package com.huawei.signclient.hap.config;

import com.google.gson.Gson;
import com.huawei.signclient.hap.exception.HttpException;
import com.huawei.signclient.hap.response.DataFromSignCenter;
import com.huawei.signclient.hap.utils.DigestUtils;
import com.huawei.signclient.hap.utils.HttpUtils;
import com.huawei.signclient.hap.utils.ParamConstants;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:com/huawei/signclient/hap/config/RemoteSignerConfig.class */
public class RemoteSignerConfig extends SignerConfig {
    private static final Logger LOGGER = LogManager.getLogger((Class<?>) RemoteSignerConfig.class);
    private static final String ENCRYPTION_ALGORITHM = getEncryptionAlgorithmName();
    private static final int HTTP_NGINX_NETWORK_EXCEPTION = 504;
    private static final int MAX_HTTP_RETRY_TIMES = 3;
    private static final String ENCRYPY_PUBLIC_KEY = "MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAmAo258NNEEiSiEdlcCN/7DANClxtNYzhi+EpW4qd90tD7IGCifdgxA48G0v1QUmbmCHqQWdq3q/2MRa1DzlgBIw9PQ8dWmcGx94Ba2nS+89XCVbWzdMT1OwZfGMVfBqC2lYDq6+EFuTydnT4v3e9wAJvwpNfHoZNbmH35NY5iqcZAze+xn64ilDbeyXhINDID2xHHrIBQu3W+nTaUtamWLO5lUf84E/hK9+V1niI4JGIqw66expZNRLGszG0qx6YpxrW81zpZzqhnUeBFaoKEGYwMXFol+xfGriPNwnhUE9Fp2GOn3ZfC1R5liXDjyOwLMXM6tO3bJLIXLnmUkEHnagDk6Lmpl5XGbX04njuc9v33ODQkGFZvjIck3ZUzHsMfMSvrmjhNP/NL/Qqn9uJtKlT1jbJuJkbnLZvSKZVdpG8fSyxTCDd60PVmi4gNsfZngB0cSQt8y77RgDdU2AnokYpDQMxH91K8F0TgbAQrL+xDEFJHDvXz7LEJSODwRdVAgMBAAE=";

    /* JADX WARN: Code restructure failed: missing block: B:32:0x00c4, code lost:
    
        com.huawei.signclient.hap.config.RemoteSignerConfig.LOGGER.error("no target key in config file!");
        r0 = r5;
     */
    /* JADX WARN: Code restructure failed: missing block: B:33:0x00d2, code lost:
    
        if (r0 == null) goto L44;
     */
    /* JADX WARN: Code restructure failed: missing block: B:35:0x00d6, code lost:
    
        if (0 == 0) goto L43;
     */
    /* JADX WARN: Code restructure failed: missing block: B:36:0x00eb, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:38:0x00d9, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:40:0x00e0, code lost:
    
        r13 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:41:0x00e2, code lost:
    
        r0.addSuppressed(r13);
     */
    /* JADX WARN: Code restructure failed: missing block: B:45:0x0085, code lost:
    
        com.huawei.signclient.hap.config.RemoteSignerConfig.LOGGER.error("keyName is not a string!");
        r0 = r5;
     */
    /* JADX WARN: Code restructure failed: missing block: B:46:0x0093, code lost:
    
        if (r0 == null) goto L32;
     */
    /* JADX WARN: Code restructure failed: missing block: B:48:0x0097, code lost:
    
        if (0 == 0) goto L31;
     */
    /* JADX WARN: Code restructure failed: missing block: B:49:0x00ac, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:51:0x009a, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:53:0x00a1, code lost:
    
        r12 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:54:0x00a3, code lost:
    
        r0.addSuppressed(r12);
     */
    /* JADX WARN: Code restructure failed: missing block: B:59:0x00fe, code lost:
    
        if (r0 == null) goto L69;
     */
    /* JADX WARN: Code restructure failed: missing block: B:61:0x0102, code lost:
    
        if (0 == 0) goto L54;
     */
    /* JADX WARN: Code restructure failed: missing block: B:62:0x0117, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:64:0x0105, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:66:0x010c, code lost:
    
        r8 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:67:0x010e, code lost:
    
        r0.addSuppressed(r8);
     */
    /* JADX WARN: Failed to calculate best type for var: r6v1 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r7v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 6, insn: 0x0128: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r6 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:75:0x0128 */
    /* JADX WARN: Not initialized variable reg: 7, insn: 0x012c: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r7 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:77:0x012c */
    /* JADX WARN: Type inference failed for: r6v1, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r7v0, types: [java.lang.Throwable] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.lang.String getEncryptionAlgorithmName() {
        /*
            Method dump skipped, instructions count: 346
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.huawei.signclient.hap.config.RemoteSignerConfig.getEncryptionAlgorithmName():java.lang.String");
    }

    private static PublicKey getPublicKeyFromEncodeString(String str) {
        PublicKey publicKey = null;
        try {
            publicKey = KeyFactory.getInstance(str).generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(ENCRYPY_PUBLIC_KEY)));
        } catch (NoSuchAlgorithmException e) {
            LOGGER.error("Unsupport key algorithm : " + str);
        } catch (InvalidKeySpecException e2) {
            LOGGER.error("Invalid key spec, transform failed!");
        }
        return publicKey;
    }

    private static byte[] encrypt(String str) {
        byte[] bArr = null;
        PublicKey publicKeyFromEncodeString = getPublicKeyFromEncodeString("RSA");
        if (publicKeyFromEncodeString == null || !publicKeyFromEncodeString.getAlgorithm().equals("RSA")) {
            return null;
        }
        try {
            Cipher cipher = Cipher.getInstance(ENCRYPTION_ALGORITHM, BouncyCastleProvider.PROVIDER_NAME);
            cipher.init(1, publicKeyFromEncodeString);
            bArr = cipher.doFinal(str.getBytes(StandardCharsets.UTF_8));
        } catch (InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
            LOGGER.error("encrypt failed.", e);
        } catch (NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException e2) {
            LOGGER.error("Unsupport cipher engine", e2);
        }
        return bArr;
    }

    @Override // com.huawei.signclient.hap.config.SignerConfig
    public byte[] getSignature(byte[] bArr, String str, AlgorithmParameterSpec algorithmParameterSpec) {
        LOGGER.info("Compute signature by remote mode!");
        String str2 = this.signParamMap.get(ParamConstants.PARAM_REMOTE_USERNAME);
        String str3 = this.signParamMap.get(ParamConstants.PARAM_REMOTE_CODE);
        String str4 = this.signParamMap.get(ParamConstants.PARAM_BASIC_PRIVATE_KEY);
        byte[] encrypt = encrypt(str3);
        Map<String, String> hashMap = new HashMap<>();
        String encodeToString = Base64.getUrlEncoder().encodeToString(bArr);
        hashMap.put("domainUser", str2);
        hashMap.put("toolVersion", "HapSignatureTool-V2.0");
        hashMap.put("passwordDigest", Base64.getEncoder().encodeToString(DigestUtils.sha256Digest(str3.getBytes(Charset.forName("UTF-8")))));
        hashMap.put("encryptedPassword", Base64.getEncoder().encodeToString(encrypt == null ? new byte[0] : encrypt));
        hashMap.put("subjectName", str4);
        hashMap.put(ParamConstants.PARAM_BASIC_SIGANTURE_ALG, str);
        hashMap.put("unsignedData", encodeToString);
        if (this.signParamMap.containsKey(ParamConstants.PARAM_REMOTE_SERVER)) {
            hashMap.put(ParamConstants.PARAM_REMOTE_SERVER, this.signParamMap.get(ParamConstants.PARAM_REMOTE_SERVER));
        }
        byte[] signatureFromServer = getSignatureFromServer(getResponseData(hashMap));
        if (signatureFromServer == null || signatureFromServer.length <= 0) {
            LOGGER.error("Get signature failed!");
        } else {
            LOGGER.info("Get signature success!");
        }
        return signatureFromServer;
    }

    private String getResponseData(Map<String, String> map) {
        String str = null;
        for (int i = 0; i < 3; i++) {
            try {
                str = HttpUtils.postData(map);
            } catch (HttpException e) {
                if (e.getErrorCode() != 504 || i >= 2) {
                    LOGGER.error(e.getMessage());
                    return null;
                }
                LOGGER.warn(e.getMessage() + ", retry again!");
            }
            if (str != null) {
                break;
            }
        }
        return str;
    }

    public byte[] getSignatureFromServer(String str) {
        if (StringUtils.isEmpty(str)) {
            LOGGER.error("Get empty response from signature server!");
            return null;
        }
        DataFromSignCenter dataFromSignCenter = (DataFromSignCenter) new Gson().fromJson(str, DataFromSignCenter.class);
        if (dataFromSignCenter == null || dataFromSignCenter.data == null) {
            LOGGER.error("Get response data error!");
            return null;
        }
        if (!getCertificatesFromResponseData(dataFromSignCenter.data)) {
            LOGGER.error("Get certificate list data error!");
            return null;
        }
        getCrlFromResponseData(dataFromSignCenter.data);
        String str2 = dataFromSignCenter.data.signedData;
        if (!checkEncodeSignedDataIsInvalid(str2)) {
            return Base64.getUrlDecoder().decode(str2);
        }
        LOGGER.error("Get signedData data error!");
        return null;
    }
}
