package com.xiaomi.keychainsdk;

import android.content.Context;
import android.os.Looper;
import android.util.Log;
import com.xiaomi.keychainsdk.exception.CryptoException;
import com.xiaomi.keychainsdk.exception.KeyBagException;
import com.xiaomi.keychainsdk.request.KeyBagProtocol;
import com.xiaomi.keychainsdk.request.KeyBagRequestor;
import com.xiaomi.keychainsdk.request.context.HardwareServerMasterKeyContext;
import com.xiaomi.keychainsdk.request.context.ServerMasterKeyContext;
import com.xiaomi.keychainsdk.request.context.ServerMasterKeyInfo;
import com.xiaomi.keychainsdk.request.context.SoftwareServerMasterKeyContext;
import com.xiaomi.keychainsdk.request.data.VersionedWrappedMasterKey;
import com.xiaomi.keychainsdk.storage.KeyImporter;
import com.xiaomi.keychainsdk.storage.MasterKeyStorageManager;
import com.xiaomi.keychainsdk.storage.TransferContext;
import com.xiaomi.keychainsdk.storage.data.InstalledMasterKey;
import java.util.HashSet;

/* loaded from: classes.dex */
public class KeyBagMasterKeyManager {
    private static final short FIRST_MASTER_KEY_TAG = 1;
    public static final int SECURE_LEVEL_HARDWARE = 900000;
    public static final int SECURE_LEVEL_SOFTWARE = 200000;
    public static final String TAG = "KeyBagMasterKeyManager";
    private final Context mContext;
    private final short mHSid;
    private final long mHUser;
    private final KeyBagProtocol mProtocol;
    private final int mSecurityLevel;
    private final MasterKeyStorageManager mStorage;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class ServerMasterKeyInfoInner implements ServerMasterKeyInfo {
        private final boolean mCanInstallToDevice;
        public final ServerMasterKeyContext serverMasterKeyContext;

        public ServerMasterKeyInfoInner(ServerMasterKeyContext serverMasterKeyContext, boolean z) {
            this.serverMasterKeyContext = serverMasterKeyContext;
            this.mCanInstallToDevice = z;
        }

        @Override // com.xiaomi.keychainsdk.request.context.ServerMasterKeyInfo
        public boolean canInstallToDevice() {
            return this.mCanInstallToDevice;
        }

        @Override // com.xiaomi.keychainsdk.request.context.ServerMasterKeyInfo
        public long getRemoteKeyVersion() {
            return this.serverMasterKeyContext.serverMasterKeyContextCommon.masterKeyVersion;
        }

        @Override // com.xiaomi.keychainsdk.request.context.ServerMasterKeyInfo
        public boolean hasRemoteKey() {
            return this.serverMasterKeyContext.serverMasterKeyContextCommon.hasRemoteKey();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyBagMasterKeyManager(Context context, short s, long j, int i, KeyBagRequestor keyBagRequestor) {
        if (i != 200000 && i != 900000) {
            throw new IllegalArgumentException("secureLevel != SECURE_LEVEL_SOFTWARE && secureLevel != SECURE_LEVEL_HARDWARE");
        }
        this.mContext = context;
        this.mHSid = s;
        this.mHUser = j;
        this.mSecurityLevel = i;
        this.mProtocol = KeyBagProtocol.getInstance(context, s, j, keyBagRequestor);
        this.mStorage = MasterKeyStorageManager.getInstance();
    }

    private static void ensureCallOnWorkerThread() {
        if (Looper.myLooper() == Looper.getMainLooper()) {
            throw new IllegalThreadStateException("Must be called on worker thread");
        }
    }

    private KeyImporter getKeyImporter() {
        if (this.mSecurityLevel != 900000) {
            return this.mStorage.getSoftwareImporter(this.mContext, this.mHSid, this.mHUser, false);
        }
        KeyImporter hardwareImporter = this.mStorage.getHardwareImporter(this.mContext, this.mHSid, this.mHUser, false);
        if (hardwareImporter != null) {
            return hardwareImporter;
        }
        throw new IllegalStateException("hki should not be null");
    }

    private ServerMasterKeyInfoInner getServerKeyInfoInner() throws KeyBagException {
        try {
            try {
                if (900000 != this.mSecurityLevel) {
                    return new ServerMasterKeyInfoInner(getSoftwareServerMasterKeyContext(), true);
                }
                KeyImporter hardwareImporter = this.mStorage.getHardwareImporter(this.mContext, this.mHSid, this.mHUser, true);
                if (hardwareImporter == null) {
                    return new ServerMasterKeyInfoInner(getSoftwareServerMasterKeyContext(), false);
                }
                try {
                    TransferContext generateTransferContext = hardwareImporter.generateTransferContext();
                    HardwareServerMasterKeyContext hardwareServerMasterKeyContext = this.mProtocol.getHardwareServerMasterKeyContext(generateTransferContext.getTransferPublicKey(), generateTransferContext.getAttestationCA());
                    if (!hardwareServerMasterKeyContext.hardwareInfo.isRootAttestationCATrust) {
                        Log.e(TAG, "getServerKeyInfo: root not trusted");
                        return new ServerMasterKeyInfoInner(hardwareServerMasterKeyContext, false);
                    }
                    try {
                        hardwareImporter.importMasterKey(generateTransferContext, new VersionedWrappedMasterKey(hardwareServerMasterKeyContext.hardwareInfo.testKey, 0L, (short) 0));
                        return new ServerMasterKeyInfoInner(hardwareServerMasterKeyContext, true);
                    } catch (CryptoException e) {
                        Log.e(TAG, "getServerKeyInfo: test import failed", e);
                        return new ServerMasterKeyInfoInner(hardwareServerMasterKeyContext, false);
                    }
                } catch (CryptoException e2) {
                    Log.e(TAG, "getServerKeyInfo: test import failed", e2);
                    return new ServerMasterKeyInfoInner(getSoftwareServerMasterKeyContext(), false);
                }
            } catch (CryptoException e3) {
                throw new KeyBagException(e3);
            }
        } catch (KeyBagProtocol.BadResponseException e4) {
            throw new KeyBagException(e4);
        } catch (KeyBagProtocol.OperationFailedException e5) {
            throw new KeyBagException(e5);
        } catch (KeyBagRequestor.KeyBagRequestorException e6) {
            throw new KeyBagException(e6);
        }
    }

    private SoftwareServerMasterKeyContext getSoftwareServerMasterKeyContext() throws KeyBagException {
        try {
            return this.mProtocol.getSoftwareServerMasterKeyContext();
        } catch (KeyBagProtocol.BadResponseException e) {
            throw new KeyBagException(e);
        } catch (KeyBagProtocol.OperationFailedException e2) {
            throw new KeyBagException(e2);
        } catch (KeyBagRequestor.KeyBagRequestorException e3) {
            throw new KeyBagException(e3);
        }
    }

    private void installFromServer(ServerMasterKeyInfo serverMasterKeyInfo, String str, short s) throws KeyBagException {
        ensureCallOnWorkerThread();
        if (!serverMasterKeyInfo.hasRemoteKey()) {
            throw new IllegalStateException("not created yet");
        }
        if (!serverMasterKeyInfo.canInstallToDevice()) {
            throw new IllegalStateException("can't install");
        }
        try {
            ServerMasterKeyContext serverMasterKeyContext = ((ServerMasterKeyInfoInner) serverMasterKeyInfo).serverMasterKeyContext;
            KeyImporter keyImporter = getKeyImporter();
            TransferContext generateTransferContext = keyImporter.generateTransferContext();
            keyImporter.importMasterKey(generateTransferContext, this.mProtocol.downloadMasterKey(this.mSecurityLevel, s, str, generateTransferContext.getTransferPublicKey(), generateTransferContext.getAttestationCA(), serverMasterKeyContext instanceof HardwareServerMasterKeyContext ? ((HardwareServerMasterKeyContext) serverMasterKeyContext).hardwareInfo.serverCachedAttestationCA : new HashSet(), serverMasterKeyContext.serverMasterKeyContextCommon.hsmZone, serverMasterKeyContext.serverMasterKeyContextCommon.nonce, serverMasterKeyContext.serverMasterKeyContextCommon.hsmAAD, serverMasterKeyContext.serverMasterKeyContextCommon.hsmPub1, serverMasterKeyContext.serverMasterKeyContextCommon.hsmPub2));
        } catch (CryptoException e) {
            throw new KeyBagException(e);
        } catch (KeyBagProtocol.AsyncOperationNotCompleteException e2) {
            throw new KeyBagException(e2);
        } catch (KeyBagProtocol.BadResponseException e3) {
            throw new KeyBagException(e3);
        } catch (KeyBagProtocol.OperationFailedException e4) {
            throw new KeyBagException(e4);
        } catch (KeyBagRequestor.KeyBagRequestorException e5) {
            throw new KeyBagException(e5);
        }
    }

    public void changeServerKeyPassword(ServerMasterKeyInfo serverMasterKeyInfo, String str, String str2) throws KeyBagException {
        ensureCallOnWorkerThread();
        if (!serverMasterKeyInfo.hasRemoteKey()) {
            throw new IllegalStateException("not create yet");
        }
        try {
            ServerMasterKeyContext serverMasterKeyContext = ((ServerMasterKeyInfoInner) serverMasterKeyInfo).serverMasterKeyContext;
            TransferContext generateTransferContext = getKeyImporter().generateTransferContext();
            this.mProtocol.changeMasterKeyPassword(this.mSecurityLevel, (short) 1, str, str2, generateTransferContext.getTransferPublicKey(), generateTransferContext.getAttestationCA(), serverMasterKeyContext instanceof HardwareServerMasterKeyContext ? ((HardwareServerMasterKeyContext) serverMasterKeyContext).hardwareInfo.serverCachedAttestationCA : new HashSet(), serverMasterKeyContext.serverMasterKeyContextCommon.hsmZone, serverMasterKeyContext.serverMasterKeyContextCommon.nonce, serverMasterKeyContext.serverMasterKeyContextCommon.hsmAAD, serverMasterKeyContext.serverMasterKeyContextCommon.hsmPub1, serverMasterKeyContext.serverMasterKeyContextCommon.hsmPub2);
        } catch (CryptoException e) {
            throw new KeyBagException(e);
        } catch (KeyBagProtocol.AsyncOperationNotCompleteException e2) {
            throw new KeyBagException(e2);
        } catch (KeyBagProtocol.BadResponseException e3) {
            throw new KeyBagException(e3);
        } catch (KeyBagProtocol.OperationFailedException e4) {
            throw new KeyBagException(e4);
        } catch (KeyBagRequestor.KeyBagRequestorException e5) {
            throw new KeyBagException(e5);
        }
    }

    public void createServerKeyAndInstall(ServerMasterKeyInfo serverMasterKeyInfo, String str) throws KeyBagException {
        ensureCallOnWorkerThread();
        if (serverMasterKeyInfo.hasRemoteKey()) {
            throw new IllegalStateException("already created");
        }
        if (!serverMasterKeyInfo.canInstallToDevice()) {
            throw new IllegalStateException("can't install");
        }
        try {
            ServerMasterKeyContext serverMasterKeyContext = ((ServerMasterKeyInfoInner) serverMasterKeyInfo).serverMasterKeyContext;
            KeyImporter keyImporter = getKeyImporter();
            TransferContext generateTransferContext = keyImporter.generateTransferContext();
            keyImporter.importMasterKey(generateTransferContext, this.mProtocol.createMasterKey(this.mSecurityLevel, (short) 1, str, generateTransferContext.getTransferPublicKey(), generateTransferContext.getAttestationCA(), serverMasterKeyContext instanceof HardwareServerMasterKeyContext ? ((HardwareServerMasterKeyContext) serverMasterKeyContext).hardwareInfo.serverCachedAttestationCA : new HashSet(), serverMasterKeyContext.serverMasterKeyContextCommon.hsmZone, serverMasterKeyContext.serverMasterKeyContextCommon.nonce, serverMasterKeyContext.serverMasterKeyContextCommon.hsmAAD, serverMasterKeyContext.serverMasterKeyContextCommon.hsmPub1, serverMasterKeyContext.serverMasterKeyContextCommon.hsmPub2));
        } catch (CryptoException e) {
            throw new KeyBagException(e);
        } catch (KeyBagProtocol.AsyncOperationNotCompleteException e2) {
            throw new KeyBagException(e2);
        } catch (KeyBagProtocol.BadResponseException e3) {
            throw new KeyBagException(e3);
        } catch (KeyBagProtocol.OperationFailedException e4) {
            throw new KeyBagException(e4);
        } catch (KeyBagRequestor.KeyBagRequestorException e5) {
            throw new KeyBagException(e5);
        }
    }

    public InstalledMasterKey getInstalledKeyInfo() {
        return this.mStorage.get(this.mContext, this.mHSid, this.mHUser);
    }

    public ServerMasterKeyInfo getServerKeyInfo() throws KeyBagException {
        ensureCallOnWorkerThread();
        ServerMasterKeyInfoInner serverKeyInfoInner = getServerKeyInfoInner();
        int i = serverKeyInfoInner.serverMasterKeyContext.serverMasterKeyContextCommon.secureLevel;
        if (i == this.mSecurityLevel) {
            return serverKeyInfoInner;
        }
        throw new IllegalStateException("wrong security level, should be " + i);
    }

    public void installFromServer(ServerMasterKeyInfo serverMasterKeyInfo, String str) throws KeyBagException {
        installFromServer(serverMasterKeyInfo, str, (short) 1);
    }

    public boolean isInstalled() {
        return getInstalledKeyInfo() != null;
    }

    public void resetServerKeyAndInstall(ServerMasterKeyInfo serverMasterKeyInfo, String str) throws KeyBagException {
        ensureCallOnWorkerThread();
        if (!serverMasterKeyInfo.hasRemoteKey()) {
            throw new IllegalStateException("not created yet");
        }
        if (!serverMasterKeyInfo.canInstallToDevice()) {
            throw new IllegalStateException("can't install");
        }
        try {
            ServerMasterKeyContext serverMasterKeyContext = ((ServerMasterKeyInfoInner) serverMasterKeyInfo).serverMasterKeyContext;
            KeyImporter keyImporter = getKeyImporter();
            TransferContext generateTransferContext = keyImporter.generateTransferContext();
            keyImporter.importMasterKey(generateTransferContext, this.mProtocol.resetMasterKey(this.mSecurityLevel, (short) 1, str, generateTransferContext.getTransferPublicKey(), generateTransferContext.getAttestationCA(), serverMasterKeyContext instanceof HardwareServerMasterKeyContext ? ((HardwareServerMasterKeyContext) serverMasterKeyContext).hardwareInfo.serverCachedAttestationCA : new HashSet(), serverMasterKeyContext.serverMasterKeyContextCommon.hsmZone, serverMasterKeyContext.serverMasterKeyContextCommon.nonce, serverMasterKeyContext.serverMasterKeyContextCommon.hsmAAD, serverMasterKeyContext.serverMasterKeyContextCommon.hsmPub1, serverMasterKeyContext.serverMasterKeyContextCommon.hsmPub2));
        } catch (CryptoException e) {
            throw new KeyBagException(e);
        } catch (KeyBagProtocol.AsyncOperationNotCompleteException e2) {
            throw new KeyBagException(e2);
        } catch (KeyBagProtocol.BadResponseException e3) {
            throw new KeyBagException(e3);
        } catch (KeyBagProtocol.OperationFailedException e4) {
            throw new KeyBagException(e4);
        } catch (KeyBagRequestor.KeyBagRequestorException e5) {
            throw new KeyBagException(e5);
        }
    }
}
