package cafebabe;

import android.text.TextUtils;
import androidx.annotation.NonNull;
import com.huawei.iotplatform.security.common.util.CommonUtil;
import com.huawei.iotplatform.security.common.util.KeyDerivationUtils;
import com.huawei.iotplatform.security.common.util.LogUtil;
import com.huawei.iotplatform.security.common.util.PakeType;
import com.huawei.iotplatform.security.common.util.PakeUtils;
import com.huawei.iotplatform.security.pin.openapi.exception.NegotiateException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class vob extends o7c {
    public static final byte[] q = CommonUtil.stringToBytes("hichain_return_key");
    public static final byte[] r = CommonUtil.stringToBytes("hichain_speke_base_info");
    public static final byte[] s = CommonUtil.stringToBytes("hichain_speke_sessionkey_info");
    public String g;
    public byte[] h;
    public byte[] i;
    public byte[] j;
    public byte[] k;
    public byte[] l;
    public byte[] m;
    public int n;
    public byte[] o;
    public PakeUtils p;

    public vob(@NonNull gic gicVar, @NonNull fic ficVar, boolean z) {
        super(gicVar, ficVar);
        this.o = new byte[16];
        this.n = 0;
        this.f7898a = new uob(z);
        this.p = new PakeUtils();
    }

    public final void A(JSONObject jSONObject) throws NegotiateException {
        try {
            this.m = CommonUtil.toBytesFromHex(jSONObject.getString("challenge"));
            byte[] bytesFromHex = CommonUtil.toBytesFromHex(jSONObject.getString("kcfData"));
            this.l = CommonUtil.toBytesFromHex(jSONObject.getString("epk"));
            z();
            t(bytesFromHex);
            v();
            byte[] s2 = s(this.k, this.m);
            JSONObject jSONObject2 = new JSONObject();
            try {
                jSONObject2.put("kcfData", CommonUtil.toHexString(s2));
                k(32770, jSONObject2);
                this.k = CommonUtil.concatenateAll(this.k, this.m);
            } catch (JSONException unused) {
                throw new NegotiateException(1, "cannot generate server confirmation data");
            }
        } catch (JSONException unused2) {
            throw new NegotiateException(-268435445, "send server confirm bad payload in passThrough data");
        }
    }

    public final void B() throws NegotiateException {
        JSONObject jSONObject = new JSONObject();
        try {
            jSONObject.put("version", p());
            jSONObject.put("operationCode", com.huawei.iotplatform.security.pin.core.c.AUTH_KEY_AGREEMENT.a());
            jSONObject.put("support256mod", true);
            k(1, jSONObject);
        } catch (JSONException unused) {
            throw new NegotiateException(1, "cannot generate PAKE request data");
        }
    }

    public final void C(JSONObject jSONObject) throws NegotiateException {
        try {
            t(CommonUtil.toBytesFromHex(jSONObject.getString("kcfData")));
            v();
            this.k = CommonUtil.concatenateAll(this.k, this.m);
            this.f7898a.g();
        } catch (JSONException unused) {
            throw new NegotiateException(-268435445, "verify server confirm bad payload in pass through data");
        }
    }

    @Override // cafebabe.o7c
    public void b() {
        super.b();
        CommonUtil.clearBytes(this.j);
        CommonUtil.clearBytes(this.i);
        CommonUtil.clearBytes(this.o);
        CommonUtil.clearBytes(this.h);
        CommonUtil.clearBytes(this.k);
    }

    @Override // cafebabe.o7c
    public void c(int i, @NonNull JSONObject jSONObject) throws NegotiateException {
        if (i == 1) {
            y(jSONObject);
            return;
        }
        if (i == 2) {
            A(jSONObject);
            if (!this.f7898a.f()) {
                return;
            }
        } else {
            if (i == 32769) {
                w(jSONObject);
                return;
            }
            if (i != 32770) {
                if (i != 32896) {
                    return;
                }
                l(jSONObject);
                return;
            } else {
                C(jSONObject);
                if (!this.f7898a.f()) {
                    return;
                }
            }
        }
        j(0);
    }

    @Override // cafebabe.o7c
    public void n() throws NegotiateException {
        B();
    }

    public void r(@NonNull String str) {
        this.g = str;
    }

    public final byte[] s(byte[] bArr, byte[] bArr2) throws NegotiateException {
        try {
            return KeyDerivationUtils.hmac(this.o, CommonUtil.concatenateAll(bArr, bArr2));
        } catch (InvalidKeyException unused) {
            throw new NegotiateException(-268435444, "KCF error : invalid key");
        } catch (NoSuchAlgorithmException unused2) {
            throw new NegotiateException(-268435444, "no support for KCF");
        }
    }

    public final void t(byte[] bArr) throws NegotiateException {
        if (!Arrays.equals(s(this.m, this.k), bArr)) {
            throw new NegotiateException(1, "proof mismatch");
        }
    }

    public void u(int i) {
        if (i < 0) {
            i = 0;
        } else if (i > 1024) {
            this.n = 1024;
            return;
        }
        this.n = i;
    }

    public final void v() throws NegotiateException {
        try {
            int i = this.n;
            if (i > 0) {
                this.b = KeyDerivationUtils.hkdf(this.b, this.h, q, i);
            } else {
                LogUtil.error("TaskBase", "return key length invalid");
            }
        } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
            throw new NegotiateException(-268435445, "generate returned session key fail");
        }
    }

    public final void w(JSONObject jSONObject) throws NegotiateException {
        PakeUtils pakeUtils;
        PakeType pakeType;
        try {
            this.m = CommonUtil.toBytesFromHex(jSONObject.getString("challenge"));
            this.h = CommonUtil.toBytesFromHex(jSONObject.getString("salt"));
            byte[] bytesFromHex = CommonUtil.toBytesFromHex(jSONObject.getString("epk"));
            this.l = bytesFromHex;
            if (bytesFromHex.length <= 256) {
                LogUtil.info("TaskBase", "pake type is PAKE_256");
                pakeUtils = this.p;
                pakeType = PakeType.PAKE_256;
            } else {
                if (bytesFromHex.length > 384) {
                    LogUtil.error("TaskBase", "peer public param invalid");
                    throw new NegotiateException(-268435445, "peer public param invalid");
                }
                LogUtil.info("TaskBase", "pake type is PAKE_384");
                pakeUtils = this.p;
                pakeType = PakeType.PAKE_384;
            }
            pakeUtils.setPakeType(pakeType);
            d(jSONObject);
            this.k = CommonUtil.getRandomBytes(16);
            x();
            z();
            byte[] s2 = s(this.k, this.m);
            JSONObject jSONObject2 = new JSONObject();
            try {
                jSONObject2.put("challenge", CommonUtil.toHexString(this.k));
                jSONObject2.put("epk", CommonUtil.toHexString(this.i));
                jSONObject2.put("kcfData", CommonUtil.toHexString(s2));
                k(2, jSONObject2);
            } catch (JSONException unused) {
                throw new NegotiateException(1, "cannot generate client confirmation data");
            }
        } catch (JSONException unused2) {
            throw new NegotiateException(-268435445, "send client confirm bad payload in passThrough data");
        }
    }

    public final void x() throws NegotiateException {
        if (TextUtils.isEmpty(this.g)) {
            throw new NegotiateException(1, "lack PIN");
        }
        byte[] bArr = null;
        try {
            try {
                bArr = KeyDerivationUtils.hkdf(CommonUtil.stringToBytes(this.g), this.h, r, 32);
                byte[] computeSharedBase = this.p.computeSharedBase(bArr);
                byte[] randomBytes = CommonUtil.getRandomBytes(this.p.getPrivateParamLen());
                this.j = randomBytes;
                this.i = this.p.computePublicParameter(computeSharedBase, randomBytes);
            } catch (InvalidKeyException unused) {
                throw new NegotiateException(1, "PAKE error : invalid key");
            } catch (NoSuchAlgorithmException unused2) {
                throw new NegotiateException(-268435444, "PAKE is not supported");
            }
        } finally {
            CommonUtil.clearBytes(bArr);
        }
    }

    public final void y(JSONObject jSONObject) throws NegotiateException {
        o(jSONObject);
        if (this.h == null) {
            this.h = CommonUtil.getRandomBytes(16);
        }
        if (this.k == null) {
            this.k = CommonUtil.getRandomBytes(16);
        }
        x();
        JSONObject jSONObject2 = new JSONObject();
        try {
            jSONObject2.put("challenge", CommonUtil.toHexString(this.k));
            jSONObject2.put("salt", CommonUtil.toHexString(this.h));
            jSONObject2.put("epk", CommonUtil.toHexString(this.i));
            jSONObject2.put("version", p());
            k(32769, jSONObject2);
        } catch (JSONException unused) {
            throw new NegotiateException(1, "cannot generate pake response data");
        }
    }

    public final void z() throws NegotiateException {
        if (!this.p.isPublicKeyValid(this.l)) {
            throw new NegotiateException(1, "invalid peer public key");
        }
        byte[] computeSharedKey = this.p.computeSharedKey(this.j, this.l);
        byte[] bArr = null;
        try {
            try {
                bArr = KeyDerivationUtils.hkdf(computeSharedKey, this.h, s, 32);
                byte[] bArr2 = this.b;
                System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
                int length = this.b.length;
                byte[] bArr3 = this.o;
                System.arraycopy(bArr, length, bArr3, 0, bArr3.length);
            } catch (InvalidKeyException unused) {
                throw new NegotiateException(1, "HKDF error : invalid key");
            } catch (NoSuchAlgorithmException unused2) {
                throw new NegotiateException(-268435444, "no support for HKDF");
            }
        } finally {
            CommonUtil.clearBytes(computeSharedKey);
            CommonUtil.clearBytes(bArr);
        }
    }
}
