package com.tencent.wnsnetsdk.security;

import com.huawei.hms.framework.common.RunnableEnhance;
import com.tencent.wnsnetsdk.account.CertInfoDB;
import com.tencent.wnsnetsdk.account.SecurityInfoDB;
import com.tencent.wnsnetsdk.data.Error;
import com.tencent.wnsnetsdk.data.SecurityInfo;
import com.tencent.wnsnetsdk.log.WnsLogUtils;
import com.tencent.wnsnetsdk.security.data.HandshakeNativeData;
import com.tencent.wnsnetsdk.security.data.SecurityNativeData;
import com.tencent.wnsnetsdk.security.jce.AppJCEData;
import com.tencent.wnsnetsdk.security.jce.HandshakeJCEData;
import com.tencent.wnsnetsdk.security.jce.SessionTicketJCEData;

/* loaded from: classes7.dex */
public class SecurityBuilder implements ISecurityBuilder {
    private static final int ERROR_NATIVE_OK = 0;
    private static final int LEVEL_CIPH = 0;
    public static final String TAG = "SecurityBuilder";
    private static volatile boolean sIsLoad = false;
    private static volatile boolean sVerifyDebugErrorBefore = false;
    private boolean mIsDebug;
    public ISecurityStateListener mSecurityStateListener;
    private long nativeRef;
    private volatile SecurityState state = SecurityState.STATE_INIT;
    private SecurityInfo cacheSecurityInfo = null;
    private byte[] clientRandom = null;

    /* renamed from: com.tencent.wnsnetsdk.security.SecurityBuilder$1, reason: invalid class name */
    /* loaded from: classes7.dex */
    public static /* synthetic */ class AnonymousClass1 {
        public static final /* synthetic */ int[] $SwitchMap$com$tencent$wnsnetsdk$security$SecurityBuilder$SecurityState;

        static {
            int[] iArr = new int[SecurityState.values().length];
            $SwitchMap$com$tencent$wnsnetsdk$security$SecurityBuilder$SecurityState = iArr;
            try {
                iArr[SecurityState.STATE_0RTT_Handshake.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$tencent$wnsnetsdk$security$SecurityBuilder$SecurityState[SecurityState.STATE_1RTT_Handshake.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* loaded from: classes7.dex */
    public enum SecurityState {
        STATE_INIT,
        STATE_0RTT_Handshake,
        STATE_0RTT_Handshake_Wait,
        STATE_0RTT_Data,
        STATE_1RTT_Handshake,
        STATE_1RTT_Handshake_Wait,
        STATE_1RTT_Data,
        STATE_End
    }

    public SecurityBuilder(byte[] bArr, ISecurityStateListener iSecurityStateListener, boolean z) {
        this.nativeRef = 0L;
        this.mSecurityStateListener = null;
        this.mIsDebug = false;
        boolean z2 = sIsLoad;
        if (!sIsLoad && (z2 = loadLib())) {
            boolean loadSecurityInfoFromDB = SecurityInfoDB.loadSecurityInfoFromDB();
            CertInfoDB.initCertInfo();
            WnsLogUtils.d(TAG, "load securityInfoFromDB:" + loadSecurityInfoFromDB);
        }
        if (!z2) {
            setSecurityState(SecurityState.STATE_End);
            return;
        }
        this.mIsDebug = z;
        if (z && sVerifyDebugErrorBefore) {
            WnsLogUtils.d(TAG, "debug env has hit error, just use normal certificates");
            this.mIsDebug = false;
        }
        this.nativeRef = nativeCreateSecurityHandle(0, CertInfoDB.queryCertInfo(0, this.mIsDebug), bArr);
        this.mSecurityStateListener = iSecurityStateListener;
        WnsLogUtils.d(TAG, "init nativeRef:" + this.nativeRef);
        check0RTTKey();
    }

    private void check0RTTKey() {
        SecurityInfo securityInfo = SecurityInfoDB.getSecurityInfo();
        if (!SecurityUtils.checkSecurityInfoValid(securityInfo)) {
            setSecurityState(SecurityState.STATE_1RTT_Handshake);
        } else {
            this.cacheSecurityInfo = securityInfo;
            setSecurityState(SecurityState.STATE_0RTT_Handshake);
        }
    }

    private void checkIfClearCurrentPSK(SecurityState securityState, SecurityState securityState2) {
        if (!((securityState != SecurityState.STATE_0RTT_Handshake_Wait || securityState2 == SecurityState.STATE_0RTT_Data) ? securityState == SecurityState.STATE_0RTT_Handshake && securityState2 != SecurityState.STATE_0RTT_Handshake_Wait : true) || this.cacheSecurityInfo == null) {
            return;
        }
        WnsLogUtils.d(TAG, "clear current psk as 0RTT state not invalid, clear:" + this.cacheSecurityInfo);
        SecurityInfoDB.delSecurityInfo(this.cacheSecurityInfo);
    }

    private SecurityNativeData decryptData(byte[] bArr, byte[] bArr2, int i2, int i3, boolean z) {
        SecurityNativeData securityNativeData = new SecurityNativeData();
        securityNativeData.setUsePSK(z);
        securityNativeData.setTag(bArr2);
        securityNativeData.setData(bArr);
        securityNativeData.setLevel(i2);
        securityNativeData.setSeq(i3);
        return nativeDecrypt(this.nativeRef, securityNativeData);
    }

    private byte[] decryptPSK() {
        byte[] bArr;
        SecurityInfo securityInfo = this.cacheSecurityInfo;
        if (SecurityUtils.checkSecurityInfoValid(securityInfo) && !securityInfo.isUseSysEncrypt()) {
            SecurityNativeData securityNativeData = new SecurityNativeData();
            securityNativeData.level = 10000;
            securityNativeData.seq = (int) securityInfo.getCreateTime();
            securityNativeData.usePSK = true;
            securityNativeData.data = securityInfo.getPskKey();
            securityNativeData.tag = securityInfo.getEncryptTag();
            SecurityNativeData nativeDecrypt = nativeDecrypt(this.nativeRef, securityNativeData);
            if (nativeDecrypt == null) {
                WnsLogUtils.e(TAG, "fail to decode psk when decryptData == null");
                return null;
            }
            if (nativeDecrypt.retCode == 0 && (bArr = nativeDecrypt.data) != null) {
                return bArr;
            }
            WnsLogUtils.e(TAG, "fail to decode psk when ret:" + nativeDecrypt.retCode);
        }
        return null;
    }

    private SecurityInfo encryptPSKKey(byte[] bArr, int i2) {
        SecurityNativeData securityNativeData = new SecurityNativeData();
        securityNativeData.setUsePSK(true);
        securityNativeData.setSeq(i2);
        securityNativeData.setLevel(10000);
        securityNativeData.setData(bArr);
        SecurityNativeData nativeEncrypt = nativeEncrypt(this.nativeRef, securityNativeData);
        if (!SecurityUtils.checkDataValid(nativeEncrypt)) {
            return null;
        }
        SecurityInfo securityInfo = new SecurityInfo();
        securityInfo.setUseSysEncrypt(false);
        securityInfo.setEncryptTag(nativeEncrypt.getTag());
        securityInfo.setPskKey(nativeEncrypt.getData());
        return securityInfo;
    }

    public static synchronized boolean loadLib() {
        synchronized (SecurityBuilder.class) {
            if (sIsLoad) {
                return sIsLoad;
            }
            try {
                System.loadLibrary("wnscrypt");
                sIsLoad = true;
            } catch (UnsatisfiedLinkError e2) {
                WnsLogUtils.e(TAG, "System.loadLibrary UnsatisfiedLinkError failed", e2);
                sIsLoad = false;
            } catch (Throwable th) {
                WnsLogUtils.e(TAG, "System.loadLibrary failed, throw", th);
                sIsLoad = false;
            }
            return sIsLoad;
        }
    }

    private void parseForCertUpdate(HandshakeJCEData handshakeJCEData) {
        ISecurityStateListener iSecurityStateListener;
        ISecurityStateListener iSecurityStateListener2;
        if (handshakeJCEData.retCode == 2821) {
            handshakeJCEData.retCode = 0;
            WnsLogUtils.d(TAG, "parseForCertUpdate retCode == WNS_CODE_HANDSHAKE_ERROR_CERT_CAN_UPDATE, updateVersion:" + handshakeJCEData.updateVersion);
            int i2 = handshakeJCEData.updateVersion;
            if (i2 > 0 && (iSecurityStateListener2 = this.mSecurityStateListener) != null && !this.mIsDebug) {
                iSecurityStateListener2.onCertNeedUpdate(i2, Error.WNS_CODE_HANDSHAKE_ERROR_CERT_CAN_UPDATE);
            }
        }
        if (handshakeJCEData.retCode == 2820) {
            WnsLogUtils.d(TAG, "parseForCertUpdate retCode == WNS_CODE_HANDSHAKE_ERROR_CERT_FORCE_UPDATE,force to updateVersion:" + handshakeJCEData.updateVersion);
            int i3 = handshakeJCEData.updateVersion;
            if (i3 <= 0 || (iSecurityStateListener = this.mSecurityStateListener) == null || this.mIsDebug) {
                return;
            }
            iSecurityStateListener.onCertNeedUpdate(i3, Error.WNS_CODE_HANDSHAKE_ERROR_CERT_FORCE_UPDATE);
        }
    }

    private SecurityNativeData processEncryptData(SecurityNativeData securityNativeData, boolean z) {
        securityNativeData.setUsePSK(z);
        SecurityNativeData nativeEncrypt = nativeEncrypt(this.nativeRef, securityNativeData);
        if (SecurityUtils.checkTagValid(nativeEncrypt)) {
            nativeEncrypt.jceData = SecurityJCEHelper.makeApplicationData(nativeEncrypt.data.length, nativeEncrypt.getLevel(), nativeEncrypt.getTag());
            return nativeEncrypt;
        }
        setSecurityState(SecurityState.STATE_End);
        return SecurityUtils.createSecurityNativeDataWithErrorCode(702);
    }

    private SecurityNativeData processRecv0RTTHandshake(SecurityNativeData securityNativeData) {
        HandshakeJCEData decodeServerHello = SecurityJCEHelper.decodeServerHello(securityNativeData.jceData);
        if (decodeServerHello == null) {
            WnsLogUtils.e(TAG, "fail to processRecv0RTTHandshake, try to reset current session");
            setSecurityState(SecurityState.STATE_End);
            return SecurityUtils.createSecurityNativeDataWithErrorCode(707);
        }
        if (!SecurityUtils.checkHandshakeJCEDataFor0RTTValid(decodeServerHello)) {
            setSecurityState(SecurityState.STATE_End);
            int i2 = decodeServerHello.retCode;
            return i2 != 0 ? SecurityUtils.createSecurityNativeDataWithErrorCode(i2) : SecurityUtils.createSecurityNativeDataWithErrorCode(707);
        }
        byte[] bArr = decodeServerHello.encryptTag.get(4);
        securityNativeData.setUsePSK(true);
        securityNativeData.setTag(bArr);
        SecurityNativeData nativeDecrypt = nativeDecrypt(this.nativeRef, securityNativeData);
        if (SecurityUtils.checkDataValid(nativeDecrypt)) {
            setSecurityState(SecurityState.STATE_0RTT_Data);
            return nativeDecrypt;
        }
        WnsLogUtils.e(TAG, "processRecv0RTTHandshake# fail to nativeDecrypt");
        setSecurityState(SecurityState.STATE_End);
        return SecurityUtils.createSecurityNativeDataWithErrorCode(703);
    }

    private SecurityNativeData processRecv1RTTHandshake(SecurityNativeData securityNativeData) {
        HandshakeJCEData decodeServerHello = SecurityJCEHelper.decodeServerHello(securityNativeData.jceData);
        if (decodeServerHello == null) {
            WnsLogUtils.e(TAG, "fail to processRecv1RTTHandshake, just reset current session");
            setSecurityState(SecurityState.STATE_End);
            return SecurityUtils.createSecurityNativeDataWithErrorCode(707);
        }
        parseForCertUpdate(decodeServerHello);
        if (!SecurityUtils.checkHandshakeJCEDataFor1RTTValid(decodeServerHello)) {
            WnsLogUtils.e(TAG, "fail to processRecv1RTTHandshake, just reset current session");
            setSecurityState(SecurityState.STATE_End);
            int i2 = decodeServerHello.retCode;
            return i2 != 0 ? SecurityUtils.createSecurityNativeDataWithErrorCode(i2) : SecurityUtils.createSecurityNativeDataWithErrorCode(707);
        }
        HandshakeNativeData handshakeNativeData = new HandshakeNativeData(0, decodeServerHello.cipherType, decodeServerHello.cruvGroup, decodeServerHello.keyShare, decodeServerHello.random, 0);
        handshakeNativeData.isClient = true;
        int nativeOnRecvServerPubKey = nativeOnRecvServerPubKey(this.nativeRef, handshakeNativeData);
        if (nativeOnRecvServerPubKey != 0) {
            setSecurityState(SecurityState.STATE_End);
            WnsLogUtils.e(TAG, "fail to processRecv1RTTHandshake while call nativeOnRecvServerPubKey ret:" + nativeOnRecvServerPubKey);
            return SecurityUtils.createSecurityNativeDataWithErrorCode(706);
        }
        if (!processVerifyData(decodeServerHello.encryptCertificateVerify, decodeServerHello.encryptTag.get(1), securityNativeData.getSeq(), decodeServerHello.random, decodeServerHello.keyShare, decodeServerHello.curCertVersion)) {
            setSecurityState(SecurityState.STATE_End);
            WnsLogUtils.e(TAG, "fail to processRecv1RTTHandshake while not verifyData");
            return SecurityUtils.createSecurityNativeDataWithErrorCode(704);
        }
        processSessionTicket(decodeServerHello.encryptSessionTicket, decodeServerHello.encryptTag.get(2), securityNativeData.getSeq());
        SecurityNativeData decryptData = decryptData(securityNativeData.data, decodeServerHello.encryptTag.get(4), 0, securityNativeData.getSeq(), false);
        if (SecurityUtils.checkDataValid(decryptData)) {
            setSecurityState(SecurityState.STATE_1RTT_Data);
            return decryptData;
        }
        setSecurityState(SecurityState.STATE_End);
        WnsLogUtils.e(TAG, "fail to processRecv1RTTHandshake while realAppData is null");
        return SecurityUtils.createSecurityNativeDataWithErrorCode(703);
    }

    private SecurityNativeData processRecvAppData(SecurityNativeData securityNativeData, boolean z) {
        AppJCEData decodeApplicationData = SecurityJCEHelper.decodeApplicationData(securityNativeData.getJceData());
        if (decodeApplicationData == null || decodeApplicationData.encryptTag == null) {
            WnsLogUtils.e(TAG, "fail to processRecvAppData while jceData == null!!");
            setSecurityState(SecurityState.STATE_End);
            return SecurityUtils.createSecurityNativeDataWithErrorCode(711);
        }
        SecurityNativeData decryptData = decryptData(securityNativeData.getData(), decodeApplicationData.encryptTag, decodeApplicationData.cipherLevel, securityNativeData.getSeq(), z);
        if (SecurityUtils.checkDataValid(decryptData)) {
            return decryptData;
        }
        setSecurityState(SecurityState.STATE_End);
        return SecurityUtils.createSecurityNativeDataWithErrorCode(703);
    }

    private SecurityNativeData processSend0RTTHandshake(SecurityNativeData securityNativeData) {
        SecurityInfo securityInfo = this.cacheSecurityInfo;
        if (!SecurityUtils.checkSecurityInfoValid(securityInfo)) {
            setSecurityState(SecurityState.STATE_End);
            return SecurityUtils.createSecurityNativeDataWithErrorCode(708);
        }
        securityNativeData.usePSK = true;
        SecurityNativeData nativeEncrypt = nativeEncrypt(this.nativeRef, securityNativeData);
        if (!SecurityUtils.checkTagValid(nativeEncrypt)) {
            setSecurityState(SecurityState.STATE_End);
            return SecurityUtils.createSecurityNativeDataWithErrorCode(702);
        }
        nativeEncrypt.jceData = SecurityJCEHelper.makeClientHello(null, 0, 0, null, securityInfo.getTicket(), nativeEncrypt.getTag(), this.mIsDebug);
        setSecurityState(SecurityState.STATE_0RTT_Handshake_Wait);
        return nativeEncrypt;
    }

    private SecurityNativeData processSend1RTTHandshake(SecurityNativeData securityNativeData) {
        byte[] bArr;
        byte[] bArr2;
        HandshakeNativeData nativeGeneratePubKey = nativeGeneratePubKey(this.nativeRef);
        if (nativeGeneratePubKey == null) {
            WnsLogUtils.e(TAG, "process1RTTHandshake#nativeGeneratePubKey handshakeNativeData == null");
            setSecurityState(SecurityState.STATE_End);
            return SecurityUtils.createSecurityNativeDataWithErrorCode(705);
        }
        if (nativeGeneratePubKey.retCode == 0 && (bArr = nativeGeneratePubKey.random) != null && (bArr2 = nativeGeneratePubKey.exchangeKey) != null) {
            this.clientRandom = bArr;
            securityNativeData.setJceData(SecurityJCEHelper.makeClientHello(bArr, nativeGeneratePubKey.ciphType, nativeGeneratePubKey.cruvGroup, bArr2, null, null, this.mIsDebug));
            setSecurityState(SecurityState.STATE_1RTT_Handshake_Wait);
            return securityNativeData;
        }
        WnsLogUtils.e(TAG, "process1RTTHandshake#nativeGeneratePubKey retCode = " + nativeGeneratePubKey.retCode);
        setSecurityState(SecurityState.STATE_End);
        return SecurityUtils.createSecurityNativeDataWithErrorCode(705);
    }

    private SecurityNativeData processSendHandshake(SecurityNativeData securityNativeData) {
        int i2 = AnonymousClass1.$SwitchMap$com$tencent$wnsnetsdk$security$SecurityBuilder$SecurityState[this.state.ordinal()];
        if (i2 == 1) {
            if (setPSKToNative()) {
                return processSend0RTTHandshake(securityNativeData);
            }
            setSecurityState(SecurityState.STATE_1RTT_Handshake);
            return processSend1RTTHandshake(securityNativeData);
        }
        if (i2 == 2) {
            return processSend1RTTHandshake(securityNativeData);
        }
        WnsLogUtils.e(TAG, "invalid state[" + this.state + "] when hit consultCmd");
        return SecurityUtils.createSecurityNativeDataWithErrorCode(701);
    }

    private void processSessionTicket(byte[] bArr, byte[] bArr2, int i2) {
        SessionTicketJCEData decodeSessionTicket;
        SecurityInfo encryptPSKKey;
        SecurityNativeData decryptData = decryptData(bArr, bArr2, 0, i2, false);
        if (SecurityUtils.checkDataValid(decryptData) && (decodeSessionTicket = SecurityJCEHelper.decodeSessionTicket(decryptData.data)) != null) {
            long currentTimeMillis = System.currentTimeMillis();
            long j2 = (decodeSessionTicket.lifeTime * 1000) + currentTimeMillis;
            WnsLogUtils.d(TAG, "processSessionTicket when expireTime:" + j2 + " lifeTime:" + decodeSessionTicket.lifeTime);
            byte[] nativeGetPSK = nativeGetPSK(this.nativeRef);
            if (nativeGetPSK == null || (encryptPSKKey = encryptPSKKey(nativeGetPSK, (int) currentTimeMillis)) == null) {
                return;
            }
            encryptPSKKey.setCreateTime(currentTimeMillis);
            encryptPSKKey.setExpireTime(j2);
            encryptPSKKey.setTicket(decodeSessionTicket.pskTicket);
            encryptPSKKey.setPskIv(decodeSessionTicket.pskIv);
            encryptPSKKey.setPskAdd(decodeSessionTicket.pskAdd);
            WnsLogUtils.d(TAG, "processSessionTicket and save securityInfo for id:" + SecurityInfoDB.saveSecurityInfo(encryptPSKKey));
        }
    }

    private boolean processVerifyData(byte[] bArr, byte[] bArr2, int i2, byte[] bArr3, byte[] bArr4, int i3) {
        int nativeUpdateVerifyKey;
        SecurityNativeData decryptData = decryptData(bArr, bArr2, 0, i2, false);
        if (!SecurityUtils.checkDataValid(decryptData)) {
            return false;
        }
        byte[] data = decryptData.getData();
        byte[] bArr5 = this.clientRandom;
        byte[] bArr6 = new byte[bArr5.length + bArr3.length + bArr4.length];
        System.arraycopy(bArr5, 0, bArr6, 0, bArr5.length);
        System.arraycopy(bArr3, 0, bArr6, this.clientRandom.length, bArr3.length);
        System.arraycopy(bArr4, 0, bArr6, this.clientRandom.length + bArr3.length, bArr4.length);
        if (i3 > 0 && (nativeUpdateVerifyKey = nativeUpdateVerifyKey(this.nativeRef, CertInfoDB.queryCertInfo(i3, this.mIsDebug))) != 0) {
            WnsLogUtils.e(TAG, "Fail to call nativeUpdateVerifyKey, ret:" + nativeUpdateVerifyKey);
            return false;
        }
        int nativeVerifyData = nativeVerifyData(this.nativeRef, data, bArr6);
        if (nativeVerifyData == 0) {
            sVerifyDebugErrorBefore = false;
        } else if (this.mIsDebug) {
            WnsLogUtils.w(TAG, "In debug ip, try to fallback verify with normal certificates");
            sVerifyDebugErrorBefore = true;
        }
        return nativeVerifyData == 0;
    }

    private boolean setPSKToNative() {
        byte[] decryptPSK = decryptPSK();
        if (decryptPSK == null) {
            return false;
        }
        SecurityInfo securityInfo = this.cacheSecurityInfo;
        int nativeSetPSK = nativeSetPSK(this.nativeRef, decryptPSK, securityInfo.getPskIv(), securityInfo.getPskAdd());
        if (nativeSetPSK == 0) {
            return true;
        }
        WnsLogUtils.e(TAG, "fail to set psk to native as ret:" + nativeSetPSK);
        return false;
    }

    private void setSecurityState(SecurityState securityState) {
        WnsLogUtils.d(TAG, "securityState: old:" + this.state + RunnableEnhance.TRANCELOGO + securityState);
        ISecurityStateListener iSecurityStateListener = this.mSecurityStateListener;
        if (iSecurityStateListener != null) {
            iSecurityStateListener.onChangeSecurityState(this.state, securityState);
        }
        checkIfClearCurrentPSK(this.state, securityState);
        this.state = securityState;
    }

    @Override // com.tencent.wnsnetsdk.security.ISecurityBuilder
    public boolean canUsePSK() {
        return this.state == SecurityState.STATE_0RTT_Handshake_Wait || this.state == SecurityState.STATE_0RTT_Data;
    }

    @Override // com.tencent.wnsnetsdk.security.ISecurityBuilder
    public SecurityNativeData decrypt(SecurityNativeData securityNativeData) {
        if (!sIsLoad) {
            WnsLogUtils.e(TAG, "fail to call decrypt while not load so");
            return SecurityUtils.createSecurityNativeDataWithErrorCode(709);
        }
        if (!SecurityUtils.checkJceDataValid(securityNativeData)) {
            WnsLogUtils.e(TAG, "fail to call decrypt while data == null");
            return SecurityUtils.createSecurityNativeDataWithErrorCode(710);
        }
        if (this.state == SecurityState.STATE_0RTT_Handshake_Wait) {
            return processRecv0RTTHandshake(securityNativeData);
        }
        if (this.state == SecurityState.STATE_1RTT_Handshake_Wait) {
            return processRecv1RTTHandshake(securityNativeData);
        }
        if (this.state == SecurityState.STATE_0RTT_Data) {
            return processRecvAppData(securityNativeData, true);
        }
        if (this.state == SecurityState.STATE_1RTT_Data) {
            return processRecvAppData(securityNativeData, false);
        }
        WnsLogUtils.e(TAG, "fail to call decrypt while in invalid state:" + this.state);
        return SecurityUtils.createSecurityNativeDataWithErrorCode(701);
    }

    @Override // com.tencent.wnsnetsdk.security.ISecurityBuilder
    public SecurityNativeData decryptWithTag(SecurityNativeData securityNativeData) {
        if (!sIsLoad) {
            WnsLogUtils.e(TAG, "fail to call decrypt while not load so");
            return SecurityUtils.createSecurityNativeDataWithErrorCode(709);
        }
        if (this.state == SecurityState.STATE_0RTT_Data) {
            SecurityNativeData decryptData = decryptData(securityNativeData.getData(), securityNativeData.getTag(), 0, securityNativeData.getSeq(), true);
            return !SecurityUtils.checkDataValid(decryptData) ? SecurityUtils.createSecurityNativeDataWithErrorCode(703) : decryptData;
        }
        if (this.state == SecurityState.STATE_1RTT_Data) {
            SecurityNativeData decryptData2 = decryptData(securityNativeData.getData(), securityNativeData.getTag(), 0, securityNativeData.getSeq(), false);
            return !SecurityUtils.checkDataValid(decryptData2) ? SecurityUtils.createSecurityNativeDataWithErrorCode(703) : decryptData2;
        }
        WnsLogUtils.e(TAG, "fail to call decrypt while in invalid state:" + this.state);
        return SecurityUtils.createSecurityNativeDataWithErrorCode(701);
    }

    @Override // com.tencent.wnsnetsdk.security.ISecurityBuilder
    public SecurityNativeData encrypt(SecurityNativeData securityNativeData) {
        if (!sIsLoad) {
            WnsLogUtils.e(TAG, "fail to call encrypt while not load so");
            return SecurityUtils.createSecurityNativeDataWithErrorCode(709);
        }
        if (!SecurityUtils.checkDataValid(securityNativeData)) {
            WnsLogUtils.e(TAG, "fail to call encrypt while data == null");
            return SecurityUtils.createSecurityNativeDataWithErrorCode(710);
        }
        if (securityNativeData.isConsultCmd) {
            return processSendHandshake(securityNativeData);
        }
        if (this.state != SecurityState.STATE_0RTT_Handshake_Wait && this.state != SecurityState.STATE_0RTT_Data) {
            if (this.state == SecurityState.STATE_1RTT_Data) {
                return processEncryptData(securityNativeData, false);
            }
            WnsLogUtils.e(TAG, "fail to call encrypt while in invalid state:" + this.state);
            return SecurityUtils.createSecurityNativeDataWithErrorCode(701);
        }
        return processEncryptData(securityNativeData, true);
    }

    public void finalize() {
        try {
            WnsLogUtils.d(TAG, "finalize, nativeRef:" + this.nativeRef);
            long j2 = this.nativeRef;
            if (j2 != 0) {
                nativeClose(j2);
            }
        } catch (Throwable unused) {
        }
    }

    public long getNativeRef() {
        return this.nativeRef;
    }

    public SecurityState getSecurityState() {
        return this.state;
    }

    public native int nativeClose(long j2);

    public native long nativeCreateSecurityHandle(int i2, byte[] bArr, byte[] bArr2);

    public native SecurityNativeData nativeDecrypt(long j2, SecurityNativeData securityNativeData);

    public native SecurityNativeData nativeEncrypt(long j2, SecurityNativeData securityNativeData);

    public native HandshakeNativeData nativeGeneratePubKey(long j2);

    public native byte[] nativeGetPSK(long j2);

    public native int nativeOnRecvServerPubKey(long j2, HandshakeNativeData handshakeNativeData);

    public native int nativeSetPSK(long j2, byte[] bArr, byte[] bArr2, byte[] bArr3);

    public native byte[] nativeSignData(long j2, byte[] bArr, byte[] bArr2);

    public native int nativeUpdateVerifyKey(long j2, byte[] bArr);

    public native int nativeVerifyData(long j2, byte[] bArr, byte[] bArr2);
}
