package com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.component.task;

import android.text.TextUtils;
import com.huawei.iotplatform.security.common.util.CommonUtil;
import com.huawei.iotplatform.security.common.util.KeyDerivationUtils;
import com.huawei.iotplatform.security.common.util.LogUtil;
import com.huawei.iotplatform.security.common.util.PakeType;
import com.huawei.iotplatform.security.common.util.PakeUtils;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.sdk.OperationCode;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.CallbackMethods;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.component.TaskBase;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.component.status.PakeTaskStatus;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.interfaces.TaskFeedback;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.structs.ProcessedSessionInfo;
import d.b.g0;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class PakeTask extends TaskBase {
    public static final String FIELD_CHALLENGE = "challenge";
    public static final String FIELD_CONFIG_DATA = "kcfData";
    public static final String FIELD_ED_PUBLIC = "epk";
    public static final String FIELD_SALT = "salt";
    public byte[] mHmacKey;
    public PakeUtils mPakeUtils;
    public byte[] mPeerChallenge;
    public byte[] mPeerPublicParam;
    public String mPin;
    public OperationCode mRequestOperation;
    public int mReturnKeyLen;
    public byte[] mSalt;
    public byte[] mSelfChallenge;
    public byte[] mSelfPrivateParam;
    public byte[] mSelfPublicParam;
    public static final byte[] BASE_INFO = CommonUtil.stringToBytes("hichain_speke_base_info");
    public static final byte[] SESSION_INFO = CommonUtil.stringToBytes("hichain_speke_sessionkey_info");
    public static final byte[] RETURN_KEY_INFO = CommonUtil.stringToBytes("hichain_return_key");

    public PakeTask(@g0 ProcessedSessionInfo processedSessionInfo, @g0 CallbackMethods callbackMethods, @g0 TaskFeedback taskFeedback, boolean z, @g0 OperationCode operationCode) {
        super(processedSessionInfo, callbackMethods, taskFeedback);
        this.mHmacKey = new byte[16];
        this.mReturnData = new byte[0];
        this.mReturnKeyLen = 0;
        this.mTaskStatus = new PakeTaskStatus(z);
        this.mRequestOperation = operationCode;
        this.mPakeUtils = new PakeUtils();
    }

    private void generateOutputKey() {
        try {
            if (this.mReturnKeyLen > 0) {
                this.mReturnData = KeyDerivationUtils.hkdf(this.mSessionKey, this.mSalt, RETURN_KEY_INFO, this.mReturnKeyLen);
            }
        } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
            LogUtil.error("TaskBase", "generate returned session key fail");
        }
    }

    private void generatePakeParams() {
        if (TextUtils.isEmpty(this.mPin)) {
            LogUtil.error("TaskBase", "lack PIN");
            this.mOperationResult = 1;
            return;
        }
        byte[] bArr = null;
        try {
            bArr = KeyDerivationUtils.hkdf(CommonUtil.stringToBytes(this.mPin), this.mSalt, BASE_INFO, 32);
            byte[] computeSharedBase = this.mPakeUtils.computeSharedBase(bArr);
            byte[] randomBytes = CommonUtil.getRandomBytes(this.mPakeUtils.getPrivateParamLen());
            this.mSelfPrivateParam = randomBytes;
            this.mSelfPublicParam = this.mPakeUtils.computePublicParameter(computeSharedBase, randomBytes);
            this.mOperationResult = 0;
        } catch (InvalidKeyException unused) {
            LogUtil.error("TaskBase", "PAKE error : invalid key");
            this.mOperationResult = 1;
        } catch (NoSuchAlgorithmException unused2) {
            LogUtil.error("TaskBase", "PAKE is not supported");
            this.mOperationResult = -268435444;
        } finally {
            CommonUtil.clearBytes(bArr);
        }
    }

    private byte[] generateProof() {
        byte[] bArr = new byte[0];
        try {
            return KeyDerivationUtils.hmac(this.mHmacKey, CommonUtil.concatenateAll(this.mSelfChallenge, this.mPeerChallenge));
        } catch (InvalidKeyException unused) {
            LogUtil.error("TaskBase", "KCF error : invalid key");
            this.mOperationResult = 1;
            return bArr;
        } catch (NoSuchAlgorithmException unused2) {
            LogUtil.error("TaskBase", "no support for KCF");
            this.mOperationResult = -268435444;
            return bArr;
        }
    }

    private void generateSessionKey() {
        byte[] computeSharedKey = this.mPakeUtils.computeSharedKey(this.mSelfPrivateParam, this.mPeerPublicParam);
        byte[] bArr = null;
        try {
            bArr = KeyDerivationUtils.hkdf(computeSharedKey, this.mSalt, SESSION_INFO, 32);
            CommonUtil.copyByteArray(bArr, 0, this.mSessionKey, 0, this.mSessionKey.length);
            CommonUtil.copyByteArray(bArr, this.mSessionKey.length, this.mHmacKey, 0, this.mHmacKey.length);
            this.mOperationResult = 0;
        } catch (InvalidKeyException unused) {
            LogUtil.error("TaskBase", "HKDF error : invalid key");
            this.mOperationResult = 1;
        } catch (NoSuchAlgorithmException unused2) {
            LogUtil.error("TaskBase", "no support for HKDF");
            this.mOperationResult = -268435444;
        } finally {
            CommonUtil.clearBytes(computeSharedKey);
            CommonUtil.clearBytes(bArr);
        }
    }

    private boolean parsePayload(JSONObject jSONObject) {
        PakeUtils pakeUtils;
        PakeType pakeType;
        try {
            this.mPeerChallenge = CommonUtil.toBytesFromHex(jSONObject.getString("challenge"));
            this.mSalt = CommonUtil.toBytesFromHex(jSONObject.getString("salt"));
            byte[] bytesFromHex = CommonUtil.toBytesFromHex(jSONObject.getString("epk"));
            this.mPeerPublicParam = bytesFromHex;
            if (bytesFromHex.length <= 256) {
                LogUtil.info("TaskBase", "PakeType is PAKE_256");
                pakeUtils = this.mPakeUtils;
                pakeType = PakeType.PAKE_256;
            } else {
                if (bytesFromHex.length > 384) {
                    LogUtil.error("TaskBase", "peer public param invalid");
                    this.mOperationResult = -268435445;
                    return false;
                }
                LogUtil.info("TaskBase", "PakeType is PAKE_384");
                pakeUtils = this.mPakeUtils;
                pakeType = PakeType.PAKE_384;
            }
            pakeUtils.setPakeType(pakeType);
            return true;
        } catch (JSONException unused) {
            LogUtil.error("TaskBase", "send client confirm bad payload in passThrough data");
            this.mOperationResult = -268435445;
            return false;
        }
    }

    private void returnSessionKey() {
        LogUtil.info("TaskBase", "invoke callback onSessionKeyReturned");
        this.mCallbackHandler.onSessionKeyReturned(this.mSessionId, this.mReturnData);
        CommonUtil.clearBytes(this.mReturnData);
        this.mReturnData = new byte[0];
    }

    private void sendClientConfirm(JSONObject jSONObject) {
        if (!parsePayload(jSONObject)) {
            informPeerAndCancel();
            return;
        }
        if (!determineVersion(jSONObject)) {
            informPeerAndCancel();
            return;
        }
        this.mSelfChallenge = CommonUtil.getRandomBytes(16);
        generatePakeParams();
        if (this.mOperationResult != 0) {
            informPeerAndCancel();
            return;
        }
        generateSessionKey();
        if (this.mOperationResult != 0) {
            informPeerAndCancel();
            return;
        }
        byte[] generateProof = generateProof();
        if (generateProof.length == 0) {
            informPeerAndCancel();
            return;
        }
        JSONObject jSONObject2 = new JSONObject();
        try {
            jSONObject2.put("challenge", CommonUtil.toHexString(this.mSelfChallenge));
            jSONObject2.put("epk", CommonUtil.toHexString(this.mSelfPublicParam));
            jSONObject2.put("kcfData", CommonUtil.toHexString(generateProof));
            sendPassThroughData(2, jSONObject2);
        } catch (JSONException unused) {
            LogUtil.error("TaskBase", "cannot generate client confirmation data");
            this.mOperationResult = 1;
            informPeerAndCancel();
        }
    }

    private void sendPakeResponse(JSONObject jSONObject) {
        if (!parseAndCheckVersion(jSONObject)) {
            informPeerAndCancel();
            return;
        }
        this.mSalt = CommonUtil.getRandomBytes(16);
        this.mSelfChallenge = CommonUtil.getRandomBytes(16);
        generatePakeParams();
        if (this.mOperationResult != 0) {
            informPeerAndCancel();
            return;
        }
        JSONObject jSONObject2 = new JSONObject();
        try {
            jSONObject2.put("challenge", CommonUtil.toHexString(this.mSelfChallenge));
            jSONObject2.put("salt", CommonUtil.toHexString(this.mSalt));
            jSONObject2.put("epk", CommonUtil.toHexString(this.mSelfPublicParam));
            jSONObject2.put("version", getVersionInfo());
            sendPassThroughData(32769, jSONObject2);
        } catch (JSONException unused) {
            LogUtil.error("TaskBase", "cannot generate pake response data");
            this.mOperationResult = 1;
            informPeerAndCancel();
        }
    }

    private void sendPakeStartRequest() {
        JSONObject jSONObject = new JSONObject();
        try {
            jSONObject.put("version", getVersionInfo());
            jSONObject.put("operationCode", this.mRequestOperation.toInt());
            jSONObject.put("support256mod", true);
            sendPassThroughData(1, jSONObject);
        } catch (JSONException unused) {
            LogUtil.error("TaskBase", "cannot generate PAKE request data");
            this.mOperationResult = 1;
            halt();
        }
    }

    private void sendServerConfirm(JSONObject jSONObject) {
        try {
            this.mPeerChallenge = CommonUtil.toBytesFromHex(jSONObject.getString("challenge"));
            byte[] bytesFromHex = CommonUtil.toBytesFromHex(jSONObject.getString("kcfData"));
            this.mPeerPublicParam = CommonUtil.toBytesFromHex(jSONObject.getString("epk"));
            generateSessionKey();
            if (this.mOperationResult != 0) {
                informPeerAndCancel();
                return;
            }
            verifyProof(bytesFromHex);
            if (this.mOperationResult != 0) {
                informPeerAndCancel();
                return;
            }
            LogUtil.info("TaskBase", "proof match");
            generateOutputKey();
            returnSessionKey();
            byte[] generateProof = generateProof();
            if (generateProof.length == 0) {
                informPeerAndCancel();
                return;
            }
            JSONObject jSONObject2 = new JSONObject();
            try {
                jSONObject2.put("kcfData", CommonUtil.toHexString(generateProof));
                sendPassThroughData(32770, jSONObject2);
                this.mSelfChallenge = CommonUtil.concatenateAll(this.mSelfChallenge, this.mPeerChallenge);
            } catch (JSONException unused) {
                LogUtil.error("TaskBase", "cannot generate server confirmation data");
                this.mOperationResult = 1;
                informPeerAndCancel();
            }
        } catch (JSONException unused2) {
            LogUtil.error("TaskBase", "send server confirm bad payload in passThrough data");
            this.mOperationResult = -268435445;
            informPeerAndCancel();
        }
    }

    private void verifyProof(byte[] bArr) {
        try {
            if (Arrays.equals(KeyDerivationUtils.hmac(this.mHmacKey, CommonUtil.concatenateAll(this.mPeerChallenge, this.mSelfChallenge)), bArr)) {
                this.mOperationResult = 0;
            } else {
                LogUtil.error("TaskBase", "proof mismatch");
                this.mOperationResult = 1;
            }
        } catch (InvalidKeyException unused) {
            LogUtil.error("TaskBase", "KCF error : invalid key");
            this.mOperationResult = 1;
        } catch (NoSuchAlgorithmException unused2) {
            LogUtil.error("TaskBase", "no support for KCF");
            this.mOperationResult = -268435444;
        }
    }

    private void verifyServerConfirm(JSONObject jSONObject) {
        try {
            verifyProof(CommonUtil.toBytesFromHex(jSONObject.getString("kcfData")));
            if (this.mOperationResult == 0) {
                generateOutputKey();
            }
            returnSessionKey();
            this.mSelfChallenge = CommonUtil.concatenateAll(this.mSelfChallenge, this.mPeerChallenge);
        } catch (JSONException unused) {
            LogUtil.error("TaskBase", "verify server confirm bad payload in passThrough data");
            this.mOperationResult = -268435445;
        }
        this.mTaskStatus.nextStatus();
    }

    @Override // com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.component.TaskBase
    public void clear() {
        super.clear();
        CommonUtil.clearBytes(this.mHmacKey);
        CommonUtil.clearBytes(this.mSelfPrivateParam);
    }

    @Override // com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.component.TaskBase
    public void doStart() {
        sendPakeStartRequest();
    }

    public byte[] getChallenge() {
        byte[] bArr = this.mSelfChallenge;
        return bArr != null ? (byte[]) bArr.clone() : new byte[0];
    }

    @Override // com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.component.TaskBase
    public void processReceived(int i2, @g0 JSONObject jSONObject) {
        if (i2 == 1) {
            sendPakeResponse(jSONObject);
            return;
        }
        if (i2 != 2) {
            switch (i2) {
                case 32769:
                    sendClientConfirm(jSONObject);
                    return;
                case 32770:
                    verifyServerConfirm(jSONObject);
                    if (!this.mTaskStatus.isFinished()) {
                        return;
                    }
                    break;
                default:
                    return;
            }
        } else {
            sendServerConfirm(jSONObject);
            if (!this.mTaskStatus.isFinished()) {
                return;
            }
        }
        doStop();
    }

    public void setKeyLen(int i2) {
        if (i2 < 0) {
            i2 = 0;
        } else if (i2 > 1024) {
            this.mReturnKeyLen = 1024;
            return;
        }
        this.mReturnKeyLen = i2;
    }

    public void setPin(String str) {
        this.mPin = str;
    }
}
