package com.samsung.android.authfw.pass.authentication.partner;

import a0.e;
import android.os.RemoteException;
import android.support.v4.media.session.f;
import com.samsung.android.authfw.pass.authentication.IAuthenticateListener;
import com.samsung.android.authfw.pass.authentication.partner.SaasOperation;
import com.samsung.android.authfw.pass.common.AuthenticatorType;
import com.samsung.android.authfw.pass.common.args.AdditionalData;
import com.samsung.android.authfw.pass.common.utils.Encoding;
import com.samsung.android.authfw.pass.logger.PSLog;
import com.samsung.android.authfw.pass.net.message.BindResponse;
import com.samsung.android.authfw.pass.net.samsungpass.SamsungPassNetworkOperations;
import com.samsung.android.authfw.pass.sdk.v2.message.AuthenticationResult;
import com.samsung.android.authfw.pass.sdk.v2.message.RpInfo;
import com.samsung.android.authfw.pass.sdk.v2.message.SaasPostInfo;
import com.samsung.android.authfw.pass.storage.KeyInfoStorage;
import com.samsung.android.authfw.pass.storage.db.KeyInfo;
import com.samsung.android.authfw.trustzone.CommandGenerator;
import com.samsung.android.authfw.trustzone.DeviceAttestationKeySpec;
import com.samsung.android.authfw.trustzone.TzApp;
import com.samsung.android.authfw.trustzone.tlv.TlvAccessToken;
import com.samsung.android.authfw.trustzone.tlv.TlvAuthVerifyToken;
import com.samsung.android.authfw.trustzone.tlv.TlvBaseAttestKeyCommand;
import com.samsung.android.authfw.trustzone.tlv.TlvBaseAttestKeyResponse;
import com.samsung.android.authfw.trustzone.tlv.TlvCertificate;
import com.samsung.android.authfw.trustzone.tlv.TlvDrkKeyHandle;
import com.samsung.android.authfw.trustzone.tlv.TlvNonce;
import com.samsung.android.authfw.trustzone.tlv.TlvPublicKeyAlgorithm;
import com.samsung.android.authfw.trustzone.util.Log;
import java.nio.charset.Charset;
import java.security.SignatureException;
import java.util.List;
import q4.c;

/* loaded from: classes.dex */
public class SaasBind extends SaasOperation {
    private static final String TAG = "SaasBind";
    private String mBindAssertion;
    private String mDeviceRootKeyCert;
    private byte[] mFidoAuthVerifyToken;
    private KeyInfo mKeyInfo;
    private String mUserKeyCert;

    public SaasBind(int i2, int i6, RpInfo rpInfo, SaasPostInfo saasPostInfo, IAuthenticateListener iAuthenticateListener) {
        super(i2, i6, rpInfo, saasPostInfo, iAuthenticateListener);
        this.mKeyInfo = null;
        this.mBindAssertion = null;
        this.mDeviceRootKeyCert = null;
        this.mUserKeyCert = null;
    }

    private byte[] doBaseAttestKey(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, int i2) throws RemoteException {
        String str = TAG;
        Log.i(str, "bak start");
        if (bArr == null || bArr.length != 32) {
            Log.e(str, "nonce is invalid");
            return new byte[0];
        }
        if (bArr4 == null || bArr4.length != 32) {
            Log.e(str, "svcNonce is invalid");
            return new byte[0];
        }
        if (bArr2 == null || bArr2.length == 0) {
            Log.e(str, "avt is invalid");
            return new byte[0];
        }
        if (bArr3 == null || bArr3.length == 0) {
            Log.e(str, "accessToken is invalid");
            return new byte[0];
        }
        final TlvNonce build = TlvNonce.newBuilder(bArr).build();
        final TlvAuthVerifyToken build2 = TlvAuthVerifyToken.newBuilder(bArr2).build();
        final TlvAccessToken build3 = TlvAccessToken.newBuilder(bArr3).build();
        final TlvNonce build4 = TlvNonce.newBuilder(bArr4).build();
        final TlvPublicKeyAlgorithm build5 = TlvPublicKeyAlgorithm.newBuilder(i2).build();
        byte[] execSecurelyWithDeviceKey = TzApp.getInstance().execSecurelyWithDeviceKey(new CommandGenerator() { // from class: com.samsung.android.authfw.pass.authentication.partner.a
            @Override // com.samsung.android.authfw.trustzone.CommandGenerator
            public final byte[] getCommand(c cVar, byte[] bArr5) {
                byte[] lambda$doBaseAttestKey$0;
                lambda$doBaseAttestKey$0 = SaasBind.lambda$doBaseAttestKey$0(TlvNonce.this, build2, build3, build4, build5, cVar, bArr5);
                return lambda$doBaseAttestKey$0;
            }
        }, DeviceAttestationKeySpec.DEFAULT);
        if (execSecurelyWithDeviceKey.length == 0) {
            Log.e(str, "execSecurelyWithDrk() failed");
            return new byte[0];
        }
        TlvBaseAttestKeyResponse tlvBaseAttestKeyResponse = new TlvBaseAttestKeyResponse(execSecurelyWithDeviceKey);
        short statusCode = tlvBaseAttestKeyResponse.getTlvStatusCode().getStatusCode();
        if (statusCode != 0) {
            Log.e(str, "process failed : " + ((int) statusCode));
            return new byte[0];
        }
        byte[] encode = tlvBaseAttestKeyResponse.encode();
        Log.v(str, "response : " + encode.length);
        return encode;
    }

    private boolean doProcessPostBind(String str) {
        f.o(getAppCertHash().length() > 0);
        f.o(getAppId().length() > 0);
        f.o(getSvcUserId().length() > 0);
        f.o(getSamsungEventId().length() > 0);
        f.o(getSvcEventId().length() > 0);
        if (str.length() == 0) {
            PSLog.e(getTag(), "authenticateResult is invalid");
            return false;
        }
        byte[] bArr = this.mFidoAuthVerifyToken;
        if (bArr == null || bArr.length == 0) {
            PSLog.e(getTag(), "verifyAuthAuthToken failed");
            return false;
        }
        KeyInfo keyInfo = this.mKeyInfo;
        if (keyInfo == null) {
            PSLog.e(getTag(), "keyInfo failed");
            return false;
        }
        KeyInfoStorage.insert(keyInfo);
        return true;
    }

    private boolean doProcessPreBind() throws SignatureException {
        f.o(getAppCertHash().length() > 0);
        f.o(getAppId().length() > 0);
        f.o(getSvcUserId().length() > 0);
        f.o(getSamsungEventId().length() > 0);
        f.o(getSvcEventId().length() > 0);
        byte[] verifyAuthAuthToken = verifyAuthAuthToken();
        this.mFidoAuthVerifyToken = verifyAuthAuthToken;
        if (verifyAuthAuthToken == null || verifyAuthAuthToken.length == 0) {
            PSLog.e(getTag(), "vaat failed");
            throw new SignatureException();
        }
        byte[] baseAttestKey = baseAttestKey(Encoding.hash((getSamsungEventId() + getSvcEventId()).getBytes(Charset.forName("UTF-8"))), this.mFidoAuthVerifyToken, Encoding.hash((getAppCertHash() + getGroupId() + getSvcUserId()).getBytes(Charset.forName("UTF-8"))), Encoding.hash(getSvcEventId().getBytes(Charset.forName("UTF-8"))), 1);
        String tag = getTag();
        StringBuilder sb2 = new StringBuilder("response = ");
        sb2.append(baseAttestKey.length);
        PSLog.v(tag, sb2.toString());
        if (baseAttestKey.length == 0) {
            PSLog.e(getTag(), "baseAttestKey failed");
            return false;
        }
        TlvBaseAttestKeyResponse tlvBaseAttestKeyResponse = new TlvBaseAttestKeyResponse(baseAttestKey);
        if (tlvBaseAttestKeyResponse.getTlvStatusCode().getStatusCode() != 0) {
            PSLog.e(getTag(), "baseAttestKey TLV failed");
            return false;
        }
        KeyInfo keyInfo = new KeyInfo(getGroupId(), getAppCertHash(), getSvcUserId(), AuthenticatorType.stringValueOf(getVerificationType()));
        this.mKeyInfo = keyInfo;
        keyInfo.setKeyHandle(Encoding.Base64.encode(tlvBaseAttestKeyResponse.getTlvAttestKeyKeyHandle().getAttestKeyKeyHandle()));
        PSLog.v(getTag(), "keyInfo : " + this.mKeyInfo.toString());
        List<TlvCertificate> tlvCertificates = tlvBaseAttestKeyResponse.getTlvCertificates();
        f.p(2 == tlvCertificates.size(), "invalid certificates");
        this.mUserKeyCert = Encoding.Base64.encode(tlvCertificates.get(0).getCertificate());
        this.mDeviceRootKeyCert = Encoding.Base64.encode(tlvCertificates.get(1).getCertificate());
        String encode = Encoding.Base64.encode(tlvBaseAttestKeyResponse.getTlvAttestKeyAssertion().encode());
        this.mBindAssertion = encode;
        PSLog.v(getTag(), "Result : " + encode);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ byte[] lambda$doBaseAttestKey$0(TlvNonce tlvNonce, TlvAuthVerifyToken tlvAuthVerifyToken, TlvAccessToken tlvAccessToken, TlvNonce tlvNonce2, TlvPublicKeyAlgorithm tlvPublicKeyAlgorithm, c cVar, byte[] bArr) {
        byte[] encode = TlvBaseAttestKeyCommand.newBuilder(tlvNonce, tlvAuthVerifyToken, tlvAccessToken, TlvDrkKeyHandle.newBuilder(bArr).build(), tlvNonce2, tlvPublicKeyAlgorithm).build().encode();
        if (encode != null && encode.length != 0) {
            return encode;
        }
        Log.e(TAG, "getting command failed");
        return new byte[0];
    }

    private boolean processPostBind(String str) {
        try {
            return doProcessPostBind(str);
        } catch (Exception e2) {
            e.z(e2, new StringBuilder("doProcessPostBind failed : "), this.getTag());
            return false;
        }
    }

    private boolean processPreBind() throws SignatureException {
        try {
            return doProcessPreBind();
        } catch (SignatureException e2) {
            throw e2;
        } catch (Exception e10) {
            e.z(e10, new StringBuilder("doProcessPreBind failed : "), this.getTag());
            return false;
        }
    }

    public byte[] baseAttestKey(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, int i2) {
        try {
            return doBaseAttestKey(bArr, bArr2, bArr3, bArr4, i2);
        } catch (Exception unused) {
            Log.e(TAG, "doBaseAttestKey failed");
            return new byte[0];
        }
    }

    @Override // com.samsung.android.authfw.pass.authentication.partner.SaasOperation, com.samsung.android.authfw.pass.authentication.AuthenticateOperation
    public /* bridge */ /* synthetic */ void cancel() {
        super.cancel();
    }

    @Override // com.samsung.android.authfw.pass.authentication.partner.SaasOperation, com.samsung.android.authfw.pass.authentication.AuthenticateOperation
    public void complete() {
        this.mBindAssertion = null;
        this.mUserKeyCert = null;
        this.mFidoAuthVerifyToken = null;
        this.mKeyInfo = null;
        super.complete();
    }

    @Override // com.samsung.android.authfw.pass.authentication.partner.SaasOperation
    public void doPostPassOperation() {
        String json;
        if (!processPostBind(getServerResponse().getAuthToken())) {
            PSLog.e(getTag(), "processPostBind failed");
            getEventHandler().obtainMessage(3, 255).sendToTarget();
            return;
        }
        if (isExternalCertificateRequired()) {
            try {
                json = CertificationToken.newBuilder(getAppId(), getAppVersion(), getSvcUserId(), getSvcEventId(), getVerificationType(), getSamsungEventId(), this.mFidoAuthVerifyToken).build().toJson();
            } catch (Exception e2) {
                PSLog.e(getTag(), "Exception : " + e2.getMessage());
                getEventHandler().obtainMessage(3, 255).sendToTarget();
                return;
            }
        } else {
            json = null;
        }
        getEventHandler().obtainMessage(1, AuthenticationResult.newBuilder(getServerResponse().getAuthToken()).setDeviceRootKeyCert(this.mDeviceRootKeyCert).setAccountKeyCert(this.mUserKeyCert).setBindAssertion(this.mBindAssertion).setCertificationToken(json).build()).sendToTarget();
    }

    @Override // com.samsung.android.authfw.pass.authentication.partner.SaasOperation
    public void doSaasOperation() {
        boolean z10;
        try {
            z10 = processPreBind();
        } catch (SignatureException unused) {
            if (getCertificateRecoveryCount() < 1) {
                doTransactionRecovery(13);
                return;
            }
            z10 = false;
        }
        if (z10) {
            SamsungPassNetworkOperations.postBindRequest(getAppId(), getAppVersion(), getAppCertHash(), getSvcUserId(), getSvcEventId(), getSvcBizCode(), getSamsungEventId(), getVerificationType(), this.mBindAssertion, new SaasOperation.SaasAuthenticationCallback(this));
        } else {
            PSLog.e(getTag(), "processPreBind failed");
            e.x(255, getEventHandler(), 3);
        }
    }

    @Override // com.samsung.android.authfw.pass.authentication.partner.SaasOperation
    public /* bridge */ /* synthetic */ AdditionalData getAdditionalData() {
        return super.getAdditionalData();
    }

    @Override // com.samsung.android.authfw.pass.authentication.partner.SaasOperation
    public /* bridge */ /* synthetic */ BindResponse getServerResponse() {
        return super.getServerResponse();
    }

    @Override // com.samsung.android.authfw.pass.authentication.partner.SaasOperation
    public /* bridge */ /* synthetic */ String getSvcBizCode() {
        return super.getSvcBizCode();
    }

    @Override // com.samsung.android.authfw.pass.authentication.partner.SaasOperation
    public /* bridge */ /* synthetic */ String getSvcEventId() {
        return super.getSvcEventId();
    }

    @Override // com.samsung.android.authfw.pass.authentication.partner.SaasOperation
    public /* bridge */ /* synthetic */ String getSvcUserId() {
        return super.getSvcUserId();
    }

    @Override // com.samsung.android.authfw.pass.authentication.AuthenticateOperation
    public String getTag() {
        return TAG;
    }

    @Override // com.samsung.android.authfw.pass.authentication.AuthenticateOperation
    public SamsungPassNetworkOperations.TransactionType getTransactionType() {
        return SamsungPassNetworkOperations.TransactionType.SAAS_BIND;
    }
}
