package com.samsung.android.authfw.pass.Operation.Cmp.Yessign;

import a0.e;
import com.samsung.android.authfw.pass.Operation.Cmp.BaseTeeKeyPair;
import com.samsung.android.authfw.pass.Operation.Cmp.BaseTeePrivateKey;
import com.samsung.android.authfw.pass.Operation.Cmp.BaseTeeSigner;
import com.samsung.android.authfw.pass.logger.PSLog;
import com.yessign.fido.spass.SpassException;
import com.yessign.fido.spass.SpassHandler;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;

/* loaded from: classes.dex */
class SpassAuthFwHandler implements SpassHandler {
    private static final String TAG = "SpassAuthFwHandler";
    private final String mAlgorithm;
    private final byte[] mAuthVerifyToken;
    private final byte[] mNonce;
    private byte[] mPrevRawPublicKey;
    private BaseTeeKeyPair mSamsungKeyPair = null;
    private byte[] mPrevCertId = null;
    private BaseTeePrivateKey mPrevRawWrappedPrivateKey = null;

    public SpassAuthFwHandler(String str, byte[] bArr, byte[] bArr2) {
        this.mAlgorithm = str;
        this.mNonce = bArr;
        this.mAuthVerifyToken = bArr2;
    }

    @Override // com.yessign.fido.spass.SpassHandler
    public RSAPublicKeySpec generateKeyPair() throws SpassException, IOException {
        String str = TAG;
        PSLog.v(str, "generateKeyPair");
        BaseTeeKeyPair baseTeeKeyPair = new BaseTeeKeyPair();
        this.mSamsungKeyPair = baseTeeKeyPair;
        if (!baseTeeKeyPair.generate(this.mAlgorithm, this.mNonce, this.mAuthVerifyToken)) {
            PSLog.e(str, "keypair generate error");
            return null;
        }
        try {
            return this.mSamsungKeyPair.getPublicKeySpec();
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
            PSLog.e(TAG, "getPublicKeySpec error. " + e2.getMessage());
            return null;
        }
    }

    public byte[] getRawWrappedPrivateKey() {
        return this.mSamsungKeyPair.getRawWrappedPrivateKey();
    }

    @Override // com.yessign.fido.spass.SpassHandler
    public byte[] getVidRandom(byte[] bArr) throws SpassException, IOException {
        PSLog.v(TAG, "getVidRandom");
        return bArr;
    }

    public void setPrevCertInfo(byte[] bArr, BaseTeePrivateKey baseTeePrivateKey, byte[] bArr2) {
        this.mPrevCertId = bArr;
        this.mPrevRawWrappedPrivateKey = baseTeePrivateKey;
        this.mPrevRawPublicKey = bArr2;
    }

    @Override // com.yessign.fido.spass.SpassHandler
    public byte[] sign(byte[] bArr, byte[] bArr2) throws SpassException, IOException {
        BaseTeePrivateKey teePrivateKey;
        byte[] rawPublicKey;
        String str = TAG;
        PSLog.v(str, "sign");
        if (this.mSamsungKeyPair == null) {
            PSLog.e(str, "generateKeyPair() should be invoked first.");
            return null;
        }
        byte[] bArr3 = this.mPrevCertId;
        if (bArr3 == null || !Arrays.equals(bArr, bArr3)) {
            teePrivateKey = this.mSamsungKeyPair.getTeePrivateKey();
            rawPublicKey = this.mSamsungKeyPair.getRawPublicKey();
        } else {
            teePrivateKey = this.mPrevRawWrappedPrivateKey;
            rawPublicKey = this.mPrevRawPublicKey;
        }
        try {
            BaseTeeSigner baseTeeSigner = new BaseTeeSigner("SHA256withRSA", rawPublicKey, this.mNonce, this.mAuthVerifyToken);
            baseTeeSigner.engineInit(teePrivateKey);
            baseTeeSigner.engineUpdate(bArr2);
            byte[] engineSign = baseTeeSigner.engineSign();
            baseTeeSigner.engineDoFinal();
            return engineSign;
        } catch (IOException | IllegalArgumentException | NullPointerException | UnsupportedOperationException e2) {
            e.z(e2, new StringBuilder("sign fail."), TAG);
            return null;
        }
    }
}
