package com.samsung.android.authfw.pass;

import com.samsung.android.authfw.common.CommonLog;
import com.samsung.android.authfw.pass.common.utils.Encoding;
import com.samsung.android.authfw.pass.logger.PSLog;
import com.samsung.android.authfw.pass.signature.TokenVerifier;
import com.samsung.android.authfw.sdk.pass.message.CreateAuthTokenRequest;
import com.samsung.android.authfw.sdk.pass.message.CreateAuthTokenResponse;
import com.samsung.android.authfw.sdk.pass.message.CreateFidoAuthAuthTokenRequest;
import com.samsung.android.authfw.sdk.pass.message.CreateFidoAuthAuthTokenResponse;
import com.samsung.android.authfw.sdk.pass.message.FidoVerifyOperationRequest;
import com.samsung.android.authfw.sdk.pass.message.FidoVerifyOperationResponse;
import com.samsung.android.authfw.sdk.pass.message.ProcessPreBindRequest;
import com.samsung.android.authfw.sdk.pass.message.ProcessPreBindResponse;
import com.samsung.android.authfw.sdk.pass.message.VerifyAuthAuthTokenRequest;
import com.samsung.android.authfw.sdk.pass.message.VerifyAuthAuthTokenResponse;
import com.samsung.android.authfw.sdk.pass.message.VerifyAuthAuthTokenWithAssertionRequest;
import com.samsung.android.authfw.sdk.pass.message.VerifyAuthAuthTokenWithAssertionResponse;
import com.samsung.android.authfw.sdk.pass.message.VerifyCryptoAuthTokenRequest;
import com.samsung.android.authfw.sdk.pass.message.VerifyCryptoAuthTokenResponse;
import com.samsung.android.authfw.trustzone.CommandGenerator;
import com.samsung.android.authfw.trustzone.DeviceAttestationKeySpec;
import com.samsung.android.authfw.trustzone.TzApp;
import com.samsung.android.authfw.trustzone.tlv.TlvAccessToken;
import com.samsung.android.authfw.trustzone.tlv.TlvAuthAuthToken;
import com.samsung.android.authfw.trustzone.tlv.TlvAuthVerifyToken;
import com.samsung.android.authfw.trustzone.tlv.TlvBaseAttestKeyCommand;
import com.samsung.android.authfw.trustzone.tlv.TlvBaseAttestKeyResponse;
import com.samsung.android.authfw.trustzone.tlv.TlvCertificate;
import com.samsung.android.authfw.trustzone.tlv.TlvDrkKeyHandle;
import com.samsung.android.authfw.trustzone.tlv.TlvNonce;
import com.samsung.android.authfw.trustzone.tlv.TlvPublicKeyAlgorithm;
import com.samsung.android.authfw.trustzone.tlv.TlvServerAuthAuthTokenAssertion;
import com.samsung.android.authfw.trustzone.tlv.TlvServerCryptoAuthTokenAssertion;
import com.samsung.android.authfw.trustzone.tlv.TlvSignature;
import com.samsung.android.authfw.trustzone.tlv.TlvVerifyAuthAuthTokenCommand;
import com.samsung.android.authfw.trustzone.tlv.TlvVerifyAuthAuthTokenResponse;
import com.samsung.android.authfw.trustzone.tlv.TlvVerifyCryptoAuthTokenCommand;
import com.samsung.android.authfw.trustzone.tlv.TlvVerifyCryptoAuthTokenResponse;
import com.sec.android.fido.uaf.message.internal.tag.uafv1tlv.TlvAuthAssertion;
import com.sec.android.fido.uaf.message.internal.tag.uafv1tlv.TlvExtension;
import com.sec.android.fido.uaf.message.internal.tag.uafv1tlv.TlvSignedData;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class PassAuthOperation {
    private static final String TAG = "PassAuthOperation";

    private PassAuthOperation() {
        throw new AssertionError();
    }

    public static String createAuthToken(String str) {
        int i2;
        byte[] bArr;
        try {
            TlvSignedData tlvSignedData = new TlvAuthAssertion(g3.e.f5644d.g().a(CreateAuthTokenRequest.fromJson(str).getAssertion())).getTlvSignedData();
            if (tlvSignedData == null) {
                PSLog.e(TAG, "tlvSignedData is null");
                return "";
            }
            List<TlvExtension> tlvExtensionList = tlvSignedData.getTlvExtensionList();
            if (tlvExtensionList == null) {
                PSLog.e(TAG, "tlvExtensions is null");
                return "";
            }
            Iterator<TlvExtension> it = tlvExtensionList.iterator();
            while (true) {
                if (!it.hasNext()) {
                    i2 = -1;
                    bArr = null;
                    break;
                }
                TlvExtension next = it.next();
                String str2 = new String(next.getTlvExtensionId().getId(), StandardCharsets.UTF_8);
                if (str2.equals("SEC_EXT_PASS_AAT")) {
                    bArr = next.encode();
                    PSLog.v(TAG, "found aat");
                    i2 = 0;
                    break;
                }
                if (str2.equals("SEC_EXT_PASS_CAT")) {
                    bArr = next.getTlvExtensionData().getData();
                    PSLog.v(TAG, "found cat");
                    i2 = 1;
                    break;
                }
            }
            if (bArr != null && bArr.length != 0) {
                return CreateAuthTokenResponse.newBuilder(i2, bArr).build().toJson();
            }
            return "";
        } catch (Exception e2) {
            PSLog.e(TAG, "createAuthToken fail : " + e2.getMessage(), e2);
            return "";
        }
    }

    public static String createFidoAuthAuthToken(String str) {
        byte[] bArr;
        try {
            TlvSignedData tlvSignedData = new TlvAuthAssertion(g3.e.f5644d.g().a(CreateFidoAuthAuthTokenRequest.fromJson(str).getAssertion())).getTlvSignedData();
            if (tlvSignedData == null) {
                PSLog.e(TAG, "tlvSignedData is null");
                return "";
            }
            List<TlvExtension> tlvExtensionList = tlvSignedData.getTlvExtensionList();
            if (tlvExtensionList == null) {
                PSLog.e(TAG, "tlvExtensions is null");
                return "";
            }
            Iterator<TlvExtension> it = tlvExtensionList.iterator();
            while (true) {
                if (!it.hasNext()) {
                    bArr = null;
                    break;
                }
                TlvExtension next = it.next();
                if (new String(next.getTlvExtensionId().getId(), StandardCharsets.UTF_8).equals("SEC_EXT_PASS_AAT")) {
                    bArr = next.encode();
                    PSLog.v(TAG, "found aat");
                    break;
                }
            }
            return bArr == null ? "" : CreateFidoAuthAuthTokenResponse.newBuilder(bArr).build().toJson();
        } catch (Exception e2) {
            PSLog.v(TAG, "Not found aat : " + e2.getMessage());
            return "";
        }
    }

    public static String fidoVerifyOperation(String str) {
        byte[] bArr = new byte[0];
        byte[] bArr2 = new byte[0];
        try {
            TlvSignedData tlvSignedData = new TlvAuthAssertion(g3.e.f5644d.g().a(FidoVerifyOperationRequest.fromJson(str).getAssertion())).getTlvSignedData();
            if (tlvSignedData == null) {
                PSLog.e(TAG, "tlvSignedData is null");
                return "";
            }
            List<TlvExtension> tlvExtensionList = tlvSignedData.getTlvExtensionList();
            if (tlvExtensionList == null) {
                PSLog.e(TAG, "tlvExtensions is null");
                return "";
            }
            Iterator<TlvExtension> it = tlvExtensionList.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                TlvExtension next = it.next();
                String str2 = new String(next.getTlvExtensionId().getId(), StandardCharsets.UTF_8);
                if (str2.equals("SEC_EXT_PASS_AAT")) {
                    bArr = next.encode();
                    PSLog.v(TAG, "found aat");
                    break;
                }
                if (str2.equals("SEC_EXT_PASS_CAT")) {
                    bArr2 = next.getTlvExtensionData().getData();
                    PSLog.v(TAG, "found cat");
                    break;
                }
            }
            return FidoVerifyOperationResponse.newBuilder(bArr, bArr2).build().toJson();
        } catch (Exception e2) {
            a0.e.z(e2, new StringBuilder("fidoVerifyOperation key pair failed : "), TAG);
            return "";
        }
    }

    public static String processPreBind(String str) {
        ProcessPreBindRequest fromJson = ProcessPreBindRequest.fromJson(str);
        try {
            final TlvNonce build = TlvNonce.newBuilder(fromJson.getNonce()).build();
            final TlvAuthVerifyToken build2 = TlvAuthVerifyToken.newBuilder(fromJson.getAuthVerifyToken()).build();
            final TlvAccessToken build3 = TlvAccessToken.newBuilder(fromJson.getAccessToken()).build();
            final TlvNonce build4 = TlvNonce.newBuilder(fromJson.getSvcNonce()).build();
            final TlvPublicKeyAlgorithm build5 = TlvPublicKeyAlgorithm.newBuilder(fromJson.getPublicKeyAlgorithm()).build();
            byte[] execSecurelyWithDeviceKey = TzApp.getInstance().execSecurelyWithDeviceKey(new CommandGenerator() { // from class: com.samsung.android.authfw.pass.PassAuthOperation.1
                @Override // com.samsung.android.authfw.trustzone.CommandGenerator
                public byte[] getCommand(q4.c cVar, byte[] bArr) {
                    byte[] encode = TlvBaseAttestKeyCommand.newBuilder(TlvNonce.this, build2, build3, TlvDrkKeyHandle.newBuilder(bArr).build(), build4, build5).build().encode();
                    if (encode != null && encode.length != 0) {
                        return encode;
                    }
                    CommonLog.e(PassAuthOperation.TAG, "getting command failed");
                    return new byte[0];
                }
            }, DeviceAttestationKeySpec.DEFAULT);
            if (execSecurelyWithDeviceKey.length == 0) {
                CommonLog.e(TAG, "execSecurelyWithDeviceKey() failed");
                return "";
            }
            TlvBaseAttestKeyResponse tlvBaseAttestKeyResponse = new TlvBaseAttestKeyResponse(execSecurelyWithDeviceKey);
            short statusCode = tlvBaseAttestKeyResponse.getTlvStatusCode().getStatusCode();
            if (statusCode != 0) {
                CommonLog.e(TAG, "process failed : " + ((int) statusCode));
                return "";
            }
            byte[] encode = tlvBaseAttestKeyResponse.encode();
            if (encode == null) {
                PSLog.e(TAG, "baseAttestKey failed - response : null");
                return "";
            }
            String str2 = TAG;
            CommonLog.v(str2, "response : " + encode.length);
            if (encode.length == 0) {
                PSLog.e(str2, "baseAttestKey failed - response : 0");
                return "";
            }
            byte[] attestKeyKeyHandle = tlvBaseAttestKeyResponse.getTlvAttestKeyKeyHandle().getAttestKeyKeyHandle();
            List<TlvCertificate> tlvCertificates = tlvBaseAttestKeyResponse.getTlvCertificates();
            android.support.v4.media.session.f.p(2 == tlvCertificates.size(), "invalid certificates");
            byte[] certificate = tlvCertificates.get(0).getCertificate();
            byte[] certificate2 = tlvCertificates.get(1).getCertificate();
            byte[] encode2 = tlvBaseAttestKeyResponse.getTlvAttestKeyAssertion().encode();
            if (encode2 != null) {
                PSLog.v(str2, "Result : " + encode2.length);
            }
            return ProcessPreBindResponse.newBuilder(attestKeyKeyHandle, certificate, certificate2, encode2).build().toJson();
        } catch (Exception e2) {
            a0.e.z(e2, new StringBuilder("processPreBind failed : "), TAG);
            return "";
        }
    }

    public static String verifyAuthAuthToken(String str) {
        try {
            VerifyAuthAuthTokenRequest fromJson = VerifyAuthAuthTokenRequest.fromJson(str);
            TlvNonce build = TlvNonce.newBuilder(fromJson.getNonce()).build();
            TlvAuthAuthToken build2 = TlvAuthAuthToken.newBuilder(fromJson.getAuthToken()).build();
            TlvSignature build3 = TlvSignature.newBuilder(fromJson.getAatSignature()).build();
            ArrayList arrayList = new ArrayList();
            g3.c cVar = g3.e.f5643c;
            arrayList.add(TlvCertificate.newBuilder(cVar.a(fromJson.getServerCert())).build());
            arrayList.add(TlvCertificate.newBuilder(cVar.a(fromJson.getServiceRootCert())).build());
            return VerifyAuthAuthTokenResponse.newBuilder(TokenVerifier.verifyAuthAuthToken(TlvServerAuthAuthTokenAssertion.newBuilder(build, build2, build3, arrayList).build().encode(), fromJson.getContinuousNonce())).build().toJson();
        } catch (Exception e2) {
            PSLog.e(TAG, "verifyAuthAuthToken fail : " + e2.getMessage(), e2);
            return "";
        }
    }

    public static String verifyAuthAuthTokenWithAssertion(String str) {
        TlvNonce tlvNonce;
        try {
            VerifyAuthAuthTokenWithAssertionRequest fromJson = VerifyAuthAuthTokenWithAssertionRequest.fromJson(str);
            if (fromJson.getContinuousNonce() != null) {
                PSLog.v(TAG, "continuousNonce is available");
                tlvNonce = TlvNonce.newBuilder(fromJson.getContinuousNonce()).build();
            } else {
                tlvNonce = null;
            }
            byte[] encode = TlvVerifyAuthAuthTokenCommand.newBuilder(new TlvServerAuthAuthTokenAssertion(fromJson.getAssertion())).setTlvNonce(tlvNonce).build().encode();
            if (encode != null && encode.length != 0) {
                byte[] execSecurely = TzApp.getInstance().execSecurely(encode);
                if (execSecurely.length == 0) {
                    PSLog.e(TAG, "failed to securely tz-execute");
                    return "";
                }
                TlvVerifyAuthAuthTokenResponse tlvVerifyAuthAuthTokenResponse = new TlvVerifyAuthAuthTokenResponse(execSecurely);
                short statusCode = tlvVerifyAuthAuthTokenResponse.getTlvStatusCode().getStatusCode();
                if (statusCode != 0) {
                    PSLog.e(TAG, "process failed : " + ((int) statusCode));
                    return "";
                }
                byte[] authVerifyToken = tlvVerifyAuthAuthTokenResponse.getTlvAuthVerifyToken().getAuthVerifyToken();
                if (authVerifyToken != null && authVerifyToken.length != 0) {
                    return VerifyAuthAuthTokenWithAssertionResponse.newBuilder((byte[]) authVerifyToken.clone()).build().toJson();
                }
                PSLog.e(TAG, "avt is null");
                return "";
            }
            PSLog.e(TAG, "getting command failed");
            return "";
        } catch (Exception unused) {
            PSLog.e(TAG, "verifyAuthAuthTokenWithAssertion failed");
            return "";
        }
    }

    public static String verifyCryptoAuthToken(String str) {
        try {
            byte[] encode = TlvVerifyCryptoAuthTokenCommand.newBuilder(new TlvServerCryptoAuthTokenAssertion(VerifyCryptoAuthTokenRequest.fromJson(str).getServerAssertion())).build().encode();
            if (encode != null && encode.length != 0) {
                byte[] execSecurely = TzApp.getInstance().execSecurely(encode);
                if (execSecurely.length == 0) {
                    CommonLog.e(TAG, "failed to securely tz-execute");
                    return "";
                }
                TlvVerifyCryptoAuthTokenResponse tlvVerifyCryptoAuthTokenResponse = new TlvVerifyCryptoAuthTokenResponse(execSecurely);
                short statusCode = tlvVerifyCryptoAuthTokenResponse.getTlvStatusCode().getStatusCode();
                if (statusCode != 0) {
                    CommonLog.e(TAG, "process failed : " + ((int) statusCode));
                    return "";
                }
                byte[] cryptoVerifyToken = tlvVerifyCryptoAuthTokenResponse.getTlvCryptoVerifyToken().getCryptoVerifyToken();
                if (cryptoVerifyToken != null && cryptoVerifyToken.length != 0) {
                    return VerifyCryptoAuthTokenResponse.newBuilder(Encoding.Base64Url.encode(cryptoVerifyToken)).build().toJson();
                }
                CommonLog.e(TAG, "cvto is null");
                return "";
            }
            CommonLog.e(TAG, "getting command failed");
            return "";
        } catch (Exception e2) {
            CommonLog.e(TAG, "verifyCryptoAuthToken failed : " + e2.getMessage());
            return "";
        }
    }
}
