package com.samsung.android.authfw.fido2.domain.interactor;

import com.samsung.android.authfw.crosscuttingconcern.tools.base64.Base64Kt;
import com.samsung.android.authfw.crosscuttingconcern.tools.hash.Hash;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.AuthenticationExtensionsClientInputs;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.AuthenticationExtensionsClientOutputs;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.AuthenticationExtensionsPRFInputs;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.AuthenticationExtensionsPRFOutputs;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.AuthenticationExtensionsPRFValues;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.PublicKeyCredentialCreationOptions;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.PublicKeyCredentialDescriptor;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.PublicKeyCredentialRequestOptions;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.exception.NotSupportedException;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.exception.SyntaxException;
import com.samsung.android.authfw.fido2.domain.authenticator.message.AuthenticatorData;
import com.samsung.android.authfw.fido2.domain.authenticator.message.AuthenticatorExtensionsInput;
import com.samsung.android.authfw.fido2.domain.authenticator.message.AuthenticatorExtensionsOutput;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import m7.h;
import y7.i;

/* loaded from: classes.dex */
public final class ClientExtensionProcess {
    private final AuthenticationExtensionsPRFOutputs authenticationPrfExtensionProcessingAfterInvokingAuthenticator(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        return new AuthenticationExtensionsPRFOutputs(null, bArr.length == 32 ? new AuthenticationExtensionsPRFValues(m7.f.A(0, 32, bArr), null, 2, null) : new AuthenticationExtensionsPRFValues(m7.f.A(0, 32, bArr), m7.f.A(32, 64, bArr)), 1, null);
    }

    private final byte[] authenticationPrfExtensionProcessingBeforeInvokingAuthenticator(PublicKeyCredentialRequestOptions publicKeyCredentialRequestOptions) {
        Collection<AuthenticationExtensionsPRFValues> values;
        List<PublicKeyCredentialDescriptor> allowCredentials;
        AuthenticationExtensionsClientInputs extensions = publicKeyCredentialRequestOptions.getExtensions();
        i.c(extensions);
        AuthenticationExtensionsPRFInputs prf = extensions.getPrf();
        i.c(prf);
        if (prf.getEvalByCredential() != null) {
            i.c(prf.getEvalByCredential());
            if ((!r1.isEmpty()) && ((allowCredentials = publicKeyCredentialRequestOptions.getAllowCredentials()) == null || allowCredentials.isEmpty())) {
                throw new NotSupportedException("prf 1");
            }
        }
        Map<String, AuthenticationExtensionsPRFValues> evalByCredential = prf.getEvalByCredential();
        if (evalByCredential != null) {
            Iterator<Map.Entry<String, AuthenticationExtensionsPRFValues>> it = evalByCredential.entrySet().iterator();
            while (it.hasNext()) {
                String key = it.next().getKey();
                if (key.length() == 0) {
                    throw new SyntaxException("prf2: evalByCredential key empty");
                }
                try {
                    byte[] decodeBase64Url = Base64Kt.decodeBase64Url(key);
                    List<PublicKeyCredentialDescriptor> allowCredentials2 = publicKeyCredentialRequestOptions.getAllowCredentials();
                    i.c(allowCredentials2);
                    if (!allowCredentials2.isEmpty()) {
                        Iterator<T> it2 = allowCredentials2.iterator();
                        while (it2.hasNext()) {
                            if (Arrays.equals(((PublicKeyCredentialDescriptor) it2.next()).getId(), decodeBase64Url)) {
                                break;
                            }
                        }
                    }
                    throw new SyntaxException("prf2: key does not contain");
                } catch (IllegalArgumentException unused) {
                    throw new SyntaxException("prf2: evalByCredential key decode fail: Incorrect Padding");
                }
            }
        }
        Map<String, AuthenticationExtensionsPRFValues> evalByCredential2 = prf.getEvalByCredential();
        AuthenticationExtensionsPRFValues authenticationExtensionsPRFValues = (evalByCredential2 == null || (values = evalByCredential2.values()) == null) ? null : (AuthenticationExtensionsPRFValues) h.q0(values);
        if (authenticationExtensionsPRFValues == null) {
            authenticationExtensionsPRFValues = prf.getEval();
        }
        if (authenticationExtensionsPRFValues == null) {
            return null;
        }
        byte[] doCreateSalt = doCreateSalt(authenticationExtensionsPRFValues.getFirst());
        byte[] second = authenticationExtensionsPRFValues.getSecond();
        byte[] doCreateSalt2 = second != null ? doCreateSalt(second) : null;
        if (doCreateSalt2 == null) {
            return doCreateSalt;
        }
        byte[] bArr = new byte[64];
        System.arraycopy(doCreateSalt, 0, bArr, 0, doCreateSalt.length);
        System.arraycopy(doCreateSalt2, 0, bArr, doCreateSalt.length, doCreateSalt2.length);
        return bArr;
    }

    private final byte[] doCreateSalt(byte[] bArr) {
        byte[] bytes = "WebAuthn PRF".getBytes(ma.a.f7529a);
        i.e("this as java.lang.String).getBytes(charset)", bytes);
        byte[] bArr2 = new byte[bytes.length + 1 + bArr.length];
        System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
        System.arraycopy(new byte[]{0}, 0, bArr2, bytes.length, 1);
        System.arraycopy(bArr, 0, bArr2, bytes.length + 1, bArr.length);
        byte[] sha256 = Hash.Companion.sha256(bArr2);
        i.c(sha256);
        return sha256;
    }

    private final AuthenticationExtensionsPRFOutputs registrationPrfExtensionProcessingAfterInvokingAuthenticator(Boolean bool) {
        return new AuthenticationExtensionsPRFOutputs(Boolean.valueOf(bool != null ? bool.booleanValue() : false), null, 2, null);
    }

    private final boolean registrationPrfExtensionProcessingBeforeInvokingAuthenticator(AuthenticationExtensionsPRFInputs authenticationExtensionsPRFInputs) {
        if (authenticationExtensionsPRFInputs.getEvalByCredential() == null) {
            return true;
        }
        throw new NotSupportedException(null, 1, null);
    }

    public final AuthenticationExtensionsClientOutputs processingAuthenticationAfterInvokingAuthenticator(AuthenticatorData authenticatorData) {
        i.f("authenticatorData", authenticatorData);
        AuthenticatorExtensionsOutput extensionOutput = authenticatorData.getExtensionOutput();
        if (extensionOutput != null) {
            return new AuthenticationExtensionsClientOutputs(authenticationPrfExtensionProcessingAfterInvokingAuthenticator(extensionOutput.getHmacGetSecret()));
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public final AuthenticatorExtensionsInput processingBeforeInvokingAuthenticator(PublicKeyCredentialCreationOptions publicKeyCredentialCreationOptions) {
        i.f("options", publicKeyCredentialCreationOptions);
        byte[] bArr = null;
        Object[] objArr = 0;
        if (publicKeyCredentialCreationOptions.getExtensions() == null) {
            return null;
        }
        AuthenticationExtensionsClientInputs extensions = publicKeyCredentialCreationOptions.getExtensions();
        i.c(extensions);
        AuthenticationExtensionsPRFInputs prf = extensions.getPrf();
        return new AuthenticatorExtensionsInput(prf != null ? Boolean.valueOf(registrationPrfExtensionProcessingBeforeInvokingAuthenticator(prf)) : null, bArr, 2, objArr == true ? 1 : 0);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public final AuthenticatorExtensionsInput processingBeforeInvokingAuthenticator(PublicKeyCredentialRequestOptions publicKeyCredentialRequestOptions) {
        i.f("options", publicKeyCredentialRequestOptions);
        Boolean bool = null;
        Object[] objArr = 0;
        if (publicKeyCredentialRequestOptions.getExtensions() == null) {
            return null;
        }
        AuthenticationExtensionsClientInputs extensions = publicKeyCredentialRequestOptions.getExtensions();
        i.c(extensions);
        return new AuthenticatorExtensionsInput(bool, extensions.getPrf() != null ? authenticationPrfExtensionProcessingBeforeInvokingAuthenticator(publicKeyCredentialRequestOptions) : null, 1, objArr == true ? 1 : 0);
    }

    public final AuthenticationExtensionsClientOutputs processingRegistrationAfterInvokingAuthenticator(AuthenticationExtensionsClientInputs authenticationExtensionsClientInputs, AuthenticatorData authenticatorData) {
        i.f("authenticatorData", authenticatorData);
        AuthenticatorExtensionsOutput extensionOutput = authenticatorData.getExtensionOutput();
        if (extensionOutput != null) {
            return new AuthenticationExtensionsClientOutputs((authenticationExtensionsClientInputs != null ? authenticationExtensionsClientInputs.getPrf() : null) != null ? registrationPrfExtensionProcessingAfterInvokingAuthenticator(extensionOutput.getHmacCreateSecret()) : null);
        }
        return null;
    }
}
