package com.sankuai.meituan.tte;

import android.support.annotation.VisibleForTesting;
import android.text.TextUtils;
import com.meituan.android.cipstorage.CIPStorageCenter;
import com.sankuai.meituan.tte.ConfigManager;
import com.sankuai.meituan.tte.TTE;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class TKeyManager implements KeyProvider {
    private static final List<KeyItem> BUILTIN_KEYS;
    private static final String TAG = "TKeyManager";
    private static final Cache<CacheKey, TKeyManager> sKeyManagers = new Cache<CacheKey, TKeyManager>() { // from class: com.sankuai.meituan.tte.TKeyManager.1
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // com.sankuai.meituan.tte.Cache
        public TKeyManager onCreate(CacheKey cacheKey) {
            TTE.Config config = cacheKey.config;
            return new TKeyManager(config, new TKeyAgreement(config), TKeyStore.getInstance(TTE.getContext()));
        }
    };
    private final KeyItem mBuiltin;
    private final TTE.Config mConfig;
    private volatile boolean mInKeyAgreement;
    private final TKeyAgreement mKeyAgreement;
    private final TKeyStore mKeyStore;
    private final TLogger mLogger;
    private final List<KeyItem> mCache = new CopyOnWriteArrayList();
    private final AtomicBoolean mDidLoad = new AtomicBoolean();
    private volatile long mLastKeyAgreementStartNanos = -1;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static class CacheKey {
        public final TTE.Config config;
        private final String key;

        public CacheKey(TTE.Config config) {
            this.config = config;
            this.key = config.cipherSuite + ":" + config.env;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            return this.key.equals(((CacheKey) obj).key);
        }

        public int hashCode() {
            return this.key.hashCode();
        }
    }

    static {
        List<KeyItem> emptyList = Collections.emptyList();
        try {
            emptyList = Arrays.asList(new KeyItem(TTE.Env.PROD, TTE.DataCipher.SM4_GCM, Util.mask(Util.base64Decode("8SwYC6qvtecJe/ejwVvj3Q==")), Util.base64Decode("AwgAAAA5AgAAAAE7ms1vAAAALKG9MK5WfPQ7FgK4mR/N2aENNO8kJ/sm1OGXok7yWZQYdYEYr3ZTQKTUnF+rAAAALHSxwbeLu2q64eteB7RH6sb/FjuBXiJ/1EeOwElxzIH8Ew9E9uAyK3P7ZBKr")), new KeyItem(TTE.Env.PROD, TTE.DataCipher.AES_GCM, Util.mask(Util.base64Decode("6b/QLJFUKqOgRT9hEuBT9Q==")), Util.base64Decode("AwMAAAA5AgAAAAE7msxaAAAALJ5Fpfz1naiDFsyOAEPIOQS7nNIx80RkLtOnHdY9USg4lIG/SKelK3K3DENAAAAALHEWYqDHyi+yC3EyJ/DjJG+MQwGOb5cNuuzfA/j0Zq1ulAnFO329qBchm/v4")), new KeyItem(TTE.Env.TEST, TTE.DataCipher.SM4_GCM, Util.mask(Util.base64Decode("QgNIxT62n1HYJMw+f2wHmw==")), Util.base64Decode("AwgAAAA5AgAAAAE7mtUIAAAALPHuERN814KKSsVkhf4io1viRF/CHzTIaWYALuZta2+YVvOQ2kZua9TMstljAAAALHQ8EcjqYRx3FYGBZIZpcOgS6x25GpSVCOcwzs0os2zIfi0izFjt+fXxFWYd")), new KeyItem(TTE.Env.TEST, TTE.DataCipher.AES_GCM, Util.mask(Util.base64Decode("uxJngujFcukYF7byPipKeg==")), Util.base64Decode("BktNUwMaOQIAAAABO5rRzAAAACwpBG9PaSNES8pLNKGuQHQOCCMgWGA/tpcxQpWUz2hvCvrHbg8HSWf6QB7ufyIsALCU8pTJ/3PRSGSEFuJswi1gijx416qXVTtZ6K5LIzAiT3yqokCNhkCDJhY=")));
            Iterator<KeyItem> it = emptyList.iterator();
            while (it.hasNext()) {
                it.next().isBuiltin = true;
            }
        } catch (Throwable th) {
            TLog.e(TAG, "init", th);
        }
        BUILTIN_KEYS = emptyList;
    }

    public TKeyManager(TTE.Config config, TKeyAgreement tKeyAgreement, TKeyStore tKeyStore) {
        this.mConfig = config;
        this.mKeyAgreement = tKeyAgreement;
        this.mKeyStore = tKeyStore;
        this.mBuiltin = getBuiltin(config.env, config.cipherSuite.dataCipher);
        this.mLogger = new TLogger(TAG, this.mConfig.info());
    }

    private boolean checkKeyAgreementCountIn24Hours() {
        try {
            String str = "ka_timestamps:" + this.mConfig.env + ":" + this.mConfig.cipherSuite;
            ArrayList arrayList = new ArrayList();
            Collections.addAll(arrayList, cips().getString(str, "").split(","));
            long currentTimeMillis = System.currentTimeMillis();
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                String str2 = (String) it.next();
                if (TextUtils.isEmpty(str2) || currentTimeMillis - Long.parseLong(str2) > 86400000) {
                    it.remove();
                }
            }
            if (arrayList.size() >= configManager().kaMaxCountIn24Hours()) {
                return false;
            }
            arrayList.add("" + System.currentTimeMillis());
            cips().setString(str, TextUtils.join(",", arrayList));
            return true;
        } catch (Throwable th) {
            this.mLogger.w("check agreement count error", th);
            return true;
        }
    }

    private boolean checkKeyAgreementInterval() {
        if (this.mInKeyAgreement) {
            return false;
        }
        if (this.mLastKeyAgreementStartNanos < 0) {
            return true;
        }
        return System.nanoTime() - this.mLastKeyAgreementStartNanos >= TimeUnit.MILLISECONDS.toNanos(configManager().kaMinIntervalMs());
    }

    public static List<KeyItem> findKeys(TTE.Env env, TTE.DataCipher dataCipher, Collection<KeyItem> collection) {
        ArrayList arrayList = new ArrayList(collection.size());
        for (KeyItem keyItem : collection) {
            if (keyItem.env == env && keyItem.dataCipher == dataCipher) {
                arrayList.add(keyItem);
            }
        }
        return arrayList;
    }

    public static KeyItem getBuiltin(TTE.Env env, TTE.DataCipher dataCipher) {
        List<KeyItem> findKeys = findKeys(env, dataCipher, BUILTIN_KEYS);
        if (findKeys.isEmpty()) {
            return null;
        }
        return findKeys.get(0);
    }

    public static TKeyManager getInstance(TTE.Config config) {
        return sKeyManagers.getOrCreate(new CacheKey(config));
    }

    private boolean isExpired(KeyItem keyItem) {
        return !keyItem.isBuiltin && keyItem.retrievedAt + configManager().kaMaxKeyLifeMs() < System.currentTimeMillis();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setWithCache(KeyItem keyItem) {
        this.mCache.add(0, keyItem);
        this.mKeyStore.setKey(keyItem);
    }

    @VisibleForTesting
    protected void checkKeyAgreementInSerial(KeyItem keyItem) {
        if (keyItem != null) {
            keyItem.isExpired = isExpired(keyItem);
            if (!keyItem.isExpired && !keyItem.didVerifyError) {
                return;
            }
        }
        ConfigManager.CipherConfig cipherConfig = configManager().cipherConfig(this.mConfig.cipherSuite);
        if (cipherConfig.disableKeyAgreement() || cipherConfig.forceEmbeddedKey() || !checkKeyAgreementInterval()) {
            return;
        }
        serialExecutor().execute(new Runnable() { // from class: com.sankuai.meituan.tte.TKeyManager.3
            @Override // java.lang.Runnable
            public void run() {
                TKeyManager.this.checkThenStartKeyAgreement();
            }
        });
    }

    @VisibleForTesting
    protected void checkThenStartKeyAgreement() {
        if (!checkKeyAgreementInterval()) {
            this.mLogger.v("skip agreement for interval");
            return;
        }
        if (!checkKeyAgreementCountIn24Hours()) {
            this.mLogger.v("skip agreement for count");
            return;
        }
        this.mInKeyAgreement = true;
        this.mLastKeyAgreementStartNanos = System.nanoTime();
        this.mLogger.i("start key agreement");
        this.mKeyAgreement.doKeyAgreementWithVerifyAsync(new ResultCallback<KeyItem>() { // from class: com.sankuai.meituan.tte.TKeyManager.4
            @Override // com.sankuai.meituan.tte.ResultCallback
            public void onError(Throwable th) {
                TKeyManager.this.mLogger.e("key agreement error", th);
                Assertion.fail(th);
                TKeyManager.this.serialExecutor().execute(new Runnable() { // from class: com.sankuai.meituan.tte.TKeyManager.4.2
                    @Override // java.lang.Runnable
                    public void run() {
                        TKeyManager.this.mInKeyAgreement = false;
                    }
                });
            }

            @Override // com.sankuai.meituan.tte.ResultCallback
            public void onResult(final KeyItem keyItem) {
                TKeyManager.this.mLogger.i("key agreement result: " + keyItem);
                TKeyManager.this.serialExecutor().execute(new Runnable() { // from class: com.sankuai.meituan.tte.TKeyManager.4.1
                    @Override // java.lang.Runnable
                    public void run() {
                        TKeyManager.this.setWithCache(keyItem);
                        TKeyManager.this.mInKeyAgreement = false;
                    }
                });
            }
        });
    }

    protected CIPStorageCenter cips() {
        return Util.localStorage(TTE.getContext(), "status");
    }

    protected ConfigManager configManager() {
        return ConfigManager.getInstance(TTE.getContext());
    }

    @Override // com.sankuai.meituan.tte.KeyProvider
    public KeyItem getKey() throws CipherException {
        return getKey(null);
    }

    @Override // com.sankuai.meituan.tte.KeyProvider
    public KeyItem getKey(byte[] bArr) throws CipherException {
        List<KeyItem> list;
        TTE.Env env = this.mConfig.env;
        TTE.DataCipher dataCipher = this.mConfig.cipherSuite.dataCipher;
        try {
            boolean forceEmbeddedKey = configManager().cipherConfig(this.mConfig.cipherSuite).forceEmbeddedKey();
            if (forceEmbeddedKey && bArr == null) {
                list = new ArrayList<>();
            } else {
                List<KeyItem> findKeys = findKeys(env, dataCipher, this.mCache);
                if (findKeys.isEmpty() && !forceEmbeddedKey) {
                    loadKeyAsync();
                }
                list = findKeys;
            }
            list.add(this.mBuiltin);
            KeyItem keyItem = null;
            for (KeyItem keyItem2 : list) {
                if (keyItem2 != null) {
                    if (bArr != null || !keyItem2.didVerifyError) {
                        if (bArr == null || Arrays.equals(keyItem2.edk, bArr)) {
                            keyItem = keyItem2;
                            break;
                        }
                    } else {
                        this.mLogger.d("skip error key");
                    }
                }
            }
            checkKeyAgreementInSerial(keyItem);
            if (keyItem != null) {
                return keyItem;
            }
        } catch (Throwable th) {
            this.mLogger.e("getKey", th);
        }
        throw new CipherException("no key found for env: " + env + ", cipherType: " + dataCipher.cipherType, CipherException.ERR_KEY_NOT_FOUND);
    }

    @VisibleForTesting
    protected void loadKeyAsync() {
        if (this.mDidLoad.compareAndSet(false, true)) {
            Executors.scheduled().execute(new Runnable() { // from class: com.sankuai.meituan.tte.TKeyManager.2
                @Override // java.lang.Runnable
                public void run() {
                    KeyItem key = TKeyManager.this.mKeyStore.getKey(TKeyManager.this.mConfig.env, TKeyManager.this.mConfig.cipherSuite.dataCipher);
                    if (key != null) {
                        TKeyManager.this.mCache.add(key);
                        TKeyManager.this.verifyKeyOrRemove(key);
                    }
                    TKeyManager.this.checkKeyAgreementInSerial(key);
                }
            });
        }
    }

    @VisibleForTesting
    protected Executor serialExecutor() {
        return Executors.keyManager();
    }

    @VisibleForTesting
    protected void setLoaded(KeyItem... keyItemArr) {
        this.mDidLoad.set(true);
        this.mCache.clear();
        Collections.addAll(this.mCache, keyItemArr);
    }

    public void verifyKeyOrRemove(final KeyItem keyItem) {
        if (keyItem.didVerify.compareAndSet(false, true) && !configManager().cipherConfig(this.mConfig.cipherSuite).disableKeyVerification()) {
            this.mLogger.i("verify key: " + keyItem);
            this.mKeyAgreement.verifyKeyAsync(keyItem, new ResultCallback<Boolean>() { // from class: com.sankuai.meituan.tte.TKeyManager.5
                @Override // com.sankuai.meituan.tte.ResultCallback
                public void onError(Throwable th) {
                    Assertion.fail(th);
                }

                @Override // com.sankuai.meituan.tte.ResultCallback
                public void onResult(Boolean bool) {
                    TKeyManager.this.mLogger.i("verify result: " + bool + ", " + Util.base64Encode(keyItem.edk));
                    if (!bool.booleanValue()) {
                        keyItem.didVerifyError = true;
                        TKeyManager.this.mKeyStore.remove(keyItem);
                        Assertion.fail("key verify error");
                    }
                    TKeyManager.this.checkKeyAgreementInSerial(keyItem);
                }
            });
        }
    }
}
