package com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.component.task;

import com.huawei.iotplatform.security.common.util.CommonUtil;
import com.huawei.iotplatform.security.common.util.KeyDerivationUtils;
import com.huawei.iotplatform.security.common.util.LogUtil;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.sdk.OperationCode;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.sdk.ReturnCode;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.CallbackMethods;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.KeyManagerImpl;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.component.TaskBase;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.component.status.StsTaskStatus;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.interfaces.TaskFeedback;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.structs.AsymKeyPair;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.structs.CallerInfo;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.structs.KeyStruct;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.structs.ProcessedSessionInfo;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.structs.StsParams;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.structs.StsResponseData;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.utils.BlockCipherUtils;
import com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.utils.StsUtils;
import d.b.g0;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class StsTask extends TaskBase {
    public static final String AUTH_DATA = "authData";
    public static final String CHALLENGE = "challenge";
    public static final String ED_PUBLIC_KEY = "epk";
    public static final String SALT = "salt";
    public int mKeyLength;
    public byte[] mOutputKey;
    public byte[] mPeerChallenge;
    public byte[] mPeerPublicKey;
    public OperationCode mRequestOperation;
    public byte[] mSalt;
    public byte[] mSelfChallenge;
    public byte[] mSelfPrivateKey;
    public byte[] mSelfPublicKey;
    public static final byte[] AUTH_INFO = CommonUtil.stringToBytes("hichain_auth_info");
    public static final byte[] RETURN_KEY_INFO = CommonUtil.stringToBytes("hichain_return_key");

    public StsTask(@g0 ProcessedSessionInfo processedSessionInfo, @g0 CallbackMethods callbackMethods, @g0 TaskFeedback taskFeedback, @g0 OperationCode operationCode, @g0 StsParams stsParams) {
        super(processedSessionInfo, callbackMethods, taskFeedback);
        int keyLength;
        this.mTaskStatus = new StsTaskStatus(stsParams.isClient());
        if (stsParams.getKeyLength() < 0) {
            keyLength = 0;
        } else {
            if (stsParams.getKeyLength() > 1024) {
                this.mKeyLength = 1024;
                this.mRequestOperation = operationCode;
            }
            keyLength = stsParams.getKeyLength();
        }
        this.mKeyLength = keyLength;
        this.mRequestOperation = operationCode;
    }

    private boolean generateOutputKey() {
        LogUtil.info("TaskBase", "generateOutputKey");
        try {
            if (this.mKeyLength > 0) {
                this.mOutputKey = KeyDerivationUtils.hkdf(this.mSessionKey, this.mSalt, RETURN_KEY_INFO, this.mKeyLength);
            } else {
                this.mOutputKey = new byte[0];
            }
            return true;
        } catch (InvalidKeyException unused) {
            LogUtil.error("TaskBase", "HKDF error : bad key of HMAC");
            this.mOperationResult = 1;
            return false;
        } catch (NoSuchAlgorithmException unused2) {
            LogUtil.error("TaskBase", "no support for HKDF");
            this.mOperationResult = -268435444;
            return false;
        }
    }

    private boolean generateSessionKey() {
        try {
            this.mSessionKey = StsUtils.stsAckRequest(this.mPeerPublicKey, this.mSelfPrivateKey, this.mSalt, AUTH_INFO, 16);
            return true;
        } catch (InvalidKeyException | InvalidParameterException unused) {
            LogUtil.error("TaskBase", "STS error : bad parameters");
            this.mOperationResult = 1;
            return false;
        } catch (NoSuchAlgorithmException unused2) {
            LogUtil.error("TaskBase", "no support for STS");
            this.mOperationResult = -268435444;
            return false;
        }
    }

    private boolean generateStsParams() {
        try {
            StsResponseData stsResponse = StsUtils.stsResponse(this.mPeerPublicKey, AUTH_INFO, 16);
            this.mSessionKey = stsResponse.getSessionKey();
            this.mSelfPrivateKey = stsResponse.getPrivateKey();
            this.mSelfPublicKey = stsResponse.getPublicKey();
            this.mSalt = stsResponse.getSalt();
            return true;
        } catch (InvalidKeyException | InvalidParameterException unused) {
            LogUtil.error("TaskBase", "STS error : invalid parameters");
            this.mOperationResult = 1;
            return false;
        } catch (NoSuchAlgorithmException unused2) {
            LogUtil.error("TaskBase", "no support algorithm for STS");
            this.mOperationResult = -268435444;
            return false;
        }
    }

    private void parseAuthResult(JSONObject jSONObject) {
        try {
            this.mOperationResult = CommonUtil.bytesToInt(BlockCipherUtils.decryptAesGcm(CommonUtil.toBytesFromHex(jSONObject.getString("authReturn")), this.mSessionKey, this.mSelfChallenge));
        } catch (JSONException unused) {
            LogUtil.error("TaskBase", "bad payload in auth return data");
            this.mOperationResult = 1;
        }
        this.mTaskStatus.nextStatus();
    }

    private void sendAuthAckRequest(JSONObject jSONObject) {
        try {
            this.mPeerChallenge = CommonUtil.toBytesFromHex(jSONObject.getString("challenge"));
            this.mPeerPublicKey = CommonUtil.toBytesFromHex(jSONObject.getString("epk"));
            this.mSalt = CommonUtil.toBytesFromHex(jSONObject.getString("salt"));
            byte[] bytesFromHex = CommonUtil.toBytesFromHex(jSONObject.getString(AUTH_DATA));
            if (!determineVersion(jSONObject)) {
                informPeerAndCancel();
                return;
            }
            if (!generateSessionKey()) {
                informPeerAndCancel();
                return;
            }
            CallerInfo callerInfo = new CallerInfo(this.mServiceId, this.mCallerPkgName);
            if (!verifyPeerSignature(bytesFromHex, callerInfo)) {
                informPeerAndCancel();
                return;
            }
            if (!generateOutputKey()) {
                informPeerAndCancel();
                return;
            }
            KeyStruct.OperationResult signStsInfo = signStsInfo(callerInfo);
            if (signStsInfo.getResult() != 0) {
                LogUtil.error("TaskBase", "sign STS failed");
                this.mOperationResult = signStsInfo.getResult();
                informPeerAndCancel();
                return;
            }
            byte[] encryptAesGcm = BlockCipherUtils.encryptAesGcm(signStsInfo.getAdditionalInfo(), this.mSessionKey, this.mPeerChallenge);
            JSONObject jSONObject2 = new JSONObject();
            try {
                jSONObject2.put(AUTH_DATA, CommonUtil.toHexString(encryptAesGcm));
                sendPassThroughData(18, jSONObject2);
            } catch (JSONException unused) {
                LogUtil.error("TaskBase", "cannot generate STS ACK request data");
                this.mOperationResult = 1;
                informPeerAndCancel();
            }
        } catch (JSONException unused2) {
            LogUtil.error("TaskBase", "bad payload in ack data");
            this.mOperationResult = -268435445;
            informPeerAndCancel();
        }
    }

    private void sendAuthAckResponse(JSONObject jSONObject) {
        try {
            if (!verifyPeerSignature(CommonUtil.toBytesFromHex(jSONObject.getString(AUTH_DATA)), new CallerInfo(this.mServiceId, this.mCallerPkgName))) {
                informPeerAndCancel();
                return;
            }
            try {
                if (this.mKeyLength > 0) {
                    this.mOutputKey = KeyDerivationUtils.hkdf(this.mSessionKey, this.mSalt, RETURN_KEY_INFO, this.mKeyLength);
                } else {
                    this.mOutputKey = new byte[0];
                }
                byte[] encryptAesGcm = BlockCipherUtils.encryptAesGcm(CommonUtil.intToBytes(this.mOperationResult), this.mSessionKey, this.mPeerChallenge);
                JSONObject jSONObject2 = new JSONObject();
                try {
                    jSONObject2.put("authReturn", CommonUtil.toHexString(encryptAesGcm));
                    sendPassThroughData(32786, jSONObject2);
                } catch (JSONException unused) {
                    LogUtil.error("TaskBase", "cannot generate STS ACK response data");
                    this.mOperationResult = 1;
                    informPeerAndCancel();
                }
            } catch (InvalidKeyException unused2) {
                LogUtil.error("TaskBase", "HKDF error : bad key of HMAC");
                this.mOperationResult = 1;
                informPeerAndCancel();
            } catch (NoSuchAlgorithmException unused3) {
                LogUtil.error("TaskBase", "no support for HKDF");
                this.mOperationResult = -268435444;
                informPeerAndCancel();
            }
        } catch (JSONException unused4) {
            LogUtil.error("TaskBase", "bad payload in ack response data");
            this.mOperationResult = -268435445;
            informPeerAndCancel();
        }
    }

    private void sendAuthStartRequest() {
        try {
            AsymKeyPair stsStart = StsUtils.stsStart();
            this.mSelfPrivateKey = stsStart.getPrivateKey();
            this.mSelfPublicKey = stsStart.getPublicKey();
            this.mSelfChallenge = CommonUtil.getRandomBytes(16);
            JSONObject jSONObject = new JSONObject();
            try {
                jSONObject.put("challenge", CommonUtil.toHexString(this.mSelfChallenge));
                jSONObject.put("epk", CommonUtil.toHexString(this.mSelfPublicKey));
                jSONObject.put("operationCode", this.mRequestOperation.toInt());
                jSONObject.put("version", getVersionInfo());
                jSONObject.put("peerAuthId", CommonUtil.toHexString(this.mSelfId));
                jSONObject.put("peerUserType", this.mSelfType);
                jSONObject.put("keyLength", this.mKeyLength);
                sendPassThroughData(17, jSONObject);
            } catch (JSONException unused) {
                LogUtil.error("TaskBase", "cannot generate STS request data");
                this.mOperationResult = 1;
                halt();
            }
        } catch (InvalidKeyException unused2) {
            LogUtil.error("TaskBase", "STS is not supported");
            this.mTaskStatus.halt();
            halt();
        }
    }

    private void sendAuthStartResponse(JSONObject jSONObject) {
        try {
            this.mPeerChallenge = CommonUtil.toBytesFromHex(jSONObject.getString("challenge"));
            this.mPeerPublicKey = CommonUtil.toBytesFromHex(jSONObject.getString("epk"));
            if (!parseAndCheckVersion(jSONObject)) {
                informPeerAndCancel();
                return;
            }
            if (!generateStsParams()) {
                informPeerAndCancel();
                return;
            }
            KeyStruct.OperationResult signStsInfo = signStsInfo(new CallerInfo(this.mServiceId, this.mCallerPkgName));
            if (signStsInfo.getResult() != 0) {
                LogUtil.error("TaskBase", "sign STS failed");
                this.mOperationResult = signStsInfo.getResult();
                informPeerAndCancel();
                return;
            }
            byte[] encryptAesGcm = BlockCipherUtils.encryptAesGcm(signStsInfo.getAdditionalInfo(), this.mSessionKey, this.mPeerChallenge);
            this.mSelfChallenge = CommonUtil.getRandomBytes(16);
            JSONObject jSONObject2 = new JSONObject();
            try {
                jSONObject2.put("challenge", CommonUtil.toHexString(this.mSelfChallenge));
                jSONObject2.put("epk", CommonUtil.toHexString(this.mSelfPublicKey));
                jSONObject2.put("salt", CommonUtil.toHexString(this.mSalt));
                jSONObject2.put(AUTH_DATA, CommonUtil.toHexString(encryptAesGcm));
                jSONObject2.put("version", getVersionInfo());
                jSONObject2.put("peerAuthId", CommonUtil.toHexString(this.mSelfId));
                jSONObject2.put("peerUserType", this.mSelfType);
                sendPassThroughData(32785, jSONObject2);
            } catch (JSONException unused) {
                LogUtil.error("TaskBase", "cannot generate STS response data");
                this.mOperationResult = 1;
                informPeerAndCancel();
            }
        } catch (JSONException unused2) {
            LogUtil.error("TaskBase", "bad payload in start data");
            this.mOperationResult = -268435445;
            informPeerAndCancel();
        }
    }

    private KeyStruct.OperationResult signStsInfo(CallerInfo callerInfo) {
        return KeyManagerImpl.getInstance().sign(callerInfo, this.mSelfId, CommonUtil.concatenateAll(this.mSelfPublicKey, this.mSelfId, this.mPeerPublicKey, this.mPeerId));
    }

    private boolean verifyPeerSignature(byte[] bArr, CallerInfo callerInfo) {
        int verify = KeyManagerImpl.getInstance().verify(callerInfo, this.mPeerType, this.mPeerId, CommonUtil.concatenateAll(this.mPeerPublicKey, this.mPeerId, this.mSelfPublicKey, this.mSelfId), BlockCipherUtils.decryptAesGcm(bArr, this.mSessionKey, this.mSelfChallenge));
        if (verify == 0) {
            return true;
        }
        LogUtil.error("TaskBase", "verify peer's STS info signature failed");
        if (verify == -268435449 || verify == -268435450) {
            verify = ReturnCode.NOT_TRUST_PEER;
        }
        this.mOperationResult = verify;
        return false;
    }

    @Override // com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.component.TaskBase
    public void clear() {
        super.clear();
        byte[] bArr = this.mOutputKey;
        if (bArr != null) {
            Arrays.fill(bArr, (byte) 0);
        }
        byte[] bArr2 = this.mSelfPrivateKey;
        if (bArr2 != null) {
            Arrays.fill(bArr2, (byte) 0);
        }
    }

    @Override // com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.component.TaskBase
    public void doStart() {
        sendAuthStartRequest();
    }

    @Override // com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.component.TaskBase
    public void doStop() {
        LogUtil.info("TaskBase", "authenticate invoke callback return");
        if (this.mOperationResult == 0) {
            this.mReturnData = this.mOutputKey;
        }
        super.doStop();
    }

    @Override // com.huawei.iotplatform.security.e2esecurity.hichain.impl.service.component.TaskBase
    public void processReceived(int i2, @g0 JSONObject jSONObject) {
        if (i2 == 17) {
            sendAuthStartResponse(jSONObject);
            return;
        }
        if (i2 != 18) {
            switch (i2) {
                case 32785:
                    sendAuthAckRequest(jSONObject);
                    return;
                case 32786:
                    parseAuthResult(jSONObject);
                    if (!this.mTaskStatus.isFinished()) {
                        return;
                    }
                    break;
                default:
                    return;
            }
        } else {
            sendAuthAckResponse(jSONObject);
            if (!this.mTaskStatus.isFinished()) {
                return;
            }
        }
        doStop();
    }
}
