package e8;

import android.text.TextUtils;
import com.google.protobuf.ByteString;
import com.xiaomi.mi_connect_service.MyApplication;
import com.xiaomi.mi_connect_service.ResultCode;
import com.xiaomi.mi_connect_service.constant.MiIdentityEnum;
import com.xiaomi.mi_connect_service.proto.HandShakeProto;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.UUID;
import p9.s;
import p9.z;
import v6.e0;
import w6.d;

/* compiled from: HandShakeSession.java */
/* loaded from: classes2.dex */
public class c extends i {

    /* renamed from: g, reason: collision with root package name */
    public static String f14544g = "HandShakeSession";

    /* renamed from: d, reason: collision with root package name */
    public e0 f14545d;

    /* renamed from: e, reason: collision with root package name */
    public h f14546e;

    /* renamed from: f, reason: collision with root package name */
    public w6.d f14547f;

    public c(UUID uuid, e0 e0Var, MiIdentityEnum.VerifyType verifyType) {
        super(uuid, verifyType);
        this.f14545d = e0Var;
        this.f14546e = new h();
        this.f14547f = w6.d.f();
    }

    public c(e0 e0Var, MiIdentityEnum.VerifyType verifyType) {
        this(UUID.randomUUID(), e0Var, verifyType);
    }

    public int d(HandShakeProto.HandShakeMessage handShakeMessage) {
        z.l(f14544g, "authClient enter", new Object[0]);
        z.v(f14544g, "authClient message %s", handShakeMessage.toString());
        if (!p()) {
            return -1;
        }
        handShakeMessage.getPublicKey().toByteArray();
        X509Certificate h10 = p9.k.h(handShakeMessage.getCert());
        byte[] byteArray = handShakeMessage.getHashData().toByteArray();
        byte[] byteArray2 = handShakeMessage.getEncryptedSign().toByteArray();
        if (!p9.k.r(p9.k.h(this.f14546e.f14583e), h10)) {
            z.f(f14544g, "authClient exit, cannot verify cert", new Object[0]);
            return -1;
        }
        PublicKey l10 = p9.k.l(h10);
        if (l10 == null) {
            z.f(f14544g, "authClient exit, cannot parse pbS", new Object[0]);
            return -1;
        }
        z.v(f14544g, "auth client paS from client cert: " + s.f(l10.getEncoded()), new Object[0]);
        String m10 = p9.k.m(h10);
        if (m10 == null) {
            z.f(f14544g, "authClient exit,  Received UID NULL", new Object[0]);
            return -1;
        }
        byte[] a10 = p9.k.a(this.f14546e.f14585g, byteArray2);
        if (a10 == null) {
            z.f(f14544g, "authClient exit, Signature info is empty", new Object[0]);
            return -1;
        }
        if (!p9.k.c(l10, byteArray, a10)) {
            z.f(f14544g, "authClient exit, ecdsaVerify failed", new Object[0]);
            return -1;
        }
        String str = this.f14546e.f14589k;
        if (m10.equals(str)) {
            z.l(f14544g, "authClient exit success", new Object[0]);
            return 0;
        }
        z.v(f14544g, "authClient exit, CertUID %s, current UID %s", m10, str);
        z.f(f14544g, "authClient exit, CertUID does not match current UID", new Object[0]);
        return -1;
    }

    public ResultCode e(HandShakeProto.HandShakeMessage handShakeMessage) {
        z.l(f14544g, "authServer enter, status %d of the message", Integer.valueOf(handShakeMessage.getAuthStatus()));
        z.v(f14544g, "authServer message %s", handShakeMessage.toString());
        if (p() || handShakeMessage.getAuthStatus() < 0) {
            return ResultCode.SA_ERROR_CONNECTION_FAILED;
        }
        byte[] byteArray = handShakeMessage.getPublicKey().toByteArray();
        X509Certificate h10 = p9.k.h(handShakeMessage.getCert());
        String g10 = g(h10, p9.k.h(this.f14546e.f14584f));
        byte[] byteArray2 = handShakeMessage.getHashData().toByteArray();
        byte[] byteArray3 = handShakeMessage.getEncryptedSign().toByteArray();
        PublicKey i10 = p9.k.i(byteArray);
        if (i10 == null) {
            z.f(f14544g, "authServer exit, pat is wrong", new Object[0]);
            return ResultCode.SA_ERROR_CONNECTION_FAILED;
        }
        Key g11 = this.f14545d.g(i10);
        if (g11 == null) {
            z.f(f14544g, "authServer exit, shared key generated failed", new Object[0]);
            return ResultCode.SA_ERROR_CONNECTION_FAILED;
        }
        if (!p9.k.r(p9.k.h(this.f14546e.f14583e), h10)) {
            return ResultCode.SA_ERROR_CONNECTION_FAILED;
        }
        PublicKey l10 = p9.k.l(h10);
        if (l10 == null) {
            z.f(f14544g, "authServer exit, cannot parse pbS", new Object[0]);
            return ResultCode.SA_ERROR_CONNECTION_FAILED;
        }
        z.v(f14544g, "auth server pbS from server cert: %s", s.f(l10.getEncoded()));
        String m10 = p9.k.m(h10);
        if (m10 == null) {
            z.f(f14544g, "authServer exit, cannot parse UID", new Object[0]);
            return ResultCode.SA_ERROR_CONNECTION_FAILED;
        }
        byte[] a10 = p9.k.a(g11, byteArray3);
        if (a10 == null) {
            z.f(f14544g, "authServer exit, signature info is empty", new Object[0]);
            return ResultCode.SA_ERROR_CONNECTION_FAILED;
        }
        if (!p9.k.c(l10, byteArray2, a10)) {
            z.f(f14544g, "authServer exit, ecdsaVerify failed", new Object[0]);
            return ResultCode.SA_ERROR_CONNECTION_FAILED;
        }
        String str = this.f14546e.f14589k;
        if (!m10.equals(str)) {
            z.v(f14544g, "authServer exit, CertUID %s, current UID %s", m10, str);
            z.f(f14544g, "authServer exit, CertUID does not match current UID", new Object[0]);
            return ResultCode.SA_ERROR_CONNECTION_FAILED;
        }
        byte[] encoded = this.f14546e.f14581c.getEncoded();
        PrivateKey privateKey = this.f14546e.f14580b;
        String str2 = new String(encoded) + new String(byteArray);
        byte[] b10 = p9.k.b(privateKey, str2);
        if (b10 == null) {
            z.f(f14544g, "authServer exit, sign failed", new Object[0]);
            return ResultCode.SA_ERROR_CONNECTION_FAILED;
        }
        byte[] d10 = p9.k.d(g11, b10);
        if (d10 == null) {
            z.f(f14544g, "authServer exit, encrypt failed", new Object[0]);
            return ResultCode.SA_ERROR_CONNECTION_FAILED;
        }
        h hVar = this.f14546e;
        hVar.f14585g = g11;
        hVar.f14588j = str2.getBytes();
        h hVar2 = this.f14546e;
        hVar2.f14587i = d10;
        hVar2.f14586h = g10;
        z.l(f14544g, "authServer exit successful", new Object[0]);
        return ResultCode.GENERAL_SUCCESS;
    }

    public HandShakeProto.HandShakeMessage f() {
        z.l(f14544g, "clientHello enter", new Object[0]);
        HandShakeProto.HandShakeMessage build = h().setType(HandShakeProto.MessageType.ClientHello).setPublicKey(ByteString.copyFrom(this.f14546e.f14581c.getEncoded())).setVerifyType(b().getCode()).build();
        z.l(f14544g, "clientHello exit success", new Object[0]);
        z.v(f14544g, "clientHello message %s.", build.toString());
        return build;
    }

    public final String g(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        if (x509Certificate == null || x509Certificate2 == null) {
            z.f(f14544g, "cert is null, can not compute validPeriod", new Object[0]);
            return null;
        }
        long time = x509Certificate.getNotBefore().getTime();
        long time2 = x509Certificate2.getNotBefore().getTime();
        if (time <= time2) {
            time = time2;
        }
        long time3 = x509Certificate.getNotAfter().getTime();
        long time4 = x509Certificate2.getNotAfter().getTime();
        if (time3 >= time4) {
            time3 = time4;
        }
        return time + "|" + time3;
    }

    public final HandShakeProto.HandShakeMessage.Builder h() {
        return HandShakeProto.HandShakeMessage.newBuilder().setSessionId(a().toString());
    }

    public byte[] i() {
        Key key = this.f14546e.f14585g;
        if (key != null) {
            return key.getEncoded();
        }
        z.f(f14544g, "Verify end, shared key is null", new Object[0]);
        return new byte[0];
    }

    public String j() {
        h hVar = this.f14546e;
        if (hVar.f14585g != null) {
            return hVar.f14586h;
        }
        z.f(f14544g, "sharedKey is null", new Object[0]);
        return null;
    }

    public final boolean k(d.c cVar) {
        if (cVar == null || cVar.a()) {
            z.f(f14544g, "saving is empty", new Object[0]);
            return false;
        }
        X509Certificate h10 = p9.k.h(cVar.f31238c.getCertContent());
        if (h10 == null) {
            z.f(f14544g, "thirdCert is invalid", new Object[0]);
            return false;
        }
        String m10 = p9.k.m(h10);
        if (TextUtils.isEmpty(m10)) {
            z.v(f14544g, "CertUid is null", new Object[0]);
            return false;
        }
        String uid = w6.b.a(MyApplication.b()).getUid();
        if (!m10.equals(uid)) {
            z.v(f14544g, "CertUid %s does not match current uid %s", m10, uid);
            return false;
        }
        if (!p9.k.o(h10)) {
            z.v(f14544g, "Third Cert is expired", new Object[0]);
            return false;
        }
        if (w6.d.h(h10, cVar.f31236a.getKeyPair())) {
            return true;
        }
        z.v(f14544g, "Third cert and keypair is not matched", new Object[0]);
        return false;
    }

    public HandShakeProto.HandShakeMessage l() {
        z.l(f14544g, "onAlert enter", new Object[0]);
        HandShakeProto.HandShakeMessage build = h().setType(HandShakeProto.MessageType.Alert).build();
        z.l(f14544g, "onAlert exit success", new Object[0]);
        z.v(f14544g, "onAlert  message %s", build.toString());
        return build;
    }

    public HandShakeProto.HandShakeMessage m() {
        z.l(f14544g, "onAuth enter", new Object[0]);
        if (!p()) {
            return null;
        }
        HandShakeProto.HandShakeMessage build = h().setType(HandShakeProto.MessageType.Auth).setCert(this.f14546e.f14584f).setPublicKey(ByteString.copyFrom(this.f14546e.f14581c.getEncoded())).setEncryptedSign(ByteString.copyFrom(this.f14546e.f14587i)).setHashData(ByteString.copyFrom(this.f14546e.f14588j)).build();
        z.l(f14544g, "onAuth exit success", new Object[0]);
        z.v(f14544g, "onAuth  message %s", build.toString());
        return build;
    }

    public int n(HandShakeProto.HandShakeMessage handShakeMessage) {
        z.l(f14544g, "onClientHello enter", new Object[0]);
        z.v(f14544g, "onClientHello message %s", handShakeMessage.toString());
        if (p()) {
            z.f(f14544g, "onClientHello exit, invalid session", new Object[0]);
            return -1;
        }
        byte[] byteArray = handShakeMessage.getPublicKey().toByteArray();
        PublicKey i10 = p9.k.i(byteArray);
        if (i10 == null) {
            z.f(f14544g, "onClientHello exit, pat is wrong", new Object[0]);
            return -1;
        }
        Key g10 = this.f14545d.g(i10);
        if (g10 == null) {
            z.f(f14544g, "onClientHello exit, shared key generated failed", new Object[0]);
            return -1;
        }
        z.v(f14544g, "createSharedKey %s", s.f(g10.getEncoded()));
        byte[] encoded = this.f14546e.f14581c.getEncoded();
        PrivateKey privateKey = this.f14546e.f14580b;
        String str = new String(encoded) + new String(byteArray);
        byte[] b10 = p9.k.b(privateKey, str);
        if (b10 == null) {
            z.f(f14544g, "onClientHello exit, sign failed", new Object[0]);
            return -1;
        }
        byte[] d10 = p9.k.d(g10, b10);
        if (d10 == null) {
            z.f(f14544g, "onClientHello exit, encrypt failed", new Object[0]);
            return -1;
        }
        h hVar = this.f14546e;
        hVar.f14585g = g10;
        hVar.f14588j = str.getBytes();
        this.f14546e.f14587i = d10;
        z.l(f14544g, "onClientHello exit success", new Object[0]);
        return 0;
    }

    public boolean o() {
        z.l(f14544g, "prepareSession enter.", new Object[0]);
        if (this.f14546e == null) {
            z.l(f14544g, "This session does not have params", new Object[0]);
            this.f14546e = new h();
        }
        String uid = w6.b.a(MyApplication.b()).getUid();
        if (TextUtils.isEmpty(uid)) {
            z.f(f14544g, "Account is not logged", new Object[0]);
            return false;
        }
        d.c d10 = this.f14547f.d();
        if (!k(d10)) {
            z.l(f14544g, "Cannot get valid certs and keypair local, try to get from net", new Object[0]);
            this.f14547f.m(new String(this.f14545d.b()), new String(this.f14545d.c()));
            d10 = this.f14547f.d();
            if (!k(d10)) {
                z.f(f14544g, "Cannot get valid certs and keypair from net", new Object[0]);
                return false;
            }
        }
        PublicKey h10 = this.f14545d.h();
        if (h10 == null) {
            z.f(f14544g, "temporaryPublicKey does not exist", new Object[0]);
            return false;
        }
        this.f14546e.f14583e = d10.f31237b.getCertContent();
        this.f14546e.f14584f = d10.f31238c.getCertContent();
        this.f14546e.f14579a = d10.f31236a.getKeyPair().getPublic();
        this.f14546e.f14580b = d10.f31236a.getKeyPair().getPrivate();
        h hVar = this.f14546e;
        hVar.f14581c = h10;
        hVar.f14589k = uid;
        z.l(f14544g, "prepareSession success", new Object[0]);
        return true;
    }

    public final boolean p() {
        h hVar = this.f14546e;
        if (hVar.f14585g == null) {
            z.f(f14544g, "This session does not have a shared key", new Object[0]);
            return false;
        }
        if (hVar.f14587i == null) {
            z.f(f14544g, "This session does not prepare encrypted signature", new Object[0]);
            return false;
        }
        if (hVar.f14588j == null) {
            z.f(f14544g, "This session does not prepare signed data", new Object[0]);
            return false;
        }
        z.l(f14544g, "Handshake session is valid", new Object[0]);
        return true;
    }
}
