package com.huawei.android.hicloud.security.service;

import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.os.Bundle;
import android.text.TextUtils;
import android.trustcircle.TrustCircleManager;
import com.huawei.android.hicloud.security.bean.UserKeyObject;
import com.huawei.hicloud.request.userk.bean.UserKeyResp;
import com.huawei.secure.android.common.intent.SafeBroadcastReceiver;
import defpackage.BNb;
import defpackage.BY;
import defpackage.C0147Bba;
import defpackage.C0447Exa;
import defpackage.C0837Jxa;
import defpackage.C2007Yxa;
import defpackage.C3285fW;
import defpackage.C4190kya;
import defpackage.C5401sW;
import defpackage.C6392yba;
import defpackage.InterfaceC6308yAa;
import defpackage.XNb;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.Arrays;
import java.util.Locale;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;

/* loaded from: classes2.dex */
public class TrustCircleUserKey {
    public static final short DEFAULT_TA_VERSION = 1;
    public static final String KEY_TA_VERSION = "TAVersion";
    public static final String KEY_TCISID = "tcisID";
    public static final String TAG = "TrustCircleUserKey";
    public static final String TRUSTCIRCLE_LOGIN_ACTION = "com.huawei.trustcircle.intent.action.TCIS_LOGIN";
    public static final String TRUSTCIRCLE_LOGIN_ACTION_OLD = "com.huawei.trustcircle.intent.action.TRUSTCIRCLE_LOGIN";
    public static final String TRUSTCIRCLE_LOGIN_PERMISSION = "com.huawei.permission.TRUST_CIRCLE_BROADCAST";
    public static final String TRUSTCIRCLE_PACKAGENAME = "com.huawei.trustcircle";
    public static final String TRUSTCIRCLE_SEND_PERMISSION = "com.huawei.permission.TRUST_CIRCLE_BROADCAST_SEND";
    public boolean isNeedPermission = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static class TrustCircleManagerCallback implements TrustCircleManager.KaCallback {
        public final UserKeyObject key;
        public final CountDownLatch keyAgreementLatch;
        public final byte[] randomByte;
        public final int type;

        public TrustCircleManagerCallback(byte[] bArr, UserKeyObject userKeyObject, CountDownLatch countDownLatch, int i) {
            this.randomByte = bArr != null ? (byte[]) bArr.clone() : new byte[0];
            this.key = userKeyObject;
            this.keyAgreementLatch = countDownLatch;
            this.type = i;
        }

        public void onKaError(long j, int i) {
            C5401sW.e(TrustCircleUserKey.TAG, "errorCode = " + i);
            CountDownLatch countDownLatch = this.keyAgreementLatch;
            if (countDownLatch != null) {
                countDownLatch.countDown();
            }
        }

        public void onKaResult(long j, int i, byte[] bArr, byte[] bArr2) {
            CountDownLatch countDownLatch;
            try {
                try {
                    byte[] a2 = C0147Bba.a(bArr2, this.randomByte, bArr);
                    if (this.key != null) {
                        if (this.type == 1) {
                            this.key.setUserKey(a2);
                        } else if (this.type == 2) {
                            this.key.setUserKeySHA256(XNb.c(a2, 2));
                        }
                    }
                    C5401sW.d(TrustCircleUserKey.TAG, "requestTrustCircleSyncUser1:" + Arrays.toString(a2));
                    countDownLatch = this.keyAgreementLatch;
                    if (countDownLatch == null) {
                        return;
                    }
                } catch (Exception unused) {
                    C5401sW.e(TrustCircleUserKey.TAG, "requestTrustCircleSyncUser Exception");
                    countDownLatch = this.keyAgreementLatch;
                    if (countDownLatch == null) {
                        return;
                    }
                }
                countDownLatch.countDown();
            } catch (Throwable th) {
                CountDownLatch countDownLatch2 = this.keyAgreementLatch;
                if (countDownLatch2 != null) {
                    countDownLatch2.countDown();
                }
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static class TrustcircleBroadcastReceiver extends SafeBroadcastReceiver {
        public final CountDownLatch loginLatch;

        public TrustcircleBroadcastReceiver(CountDownLatch countDownLatch) {
            this.loginLatch = countDownLatch;
        }

        @Override // com.huawei.secure.android.common.intent.SafeBroadcastReceiver
        public void onReceiveMsg(Context context, Intent intent) {
            String action = intent.getAction();
            if (TrustCircleUserKey.TRUSTCIRCLE_LOGIN_ACTION_OLD.equalsIgnoreCase(action) || TrustCircleUserKey.TRUSTCIRCLE_LOGIN_ACTION.equalsIgnoreCase(action)) {
                C5401sW.i(TrustCircleUserKey.TAG, "receive trust circle login broadcast");
                CountDownLatch countDownLatch = this.loginLatch;
                if (countDownLatch != null) {
                    countDownLatch.countDown();
                }
            }
        }
    }

    /* loaded from: classes2.dex */
    private static final class Type {
        public static final int KEY = 1;
        public static final int SHA256 = 2;
    }

    public static String bytes2Hex(byte[] bArr) {
        if (bArr == null) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            String hexString = Integer.toHexString(b & 255);
            if (hexString.length() == 1) {
                sb.append("0");
            }
            sb.append(hexString);
        }
        return sb.toString();
    }

    public static String getApkSignatureHash(Context context) {
        try {
            PackageInfo packageInfo = context.getPackageManager().getPackageInfo("com.huawei.hidisk", 64);
            if (packageInfo == null) {
                return "";
            }
            StringBuilder sb = new StringBuilder(packageInfo.packageName);
            if (packageInfo.signatures != null) {
                for (Signature signature : packageInfo.signatures) {
                    sb.append(":");
                    sb.append(bytes2Hex(signature.toByteArray()));
                }
            }
            return getSHA256(sb.toString().toLowerCase(Locale.US));
        } catch (Exception unused) {
            C5401sW.e(TAG, "getApkSignatureHash Exception");
            return "";
        }
    }

    private Context getContext() {
        return C3285fW.b().a().getApplicationContext();
    }

    private Bundle getDataFromTrustCircle(TrustCircleManager trustCircleManager) throws Exception {
        Bundle tcisInfo = trustCircleManager.getTcisInfo();
        if (tcisInfo == null) {
            throw new BY("getTcisInfo bundle is null");
        }
        if (TextUtils.isEmpty(new BNb(tcisInfo).n("hwUserId"))) {
            waitForTrustCircleLogin();
        }
        Bundle tcisInfo2 = trustCircleManager.getTcisInfo();
        if (tcisInfo2 == null) {
            throw new BY("getTcisInfo bundle is null");
        }
        if (TextUtils.isEmpty(new BNb(tcisInfo2).n("hwUserId"))) {
            throw new BY("hwUserId is null, use old interface");
        }
        return tcisInfo2;
    }

    private UserKeyObject getKeySHA256(UserKeyObject userKeyObject, String str, int i, int i2) throws C2007Yxa {
        String userKeySHA256 = userKeyObject.getUserKeySHA256();
        if (TextUtils.isEmpty(userKeySHA256)) {
            C5401sW.e(TAG, "decrypt trust circle SHA256 is empty");
            UserKeyUtils.getInstance().report("decrypt trust circle SHA256 is empty", str, i, i2);
            throw new C2007Yxa(4001, "decrypt trust circle SHA256 is empty");
        }
        UserKeyUtils.getInstance().setTrustCircleKeySHA256(userKeySHA256);
        byte[] userKey = userKeyObject.getUserKey();
        if (userKey == null || userKey.length == 0) {
            C5401sW.e(TAG, "decrypt trust circle key is empty");
            UserKeyUtils.getInstance().report("decrypt trust circle key is empty", str, i, i2);
            throw new C2007Yxa(4001, "decrypt trust circle key is empty");
        }
        UserKeyUtils.getInstance().setTrustCircleKey(XNb.c(userKey, 2));
        byte[] b = C0447Exa.b(userKey);
        if (b == null || b.length == 0) {
            C5401sW.e(TAG, "hash trust circle key SHA256 error");
            UserKeyUtils.getInstance().report("hash trust circle key SHA256 error", str, i, i2);
            throw new C2007Yxa(4001, "hash trust circle key SHA256 error");
        }
        String c = XNb.c(b, 2);
        if (TextUtils.isEmpty(c)) {
            C5401sW.e(TAG, "base 64 encode trust circle key SHA256 error");
            UserKeyUtils.getInstance().report("base 64 encode trust circle key SHA256 error", str, i, i2);
            throw new C2007Yxa(4001, "base 64 encode trust circle key SHA256 error");
        }
        if (!c.equals(userKeySHA256)) {
            C5401sW.e(TAG, "compare trust circle key SHA256 error");
            UserKeyUtils.getInstance().report("compare trust circle key SHA256 error", str, i, i2);
            throw new C2007Yxa(4001, "compare trust circle key SHA256 error");
        }
        C5401sW.i(TAG, "compare trust circle key SHA256 ok");
        StringBuilder sb = new StringBuilder();
        String b2 = C4190kya.b(c, sb);
        if (!TextUtils.isEmpty(b2)) {
            userKeyObject.setUserKeySHA256(b2);
            C5401sW.i(TAG, "get user key success, by trust circle");
            UserKeyUtils.getInstance().report("get user key success, by trust circle", str, i, i2);
            return userKeyObject;
        }
        C5401sW.e(TAG, "keystore encrypt trust circle key SHA256 error");
        sb.append(", error info: ");
        sb.append("keystore encrypt trust circle key SHA256 error");
        UserKeyUtils.getInstance().report(sb.toString(), str, i, i2);
        throw new C2007Yxa(4001, "keystore encrypt trust circle key SHA256 error");
    }

    public static String getSHA256(String str) {
        if (str != null && !str.isEmpty()) {
            try {
                return bytes2Hex(MessageDigest.getInstance("SHA256").digest(str.getBytes(StandardCharsets.UTF_8)));
            } catch (GeneralSecurityException unused) {
                C5401sW.e(TAG, "messageDigest GeneralSecurityException.");
            }
        }
        return "";
    }

    private boolean isTrustCircleExist() {
        boolean z;
        PackageManager packageManager = getContext().getPackageManager();
        try {
            packageManager.getPackageInfo(TRUSTCIRCLE_PACKAGENAME, 1);
            z = true;
        } catch (PackageManager.NameNotFoundException unused) {
            z = false;
        }
        if (z) {
            try {
                packageManager.getPermissionInfo(TRUSTCIRCLE_LOGIN_PERMISSION, 0);
                this.isNeedPermission = true;
            } catch (PackageManager.NameNotFoundException unused2) {
                this.isNeedPermission = false;
            }
        }
        return z;
    }

    private void waitForTrustCircleLogin() {
        CountDownLatch countDownLatch = new CountDownLatch(1);
        TrustcircleBroadcastReceiver trustcircleBroadcastReceiver = new TrustcircleBroadcastReceiver(countDownLatch);
        Context context = getContext();
        if (this.isNeedPermission) {
            context.registerReceiver(trustcircleBroadcastReceiver, new IntentFilter(TRUSTCIRCLE_LOGIN_ACTION), TRUSTCIRCLE_SEND_PERMISSION, null);
        } else {
            context.registerReceiver(trustcircleBroadcastReceiver, new IntentFilter(TRUSTCIRCLE_LOGIN_ACTION_OLD));
        }
        try {
            if (!countDownLatch.await(4L, TimeUnit.SECONDS)) {
                C5401sW.w(TAG, "waitForTrustCircleLogin await failed");
            }
        } catch (InterruptedException unused) {
            C5401sW.e(TAG, "waitForTrustCircleLogin InterruptedException");
        }
        context.unregisterReceiver(trustcircleBroadcastReceiver);
    }

    public UserKeyObject requestTrustCircleSyncUser(InterfaceC6308yAa interfaceC6308yAa, int i, String str, int i2, boolean z) throws Exception {
        String str2;
        byte[] bArr;
        CountDownLatch countDownLatch;
        if (!isTrustCircleExist()) {
            throw new BY("TrustCircle doesn't exist, use old interface");
        }
        UserKeyObject userKeyObject = new UserKeyObject();
        TrustCircleManager trustCircleManager = TrustCircleManager.getInstance();
        BNb bNb = new BNb(getDataFromTrustCircle(trustCircleManager));
        String n = bNb.n(KEY_TCISID);
        short a2 = bNb.a(KEY_TA_VERSION, (short) -1);
        long b = C0837Jxa.b(bNb.n("hwUserId"));
        if (TextUtils.isEmpty(n) || a2 < 1) {
            throw new BY("tcisID is empty or TA not support, use old interface");
        }
        UserKeyResp trustCircleUserKey = interfaceC6308yAa.getTrustCircleUserKey(i, str, i2, n, a2, getApkSignatureHash(getContext()));
        userKeyObject.setUserKeyGuid(trustCircleUserKey.getGuid());
        String[] split = trustCircleUserKey.getUserKey().split(":");
        int a3 = C0837Jxa.a(split[0]);
        String str3 = split[1];
        byte[] a4 = C6392yba.a(16);
        byte[] a5 = C0147Bba.a(a4);
        CountDownLatch countDownLatch2 = new CountDownLatch(1);
        if (z) {
            String keySHA256 = trustCircleUserKey.getKeySHA256();
            if (TextUtils.isEmpty(keySHA256)) {
                C5401sW.e(TAG, "responseKeySHA256 is empty");
                UserKeyUtils.getInstance().report("responseKeySHA256 is empty", str, i, i2);
                throw new C2007Yxa(4001, "responseKeySHA256 is empty");
            }
            String[] split2 = keySHA256.split(":");
            if (keySHA256.length() < 2) {
                C5401sW.e(TAG, "splitResponseKeySHA256 length not ok");
                UserKeyUtils.getInstance().report("splitResponseKeySHA256 length not ok", str, i, i2);
                throw new C2007Yxa(4001, "splitResponseKeySHA256 length not ok");
            }
            int a6 = C0837Jxa.a(split2[0]);
            String str4 = split2[1];
            CountDownLatch countDownLatch3 = new CountDownLatch(2);
            TrustCircleManagerCallback trustCircleManagerCallback = new TrustCircleManagerCallback(a4, userKeyObject, countDownLatch3, 2);
            str2 = TAG;
            bArr = a4;
            trustCircleManager.initKeyAgreement(trustCircleManagerCallback, a6, b, a5, str4);
            countDownLatch = countDownLatch3;
        } else {
            str2 = TAG;
            bArr = a4;
            countDownLatch = countDownLatch2;
        }
        TrustCircleManagerCallback trustCircleManagerCallback2 = new TrustCircleManagerCallback(bArr, userKeyObject, countDownLatch, 1);
        CountDownLatch countDownLatch4 = countDownLatch;
        trustCircleManager.initKeyAgreement(trustCircleManagerCallback2, a3, b, a5, str3);
        try {
            if (!countDownLatch4.await(5L, TimeUnit.SECONDS)) {
                C5401sW.w(str2, "requestTrustCircleSyncUser await failed");
            }
        } catch (InterruptedException unused) {
            C5401sW.e(str2, "initKeyAgreement InterruptedException");
        }
        if (userKeyObject.getUserKey() == null) {
            throw new BY("requestTrustCircleSyncUser failed, use old interface");
        }
        C5401sW.i(str2, "requestTrustCircleSyncUser succeed");
        if (!z) {
            return userKeyObject;
        }
        getKeySHA256(userKeyObject, str, i, i2);
        return userKeyObject;
    }
}
