package com.huawei.iotplatform.security.e2esecurity.local;

import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.huawei.iotplatform.security.common.crypto.AesCcm256Cipher;
import com.huawei.iotplatform.security.common.crypto.OpenSsl;
import com.huawei.iotplatform.security.common.crypto.exception.CipherException;
import com.huawei.iotplatform.security.common.crypto.exception.OpenSslException;
import com.huawei.iotplatform.security.common.util.CommonUtil;
import com.huawei.iotplatform.security.common.util.HashUtils;
import com.huawei.iotplatform.security.common.util.LogUtil;
import com.huawei.iotplatform.security.e2esecurity.hichain.adapter.utils.AuthInfoType;
import com.huawei.iotplatform.security.e2esecurity.hichain.adapter.utils.Constants;
import com.huawei.iotplatform.security.e2esecurity.hichain.adapter.utils.KeyType;
import com.huawei.iotplatform.security.e2esecurity.local.PeerPublicKey;
import com.huawei.iotplatform.security.e2esecurity.local.assetexception.AssetNotFoundException;
import com.huawei.iotplatform.security.e2esecurity.local.assetexception.AssetUnknownException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;

/* loaded from: classes2.dex */
public class LocalHiLinkAssetMgmt {
    private static final LocalHiLinkAssetMgmt INSTANCE = new LocalHiLinkAssetMgmt();
    private static final int SIGN_INFO_LENGTH = 64;
    private static final String TAG = "LocalHiLinkAssetMgmt";
    private byte[] mEncryptAad;
    private HiLinkIdBlob mHiLinkIdBlob;
    private final Object mHiLinkIdBlobLock = new Object();
    private Map<String, PeerPublicKey> mPeerPublicKeys = new ConcurrentHashMap();
    private HiLinkIdBlob mTempHiLinkIdBlob;

    private LocalHiLinkAssetMgmt() {
    }

    private byte[] decryptByKek(@NonNull byte[] bArr) throws AssetUnknownException {
        byte[] kek;
        try {
            try {
                synchronized (this.mHiLinkIdBlobLock) {
                    if (this.mHiLinkIdBlob == null) {
                        throw new AssetUnknownException(new IllegalStateException("decrypt by KEK HiLink ID does not exist"));
                    }
                    kek = this.mHiLinkIdBlob.getKek();
                }
                if (CommonUtil.isEmpty(this.mEncryptAad)) {
                    throw new AssetUnknownException(new IllegalStateException("decrypt by KEK AAD is empty"));
                }
                byte[] decrypt = AesCcm256Cipher.decrypt(bArr, kek, this.mEncryptAad);
                CommonUtil.clearBytes(kek);
                return decrypt;
            } catch (CipherException e) {
                throw new AssetUnknownException(e);
            }
        } catch (Throwable th) {
            CommonUtil.clearBytes(null);
            throw th;
        }
    }

    private byte[] encryptByKek(@NonNull byte[] bArr) throws AssetUnknownException {
        byte[] kek;
        try {
            try {
                synchronized (this.mHiLinkIdBlobLock) {
                    if (this.mHiLinkIdBlob == null) {
                        throw new AssetUnknownException(new IllegalStateException("encrypt by KEK HiLink ID does not exist"));
                    }
                    kek = this.mHiLinkIdBlob.getKek();
                }
                if (CommonUtil.isEmpty(this.mEncryptAad)) {
                    throw new AssetUnknownException(new IllegalStateException("encrypt by KEK AAD is empty"));
                }
                byte[] encrypt = AesCcm256Cipher.encrypt(bArr, kek, this.mEncryptAad);
                CommonUtil.clearBytes(kek);
                return encrypt;
            } catch (CipherException e) {
                throw new AssetUnknownException(e);
            }
        } catch (Throwable th) {
            CommonUtil.clearBytes(null);
            throw th;
        }
    }

    private byte[] exportPublicKeyWithSignature(@NonNull byte[] bArr) {
        PeerPublicKey peerPublicKey = this.mPeerPublicKeys.get(CommonUtil.bytesToString8859(bArr));
        if (peerPublicKey == null) {
            LogUtil.error(TAG, "export auth info with signature public key does not exist");
            return new byte[0];
        }
        byte[] bytes = peerPublicKey.toBytes(true);
        if (CommonUtil.isEmpty(bytes)) {
            LogUtil.error(TAG, "export auth info with signature public key info is empty");
            return new byte[0];
        }
        try {
            byte[] sign = sign(bArr, bytes);
            if (!CommonUtil.isEmpty(sign)) {
                return CommonUtil.concatenateAll(sign, bytes);
            }
            LogUtil.error(TAG, "export auth info with signature sign info is empty");
            return new byte[0];
        } catch (AssetNotFoundException e) {
            StringBuilder sb = new StringBuilder("export auth info with signature AssetNotFoundException ");
            sb.append(e.getMessage());
            LogUtil.error(TAG, sb.toString());
            return new byte[0];
        } catch (AssetUnknownException e2) {
            StringBuilder sb2 = new StringBuilder("export auth info with signature AssetUnknownException ");
            sb2.append(e2.getMessage());
            LogUtil.error(TAG, sb2.toString());
            return new byte[0];
        }
    }

    private HiLinkIdBlob getCurrentHiLinkIdBlob() {
        synchronized (this.mHiLinkIdBlobLock) {
            if (this.mHiLinkIdBlob != null) {
                return this.mHiLinkIdBlob;
            }
            return this.mTempHiLinkIdBlob;
        }
    }

    private HiLinkIdBlob getHiLinkIdBlobByAuthId(@NonNull byte[] bArr) {
        synchronized (this.mHiLinkIdBlobLock) {
            if (this.mHiLinkIdBlob != null && Arrays.equals(bArr, this.mHiLinkIdBlob.getAuthId())) {
                return this.mHiLinkIdBlob;
            }
            if (this.mTempHiLinkIdBlob == null || !Arrays.equals(bArr, this.mTempHiLinkIdBlob.getAuthId())) {
                return null;
            }
            return this.mTempHiLinkIdBlob;
        }
    }

    public static LocalHiLinkAssetMgmt getInstance() {
        return INSTANCE;
    }

    private boolean importPublicKeyWithSignature(@NonNull byte[] bArr) {
        if (bArr.length <= 64) {
            LogUtil.error(TAG, "import public key with signature authInfoBytes is invalid");
            return false;
        }
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, 64);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 64, bArr.length);
        PeerPublicKey fromBytes = PeerPublicKey.fromBytes(copyOfRange2, true);
        if (fromBytes == null) {
            LogUtil.error(TAG, "import public key with signature peerPublicKey is null");
            return false;
        }
        if (!verifyPeerSignature(fromBytes.getOwnerId(), copyOfRange2, copyOfRange)) {
            LogUtil.error(TAG, "import public key with signature peerPublicKey verify signature failed");
            return false;
        }
        HiLinkIdBlob currentHiLinkIdBlob = getCurrentHiLinkIdBlob();
        if (currentHiLinkIdBlob == null) {
            LogUtil.error(TAG, "import public key with signature the HiLink ID does not exist");
            return false;
        }
        fromBytes.setLocalId(currentHiLinkIdBlob.getAuthId());
        if (!fromBytes.saveToLocal()) {
            LogUtil.error(TAG, "import public key with signature save to local failed");
            return false;
        }
        String bytesToString8859 = CommonUtil.bytesToString8859(fromBytes.getAuthId());
        if (this.mPeerPublicKeys.containsKey(bytesToString8859)) {
            LogUtil.warn(TAG, "import public key with signature already exist");
        }
        this.mPeerPublicKeys.put(bytesToString8859, fromBytes);
        return true;
    }

    private void initEncryptAad() throws AssetUnknownException {
        byte[] sha256 = HashUtils.sha256(Constants.DEVICE_AUTH_PACKAGE_NAME);
        this.mEncryptAad = sha256;
        if (CommonUtil.isEmpty(sha256)) {
            LogUtil.error(TAG, "init encrypt AAD SHA256 failed");
            throw new AssetUnknownException(new IllegalArgumentException("init encrypt AAD SHA256 failed"));
        }
        StringBuilder sb = new StringBuilder("init encrypt AAD the length is ");
        sb.append(this.mEncryptAad.length);
        LogUtil.info(TAG, sb.toString());
    }

    private void loadLocalPeerPublicKeys() {
        LogUtil.info(TAG, "load local peer public keys");
        ArrayList<PeerPublicKey> arrayList = new ArrayList(0);
        synchronized (this.mHiLinkIdBlobLock) {
            if (this.mHiLinkIdBlob != null) {
                arrayList.addAll(PeerPublicKey.loadLocalPeerPublicKeys(this.mHiLinkIdBlob.getAuthId()));
            }
            if (this.mTempHiLinkIdBlob != null) {
                arrayList.addAll(PeerPublicKey.loadLocalPeerPublicKeys(this.mTempHiLinkIdBlob.getAuthId()));
            }
        }
        for (PeerPublicKey peerPublicKey : arrayList) {
            this.mPeerPublicKeys.put(CommonUtil.bytesToString8859(peerPublicKey.getAuthId()), peerPublicKey);
        }
    }

    public boolean addAuthInfo(@NonNull byte[] bArr, int i, @NonNull byte[] bArr2) {
        HiLinkIdBlob currentHiLinkIdBlob = getCurrentHiLinkIdBlob();
        if (currentHiLinkIdBlob == null) {
            LogUtil.error(TAG, "add auth info the HiLink ID does not exist");
            return false;
        }
        byte[] authId = currentHiLinkIdBlob.getAuthId();
        byte[] valueToBytes = KeyType.valueToBytes(i);
        if (CommonUtil.isEmpty(valueToBytes)) {
            LogUtil.error(TAG, "add auth info the key type is invalid");
            return false;
        }
        this.mPeerPublicKeys.put(CommonUtil.bytesToString8859(bArr), new PeerPublicKey.Builder().setAuthId(bArr).setPublicKey(bArr2).setKeyType(valueToBytes).setOwnerId(authId).setLocalId(authId).build());
        return true;
    }

    public void clear() {
        synchronized (this.mHiLinkIdBlobLock) {
            if (this.mHiLinkIdBlob != null) {
                this.mHiLinkIdBlob.clear();
                this.mHiLinkIdBlob = null;
            }
            if (this.mTempHiLinkIdBlob != null) {
                this.mTempHiLinkIdBlob.clear();
                this.mTempHiLinkIdBlob = null;
            }
        }
        this.mPeerPublicKeys.clear();
    }

    public byte[] decryptByDek(byte[] bArr) throws CipherException {
        byte[] dek;
        if (CommonUtil.isEmpty(bArr)) {
            LogUtil.error(TAG, "decrypt by DEK input is invalid");
            throw new CipherException("decrypt by DEK input is invalid");
        }
        try {
            try {
                synchronized (this.mHiLinkIdBlobLock) {
                    if (this.mHiLinkIdBlob == null) {
                        LogUtil.error(TAG, "decrypt by DEK HiLink ID does not exist");
                        throw new CipherException("decrypt by DEK HiLink ID does not exist");
                    }
                    dek = this.mHiLinkIdBlob.getDek();
                }
                if (CommonUtil.isEmpty(this.mEncryptAad)) {
                    LogUtil.error(TAG, "decrypt by DEK AAD is empty");
                    throw new CipherException("decrypt by DEK AAD is empty");
                }
                byte[] decrypt = AesCcm256Cipher.decrypt(bArr, dek, this.mEncryptAad);
                CommonUtil.clearBytes(dek);
                return decrypt;
            } catch (AssetUnknownException e) {
                StringBuilder sb = new StringBuilder("decrypt by DEK AssetUnknownException ");
                sb.append(e.getMessage());
                LogUtil.error(TAG, sb.toString());
                throw new CipherException(e.getMessage());
            }
        } catch (Throwable th) {
            CommonUtil.clearBytes(null);
            throw th;
        }
    }

    public boolean deleteAuthInfo(@NonNull byte[] bArr) {
        PeerPublicKey remove = this.mPeerPublicKeys.remove(CommonUtil.bytesToString8859(bArr));
        if (remove == null) {
            return true;
        }
        return remove.deleteFromLocal();
    }

    public void destroy() {
        LogUtil.info(TAG, "destroy LocalHiLinkAssetMgmt");
        ArrayList<PeerPublicKey> arrayList = new ArrayList(0);
        synchronized (this.mHiLinkIdBlobLock) {
            if (this.mHiLinkIdBlob != null) {
                arrayList.addAll(PeerPublicKey.loadLocalPeerPublicKeys(this.mHiLinkIdBlob.getAuthId()));
                this.mHiLinkIdBlob.destroy();
                this.mHiLinkIdBlob = null;
            }
            if (this.mTempHiLinkIdBlob != null) {
                arrayList.addAll(PeerPublicKey.loadLocalPeerPublicKeys(this.mTempHiLinkIdBlob.getAuthId()));
                this.mTempHiLinkIdBlob.destroy();
                this.mTempHiLinkIdBlob = null;
            }
        }
        for (PeerPublicKey peerPublicKey : arrayList) {
            if (peerPublicKey != null) {
                peerPublicKey.deleteFromLocal();
            }
        }
        this.mPeerPublicKeys.clear();
        LogUtil.info(TAG, "finish destroy LocalHiLinkAssetMgmt");
    }

    public byte[] encryptByDek(byte[] bArr) throws CipherException {
        byte[] dek;
        if (CommonUtil.isEmpty(bArr)) {
            LogUtil.error(TAG, "encrypt by DEK input is invalid");
            throw new CipherException("encrypt by DEK input is invalid");
        }
        try {
            try {
                synchronized (this.mHiLinkIdBlobLock) {
                    if (this.mHiLinkIdBlob == null) {
                        LogUtil.error(TAG, "encrypt by DEK HiLink ID does not exist");
                        throw new CipherException("encrypt by DEK HiLink ID does not exist");
                    }
                    dek = this.mHiLinkIdBlob.getDek();
                }
                if (CommonUtil.isEmpty(this.mEncryptAad)) {
                    LogUtil.error(TAG, "encrypt by DEK AAD is empty");
                    throw new CipherException("encrypt by DEK AAD is empty");
                }
                byte[] encrypt = AesCcm256Cipher.encrypt(bArr, dek, this.mEncryptAad);
                CommonUtil.clearBytes(dek);
                return encrypt;
            } catch (AssetUnknownException e) {
                StringBuilder sb = new StringBuilder("encrypt by DEK AssetUnknownException ");
                sb.append(e.getMessage());
                LogUtil.error(TAG, sb.toString());
                throw new CipherException(e.getMessage());
            }
        } catch (Throwable th) {
            CommonUtil.clearBytes(null);
            throw th;
        }
    }

    public byte[] exportAuthInfo(@NonNull byte[] bArr, @NonNull AuthInfoType authInfoType) {
        if (authInfoType == AuthInfoType.FULL_AUTH_INFO) {
            LogUtil.error(TAG, "export auth info not support");
            return new byte[0];
        }
        if (authInfoType != AuthInfoType.LITE_AUTH_INFO) {
            return exportPublicKeyWithSignature(bArr);
        }
        PeerPublicKey peerPublicKey = this.mPeerPublicKeys.get(CommonUtil.bytesToString8859(bArr));
        if (peerPublicKey == null) {
            LogUtil.error(TAG, "export auth info public key does not exist");
            return new byte[0];
        }
        byte[] bytes = peerPublicKey.toBytes(false);
        if (CommonUtil.isEmpty(bytes)) {
            LogUtil.error(TAG, "export auth info public key is empty");
            return new byte[0];
        }
        try {
            return encryptByKek(bytes);
        } catch (AssetUnknownException e) {
            StringBuilder sb = new StringBuilder("export auth info AssetUnknownException ");
            sb.append(e.getMessage());
            LogUtil.error(TAG, sb.toString());
            return new byte[0];
        }
    }

    public boolean generateTempHiLinkId(@NonNull byte[] bArr) {
        boolean addAuthInfo;
        if (isHiLinkIdExist()) {
            LogUtil.error(TAG, "the HiLink ID exists, can't generate temp HiLink ID");
            return false;
        }
        synchronized (this.mHiLinkIdBlobLock) {
            try {
                try {
                    LogUtil.info(TAG, "generate temp HiLink ID");
                    HiLinkIdBlob generateTempHiLinkId = HiLinkIdBlob.generateTempHiLinkId(bArr);
                    this.mTempHiLinkIdBlob = generateTempHiLinkId;
                    addAuthInfo = addAuthInfo(generateTempHiLinkId.getAuthId(), KeyType.USER_PUBLIC_KEY.getValue(), this.mTempHiLinkIdBlob.getPublicKey());
                } catch (AssetUnknownException unused) {
                    LogUtil.error(TAG, "generate temp HiLink ID failed");
                    return false;
                }
            } catch (Throwable th) {
                throw th;
            }
        }
        return addAuthInfo;
    }

    public byte[] getCurrentAuthId(@Nullable byte[] bArr) {
        if (CommonUtil.isEmpty(bArr)) {
            HiLinkIdBlob currentHiLinkIdBlob = getCurrentHiLinkIdBlob();
            if (currentHiLinkIdBlob != null) {
                return currentHiLinkIdBlob.getAuthId();
            }
            LogUtil.error(TAG, "get current auth id the HiLink ID does not exist");
            return new byte[0];
        }
        PeerPublicKey peerPublicKey = this.mPeerPublicKeys.get(CommonUtil.bytesToString8859(bArr));
        if (peerPublicKey != null) {
            return peerPublicKey.getLocalId();
        }
        LogUtil.error(TAG, "get current auth id the public key does not exist");
        return new byte[0];
    }

    public byte[] getHiLinkIdPublicKey() {
        HiLinkIdBlob currentHiLinkIdBlob = getCurrentHiLinkIdBlob();
        if (currentHiLinkIdBlob != null) {
            return currentHiLinkIdBlob.getPublicKey();
        }
        LogUtil.error(TAG, "get HiLink ID public key the HiLink ID does not exist");
        return new byte[0];
    }

    public int getLocalPrimaryKeyVersion() {
        synchronized (this.mHiLinkIdBlobLock) {
            if (this.mHiLinkIdBlob == null) {
                return 0;
            }
            return this.mHiLinkIdBlob.getPrimaryKeyVersion();
        }
    }

    public byte[] getPeerPublicKey(@NonNull byte[] bArr) {
        PeerPublicKey peerPublicKey = this.mPeerPublicKeys.get(CommonUtil.bytesToString8859(bArr));
        if (peerPublicKey != null) {
            return peerPublicKey.getPublicKey();
        }
        LogUtil.error(TAG, "get peer public key the public key does not exist");
        return new byte[0];
    }

    public boolean importAuthInfo(@NonNull byte[] bArr, @NonNull AuthInfoType authInfoType) {
        if (authInfoType == AuthInfoType.FULL_AUTH_INFO) {
            LogUtil.error(TAG, "import auth info not support");
            return false;
        }
        if (CommonUtil.isEmpty(bArr)) {
            LogUtil.error(TAG, "import auth info authInfoBlob is empty");
            return false;
        }
        try {
            if (authInfoType == AuthInfoType.SIGNED_AUTH_INFO) {
                return importPublicKeyWithSignature(bArr);
            }
            PeerPublicKey fromBytes = PeerPublicKey.fromBytes(decryptByKek(bArr), false);
            if (fromBytes == null) {
                LogUtil.error(TAG, "import auth info peerPublicKey is null");
                return false;
            }
            HiLinkIdBlob currentHiLinkIdBlob = getCurrentHiLinkIdBlob();
            if (currentHiLinkIdBlob == null) {
                LogUtil.error(TAG, "import auth info the HiLink ID is exist");
                return false;
            }
            fromBytes.setLocalId(currentHiLinkIdBlob.getAuthId());
            String bytesToString8859 = CommonUtil.bytesToString8859(fromBytes.getAuthId());
            if (this.mPeerPublicKeys.containsKey(bytesToString8859)) {
                LogUtil.warn(TAG, "import auth info already exist");
            }
            this.mPeerPublicKeys.put(bytesToString8859, fromBytes);
            return true;
        } catch (AssetUnknownException e) {
            StringBuilder sb = new StringBuilder("import auth info AssetUnknownException ");
            sb.append(e.getMessage());
            LogUtil.error(TAG, sb.toString());
            return false;
        }
    }

    public boolean importHiLinkId(@NonNull byte[] bArr, @NonNull String str) {
        boolean addAuthInfo;
        synchronized (this.mHiLinkIdBlobLock) {
            try {
                try {
                    LogUtil.info(TAG, "import HiLink ID");
                    HiLinkIdBlob importHiLinkId = HiLinkIdBlob.importHiLinkId(bArr, str);
                    this.mHiLinkIdBlob = importHiLinkId;
                    addAuthInfo = addAuthInfo(importHiLinkId.getAuthId(), KeyType.USER_PUBLIC_KEY.getValue(), this.mHiLinkIdBlob.getPublicKey());
                } catch (AssetUnknownException unused) {
                    LogUtil.error(TAG, "import HiLink ID failed");
                    return false;
                }
            } catch (Throwable th) {
                throw th;
            }
        }
        return addAuthInfo;
    }

    public void init(@NonNull byte[] bArr) throws AssetUnknownException {
        LogUtil.info(TAG, "start init local HiLink asset manager");
        initEncryptAad();
        synchronized (this.mHiLinkIdBlobLock) {
            try {
                HiLinkIdBlob loadHiLinkId = HiLinkIdBlob.loadHiLinkId(bArr);
                this.mHiLinkIdBlob = loadHiLinkId;
                addAuthInfo(loadHiLinkId.getAuthId(), KeyType.USER_PUBLIC_KEY.getValue(), this.mHiLinkIdBlob.getPublicKey());
                LogUtil.info(TAG, "load HiLink ID success");
            } catch (AssetNotFoundException unused) {
                LogUtil.warn(TAG, "load HiLink ID AssetNotFoundException");
            }
            try {
                HiLinkIdBlob loadTempHiLinkId = HiLinkIdBlob.loadTempHiLinkId(bArr);
                this.mTempHiLinkIdBlob = loadTempHiLinkId;
                addAuthInfo(loadTempHiLinkId.getAuthId(), KeyType.USER_PUBLIC_KEY.getValue(), this.mTempHiLinkIdBlob.getPublicKey());
                LogUtil.info(TAG, "load temp HiLink ID success");
            } catch (AssetNotFoundException unused2) {
                LogUtil.warn(TAG, "load temp HiLink ID AssetNotFoundException");
            }
        }
        loadLocalPeerPublicKeys();
        LogUtil.info(TAG, "finish init local HiLink asset manager");
    }

    public boolean isHiLinkIdExist() {
        boolean z;
        synchronized (this.mHiLinkIdBlobLock) {
            z = (this.mHiLinkIdBlob == null && this.mTempHiLinkIdBlob == null) ? false : true;
        }
        return z;
    }

    public boolean isRegistered(@NonNull byte[] bArr) {
        synchronized (this.mHiLinkIdBlobLock) {
            if (this.mHiLinkIdBlob != null && Arrays.equals(bArr, this.mHiLinkIdBlob.getAuthId())) {
                return true;
            }
            if (this.mTempHiLinkIdBlob == null) {
                return false;
            }
            byte[] authId = this.mTempHiLinkIdBlob.getAuthId();
            if (authId != null && authId.length >= bArr.length) {
                return Arrays.equals(bArr, Arrays.copyOfRange(authId, 0, bArr.length));
            }
            return false;
        }
    }

    public boolean isTempHiLinkId() {
        boolean z;
        synchronized (this.mHiLinkIdBlobLock) {
            z = this.mHiLinkIdBlob == null && this.mTempHiLinkIdBlob != null;
        }
        return z;
    }

    public boolean isTrustPeer(@NonNull byte[] bArr) {
        return this.mPeerPublicKeys.containsKey(CommonUtil.bytesToString8859(bArr));
    }

    public Set<String> listAllAuthId() {
        return this.mPeerPublicKeys.keySet();
    }

    public boolean savePublicKeyToLocal(@NonNull byte[] bArr) {
        if (bArr == null) {
            LogUtil.error(TAG, "authId is null");
            return false;
        }
        PeerPublicKey peerPublicKey = this.mPeerPublicKeys.get(CommonUtil.bytesToString8859(bArr));
        if (peerPublicKey == null) {
            LogUtil.error(TAG, "auth info public key does not exist");
            return false;
        }
        if (peerPublicKey.saveToLocal()) {
            return true;
        }
        LogUtil.error(TAG, "import public key to local failed");
        return false;
    }

    public byte[] sign(@NonNull byte[] bArr, @NonNull byte[] bArr2) throws AssetUnknownException, AssetNotFoundException {
        HiLinkIdBlob hiLinkIdBlobByAuthId;
        PeerPublicKey peerPublicKey = this.mPeerPublicKeys.get(CommonUtil.bytesToString8859(bArr));
        if (peerPublicKey == null) {
            LogUtil.info(TAG, "peer public key does not exist");
            hiLinkIdBlobByAuthId = getCurrentHiLinkIdBlob();
        } else {
            hiLinkIdBlobByAuthId = getHiLinkIdBlobByAuthId(peerPublicKey.getLocalId());
        }
        if (hiLinkIdBlobByAuthId == null) {
            LogUtil.error(TAG, "the HiLink ID does not exist");
            throw new AssetNotFoundException();
        }
        byte[] bArr3 = null;
        try {
            try {
                bArr3 = hiLinkIdBlobByAuthId.getPrivateKey();
                return OpenSsl.ed25519Sign(HashUtils.sha256(bArr2), bArr3);
            } catch (OpenSslException e) {
                StringBuilder sb = new StringBuilder("sign message OpenSslException ");
                sb.append(e.getMessage());
                LogUtil.error(TAG, sb.toString());
                throw new AssetUnknownException(e);
            }
        } finally {
            CommonUtil.clearBytes(bArr3);
        }
    }

    public boolean verify(@NonNull byte[] bArr, @NonNull byte[] bArr2, @NonNull byte[] bArr3) {
        return OpenSsl.ed25519Verify(HashUtils.sha256(bArr), bArr2, bArr3);
    }

    public boolean verifyPeerSignature(@NonNull byte[] bArr, @NonNull byte[] bArr2, @NonNull byte[] bArr3) {
        PeerPublicKey peerPublicKey = this.mPeerPublicKeys.get(CommonUtil.bytesToString8859(bArr));
        if (peerPublicKey != null) {
            return verify(bArr2, bArr3, peerPublicKey.getPublicKey());
        }
        LogUtil.error(TAG, "verify peer signature peer public key does not exist");
        return false;
    }
}
