package com.samsung.android.authfw.pass.Operation.Cmp.Kica;

import a0.e;
import android.text.TextUtils;
import b1.r0;
import b2.n;
import com.samsung.android.authfw.pass.Operation.Cmp.BaseTeeKeyPair;
import com.samsung.android.authfw.pass.Operation.Cmp.BaseUtil;
import com.samsung.android.authfw.pass.Operation.Cmp.Crypto;
import com.samsung.android.authfw.pass.Operation.Cmp.ICertificateListener;
import com.samsung.android.authfw.pass.Operation.Cmp.Operation;
import com.samsung.android.authfw.pass.Operation.Cmp.RValueCache;
import com.samsung.android.authfw.pass.PassInjection;
import com.samsung.android.authfw.pass.authentication.partner.CertificationToken;
import com.samsung.android.authfw.pass.common.utils.Encoding;
import com.samsung.android.authfw.pass.logger.PSLog;
import d6.b;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import u5.c;
import u5.g;

/* loaded from: classes.dex */
public class UpdateCertificate extends Operation {
    private static final String KICA_UPDATE_TAG = "UpdateCertificate";
    private String mAlgorithm;
    private String mCaAddress;
    private String mCertTokenJson;
    private byte[] mCertificate;
    private byte[] mMagicCode;
    private byte[] mNewCertificate;
    private final int mOpCode;
    private int mUid;
    private g mUserInfo;

    public UpdateCertificate(int i2, ICertificateListener iCertificateListener, String str, byte[] bArr, String str2, byte[] bArr2, int i6, String str3) {
        super(i2, iCertificateListener);
        this.mOpCode = 50;
        this.mNewCertificate = null;
        this.mAlgorithm = str;
        this.mCertificate = bArr;
        this.mCaAddress = str2;
        this.mMagicCode = bArr2;
        this.mUid = i6;
        this.mCertTokenJson = str3;
    }

    private void updateFinishFlow(int i2, String str) {
        updateFinishFlow(i2, str, null);
    }

    private void updateFinishFlow(int i2, String str, String str2) {
        if (!TextUtils.isEmpty(str)) {
            PSLog.e(KICA_UPDATE_TAG, str);
        }
        if (TextUtils.isEmpty(str2)) {
            sendResult(i2);
        } else {
            sendResult(i2, str2);
        }
    }

    @Override // com.samsung.android.authfw.pass.Operation.Cmp.Operation
    public int getOpCode() {
        return 50;
    }

    @Override // com.samsung.android.authfw.pass.Operation.Cmp.Operation
    public String getTag() {
        return KICA_UPDATE_TAG;
    }

    /* JADX WARN: Type inference failed for: r4v10, types: [java.lang.Object, u5.g] */
    @Override // com.samsung.android.authfw.pass.Operation.Cmp.Operation, java.lang.Runnable
    public void run() {
        PSLog.i(KICA_UPDATE_TAG, "kuc");
        if (this.mUid == 0) {
            updateFinishFlow(255, "uid is null");
            return;
        }
        if (TextUtils.isEmpty(this.mCertTokenJson)) {
            updateFinishFlow(255, "cert token is null");
            return;
        }
        try {
            CertificationToken fromJson = CertificationToken.fromJson(this.mCertTokenJson);
            String str = this.mAlgorithm;
            if (str == null || str.length() == 0) {
                updateFinishFlow(255, "algorithm is null");
                return;
            }
            byte[] bArr = this.mCertificate;
            if (bArr == null || bArr.length == 0) {
                updateFinishFlow(255, "certificate is null");
                return;
            }
            String str2 = this.mCaAddress;
            if (str2 == null || str2.length() == 0) {
                updateFinishFlow(255, "ca address is null");
                return;
            }
            byte[] magicCode = BaseUtil.getMagicCode(this.mCertificate);
            if (magicCode != null && magicCode.length > 0 && !Arrays.equals(magicCode, this.mMagicCode)) {
                updateFinishFlow(73, "magic code is not matched");
                return;
            }
            byte[] hash = Encoding.hash((fromJson.getSamsungEventId() + fromJson.getSvcEventId()).getBytes(StandardCharsets.UTF_8));
            if (hash == null) {
                updateFinishFlow(255, "nonce is null");
                return;
            }
            byte[] fidoAuthVerifyToken = fromJson.getFidoAuthVerifyToken();
            if (fidoAuthVerifyToken == null || fidoAuthVerifyToken.length == 0) {
                updateFinishFlow(255, "avt is null");
                return;
            }
            r0.q();
            try {
                BaseTeeKeyPair baseTeeKeyPair = new BaseTeeKeyPair();
                if (!baseTeeKeyPair.generate(this.mAlgorithm, hash, fidoAuthVerifyToken)) {
                    updateFinishFlow(255, "keypair generate error");
                    return;
                }
                n nVar = new n(baseTeeKeyPair.getPublicKey(), new TeePrivateKey(0, baseTeeKeyPair.getRawWrappedPrivateKey()));
                TeeSigner teeSigner = new TeeSigner(null, hash, fidoAuthVerifyToken);
                teeSigner.setKeys(BaseUtil.getRawPublicKey(this.mCertificate), BaseUtil.getWrappedPrivateKey(this.mCertificate).getWrappedPrivateKey(), baseTeeKeyPair.getRawPublicKey(), baseTeeKeyPair.getRawWrappedPrivateKey());
                TeePrivateKey teePrivateKey = new TeePrivateKey(0, BaseUtil.getWrappedPrivateKey(this.mCertificate).getWrappedPrivateKey());
                try {
                    ?? obj = new Object();
                    this.mUserInfo = obj;
                    obj.f9464f = "";
                    obj.f9461c = nVar;
                    obj.f9462d = new b(1).a(this.mCertificate);
                    this.mUserInfo.f9463e = teePrivateKey;
                    String[] split = this.mCaAddress.split(":");
                    Util util = new Util(PassInjection.getAppContext(), new u5.a(split[0], Integer.parseInt(split[1])), this.mUid, this.mMagicCode, fromJson);
                    try {
                        util.doUpdate(this.mUserInfo);
                        byte[] certificate = util.getCertificate();
                        this.mNewCertificate = certificate;
                        byte[] unwrapNwData = Crypto.unwrapNwData(BaseUtil.getWrappedRValue(certificate), Crypto.CERT_RANDOM_KEY, this.mUid, fromJson);
                        if (unwrapNwData == null || unwrapNwData.length == 0) {
                            updateFinishFlow(255, "get rvalue fail");
                            return;
                        }
                        String certificateSubjectDN = BaseUtil.getCertificateSubjectDN(this.mNewCertificate);
                        RValueCache.setRValue(certificateSubjectDN, unwrapNwData);
                        BaseUtil.setLatestSubjectDN(certificateSubjectDN);
                        teeSigner.engineReset();
                        updateFinishFlow(0, null, certificateSubjectDN);
                    } catch (IOException | IllegalStateException | c e2) {
                        teeSigner.engineReset();
                        updateFinishFlow(64, m8.b.h(e2, new StringBuilder("cmp error.")), e2.getMessage());
                    }
                } catch (b6.b e10) {
                    teeSigner.engineReset();
                    updateFinishFlow(64, "cmp error. " + e10.getMessage(), e10.getMessage());
                }
            } catch (NoSuchAlgorithmException | InvalidKeySpecException unused) {
                updateFinishFlow(255, "public key error");
            }
        } catch (IllegalArgumentException unused2) {
            updateFinishFlow(255, e.p(new StringBuilder("CertToken is invalid {"), this.mCertTokenJson, "}"));
        }
    }
}
