package h.e0.a.q;

import android.text.TextUtils;
import android.util.Base64;
import com.google.gson.Gson;
import com.google.gson.JsonSyntaxException;
import com.google.gson.annotations.SerializedName;
import com.privacy.azerothprivacy.AzerothPrivacy;
import com.privacy.azerothprivacy.exception.AzerothException;
import com.xiaomi.mipush.sdk.Constants;
import h.p.c.a.a.d;
import h.y.m1.f;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECPrivateKeySpec;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;

/* loaded from: classes6.dex */
public class b {
    public static final Gson a = new Gson();
    public static final b b = new b();

    /* loaded from: classes6.dex */
    public static class a {

        @SerializedName("UID")
        public long a;

        @SerializedName("DeviceID")
        public long b;

        /* renamed from: c, reason: collision with root package name */
        @SerializedName("KeyVersion")
        public long f35267c;

        /* renamed from: d, reason: collision with root package name */
        @SerializedName("ExpectExpiryTime")
        public long f35268d;

        /* renamed from: e, reason: collision with root package name */
        @SerializedName("ServerSignature")
        public String f35269e;

        @SerializedName("ServerCert")
        public String f;

        /* renamed from: g, reason: collision with root package name */
        @SerializedName("Http_code")
        public long f35270g;
    }

    /* JADX WARN: Removed duplicated region for block: B:32:0x00e1  */
    /* JADX WARN: Removed duplicated region for block: B:44:? A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void a() {
        /*
            Method dump skipped, instructions count: 270
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: h.e0.a.q.b.a():void");
    }

    public final String b(String str, String str2) {
        return h.c.a.a.a.D(str, Constants.ACCEPT_TIME_SEPARATOR_SERVER, str2);
    }

    public h.e0.a.q.a c() {
        Map<String, String> debugData;
        if (AzerothPrivacy.getAppInfo().a()) {
            return null;
        }
        String str = AzerothPrivacy.getAppInfo().f35200e;
        long c2 = h.e0.a.p.a.b(AzerothPrivacy.getAppContext()).c(b(str, "device_sign_key_version"));
        if (c2 == 0) {
            return null;
        }
        String d2 = h.e0.a.p.a.b(AzerothPrivacy.getAppContext()).d(b(str, "device_sign_key"));
        if (TextUtils.isEmpty(d2)) {
            return null;
        }
        try {
            try {
                return new h.e0.a.q.a(KeyFactory.getInstance("EC").generatePrivate(new ECPrivateKeySpec(new BigInteger(Base64.decode(d2, 2)), d.a)), c2, h.e0.a.p.a.b(AzerothPrivacy.getAppContext()).c(b(str, "device_sign_key_expire_time")));
            } catch (Exception e2) {
                Map<String, String> g1 = f.g1();
                f.n3("AzerothPrivacyError", "restore private key error", e2);
                if (h.e0.a.k.a.a != null && !f.V1(e2)) {
                    if ((e2 instanceof AzerothException) && (debugData = ((AzerothException) e2).getDebugData()) != null) {
                        for (Map.Entry<String, String> entry : debugData.entrySet()) {
                            if (g1.get(entry.getKey()) == null) {
                                g1.put(entry.getKey(), entry.getValue());
                            }
                        }
                    }
                    Objects.requireNonNull((h.y.j.b) h.e0.a.k.a.a);
                    h.a.p1.a.c.B(e2, "restore private key error", g1);
                }
                return null;
            }
        } catch (Exception unused) {
        }
    }

    public final void d() throws Exception {
        String str = AzerothPrivacy.getAppInfo().f35200e;
        String b2 = b(str, "device_sign_key");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(new ECGenParameterSpec("secp256r1"));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        h.e0.a.p.a.b(AzerothPrivacy.getAppContext()).f(b2, Base64.encodeToString(((ECPrivateKey) generateKeyPair.getPrivate()).getS().toByteArray(), 2));
        ECPublicKey eCPublicKey = (ECPublicKey) generateKeyPair.getPublic();
        byte[] byteArray = eCPublicKey.getW().getAffineX().toByteArray();
        byte[] byteArray2 = eCPublicKey.getW().getAffineY().toByteArray();
        byte[] bArr = new byte[64];
        System.arraycopy(byteArray, byteArray.length > 32 ? byteArray.length - 32 : 0, bArr, byteArray.length < 32 ? 32 - byteArray.length : 0, Math.min(byteArray.length, 32));
        System.arraycopy(byteArray2, byteArray2.length > 32 ? byteArray2.length - 32 : 0, bArr, (byteArray2.length < 32 ? 32 - byteArray2.length : 0) + 32, Math.min(byteArray2.length, 32));
        ByteBuffer order = ByteBuffer.allocate(80).order(ByteOrder.LITTLE_ENDIAN);
        order.put(bArr);
        order.putLong(Long.parseLong(str));
        order.putLong(Long.parseLong(AzerothPrivacy.getAppInfo().f35199d));
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(generateKeyPair.getPrivate());
        signature.update(order.array());
        byte[] sign = signature.sign();
        HashMap hashMap = new HashMap();
        hashMap.put("UID", Long.valueOf(Long.parseLong(str)));
        hashMap.put("DeviceID", Long.valueOf(Long.parseLong(AzerothPrivacy.getAppInfo().f35199d)));
        hashMap.put("ProtoVersion", 20241009);
        hashMap.put("ClientPK", Base64.encodeToString(bArr, 2));
        hashMap.put("ClientSignature", Base64.encodeToString(sign, 2));
        hashMap.put("PriorCertVersion", Long.valueOf(h.e0.a.j.f.b.a(AzerothPrivacy.getAppContext()).getSerialNumber().longValue()));
        StringBuilder sb = new StringBuilder();
        sb.append("update device sign key req: ");
        Gson gson = a;
        sb.append(gson.toJson(hashMap));
        f.l3("DeviceSignKeyManager", sb.toString());
        String e2 = f.C1().e(AzerothPrivacy.getSdkConfig().b.b, gson.toJson(hashMap).getBytes(StandardCharsets.UTF_8), false, "application/json", true);
        h.c.a.a.a.U3("update device sign key resp: ", e2, "DeviceSignKeyManager");
        try {
            a aVar = (a) gson.fromJson(e2, a.class);
            try {
                if (!e(aVar)) {
                    throw new AzerothException("invalid resp sign", new h.e0.a.r.b("resp", e2));
                }
                h.e0.a.p.a.b(AzerothPrivacy.getAppContext()).e(b(str, "device_sign_key_expire_time"), aVar.f35268d);
                h.e0.a.p.a.b(AzerothPrivacy.getAppContext()).e(b(str, "device_sign_key_version"), aVar.f35267c);
            } catch (Exception e3) {
                throw new AzerothException("verify resp sign", e3, new h.e0.a.r.b("resp", e2));
            }
        } catch (JsonSyntaxException e4) {
            throw new AzerothException("json format", e4, new h.e0.a.r.b("resp", e2));
        }
    }

    public final boolean e(a aVar) throws GeneralSecurityException {
        byte[] decode = Base64.decode(aVar.f, 0);
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decode));
            x509Certificate.verify(h.e0.a.j.f.b.a(AzerothPrivacy.getAppContext()).getPublicKey());
            ByteBuffer order = ByteBuffer.allocate(decode.length + 8 + 8).order(ByteOrder.LITTLE_ENDIAN);
            order.put(decode);
            order.putLong(aVar.f35267c);
            order.putLong(aVar.f35268d);
            byte[] decode2 = Base64.decode(aVar.f35269e, 0);
            byte[] array = order.array();
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initVerify(x509Certificate.getPublicKey());
            signature.update(array);
            return signature.verify(decode2);
        } catch (CertificateException unused) {
            return false;
        }
    }
}
