSessionTicketInfo;
            }
            str = "checkKmsSessionTicket: checkTimeValidate ,invalid.";
        }
        i.h(f6820b, str);
        return null;
    }

    @Nullable
    public final Omkms3.ServiceSessionInfo k(Context context, com.heytap.omas.omkms.data.h hVar) {
        String str;
        Omkms3.ServiceSessionInfo loadServiceSessionTicketInfo = this.f6822a.loadServiceSessionTicketInfo(context, hVar);
        if (loadServiceSessionTicketInfo == null) {
            str = "checkServiceSessionTicket: loadServiceSessionKey return null.";
        } else {
            if (h(context, hVar, loadServiceSessionTicketInfo)) {
                return loadServiceSessionTicketInfo;
            }
            str = "checkServiceSessionTicket: checkTimeValidate ,invalid.";
        }
        i.h(f6820b, str);
        return null;
    }

    @NonNull
    public final e3.c l(@NonNull Context context, @NonNull com.heytap.omas.omkms.data.d dVar) throws AuthenticationException {
        if (context == null || dVar == null) {
            throw new IllegalArgumentException("applyKmsSessionTicket:Parameters invalid.");
        }
        try {
            b n10 = n(context, dVar);
            if (n10.f6825a != 0) {
                i.h(f6820b, "applyKmsSessionTicket: get trust cert fail,code:" + n10.f6825a);
                return e3.c.a().b(n10.f6825a).e();
            }
            e3.c l10 = e.l(context, dVar, n10.f6827c);
            if (19 == l10.getCode() || (201099 == l10.getCode() && b.f6823e.equals(n10.f6826b))) {
                com.heytap.omas.a.d.b.h(context, dVar.c());
                n10 = n(context, dVar);
                if (n10.f6825a != 0) {
                    i.h(f6820b, "applyKmsSessionTicket: server envelop decrypt fail && cert_from_type:" + n10.f6826b + ",and get cert from server fail,code:" + n10.f6825a);
                    return e3.c.a().b(n10.f6825a).e();
                }
                l10 = e.l(context, dVar, n10.f6827c);
                i.j(f6820b, "applyKmsSessionTicket: server envelop decrypt fail && cert_from_type:" + n10.f6826b + ",and getKmsTicketByCert again,code:" + n10.f6825a);
            }
            int code = l10.getCode();
            if (code == 0) {
                return l10;
            }
            if (code != 7) {
                i.h(f6820b, "applyKmsSessionTicket: fail,code:" + l10.getCode());
                return e3.c.a().b(l10.getCode()).e();
            }
            j o10 = o(context, dVar);
            if (o10.a() != 0) {
                i.h(f6820b, "applyKmsSessionTicket: request time expired,and then sync device local time with kms3.0 server system time fail.");
                return e3.c.a().b(o10.a()).e();
            }
            i.j(f6820b, "applyKmsSessionTicket: request time expired,and then sync device local time with kms3.0 server system time success.");
            e3.c l11 = e.l(context, dVar, n10.f6827c);
            if (l11.getCode() != 0) {
                i.h(f6820b, "applyKmsSessionTicket: request time expired,and then sync device local time with kms3.0 server system time ,and then get kms ticket by cert fail.");
            }
            return l11;
        } catch (NetIOException e10) {
            i.h(f6820b, "applyKmsSessionTicket: " + e10);
            return e3.c.a().b(1008).e();
        }
    }

    @NonNull
    public final j m(Context context, com.heytap.omas.omkms.data.d dVar) throws AuthenticationException {
        try {
            j o10 = o(context, dVar);
            o10.toString();
            if (o10.a() != 0) {
                i.h(f6820b, "applySessionTicket: synKmsServerSystemTime fail,code:" + o10.a());
                return j.d().c(dVar.c()).b(o10.a()).d(o10.b()).e();
            }
            e3.c l10 = l(context, dVar);
            if (l10.getCode() != 0) {
                i.h(f6820b, "applySessionTicket: applyKmsSessionTicket,fail,code:" + l10.getCode());
                return j.d().c(dVar.c()).b(l10.getCode()).e();
            }
            Omkms3.ResGetKMSTicket resGetKMSTicket = (Omkms3.ResGetKMSTicket) a3.h.a(l10.getMetaResponse(), Omkms3.ResGetKMSTicket.class);
            Omkms3.KmsSessionInfo build = Omkms3.KmsSessionInfo.newBuilder().setMk(resGetKMSTicket.getMk()).setDek(resGetKMSTicket.getDek()).setBeginTime(resGetKMSTicket.getBeginTime()).setEndTime(resGetKMSTicket.getEndTime()).setHeader(l10.getHeader()).setTicket(resGetKMSTicket.getTicket()).setUserInitInfo(a3.g.a(dVar.c())).build();
            if (this.f6822a.saveKmsSessionTicketInfo(context, dVar.c(), build) == null) {
                return j.d().c(dVar.c()).b(1002).e();
            }
            i.j(f6820b, "applySessionTicket: kms session ticket has been successfully persisted.");
            e3.d f10 = f(context, dVar, build);
            if (f10.getCode() == 0) {
                Omkms3.ResGetServiceTicket resGetServiceTicket = (Omkms3.ResGetServiceTicket) a3.h.a(f10.getMetaResponse(), Omkms3.ResGetServiceTicket.class);
                return this.f6822a.saveServiceSessionTicketInfo(context, dVar.c(), Omkms3.ServiceSessionInfo.newBuilder().setMk(resGetServiceTicket.getMk()).setDek(resGetServiceTicket.getDek()).setBeginTime(resGetServiceTicket.getBeginTime()).setEndTime(resGetServiceTicket.getEndTime()).setHeader(f10.getHeader()).setUserInitInfo(a3.g.a(dVar.c())).setTicket(resGetServiceTicket.getTicket()).build()) == null ? j.d().c(dVar.c()).b(1003).e() : j.d().c(dVar.c()).b(0).e();
            }
            i.h(f6820b, "applySessionTicket: fail,code:" + f10.getCode());
            return j.d().c(dVar.c()).b(f10.getCode()).e();
        } catch (JsonSyntaxException e10) {
            i.h(f6820b, "applySessionTicket: " + e10);
            return j.d().c(dVar.c()).b(1001).d(e10).e();
        }
    }

    @NonNull
    public final b n(Context context, com.heytap.omas.omkms.data.d dVar) throws AuthenticationException {
        if (context == null || dVar == null) {
            throw new IllegalArgumentException("Parameters invalid.");
        }
        try {
            List<X509Certificate> b10 = com.heytap.omas.a.d.b.b(context);
            List<String> c10 = com.heytap.omas.a.d.b.c(context, dVar.c());
            if (c10 != null && c10.size() != 0) {
                i.j(f6820b, "getTrustCert: found the local kms cert.");
                return new b(0, b.f6823e, c10.get(0));
            }
            i.j(f6820b, "getTrustCert: not found the local kms cert chain.");
            e3.a f10 = e.f(context, dVar);
            if (f10.getCode() != 0) {
                i.h(f6820b, "getTrustCert: getKmsCerts,fail,code:" + f10.getCode());
                return new b(f10.getCode(), null, null);
            }
            Omkms3.ResGetKmsCerts resGetKmsCerts = (Omkms3.ResGetKmsCerts) a3.h.a(f10.getMetaResponse(), Omkms3.ResGetKmsCerts.class);
            List<String> kmsCertChain = resGetKmsCerts.getKmsCertChain();
            if (kmsCertChain != null && kmsCertChain.size() != 0) {
                ArrayList arrayList = new ArrayList();
                for (String str : kmsCertChain) {
                    X509Certificate a10 = com.heytap.omas.a.d.b.a(str);
                    kmsCertChain.indexOf(str);
                    arrayList.add(a10);
                }
                com.heytap.omas.a.d.b.d(context, b10, arrayList);
                if (com.heytap.omas.a.d.b.g(context, dVar.c(), arrayList) == null) {
                    i.h(f6820b, "getTrustCert: save cert chain fail,should not take place always.");
                    return new b(1004, null, null);
                }
                return new b(0, b.f6824f, resGetKmsCerts.getKmsCertChain().get(0));
            }
            i.h(f6820b, "getTrustCert: Server internal error,certChain list is empty.");
            return new b(1013, null, null);
        } catch (JsonSyntaxException e10) {
            i.h(f6820b, "getTrustCert: " + e10);
            return new b(1001, null, null);
        } catch (NetIOException e11) {
            i.h(f6820b, "getTrustCert: " + e11);
            return new b(1008, null, null);
        } catch (CertException.CertChainException e12) {
            e = e12;
            i.h(f6820b, "getTrustCert: " + e);
            return new b(1013, null, null);
        } catch (CertException.CertChainVerifyException e13) {
            e = e13;
            i.h(f6820b, "getTrustCert: " + e);
            return new b(1013, null, null);
        } catch (CertException.LoadEccCertException e14) {
            i.h(f6820b, "getTrustCert: " + e14);
            return new b(1010, null, null);
        } catch (CertificateException e15) {
            e = e15;
            i.h(f6820b, "getTrustCert: " + e);
            return new b(1013, null, null);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:19:0x00f8 A[Catch: NetIOException -> 0x0162, JsonSyntaxException -> 0x0186, TryCatch #2 {JsonSyntaxException -> 0x0186, NetIOException -> 0x0162, blocks: (B:3:0x0002, B:5:0x000c, B:8:0x003d, B:10:0x0055, B:13:0x0060, B:17:0x00f2, B:19:0x00f8, B:21:0x0111, B:23:0x0130, B:25:0x014c, B:27:0x006f, B:30:0x0082, B:32:0x00bd), top: B:2:0x0002 }] */
    /* JADX WARN: Removed duplicated region for block: B:21:0x0111 A[Catch: NetIOException -> 0x0162, JsonSyntaxException -> 0x0186, TryCatch #2 {JsonSyntaxException -> 0x0186, NetIOException -> 0x0162, blocks: (B:3:0x0002, B:5:0x000c, B:8:0x003d, B:10:0x0055, B:13:0x0060, B:17:0x00f2, B:19:0x00f8, B:21:0x0111, B:23:0x0130, B:25:0x014c, B:27:0x006f, B:30:0x0082, B:32:0x00bd), top: B:2:0x0002 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final com.heytap.omas.omkms.data.j o(android.content.Context r11, com.heytap.omas.omkms.data.d r12) throws com.heytap.omas.omkms.exception.AuthenticationException {
        /*
            Method dump skipped, instructions count: 417
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.heytap.omas.omkms.feature.f.o(android.content.Context, com.heytap.omas.omkms.data.d):com.heytap.omas.omkms.data.j");
    }
}
