package com.huawei.wisesecurity.ucs.credential.nativelib;

import android.content.Context;
import android.text.TextUtils;
import androidx.appcompat.view.g;
import com.huawei.wisesecurity.ucs.credential.crypto.cipher.CredentialCipherText;
import com.huawei.wisesecurity.ucs.credential.crypto.signer.CredentialSignText;
import com.huawei.wisesecurity.ucs.credential.entity.Credential;
import com.huawei.wisesecurity.ucs_credential.u;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;
import rp.a;
import rp.c;
import rp.d;
import sp.b;

/* loaded from: classes3.dex */
public class UcsLib {
    private static volatile boolean FLAG = false;
    private static final String LIB_NAME = "ucs-credential";
    private static final long NATIVE_VERIFY_SIGNATURE_FAIL = 60000;
    private static final String TAG = "UcsLib";
    private static volatile boolean updateRootKeyFlag = false;
    private static final Charset UTF_8 = StandardCharsets.UTF_8;
    private static final Object CA_LOCK = new Object();

    /* loaded from: classes3.dex */
    public static class OutputParam {
        public byte[] bytes = null;
        public byte[] secondBytes = null;
    }

    public static void checkNativeLibrary() throws c {
        if (FLAG) {
            return;
        }
        String loadLibrary = loadLibrary();
        if (!FLAG) {
            throw new c(1004L, g.a("UCS load library error : ", loadLibrary));
        }
    }

    public static boolean checkPkgNameCertFP(Context context, String str, String str2) {
        return (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2) || nativeCheckPkgNameCertFP(context, str.getBytes(StandardCharsets.UTF_8), str2.getBytes(StandardCharsets.UTF_8)) != 0) ? false : true;
    }

    public static void decryptCredential(Credential credential, CredentialCipherText credentialCipherText) throws a {
        byte[] decryptKek = getDecryptKek(credential, "decryptCredential fail : ");
        long nativeCryptoWithCredential = nativeCryptoWithCredential(1, decryptKek, credential, credentialCipherText, decryptKek.length == 0 ? 1 : 2);
        if (nativeCryptoWithCredential == 0) {
            return;
        }
        String a10 = androidx.viewpager2.adapter.a.a("Fail to decryptCredential， result : ", nativeCryptoWithCredential);
        b.e(TAG, a10, new Object[0]);
        throw new a((int) nativeCryptoWithCredential, a10);
    }

    public static void encryptCredential(Credential credential, CredentialCipherText credentialCipherText) throws a {
        byte[] decryptKek = getDecryptKek(credential, "encryptCredential fail : ");
        long nativeCryptoWithCredential = nativeCryptoWithCredential(0, decryptKek, credential, credentialCipherText, decryptKek.length == 0 ? 1 : 2);
        if (nativeCryptoWithCredential == 0) {
            return;
        }
        String a10 = androidx.viewpager2.adapter.a.a("Fail to encryptCredential， result : ", nativeCryptoWithCredential);
        b.e(TAG, a10, new Object[0]);
        throw new a((int) nativeCryptoWithCredential, a10);
    }

    public static byte[] genReqJws(Context context, String str, String str2, int i10, int i11) throws c {
        if (str == null) {
            str = "";
        }
        if (context == null) {
            throw new c(1001L, "context cannot empty..");
        }
        if (TextUtils.isEmpty(str2)) {
            throw new c(1001L, "packageName cannot empty..");
        }
        String valueOf = String.valueOf(i11);
        OutputParam newOutputParam = newOutputParam();
        long nativeGenReqJws = nativeGenReqJws(context, str.getBytes(StandardCharsets.UTF_8), str2.getBytes(StandardCharsets.UTF_8), i10, valueOf.getBytes(StandardCharsets.UTF_8), newOutputParam);
        if (nativeGenReqJws == 0) {
            return newOutputParam.bytes;
        }
        String a10 = androidx.viewpager2.adapter.a.a("Fail to genReqJws， result : ", nativeGenReqJws);
        b.e(TAG, a10, new Object[0]);
        throw new c(nativeGenReqJws, a10);
    }

    public static byte[] getAppAuthInfo(Context context, Credential credential, String str, int i10) throws c, a {
        if (str == null) {
            str = "";
        }
        byte[] decryptKek = getDecryptKek(credential, "getAppAuthInfo fail : ");
        int i11 = decryptKek.length == 0 ? 1 : 2;
        OutputParam newOutputParam = newOutputParam();
        long nativeGetAppAuthInfo = nativeGetAppAuthInfo(context, credential, str.getBytes(StandardCharsets.UTF_8), i10, credential.getAkskVersion(), decryptKek, i11, newOutputParam);
        if (nativeGetAppAuthInfo == 0) {
            return newOutputParam.bytes;
        }
        String a10 = androidx.viewpager2.adapter.a.a("Fail to getAppAuth， result : ", nativeGetAppAuthInfo);
        b.e(TAG, a10, new Object[0]);
        throw new c(nativeGetAppAuthInfo, a10);
    }

    private static byte[] getDecryptKek(Credential credential, String str) throws a {
        if (credential == null) {
            throw new a(1001L, "getDecryptKek credential == null");
        }
        if (credential.getKekVersion() != 3) {
            return new byte[0];
        }
        try {
            return u.a().a("ucs_alias_rootKey", credential.getKekBytes());
        } catch (d e10) {
            StringBuilder a10 = android.support.v4.media.d.a(str);
            a10.append(e10.getMessage());
            String sb2 = a10.toString();
            b.e(TAG, sb2, new Object[0]);
            throw new a(1022L, sb2);
        }
    }

    public static List<String> getPkgNameCertFP(Context context) throws c {
        ArrayList arrayList = new ArrayList();
        OutputParam newOutputParam = newOutputParam();
        long nativeGetPkgNameCertFP = nativeGetPkgNameCertFP(context, newOutputParam);
        if (nativeGetPkgNameCertFP == 0) {
            arrayList.add(new String(newOutputParam.bytes, StandardCharsets.UTF_8));
            arrayList.add(new String(newOutputParam.secondBytes, StandardCharsets.UTF_8));
            return arrayList;
        }
        String a10 = androidx.viewpager2.adapter.a.a("Fail to getPkgNameCertFP， result : ", nativeGetPkgNameCertFP);
        b.e(TAG, a10, new Object[0]);
        throw new c(nativeGetPkgNameCertFP, a10);
    }

    private static native long getSoVersion();

    public static boolean isRootKeyUpdated() {
        return updateRootKeyFlag;
    }

    public static synchronized String loadLibrary() {
        String str;
        synchronized (UcsLib.class) {
            str = "";
            if (!FLAG) {
                try {
                    System.loadLibrary(LIB_NAME);
                    b.i(TAG, "load lib {0} success", LIB_NAME);
                    FLAG = true;
                } catch (Throwable th2) {
                    str = "load lib ucs-credential error : " + th2.getMessage();
                    b.e(TAG, str, new Object[0]);
                }
            }
        }
        return str;
    }

    private static native long nativeCheckPkgNameCertFP(Context context, byte[] bArr, byte[] bArr2);

    private static native long nativeCryptoWithCredential(int i10, byte[] bArr, Credential credential, CredentialCipherText credentialCipherText, int i11);

    private static native long nativeGenReqJws(Context context, byte[] bArr, byte[] bArr2, long j10, byte[] bArr3, OutputParam outputParam);

    private static native long nativeGetAppAuthInfo(Context context, Credential credential, byte[] bArr, long j10, int i10, byte[] bArr2, int i11, OutputParam outputParam);

    private static native long nativeGetPkgNameCertFP(Context context, OutputParam outputParam);

    private static native long nativeSignVerifyWithCredential(int i10, byte[] bArr, Credential credential, CredentialSignText credentialSignText, int i11);

    public static OutputParam newOutputParam() {
        return new OutputParam();
    }

    public static void signWithCredential(Credential credential, CredentialSignText credentialSignText) throws a {
        byte[] decryptKek = getDecryptKek(credential, "signWithCredential fail : ");
        long nativeSignVerifyWithCredential = nativeSignVerifyWithCredential(0, decryptKek, credential, credentialSignText, decryptKek.length == 0 ? 1 : 2);
        if (nativeSignVerifyWithCredential == 0) {
            return;
        }
        String a10 = androidx.viewpager2.adapter.a.a("Fail to signCredential， result : ", nativeSignVerifyWithCredential);
        b.e(TAG, a10, new Object[0]);
        throw new a(nativeSignVerifyWithCredential, a10);
    }

    public static long ucsGetSoVersion() {
        return getSoVersion();
    }

    public static void ucsUpdateRootKey(byte[] bArr, int i10) throws c {
        synchronized (CA_LOCK) {
            long updateRootKey = updateRootKey(bArr, i10);
            updateRootKeyFlag = updateRootKey == 0;
            if (updateRootKey != 0) {
                String str = "Fail to updateRootKey， result : " + updateRootKey;
                b.e(TAG, str, new Object[0]);
                throw new c(1009L, str);
            }
        }
    }

    private static native long updateRootKey(byte[] bArr, int i10);

    public static boolean verifyWithCredential(Credential credential, CredentialSignText credentialSignText) throws a {
        byte[] decryptKek = getDecryptKek(credential, "verifyWithCredential fail : ");
        long nativeSignVerifyWithCredential = nativeSignVerifyWithCredential(1, decryptKek, credential, credentialSignText, decryptKek.length == 0 ? 1 : 2);
        if (nativeSignVerifyWithCredential == 0) {
            return true;
        }
        if (nativeSignVerifyWithCredential == 60000) {
            return false;
        }
        String a10 = androidx.viewpager2.adapter.a.a("Fail to verify with credential, result : ", nativeSignVerifyWithCredential);
        b.e(TAG, a10, new Object[0]);
        throw new a(nativeSignVerifyWithCredential, a10);
    }
}
