package com.allawn.cryptography.util;

import android.content.Context;
import android.content.SharedPreferences;
import com.allawn.cryptography.EncryptException;
import com.allawn.cryptography.algorithm.AesUtil;
import com.allawn.cryptography.algorithm.HashUtil;
import com.allawn.cryptography.data.source.memory.BizCertMemoryDataSource;
import com.allawn.cryptography.digitalenvelope.entity.EciesSceneData;
import com.allawn.cryptography.digitalenvelope.entity.RsaSceneData;
import com.allawn.cryptography.entity.BizPublicKeyConfig;
import com.allawn.cryptography.entity.CipherContainer;
import com.allawn.cryptography.entity.CryptoParameters;
import com.allawn.cryptography.entity.NegotiationAlgorithmEnum;
import com.allawn.cryptography.entity.SceneConfig;
import com.allawn.cryptography.entity.SceneData;
import com.allawn.cryptography.exception.BizDataNotFoundException;
import com.allawn.cryptography.exception.InvalidArgumentException;
import com.allawn.cryptography.keymanager.entity.LocalBizKeyPairs;
import com.allawn.cryptography.keymanager.entity.UpgradeCertResponse;
import com.allawn.cryptography.noiseprotocol.NoiseUtil;
import com.allawn.cryptography.noiseprotocol.entity.NoiseSceneData;
import com.allawn.cryptography.security.keystore.CryptoKeyStore;
import java.nio.charset.StandardCharsets;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicLong;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.SecretKey;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class SceneUtil {
    public static final AtomicLong versionAtomic = new AtomicLong();
    public static final Pattern ORGANIZE_HOSTNAME_PATTERN = Pattern.compile("([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,6}");

    public static boolean compareCertMemoryData(JSONObject jSONObject, String str, SceneConfig sceneConfig, BizCertMemoryDataSource bizCertMemoryDataSource, boolean z) throws JSONException {
        String string = jSONObject.getString("negotiation_alg");
        if (sceneConfig.getNegotiationAlgorithm() == null || !string.equals(sceneConfig.getNegotiationAlgorithm().name())) {
            LogUtil.d("SceneUtil", "compareCertMemoryData negotiation algorithm change, discard this record.");
            return false;
        }
        if (string.equals(NegotiationAlgorithmEnum.RSA.name()) || string.equals(NegotiationAlgorithmEnum.EC.name()) || NoiseUtil.isNeedPeerKey(NegotiationAlgorithmEnum.getType(string))) {
            UpgradeCertResponse upgradeCertResponse = null;
            if (!z) {
                try {
                    upgradeCertResponse = bizCertMemoryDataSource.getUpgradeCertResponse(str);
                } catch (BizDataNotFoundException unused) {
                }
            }
            if (upgradeCertResponse == null || upgradeCertResponse.getCert4Encrypt() == null) {
                BizPublicKeyConfig hardcodedPublicKey = bizCertMemoryDataSource.getHardcodedPublicKey(str);
                if (hardcodedPublicKey == null || hardcodedPublicKey.getPublicKeyForEncrypt() == null) {
                    LogUtil.d("SceneUtil", "compareCertMemoryData the biz public key is missing, discard this record.");
                    return false;
                }
                if (!jSONObject.optString("cert_key_encrypt").equals(hardcodedPublicKey.getPublicKeyForEncrypt())) {
                    LogUtil.d("SceneUtil", "compareCertMemoryData the biz public key has been changed, discard this record.");
                    return false;
                }
            } else {
                try {
                    if (!jSONObject.optString("cert_encrypt_sha256").equals(Base64Utils.encodeToString(HashUtil.sha256(upgradeCertResponse.getCert4Encrypt().getEncoded())))) {
                        LogUtil.d("SceneUtil", "compareCertMemoryData the biz certificate has been changed, discard this record.");
                        return false;
                    }
                } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
                    LogUtil.w("SceneUtil", "compareCertMemoryData getCert4Encrypt fail. " + e);
                    return false;
                }
            }
        }
        if (NoiseUtil.isNeedRegisterLocalKey(NegotiationAlgorithmEnum.getType(string))) {
            LocalBizKeyPairs localBizKeyPairs = bizCertMemoryDataSource.getLocalBizKeyPairs(str);
            if (localBizKeyPairs == null || localBizKeyPairs.getLocalKeyPair4Encrypt() == null) {
                LogUtil.d("SceneUtil", "compareCertMemoryData the application key is missing, discard this record.");
                return false;
            }
            if (!jSONObject.getString("local_app_key_encrypt").equals(Base64Utils.encodeToString(localBizKeyPairs.getLocalKeyPair4Encrypt().getPublic().getEncoded()))) {
                LogUtil.d("SceneUtil", "compareCertMemoryData the application key has been changed, discard this record.");
                return false;
            }
        }
        return true;
    }

    public static Map<String, SceneConfig> createSceneConfigMap(List<SceneConfig> list) {
        HashMap hashMap = new HashMap();
        if (list == null) {
            return hashMap;
        }
        for (SceneConfig sceneConfig : list) {
            if (sceneConfig != null) {
                hashMap.put(sceneConfig.getScene(), sceneConfig);
            }
        }
        return hashMap;
    }

    public static Map<String, UpgradeCertResponse> createUpgradeCertResponseMap(Set<String> set) {
        ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
        if (set != null && !set.isEmpty()) {
            for (String str : set) {
                if (str != null) {
                    concurrentHashMap.put(str, new UpgradeCertResponse());
                }
            }
        }
        return concurrentHashMap;
    }

    public static String decryptARecord(String str, SecretKey secretKey) throws JSONException, InvalidArgumentException, EncryptException {
        CipherContainer unwrap = CipherUtil.unwrap(str);
        return new String(AesUtil.decrypt(new CryptoParameters.Builder().setAlgorithm(CryptoParameters.AlgorithmEnum.AES_GCM_NoPadding).setCryptoText(unwrap.getCipher()).setKey(secretKey).setIV(unwrap.getIv()).build()), StandardCharsets.UTF_8);
    }

    public static String encryptARecord(String str, SecretKey secretKey) throws JSONException, InvalidArgumentException, EncryptException {
        return CipherUtil.wrap(AesUtil.encrypt(new CryptoParameters.Builder().setAlgorithm(CryptoParameters.AlgorithmEnum.AES_GCM_NoPadding).setKey(secretKey).setCryptoText(str.getBytes(StandardCharsets.UTF_8)).build()));
    }

    public static boolean importCertMemoryData(JSONObject jSONObject, String str, NegotiationAlgorithmEnum negotiationAlgorithmEnum, BizCertMemoryDataSource bizCertMemoryDataSource, boolean z) throws JSONException {
        if (negotiationAlgorithmEnum == NegotiationAlgorithmEnum.NOISE_NN) {
            LogUtil.d("SceneUtil", "importCertMemoryData long-term reuse of keys is not supported in noise nn");
            return false;
        }
        jSONObject.put("negotiation_alg", negotiationAlgorithmEnum.name());
        if (negotiationAlgorithmEnum == NegotiationAlgorithmEnum.RSA || negotiationAlgorithmEnum == NegotiationAlgorithmEnum.EC || NoiseUtil.isNeedPeerKey(negotiationAlgorithmEnum)) {
            UpgradeCertResponse upgradeCertResponse = null;
            if (!z) {
                try {
                    upgradeCertResponse = bizCertMemoryDataSource.getUpgradeCertResponse(str);
                } catch (BizDataNotFoundException unused) {
                }
            }
            if (upgradeCertResponse == null || upgradeCertResponse.getCert4Encrypt() == null) {
                BizPublicKeyConfig hardcodedPublicKey = bizCertMemoryDataSource.getHardcodedPublicKey(str);
                if (hardcodedPublicKey == null || hardcodedPublicKey.getPublicKeyForEncrypt() == null) {
                    LogUtil.w("SceneUtil", "importCertMemoryData biz public key lost(" + str + ")");
                    return false;
                }
                jSONObject.put("cert_key_encrypt", hardcodedPublicKey.getPublicKeyForEncrypt());
            } else {
                try {
                    jSONObject.put("cert_encrypt_sha256", Base64Utils.encodeToString(HashUtil.sha256(upgradeCertResponse.getCert4Encrypt().getEncoded())));
                } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
                    LogUtil.w("SceneUtil", "importCertMemoryData getCert4Encrypt fail " + e);
                    return false;
                }
            }
        }
        if (NoiseUtil.isNeedRegisterLocalKey(negotiationAlgorithmEnum)) {
            LocalBizKeyPairs localBizKeyPairs = bizCertMemoryDataSource.getLocalBizKeyPairs(str);
            if (localBizKeyPairs == null || localBizKeyPairs.getLocalKeyPair4Encrypt() == null) {
                LogUtil.w("SceneUtil", "importCertMemoryData localBizKeyPairs lost(" + str + ")");
                return false;
            }
            jSONObject.put("local_app_key_encrypt", Base64Utils.encodeToString(localBizKeyPairs.getLocalKeyPair4Encrypt().getPublic().getEncoded()));
        }
        return true;
    }

    public static boolean importSceneData(JSONObject jSONObject, SceneData sceneData, String str, String str2) throws JSONException {
        jSONObject.put("sha256_host", HashUtil.sha256(str));
        if (sceneData instanceof RsaSceneData) {
            jSONObject.put("type", "rsa");
        } else if (sceneData instanceof EciesSceneData) {
            jSONObject.put("type", "ec");
        } else {
            if (!(sceneData instanceof NoiseSceneData)) {
                LogUtil.w("SceneUtil", "importSceneData unexpected sceneData type " + sceneData.getClass().getName());
                return false;
            }
            jSONObject.put("type", "noise");
            jSONObject.put("device_id", str2);
        }
        jSONObject.put("scene_data", sceneData.backup());
        jSONObject.put("expired_time", sceneData.getExpiredTime());
        return true;
    }

    public static Set<String> initHardcodedPublicKeySettings(String[] strArr, Map<String, BizPublicKeyConfig> map, BizCertMemoryDataSource bizCertMemoryDataSource) {
        HashSet hashSet = new HashSet();
        if (strArr != null) {
            for (String str : strArr) {
                if (str != null) {
                    hashSet.add(str);
                }
            }
        }
        if (map != null) {
            for (String str2 : map.keySet()) {
                bizCertMemoryDataSource.setHardcodedPublicKey(str2, map.get(str2));
            }
        }
        return hashSet;
    }

    public static Set<String> initNeedRegisterPubKeyBizSet(String[] strArr, Set<String> set) {
        HashSet hashSet = new HashSet();
        if (strArr != null) {
            for (String str : strArr) {
                if (str == null || !set.contains(str)) {
                    LogUtil.d("SceneUtil", "initNeedRegisterPubKeyBizSet please set the relevant biz hostname.");
                } else {
                    hashSet.add(str);
                }
            }
        }
        return hashSet;
    }

    /* JADX WARN: Removed duplicated region for block: B:51:0x011d A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.util.Map<java.lang.String, com.allawn.cryptography.entity.SceneData> loadLocalSceneDataInSP(com.allawn.cryptography.core.CryptoCore r16, java.util.Set<java.lang.String> r17) {
        /*
            Method dump skipped, instructions count: 342
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.allawn.cryptography.util.SceneUtil.loadLocalSceneDataInSP(com.allawn.cryptography.core.CryptoCore, java.util.Set):java.util.Map");
    }

    public static Map<String, String> organizeBizHostnameMap(Map<String, String> map) {
        HashMap hashMap = new HashMap();
        if (map == null) {
            return hashMap;
        }
        map.remove(null);
        for (String str : map.keySet()) {
            String str2 = map.get(str);
            String organizeHostname = organizeHostname(str2);
            if (organizeHostname != null) {
                hashMap.put(str, organizeHostname);
            } else {
                LogUtil.d("SceneUtil", "organizeBizMap domain name is not compliant, biz = " + str + ", domain name = " + str2);
            }
        }
        return hashMap;
    }

    public static String organizeHostname(String str) {
        if (str == null) {
            return null;
        }
        Matcher matcher = ORGANIZE_HOSTNAME_PATTERN.matcher(str);
        if (matcher.find()) {
            return matcher.group();
        }
        return null;
    }

    public static SceneData restoreSceneData(JSONObject jSONObject, SceneConfig sceneConfig, String str, String str2) throws JSONException {
        SceneData noiseSceneData;
        String optString = jSONObject.optString("sha256_host");
        if ((optString.equals("") && str != null) || ((!optString.equals("") && str == null) || (!optString.equals("") && !optString.equals(HashUtil.sha256(str))))) {
            LogUtil.d("SceneUtil", "restoreSceneData host name has changed, discard this record.");
            return null;
        }
        long j = jSONObject.getLong("expired_time");
        long now = DateUtil.now();
        if (now > j) {
            LogUtil.d("SceneUtil", "restoreSceneData the valid time has expired, discard this record.");
            return null;
        }
        String string = jSONObject.getString("type");
        if (string.equals("rsa")) {
            noiseSceneData = new RsaSceneData();
        } else if (string.equals("ec")) {
            noiseSceneData = new EciesSceneData();
        } else {
            if (!string.equals("noise")) {
                throw new IllegalStateException("Unexpected type: " + string);
            }
            if (!jSONObject.getString("device_id").equals(str2)) {
                LogUtil.d("SceneUtil", "restoreSceneData unique id has changed, discard this record.");
                return null;
            }
            noiseSceneData = new NoiseSceneData();
        }
        if (!noiseSceneData.restore(jSONObject.getJSONObject("scene_data"))) {
            LogUtil.d("SceneUtil", "restoreSceneData the sceneData restoration failed, discard this record.");
            return null;
        }
        if (noiseSceneData.getEncryptAlgorithm() != sceneConfig.getEncryptAlgorithm()) {
            LogUtil.d("SceneUtil", "restoreSceneData symmetric algorithm change, discard this record.");
            return null;
        }
        noiseSceneData.setExpireTime(j - now);
        noiseSceneData.setExpiredTime(j);
        return noiseSceneData;
    }

    public static void saveSceneDataMemoryData(Context context, String str, String str2, String str3) throws KeyStoreException {
        try {
            context.getSharedPreferences("pki_sdk_crypto_scene_data_sp", 0).edit().putString(spliceKeyAlias(str, str2), encryptARecord(str3, CryptoKeyStore.createOrGetSecretKeyToSP(context, "pki_sdk_scene_data_sp_alias", "pki_sdk_crypto_scene_data_sp"))).apply();
            LogUtil.d("SceneUtil", "saveSceneDataMemoryData sceneData(" + str + ", " + str2 + ") save success");
        } catch (EncryptException | InvalidArgumentException | JSONException e) {
            LogUtil.w("SceneUtil", "saveSceneDataMemoryData sceneData(" + str + ", " + str2 + ") save error." + e);
        }
    }

    public static void setSceneData(SceneConfig sceneConfig, SceneData sceneData) {
        sceneData.setScene(sceneConfig.getScene());
        sceneData.setEncryptAlgorithm(sceneConfig.getEncryptAlgorithm());
        sceneData.setExpireTime(sceneConfig.getExpireTime() * 1000);
        long now = DateUtil.now() + sceneData.getExpireTime();
        if (sceneConfig.isNeedReuse()) {
            sceneData.setVersion((10000 * now) + new SecureRandom().nextInt(10000));
        } else {
            sceneData.setVersion(versionAtomic.getAndIncrement());
        }
        sceneData.setExpiredTime(now);
    }

    public static String spliceKeyAlias(String... strArr) {
        return splicing(":s:", strArr);
    }

    public static String splicing(String str, String... strArr) {
        StringBuilder sb = new StringBuilder();
        for (String str2 : strArr) {
            sb.append(str2);
            sb.append(str);
        }
        sb.delete(sb.length() - str.length(), sb.length());
        return new String(sb);
    }

    public static String[] splitKeyAlias(String str) {
        String[] split = str.split(":s:");
        if (split.length == 2) {
            return split;
        }
        return null;
    }

    public static void updateSP(SharedPreferences sharedPreferences, Map<String, String> map) {
        if (map.isEmpty()) {
            sharedPreferences.edit().clear().apply();
            return;
        }
        SharedPreferences.Editor edit = sharedPreferences.edit();
        edit.clear();
        for (String str : map.keySet()) {
            edit.putString(str, map.get(str));
        }
        edit.apply();
    }
}
