package com.ifaa.sdk.authenticatorservice.compat.manager;

import android.content.Context;
import android.os.Build;
import com.alibaba.fastjson.parser.JSONLexer;
import com.ifaa.sdk.auth.AuthenticatorLOG;
import com.ifaa.sdk.authenticatorservice.common.manager.IFAAManagerSystem;
import com.ifaa.sdk.authenticatorservice.common.message.Result;
import com.ifaa.sdk.authenticatorservice.common.ta.TACommands;
import com.ifaa.sdk.authenticatorservice.common.ta.TAInterationV1;
import com.ifaa.sdk.authenticatorservice.compat.exception.AuthenticatorException;
import com.ifaa.sdk.authenticatorservice.compat.manager.EtasKeystore;
import com.ifaa.sdk.util.AESUtils;
import com.ifaa.sdk.util.DeviceUtils;
import com.ifaa.sdk.util.ECUtils;
import com.ifaa.sdk.util.FileUtils;
import com.ifaa.sdk.util.HashUtils;
import com.ifaa.sdk.util.HexUtils;
import com.ifaa.sdk.util.HmacUtils;
import com.ifaa.sdk.util.PRFUtils;
import com.ifaa.sdk.util.RSAUtils;
import com.igexin.push.core.b.j;
import java.io.File;
import java.security.spec.RSAKeyGenParameterSpec;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import org.mozilla.universalchardet.prober.HebrewProber;

/* loaded from: classes.dex */
public class DeviceManager {
    private static final String DEVICE_STORE_DIR = "deviceStore";
    private static byte[] mDeviceId;

    private static byte[] getCustomDeviceId(Context context) {
        IFAAManagerSystem iFAAManagerSystem = IFAAManagerSystem.getInstance(context);
        Result sendCommand = TAInterationV1.sendCommand(context, iFAAManagerSystem.getTaCommandHandle(), TACommands.COMMAND_GETDEVICEID);
        if (sendCommand.getStatus() != 0 || sendCommand.isEmpty()) {
            try {
                Thread.sleep(500L);
            } catch (InterruptedException e) {
                e.printStackTrace();
            }
            sendCommand = TAInterationV1.sendCommand(context, iFAAManagerSystem.getTaCommandHandle(), TACommands.COMMAND_GETDEVICEID);
            if (sendCommand.getStatus() != 0 || sendCommand.isEmpty()) {
                AuthenticatorLOG.error("get DeviceId Failed");
                return null;
            }
        }
        return sendCommand.getData();
    }

    public static byte[] getDeviceId(Context context) {
        byte[] bArr = mDeviceId;
        if (bArr != null && bArr.length > 0) {
            return bArr;
        }
        byte[] customDeviceId = IFAAManagerSystem.getInstance(context).isSupportIFAAManager() ? getCustomDeviceId(context) : null;
        if (customDeviceId == null || customDeviceId.length <= 0) {
            customDeviceId = DeviceUtils.getDeviceId(context);
        }
        mDeviceId = customDeviceId;
        return customDeviceId;
    }

    private static String getHwKeyFilePath(Context context, String str) {
        return context.getFilesDir().getPath() + File.separator + HexUtils.toHexString(HashUtils.digest(HashUtils.HashAlgorithm.SHA256.getAlgorithm(), DEVICE_STORE_DIR.getBytes())) + File.separator + HexUtils.toHexString(HashUtils.digest(HashUtils.HashAlgorithm.SHA256.getAlgorithm(), str.getBytes()));
    }

    public static String getKeyAlgorithm() {
        return EtasKeystore.getPrivateKey(EtasKeystore.RegisterKeyAlias.IFAA_DEVICE_SIGNATURE_KEY).getAlgorithm();
    }

    public static boolean importDeviceKey(byte[] bArr) {
        try {
            EtasKeystore.importKeyPair(EtasKeystore.RegisterKeyAlias.IFAA_DEVICE_SIGNATURE_KEY, bArr);
            return true;
        } catch (AuthenticatorException e) {
            e.printStackTrace();
            return false;
        }
    }

    public static boolean importHwKey(byte[] bArr) {
        try {
            if (Build.VERSION.SDK_INT < 23) {
                return FileUtils.writeFile(getHwKeyFilePath(EtasContextManager.getInstance().getContext(), EtasKeystore.RegisterKeyAlias.IFAA_DEVICE_HW_KEY), storeEncrypt(bArr));
            }
            String algorithm = HmacUtils.HmacAlgorithm.HmacSHA256.getAlgorithm();
            EtasKeystore.deleteKeyEntry(EtasKeystore.RegisterKeyAlias.IFAA_DEVICE_HW_KEY);
            EtasKeystore.importSecretKey(EtasKeystore.RegisterKeyAlias.IFAA_DEVICE_HW_KEY, algorithm, bArr);
            return true;
        } catch (Exception e) {
            AuthenticatorLOG.error(e);
            e.printStackTrace();
            return false;
        }
    }

    public static boolean isDeviceKeyExist() {
        try {
            return EtasKeystore.isKeyEntry(EtasKeystore.RegisterKeyAlias.IFAA_DEVICE_SIGNATURE_KEY);
        } catch (Exception e) {
            AuthenticatorLOG.error(e);
            return false;
        }
    }

    public static boolean isHwKeyExist() {
        try {
            return Build.VERSION.SDK_INT >= 23 ? EtasKeystore.isKeyEntry(EtasKeystore.RegisterKeyAlias.IFAA_DEVICE_HW_KEY) : FileUtils.exists(getHwKeyFilePath(EtasContextManager.getInstance().getContext(), EtasKeystore.RegisterKeyAlias.IFAA_DEVICE_HW_KEY));
        } catch (Exception e) {
            e.printStackTrace();
            AuthenticatorLOG.error(e);
            return false;
        }
    }

    public static byte[] signByHwKey(byte[] bArr) {
        if (Build.VERSION.SDK_INT >= 23) {
            String algorithm = HmacUtils.HmacAlgorithm.HmacSHA256.getAlgorithm();
            SecretKey secretKey = EtasKeystore.getSecretKey(EtasKeystore.RegisterKeyAlias.IFAA_DEVICE_HW_KEY);
            Mac mac = Mac.getInstance(algorithm);
            mac.init(secretKey);
            return mac.doFinal(bArr);
        }
        String hwKeyFilePath = getHwKeyFilePath(EtasContextManager.getInstance().getContext(), EtasKeystore.RegisterKeyAlias.IFAA_DEVICE_HW_KEY);
        if (!FileUtils.exists(hwKeyFilePath)) {
            throw new AuthenticatorException("key " + EtasKeystore.RegisterKeyAlias.IFAA_DEVICE_HW_KEY + " does not exist");
        }
        try {
            return HmacUtils.hash(storeDecrypt(FileUtils.readFile(hwKeyFilePath)), bArr, HmacUtils.HmacAlgorithm.HmacSHA256.getAlgorithm());
        } catch (Exception e) {
            e.printStackTrace();
            throw new AuthenticatorException("Decrypted data failed,error:" + e.getMessage());
        }
    }

    public static byte[] signData(String str, byte[] bArr) {
        if (str.contains(ECUtils.KEY_ALGORITHM)) {
            return ECUtils.derDecode(EtasKeystore.sign(EtasKeystore.RegisterKeyAlias.IFAA_DEVICE_SIGNATURE_KEY, ECUtils.SIGN_ALGORITHM, bArr));
        }
        if (str.contains("RSA")) {
            return EtasKeystore.sign(EtasKeystore.RegisterKeyAlias.IFAA_DEVICE_SIGNATURE_KEY, RSAUtils.RSASignAlgorithm.SHA256_PKCS1_1_5.getAlgorithm(), bArr);
        }
        return null;
    }

    private static byte[] storeCrypto(int i, byte[] bArr) {
        byte[] bArr2 = {33, -106, 64, 115, -108, 6, 53, 2, -112, 9, 85, 52, 18, 84, 24, 69};
        if (Build.VERSION.SDK_INT < 23) {
            byte[] doPRF = PRFUtils.doPRF(HmacUtils.HmacAlgorithm.HmacSHA256, new byte[]{18, 24, 64, 73, 105, 50, 82, -127, 34, 25, 72, 98, 16, 9, -104, 115}, new byte[]{50, 102, 40, 121, -107, 48, -122, 57, 17, 72, 52, 21, 112, 71, 104, 36}, 32);
            return i == 1 ? AESUtils.encrypt(doPRF, bArr2, bArr, "AES/CBC/PKCS7Padding") : AESUtils.decrypt(doPRF, bArr2, bArr, "AES/CBC/PKCS7Padding");
        }
        if (!EtasKeystore.isKeyEntry(EtasKeystore.RegisterKeyAlias.IFAA_DEVICE_STORE_KEY)) {
            EtasKeystore.genAESKey(EtasKeystore.RegisterKeyAlias.IFAA_DEVICE_STORE_KEY);
        }
        return i == 1 ? EtasKeystore.encrypt(EtasKeystore.RegisterKeyAlias.IFAA_DEVICE_STORE_KEY, bArr2, bArr, "AES/CBC/PKCS7Padding") : EtasKeystore.decrypt(EtasKeystore.RegisterKeyAlias.IFAA_DEVICE_STORE_KEY, bArr2, bArr, "AES/CBC/PKCS7Padding");
    }

    public static byte[] storeDecrypt(byte[] bArr) {
        return storeCrypto(2, bArr);
    }

    public static byte[] storeEncrypt(byte[] bArr) {
        return storeCrypto(1, bArr);
    }

    private static boolean verifyEsandServer(byte[] bArr, byte[] bArr2) {
        try {
            return RSAUtils.verify(RSAUtils.getPublicKey(HexUtils.hexStringToByteArray("B7EE282B1D38633E6C984AC5147C0CECB1D87B0FF660D1D4F730900DE722F0252345BC6AD04C5A1EBC6873A9EDEE21B5BFDA88B7923A395AEC077C3A74B9B43A2FBBD13BD10CC6484C633D7EC3A641A82B5CC3CE5624F75D009EB6167B4FAB460836C60E3EF64220A6D0F9F48D566798A1593974D2B2C248ABCF5750ACEC717A6C600BC2CE88433C4D4A9EB4A7A9F5C87FA1ED08A62BFD4CA222234695DF0C39DEF5DE673C6A899F65A0FBE42A79CCBD2916512552173A9980A90705D2E5F2C6E4CEBDBFC2B3670D208D53A7F1A4517B58078A0C700426939FE2FDC36ABF8C0BE79E10CECBDE44DCDE5510D2DF17017D71D63C57B8F210B43046F036FC74E16D"), RSAKeyGenParameterSpec.F4.toByteArray()), bArr, bArr2, RSAUtils.RSASignAlgorithm.SHA256_PKCS1_1_5.getAlgorithm());
        } catch (Exception e) {
            AuthenticatorLOG.error(e);
            return false;
        }
    }

    private static boolean verifyIfaaServer(byte[] bArr, byte[] bArr2) {
        try {
            return RSAUtils.verify(RSAUtils.getPublicKey(new byte[]{-119, -111, -61, 15, -121, 25, -17, -65, -20, 86, -74, 20, 51, 111, -39, 107, -67, -56, 6, 9, 58, 66, -92, 118, -51, 1, 38, 6, 68, -2, -120, 92, 89, -55, -17, 18, -22, -35, 45, -13, 119, -86, 13, -14, -107, 96, 8, 42, -41, 117, 60, -106, -97, -42, 98, -40, -28, -88, -94, 18, -74, 1, 120, 42, 85, -126, 79, 118, 77, -111, 0, -94, 66, -74, -114, 48, -16, -74, 92, 90, 92, 61, -77, -80, -109, -71, -53, 6, -86, -64, 41, 95, 14, -62, 74, 35, -54, -66, 21, -15, 100, -104, -83, -6, -43, -121, -19, 114, 91, 3, -20, -76, -74, 68, -2, 28, 53, 15, -119, -86, -91, -16, 49, 42, -80, 36, -52, 66, -91, 65, -114, -99, -21, -111, -78, 14, -13, -37, -114, 37, 27, -11, 114, 53, -87, 65, -94, -111, 19, -95, 77, 116, -28, -93, 74, 108, -90, -125, -17, -55, 113, 38, -117, -87, -127, 88, 115, -2, -15, 33, HebrewProber.SPACE, 53, 98, Byte.MIN_VALUE, 45, Byte.MAX_VALUE, -77, 80, -65, 106, -123, j.l, 56, 12, -87, -92, -43, -105, 113, 36, 60, -3, 110, 119, 1, 3, -37, JSONLexer.EOI, -99, 91, -93, -6, 21, -83, 90, 120, -51, 77, 83, -83, -19, -127, HebrewProber.SPACE, 74, -115, 34, 61, -3, -72, -114, 106, 19, 65, -37, -23, -30, -88, 40, 120, 92, -15, 106, 94, -125, 25, -76, 13, -11, -8, -2, 39, -112, -81, -67, 37, -90, -119, -124, -79, -71, -36, -27, -98, 0, 56, 39}, RSAKeyGenParameterSpec.F4.toByteArray()), bArr, bArr2, RSAUtils.RSASignAlgorithm.SHA256_PKCS1_1_5.getAlgorithm());
        } catch (Exception e) {
            AuthenticatorLOG.error(e);
            return false;
        }
    }

    public static boolean verifyServer(byte[] bArr, byte[] bArr2) {
        boolean verifyIfaaServer = verifyIfaaServer(bArr, bArr2);
        if (verifyIfaaServer) {
            AuthenticatorLOG.debug("use ifaa root key");
            return verifyIfaaServer;
        }
        boolean verifyEsandServer = verifyEsandServer(bArr, bArr2);
        if (verifyEsandServer) {
            AuthenticatorLOG.debug("use esandinfo root key");
        }
        return verifyEsandServer;
    }
}
