package com.tencent.wnsnetsdk.security;

import com.tencent.wnsnetsdk.data.Error;
import com.tencent.wnsnetsdk.data.SecurityInfo;
import com.tencent.wnsnetsdk.security.data.HandshakeNativeData;
import com.tencent.wnsnetsdk.security.data.SecurityNativeData;
import h.tencent.p0.i.b;
import h.tencent.p0.m.c;
import h.tencent.p0.m.d;
import h.tencent.p0.m.e;
import h.tencent.p0.m.f;

/* loaded from: classes5.dex */
public class SecurityBuilder implements c {

    /* renamed from: g, reason: collision with root package name */
    public static volatile boolean f5111g = false;

    /* renamed from: h, reason: collision with root package name */
    public static volatile boolean f5112h = false;
    public long a;
    public volatile SecurityState b = SecurityState.STATE_INIT;
    public SecurityInfo c = null;
    public byte[] d = null;

    /* renamed from: e, reason: collision with root package name */
    public d f5113e;

    /* renamed from: f, reason: collision with root package name */
    public boolean f5114f;

    /* loaded from: classes5.dex */
    public enum SecurityState {
        STATE_INIT,
        STATE_0RTT_Handshake,
        STATE_0RTT_Handshake_Wait,
        STATE_0RTT_Data,
        STATE_1RTT_Handshake,
        STATE_1RTT_Handshake_Wait,
        STATE_1RTT_Data,
        STATE_End
    }

    /* loaded from: classes5.dex */
    public static /* synthetic */ class a {
        public static final /* synthetic */ int[] a;

        static {
            int[] iArr = new int[SecurityState.values().length];
            a = iArr;
            try {
                iArr[SecurityState.STATE_0RTT_Handshake.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                a[SecurityState.STATE_1RTT_Handshake.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    public SecurityBuilder(byte[] bArr, d dVar, boolean z) {
        this.a = 0L;
        this.f5113e = null;
        this.f5114f = false;
        boolean z2 = f5111g;
        if (!f5111g && (z2 = e())) {
            boolean e2 = h.tencent.p0.b.c.e();
            h.tencent.p0.b.a.c();
            b.a("SecurityBuilder", "load securityInfoFromDB:" + e2);
        }
        if (!z2) {
            a(SecurityState.STATE_End);
            return;
        }
        this.f5114f = z;
        if (z && f5112h) {
            b.a("SecurityBuilder", "debug env has hit error, just use normal certificates");
            this.f5114f = false;
        }
        this.a = nativeCreateSecurityHandle(0, h.tencent.p0.b.a.a(0, this.f5114f), bArr);
        this.f5113e = dVar;
        b.a("SecurityBuilder", "init nativeRef:" + this.a);
        b();
    }

    public static synchronized boolean e() {
        synchronized (SecurityBuilder.class) {
            if (f5111g) {
                return f5111g;
            }
            try {
                System.loadLibrary("wnscrypt");
                f5111g = true;
            } catch (UnsatisfiedLinkError e2) {
                b.a("SecurityBuilder", "System.loadLibrary UnsatisfiedLinkError failed", e2);
                f5111g = false;
                return f5111g;
            } catch (Throwable th) {
                b.a("SecurityBuilder", "System.loadLibrary failed, throw", th);
                f5111g = false;
                return f5111g;
            }
            return f5111g;
        }
    }

    public final SecurityInfo a(byte[] bArr, int i2) {
        SecurityNativeData securityNativeData = new SecurityNativeData();
        securityNativeData.setUsePSK(true);
        securityNativeData.setSeq(i2);
        securityNativeData.setLevel(10000);
        securityNativeData.setData(bArr);
        SecurityNativeData nativeEncrypt = nativeEncrypt(this.a, securityNativeData);
        if (!f.a(nativeEncrypt)) {
            return null;
        }
        SecurityInfo securityInfo = new SecurityInfo();
        securityInfo.setUseSysEncrypt(false);
        securityInfo.setEncryptTag(nativeEncrypt.getTag());
        securityInfo.setPskKey(nativeEncrypt.getData());
        return securityInfo;
    }

    @Override // h.tencent.p0.m.c
    public SecurityNativeData a(SecurityNativeData securityNativeData) {
        int i2;
        if (!f5111g) {
            b.b("SecurityBuilder", "fail to call decrypt while not load so");
            i2 = Error.WNS_SDK_ERR_SECURITY_NOT_LOAD;
        } else {
            if (this.b == SecurityState.STATE_0RTT_Data) {
                SecurityNativeData a2 = a(securityNativeData.getData(), securityNativeData.getTag(), 0, securityNativeData.getSeq(), true);
                return !f.a(a2) ? f.a(Error.WNS_SDK_ERR_SECURITY_NATIVE_DECRYPT) : a2;
            }
            if (this.b == SecurityState.STATE_1RTT_Data) {
                SecurityNativeData a3 = a(securityNativeData.getData(), securityNativeData.getTag(), 0, securityNativeData.getSeq(), false);
                return !f.a(a3) ? f.a(Error.WNS_SDK_ERR_SECURITY_NATIVE_DECRYPT) : a3;
            }
            b.b("SecurityBuilder", "fail to call decrypt while in invalid state:" + this.b);
            i2 = Error.WNS_SDK_ERR_SECURITY_INVALID_STATE;
        }
        return f.a(i2);
    }

    public final SecurityNativeData a(SecurityNativeData securityNativeData, boolean z) {
        securityNativeData.setUsePSK(z);
        SecurityNativeData nativeEncrypt = nativeEncrypt(this.a, securityNativeData);
        if (f.c(nativeEncrypt)) {
            nativeEncrypt.jceData = e.a(nativeEncrypt.data.length, nativeEncrypt.getLevel(), nativeEncrypt.getTag());
            return nativeEncrypt;
        }
        a(SecurityState.STATE_End);
        return f.a(Error.WNS_SDK_ERR_SECURITY_NATIVE_ENCRYPT);
    }

    public final SecurityNativeData a(byte[] bArr, byte[] bArr2, int i2, int i3, boolean z) {
        SecurityNativeData securityNativeData = new SecurityNativeData();
        securityNativeData.setUsePSK(z);
        securityNativeData.setTag(bArr2);
        securityNativeData.setData(bArr);
        securityNativeData.setLevel(i2);
        securityNativeData.setSeq(i3);
        return nativeDecrypt(this.a, securityNativeData);
    }

    public final void a(SecurityState securityState) {
        b.a("SecurityBuilder", "securityState: old:" + this.b + " -->" + securityState);
        d dVar = this.f5113e;
        if (dVar != null) {
            dVar.a(this.b, securityState);
        }
        a(this.b, securityState);
        this.b = securityState;
    }

    public final void a(SecurityState securityState, SecurityState securityState2) {
        if (!((securityState != SecurityState.STATE_0RTT_Handshake_Wait || securityState2 == SecurityState.STATE_0RTT_Data) ? securityState == SecurityState.STATE_0RTT_Handshake && securityState2 != SecurityState.STATE_0RTT_Handshake_Wait : true) || this.c == null) {
            return;
        }
        b.a("SecurityBuilder", "clear current psk as 0RTT state not invalid, clear:" + this.c);
        h.tencent.p0.b.c.a(this.c);
    }

    public final void a(h.tencent.p0.m.g.b bVar) {
        d dVar;
        d dVar2;
        if (bVar.a == 2821) {
            bVar.a = 0;
            b.a("SecurityBuilder", "parseForCertUpdate retCode == WNS_CODE_HANDSHAKE_ERROR_CERT_CAN_UPDATE, updateVersion:" + bVar.f10613j);
            int i2 = bVar.f10613j;
            if (i2 > 0 && (dVar2 = this.f5113e) != null && !this.f5114f) {
                dVar2.b(i2, Error.WNS_CODE_HANDSHAKE_ERROR_CERT_CAN_UPDATE);
            }
        }
        if (bVar.a == 2820) {
            b.a("SecurityBuilder", "parseForCertUpdate retCode == WNS_CODE_HANDSHAKE_ERROR_CERT_FORCE_UPDATE,force to updateVersion:" + bVar.f10613j);
            int i3 = bVar.f10613j;
            if (i3 <= 0 || (dVar = this.f5113e) == null || this.f5114f) {
                return;
            }
            dVar.b(i3, Error.WNS_CODE_HANDSHAKE_ERROR_CERT_FORCE_UPDATE);
        }
    }

    public final void a(byte[] bArr, byte[] bArr2, int i2) {
        h.tencent.p0.m.g.c d;
        SecurityInfo a2;
        SecurityNativeData a3 = a(bArr, bArr2, 0, i2, false);
        if (f.a(a3) && (d = e.d(a3.data)) != null) {
            long currentTimeMillis = System.currentTimeMillis();
            long j2 = (d.a * 1000) + currentTimeMillis;
            b.a("SecurityBuilder", "processSessionTicket when expireTime:" + j2 + " lifeTime:" + d.a);
            byte[] nativeGetPSK = nativeGetPSK(this.a);
            if (nativeGetPSK == null || (a2 = a(nativeGetPSK, (int) currentTimeMillis)) == null) {
                return;
            }
            a2.setCreateTime(currentTimeMillis);
            a2.setExpireTime(j2);
            a2.setTicket(d.b);
            a2.setPskIv(d.c);
            a2.setPskAdd(d.d);
            b.a("SecurityBuilder", "processSessionTicket and save securityInfo for id:" + h.tencent.p0.b.c.b(a2));
        }
    }

    @Override // h.tencent.p0.m.c
    public boolean a() {
        return this.b == SecurityState.STATE_0RTT_Handshake_Wait || this.b == SecurityState.STATE_0RTT_Data;
    }

    public final boolean a(byte[] bArr, byte[] bArr2, int i2, byte[] bArr3, byte[] bArr4, int i3) {
        int nativeUpdateVerifyKey;
        SecurityNativeData a2 = a(bArr, bArr2, 0, i2, false);
        if (!f.a(a2)) {
            return false;
        }
        byte[] data = a2.getData();
        byte[] bArr5 = this.d;
        byte[] bArr6 = new byte[bArr5.length + bArr3.length + bArr4.length];
        System.arraycopy(bArr5, 0, bArr6, 0, bArr5.length);
        System.arraycopy(bArr3, 0, bArr6, this.d.length, bArr3.length);
        System.arraycopy(bArr4, 0, bArr6, this.d.length + bArr3.length, bArr4.length);
        if (i3 > 0 && (nativeUpdateVerifyKey = nativeUpdateVerifyKey(this.a, h.tencent.p0.b.a.a(i3, this.f5114f))) != 0) {
            b.b("SecurityBuilder", "Fail to call nativeUpdateVerifyKey, ret:" + nativeUpdateVerifyKey);
            return false;
        }
        int nativeVerifyData = nativeVerifyData(this.a, data, bArr6);
        if (nativeVerifyData == 0) {
            f5112h = false;
        } else if (this.f5114f) {
            b.e("SecurityBuilder", "In debug ip, try to fallback verify with normal certificates");
            f5112h = true;
        }
        return nativeVerifyData == 0;
    }

    @Override // h.tencent.p0.m.c
    public SecurityNativeData b(SecurityNativeData securityNativeData) {
        if (!f5111g) {
            b.b("SecurityBuilder", "fail to call encrypt while not load so");
            return f.a(Error.WNS_SDK_ERR_SECURITY_NOT_LOAD);
        }
        if (!f.a(securityNativeData)) {
            b.b("SecurityBuilder", "fail to call encrypt while data == null");
            return f.a(Error.WNS_SDK_ERR_SECURITY_INVALID_INPUT_DATA);
        }
        if (securityNativeData.isConsultCmd) {
            return h(securityNativeData);
        }
        if (this.b != SecurityState.STATE_0RTT_Handshake_Wait && this.b != SecurityState.STATE_0RTT_Data) {
            if (this.b == SecurityState.STATE_1RTT_Data) {
                return a(securityNativeData, false);
            }
            b.b("SecurityBuilder", "fail to call encrypt while in invalid state:" + this.b);
            return f.a(Error.WNS_SDK_ERR_SECURITY_INVALID_STATE);
        }
        return a(securityNativeData, true);
    }

    public final SecurityNativeData b(SecurityNativeData securityNativeData, boolean z) {
        int i2;
        h.tencent.p0.m.g.a b = e.b(securityNativeData.getJceData());
        if (b == null || b.b == null) {
            b.b("SecurityBuilder", "fail to processRecvAppData while jceData == null!!");
            a(SecurityState.STATE_End);
            i2 = Error.WNS_SDK_ERR_SECURITY_APP_JCE_DECODE;
        } else {
            SecurityNativeData a2 = a(securityNativeData.getData(), b.b, b.a, securityNativeData.getSeq(), z);
            if (f.a(a2)) {
                return a2;
            }
            a(SecurityState.STATE_End);
            i2 = Error.WNS_SDK_ERR_SECURITY_NATIVE_DECRYPT;
        }
        return f.a(i2);
    }

    public final void b() {
        SecurityState securityState;
        SecurityInfo d = h.tencent.p0.b.c.d();
        if (f.a(d)) {
            this.c = d;
            securityState = SecurityState.STATE_0RTT_Handshake;
        } else {
            securityState = SecurityState.STATE_1RTT_Handshake;
        }
        a(securityState);
    }

    @Override // h.tencent.p0.m.c
    public SecurityNativeData c(SecurityNativeData securityNativeData) {
        if (!f5111g) {
            b.b("SecurityBuilder", "fail to call decrypt while not load so");
            return f.a(Error.WNS_SDK_ERR_SECURITY_NOT_LOAD);
        }
        if (!f.b(securityNativeData)) {
            b.b("SecurityBuilder", "fail to call decrypt while data == null");
            return f.a(Error.WNS_SDK_ERR_SECURITY_INVALID_INPUT_DATA);
        }
        if (this.b == SecurityState.STATE_0RTT_Handshake_Wait) {
            return d(securityNativeData);
        }
        if (this.b == SecurityState.STATE_1RTT_Handshake_Wait) {
            return e(securityNativeData);
        }
        if (this.b == SecurityState.STATE_0RTT_Data) {
            return b(securityNativeData, true);
        }
        if (this.b == SecurityState.STATE_1RTT_Data) {
            return b(securityNativeData, false);
        }
        b.b("SecurityBuilder", "fail to call decrypt while in invalid state:" + this.b);
        return f.a(Error.WNS_SDK_ERR_SECURITY_INVALID_STATE);
    }

    public final byte[] c() {
        byte[] bArr;
        SecurityInfo securityInfo = this.c;
        if (f.a(securityInfo) && !securityInfo.isUseSysEncrypt()) {
            SecurityNativeData securityNativeData = new SecurityNativeData();
            securityNativeData.level = 10000;
            securityNativeData.seq = (int) securityInfo.getCreateTime();
            securityNativeData.usePSK = true;
            securityNativeData.data = securityInfo.getPskKey();
            securityNativeData.tag = securityInfo.getEncryptTag();
            SecurityNativeData nativeDecrypt = nativeDecrypt(this.a, securityNativeData);
            if (nativeDecrypt == null) {
                b.b("SecurityBuilder", "fail to decode psk when decryptData == null");
                return null;
            }
            if (nativeDecrypt.retCode == 0 && (bArr = nativeDecrypt.data) != null) {
                return bArr;
            }
            b.b("SecurityBuilder", "fail to decode psk when ret:" + nativeDecrypt.retCode);
        }
        return null;
    }

    public final SecurityNativeData d(SecurityNativeData securityNativeData) {
        h.tencent.p0.m.g.b c = e.c(securityNativeData.jceData);
        if (c == null) {
            b.b("SecurityBuilder", "fail to processRecv0RTTHandshake, try to reset current session");
            a(SecurityState.STATE_End);
            return f.a(Error.WNS_SDK_ERR_SECURITY_JCE_DECODE);
        }
        if (!f.a(c)) {
            a(SecurityState.STATE_End);
            int i2 = c.a;
            return i2 != 0 ? f.a(i2) : f.a(Error.WNS_SDK_ERR_SECURITY_JCE_DECODE);
        }
        byte[] bArr = c.f10609f.get(4);
        securityNativeData.setUsePSK(true);
        securityNativeData.setTag(bArr);
        SecurityNativeData nativeDecrypt = nativeDecrypt(this.a, securityNativeData);
        if (f.a(nativeDecrypt)) {
            a(SecurityState.STATE_0RTT_Data);
            return nativeDecrypt;
        }
        b.b("SecurityBuilder", "processRecv0RTTHandshake# fail to nativeDecrypt");
        a(SecurityState.STATE_End);
        return f.a(Error.WNS_SDK_ERR_SECURITY_NATIVE_DECRYPT);
    }

    public final boolean d() {
        byte[] c = c();
        if (c == null) {
            return false;
        }
        SecurityInfo securityInfo = this.c;
        int nativeSetPSK = nativeSetPSK(this.a, c, securityInfo.getPskIv(), securityInfo.getPskAdd());
        if (nativeSetPSK == 0) {
            return true;
        }
        b.b("SecurityBuilder", "fail to set psk to native as ret:" + nativeSetPSK);
        return false;
    }

    public final SecurityNativeData e(SecurityNativeData securityNativeData) {
        h.tencent.p0.m.g.b c = e.c(securityNativeData.jceData);
        if (c == null) {
            b.b("SecurityBuilder", "fail to processRecv1RTTHandshake, just reset current session");
            a(SecurityState.STATE_End);
            return f.a(Error.WNS_SDK_ERR_SECURITY_JCE_DECODE);
        }
        a(c);
        if (!f.b(c)) {
            b.b("SecurityBuilder", "fail to processRecv1RTTHandshake, just reset current session");
            a(SecurityState.STATE_End);
            int i2 = c.a;
            return i2 != 0 ? f.a(i2) : f.a(Error.WNS_SDK_ERR_SECURITY_JCE_DECODE);
        }
        HandshakeNativeData handshakeNativeData = new HandshakeNativeData(0, c.c, c.d, c.f10608e, c.b, 0);
        handshakeNativeData.isClient = true;
        int nativeOnRecvServerPubKey = nativeOnRecvServerPubKey(this.a, handshakeNativeData);
        if (nativeOnRecvServerPubKey != 0) {
            a(SecurityState.STATE_End);
            b.b("SecurityBuilder", "fail to processRecv1RTTHandshake while call nativeOnRecvServerPubKey ret:" + nativeOnRecvServerPubKey);
            return f.a(Error.WNS_SDK_ERR_SECURITY_NATIVE_RECV_SERVER);
        }
        if (!a(c.f10610g, c.f10609f.get(1), securityNativeData.getSeq(), c.b, c.f10608e, c.f10612i)) {
            a(SecurityState.STATE_End);
            b.b("SecurityBuilder", "fail to processRecv1RTTHandshake while not verifyData");
            return f.a(Error.WNS_SDK_ERR_SECURITY_NATIVE_VERIFY);
        }
        a(c.f10611h, c.f10609f.get(2), securityNativeData.getSeq());
        SecurityNativeData a2 = a(securityNativeData.data, c.f10609f.get(4), 0, securityNativeData.getSeq(), false);
        if (f.a(a2)) {
            a(SecurityState.STATE_1RTT_Data);
            return a2;
        }
        a(SecurityState.STATE_End);
        b.b("SecurityBuilder", "fail to processRecv1RTTHandshake while realAppData is null");
        return f.a(Error.WNS_SDK_ERR_SECURITY_NATIVE_DECRYPT);
    }

    public final SecurityNativeData f(SecurityNativeData securityNativeData) {
        SecurityInfo securityInfo = this.c;
        if (!f.a(securityInfo)) {
            a(SecurityState.STATE_End);
            return f.a(Error.WNS_SDK_ERR_SECURITY_INVALID_SECURITY_INFO);
        }
        securityNativeData.usePSK = true;
        SecurityNativeData nativeEncrypt = nativeEncrypt(this.a, securityNativeData);
        if (!f.c(nativeEncrypt)) {
            a(SecurityState.STATE_End);
            return f.a(Error.WNS_SDK_ERR_SECURITY_NATIVE_ENCRYPT);
        }
        nativeEncrypt.jceData = e.a(null, 0, 0, null, securityInfo.getTicket(), nativeEncrypt.getTag(), this.f5114f);
        a(SecurityState.STATE_0RTT_Handshake_Wait);
        return nativeEncrypt;
    }

    public void finalize() {
        try {
            b.a("SecurityBuilder", "finalize, nativeRef:" + this.a);
            if (this.a != 0) {
                nativeClose(this.a);
            }
        } catch (Throwable unused) {
        }
    }

    public final SecurityNativeData g(SecurityNativeData securityNativeData) {
        byte[] bArr;
        byte[] bArr2;
        HandshakeNativeData nativeGeneratePubKey = nativeGeneratePubKey(this.a);
        if (nativeGeneratePubKey == null) {
            b.b("SecurityBuilder", "process1RTTHandshake#nativeGeneratePubKey handshakeNativeData == null");
            a(SecurityState.STATE_End);
            return f.a(Error.WNS_SDK_ERR_SECURITY_NATIVE_GENERATE_PUB_KEY);
        }
        if (nativeGeneratePubKey.retCode == 0 && (bArr = nativeGeneratePubKey.random) != null && (bArr2 = nativeGeneratePubKey.exchangeKey) != null) {
            this.d = bArr;
            securityNativeData.setJceData(e.a(bArr, nativeGeneratePubKey.ciphType, nativeGeneratePubKey.cruvGroup, bArr2, null, null, this.f5114f));
            a(SecurityState.STATE_1RTT_Handshake_Wait);
            return securityNativeData;
        }
        b.b("SecurityBuilder", "process1RTTHandshake#nativeGeneratePubKey retCode = " + nativeGeneratePubKey.retCode);
        a(SecurityState.STATE_End);
        return f.a(Error.WNS_SDK_ERR_SECURITY_NATIVE_GENERATE_PUB_KEY);
    }

    public final SecurityNativeData h(SecurityNativeData securityNativeData) {
        int i2 = a.a[this.b.ordinal()];
        if (i2 == 1) {
            if (d()) {
                return f(securityNativeData);
            }
            a(SecurityState.STATE_1RTT_Handshake);
            return g(securityNativeData);
        }
        if (i2 == 2) {
            return g(securityNativeData);
        }
        b.b("SecurityBuilder", "invalid state[" + this.b + "] when hit consultCmd");
        return f.a(Error.WNS_SDK_ERR_SECURITY_INVALID_STATE);
    }

    public native int nativeClose(long j2);

    public native long nativeCreateSecurityHandle(int i2, byte[] bArr, byte[] bArr2);

    public native SecurityNativeData nativeDecrypt(long j2, SecurityNativeData securityNativeData);

    public native SecurityNativeData nativeEncrypt(long j2, SecurityNativeData securityNativeData);

    public native HandshakeNativeData nativeGeneratePubKey(long j2);

    public native byte[] nativeGetPSK(long j2);

    public native int nativeOnRecvServerPubKey(long j2, HandshakeNativeData handshakeNativeData);

    public native int nativeSetPSK(long j2, byte[] bArr, byte[] bArr2, byte[] bArr3);

    public native int nativeUpdateVerifyKey(long j2, byte[] bArr);

    public native int nativeVerifyData(long j2, byte[] bArr, byte[] bArr2);
}
