package com.alipay.mobile.common.netsdkextdepend.security;

import android.content.ContextWrapper;
import android.text.TextUtils;
import com.alibaba.wireless.security.open.SecException;
import com.alibaba.wireless.security.open.SecurityGuardManager;
import com.alibaba.wireless.security.open.SecurityGuardParamContext;
import com.alibaba.wireless.security.open.securesignature.ISecureSignatureComponent;
import com.alipay.android.msp.utils.MspSwitchUtil;
import com.alipay.android.phone.mobilesdk.storage.encryption.TaobaoSecurityEncryptor;
import com.alipay.apmobilesecuritysdk.face.APSecuritySdk;
import com.alipay.blueshield.ITrustedSignatureModule;
import com.alipay.blueshield.TrustedTerminalManager;
import com.alipay.mobile.common.netsdkextdepend.selfutil.EnvUtil;
import com.alipay.mobile.common.netsdkextdepend.selfutil.InnerLoggerUtils;
import com.alipay.mobile.common.netsdkextdependapi.security.SecurityManagerAdapter;
import com.alipay.mobile.common.netsdkextdependapi.security.SignRequest;
import com.alipay.mobile.common.netsdkextdependapi.security.SignResult;
import com.alipay.mobile.common.transport.TransportStrategy;
import com.alipay.mobile.framework.MpaasClassInfo;
import java.util.HashMap;

@MpaasClassInfo(BundleName = "android-phone-mobilesdk-netsdkextdepend", ExportJarName = "unknown", Level = "product", Product = ":android-phone-mobilesdk-netsdkextdepend")
/* loaded from: classes8.dex */
public class DefaultSecurityManager extends SecurityManagerAdapter {
    private SignResult a(SignRequest signRequest) {
        SignResult a2 = a(signRequest, false);
        a2.useTeesdkFirst = true;
        if (a2.isSuccess()) {
            return a2;
        }
        if (!TransportStrategy.enableTeesdkDowngrade()) {
            InnerLoggerUtils.warn("mynet_SecurityManager", "[doSignatureTeeFirst] Teesdk sign fail, do not allow downgrade");
            return a2;
        }
        SignResult signResult = new SignResult();
        try {
            signResult = d(signRequest);
        } catch (SecException e) {
            InnerLoggerUtils.error("mynet_SecurityManager", "[doSignatureTeeFirst] Exception: " + e.toString(), e);
            return SignResult.newErrorResult(String.valueOf(e.getErrorCode()));
        } catch (Throwable th) {
            InnerLoggerUtils.warn("mynet_SecurityManager", "[doSignatureTeeFirst] Exception: " + th.toString(), th);
        }
        signResult.useTeesdkFirst = true;
        signResult.teesdkFailed = true;
        signResult.teeErrorCode = a2.getErrorCode();
        return signResult;
    }

    private SignResult a(SignRequest signRequest, boolean z) {
        String str;
        ITrustedSignatureModule iTrustedSignatureModule;
        HashMap<String, String> sign;
        HashMap<String, String> hashMap = null;
        SignResult signResult = new SignResult();
        String str2 = "";
        try {
            try {
                iTrustedSignatureModule = (ITrustedSignatureModule) TrustedTerminalManager.getInstance(EnvUtil.getContext()).getModule(ITrustedSignatureModule.class);
            } catch (Throwable th) {
                try {
                    InnerLoggerUtils.warn("mynet_SecurityManager", "[doTeeSignature] TrustedTerminalManager#getModule ex=".concat(String.valueOf(th)));
                    iTrustedSignatureModule = null;
                } catch (Throwable th2) {
                    th = th2;
                    InnerLoggerUtils.warn("mynet_SecurityManager", "[doTeeSignature] trustSignModule.doTeeSignature ex=".concat(String.valueOf(th)));
                    InnerLoggerUtils.info("mynet_SecurityManager", "[doTeeSignature] get teesdk sign result=" + hashMap + ", requestType: " + signRequest.signType + ", appKey: " + signRequest.appkey + ", authCode: " + str2 + ", opt: " + signRequest.operationType + ", success: " + signResult.isSuccess());
                    return signResult;
                }
            }
            if (iTrustedSignatureModule == null) {
                signResult.setErrorCode("No Trusted Sign Module");
                InnerLoggerUtils.info("mynet_SecurityManager", "[doTeeSignature] get teesdk sign result=" + ((Object) null) + ", requestType: " + signRequest.signType + ", appKey: " + signRequest.appkey + ", authCode: , opt: " + signRequest.operationType + ", success: " + signResult.isSuccess());
                return signResult;
            }
            HashMap<String, Object> hashMap2 = new HashMap<>();
            hashMap2.put("appKey", signRequest.appkey);
            str = getAuthCodeForSecurityGuard(signRequest);
            try {
                hashMap2.put("authCode", str);
                if (z) {
                    hashMap2.put(ITrustedSignatureModule.SIGN_PARAM_KEY_SIGN_SWITCH, 1);
                }
                if (signRequest.isSignTypeMD5()) {
                    hashMap2.put("signType", 0);
                } else if (signRequest.isSignTypeHmacSha1()) {
                    hashMap2.put("signType", 1);
                    signResult.signType = SignRequest.SIGN_TYPE_HMAC_SHA1;
                } else if (signRequest.isSignTypeTrustedSignNormal()) {
                    hashMap2.put("signType", 4);
                    signResult.signType = SignRequest.SIGN_TYPE_TRUSTED_SIGN_NORMAL;
                }
                hashMap2.put("signData", signRequest.content);
                hashMap2.put("api", signRequest.operationType);
                hashMap2.put("env", 0);
                sign = iTrustedSignatureModule.getSign(hashMap2);
            } catch (Throwable th3) {
                th = th3;
            }
            if (sign == null) {
                InnerLoggerUtils.info("mynet_SecurityManager", "[doTeeSignature] get teesdk sign result=" + sign + ", requestType: " + signRequest.signType + ", appKey: " + signRequest.appkey + ", authCode: " + str + ", opt: " + signRequest.operationType + ", success: " + signResult.isSuccess());
                return signResult;
            }
            try {
                String str3 = sign.get(ITrustedSignatureModule.SIGN_RET_KEY_DJY_SIGN);
                String str4 = sign.get(ITrustedSignatureModule.SIGN_RET_KEY_DJY_COLOR);
                String str5 = sign.get(ITrustedSignatureModule.SIGN_RET_KEY_DJY_ERROR);
                String str6 = sign.get(ITrustedSignatureModule.SIGN_RET_KEY_SG_SWITCH);
                if (TextUtils.isEmpty(str3)) {
                    signResult.setSuccess(false);
                    if (TextUtils.isEmpty(str5)) {
                        str5 = "";
                    }
                    signResult.setErrorCode(str5);
                } else {
                    signResult.sign = str3;
                    if (TextUtils.isEmpty(str6)) {
                        str6 = "";
                    }
                    signResult.lib = str6;
                    if (TextUtils.isEmpty(str4)) {
                        str4 = "";
                    }
                    signResult.color = str4;
                    signResult.setSuccess(true);
                }
                InnerLoggerUtils.info("mynet_SecurityManager", "[doTeeSignature] get teesdk sign result=" + sign + ", requestType: " + signRequest.signType + ", appKey: " + signRequest.appkey + ", authCode: " + str + ", opt: " + signRequest.operationType + ", success: " + signResult.isSuccess());
            } catch (Throwable th4) {
                th = th4;
                str2 = str;
                hashMap = sign;
                InnerLoggerUtils.warn("mynet_SecurityManager", "[doTeeSignature] trustSignModule.doTeeSignature ex=".concat(String.valueOf(th)));
                InnerLoggerUtils.info("mynet_SecurityManager", "[doTeeSignature] get teesdk sign result=" + hashMap + ", requestType: " + signRequest.signType + ", appKey: " + signRequest.appkey + ", authCode: " + str2 + ", opt: " + signRequest.operationType + ", success: " + signResult.isSuccess());
                return signResult;
            }
            return signResult;
        } catch (Throwable th5) {
            th = th5;
            str = "";
            InnerLoggerUtils.info("mynet_SecurityManager", "[doTeeSignature] get teesdk sign result=" + hashMap + ", requestType: " + signRequest.signType + ", appKey: " + signRequest.appkey + ", authCode: " + str + ", opt: " + signRequest.operationType + ", success: " + signResult.isSuccess());
            throw th;
        }
    }

    private SignResult b(SignRequest signRequest) {
        SignResult signResult = new SignResult();
        try {
            signResult = d(signRequest);
        } catch (SecException e) {
            InnerLoggerUtils.error("mynet_SecurityManager", "[doSignatureSecurityGuardFirst] Exception: " + e.toString(), e);
            if (!c(signRequest)) {
                return SignResult.newErrorResult(String.valueOf(e.getErrorCode()));
            }
        } catch (Throwable th) {
            InnerLoggerUtils.warn("mynet_SecurityManager", "[doSignatureSecurityGuardFirst] Exception: " + th.toString(), th);
        }
        if (signResult.isSuccess()) {
            return signResult;
        }
        if (!c(signRequest)) {
            return SignResult.newEmptySignData();
        }
        InnerLoggerUtils.info("mynet_SecurityManager", "[doSignatureSecurityGuardFirst] SecurityGuard downgrade to teesdk!");
        SignResult a2 = a(signRequest, true);
        a2.downToTee = true;
        a2.teesdkFailed = !a2.isSuccess();
        return a2;
    }

    private static boolean c(SignRequest signRequest) {
        if (!signRequest.isAlipayClient) {
            return false;
        }
        if (signRequest.allowDowngradeToTeeSDK()) {
            return true;
        }
        if (signRequest.notAllowDowngradeToTeeSDK()) {
            return false;
        }
        return TransportStrategy.enableSecurityGuardDownGradeToTeesdk();
    }

    private SignResult d(SignRequest signRequest) {
        SignResult signResult = new SignResult();
        SecurityGuardManager securityGuardManager = SecurityGuardManager.getInstance(EnvUtil.getContext());
        if (securityGuardManager == null) {
            InnerLoggerUtils.warn("mynet_SecurityManager", "[doSecurityGuardSignature] request data sign fail, sgMng is null");
            return SignResult.newEmptySignData();
        }
        ISecureSignatureComponent secureSignatureComp = securityGuardManager.getSecureSignatureComp();
        if (secureSignatureComp == null) {
            InnerLoggerUtils.warn("mynet_SecurityManager", "[doSecurityGuardSignature] request data sign fail, ssComp is null");
            return SignResult.newEmptySignData();
        }
        HashMap hashMap = new HashMap();
        hashMap.put("INPUT", signRequest.content);
        SecurityGuardParamContext securityGuardParamContext = new SecurityGuardParamContext();
        securityGuardParamContext.paramMap = hashMap;
        securityGuardParamContext.appKey = signRequest.appkey;
        if (signRequest.isSignTypeMD5()) {
            securityGuardParamContext.requestType = 4;
        } else if (signRequest.isSignTypeHmacSha1()) {
            securityGuardParamContext.requestType = 3;
            signResult.signType = SignRequest.SIGN_TYPE_HMAC_SHA1;
        } else if (signRequest.isSignTypeAtlas()) {
            hashMap.put("ATLAS", MspSwitchUtil.PREFIX_MSP_BYTES);
            securityGuardParamContext.requestType = 5;
            signResult.signType = SignRequest.SIGN_TYPE_ATLAS;
        }
        String authCodeForSecurityGuard = getAuthCodeForSecurityGuard(signRequest);
        try {
            signResult.sign = secureSignatureComp.signRequest(securityGuardParamContext, authCodeForSecurityGuard);
            signResult.setSuccess(true);
            return signResult;
        } finally {
            InnerLoggerUtils.warn("mynet_SecurityManager", "[doSecurityGuardSignature] Get security signed string: " + signResult.sign + ",  requestType: " + securityGuardParamContext.requestType + ",  appKey: " + securityGuardParamContext.appKey + ", authCode = " + authCodeForSecurityGuard + ", success = " + signResult.isSuccess());
        }
    }

    @Override // com.alipay.mobile.common.netsdkextdependapi.security.SecurityManagerAdapter, com.alipay.mobile.common.netsdkextdependapi.security.SecurityManager
    public String decrypt(String str) {
        if (EnvUtil.getContext() == null) {
            throw new IllegalStateException("The context in EnvUtil is null");
        }
        return TaobaoSecurityEncryptor.decrypt((ContextWrapper) EnvUtil.getContext(), str);
    }

    @Override // com.alipay.mobile.common.netsdkextdependapi.security.SecurityManagerAdapter, com.alipay.mobile.common.netsdkextdependapi.security.SecurityManager
    public byte[] decrypt(byte[] bArr) {
        if (EnvUtil.getContext() == null) {
            throw new IllegalStateException("The context in EnvUtil is null");
        }
        return TaobaoSecurityEncryptor.decrypt((ContextWrapper) EnvUtil.getContext(), bArr);
    }

    @Override // com.alipay.mobile.common.netsdkextdependapi.security.SecurityManagerAdapter, com.alipay.mobile.common.netsdkextdependapi.security.SecurityManager
    public byte[] decrypt(byte[] bArr, String str) {
        if (EnvUtil.getContext() == null) {
            throw new IllegalStateException("The context in EnvUtil is null");
        }
        return TaobaoSecurityEncryptor.decrypt((ContextWrapper) EnvUtil.getContext(), bArr, str);
    }

    @Override // com.alipay.mobile.common.netsdkextdependapi.security.SecurityManagerAdapter, com.alipay.mobile.common.netsdkextdependapi.security.SecurityManager
    public String encrypt(String str) {
        if (EnvUtil.getContext() == null) {
            throw new IllegalStateException("The context in EnvUtil is null");
        }
        return TaobaoSecurityEncryptor.encrypt((ContextWrapper) EnvUtil.getContext(), str);
    }

    @Override // com.alipay.mobile.common.netsdkextdependapi.security.SecurityManagerAdapter, com.alipay.mobile.common.netsdkextdependapi.security.SecurityManager
    public byte[] encrypt(byte[] bArr) {
        if (EnvUtil.getContext() == null) {
            throw new IllegalStateException("The context in EnvUtil is null");
        }
        return TaobaoSecurityEncryptor.encrypt((ContextWrapper) EnvUtil.getContext(), bArr);
    }

    @Override // com.alipay.mobile.common.netsdkextdependapi.security.SecurityManagerAdapter, com.alipay.mobile.common.netsdkextdependapi.security.SecurityManager
    public byte[] encrypt(byte[] bArr, String str) {
        if (EnvUtil.getContext() == null) {
            throw new IllegalStateException("The context in EnvUtil is null");
        }
        return TaobaoSecurityEncryptor.encrypt((ContextWrapper) EnvUtil.getContext(), bArr, str);
    }

    @Override // com.alipay.mobile.common.netsdkextdependapi.security.SecurityManagerAdapter, com.alipay.mobile.common.netsdkextdependapi.security.SecurityManager
    public String getApDid() {
        try {
            return APSecuritySdk.getInstance(EnvUtil.getContext()).getTokenResult().apdid;
        } catch (Throwable th) {
            InnerLoggerUtils.error("mynet_SecurityManager", "[getApDid] Exception = " + th.toString());
            return "";
        }
    }

    @Override // com.alipay.mobile.common.netsdkextdependapi.security.SecurityManagerAdapter, com.alipay.mobile.common.netsdkextdependapi.security.SecurityManager
    public String getAuthCodeForSecurityGuard(SignRequest signRequest) {
        return "";
    }

    @Override // com.alipay.mobile.common.netsdkextdependapi.security.SecurityManagerAdapter, com.alipay.mobile.common.netsdkextdependapi.security.SecurityManager
    public SignResult signature(SignRequest signRequest) {
        if (signRequest.checkSignVersionInWallet()) {
            InnerLoggerUtils.info("mynet_SecurityManager", "[doSignature] useTeesdkFirst:" + signRequest.useTeesdkFirst + ", signType:" + signRequest.signType + ", operationType:" + signRequest.operationType);
            return signRequest.useTeesdkFirst ? a(signRequest) : b(signRequest);
        }
        InnerLoggerUtils.info("mynet_SecurityManager", "[signature] ext signtype, do signatureExt");
        try {
            return signatureExt(signRequest);
        } catch (Throwable th) {
            InnerLoggerUtils.warn("mynet_SecurityManager", "[signature] Exception: " + th.toString(), th);
            return SignResult.newEmptySignData();
        }
    }
}
