package cafebabe;

import android.text.TextUtils;
import androidx.annotation.NonNull;
import com.huawei.iotplatform.security.common.util.CommonUtil;
import com.huawei.iotplatform.security.common.util.KeyDerivationUtils;
import com.huawei.iotplatform.security.common.util.LogUtil;
import com.huawei.iotplatform.security.common.util.PakeType;
import com.huawei.iotplatform.security.common.util.PakeUtils;
import com.huawei.iotplatform.security.pin.openapi.exception.NegotiateException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Locale;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public final class ctu extends cto {
    private static final byte[] i = CommonUtil.stringToBytes("hichain_return_key");
    private static final byte[] j = CommonUtil.stringToBytes("hichain_speke_base_info");
    private static final byte[] k = CommonUtil.stringToBytes("hichain_speke_sessionkey_info");
    private byte[] bHq;
    private byte[] bHs;
    private byte[] bHt;
    private PakeUtils bHu;
    private byte[] blI;
    private byte[] bpY;
    public String p;
    private byte[] s;
    private byte[] t;
    public int w;

    public ctu(@NonNull cty ctyVar, @NonNull ctm ctmVar) {
        super(ctyVar, ctmVar);
        this.bHs = new byte[16];
        this.w = 0;
        this.bHn = new ctq();
        this.bHu = new PakeUtils();
    }

    private byte[] a(byte[] bArr, byte[] bArr2) throws NegotiateException {
        try {
            return KeyDerivationUtils.hmac(this.bHs, CommonUtil.concatenateAll(bArr, bArr2));
        } catch (InvalidKeyException unused) {
            throw new NegotiateException(-268435444, "KCF error : invalid key");
        } catch (NoSuchAlgorithmException unused2) {
            throw new NegotiateException(-268435444, "no support for KCF");
        }
    }

    private void b(byte[] bArr) throws NegotiateException {
        if (!Arrays.equals(a(this.bHq, this.t), bArr)) {
            throw new NegotiateException(1, "proof mismatch");
        }
    }

    private void e() throws NegotiateException {
        try {
            int i2 = this.w;
            if (i2 > 0) {
                this.d = KeyDerivationUtils.hkdf(this.d, this.bHt, i, i2);
            } else {
                LogUtil.error("TaskBase", "return key length invalid");
            }
        } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
            throw new NegotiateException(-268435445, "generate returned session key fail");
        }
    }

    private void f() throws NegotiateException {
        if (TextUtils.isEmpty(this.p)) {
            throw new NegotiateException(1, "lack PIN");
        }
        byte[] bArr = null;
        try {
            try {
                bArr = KeyDerivationUtils.hkdf(CommonUtil.stringToBytes(this.p), this.bHt, j, 32);
                byte[] computeSharedBase = this.bHu.computeSharedBase(bArr);
                byte[] randomBytes = CommonUtil.getRandomBytes(this.bHu.getPrivateParamLen());
                this.s = randomBytes;
                this.blI = this.bHu.computePublicParameter(computeSharedBase, randomBytes);
            } catch (InvalidKeyException unused) {
                throw new NegotiateException(1, "PAKE error : invalid key");
            } catch (NoSuchAlgorithmException unused2) {
                throw new NegotiateException(-268435444, "PAKE is not supported");
            }
        } finally {
            CommonUtil.clearBytes(bArr);
        }
    }

    private void g() throws NegotiateException {
        if (!this.bHu.isPublicKeyValid(this.bpY)) {
            throw new NegotiateException(1, "invalid peer public key");
        }
        byte[] computeSharedKey = this.bHu.computeSharedKey(this.s, this.bpY);
        byte[] bArr = null;
        try {
            try {
                bArr = KeyDerivationUtils.hkdf(computeSharedKey, this.bHt, k, 32);
                byte[] bArr2 = this.d;
                System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
                int length = this.d.length;
                byte[] bArr3 = this.bHs;
                System.arraycopy(bArr, length, bArr3, 0, bArr3.length);
            } catch (InvalidKeyException unused) {
                throw new NegotiateException(1, "HKDF error : invalid key");
            } catch (NoSuchAlgorithmException unused2) {
                throw new NegotiateException(-268435444, "no support for HKDF");
            }
        } finally {
            CommonUtil.clearBytes(computeSharedKey);
            CommonUtil.clearBytes(bArr);
        }
    }

    private void g(JSONObject jSONObject) throws NegotiateException {
        try {
            this.bHq = CommonUtil.toBytesFromHex(jSONObject.getString("challenge"));
            byte[] bytesFromHex = CommonUtil.toBytesFromHex(jSONObject.getString("kcfData"));
            this.bpY = CommonUtil.toBytesFromHex(jSONObject.getString("epk"));
            g();
            b(bytesFromHex);
            e();
            byte[] a2 = a(this.t, this.bHq);
            JSONObject jSONObject2 = new JSONObject();
            try {
                jSONObject2.put("kcfData", CommonUtil.toHexString(a2));
                b(32770, jSONObject2);
                this.t = CommonUtil.concatenateAll(this.t, this.bHq);
            } catch (JSONException unused) {
                throw new NegotiateException(1, "cannot generate server confirmation data");
            }
        } catch (JSONException unused2) {
            throw new NegotiateException(-268435445, "send server confirm bad payload in passThrough data");
        }
    }

    private void h(JSONObject jSONObject) throws NegotiateException {
        try {
            b(CommonUtil.toBytesFromHex(jSONObject.getString("kcfData")));
            e();
            this.t = CommonUtil.concatenateAll(this.t, this.bHq);
            this.bHn.f();
        } catch (JSONException unused) {
            throw new NegotiateException(-268435445, "verify server confirm bad payload in pass through data");
        }
    }

    @Override // cafebabe.cto
    public final void a() {
        super.a();
        CommonUtil.clearBytes(this.s);
        CommonUtil.clearBytes(this.blI);
        CommonUtil.clearBytes(this.bHs);
        CommonUtil.clearBytes(this.bHt);
        CommonUtil.clearBytes(this.t);
    }

    @Override // cafebabe.cto
    public final void a(int i2, @NonNull JSONObject jSONObject) throws NegotiateException {
        PakeUtils pakeUtils;
        PakeType pakeType;
        if (i2 == 1) {
            c(jSONObject);
            if (this.bHt == null) {
                this.bHt = CommonUtil.getRandomBytes(16);
            }
            if (this.t == null) {
                this.t = CommonUtil.getRandomBytes(16);
            }
            f();
            JSONObject jSONObject2 = new JSONObject();
            try {
                jSONObject2.put("challenge", CommonUtil.toHexString(this.t));
                jSONObject2.put("salt", CommonUtil.toHexString(this.bHt));
                jSONObject2.put("epk", CommonUtil.toHexString(this.blI));
                jSONObject2.put("version", d());
                b(32769, jSONObject2);
                return;
            } catch (JSONException unused) {
                throw new NegotiateException(1, "cannot generate pake response data");
            }
        }
        if (i2 == 2) {
            g(jSONObject);
            if (!this.bHn.e()) {
                return;
            }
        } else {
            if (i2 == 32769) {
                try {
                    this.bHq = CommonUtil.toBytesFromHex(jSONObject.getString("challenge"));
                    this.bHt = CommonUtil.toBytesFromHex(jSONObject.getString("salt"));
                    byte[] bytesFromHex = CommonUtil.toBytesFromHex(jSONObject.getString("epk"));
                    this.bpY = bytesFromHex;
                    if (bytesFromHex.length <= 256) {
                        LogUtil.info("TaskBase", "pake type is PAKE_256");
                        pakeUtils = this.bHu;
                        pakeType = PakeType.PAKE_256;
                    } else {
                        if (bytesFromHex.length > 384) {
                            LogUtil.error("TaskBase", "peer public param invalid");
                            throw new NegotiateException(-268435445, "peer public param invalid");
                        }
                        LogUtil.info("TaskBase", "pake type is PAKE_384");
                        pakeUtils = this.bHu;
                        pakeType = PakeType.PAKE_384;
                    }
                    pakeUtils.setPakeType(pakeType);
                    a(jSONObject);
                    this.t = CommonUtil.getRandomBytes(16);
                    f();
                    g();
                    byte[] a2 = a(this.t, this.bHq);
                    JSONObject jSONObject3 = new JSONObject();
                    try {
                        jSONObject3.put("challenge", CommonUtil.toHexString(this.t));
                        jSONObject3.put("epk", CommonUtil.toHexString(this.blI));
                        jSONObject3.put("kcfData", CommonUtil.toHexString(a2));
                        b(2, jSONObject3);
                        return;
                    } catch (JSONException unused2) {
                        throw new NegotiateException(1, "cannot generate client confirmation data");
                    }
                } catch (JSONException unused3) {
                    throw new NegotiateException(-268435445, "send client confirm bad payload in passThrough data");
                }
            }
            if (i2 != 32770) {
                if (i2 == 32896) {
                    if (jSONObject == null) {
                        LogUtil.error("TaskBase", "handleInformMessage payload is null");
                        this.bHp.a(-268435445);
                        return;
                    }
                    try {
                        int i3 = jSONObject.getInt("errorCode");
                        StringBuilder sb = new StringBuilder("ReturnCode from peer : ");
                        sb.append(String.format(Locale.ENGLISH, " 0x%08x", Integer.valueOf(i3)));
                        LogUtil.info("TaskBase", sb.toString());
                        this.bHp.a(i3 | 251658240);
                        return;
                    } catch (JSONException unused4) {
                        LogUtil.error("TaskBase", "can not parse errorCode from peer");
                        return;
                    }
                }
                return;
            }
            h(jSONObject);
            if (!this.bHn.e()) {
                return;
            }
        }
        m2001();
    }

    @Override // cafebabe.cto
    public final void c() throws NegotiateException {
        JSONObject jSONObject = new JSONObject();
        try {
            jSONObject.put("version", d());
            jSONObject.put("operationCode", com.huawei.iotplatform.security.pin.core.c.AUTH_KEY_AGREEMENT.a());
            jSONObject.put("support256mod", true);
            b(1, jSONObject);
        } catch (JSONException unused) {
            throw new NegotiateException(1, "cannot generate PAKE request data");
        }
    }
}
