package com.huawei.wisecloud.drmclient.client;

import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Log;
import com.huawei.android.thememanager.mvp.model.helper.resource.RingtoneHelper;
import com.huawei.wisecloud.drmclient.exception.HwDrmException;
import com.huawei.wisecloud.drmclient.license.HwDrmConstant;
import com.huawei.wisecloud.drmclient.license.HwDrmLicense;
import com.huawei.wisecloud.drmclient.license.HwDrmLicenseImpl;
import com.huawei.wisecloud.drmclient.license.entry.CommonHeaderEntry;
import com.huawei.wisecloud.drmclient.license.entry.CommonLicenseEntry;
import com.huawei.wisecloud.drmclient.license.entry.CommonPayloadEntry;
import com.huawei.wisecloud.drmclient.license.entry.PayloadLicenseEntry;
import com.huawei.wisecloud.drmclient.license.verify.LicenseVerifierFactory;
import com.huawei.wisecloud.drmclient.log.HwDrmLog;
import com.huawei.wisecloud.drmclient.utils.Base64Util;
import com.huawei.wisecloud.drmclient.utils.DigestUtil;
import com.huawei.wisecloud.drmclient.utils.FileUtil;
import com.huawei.wisecloud.drmclient.utils.HexUtil;
import com.huawei.wisecloud.drmclient.utils.JsonUtil;
import com.huawei.wisecloud.drmclient.utils.JwtUtil;
import com.huawei.wisecloud.drmclient.utils.RSASignAlgo;
import com.huawei.wisecloud.drmclient.utils.RSAUtil;
import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.x500.X500Principal;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class HwDrmClient implements HwDrmClientProvider {
    private static final String ALIAS = "ThemeManager";
    public static final int DEFAULT_KEY_SIZE = 2048;
    private static final String LICENSE_PATH = "license_path";
    private static final int SERIAL_NUMBER = 1337;
    private static final String TAG = "HWDRMClient";
    private static File file;
    private static volatile HwDrmClient mInstance;
    private static String workPath;
    private Map<String, HwDrmLicense> licenseMap = new ConcurrentHashMap();
    private Context mContext;
    private PrivateKey mDrmPrivateKey;
    private PublicKey mDrmPublicKey;
    private PublicKey mServerPubKey;

    static {
        System.loadLibrary("drmlib");
    }

    private HwDrmClient(Context context) {
        this.mContext = context;
        workPath = file.getPath();
        initKeyStore();
    }

    private HwDrmLicense generateLicense(String[] strArr) throws HwDrmException {
        CommonHeaderEntry commonHeaderEntry = (CommonHeaderEntry) JsonUtil.parseJsonText2Object(CommonHeaderEntry.class, Base64Util.base64Decode2String(strArr[0]));
        if (!RSASignAlgo.getAlgoNameList().contains(Integer.valueOf(commonHeaderEntry.getSignAlg()))) {
            throw new HwDrmException("license check error: unsupported signAlg");
        }
        setmServerPubKey(getServerPublicKeyString2Key());
        verifyLicenseSignature(strArr, this.mServerPubKey, commonHeaderEntry.getSignAlg());
        CommonPayloadEntry commonPayloadEntry = (CommonPayloadEntry) JsonUtil.parseJsonText2Object(CommonPayloadEntry.class, Base64Util.base64Decode2String(strArr[1]));
        LicenseVerifierFactory.getVerifier().verify(new CommonLicenseEntry(commonHeaderEntry, commonPayloadEntry));
        return new HwDrmLicenseImpl(commonPayloadEntry.getLicense(), this.mDrmPrivateKey);
    }

    private KeyPair generateRSAKeyPair() {
        KeyPair keyPair;
        NoSuchProviderException e;
        NoSuchAlgorithmException e2;
        InvalidAlgorithmParameterException e3;
        try {
            try {
                GregorianCalendar gregorianCalendar = new GregorianCalendar();
                GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
                gregorianCalendar2.add(1, 1);
                AlgorithmParameterSpec build = Build.VERSION.SDK_INT < 23 ? new KeyPairGeneratorSpec.Builder(this.mContext).setAlias(ALIAS).setSubject(new X500Principal("CN=ThemeManager")).setSerialNumber(BigInteger.valueOf(1337L)).setStartDate(gregorianCalendar.getTime()).setEndDate(gregorianCalendar2.getTime()).build() : new KeyGenParameterSpec.Builder(ALIAS, 7).setKeySize(2048).setUserAuthenticationRequired(false).setCertificateSubject(new X500Principal("CN=ThemeManager")).setDigests("SHA-256", "SHA-1").setCertificateNotBefore(gregorianCalendar.getTime()).setCertificateNotAfter(gregorianCalendar2.getTime()).setSignaturePaddings("PKCS1").setEncryptionPaddings("OAEPPadding").build();
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                keyPairGenerator.initialize(build);
                keyPair = keyPairGenerator.generateKeyPair();
                try {
                    this.mDrmPrivateKey = keyPair.getPrivate();
                    this.mDrmPublicKey = keyPair.getPublic();
                } catch (InvalidAlgorithmParameterException e4) {
                    e3 = e4;
                    HwDrmLog.e(TAG, "InvalidAlgorithmParameterException is catching in GenerateRSAKeyPair" + e3.getMessage());
                    return keyPair;
                } catch (NoSuchAlgorithmException e5) {
                    e2 = e5;
                    HwDrmLog.e(TAG, "NoSuchAlgorithmException is catching in GenerateRSAKeyPair" + e2.getMessage());
                    return keyPair;
                } catch (NoSuchProviderException e6) {
                    e = e6;
                    HwDrmLog.e(TAG, "NoSuchProviderException is catching in GenerateRSAKeyPair" + e.getMessage());
                    return keyPair;
                }
            } catch (Throwable th) {
                return keyPair;
            }
        } catch (InvalidAlgorithmParameterException e7) {
            keyPair = null;
            e3 = e7;
        } catch (NoSuchAlgorithmException e8) {
            keyPair = null;
            e2 = e8;
        } catch (NoSuchProviderException e9) {
            keyPair = null;
            e = e9;
        } catch (Throwable th2) {
            return null;
        }
        return keyPair;
    }

    private void getPublicKeyAndPrivateKey() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(ALIAS, null);
            if (entry == null) {
                HwDrmLog.e(TAG, "the entry is null in GetPublicKey");
            } else if (entry instanceof KeyStore.PrivateKeyEntry) {
                this.mDrmPublicKey = ((KeyStore.PrivateKeyEntry) entry).getCertificate().getPublicKey();
                this.mDrmPrivateKey = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
            } else {
                HwDrmLog.e(TAG, "the entry is not instanceof KeyStore.PrivateKeyEntry in GetPublicKey");
            }
        } catch (IOException e) {
            HwDrmLog.e(TAG, "IOException is catching in GetPublicKey" + e.getMessage());
        } catch (KeyStoreException e2) {
            HwDrmLog.e(TAG, "KeyStoreException is catching in GetPublicKey" + e2.getMessage());
        } catch (NoSuchAlgorithmException e3) {
            HwDrmLog.e(TAG, "NoSuchAlgorithmException is catching in GetPublicKey" + e3.getMessage());
        } catch (UnrecoverableEntryException e4) {
            HwDrmLog.e(TAG, "UnrecoverableEntryException is catching in GetPublicKey" + e4.getMessage());
        } catch (CertificateException e5) {
            HwDrmLog.e(TAG, "CertificateException is catching in GetPublicKey" + e5.getMessage());
        }
    }

    private String getServerPublicKeyString() {
        return new String(decryptAesGcm(HexUtil.hexStr2ByteArray(JwtUtil.SERVER_PUBLIC_KEY_SECRET), HexUtil.hexStr2ByteArray(JwtUtil.SERVER_PUBLIC_KEY_IV), HexUtil.hexStr2ByteArray("00"), HexUtil.hexStr2ByteArray(JwtUtil.SERVER_PUBLIC_KEY_TAG)));
    }

    private PublicKey getServerPublicKeyString2Key() {
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64Util.base64Decode2Bytes(getServerPublicKeyString())));
        } catch (NoSuchAlgorithmException e) {
            HwDrmLog.e(TAG, "NoSuchAlgorithmException is caught in getPublicKeyString2Key" + e.getMessage());
            return null;
        } catch (InvalidKeySpecException e2) {
            HwDrmLog.e(TAG, "InvalidKeySpecException is caught in getPublicKeyString2Key" + e2.getMessage());
            return null;
        }
    }

    private void initKeyStore() {
        if (loadCertificate() != null) {
            getPublicKeyAndPrivateKey();
            if (this.mDrmPublicKey != null && this.mDrmPrivateKey != null) {
                HwDrmLog.i(TAG, "publicKey and privateKey is created in InitKeyStore");
                return;
            }
        }
        generateRSAKeyPair();
    }

    private static void initLicensePath(Context context) {
        file = context.getDir(LICENSE_PATH, 0);
        if (file.exists() || file.mkdirs()) {
            return;
        }
        HwDrmLog.e(TAG, "mWorkPath mkdirs failed in NewHWDRMClient");
    }

    private Certificate loadCertificate() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore.getCertificate(ALIAS);
        } catch (IOException | GeneralSecurityException e) {
            Log.e(TAG, "load certificate  exception : " + e.getMessage());
            return null;
        }
    }

    public static HwDrmClient newHWDRMClient(Context context) {
        initLicensePath(context);
        if (mInstance == null) {
            synchronized (HwDrmClient.class) {
                if (mInstance == null) {
                    mInstance = new HwDrmClient(context);
                }
            }
        }
        return mInstance;
    }

    private HwDrmLicense praseLicense(String str) throws HwDrmException {
        HwDrmLicense generateLicense = generateLicense(JwtUtil.handleJwtString(str));
        verifyDrmClientID(generateLicense);
        return generateLicense;
    }

    private void saveLicenseToLocal(String str, HwDrmLicense hwDrmLicense) throws HwDrmException {
        PayloadLicenseEntry license = hwDrmLicense.getLicense();
        if (!license.getLicensePolicy().isPersistence()) {
            HwDrmLog.i(TAG, "Server Kms LicensePolicy is not persistence");
        } else {
            FileUtil.saveStrToLicenseFile(str, DigestUtil.sha256UrlFromString(license.getKeyInfo().getKeyId()), workPath);
            HwDrmLog.i(TAG, "Server Kms LicensePolicy is persistence");
        }
    }

    private void saveLicenseToMap(HwDrmLicense hwDrmLicense) throws HwDrmException {
        this.licenseMap.put(DigestUtil.sha256UrlFromString(hwDrmLicense.getLicense().getKeyInfo().getKeyId()), hwDrmLicense);
    }

    private void verifyDrmClientID(HwDrmLicense hwDrmLicense) throws HwDrmException {
        if (hwDrmLicense.getLicense().getDrmClientID() == null) {
            HwDrmLog.e("HwDrmClient", "fail to verify, drmClientID is null");
            throw new HwDrmException("fail to verify, drmClientID is null");
        }
        if (DigestUtil.sha256FromBytes(this.mDrmPublicKey.getEncoded()).equals(hwDrmLicense.getLicense().getDrmClientID())) {
            return;
        }
        HwDrmLog.e("HwDrmClient", "fail to verify, drmClientID error");
        throw new HwDrmException("fail to verify, drmClientID error");
    }

    private void verifyLicenseSignature(String[] strArr, PublicKey publicKey, int i) throws HwDrmException {
        if (RSAUtil.verifyRSASignature(strArr[0] + RingtoneHelper.STR_POINT + strArr[1], publicKey, i, Base64Util.base64UrlDecode2Bytes(strArr[2]))) {
            return;
        }
        HwDrmLog.e("HwDrmClient", "verify license signature result: false");
        throw new HwDrmException("verify license signature result: false");
    }

    public native byte[] decryptAesGcm(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4);

    public void deleteCache(String str) {
        try {
            String sha256UrlFromString = DigestUtil.sha256UrlFromString(str);
            if (this.licenseMap.containsKey(sha256UrlFromString)) {
                this.licenseMap.remove(sha256UrlFromString);
            }
            FileUtil.deleteLicenseFile(sha256UrlFromString, workPath);
        } catch (HwDrmException e) {
            HwDrmLog.e("HwDrmClient", "sha256 is caught in deleteHWDRMClient");
        }
    }

    public native byte[] genDrmReqSignature(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5);

    public String generateLicenseReq(String str) {
        String byteArray2HexStr = HexUtil.byteArray2HexStr(JwtUtil.generateSecureRandom(24));
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("version", "1.0");
            jSONObject.put("nonce", byteArray2HexStr);
            jSONObject.put("signAlg", 1);
            String base64UrlEncode = Base64Util.base64UrlEncode(jSONObject.toString());
            JSONObject jSONObject2 = new JSONObject();
            String format = new SimpleDateFormat(HwDrmConstant.TIME_FORMAT).format(new Date(System.currentTimeMillis()));
            try {
                JSONObject jSONObject3 = new JSONObject();
                jSONObject3.put("clientTimestamp", format);
                jSONObject3.put("clientVersion", "1.0");
                jSONObject3.put("clientOSAPIVersion", Build.VERSION.SDK_INT);
                jSONObject3.put("clientPubKey", Base64Util.base64Encode(this.mDrmPublicKey.getEncoded()));
                try {
                    JSONObject jSONObject4 = new JSONObject();
                    jSONObject4.put("keyid", str);
                    try {
                        jSONObject2.put("clientInfo", jSONObject3);
                        jSONObject2.put("contentInfo", jSONObject4);
                        String base64UrlEncode2 = Base64Util.base64UrlEncode(jSONObject2.toString());
                        return base64UrlEncode + RingtoneHelper.STR_POINT + base64UrlEncode2 + RingtoneHelper.STR_POINT + Base64Util.base64UrlEncode(genDrmReqSignature(HexUtil.hexStr2ByteArray(JwtUtil.SHARE_KEY_SECRET), HexUtil.hexStr2ByteArray(JwtUtil.SHARE_KEY_IV), HexUtil.hexStr2ByteArray("00"), HexUtil.hexStr2ByteArray(JwtUtil.SHARE_KEY_TAG), (base64UrlEncode + RingtoneHelper.STR_POINT + base64UrlEncode2).getBytes(HwDrmConstant.DRM_CHARSET)));
                    } catch (JSONException e) {
                        HwDrmLog.e(TAG, "JSONException is caught in payloadJSONObject" + e.getMessage());
                        return "";
                    }
                } catch (JSONException e2) {
                    HwDrmLog.e(TAG, "JSONException is caught in contentInfoJSONObject" + e2.getMessage());
                    return "";
                }
            } catch (JSONException e3) {
                HwDrmLog.e(TAG, "JSONException is caught in clientInfoJSONObject" + e3.getMessage());
                return "";
            }
        } catch (JSONException e4) {
            HwDrmLog.e(TAG, "JSONException is caught in headerJSONObject" + e4.getMessage());
            return "";
        }
    }

    @Override // com.huawei.wisecloud.drmclient.client.HwDrmClientProvider
    public HwDrmLicense getLocalLicense(String str) throws HwDrmException {
        String sha256UrlFromString = DigestUtil.sha256UrlFromString(str);
        if (this.licenseMap.containsKey(sha256UrlFromString)) {
            HwDrmLog.i(TAG, "return license from licenseMap");
            return this.licenseMap.get(sha256UrlFromString);
        }
        try {
            HwDrmLicense praseLicense = praseLicense(FileUtil.getStrFromLicenseFile(sha256UrlFromString, workPath));
            saveLicenseToMap(praseLicense);
            HwDrmLog.i(TAG, "return license from licenseFile");
            return praseLicense;
        } catch (HwDrmException e) {
            HwDrmLog.i(TAG, "HwDrmException is caught in getLocalLicense " + e.getMessage());
            FileUtil.deleteLicenseFile(sha256UrlFromString, workPath);
            return null;
        }
    }

    @Override // com.huawei.wisecloud.drmclient.client.HwDrmClientProvider
    public HwDrmLicense praseLicenseRSP(String str) throws HwDrmException {
        HwDrmLicense praseLicense = praseLicense(str);
        saveLicenseToMap(praseLicense);
        saveLicenseToLocal(str, praseLicense);
        return praseLicense;
    }

    public void setmServerPubKey(PublicKey publicKey) {
        this.mServerPubKey = publicKey;
    }
}
