package com.xiaomi.keychainsdk.request;

import a.a;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import com.fileexplorer.advert.config.NativeAdConst;
import com.micloud.midrive.task.download.BaseDownloader;
import com.xiaomi.keychainsdk.constant.KeyBagKeyConfig;
import com.xiaomi.keychainsdk.exception.CryptoException;
import com.xiaomi.keychainsdk.request.context.HardwareServerMasterKeyContext;
import com.xiaomi.keychainsdk.request.context.SoftwareServerMasterKeyContext;
import com.xiaomi.keychainsdk.request.context.TransferPublicKey;
import com.xiaomi.keychainsdk.request.data.EncryptedClientTicketCalculator;
import com.xiaomi.keychainsdk.request.data.VersionedWrappedMasterKey;
import com.xiaomi.keychainsdk.storage.data.KeyBagAccount;
import com.xiaomi.keychainsdk.util.DataUtil;
import com.xiaomi.keychainsdk.util.KeyBagDataUtil;
import com.xiaomi.mirror.synergy.CallMethod;
import java.lang.ref.WeakReference;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.spec.InvalidKeySpecException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import miui.cloud.common.XLogger;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class KeyBagProtocol {
    private static final String FIXED_DEVICE_ID_SP_KEY = "fixed_device_id";
    private static final String KEY_BAG_PROTOCOL_SP_NAME = "miuikeybag.pref.protocol";
    private static Map<KeyBagAccount, WeakReference<KeyBagProtocol>> sInstanceMap = new HashMap();
    private final Context mContext;
    private final short mHSid;
    private final long mHUser;
    private KeyBagRequestor mRequestor;

    /* loaded from: classes2.dex */
    public static class AsyncOperationInterruptedException extends AsyncOperationNotCompleteException {
    }

    /* loaded from: classes2.dex */
    public static abstract class AsyncOperationNotCompleteException extends Exception {
    }

    /* loaded from: classes2.dex */
    public static class AsyncOperationTimeoutException extends AsyncOperationNotCompleteException {
    }

    /* loaded from: classes2.dex */
    public static class BadMasterKeyServerSignatureException extends Exception {
        private BadMasterKeyServerSignatureException() {
        }
    }

    /* loaded from: classes2.dex */
    public static class BadResponseException extends Exception {
        public BadResponseException(String str, Throwable th) {
            super(str, th);
        }

        public BadResponseException(Throwable th) {
            super(th);
        }
    }

    /* loaded from: classes2.dex */
    public static class OperationFailedException extends Exception {
        public final int errCode;
        public final String errMessage;
        public final long retryAfter;

        public OperationFailedException(int i5, String str, long j) {
            this.errCode = i5;
            this.errMessage = str;
            this.retryAfter = j;
        }

        @Override // java.lang.Throwable
        public String toString() {
            StringBuilder o5 = a.o("errorCode: ");
            o5.append(this.errCode);
            o5.append(" errMessage: ");
            o5.append(this.errMessage);
            o5.append(" retryAfter: ");
            o5.append(this.retryAfter);
            return o5.toString();
        }
    }

    public KeyBagProtocol(Context context, short s4, long j, KeyBagRequestor keyBagRequestor) {
        this.mContext = context;
        this.mHSid = s4;
        this.mHUser = j;
        this.mRequestor = keyBagRequestor;
    }

    private void ensureOperationSuccess(JSONObject jSONObject) {
        try {
            int i5 = jSONObject.getInt("code");
            if (i5 != 0) {
                JSONObject optJSONObject = jSONObject.optJSONObject("result");
                Object[] objArr = new Object[1];
                StringBuilder sb = new StringBuilder();
                sb.append("code: ");
                sb.append(i5);
                sb.append(" extra: ");
                sb.append(optJSONObject != null ? optJSONObject : "null");
                objArr[0] = sb.toString();
                XLogger.log(objArr);
                long j = -1;
                if (optJSONObject != null) {
                    long optLong = optJSONObject.optLong("retryLimitTime", -1L);
                    j = optLong == -1 ? optJSONObject.optLong("resetLimitTime", -1L) : optLong;
                }
                throw new OperationFailedException(i5, jSONObject.optString("message", "N/A"), j);
            }
        } catch (JSONException e2) {
            throw new BadResponseException(e2);
        }
    }

    private String getCertificateServerHash(Certificate certificate) {
        return KeyBagDataUtil.joinFields(com.xiaomi.onetrack.g.a.f3755e, KeyBagDataUtil.encodeBase64(DataUtil.sha256(DataUtil.utf8bytes(KeyBagDataUtil.encodeBase64(certificate.getEncoded())))));
    }

    public static KeyBagProtocol getInstance(Context context, short s4, long j, KeyBagRequestor keyBagRequestor) {
        KeyBagProtocol keyBagProtocol;
        synchronized (KeyBagProtocol.class) {
            KeyBagAccount keyBagAccount = new KeyBagAccount(s4, j);
            WeakReference<KeyBagProtocol> weakReference = sInstanceMap.get(keyBagAccount);
            keyBagProtocol = weakReference != null ? weakReference.get() : null;
            if (keyBagProtocol == null) {
                keyBagProtocol = new KeyBagProtocol(context.getApplicationContext(), s4, j, keyBagRequestor);
                sInstanceMap.put(keyBagAccount, new WeakReference<>(keyBagProtocol));
            }
            Iterator<WeakReference<KeyBagProtocol>> it = sInstanceMap.values().iterator();
            while (it.hasNext()) {
                if (it.next().get() == null) {
                    it.remove();
                }
            }
            if (keyBagProtocol.mRequestor != keyBagRequestor) {
                throw new IllegalArgumentException("must use same requestor for same hsid&huser");
            }
        }
        return keyBagProtocol;
    }

    private static synchronized String getOrCreateFixedDeviceId(Context context) {
        String string;
        synchronized (KeyBagProtocol.class) {
            SharedPreferences sharedPreferences = context.getSharedPreferences(KEY_BAG_PROTOCOL_SP_NAME, 0);
            string = sharedPreferences.getString(FIXED_DEVICE_ID_SP_KEY, null);
            if (string == null) {
                string = UUID.randomUUID().toString();
                sharedPreferences.edit().putString(FIXED_DEVICE_ID_SP_KEY, string).commit();
            }
        }
        return string;
    }

    private synchronized VersionedWrappedMasterKey operateAndDownload(RequestAPI requestAPI, short s4, String str, PublicKey publicKey, String str2, TransferPublicKey transferPublicKey, Certificate[] certificateArr, Set<Certificate> set) {
        JSONObject jSONObject;
        try {
            try {
                try {
                    JSONObject jSONObject2 = new JSONObject();
                    jSONObject2.put(CallMethod.ARG_DEVICE_ID, getOrCreateFixedDeviceId(this.mContext));
                    jSONObject2.put("hsid", this.mHSid);
                    jSONObject2.put("nonce", str);
                    jSONObject2.put("clientTicket", str2);
                    JSONArray jSONArray = new JSONArray();
                    jSONArray.put(transferPublicKey.getEncoded());
                    for (Certificate certificate : certificateArr) {
                        if (set.contains(certificate)) {
                            jSONArray.put(getCertificateServerHash(certificate));
                        } else {
                            jSONArray.put(KeyBagDataUtil.encodeBase64(certificate.getEncoded()));
                        }
                    }
                    jSONObject2.put("wrapCA", jSONArray);
                    putSha256DigestAlgorithmParamIfNeeded(jSONObject2);
                    try {
                        jSONObject = new JSONObject(this.mRequestor.requestPost(this.mContext, requestAPI.requestUrl, this.mHUser, jSONObject2));
                        ensureOperationSuccess(jSONObject);
                    } catch (JSONException e2) {
                        throw new BadResponseException(e2);
                    }
                } catch (JSONException unused) {
                    throw new IllegalStateException("never reach here");
                }
            } catch (CertificateEncodingException e4) {
                throw new CryptoException(e4);
            }
        } catch (Throwable th) {
            throw th;
        }
        return requestOperateAndDownloadResult(requestAPI, s4, publicKey, jSONObject.getJSONObject("result").getString("resultId"));
    }

    private void putSha256DigestAlgorithmParamIfNeeded(Map<String, String> map) {
        if (Build.VERSION.SDK_INT >= 31) {
            map.put("shaType", KeyBagKeyConfig.TRANSFER_KEY_SIGNATURE_ALGORITHM_SHA256);
        }
    }

    private void putSha256DigestAlgorithmParamIfNeeded(JSONObject jSONObject) {
        if (Build.VERSION.SDK_INT >= 31) {
            try {
                jSONObject.put("shaType", KeyBagKeyConfig.TRANSFER_KEY_SIGNATURE_ALGORITHM_SHA256);
            } catch (JSONException unused) {
                throw new RuntimeException("never happen");
            }
        }
    }

    private VersionedWrappedMasterKey requestOperateAndDownloadResult(RequestAPI requestAPI, short s4, PublicKey publicKey, String str) {
        long[] jArr = {BaseDownloader.DOWNLOAD_PROGRESS_UPDATE_INTERVAL, 4000, 6000, NativeAdConst.DEFAULT_AD_RESULT_TIMEOUT, 10000, -1};
        HashMap hashMap = new HashMap();
        hashMap.put("resultId", str);
        putSha256DigestAlgorithmParamIfNeeded(hashMap);
        int i5 = 0;
        while (true) {
            try {
                JSONObject jSONObject = new JSONObject(this.mRequestor.requestGet(this.mContext, requestAPI.resultUrl, this.mHUser, hashMap));
                ensureOperationSuccess(jSONObject);
                JSONObject jSONObject2 = jSONObject.getJSONObject("result");
                if ("finish".equals(jSONObject2.getString("status"))) {
                    VersionedWrappedMasterKey fromServerJSON = VersionedWrappedMasterKey.fromServerJSON(jSONObject2, s4);
                    verifyMasterKeySignature(fromServerJSON, KeyBagDataUtil.decodeBase64(jSONObject2.getString("serverSign")), publicKey);
                    return fromServerJSON;
                }
                int i6 = i5 + 1;
                long j = jArr[i5];
                if (j < 0) {
                    throw new AsyncOperationTimeoutException();
                }
                try {
                    Thread.sleep(j);
                    i5 = i6;
                } catch (InterruptedException unused) {
                    Thread.currentThread().interrupt();
                    throw new AsyncOperationInterruptedException();
                }
            } catch (KeyBagDataUtil.BadBase64DataException e2) {
                throw new BadResponseException(e2);
            } catch (JSONException e4) {
                throw new BadResponseException(e4);
            }
        }
    }

    private JSONObject requestXServerMasterKeyInfo(TransferPublicKey transferPublicKey, Certificate[] certificateArr) {
        if (transferPublicKey != null && certificateArr == null) {
            throw new IllegalArgumentException("tpub != null && attestationCAs == null");
        }
        if (transferPublicKey == null && certificateArr != null) {
            throw new IllegalArgumentException("tpub == null && attestationCAs != null");
        }
        JSONObject jSONObject = new JSONObject();
        if (transferPublicKey != null && certificateArr != null) {
            JSONArray jSONArray = new JSONArray();
            jSONArray.put(transferPublicKey.getEncoded());
            for (Certificate certificate : certificateArr) {
                jSONArray.put(getCertificateServerHash(certificate));
            }
            try {
                jSONObject.put("wrapCA", jSONArray);
            } catch (JSONException unused) {
                throw new RuntimeException("never happen");
            }
        }
        try {
            jSONObject.put("hsid", this.mHSid);
            putSha256DigestAlgorithmParamIfNeeded(jSONObject);
            try {
                JSONObject jSONObject2 = new JSONObject(this.mRequestor.requestPost(this.mContext, RequestAPI.GET_VERSION.requestUrl, this.mHUser, jSONObject));
                ensureOperationSuccess(jSONObject2);
                return jSONObject2.getJSONObject("result");
            } catch (JSONException e2) {
                throw new BadResponseException(e2);
            }
        } catch (JSONException unused2) {
            throw new RuntimeException("never happen");
        }
    }

    private void verifyMasterKeySignature(VersionedWrappedMasterKey versionedWrappedMasterKey, byte[] bArr, PublicKey publicKey) {
        byte[] sha256 = DataUtil.sha256(DataUtil.utf8bytes(KeyBagDataUtil.mixData(KeyBagDataUtil.encodeBase64(versionedWrappedMasterKey.wrappedMasterKey.encryptedMasterKey), KeyBagDataUtil.encodeBase64(versionedWrappedMasterKey.wrappedMasterKey.encryptedSymKey))));
        try {
            Signature signature = Signature.getInstance(KeyBagKeyConfig.HSM_KEY_SIGNATURE_ALGORITHM);
            try {
                signature.initVerify(publicKey);
                try {
                    signature.update(sha256);
                    if (signature.verify(bArr)) {
                    } else {
                        throw new BadResponseException(new BadMasterKeyServerSignatureException());
                    }
                } catch (SignatureException e2) {
                    throw new BadResponseException(e2);
                }
            } catch (InvalidKeyException e4) {
                throw new CryptoException(e4);
            }
        } catch (NoSuchAlgorithmException unused) {
            throw new RuntimeException("SHA256withRSA not support");
        }
    }

    public VersionedWrappedMasterKey changeMasterKeyPassword(int i5, short s4, String str, String str2, TransferPublicKey transferPublicKey, Certificate[] certificateArr, Set<Certificate> set, int i6, String str3, byte[] bArr, PublicKey publicKey, PublicKey publicKey2) {
        return operateAndDownload(RequestAPI.UPDATE, s4, str3, publicKey2, new EncryptedClientTicketCalculator(this.mHSid, this.mHUser, i5, s4, str, transferPublicKey, i6, str3, bArr).setNewPassword(str2).calculate(publicKey2), transferPublicKey, certificateArr, set);
    }

    public VersionedWrappedMasterKey createMasterKey(int i5, short s4, String str, TransferPublicKey transferPublicKey, Certificate[] certificateArr, Set<Certificate> set, int i6, String str2, byte[] bArr, PublicKey publicKey, PublicKey publicKey2) {
        return operateAndDownload(RequestAPI.CREATE, s4, str2, publicKey, new EncryptedClientTicketCalculator(this.mHSid, this.mHUser, i5, s4, str, transferPublicKey, i6, str2, bArr).calculate(publicKey), transferPublicKey, certificateArr, set);
    }

    public VersionedWrappedMasterKey downloadMasterKey(int i5, short s4, String str, TransferPublicKey transferPublicKey, Certificate[] certificateArr, Set<Certificate> set, int i6, String str2, byte[] bArr, PublicKey publicKey, PublicKey publicKey2) {
        return operateAndDownload(RequestAPI.RESTORE, s4, str2, publicKey2, new EncryptedClientTicketCalculator(this.mHSid, this.mHUser, i5, s4, str, transferPublicKey, i6, str2, bArr).calculate(publicKey2), transferPublicKey, certificateArr, set);
    }

    public HardwareServerMasterKeyContext getHardwareServerMasterKeyContext(TransferPublicKey transferPublicKey, Certificate[] certificateArr) {
        try {
            try {
                return HardwareServerMasterKeyContext.fromServerJSON(certificateArr, requestXServerMasterKeyInfo(transferPublicKey, certificateArr));
            } catch (HardwareServerMasterKeyContext.HardwareInfo.ResponseCACountNotMatchException e2) {
                throw new BadResponseException(e2);
            } catch (KeyBagDataUtil.BadBase64DataException e4) {
                throw new BadResponseException(e4);
            } catch (InvalidKeySpecException e5) {
                throw new BadResponseException(e5);
            } catch (JSONException e6) {
                throw new BadResponseException(e6);
            }
        } catch (CertificateEncodingException e7) {
            throw new CryptoException(e7);
        }
    }

    public SoftwareServerMasterKeyContext getSoftwareServerMasterKeyContext() {
        try {
            try {
                return SoftwareServerMasterKeyContext.fromServerJSON(requestXServerMasterKeyInfo(null, null));
            } catch (KeyBagDataUtil.BadBase64DataException e2) {
                throw new BadResponseException(e2);
            } catch (InvalidKeySpecException e4) {
                throw new BadResponseException(e4);
            } catch (JSONException e5) {
                throw new BadResponseException(e5);
            }
        } catch (CertificateEncodingException unused) {
            throw new IllegalStateException("should not reach here");
        }
    }

    public VersionedWrappedMasterKey resetMasterKey(int i5, short s4, String str, TransferPublicKey transferPublicKey, Certificate[] certificateArr, Set<Certificate> set, int i6, String str2, byte[] bArr, PublicKey publicKey, PublicKey publicKey2) {
        return operateAndDownload(RequestAPI.RESET, s4, str2, publicKey2, new EncryptedClientTicketCalculator(this.mHSid, this.mHUser, i5, s4, str, transferPublicKey, i6, str2, bArr).calculate(publicKey2), transferPublicKey, certificateArr, set);
    }
}
