package com.ingeek.nokeeu.security;

import android.content.Context;
import android.os.Environment;
import android.text.TextUtils;
import android.util.Log;
import com.autonavi.amap.mapcore.tools.GlMapUtil;
import com.ingeek.nokeeu.key.ble.bean.ClientAnswerCode;
import com.ingeek.nokeeu.security.Constants;
import com.ingeek.nokeeu.security.attestation.Optional;
import com.ingeek.nokeeu.security.attestation.ParsedAttestationRecord;
import com.ingeek.nokeeu.security.attestation.RootOfTrust;
import com.ingeek.nokeeu.security.internal.ConstantsInternal;
import com.ingeek.nokeeu.security.internal.IngeekCertificate;
import com.ingeek.nokeeu.security.internal.SecurityEngineMessage;
import com.ingeek.nokeeu.security.operator.SecurityTA;
import com.ingeek.nokeeu.security.operator.callback.SecurityTAInstallCallback;
import com.ingeek.nokeeu.security.operator.keystore.TKeyStore;
import com.ingeek.nokeeu.security.operator.keystore.TKeyStoreExtension;
import com.ingeek.nokeeu.security.operator.tool.ByteTools;
import com.ingeek.nokeeu.security.utils.TADevice;
import com.ingeek.nokeeu.security.utils.TAFile;
import e.b.a.a.a;
import java.io.File;
import java.lang.ref.WeakReference;
import java.nio.ByteBuffer;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.interfaces.ECPublicKey;
import java.util.Arrays;
import java.util.Formatter;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Random;
import org.bouncycastle.crypto.tls.CipherSuite;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class SecurityEngineImpl extends SecurityEngine {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private static final int AES_KEY_HEADER_SIZE = 12;
    private static final byte INGEEK_COUNTER_LENGTH = 4;
    private static final byte INGEEK_EC_PUBKEY_LENGTH = 65;
    private static final byte INGEEK_ENCRYPTED_EC_PUBKEY_LENGTH = 80;
    private static final int INGEEK_HMAC_KEY_LEN = 32;
    private static final int INGEEK_HMAC_SHA256_OUTPUT_LEN = 32;
    private static final int INGEEK_MAX_SIGNAURE_LENGTH = 512;
    private static final int INGEEK_SESSION_IV_LENGTH = 16;
    private static final int INGEEK_SESSION_KEY_LENGTH = 16;
    private static final int INGEEK_SHA256_OUTPUT_LEN = 32;
    private static final int INGEEK_SHARED_INFO_LENGTH = 130;
    private static final byte INGEEK_SHARED_KEY_LENGTH = 32;
    private static final int INGEEK_SHORT_FINGERPRINT_LENGTH = 6;
    private static final int INGEEK_TRUST_KEY_RANDOM_LEN = 16;
    private static final int INGEEK_TRUST_KEY_SHARED_INFO_LENGTH = 162;
    private static final String TAG = "SecurityEngineImpl";
    private static final byte[] localFixedIV = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15};
    private static boolean sLibLoaded = false;
    private WeakReference<Context> mContext;
    private long mNativeHandle;
    private SecurityTA securityTA;
    private Map<String, LinkInfo> mLinks = new HashMap();
    private Map<String, TrustLinkInfo> mTrustLinks = new HashMap();

    /* renamed from: com.ingeek.nokeeu.security.SecurityEngineImpl$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$ingeek$nokeeu$security$Constants$IngeekCertificateType;

        static {
            Constants.IngeekCertificateType.values();
            int[] iArr = new int[7];
            $SwitchMap$com$ingeek$nokeeu$security$Constants$IngeekCertificateType = iArr;
            try {
                Constants.IngeekCertificateType ingeekCertificateType = Constants.IngeekCertificateType.Root;
                iArr[1] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                int[] iArr2 = $SwitchMap$com$ingeek$nokeeu$security$Constants$IngeekCertificateType;
                Constants.IngeekCertificateType ingeekCertificateType2 = Constants.IngeekCertificateType.SeRoot;
                iArr2[5] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                int[] iArr3 = $SwitchMap$com$ingeek$nokeeu$security$Constants$IngeekCertificateType;
                Constants.IngeekCertificateType ingeekCertificateType3 = Constants.IngeekCertificateType.DeviceOEM;
                iArr3[3] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                int[] iArr4 = $SwitchMap$com$ingeek$nokeeu$security$Constants$IngeekCertificateType;
                Constants.IngeekCertificateType ingeekCertificateType4 = Constants.IngeekCertificateType.VehicleOEM;
                iArr4[2] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                int[] iArr5 = $SwitchMap$com$ingeek$nokeeu$security$Constants$IngeekCertificateType;
                Constants.IngeekCertificateType ingeekCertificateType5 = Constants.IngeekCertificateType.Device;
                iArr5[6] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                int[] iArr6 = $SwitchMap$com$ingeek$nokeeu$security$Constants$IngeekCertificateType;
                Constants.IngeekCertificateType ingeekCertificateType6 = Constants.IngeekCertificateType.Vehicle;
                iArr6[4] = 6;
            } catch (NoSuchFieldError unused6) {
            }
        }
    }

    public SecurityEngineImpl(Context context) {
        this.mContext = new WeakReference<>(context);
        String tAFileDir = TAFile.getTAFileDir(context);
        String tAFileDir2 = TAFile.getTAFileDir(context);
        String str = context.getApplicationInfo().nativeLibraryDir;
        File file = new File(tAFileDir2);
        if (!file.exists()) {
            Log.i(TAG, "mkdirs result is " + file.mkdirs() + "when install SecurityEngineImpl");
        }
        String deviceId = TADevice.getDeviceId(context);
        Log.i(TAG, "Initialize Ingeek Security Engine deviceId '" + deviceId + ", " + tAFileDir2);
        this.mNativeHandle = nativeObjectInit(context, deviceId, tAFileDir, tAFileDir2, str);
        this.securityTA = SecurityTA.create(context);
    }

    private byte[] buildTrustKeyAuthRequest(int i, byte[] bArr, byte[] bArr2, byte[] bArr3, String str) {
        int length;
        byte[] nativeCodedSign2RawSign;
        byte[] bArr4 = new byte[512];
        bArr4[0] = 1;
        bArr4[1] = 1;
        bArr4[2] = (byte) i;
        if (i == 1) {
            length = 11;
            bArr4[3] = 2;
            bArr4[4] = 6;
            if (bArr.length != 6) {
                return null;
            }
            System.arraycopy(bArr, 0, bArr4, 5, bArr.length);
        } else {
            if (7 + bArr.length > 512) {
                return null;
            }
            bArr4[3] = 2;
            bArr4[4] = -126;
            byte[] array = ByteBuffer.allocate(2).putShort((short) bArr.length).array();
            System.arraycopy(array, 0, bArr4, 5, array.length);
            int length2 = array.length + 5;
            System.arraycopy(bArr, 0, bArr4, length2, bArr.length);
            length = length2 + bArr.length;
        }
        int i2 = length + 1;
        int i3 = i2 + 1;
        int i4 = i3 + 65;
        if (i4 > 512) {
            return null;
        }
        bArr4[length] = 3;
        bArr4[i2] = 65;
        System.arraycopy(bArr2, 0, bArr4, i3, bArr2.length);
        int i5 = i4 + 1;
        int i6 = i5 + 1;
        int i7 = i6 + 16;
        if (i7 > 512) {
            return null;
        }
        bArr4[i4] = 4;
        bArr4[i5] = 16;
        System.arraycopy(bArr3, 0, bArr4, i6, bArr3.length);
        byte[] signWithECDSA = TKeyStore.get().signWithECDSA(str, Arrays.copyOfRange(bArr4, 0, i7));
        if (signWithECDSA == null || (nativeCodedSign2RawSign = nativeCodedSign2RawSign(this.mNativeHandle, signWithECDSA)) == null) {
            return null;
        }
        int i8 = i7 + 1;
        int i9 = i8 + 1;
        if (signWithECDSA.length + i9 > 512) {
            return null;
        }
        bArr4[i7] = 5;
        bArr4[i8] = (byte) nativeCodedSign2RawSign.length;
        System.arraycopy(nativeCodedSign2RawSign, 0, bArr4, i9, nativeCodedSign2RawSign.length);
        return Arrays.copyOfRange(bArr4, 0, i9 + nativeCodedSign2RawSign.length);
    }

    private int buildTrustKeyMaterial(TrustLinkInfo trustLinkInfo, byte[] bArr) {
        byte[] ecdh = ecdh(trustLinkInfo);
        if (ecdh == null) {
            return -6;
        }
        trustLinkInfo.setECDHSecret(ecdh);
        byte[] bArr2 = new byte[162];
        System.arraycopy(TKeyStore.get().convertToUncompressedPoint((ECPublicKey) trustLinkInfo.getLocalKeyPair().getPublic()), 0, bArr2, 0, 65);
        System.arraycopy(bArr, 0, bArr2, 65, 65);
        System.arraycopy(trustLinkInfo.getNa(), 0, bArr2, 130, 16);
        System.arraycopy(trustLinkInfo.getNb(), 0, bArr2, CipherSuite.TLS_RSA_PSK_WITH_RC4_128_SHA, 16);
        trustLinkInfo.setShareInfo(bArr2);
        byte[] bArr3 = new byte[198];
        byte[] bArr4 = new byte[64];
        byte[] bArr5 = new byte[16];
        byte[] bArr6 = new byte[16];
        byte[] bArr7 = new byte[16];
        byte[] bArr8 = new byte[32];
        System.arraycopy(trustLinkInfo.getECDHSecret(), 0, bArr3, 0, 32);
        System.arraycopy(ByteBuffer.allocate(4).putInt(1).array(), 0, bArr3, 32, 4);
        System.arraycopy(trustLinkInfo.getShareInfo(), 0, bArr3, 36, 162);
        System.arraycopy(TKeyStore.get().sha256(bArr3), 0, bArr4, 0, 32);
        System.arraycopy(ByteBuffer.allocate(4).putInt(2).array(), 0, bArr3, 32, 4);
        System.arraycopy(TKeyStore.get().sha256(bArr3), 0, bArr4, 32, 32);
        System.arraycopy(bArr4, 0, bArr5, 0, 16);
        System.arraycopy(bArr4, 16, bArr6, 0, 16);
        System.arraycopy(bArr4, 32, bArr8, 0, 32);
        System.arraycopy(bArr4, 48, bArr7, 0, 16);
        trustLinkInfo.setSessionKey(bArr5, bArr6, bArr7, bArr8);
        return 0;
    }

    private int calcKeyMaterial(LinkInfo linkInfo) {
        byte[] bArr = new byte[CipherSuite.TLS_DH_anon_WITH_AES_128_GCM_SHA256];
        byte[] bArr2 = new byte[16];
        byte[] bArr3 = new byte[16];
        byte[] bArr4 = new byte[16];
        byte[] bArr5 = new byte[32];
        System.arraycopy(linkInfo.getECDHSecret(), 0, bArr, 0, 32);
        bArr[32] = (byte) 0;
        bArr[33] = (byte) 0;
        bArr[34] = (byte) 0;
        bArr[35] = (byte) 1;
        System.arraycopy(linkInfo.getShareInfo(), 0, bArr, 36, 130);
        byte[] sha256 = TKeyStore.get().sha256(bArr);
        System.arraycopy(sha256, 0, bArr2, 0, 16);
        System.arraycopy(sha256, 16, bArr3, 0, 16);
        bArr[32] = (byte) 0;
        bArr[33] = (byte) 0;
        bArr[34] = (byte) 0;
        bArr[35] = (byte) 2;
        byte[] sha2562 = TKeyStore.get().sha256(bArr);
        System.arraycopy(sha2562, 0, bArr5, 0, 32);
        System.arraycopy(sha2562, 16, bArr4, 0, 16);
        linkInfo.setSessionKey(bArr2, bArr3, bArr4, bArr5);
        return 0;
    }

    static byte[] composeAuthPacket(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[] bArr4 = new byte[256];
        bArr4[0] = 1;
        bArr4[1] = 1;
        bArr4[2] = 1;
        bArr4[3] = 2;
        bArr4[4] = 6;
        System.arraycopy(bArr, 0, bArr4, 5, 6);
        bArr4[11] = 3;
        bArr4[12] = 65;
        System.arraycopy(bArr2, 0, bArr4, 13, 65);
        bArr4[78] = 4;
        bArr4[79] = (byte) bArr3.length;
        System.arraycopy(bArr3, 0, bArr4, 80, bArr3.length);
        return Arrays.copyOf(bArr4, 80 + bArr3.length);
    }

    private byte[] composeAuthSERootPacket(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[] bArr4 = new byte[2048];
        short length = (short) bArr.length;
        bArr4[0] = 1;
        bArr4[1] = 1;
        bArr4[2] = 1;
        bArr4[3] = 2;
        bArr4[4] = -126;
        bArr4[5] = (byte) (length >>> 8);
        bArr4[6] = (byte) length;
        if (bArr.length + 7 > 2048) {
            return null;
        }
        System.arraycopy(bArr, 0, bArr4, 7, bArr.length);
        int length2 = 7 + bArr.length;
        if (length2 + 65 + 2 > 2048) {
            return null;
        }
        bArr4[length2] = 3;
        int i = length2 + 1;
        bArr4[i] = 65;
        int i2 = i + 1;
        System.arraycopy(bArr2, 0, bArr4, i2, 65);
        int i3 = i2 + 65;
        if (bArr3.length + i3 + 2 > 2048) {
            return null;
        }
        bArr4[i3] = 4;
        int i4 = i3 + 1;
        bArr4[i4] = (byte) bArr3.length;
        int i5 = i4 + 1;
        System.arraycopy(bArr3, 0, bArr4, i5, bArr3.length);
        return Arrays.copyOf(bArr4, i5 + bArr3.length);
    }

    private static byte[] composeSessionPacket(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[] bArr4 = new byte[256];
        bArr4[0] = 1;
        bArr4[1] = 1;
        bArr4[2] = 1;
        bArr4[3] = 2;
        bArr4[4] = 6;
        System.arraycopy(bArr, 0, bArr4, 5, 6);
        bArr4[11] = 3;
        bArr4[12] = 65;
        System.arraycopy(bArr2, 0, bArr4, 13, 65);
        bArr4[78] = 4;
        bArr4[79] = (byte) bArr3.length;
        System.arraycopy(bArr3, 0, bArr4, 80, bArr3.length);
        return Arrays.copyOf(bArr4, 80 + bArr3.length);
    }

    private static byte[] composeSessionSERootPacket(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[] bArr4 = new byte[256];
        bArr4[0] = 1;
        bArr4[1] = 1;
        bArr4[2] = 1;
        bArr4[3] = 2;
        bArr4[4] = INGEEK_ENCRYPTED_EC_PUBKEY_LENGTH;
        System.arraycopy(bArr, 0, bArr4, 5, 80);
        bArr4[85] = 3;
        bArr4[86] = 65;
        System.arraycopy(bArr2, 0, bArr4, 87, 65);
        bArr4[152] = 4;
        bArr4[153] = (byte) bArr3.length;
        System.arraycopy(bArr3, 0, bArr4, CipherSuite.TLS_DHE_RSA_WITH_SEED_CBC_SHA, bArr3.length);
        return Arrays.copyOf(bArr4, CipherSuite.TLS_DHE_RSA_WITH_SEED_CBC_SHA + bArr3.length);
    }

    private Constants.IngeekCertificateType convertToCertType(int i) {
        Constants.IngeekCertificateType ingeekCertificateType = Constants.IngeekCertificateType.Unknow;
        Constants.IngeekCertificateType ingeekCertificateType2 = Constants.IngeekCertificateType.Root;
        if (i != ingeekCertificateType2.getType()) {
            ingeekCertificateType2 = Constants.IngeekCertificateType.SeRoot;
            if (i != ingeekCertificateType2.getType()) {
                ingeekCertificateType2 = Constants.IngeekCertificateType.VehicleOEM;
                if (i != ingeekCertificateType2.getType()) {
                    ingeekCertificateType2 = Constants.IngeekCertificateType.DeviceOEM;
                    if (i != ingeekCertificateType2.getType()) {
                        ingeekCertificateType2 = Constants.IngeekCertificateType.Device;
                        if (i != ingeekCertificateType2.getType()) {
                            ingeekCertificateType2 = Constants.IngeekCertificateType.Vehicle;
                            if (i != ingeekCertificateType2.getType()) {
                                return ingeekCertificateType;
                            }
                        }
                    }
                }
            }
        }
        return ingeekCertificateType2;
    }

    /* JADX WARN: Type inference failed for: r5v1, types: [T, byte[]] */
    private IngeekReturnValue<byte[]> cryptLocalData(byte[] bArr, boolean z) {
        IngeekReturnValue<byte[]> ingeekReturnValue = new IngeekReturnValue<>();
        ingeekReturnValue.code = -1;
        Key localCryptoKey = TKeyStore.get().getLocalCryptoKey(ConstantsInternal.local_asf143fdaf0fda);
        if (localCryptoKey == null) {
            ingeekReturnValue.code = -6;
            return ingeekReturnValue;
        }
        ?? doCipherWithNoPadding = TKeyStore.get().doCipherWithNoPadding(bArr, localCryptoKey, localFixedIV, z);
        if (doCipherWithNoPadding == 0) {
            ingeekReturnValue.code = -8;
            return ingeekReturnValue;
        }
        ingeekReturnValue.code = 0;
        ingeekReturnValue.value = doCipherWithNoPadding;
        return ingeekReturnValue;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private SessionSERootPacket decomposeSessionSERootPacket(byte[] bArr) {
        SessionSERootPacket sessionSERootPacket = new SessionSERootPacket();
        if (3 > bArr.length || bArr[0] != 1 || bArr[1] != 1 || bArr[2] != 1 || 85 > bArr.length || bArr[3] != 2 || bArr[4] != 80) {
            return null;
        }
        byte[] bArr2 = new byte[80];
        sessionSERootPacket.pubKey1 = bArr2;
        System.arraycopy(bArr, 5, bArr2, 0, 80);
        if (152 > bArr.length || bArr[85] != 3 || bArr[86] != 65) {
            return null;
        }
        byte[] bArr3 = new byte[65];
        sessionSERootPacket.pubKey2 = bArr3;
        System.arraycopy(bArr, 87, bArr3, 0, 65);
        if (154 > bArr.length || bArr[152] != 4) {
            return null;
        }
        int i = bArr[153];
        if (CipherSuite.TLS_DHE_RSA_WITH_SEED_CBC_SHA + i > bArr.length) {
            return null;
        }
        byte[] bArr4 = new byte[i];
        sessionSERootPacket.sign = bArr4;
        System.arraycopy(bArr, CipherSuite.TLS_DHE_RSA_WITH_SEED_CBC_SHA, bArr4, 0, i);
        return sessionSERootPacket;
    }

    private byte[] decryptSessionData(String str, byte[] bArr) {
        LinkInfo link;
        SessionKeyInfo deriveSessionKey;
        if (str == null || bArr == null || bArr.length < 32 || (link = getLink(str)) == null || (deriveSessionKey = deriveSessionKey(link, false)) == null) {
            return null;
        }
        int length = bArr.length - 32;
        byte[] bArr2 = new byte[length];
        System.arraycopy(bArr, 0, bArr2, 0, length);
        byte[] bArr3 = new byte[32];
        System.arraycopy(bArr, length, bArr3, 0, 32);
        byte[] sha256Mac = TKeyStore.get().sha256Mac(bArr2, deriveSessionKey.hmacKey);
        if (sha256Mac != null && Arrays.equals(bArr3, sha256Mac)) {
            return TKeyStore.get().doCipherWithNoPadding(bArr2, deriveSessionKey.encKey, deriveSessionKey.iv, false);
        }
        return null;
    }

    private byte[] decryptSessionSERootPubKey(LinkInfo linkInfo, byte[] bArr) {
        SessionKeyInfo deriveSessionKey = deriveSessionKey(linkInfo, false);
        if (deriveSessionKey == null) {
            return null;
        }
        return TKeyStore.get().doCipherWithNoPadding(bArr, deriveSessionKey.encKey, deriveSessionKey.iv, false);
    }

    private byte[] decryptTrustKeyData(String str, byte[] bArr) {
        TrustLinkInfo trustLink;
        SessionKeyInfo updateSessionKeyInfo;
        if (str == null || bArr == null || bArr.length < 32 || (trustLink = getTrustLink(str)) == null || (updateSessionKeyInfo = updateSessionKeyInfo(trustLink, false)) == null) {
            return null;
        }
        int length = bArr.length - 32;
        byte[] bArr2 = new byte[length];
        System.arraycopy(bArr, 0, bArr2, 0, length);
        byte[] bArr3 = new byte[32];
        System.arraycopy(bArr, length, bArr3, 0, 32);
        byte[] sha256Mac = TKeyStore.get().sha256Mac(bArr2, updateSessionKeyInfo.hmacKey);
        if (sha256Mac != null && Arrays.equals(bArr3, sha256Mac)) {
            return TKeyStore.get().doCipherWithNoPadding(bArr2, updateSessionKeyInfo.encKey, updateSessionKeyInfo.iv, false);
        }
        return null;
    }

    private SessionKeyInfo deriveSessionKey(LinkInfo linkInfo, boolean z) {
        SessionKeyInfo sessionKeyInfo = new SessionKeyInfo();
        sessionKeyInfo.encKey = linkInfo.getAESKey();
        sessionKeyInfo.hmacKey = linkInfo.getHMacKey();
        if (z) {
            byte[] nativeAddToBigNumber = nativeAddToBigNumber(this.mNativeHandle, linkInfo.getAESEncryptIV(), 1);
            if (nativeAddToBigNumber == null || nativeAddToBigNumber.length < 16) {
                return null;
            }
            if (nativeAddToBigNumber.length > 16) {
                nativeAddToBigNumber = Arrays.copyOf(nativeAddToBigNumber, 16);
            }
            sessionKeyInfo.iv = nativeAddToBigNumber;
            linkInfo.setEncryptIv(nativeAddToBigNumber);
        } else {
            sessionKeyInfo.iv = linkInfo.getAESDecryptIV();
        }
        return sessionKeyInfo;
    }

    private byte[] ecdh(LinkInfo linkInfo) {
        try {
            return TKeyStore.get().ecdh(linkInfo.getLocalKeyPair().getPrivate(), linkInfo.getRemotePublicKey());
        } catch (Exception e2) {
            Log.e(TAG, e2.toString());
            return null;
        }
    }

    private byte[] ecdh(TrustLinkInfo trustLinkInfo) {
        try {
            return TKeyStore.get().ecdh(trustLinkInfo.getLocalKeyPair().getPrivate(), trustLinkInfo.getRemotePublicKey());
        } catch (Exception e2) {
            Log.e(TAG, e2.toString());
            return null;
        }
    }

    /* JADX WARN: Type inference failed for: r2v1, types: [T, byte[]] */
    private IngeekReturnValue<byte[]> encryptDataWithTrustKey(String str, Constants.Algorithm algorithm, byte[] bArr, boolean z) {
        IngeekReturnValue<byte[]> ingeekReturnValue = new IngeekReturnValue<>();
        ingeekReturnValue.code = -1;
        ?? encryptTrustKeyData = encryptTrustKeyData(str, algorithm, bArr, false);
        if (encryptTrustKeyData == 0) {
            ingeekReturnValue.code = -8;
            return ingeekReturnValue;
        }
        ingeekReturnValue.code = 0;
        ingeekReturnValue.value = encryptTrustKeyData;
        return ingeekReturnValue;
    }

    private byte[] encryptSessionData(String str, byte[] bArr) {
        LinkInfo link;
        SessionKeyInfo deriveSessionKey;
        byte[] doCipherWithNoPadding;
        byte[] sha256Mac;
        if (str == null || bArr == null || (link = getLink(str)) == null || (deriveSessionKey = deriveSessionKey(link, true)) == null || (doCipherWithNoPadding = TKeyStore.get().doCipherWithNoPadding(bArr, deriveSessionKey.encKey, deriveSessionKey.iv, true)) == null || (sha256Mac = TKeyStore.get().sha256Mac(doCipherWithNoPadding, deriveSessionKey.hmacKey)) == null) {
            return null;
        }
        byte[] bArr2 = new byte[doCipherWithNoPadding.length + sha256Mac.length];
        System.arraycopy(doCipherWithNoPadding, 0, bArr2, 0, doCipherWithNoPadding.length);
        System.arraycopy(sha256Mac, 0, bArr2, doCipherWithNoPadding.length, sha256Mac.length);
        return bArr2;
    }

    private byte[] encryptTrustKeyData(String str, Constants.Algorithm algorithm, byte[] bArr, boolean z) {
        TrustLinkInfo trustLink;
        if (str == null || bArr == null || (trustLink = getTrustLink(str)) == null) {
            return null;
        }
        trustLink.setSignCounter(trustLink.getSignCounter() + 1);
        if (z) {
            return signData(trustLink.getHMacKey(), bArr, trustLink.getSignCounter());
        }
        Constants.Algorithm algorithm2 = Constants.Algorithm.ALGORITHM_AES128_CBC_HMACSHA256_80;
        if (algorithm != algorithm2) {
            byte[] nativeAddToBigNumber = nativeAddToBigNumber(this.mNativeHandle, trustLink.getAESEncryptIV(), 1);
            if (nativeAddToBigNumber == null || nativeAddToBigNumber.length < 16) {
                return null;
            }
            if (nativeAddToBigNumber.length > 16) {
                nativeAddToBigNumber = Arrays.copyOf(nativeAddToBigNumber, 16);
            }
            trustLink.setEncryptIv(nativeAddToBigNumber);
        }
        byte[] doCipherWithNoPadding = TKeyStore.get().doCipherWithNoPadding(bArr, trustLink.getAESKey(), trustLink.getAESEncryptIV(), true);
        if (doCipherWithNoPadding == null) {
            return null;
        }
        if (algorithm == algorithm2) {
            return signData(trustLink.getHMacKey(), doCipherWithNoPadding, trustLink.getSignCounter());
        }
        byte[] sha256Mac = TKeyStore.get().sha256Mac(doCipherWithNoPadding, trustLink.getHMacKey());
        if (sha256Mac == null) {
            return null;
        }
        byte[] bArr2 = new byte[doCipherWithNoPadding.length + sha256Mac.length];
        System.arraycopy(doCipherWithNoPadding, 0, bArr2, 0, doCipherWithNoPadding.length);
        System.arraycopy(sha256Mac, 0, bArr2, doCipherWithNoPadding.length, sha256Mac.length);
        return bArr2;
    }

    private String getAppStorageDir(Context context) {
        return context.getExternalFilesDir(Environment.DIRECTORY_DOCUMENTS).getAbsolutePath();
    }

    private byte[] getCertDER(String str) {
        try {
            Certificate certificate = TKeyStore.get().getCertificate(str);
            if (certificate == null) {
                return null;
            }
            return certificate.getEncoded();
        } catch (Exception unused) {
            Log.e(TAG, "getCertDER failed");
            return null;
        }
    }

    private byte[] getCertFingerprint(String str) {
        byte[] sha256;
        byte[] certDER = getCertDER(str);
        if (certDER == null || (sha256 = TKeyStore.get().sha256(certDER)) == null) {
            return null;
        }
        return Arrays.copyOf(sha256, 6);
    }

    private String getCertificateAlias(String str, Constants.IngeekCertificateType ingeekCertificateType) {
        String prefix = getPrefix(ingeekCertificateType);
        if (ingeekCertificateType == Constants.IngeekCertificateType.Device) {
            return a.E(prefix, "_device_cert", str);
        }
        if (ingeekCertificateType == Constants.IngeekCertificateType.Vehicle) {
            return a.E(prefix, "_vehicle_cert", str);
        }
        StringBuilder b0 = a.b0(prefix, "_cert_");
        b0.append(this.mContext.get().getPackageName());
        return b0.toString();
    }

    private synchronized LinkInfo getLink(String str) {
        if (str == null) {
            return null;
        }
        LinkInfo linkInfo = this.mLinks.get(str);
        if (linkInfo == null) {
            linkInfo = new LinkInfo();
            this.mLinks.put(str, linkInfo);
        }
        return linkInfo;
    }

    private String getPrefix(Constants.IngeekCertificateType ingeekCertificateType) {
        switch (ingeekCertificateType.ordinal()) {
            case 1:
                return IngeekCertificate.INGEEK_ROOT_PREFIX;
            case 2:
                return IngeekCertificate.INGEEK_VEHICLEOEM_PREFIX;
            case 3:
                return IngeekCertificate.INGEEK_DEVICEOEM_PREFIX;
            case 4:
                return IngeekCertificate.INGEEK_VEHICLE_PREFIX;
            case 5:
                return IngeekCertificate.NGEEK_SE_ROOT_PREFIX;
            case 6:
                return IngeekCertificate.INGEEK_DEVICE_PREFIX;
            default:
                return "ingeek";
        }
    }

    private String getPrivateKeyAlias(String str, Constants.IngeekCertificateType ingeekCertificateType) {
        String N = a.N(new StringBuilder(), getPrefix(ingeekCertificateType), "_private_");
        if (ingeekCertificateType == Constants.IngeekCertificateType.SeRoot) {
            StringBuilder Y = a.Y(N);
            Y.append(this.mContext.get().getPackageName());
            return Y.toString();
        }
        if (ingeekCertificateType == Constants.IngeekCertificateType.Device) {
            return a.D(N, str);
        }
        throw new IllegalArgumentException("illegal type while generating private key alias.");
    }

    private byte[] getPubKeyFingerPrint(String str) {
        try {
            Certificate certificate = TKeyStore.get().getCertificate(str);
            if (certificate == null) {
                return null;
            }
            return Arrays.copyOf(TKeyStore.get().sha256(TKeyStore.get().convertToUncompressedPoint((ECPublicKey) certificate.getPublicKey())), 6);
        } catch (Exception e2) {
            Log.e(TAG, e2.toString());
            return null;
        }
    }

    private String getTrustKeyLabel(String str) {
        return a.D(str, ".tk");
    }

    private synchronized TrustLinkInfo getTrustLink(String str) {
        if (str == null) {
            return null;
        }
        TrustLinkInfo trustLinkInfo = this.mTrustLinks.get(str);
        if (trustLinkInfo == null) {
            trustLinkInfo = new TrustLinkInfo();
            this.mTrustLinks.put(str, trustLinkInfo);
        }
        return trustLinkInfo;
    }

    private static String hexBytes2String(byte[] bArr) {
        String str = "";
        if (bArr == null) {
            return "";
        }
        Formatter formatter = new Formatter();
        for (byte b : bArr) {
            str = formatter.format("%02X", Byte.valueOf(b)).toString();
        }
        return str;
    }

    private void initTA(Context context) {
        if (this.securityTA == null) {
            this.securityTA = SecurityTA.create(context);
        }
    }

    public static synchronized boolean initializeNativeLibs() {
        boolean z;
        synchronized (SecurityEngineImpl.class) {
            if (!sLibLoaded) {
                System.loadLibrary("ingeek-security-engine-nokee");
                sLibLoaded = nativeClassInit() == 0;
            }
            z = sLibLoaded;
        }
        return z;
    }

    private int loadCertificate(String str, byte[] bArr) {
        return TKeyStore.get().loadCertificate(str, bArr);
    }

    private native byte[] nativeAddToBigNumber(long j, byte[] bArr, int i);

    private static native int nativeClassInit();

    private native byte[] nativeCodedSign2RawSign(long j, byte[] bArr);

    private native byte[] nativeCreateCSR(long j, String str, int i, List<SubjectItem> list, byte[] bArr);

    private native byte[] nativeDecryptData(long j, String str, byte[] bArr);

    private native int nativeDeleteKey(long j, String str);

    private native int nativeDeleteTrustKey(long j, String str);

    private native int nativeDestroy(long j);

    private native byte[] nativeEncryptData(long j, String str, byte[] bArr);

    private native byte[] nativeGetCertificateInfo(long j, byte[] bArr);

    private native String nativeGetSdkVersion();

    private native byte[] nativeGetTrustKey(long j, String str);

    private native byte[] nativeKeyInfo(long j, String str);

    private native long nativeObjectInit(Object obj, String str, String str2, String str3, String str4);

    private native byte[] nativeRawSign2CodedSign(long j, byte[] bArr);

    private native int nativeRegisterSession(long j, String str, byte[] bArr, byte[] bArr2);

    private native byte[] nativeRequestAuth(long j, String str);

    private native byte[] nativeRequestSession(long j, String str, byte[] bArr);

    private native int nativeSetAESMode(long j, int i);

    private native int nativeStoreKey(long j, String str, byte[] bArr, byte[] bArr2, byte[] bArr3);

    private native int nativeStoreTrustKey(long j, String str, byte[] bArr);

    private native int nativeVerifyCertificate(long j, byte[] bArr, byte[] bArr2, List<byte[]> list, byte[] bArr3);

    private native int nativeVerifySession(long j, String str, byte[] bArr);

    private void parseCertificateInfoFromStr(String str, CertificateInfo certificateInfo) throws JSONException {
        JSONObject jSONObject = new JSONObject(str);
        certificateInfo.serialNumber = jSONObject.optString("serial_number");
        certificateInfo.version = jSONObject.optLong("version");
        certificateInfo.signatureAlgorithm = jSONObject.optString("signature_algorithm");
        certificateInfo.subject = jSONObject.optString("subject");
        certificateInfo.issuer = jSONObject.optString("issuer");
        JSONObject optJSONObject = jSONObject.optJSONObject("validity");
        if (optJSONObject != null) {
            certificateInfo.validity.notAfter = optJSONObject.optString("not_after");
            certificateInfo.validity.notBefore = optJSONObject.optString("not_before");
        }
        JSONObject optJSONObject2 = jSONObject.optJSONObject("subject_public_key_info");
        if (optJSONObject2 != null) {
            certificateInfo.publicKeyInfo.publicKeyAlgorithm = optJSONObject2.optString("public_key_algorithm");
            certificateInfo.publicKeyInfo.publicKey = optJSONObject2.optString("public_key").getBytes();
            certificateInfo.publicKeyInfo.publicKeySize = optJSONObject2.optInt(CertificateInfo.INGEEK_CERT_KEY_PK_SIZE);
            certificateInfo.publicKeyInfo.asn1OID = optJSONObject2.optString("asn1_oid");
            certificateInfo.publicKeyInfo.nistCurve = optJSONObject2.optString("nist_curve");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private SessionPacket parseRemoteSessionPacket(byte[] bArr) {
        SessionPacket sessionPacket = new SessionPacket();
        if (3 > bArr.length || bArr[0] != 1 || bArr[1] != 1 || bArr[2] != 1 || 11 > bArr.length || bArr[3] != 2 || bArr[4] != 6) {
            return null;
        }
        byte[] bArr2 = new byte[6];
        sessionPacket.fp = bArr2;
        System.arraycopy(bArr, 5, bArr2, 0, 6);
        if (78 > bArr.length || bArr[11] != 3 || bArr[12] != 65) {
            return null;
        }
        byte[] bArr3 = new byte[65];
        sessionPacket.pubKey = bArr3;
        System.arraycopy(bArr, 13, bArr3, 0, 65);
        if (80 > bArr.length || bArr[78] != 4) {
            return null;
        }
        int i = bArr[79];
        if (80 + i > bArr.length) {
            return null;
        }
        byte[] bArr4 = new byte[i];
        sessionPacket.sign = bArr4;
        System.arraycopy(bArr, 80, bArr4, 0, i);
        return sessionPacket;
    }

    private TrustKeyAuthPacket parseTrustKeyAuthResponse(IngeekTrustKey ingeekTrustKey, TrustLinkInfo trustLinkInfo, byte[] bArr) {
        byte b;
        int i;
        TrustKeyAuthPacket trustKeyAuthPacket = new TrustKeyAuthPacket();
        if (4 > bArr.length || bArr[0] != 1 || bArr[1] != 2) {
            return null;
        }
        short s = ByteBuffer.wrap(bArr, 2, 2).getShort();
        trustKeyAuthPacket.errorCode = s;
        if (s != 0) {
            return trustKeyAuthPacket;
        }
        if (71 > bArr.length || bArr[4] != 2 || bArr[5] != 65) {
            return null;
        }
        trustKeyAuthPacket.publicKey = Arrays.copyOfRange(bArr, 6, 71);
        if (89 > bArr.length || bArr[71] != 3 || bArr[72] != 16) {
            return null;
        }
        trustKeyAuthPacket.nb = Arrays.copyOfRange(bArr, 73, 89);
        if (91 > bArr.length || bArr[89] != 4 || (i = 91 + (b = bArr[90])) > bArr.length) {
            return null;
        }
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 91, i);
        if (b == 64) {
            copyOfRange = nativeRawSign2CodedSign(this.mNativeHandle, copyOfRange);
        }
        if (verifyTrustKeySign(ingeekTrustKey, trustLinkInfo, Arrays.copyOfRange(bArr, 0, (i - b) - 2), copyOfRange)) {
            return trustKeyAuthPacket;
        }
        return null;
    }

    private byte[] signData(byte[] bArr, byte[] bArr2, int i) {
        ByteBuffer allocate = ByteBuffer.allocate(4);
        allocate.putInt(i);
        byte[] array = allocate.array();
        byte[] bArr3 = new byte[bArr2.length + array.length];
        System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
        System.arraycopy(array, 0, bArr3, bArr2.length, array.length);
        byte[] sha256Mac = TKeyStore.get().sha256Mac(bArr3, bArr);
        byte[] bArr4 = new byte[bArr2.length + 10 + array.length];
        System.arraycopy(bArr2, 0, bArr4, 0, bArr2.length);
        System.arraycopy(sha256Mac, 0, bArr4, bArr2.length, 10);
        System.arraycopy(array, 0, bArr4, bArr2.length + 10, array.length);
        return bArr4;
    }

    private int storeRemoteTmpECPublicKey(String str, byte[] bArr) {
        int i = -2;
        if (str != null && bArr != null && bArr.length == 65) {
            LinkInfo link = getLink(str);
            if (link == null) {
                return -2;
            }
            i = -6;
            try {
                link.setRemotePublicKey(TKeyStore.get().getECPublicKey(bArr, ((ECPublicKey) link.getLocalKeyPair().getPublic()).getParams()));
                byte[] ecdh = ecdh(link);
                if (ecdh == null) {
                    return -6;
                }
                link.setECDHSecret(ecdh);
                byte[] bArr2 = new byte[130];
                System.arraycopy(TKeyStore.get().convertToUncompressedPoint((ECPublicKey) link.getLocalKeyPair().getPublic()), 0, bArr2, 0, 65);
                System.arraycopy(bArr, 0, bArr2, 65, 65);
                link.setShareInfo(bArr2);
                return calcKeyMaterial(link);
            } catch (Exception e2) {
                e2.printStackTrace();
            }
        }
        return i;
    }

    private int translateXSessionRetCode(short s) {
        switch (s) {
            case GlMapUtil.DEVICE_DISPLAY_DPI_XHIGH /* 480 */:
                return -22;
            case 481:
                return -23;
            case 482:
                return -24;
            case 483:
                return -25;
            case 484:
                return -26;
            default:
                return -1;
        }
    }

    private SessionKeyInfo updateSessionKeyInfo(TrustLinkInfo trustLinkInfo, boolean z) {
        SessionKeyInfo sessionKeyInfo = new SessionKeyInfo();
        sessionKeyInfo.encKey = trustLinkInfo.getAESKey();
        sessionKeyInfo.hmacKey = trustLinkInfo.getHMacKey();
        if (z) {
            byte[] nativeAddToBigNumber = nativeAddToBigNumber(this.mNativeHandle, trustLinkInfo.getAESEncryptIV(), 1);
            if (nativeAddToBigNumber == null || nativeAddToBigNumber.length < 16) {
                return null;
            }
            if (nativeAddToBigNumber.length > 16) {
                nativeAddToBigNumber = Arrays.copyOf(nativeAddToBigNumber, 16);
            }
            sessionKeyInfo.iv = nativeAddToBigNumber;
            trustLinkInfo.setEncryptIv(nativeAddToBigNumber);
        } else {
            sessionKeyInfo.iv = trustLinkInfo.getAESDecryptIV();
        }
        return sessionKeyInfo;
    }

    private int verifyCertificate(String str, Constants.IngeekCertificateType ingeekCertificateType, byte[] bArr, byte[] bArr2) {
        byte[] certDER = getCertDER(getCertificateAlias(str, Constants.IngeekCertificateType.Root));
        if (certDER == null) {
            return -6;
        }
        LinkedList linkedList = new LinkedList();
        byte[] certDER2 = getCertDER((ingeekCertificateType == Constants.IngeekCertificateType.SeRoot || ingeekCertificateType == Constants.IngeekCertificateType.Device) ? getCertificateAlias(str, Constants.IngeekCertificateType.DeviceOEM) : getCertificateAlias(str, Constants.IngeekCertificateType.VehicleOEM));
        if (certDER2 == null) {
            return -6;
        }
        linkedList.add(certDER2);
        return nativeVerifyCertificate(this.mNativeHandle, bArr, certDER, linkedList, bArr2);
    }

    private boolean verifySessionSERootSignature(LinkInfo linkInfo, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        byte[] bArr5 = new byte[bArr2.length + bArr3.length];
        System.arraycopy(bArr2, 0, bArr5, 0, bArr2.length);
        System.arraycopy(bArr3, 0, bArr5, bArr2.length, bArr3.length);
        try {
            return TKeyStore.get().verifyWithECDSA(TKeyStore.get().getECPublicKey(bArr, ((ECPublicKey) linkInfo.getLocalKeyPair().getPublic()).getParams()), bArr5, bArr4);
        } catch (Exception e2) {
            Log.e(TAG, e2.toString());
            return false;
        }
    }

    private boolean verifyTrustKeySign(IngeekTrustKey ingeekTrustKey, TrustLinkInfo trustLinkInfo, byte[] bArr, byte[] bArr2) {
        try {
            return TKeyStore.get().verifyWithECDSA(TKeyStore.get().getECPublicKey(ingeekTrustKey.vehiclePublicKey, ((ECPublicKey) trustLinkInfo.getLocalKeyPair().getPublic()).getParams()), bArr, bArr2);
        } catch (Exception unused) {
            return false;
        }
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public IngeekReturnValue<byte[]> completeAuthWithTrustKey(String str, byte[] bArr) {
        IngeekReturnValue<byte[]> ingeekReturnValue = new IngeekReturnValue<>();
        ingeekReturnValue.code = -1;
        IngeekTrustKey trustKey = trustKey(str);
        if (trustKey == null) {
            ingeekReturnValue.code = -2;
            return ingeekReturnValue;
        }
        TrustLinkInfo trustLink = getTrustLink(str);
        TrustKeyAuthPacket parseTrustKeyAuthResponse = parseTrustKeyAuthResponse(trustKey, trustLink, bArr);
        if (parseTrustKeyAuthResponse == null) {
            ingeekReturnValue.code = -9;
            return ingeekReturnValue;
        }
        short s = parseTrustKeyAuthResponse.errorCode;
        if (s != 0) {
            ingeekReturnValue.code = translateXSessionRetCode(s);
            return ingeekReturnValue;
        }
        try {
            trustLink.setRemotePublicKey(TKeyStore.get().getECPublicKey(parseTrustKeyAuthResponse.publicKey, ((ECPublicKey) trustLink.getLocalKeyPair().getPublic()).getParams()));
            trustLink.setNb(parseTrustKeyAuthResponse.nb);
            if (buildTrustKeyMaterial(trustLink, parseTrustKeyAuthResponse.publicKey) < 0) {
                ingeekReturnValue.code = -19;
                return ingeekReturnValue;
            }
            ingeekReturnValue.code = 0;
            return ingeekReturnValue;
        } catch (Exception unused) {
            ingeekReturnValue.code = -20;
            return ingeekReturnValue;
        }
    }

    /* JADX WARN: Type inference failed for: r3v2, types: [T, byte[]] */
    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public IngeekReturnValue<byte[]> createHmacSignature(byte[] bArr) {
        IngeekReturnValue<byte[]> ingeekReturnValue = new IngeekReturnValue<>();
        ingeekReturnValue.code = 0;
        if (bArr == null || bArr.length == 0) {
            ingeekReturnValue.code = -1;
            return ingeekReturnValue;
        }
        ?? createHmacSignature = TKeyStore.get().createHmacSignature(bArr);
        ingeekReturnValue.value = createHmacSignature;
        if (createHmacSignature == 0) {
            ingeekReturnValue.code = -2;
        }
        return ingeekReturnValue;
    }

    /* JADX WARN: Type inference failed for: r4v2, types: [T, byte[]] */
    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public IngeekReturnValue<byte[]> createIdentityKeyPair(String str) {
        IngeekReturnValue<byte[]> ingeekReturnValue = new IngeekReturnValue<>();
        ingeekReturnValue.code = -1;
        String trustKeyLabel = getTrustKeyLabel(str);
        if (TKeyStore.get().genECKeyPair(trustKeyLabel) < 0) {
            ingeekReturnValue.code = -6;
            return ingeekReturnValue;
        }
        ?? eCPubKeyData = TKeyStore.get().getECPubKeyData(trustKeyLabel);
        ingeekReturnValue.value = eCPubKeyData;
        if (eCPubKeyData == 0) {
            ingeekReturnValue.code = -6;
            return ingeekReturnValue;
        }
        ingeekReturnValue.code = 0;
        return ingeekReturnValue;
    }

    /* JADX WARN: Type inference failed for: r4v4, types: [T, byte[]] */
    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public IngeekReturnValue<byte[]> createSignature(String str, byte[] bArr) {
        IngeekReturnValue<byte[]> ingeekReturnValue = new IngeekReturnValue<>();
        ingeekReturnValue.code = 0;
        if (TextUtils.isEmpty(str) || bArr == null || bArr.length == 0) {
            ingeekReturnValue.code = -2;
            return ingeekReturnValue;
        }
        byte[] signWithECDSA = TKeyStore.get().signWithECDSA(getTrustKeyLabel(str), bArr);
        if (signWithECDSA == null) {
            ingeekReturnValue.code = -14;
            return ingeekReturnValue;
        }
        ?? nativeCodedSign2RawSign = nativeCodedSign2RawSign(this.mNativeHandle, signWithECDSA);
        if (nativeCodedSign2RawSign == 0) {
            ingeekReturnValue.code = -14;
            return ingeekReturnValue;
        }
        ingeekReturnValue.value = nativeCodedSign2RawSign;
        return ingeekReturnValue;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public TAResponse decryptData(String str, byte[] bArr) {
        TAResponse tAResponse = new TAResponse();
        byte[] nativeDecryptData = nativeDecryptData(this.mNativeHandle, str, bArr);
        if (nativeDecryptData == null) {
            tAResponse.code = -1;
            return tAResponse;
        }
        tAResponse.code = ByteBuffer.wrap(Arrays.copyOfRange(nativeDecryptData, 0, 4)).getInt();
        tAResponse.data = Arrays.copyOfRange(nativeDecryptData, 4, nativeDecryptData.length);
        return tAResponse;
    }

    /* JADX WARN: Type inference failed for: r3v1, types: [T, byte[]] */
    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public IngeekReturnValue<byte[]> decryptDataWithTrustKey(String str, byte[] bArr) {
        IngeekReturnValue<byte[]> ingeekReturnValue = new IngeekReturnValue<>();
        ingeekReturnValue.code = -1;
        ?? decryptTrustKeyData = decryptTrustKeyData(str, bArr);
        if (decryptTrustKeyData == 0) {
            ingeekReturnValue.code = -7;
            return ingeekReturnValue;
        }
        ingeekReturnValue.code = 0;
        ingeekReturnValue.value = decryptTrustKeyData;
        return ingeekReturnValue;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public TAResponse decryptWithCertificate(String str, byte[] bArr) {
        TAResponse tAResponse = new TAResponse();
        tAResponse.code = -1;
        byte[] decryptSessionData = decryptSessionData(str, bArr);
        if (decryptSessionData == null) {
            tAResponse.code = -7;
            tAResponse.message = "failed to decrypt data";
            return tAResponse;
        }
        tAResponse.code = 0;
        tAResponse.data = decryptSessionData;
        return tAResponse;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public IngeekReturnValue<byte[]> decryptWithGeneratedKey(byte[] bArr) {
        return cryptLocalData(bArr, false);
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public TAResponse deleteDeviceCertificate(String str) {
        TAResponse tAResponse = new TAResponse();
        tAResponse.data = null;
        tAResponse.code = -1;
        Constants.IngeekCertificateType ingeekCertificateType = Constants.IngeekCertificateType.Device;
        String certificateAlias = getCertificateAlias(str, ingeekCertificateType);
        String privateKeyAlias = getPrivateKeyAlias(str, ingeekCertificateType);
        try {
            if (TKeyStore.get().hasAlias(certificateAlias)) {
                TKeyStore.get().deleteEntry(certificateAlias);
            }
            if (TKeyStore.get().hasAlias(privateKeyAlias)) {
                TKeyStore.get().deleteEntry(privateKeyAlias);
            }
            tAResponse.code = 0;
        } catch (Exception e2) {
            Log.e(TAG, e2.toString());
            tAResponse.code = -6;
            tAResponse.message = a.D("exception when delete keystore item, keyId: ", str);
        }
        return tAResponse;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public int deleteKey(String str) {
        return nativeDeleteKey(this.mNativeHandle, str);
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public int deleteTrustKey(String str) {
        return nativeDeleteTrustKey(this.mNativeHandle, str) < 0 ? -21 : 0;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public TAResponse deleteVehicleCertificate(String str) {
        TAResponse tAResponse = new TAResponse();
        tAResponse.data = null;
        tAResponse.code = -1;
        String certificateAlias = getCertificateAlias(str, Constants.IngeekCertificateType.Vehicle);
        try {
            if (TKeyStore.get().hasAlias(certificateAlias)) {
                TKeyStore.get().deleteEntry(certificateAlias);
            }
            tAResponse.code = 0;
        } catch (Exception e2) {
            Log.e(TAG, e2.toString());
            tAResponse.code = -6;
            tAResponse.message = a.D("exception when delete keystore item, alias: ", certificateAlias);
        }
        return tAResponse;
    }

    public void doDestroy() {
        nativeDestroy(this.mNativeHandle);
        this.mNativeHandle = 0L;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public TAResponse encryptData(String str, byte[] bArr) {
        TAResponse tAResponse = new TAResponse();
        byte[] nativeEncryptData = nativeEncryptData(this.mNativeHandle, str, bArr);
        if (nativeEncryptData == null) {
            tAResponse.code = -1;
            return tAResponse;
        }
        tAResponse.code = ByteBuffer.wrap(Arrays.copyOfRange(nativeEncryptData, 0, 4)).getInt();
        tAResponse.data = Arrays.copyOfRange(nativeEncryptData, 4, nativeEncryptData.length);
        return tAResponse;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public IngeekReturnValue<byte[]> encryptDataWithTrustKey(String str, Constants.Algorithm algorithm, byte[] bArr) {
        return encryptDataWithTrustKey(str, algorithm, bArr, false);
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    @Deprecated
    public IngeekReturnValue<byte[]> encryptDataWithTrustKey(String str, byte[] bArr) {
        return encryptDataWithTrustKey(str, Constants.Algorithm.ALGORITHM_AES128_CBC_HMACSHA256, bArr);
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public TAResponse encryptWithCertificate(String str, byte[] bArr) {
        TAResponse tAResponse = new TAResponse();
        tAResponse.code = -1;
        byte[] encryptSessionData = encryptSessionData(str, bArr);
        if (encryptSessionData == null) {
            tAResponse.code = -8;
            tAResponse.message = "failed to encrypt data";
            return tAResponse;
        }
        tAResponse.code = 0;
        tAResponse.data = encryptSessionData;
        return tAResponse;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public IngeekReturnValue<byte[]> encryptWithGeneratedKey(byte[] bArr) {
        return cryptLocalData(bArr, true);
    }

    /* JADX WARN: Type inference failed for: r2v3, types: [T, byte[][]] */
    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public IngeekReturnValue<byte[][]> getAttestation(byte[] bArr) {
        IngeekReturnValue<byte[][]> ingeekReturnValue = new IngeekReturnValue<>();
        ingeekReturnValue.code = 0;
        if (bArr == null) {
            ingeekReturnValue.code = -1;
            return ingeekReturnValue;
        }
        if (TKeyStore.get().hasAlias(ConstantsInternal.oO0O121nkdfa021412)) {
            try {
                TKeyStore.get().deleteEntry(ConstantsInternal.oO0O121nkdfa021412);
            } catch (KeyStoreException unused) {
            }
        }
        TKeyStore.get().createWrapKeyPair(this.mContext.get(), ConstantsInternal.oO0O121nkdfa021412, bArr);
        Certificate[] attestationCertChain = TKeyStore.get().getAttestationCertChain(ConstantsInternal.oO0O121nkdfa021412);
        if (attestationCertChain == null || attestationCertChain.length < 2) {
            ingeekReturnValue.code = -9802;
            return ingeekReturnValue;
        }
        ?? r2 = new byte[attestationCertChain.length];
        for (int i = 0; i < attestationCertChain.length; i++) {
            try {
                r2[i] = attestationCertChain[i].getEncoded();
            } catch (CertificateEncodingException unused2) {
                Log.e(TAG, "Failed to get certificate chain");
                return ingeekReturnValue;
            }
        }
        ingeekReturnValue.value = r2;
        ParsedAttestationRecord attestationRecord = TKeyStore.get().getAttestationRecord(attestationCertChain[0]);
        ParsedAttestationRecord.SecurityLevel securityLevel = attestationRecord.attestationSecurityLevel;
        ParsedAttestationRecord.SecurityLevel securityLevel2 = ParsedAttestationRecord.SecurityLevel.SOFTWARE;
        if (securityLevel == securityLevel2 && attestationRecord.keymasterSecurityLevel == securityLevel2) {
            ingeekReturnValue.code = -7;
        }
        Optional<RootOfTrust> optional = attestationRecord.teeEnforced.rootOfTrust;
        if (optional.isPresent() && (!optional.get().deviceLocked || optional.get().verifiedBootState != RootOfTrust.VerifiedBootState.VERIFIED)) {
            ingeekReturnValue.code = -8;
        }
        return ingeekReturnValue;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public TAResponse getCertificate(String str, Constants.IngeekCertificateType ingeekCertificateType) {
        TAResponse tAResponse = new TAResponse();
        tAResponse.data = null;
        tAResponse.code = -1;
        byte[] certDER = getCertDER(getCertificateAlias(str, ingeekCertificateType));
        if (certDER != null) {
            tAResponse.data = certDER;
            if (ingeekCertificateType == Constants.IngeekCertificateType.SeRoot || ingeekCertificateType == Constants.IngeekCertificateType.Device || ingeekCertificateType == Constants.IngeekCertificateType.Vehicle) {
                byte[] bArr = new byte[1];
                if (verifyCertificate(str, ingeekCertificateType, certDER, bArr) < 0) {
                    tAResponse.code = -3;
                    StringBuilder Y = a.Y("verify cert failed, type ");
                    Y.append(ingeekCertificateType.getType());
                    Y.append(", errCode: ");
                    Y.append((int) bArr[0]);
                    tAResponse.message = Y.toString();
                    StringBuilder Y2 = a.Y("verify cert failed, type ");
                    Y2.append(ingeekCertificateType.getType());
                    Y2.append(", errCode: ");
                    Y2.append((int) bArr[0]);
                    Log.e(TAG, Y2.toString());
                } else {
                    tAResponse.code = 0;
                }
            } else {
                tAResponse.code = 0;
            }
        } else {
            tAResponse.code = -6;
            StringBuilder Y3 = a.Y("get cert failed, alias: ");
            Y3.append(getCertificateAlias(str, ingeekCertificateType));
            tAResponse.message = Y3.toString();
        }
        return tAResponse;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public TAResponse getCertificateInfo(String str, Constants.IngeekCertificateType ingeekCertificateType, CertificateInfo certificateInfo) {
        TAResponse tAResponse = new TAResponse();
        tAResponse.data = null;
        tAResponse.code = -1;
        byte[] certDER = getCertDER(getCertificateAlias(str, ingeekCertificateType));
        if (certDER == null) {
            tAResponse.code = -6;
            tAResponse.message = "get cert data from keystore failed, keyid: " + str + ", type: " + ingeekCertificateType;
            return tAResponse;
        }
        byte[] nativeGetCertificateInfo = nativeGetCertificateInfo(this.mNativeHandle, certDER);
        if (nativeGetCertificateInfo == null) {
            tAResponse.code = -18;
            tAResponse.message = "nativeGetCertificateInfo failed";
            return tAResponse;
        }
        if (certificateInfo == null) {
            certificateInfo = new CertificateInfo();
        }
        certificateInfo.validity = new Validity();
        certificateInfo.publicKeyInfo = new SubjectPublicKeyInfo();
        try {
            parseCertificateInfoFromStr(new String(nativeGetCertificateInfo), certificateInfo);
        } catch (JSONException e2) {
            StringBuilder Y = a.Y("Failed to get cert info: ");
            Y.append(e2.toString());
            Log.e(TAG, Y.toString());
        }
        tAResponse.data = null;
        tAResponse.code = 0;
        return tAResponse;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public TAResponse getKeyInfo(String str) {
        TAResponse tAResponse = new TAResponse();
        byte[] nativeKeyInfo = nativeKeyInfo(this.mNativeHandle, str);
        if (nativeKeyInfo == null) {
            tAResponse.code = -1;
            return tAResponse;
        }
        if (nativeKeyInfo.length <= 4) {
            tAResponse.code = -1;
            tAResponse.data = null;
            return tAResponse;
        }
        int i = ByteBuffer.wrap(Arrays.copyOfRange(nativeKeyInfo, 0, 4)).getInt();
        tAResponse.code = i;
        if (i != 0) {
            tAResponse.data = null;
        } else {
            tAResponse.data = Arrays.copyOfRange(nativeKeyInfo, 4, nativeKeyInfo.length);
        }
        return tAResponse;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public IngeekTAInfo getTAInfo() {
        SecurityTA securityTA = this.securityTA;
        if (securityTA == null) {
            return null;
        }
        return securityTA.getTAInfo();
    }

    protected byte[] handleEvent(int i, byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        switch (i) {
            case 1001:
                SecurityEngineMessage.PEncryptData pEncryptData = new SecurityEngineMessage.PEncryptData();
                pEncryptData.unmarshall(bArr);
                StringBuilder Y = a.Y("onEvent: ");
                Y.append(pEncryptData.keyId);
                Y.append(", ");
                Y.append(pEncryptData.mode);
                Y.append(", ");
                Y.append(hexBytes2String(pEncryptData.data));
                Log.e(TAG, Y.toString());
                try {
                    return this.securityTA.onEncrypt(pEncryptData.keyId, pEncryptData.data, pEncryptData.iv);
                } catch (Exception e2) {
                    StringBuilder Y2 = a.Y("加密失败");
                    Y2.append(e2.getMessage());
                    Log.e(TAG, Y2.toString());
                    return null;
                }
            case 1002:
                SecurityEngineMessage.PEncryptData pEncryptData2 = new SecurityEngineMessage.PEncryptData();
                pEncryptData2.unmarshall(bArr);
                StringBuilder Y3 = a.Y("onEvent: ");
                Y3.append(pEncryptData2.keyId);
                Y3.append(", ");
                Y3.append(pEncryptData2.mode);
                Y3.append(", ");
                Y3.append(hexBytes2String(pEncryptData2.data));
                Log.e(TAG, Y3.toString());
                try {
                    return this.securityTA.onDecrypt(pEncryptData2.keyId, pEncryptData2.data, pEncryptData2.iv);
                } catch (Exception e3) {
                    StringBuilder Y4 = a.Y("解密失败");
                    Y4.append(e3.getMessage());
                    Log.e(TAG, Y4.toString());
                    return null;
                }
            case 1003:
                byte b = bArr[0];
                int i2 = b + 1;
                String str = new String(Arrays.copyOfRange(bArr, 1, i2));
                byte b2 = bArr[i2];
                return TKeyStore.get().signWithECDSA(getPrivateKeyAlias(str, convertToCertType(b2)), Arrays.copyOfRange(bArr, b + 2, bArr.length));
            default:
                return null;
        }
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public boolean hasSecureHardware() {
        return TKeyStoreExtension.hasSecureHardware();
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public boolean hasStrongBox(Context context) {
        return TKeyStoreExtension.hasStrongBox(context);
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public int importHmacSignatureKey(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return -4;
        }
        return TKeyStore.get().importHmacSignatureKey(bArr);
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public void installTAWhiteBox(Context context, SecurityTAInstallCallback securityTAInstallCallback) {
        Log.d(TAG, "call installTAWhiteBox");
        initTA(context);
        this.securityTA.installTA(context, securityTAInstallCallback);
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public boolean isInstalled(Context context) {
        initTA(context);
        return this.securityTA.isInstalled(context);
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public boolean isSupportImportKey() {
        return TKeyStoreExtension.isSupportImportWrappedKey();
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public byte[] makeFakeMetaData(String str) {
        byte[] bArr = new byte[512];
        bArr[0] = 17;
        bArr[1] = 1;
        System.arraycopy(new byte[]{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, 0, bArr, 2, 16);
        bArr[18] = 5;
        bArr[19] = 2;
        System.arraycopy(ByteBuffer.allocate(4).putInt(286331153).array(), 0, bArr, 20, 4);
        bArr[24] = 5;
        bArr[25] = 3;
        System.arraycopy(ByteBuffer.allocate(4).putInt(572662306).array(), 0, bArr, 26, 4);
        bArr[30] = 4;
        bArr[31] = 4;
        bArr[32] = 1;
        bArr[33] = 2;
        bArr[34] = 3;
        bArr[35] = 2;
        bArr[36] = 5;
        bArr[37] = 1;
        byte[] eCPubKeyData = TKeyStore.get().getECPubKeyData(getTrustKeyLabel(str));
        bArr[38] = ClientAnswerCode.KEY_READ_ERROR;
        bArr[39] = 6;
        System.arraycopy(eCPubKeyData, 0, bArr, 40, eCPubKeyData.length);
        int length = 40 + eCPubKeyData.length;
        byte[] hexStringToBytes = ByteTools.hexStringToBytes("04007979386f0484c946c7ab1282c3108d5bdbc8554e88b342755e80611b5893025550d554c313d3782d84cb37a5dafa9acfd1b91384b8360aed92a776f33337ac");
        bArr[length] = ClientAnswerCode.KEY_READ_ERROR;
        int i = length + 1;
        bArr[i] = 7;
        int i2 = i + 1;
        System.arraycopy(hexStringToBytes, 0, bArr, i2, hexStringToBytes.length);
        int length2 = i2 + hexStringToBytes.length;
        bArr[length2] = 7;
        int i3 = length2 + 1;
        bArr[i3] = 8;
        int i4 = i3 + 1;
        System.arraycopy(new byte[6], 0, bArr, i4, 6);
        int i5 = i4 + 6;
        byte[] bytes = "FAW00000020000005".getBytes();
        bArr[i5] = 18;
        int i6 = i5 + 1;
        bArr[i6] = 9;
        int i7 = i6 + 1;
        System.arraycopy(bytes, 0, bArr, i7, bytes.length);
        int length3 = i7 + bytes.length;
        bArr[length3] = 7;
        int i8 = length3 + 1;
        bArr[i8] = 10;
        int i9 = i8 + 1;
        System.arraycopy(new byte[6], 0, bArr, i9, 6);
        int i10 = i9 + 6;
        bArr[i10] = 7;
        int i11 = i10 + 1;
        bArr[i11] = 11;
        int i12 = i11 + 1;
        System.arraycopy(new byte[6], 0, bArr, i12, 6);
        int i13 = i12 + 6;
        bArr[i13] = 3;
        int i14 = i13 + 1;
        bArr[i14] = 12;
        int i15 = i14 + 1;
        System.arraycopy(ByteBuffer.allocate(2).putShort((short) 21845).array(), 0, bArr, i15, 2);
        int i16 = i15 + 2;
        bArr[i16] = 73;
        int i17 = i16 + 1;
        bArr[i17] = -1;
        int i18 = i17 + 1;
        System.arraycopy(new byte[72], 0, bArr, i18, 72);
        return Arrays.copyOfRange(bArr, 0, i18 + 72);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public byte[] makeFakeSessionPacket(String str, TAResponse tAResponse) {
        short s;
        short s2;
        byte[] bArr = tAResponse.data;
        if (bArr[2] == 2) {
            s = ByteBuffer.wrap(bArr, 5, 2).getShort();
            s2 = 7;
        } else {
            s = bArr[4];
            s2 = 5;
        }
        int i = s + s2;
        Arrays.copyOfRange(bArr, (int) s2, i);
        int i2 = i + 1 + 1;
        int i3 = i2 + 65;
        Arrays.copyOfRange(bArr, i2, i3);
        int i4 = i3 + 1 + 1;
        int i5 = i4 + 16;
        Arrays.copyOfRange(bArr, i4, i5);
        int i6 = i5 + 1;
        int i7 = bArr[i6];
        int i8 = i6 + 1;
        int i9 = i8 + i7;
        TKeyStore.get().verifyWithECDSA(getTrustKeyLabel(str), Arrays.copyOfRange(bArr, 0, (i9 - i7) - 2), Arrays.copyOfRange(bArr, i8, i9));
        byte[] bArr2 = new byte[512];
        bArr2[0] = 1;
        bArr2[1] = 2;
        System.arraycopy(ByteBuffer.allocate(2).putShort((short) 0).array(), 0, bArr2, 2, 2);
        byte[] convertToUncompressedPoint = TKeyStore.get().convertToUncompressedPoint((ECPublicKey) TKeyStore.get().genEphemeralECKeyPair().getPublic());
        bArr2[4] = 2;
        bArr2[5] = 65;
        System.arraycopy(convertToUncompressedPoint, 0, bArr2, 6, 65);
        bArr2[71] = 3;
        bArr2[72] = 16;
        System.arraycopy(new byte[16], 0, bArr2, 73, 16);
        byte[] signWithECDSA = TKeyStore.get().signWithECDSA("testveh_xprivkey", Arrays.copyOfRange(bArr2, 0, 89));
        bArr2[89] = 4;
        bArr2[90] = (byte) signWithECDSA.length;
        System.arraycopy(signWithECDSA, 0, bArr2, 91, signWithECDSA.length);
        return Arrays.copyOfRange(bArr2, 0, 91 + signWithECDSA.length);
    }

    protected byte[] onEvent(int i, byte[] bArr) {
        try {
            return handleEvent(i, bArr);
        } catch (Exception e2) {
            StringBuilder Y = a.Y("onEvent error: ");
            Y.append(e2.toString());
            Log.e(TAG, Y.toString());
            return null;
        }
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public int registerSessionInfo(String str, SessionInfo sessionInfo) {
        byte[] bArr;
        byte[] bArr2;
        byte[] bArr3;
        if (str == null || sessionInfo == null || (bArr = sessionInfo.crnd) == null || (bArr2 = sessionInfo.trnd) == null || sessionInfo.kicc == null || sessionInfo.kifd == null) {
            return -1;
        }
        byte[] bArr4 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr4, 0, bArr.length);
        byte[] bArr5 = sessionInfo.trnd;
        System.arraycopy(bArr5, 0, bArr4, sessionInfo.crnd.length, bArr5.length);
        byte[] bArr6 = sessionInfo.kifd;
        byte[] bArr7 = new byte[bArr6.length + sessionInfo.kicc.length + 4];
        System.arraycopy(bArr6, 0, bArr7, 0, bArr6.length);
        byte[] bArr8 = sessionInfo.kicc;
        System.arraycopy(bArr8, 0, bArr7, sessionInfo.kifd.length, bArr8.length);
        System.arraycopy(new byte[]{0, 0, 0, 1}, 0, bArr7, sessionInfo.kicc.length + sessionInfo.kifd.length, 4);
        try {
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(bArr7);
            int i = sessionInfo.sessionSize;
            if (i == 128) {
                bArr3 = Arrays.copyOfRange(digest, 16, digest.length);
            } else {
                if (i != 256) {
                    return -2;
                }
                bArr3 = digest;
            }
            return nativeRegisterSession(this.mNativeHandle, str, bArr3, bArr4);
        } catch (NoSuchAlgorithmException unused) {
            Log.e(TAG, "Failed to register session info");
            return -2;
        }
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public TAResponse requestAuth(String str) {
        TAResponse tAResponse = new TAResponse();
        byte[] nativeRequestAuth = nativeRequestAuth(this.mNativeHandle, str);
        if (nativeRequestAuth == null) {
            tAResponse.code = -1;
            return tAResponse;
        }
        tAResponse.code = ByteBuffer.wrap(Arrays.copyOfRange(nativeRequestAuth, 0, 4)).getInt();
        tAResponse.data = Arrays.copyOfRange(nativeRequestAuth, 4, nativeRequestAuth.length);
        return tAResponse;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public TAResponse requestAuthWithCertificate(String str) {
        TAResponse tAResponse = new TAResponse();
        tAResponse.code = -1;
        Constants.IngeekCertificateType ingeekCertificateType = Constants.IngeekCertificateType.Device;
        byte[] certDER = getCertDER(getCertificateAlias(str, ingeekCertificateType));
        if (certDER == null) {
            tAResponse.code = -6;
            tAResponse.message = "failed to get device cert data";
            return tAResponse;
        }
        byte[] bArr = new byte[1];
        if (verifyCertificate(str, ingeekCertificateType, certDER, bArr) < 0) {
            tAResponse.code = -3;
            StringBuilder Y = a.Y("verify device cert failed, errCode: ");
            Y.append((int) bArr[0]);
            tAResponse.message = Y.toString();
            StringBuilder Y2 = a.Y("verify device cert failed, errCode: ");
            Y2.append((int) bArr[0]);
            Log.e(TAG, Y2.toString());
            return tAResponse;
        }
        Constants.IngeekCertificateType ingeekCertificateType2 = Constants.IngeekCertificateType.Vehicle;
        byte[] certDER2 = getCertDER(getCertificateAlias(str, ingeekCertificateType2));
        if (certDER2 == null) {
            tAResponse.code = -6;
            tAResponse.message = "failed to get vehicle cert data";
            return tAResponse;
        }
        if (verifyCertificate(str, ingeekCertificateType2, certDER2, bArr) < 0) {
            tAResponse.code = -3;
            StringBuilder Y3 = a.Y("verify vehicle cert failed, errCode: ");
            Y3.append((int) bArr[0]);
            tAResponse.message = Y3.toString();
            StringBuilder Y4 = a.Y("verify vehicle cert failed, errCode: ");
            Y4.append((int) bArr[0]);
            Log.e(TAG, Y4.toString());
            return tAResponse;
        }
        LinkInfo link = getLink(str);
        if (link == null) {
            tAResponse.code = -2;
            tAResponse.message = a.D("no linkinfo for ", str);
            return tAResponse;
        }
        KeyPair genEphemeralECKeyPair = TKeyStore.get().genEphemeralECKeyPair();
        if (genEphemeralECKeyPair == null) {
            tAResponse.code = -13;
            tAResponse.message = "failed to gen tmp keypair";
            return tAResponse;
        }
        link.setLocalKeyPair(genEphemeralECKeyPair);
        byte[] certFingerprint = getCertFingerprint(getCertificateAlias(str, ingeekCertificateType));
        if (certFingerprint == null) {
            tAResponse.code = -2;
            tAResponse.message = "failed to getCertFingerprint device";
            return tAResponse;
        }
        byte[] convertToUncompressedPoint = TKeyStore.get().convertToUncompressedPoint((ECPublicKey) genEphemeralECKeyPair.getPublic());
        if (convertToUncompressedPoint == null) {
            tAResponse.code = -2;
            tAResponse.message = "failed to convertToUncompressedPoint";
            return tAResponse;
        }
        byte[] bArr2 = new byte[certFingerprint.length + convertToUncompressedPoint.length];
        System.arraycopy(certFingerprint, 0, bArr2, 0, certFingerprint.length);
        System.arraycopy(convertToUncompressedPoint, 0, bArr2, certFingerprint.length, convertToUncompressedPoint.length);
        byte[] signWithECDSA = TKeyStore.get().signWithECDSA(getPrivateKeyAlias(str, ingeekCertificateType), bArr2);
        if (signWithECDSA == null) {
            tAResponse.code = -14;
            tAResponse.message = "failed to sign data";
            return tAResponse;
        }
        byte[] composeAuthPacket = composeAuthPacket(certFingerprint, convertToUncompressedPoint, signWithECDSA);
        if (composeAuthPacket == null) {
            tAResponse.code = -15;
            tAResponse.message = "failed to compose packet";
            return tAResponse;
        }
        tAResponse.code = 0;
        tAResponse.data = composeAuthPacket;
        return tAResponse;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public TAResponse requestAuthWithSERootCertificate(String str) {
        TAResponse tAResponse = new TAResponse();
        tAResponse.code = -1;
        Constants.IngeekCertificateType ingeekCertificateType = Constants.IngeekCertificateType.SeRoot;
        byte[] certDER = getCertDER(getCertificateAlias(str, ingeekCertificateType));
        if (certDER == null) {
            tAResponse.code = -6;
            tAResponse.message = "failed to get seroot cert data";
            return tAResponse;
        }
        byte[] bArr = new byte[1];
        if (verifyCertificate(str, ingeekCertificateType, certDER, bArr) < 0) {
            tAResponse.code = -3;
            StringBuilder Y = a.Y("verify seroot cert failed, errCode: ");
            Y.append((int) bArr[0]);
            tAResponse.message = Y.toString();
            StringBuilder Y2 = a.Y("verify seroot cert failed, errCode: ");
            Y2.append((int) bArr[0]);
            Log.e(TAG, Y2.toString());
            return tAResponse;
        }
        LinkInfo link = getLink(str);
        if (link == null) {
            tAResponse.code = -2;
            tAResponse.message = a.D("no linkinfo for ", str);
            return tAResponse;
        }
        KeyPair genEphemeralECKeyPair = TKeyStore.get().genEphemeralECKeyPair();
        if (genEphemeralECKeyPair == null) {
            tAResponse.code = -13;
            tAResponse.message = "failed to gen tmp keypair";
            return tAResponse;
        }
        link.setLocalKeyPair(genEphemeralECKeyPair);
        String certificateAlias = getCertificateAlias(str, ingeekCertificateType);
        String privateKeyAlias = getPrivateKeyAlias(str, ingeekCertificateType);
        byte[] convertToUncompressedPoint = TKeyStore.get().convertToUncompressedPoint((ECPublicKey) genEphemeralECKeyPair.getPublic());
        byte[] composeAuthSERootPacket = composeAuthSERootPacket(getCertDER(certificateAlias), convertToUncompressedPoint, TKeyStore.get().signWithECDSA(privateKeyAlias, convertToUncompressedPoint));
        if (composeAuthSERootPacket == null) {
            tAResponse.code = -15;
            tAResponse.message = "failed to compose packet";
            return tAResponse;
        }
        tAResponse.code = 0;
        tAResponse.data = composeAuthSERootPacket;
        return tAResponse;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public TAResponse requestCSR(String str, Constants.IngeekCertificateType ingeekCertificateType, CertificateInfo certificateInfo) {
        TAResponse tAResponse = new TAResponse();
        tAResponse.data = null;
        tAResponse.code = -1;
        if (ingeekCertificateType != Constants.IngeekCertificateType.Device && ingeekCertificateType != Constants.IngeekCertificateType.SeRoot) {
            tAResponse.code = -2;
            StringBuilder Y = a.Y("wrong key type for csr, type: ");
            Y.append(ingeekCertificateType.getType());
            tAResponse.message = Y.toString();
            return tAResponse;
        }
        if (certificateInfo == null) {
            tAResponse.code = -2;
            tAResponse.message = "null info parameter";
            return tAResponse;
        }
        if (certificateInfo.commonName == null) {
            tAResponse.code = -2;
            tAResponse.message = "null commonName";
            return tAResponse;
        }
        if (certificateInfo.country == null) {
            certificateInfo.country = "CN";
        }
        if (certificateInfo.organization == null) {
            certificateInfo.organization = "default";
        }
        if (certificateInfo.organizationUnit == null) {
            certificateInfo.organizationUnit = "default";
        }
        LinkedList linkedList = new LinkedList();
        linkedList.add(new SubjectItem("O", certificateInfo.organization));
        linkedList.add(new SubjectItem("OU", certificateInfo.organizationUnit));
        linkedList.add(new SubjectItem("CN", certificateInfo.commonName));
        linkedList.add(new SubjectItem("C", certificateInfo.country));
        String privateKeyAlias = getPrivateKeyAlias(str, ingeekCertificateType);
        TKeyStore.get().genECKeyPair(privateKeyAlias);
        byte[] eCPubKeyData = TKeyStore.get().getECPubKeyData(privateKeyAlias);
        if (eCPubKeyData == null) {
            tAResponse.code = -16;
            tAResponse.message = "getECPubKeyData failed";
            return tAResponse;
        }
        byte[] nativeCreateCSR = nativeCreateCSR(this.mNativeHandle, str, ingeekCertificateType.getType(), linkedList, eCPubKeyData);
        if (nativeCreateCSR != null) {
            tAResponse.data = nativeCreateCSR;
            tAResponse.code = 0;
        } else {
            tAResponse.code = -17;
            tAResponse.message = "nativeCreateCSR failed";
        }
        return tAResponse;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public TAResponse requestSession(String str, byte[] bArr) {
        TAResponse tAResponse = new TAResponse();
        byte[] nativeRequestSession = nativeRequestSession(this.mNativeHandle, str, bArr);
        if (nativeRequestSession == null) {
            tAResponse.code = -1;
            return tAResponse;
        }
        tAResponse.code = ByteBuffer.wrap(Arrays.copyOfRange(nativeRequestSession, 0, 4)).getInt();
        tAResponse.data = Arrays.copyOfRange(nativeRequestSession, 4, nativeRequestSession.length);
        return tAResponse;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public TAResponse requestSessionWithCertificate(String str, byte[] bArr) {
        TAResponse tAResponse = new TAResponse();
        tAResponse.code = -1;
        SessionPacket parseRemoteSessionPacket = parseRemoteSessionPacket(bArr);
        if (parseRemoteSessionPacket == null) {
            tAResponse.code = -9;
            tAResponse.message = "failed to parse packet";
            return tAResponse;
        }
        byte[] bArr2 = new byte[71];
        System.arraycopy(parseRemoteSessionPacket.fp, 0, bArr2, 0, 6);
        System.arraycopy(parseRemoteSessionPacket.pubKey, 0, bArr2, 6, 65);
        if (!TKeyStore.get().verifyWithECDSA(getCertificateAlias(str, Constants.IngeekCertificateType.Vehicle), bArr2, parseRemoteSessionPacket.sign)) {
            tAResponse.code = -11;
            tAResponse.message = "failed to verify packet signature";
            return tAResponse;
        }
        if (storeRemoteTmpECPublicKey(str, parseRemoteSessionPacket.pubKey) >= 0) {
            tAResponse.code = 0;
            return tAResponse;
        }
        tAResponse.code = -10;
        tAResponse.message = "failed to store remote pubkey";
        return tAResponse;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public TAResponse requestSessionWithSERootCertificate(String str, byte[] bArr) {
        TAResponse tAResponse = new TAResponse();
        tAResponse.code = -1;
        LinkInfo link = getLink(str);
        if (link == null) {
            tAResponse.code = -2;
            tAResponse.message = a.D("no linkinfo for ", str);
            return tAResponse;
        }
        SessionSERootPacket decomposeSessionSERootPacket = decomposeSessionSERootPacket(bArr);
        if (decomposeSessionSERootPacket == null) {
            tAResponse.code = -9;
            tAResponse.message = "failed to decompose packet";
            return tAResponse;
        }
        if (storeRemoteTmpECPublicKey(str, decomposeSessionSERootPacket.pubKey2) < 0) {
            tAResponse.code = -10;
            tAResponse.message = "failed to store remote pubkey";
            return tAResponse;
        }
        byte[] decryptSessionSERootPubKey = decryptSessionSERootPubKey(link, decomposeSessionSERootPacket.pubKey1);
        if (decryptSessionSERootPubKey == null) {
            tAResponse.code = -7;
            tAResponse.message = "failed to decrypt pubkey";
            return tAResponse;
        }
        if (verifySessionSERootSignature(link, decryptSessionSERootPubKey, decomposeSessionSERootPacket.pubKey1, decomposeSessionSERootPacket.pubKey2, decomposeSessionSERootPacket.sign)) {
            tAResponse.code = 0;
            return tAResponse;
        }
        tAResponse.code = -11;
        tAResponse.message = "failed to verify packet signature";
        return tAResponse;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public IngeekReturnValue<byte[]> signDataWithTrustKey(String str, byte[] bArr) {
        return encryptDataWithTrustKey(str, Constants.Algorithm.ALGORITHM_AES128_CBC_HMACSHA256_80, bArr, true);
    }

    /* JADX WARN: Type inference failed for: r10v2, types: [T, byte[]] */
    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public IngeekReturnValue<byte[]> startAuthWithTrustKey(String str, int i) {
        IngeekReturnValue<byte[]> ingeekReturnValue = new IngeekReturnValue<>();
        ingeekReturnValue.value = null;
        ingeekReturnValue.code = -1;
        String trustKeyLabel = getTrustKeyLabel(str);
        if (trustKey(str) == null) {
            ingeekReturnValue.code = -2;
            return ingeekReturnValue;
        }
        TrustLinkInfo trustLink = getTrustLink(str);
        if (trustLink == null) {
            ingeekReturnValue.code = -2;
            return ingeekReturnValue;
        }
        KeyPair genEphemeralECKeyPair = TKeyStore.get().genEphemeralECKeyPair();
        if (genEphemeralECKeyPair == null) {
            ingeekReturnValue.code = -13;
            return ingeekReturnValue;
        }
        trustLink.setLocalKeyPair(genEphemeralECKeyPair);
        byte[] convertToUncompressedPoint = TKeyStore.get().convertToUncompressedPoint((ECPublicKey) genEphemeralECKeyPair.getPublic());
        if (convertToUncompressedPoint == null) {
            ingeekReturnValue.code = -2;
            return ingeekReturnValue;
        }
        byte[] nativeGetTrustKey = nativeGetTrustKey(this.mNativeHandle, str);
        if (nativeGetTrustKey == null) {
            ingeekReturnValue.code = -2;
            return ingeekReturnValue;
        }
        byte[] copyOf = i == 1 ? Arrays.copyOf(TKeyStore.get().sha256(nativeGetTrustKey), 6) : null;
        byte[] bArr = new byte[16];
        new Random().nextBytes(bArr);
        trustLink.setNa(bArr);
        ?? buildTrustKeyAuthRequest = buildTrustKeyAuthRequest(i, i == 1 ? copyOf : nativeGetTrustKey, convertToUncompressedPoint, bArr, trustKeyLabel);
        if (buildTrustKeyAuthRequest == 0) {
            ingeekReturnValue.code = -15;
            return ingeekReturnValue;
        }
        ingeekReturnValue.value = buildTrustKeyAuthRequest;
        ingeekReturnValue.code = 0;
        return ingeekReturnValue;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public TAResponse storeCertificate(String str, Constants.IngeekCertificateType ingeekCertificateType, byte[] bArr) {
        TAResponse tAResponse = new TAResponse();
        tAResponse.data = null;
        tAResponse.code = -1;
        String certificateAlias = getCertificateAlias(str, ingeekCertificateType);
        if (loadCertificate(certificateAlias, bArr) < 0) {
            tAResponse.code = -4;
            tAResponse.message = a.D("loadCertificate failed, keyId: ", certificateAlias);
            return tAResponse;
        }
        if (ingeekCertificateType == Constants.IngeekCertificateType.SeRoot || ingeekCertificateType == Constants.IngeekCertificateType.Device || ingeekCertificateType == Constants.IngeekCertificateType.Vehicle) {
            byte[] certDER = getCertDER(certificateAlias);
            byte[] bArr2 = new byte[1];
            if (verifyCertificate(str, ingeekCertificateType, certDER, bArr2) < 0) {
                tAResponse.code = -3;
                StringBuilder Y = a.Y("verify cert failed, type: ");
                Y.append(ingeekCertificateType.getType());
                Y.append(", errCode: ");
                Y.append((int) bArr2[0]);
                tAResponse.message = Y.toString();
                StringBuilder Y2 = a.Y("verify cert failed, type: ");
                Y2.append(ingeekCertificateType.getType());
                Y2.append(", errCode: ");
                Y2.append((int) bArr2[0]);
                Log.e(TAG, Y2.toString());
            } else {
                tAResponse.code = 0;
            }
        } else {
            tAResponse.code = 0;
        }
        return tAResponse;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public int storeKey(String str, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        if (TextUtils.isEmpty(str) || bArr == null || bArr2 == null || bArr3 == null || WrappedKeyHeader.fromBytes(bArr3) == null) {
            return -9801;
        }
        int length = bArr3.length - WrappedKeyHeader.headerSize();
        byte[] bArr4 = new byte[length];
        System.arraycopy(bArr3, WrappedKeyHeader.headerSize(), bArr4, 0, length);
        int i = -1;
        try {
            if (this.securityTA.importWrappedKey(str, bArr4)) {
                i = 0;
            }
        } catch (Exception e2) {
            StringBuilder Y = a.Y("store key failed: ");
            Y.append(e2.toString());
            Log.e(TAG, Y.toString());
        }
        if (i != 0) {
            return i;
        }
        if (bArr3.length < WrappedKeyHeader.headerSize()) {
            return -2;
        }
        return nativeStoreKey(this.mNativeHandle, str, bArr, bArr2, Arrays.copyOfRange(bArr3, 0, WrappedKeyHeader.headerSize()));
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public int storeTrustKey(String str, byte[] bArr) {
        if (IngeekTrustKey.parseTrustKey(bArr) == null) {
            return -20;
        }
        return nativeStoreTrustKey(this.mNativeHandle, str, bArr) < 0 ? -21 : 0;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public IngeekTrustKey trustKey(String str) {
        byte[] nativeGetTrustKey = nativeGetTrustKey(this.mNativeHandle, str);
        if (nativeGetTrustKey == null) {
            return null;
        }
        return IngeekTrustKey.parseTrustKey(nativeGetTrustKey);
    }

    /* JADX WARN: Type inference failed for: r4v3, types: [T, byte[]] */
    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public IngeekReturnValue<byte[]> trustKeyFingerprint(String str) {
        IngeekReturnValue<byte[]> ingeekReturnValue = new IngeekReturnValue<>();
        ingeekReturnValue.code = 0;
        byte[] nativeGetTrustKey = nativeGetTrustKey(this.mNativeHandle, str);
        if (nativeGetTrustKey == null) {
            ingeekReturnValue.code = -1;
            return ingeekReturnValue;
        }
        ingeekReturnValue.value = Arrays.copyOf(TKeyStore.get().sha256(nativeGetTrustKey), 6);
        return ingeekReturnValue;
    }

    @Override // com.ingeek.nokeeu.security.SecurityEngine
    public int verifySession(String str, byte[] bArr) {
        return nativeVerifySession(this.mNativeHandle, str, bArr);
    }
}
