package com.samsung.android.authfw.fido2.ext.authenticator.noneasf;

import android.security.keystore.KeyGenParameterSpec;
import androidx.fragment.app.FragmentActivity;
import b1.r0;
import com.samsung.android.authfw.client.OxygenUafServiceHelperActivity;
import com.samsung.android.authfw.crosscuttingconcern.logging.Logger;
import com.samsung.android.authfw.crosscuttingconcern.tools.hash.Hash;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.AuthenticatorAttachment;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.PublicKeyCredentialDescriptor;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.entity.PublicKeyCredentialSource;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.exception.NotSupportedException;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.exception.UnknownException;
import com.samsung.android.authfw.fido2.biometric.Biometric;
import com.samsung.android.authfw.fido2.domain.authenticator.Authenticator;
import com.samsung.android.authfw.fido2.domain.authenticator.message.AttestationStatementFormatNone;
import com.samsung.android.authfw.fido2.domain.authenticator.message.AuthenticatorCredentialPublicKey;
import com.samsung.android.authfw.fido2.domain.authenticator.message.AuthenticatorData;
import com.samsung.android.authfw.fido2.domain.authenticator.message.AuthenticatorExtensionsOutput;
import com.samsung.android.authfw.fido2.domain.authenticator.message.AuthenticatorGetAssertion;
import com.samsung.android.authfw.fido2.domain.authenticator.message.AuthenticatorGetAssertionRequest;
import com.samsung.android.authfw.fido2.domain.authenticator.message.AuthenticatorMakeCredential;
import com.samsung.android.authfw.fido2.ext.authenticator.operator.AuthenticatorCancelOperator;
import com.samsung.android.authfw.fido2.ext.authenticator.repository.Repository;
import h8.g1;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.util.ArrayList;
import java.util.List;
import m7.f;
import m7.p;
import s6.n;
import s6.r;
import x7.b;
import y7.e;
import y7.i;

/* loaded from: classes.dex */
public final class NoneAsfAuthenticator implements Authenticator {
    public static final Companion Companion = new Companion(null);
    private static final String TAG = "NoneAsfAuthenticator";
    private final byte[] AAGUID;
    private final AttestationStatementFormatNone attestationStatement;
    private final AuthenticatorAttachment authenticatorAttachment;
    private final Biometric biometric;
    private final AuthenticatorCancelOperator cancelOperator;
    private final String fmt;
    private final Repository repository;

    /* loaded from: classes.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(e eVar) {
            this();
        }
    }

    public NoneAsfAuthenticator(Biometric biometric, Repository repository) {
        i.f("biometric", biometric);
        i.f("repository", repository);
        this.biometric = biometric;
        this.repository = repository;
        this.cancelOperator = new AuthenticatorCancelOperator();
        this.AAGUID = new byte[16];
        this.fmt = "none";
        this.attestationStatement = new AttestationStatementFormatNone();
        this.authenticatorAttachment = AuthenticatorAttachment.Platform.INSTANCE;
    }

    public final n buildResponse(AuthenticatorGetAssertion authenticatorGetAssertion, Signature signature, List<PublicKeyCredentialSource> list) {
        Logger.Companion.d$default(Logger.Companion, TAG, "buildResponse()", null, 4, null);
        PublicKeyCredentialSource publicKeyCredentialSource = list.get(0);
        byte[] makeAuthenticatorData = makeAuthenticatorData(authenticatorGetAssertion, null, publicKeyCredentialSource.getSignCounter() + 1);
        if (signature != null) {
            signature.update(f.J(makeAuthenticatorData, authenticatorGetAssertion.getClientDataHash()));
        }
        return new e7.e(n.c(1), new a(new NoneAsfAuthenticator$buildResponse$1(authenticatorGetAssertion, publicKeyCredentialSource, makeAuthenticatorData, signature != null ? signature.sign() : null, list), 5), 1);
    }

    public final n buildResponse(AuthenticatorMakeCredential authenticatorMakeCredential, KeyPair keyPair) {
        int i2 = 1;
        authenticatorMakeCredential.getAuthenticatorExtensionsInput();
        byte[] bArr = new byte[65];
        new SecureRandom().nextBytes(bArr);
        byte[] bArr2 = {1, 2, 3, 4, 5};
        PublicKey publicKey = keyPair.getPublic();
        i.d("null cannot be cast to non-null type java.security.interfaces.ECPublicKey", publicKey);
        byte[] byteArray = ((ECPublicKey) publicKey).getW().getAffineX().toByteArray();
        PublicKey publicKey2 = keyPair.getPublic();
        i.d("null cannot be cast to non-null type java.security.interfaces.ECPublicKey", publicKey2);
        byte[] byteArray2 = ((ECPublicKey) publicKey2).getW().getAffineY().toByteArray();
        Hash.Companion companion = Hash.Companion;
        String id = authenticatorMakeCredential.getRp().getId();
        i.c(id);
        byte[] bytes = id.getBytes(ma.a.f7529a);
        i.e("this as java.lang.String).getBytes(charset)", bytes);
        byte[] sha256 = companion.sha256(bytes);
        i.c(sha256);
        byte[] bArr3 = this.AAGUID;
        AuthenticatorCredentialPublicKey.Companion companion2 = AuthenticatorCredentialPublicKey.Companion;
        if (byteArray[0] == 0) {
            byteArray = f.M(byteArray, r0.C(1, byteArray.length));
        }
        if (byteArray2[0] == 0) {
            byteArray2 = f.M(byteArray2, r0.C(1, byteArray2.length));
        }
        return new e7.e(n.c(1), new a(new NoneAsfAuthenticator$buildResponse$2(this, new AuthenticatorData(sha256, true, true, 0L, new AuthenticatorData.AttestedCredentialData(bArr3, bArr, companion2.createES256PubKey(byteArray, byteArray2)), null), bArr, bArr2, authenticatorMakeCredential), 2), i2);
    }

    public static final byte[] buildResponse$lambda$2(b bVar, Object obj) {
        i.f("$tmp0", bVar);
        return (byte[]) bVar.invoke(obj);
    }

    public static final byte[] buildResponse$lambda$3(b bVar, Object obj) {
        i.f("$tmp0", bVar);
        return (byte[]) bVar.invoke(obj);
    }

    public static final r createCredential$lambda$0(b bVar, Object obj) {
        i.f("$tmp0", bVar);
        return (r) bVar.invoke(obj);
    }

    private final n createOperation(n nVar) {
        return this.cancelOperator.createCancellableOperation(nVar);
    }

    private final Signature createSignature(PrivateKey privateKey) {
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(privateKey);
        return signature;
    }

    private final KeyPair generateKeyPair(String str) {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
        i.e("getInstance(...)", keyPairGenerator);
        KeyGenParameterSpec.Builder invalidatedByBiometricEnrollment = new KeyGenParameterSpec.Builder(str, 4).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setDigests("SHA-256", "SHA-384", "SHA-512").setUserAuthenticationRequired(true).setInvalidatedByBiometricEnrollment(true);
        i.e("setInvalidatedByBiometricEnrollment(...)", invalidatedByBiometricEnrollment);
        keyPairGenerator.initialize(invalidatedByBiometricEnrollment.build());
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        i.e("genKeyPair(...)", genKeyPair);
        return genKeyPair;
    }

    public static final r getAssertion$lambda$1(b bVar, Object obj) {
        i.f("$tmp0", bVar);
        return (r) bVar.invoke(obj);
    }

    private final PrivateKey getPrivateKey(String str) {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        Key key = keyStore.getKey(str, null);
        i.d("null cannot be cast to non-null type java.security.PrivateKey", key);
        return (PrivateKey) key;
    }

    private final n insertCredential(byte[] bArr, byte[] bArr2, AuthenticatorMakeCredential authenticatorMakeCredential, long j10) {
        Repository repository = this.repository;
        String id = authenticatorMakeCredential.getRp().getId();
        i.c(id);
        return repository.insertCredential(new PublicKeyCredentialSource(bArr, bArr2, id, authenticatorMakeCredential.getUser().getId(), authenticatorMakeCredential.getUser().getDisplayName(), authenticatorMakeCredential.getUser().getIcon(), authenticatorMakeCredential.getUser().getName(), j10));
    }

    private final byte[] makeAuthenticatorData(AuthenticatorGetAssertion authenticatorGetAssertion, AuthenticatorExtensionsOutput authenticatorExtensionsOutput, long j10) {
        Hash.Companion companion = Hash.Companion;
        byte[] bytes = authenticatorGetAssertion.getRpId().getBytes(ma.a.f7529a);
        i.e("this as java.lang.String).getBytes(charset)", bytes);
        byte[] sha256 = companion.sha256(bytes);
        i.c(sha256);
        return new AuthenticatorData(sha256, true, true, j10, null, authenticatorExtensionsOutput).encode();
    }

    private final n makeCredentialOptions(AuthenticatorGetAssertion authenticatorGetAssertion, PublicKeyCredentialSource publicKeyCredentialSource) {
        List<PublicKeyCredentialDescriptor> allowCredentialDescriptorList = authenticatorGetAssertion.getAllowCredentialDescriptorList();
        if (allowCredentialDescriptorList == null) {
            allowCredentialDescriptorList = p.f7387a;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(publicKeyCredentialSource);
        if (!allowCredentialDescriptorList.isEmpty()) {
            return new e7.e(n.c(1), new a(new NoneAsfAuthenticator$makeCredentialOptions$1(arrayList), 3), 1);
        }
        Logger.Companion.w$default(Logger.Companion, TAG, "allowCredentialDescriptorList is empty. test app dose not support this case.", null, 4, null);
        throw new NotSupportedException(null, 1, null);
    }

    public static final List makeCredentialOptions$lambda$4(b bVar, Object obj) {
        i.f("$tmp0", bVar);
        return (List) bVar.invoke(obj);
    }

    private final n updateSignCounter(AuthenticatorGetAssertion authenticatorGetAssertion, PublicKeyCredentialSource publicKeyCredentialSource, long j10) {
        return this.repository.updateCounter(authenticatorGetAssertion.getRpId(), publicKeyCredentialSource.getUserHandle(), j10);
    }

    @Override // com.samsung.android.authfw.fido2.domain.authenticator.Authenticator
    public void authenticatorCancel() {
        Logger.Companion.d$default(Logger.Companion, TAG, "authenticatorCancel()", null, 4, null);
        this.cancelOperator.cancelOperation();
    }

    @Override // com.samsung.android.authfw.fido2.domain.authenticator.Authenticator
    public boolean canPerformingUserVerification() {
        Logger.Companion.d$default(Logger.Companion, TAG, "canPerformingUserVerification()", null, 4, null);
        return true;
    }

    @Override // com.samsung.android.authfw.fido2.domain.authenticator.Authenticator
    public boolean canStoringClientSideResidentPublicKey() {
        return true;
    }

    @Override // com.samsung.android.authfw.fido2.domain.authenticator.Authenticator
    public n createCredential(FragmentActivity fragmentActivity, byte[] bArr) {
        i.f(OxygenUafServiceHelperActivity.MODE, fragmentActivity);
        i.f("command", bArr);
        Logger.Companion.d$default(Logger.Companion, TAG, "createCredential()", null, 4, null);
        AuthenticatorMakeCredential fromCbor = AuthenticatorMakeCredential.Companion.fromCbor(bArr);
        i.c(fromCbor);
        String id = fromCbor.getRp().getId();
        i.c(id);
        KeyPair generateKeyPair = generateKeyPair(id);
        PrivateKey privateKey = generateKeyPair.getPrivate();
        i.c(privateKey);
        n authenticate = this.biometric.authenticate(new Biometric.Param(fragmentActivity, createSignature(privateKey)));
        a aVar = new a(new NoneAsfAuthenticator$createCredential$1(this, fromCbor, generateKeyPair), 4);
        authenticate.getClass();
        return createOperation(new e7.e(authenticate, aVar, 0));
    }

    @Override // com.samsung.android.authfw.fido2.domain.authenticator.Authenticator
    public n getAssertion(FragmentActivity fragmentActivity, byte[] bArr) {
        i.f(OxygenUafServiceHelperActivity.MODE, fragmentActivity);
        i.f("command", bArr);
        Logger.Companion.d$default(Logger.Companion, TAG, "getAssertion()", null, 4, null);
        AuthenticatorGetAssertionRequest fromCbor = AuthenticatorGetAssertionRequest.Companion.fromCbor(bArr);
        if (fromCbor == null) {
            return n.b(new UnknownException(null, 1, null));
        }
        AuthenticatorGetAssertion authenticatorGetAssertion = fromCbor.getAuthenticatorGetAssertion();
        PublicKeyCredentialSource publicKeyCredentialSource = fromCbor.getPublicKeyCredentialSource();
        PrivateKey privateKey = getPrivateKey(authenticatorGetAssertion.getRpId());
        i.c(privateKey);
        Signature createSignature = createSignature(privateKey);
        n makeCredentialOptions = makeCredentialOptions(authenticatorGetAssertion, publicKeyCredentialSource);
        a aVar = new a(new NoneAsfAuthenticator$getAssertion$1(this, fragmentActivity, createSignature, authenticatorGetAssertion), 1);
        makeCredentialOptions.getClass();
        return createOperation(new e7.e(makeCredentialOptions, aVar, 0));
    }

    @Override // com.samsung.android.authfw.fido2.domain.authenticator.Authenticator
    public AuthenticatorAttachment getAuthenticatorAttachment() {
        return this.authenticatorAttachment;
    }

    @Override // com.samsung.android.authfw.fido2.domain.authenticator.Authenticator
    public n lookupCredSource(byte[] bArr) {
        i.f("credentialId", bArr);
        return this.repository.getCredentials(bArr);
    }

    @Override // com.samsung.android.authfw.fido2.domain.authenticator.Authenticator
    public n postCreateCredential(FragmentActivity fragmentActivity, byte[] bArr, Integer num, byte[] bArr2, List<byte[]> list) {
        i.f(OxygenUafServiceHelperActivity.MODE, fragmentActivity);
        i.f("command", bArr);
        throw new g1("An operation is not implemented: Not yet implemented", 1);
    }

    @Override // com.samsung.android.authfw.fido2.domain.authenticator.Authenticator
    public n postGetAssertion(FragmentActivity fragmentActivity, byte[] bArr, Integer num, byte[] bArr2, List<byte[]> list) {
        i.f(OxygenUafServiceHelperActivity.MODE, fragmentActivity);
        i.f("command", bArr);
        throw new g1("An operation is not implemented: Not yet implemented", 1);
    }

    @Override // com.samsung.android.authfw.fido2.domain.authenticator.Authenticator
    public n preCreateCredential(FragmentActivity fragmentActivity, byte[] bArr, Integer num) {
        i.f(OxygenUafServiceHelperActivity.MODE, fragmentActivity);
        i.f("command", bArr);
        throw new g1("An operation is not implemented: Not yet implemented", 1);
    }

    @Override // com.samsung.android.authfw.fido2.domain.authenticator.Authenticator
    public n preGetAssertion(FragmentActivity fragmentActivity, byte[] bArr, Integer num) {
        i.f(OxygenUafServiceHelperActivity.MODE, fragmentActivity);
        i.f("command", bArr);
        throw new g1("An operation is not implemented: Not yet implemented", 1);
    }
}
