package com.samsung.android.authfw.pass.authentication.partner;

import a0.e;
import android.content.Intent;
import android.os.Handler;
import android.os.Looper;
import android.os.Message;
import android.support.v4.media.session.f;
import android.text.TextUtils;
import com.samsung.android.authfw.common.utils.StorageCrypto;
import com.samsung.android.authfw.pass.authentication.AuthenticateOperation;
import com.samsung.android.authfw.pass.authentication.IAuthenticateListener;
import com.samsung.android.authfw.pass.authentication.PrepareToken;
import com.samsung.android.authfw.pass.authentication.fido.ClientAuthenticate;
import com.samsung.android.authfw.pass.common.CertificateScheme;
import com.samsung.android.authfw.pass.common.args.AdditionalData;
import com.samsung.android.authfw.pass.common.utils.Encoding;
import com.samsung.android.authfw.pass.common.utils.Preconditions;
import com.samsung.android.authfw.pass.logger.PSLog;
import com.samsung.android.authfw.pass.net.message.BindResponse;
import com.samsung.android.authfw.pass.net.message.TransactionResponse;
import com.samsung.android.authfw.pass.net.samsungpass.SamsungPassNetworkOperations;
import com.samsung.android.authfw.pass.sdk.v2.message.AuthenticationResult;
import com.samsung.android.authfw.pass.sdk.v2.message.RpInfo;
import com.samsung.android.authfw.pass.sdk.v2.message.SaasPostInfo;
import com.samsung.android.authfw.pass.signature.TokenVerifier;
import com.samsung.android.authfw.pass.storage.SettingStorage;
import com.samsung.android.authfw.trustzone.tlv.TlvAuthAuthToken;
import com.samsung.android.authfw.trustzone.tlv.TlvCertificate;
import com.samsung.android.authfw.trustzone.tlv.TlvNonce;
import com.samsung.android.authfw.trustzone.tlv.TlvServerAuthAuthTokenAssertion;
import com.samsung.android.authfw.trustzone.tlv.TlvSignature;
import com.sec.android.fido.uaf.message.internal.tag.uafv1tlv.TlvAuthAssertion;
import com.sec.android.fido.uaf.message.internal.tag.uafv1tlv.TlvExtension;
import com.sec.android.fido.uaf.message.internal.tag.uafv1tlv.TlvSignedData;
import com.sec.android.fido.uaf.message.protocol.AuthenticationResponseList;
import com.sec.android.fido.uaf.message.protocol.UafMessage;
import g3.c;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public abstract class SaasOperation extends PartnerOperation {
    static final int MAX_CERTIFICATE_RECOVERY_COUNT = 1;
    private final AdditionalData mAdditionalData;
    private int mCertificateRecoveryCount;
    private byte[] mFidoAuthAuthToken;
    private byte[] mFidoAuthAuthTokenSignature;
    private final PrepareToken mPrepareToken;
    private BindResponse mServerResponse;
    private final String mSvcBizCode;
    private final String mSvcEventId;
    private final String mSvcUserId;
    private final byte[] mWrappedData;

    /* loaded from: classes.dex */
    public final class EventHandler extends Handler {
        public EventHandler(Looper looper) {
            super(looper);
            Preconditions.checkArgument(looper != Looper.getMainLooper(), "main looper is not allowed");
        }

        public void doHandleMessage(Message message) {
            PSLog.i(SaasOperation.this.getTag(), "[" + SaasOperation.this.getRequestCode() + "][1][" + message.what + "]");
            switch (message.what) {
                case 0:
                    SaasOperation.this.complete();
                    return;
                case 1:
                    SaasOperation.this.sendSuccess((AuthenticationResult) message.obj);
                    return;
                case 2:
                    SaasOperation.this.doCancel();
                    return;
                case 3:
                    SaasOperation.this.sendError(((Integer) message.obj).intValue());
                    return;
                case 4:
                    SaasOperation.this.doRefreshSamsungAccountAccessToken(((Integer) message.obj).intValue());
                    return;
                case 5:
                    SaasOperation.this.doRefreshSamsungAccountAccessTokenUsingActivity(((Integer) message.obj).intValue());
                    return;
                case 6:
                    SaasOperation.this.doCheckPermission();
                    return;
                case 7:
                case 8:
                case 9:
                default:
                    throw new UnsupportedOperationException();
                case 10:
                    SaasOperation.this.doFidoClientOperation();
                    return;
                case 11:
                    SaasOperation.this.doUafResponse((Intent) message.obj);
                    return;
                case 12:
                    SaasOperation.this.doPassOperation((String) message.obj);
                    return;
                case 13:
                    SaasOperation.this.doSaasOperation();
                    return;
                case 14:
                    SaasOperation.this.doPostPassOperation();
                    return;
            }
        }

        @Override // android.os.Handler
        public void handleMessage(Message message) {
            PSLog.v(SaasOperation.this.getTag(), "handleMessage : " + message.what);
            try {
                doHandleMessage(message);
            } catch (RuntimeException e2) {
                PSLog.w(SaasOperation.this.getTag(), "handleMessage failed: " + message.what + ", " + e2.getMessage());
                e.x(255, SaasOperation.this.getEventHandler(), 3);
            }
        }
    }

    /* loaded from: classes.dex */
    public static final class SaasAuthenticationCallback extends AuthenticateOperation.SamsungPassNetworkOperationListener {
        private final SaasOperation mOperation;

        public SaasAuthenticationCallback(SaasOperation saasOperation) {
            super(saasOperation, 13);
            this.mOperation = saasOperation;
        }

        @Override // com.samsung.android.authfw.common.net.NetworkOperationResponseListener
        public void onResult(String str) {
            try {
                BindResponse fromJson = BindResponse.fromJson(str);
                this.mOperation.mServerResponse = fromJson;
                getEventHandler().obtainMessage(14, fromJson).sendToTarget();
            } catch (IllegalArgumentException | IllegalStateException unused) {
                PSLog.e(getTag(), "BindResponse.fromJson(inResponse=" + str + ") occurred IllegalStateException.");
                e.x(255, getEventHandler(), 3);
            }
        }
    }

    /* loaded from: classes.dex */
    public static final class TransactionRecoveryListener extends AuthenticateOperation.SamsungPassNetworkOperationListener {
        private final int mCurrentEvent;
        private final SaasOperation mOperation;

        private TransactionRecoveryListener(SaasOperation saasOperation, int i2) {
            super(saasOperation, i2);
            this.mOperation = saasOperation;
            this.mCurrentEvent = i2;
        }

        public /* synthetic */ TransactionRecoveryListener(SaasOperation saasOperation, int i2, int i6) {
            this(saasOperation, i2);
        }

        @Override // com.samsung.android.authfw.common.net.NetworkOperationResponseListener
        public void onResult(String str) {
            try {
                PSLog.v(getTag(), str);
                TransactionResponse fromJson = TransactionResponse.fromJson(str);
                this.mOperation.mCertificateRecoveryCount++;
                PSLog.v(getTag(), "CertificatesRecoveryTransactionListener - onResult : " + fromJson);
                PSLog.v(getTag(), "transactionResponse(" + fromJson.toString() + ")");
                String serverCert = fromJson.getServerCert();
                String serviceRootCert = fromJson.getServiceRootCert();
                String serverCert2 = SettingStorage.getServerCert();
                String serviceRootCert2 = SettingStorage.getServiceRootCert();
                if (!TextUtils.isEmpty(serverCert) && !TextUtils.isEmpty(serviceRootCert)) {
                    PSLog.i(getTag(), "R-SC&SRC");
                    if (TextUtils.isEmpty(serverCert2) || !serverCert2.equals(serverCert)) {
                        SettingStorage.setServerCert(serverCert);
                    } else {
                        PSLog.i(getTag(), "R-SC&SRC-D1");
                    }
                    if (TextUtils.isEmpty(serviceRootCert2) || !serviceRootCert2.equals(serviceRootCert)) {
                        SettingStorage.setServiceRootCert(serviceRootCert);
                    } else {
                        PSLog.i(getTag(), "R-SC&SRC-D2");
                    }
                }
                getEventHandler().obtainMessage(this.mCurrentEvent).sendToTarget();
            } catch (IllegalArgumentException | IllegalStateException unused) {
                PSLog.w(getTag(), "TransactionResponse.fromJson(asmResponse=" + str + ") occurred IllegalStateException.");
                e.x(255, getEventHandler(), 3);
            }
        }
    }

    public SaasOperation(int i2, int i6, RpInfo rpInfo, SaasPostInfo saasPostInfo, IAuthenticateListener iAuthenticateListener) {
        super(i2, i6, rpInfo, saasPostInfo.getAuthenticationInfo(), saasPostInfo.getChannelInfo(), iAuthenticateListener);
        this.mCertificateRecoveryCount = 0;
        this.mPrepareToken = PrepareToken.fromJson(StorageCrypto.decrypt(saasPostInfo.getPrepareToken()));
        this.mWrappedData = saasPostInfo.getWrappedData();
        this.mSvcUserId = saasPostInfo.getAuthenticationInfo().getSvcUserId();
        this.mSvcEventId = saasPostInfo.getAuthenticationInfo().getSvcEventId();
        this.mSvcBizCode = saasPostInfo.getAuthenticationInfo().getSvcBizCode();
        this.mAdditionalData = saasPostInfo.getAdditionalData();
    }

    private byte[] creteFidoAuthAuthToken(Intent intent) {
        try {
            String stringExtra = intent.getStringExtra("message");
            try {
                String uafProtocolMessage = UafMessage.fromJson(stringExtra).getUafProtocolMessage();
                try {
                    TlvSignedData tlvSignedData = new TlvAuthAssertion(g3.e.f5644d.g().a(AuthenticationResponseList.fromJson(uafProtocolMessage).getAuthenticationResponseList().get(0).getAuthSignAssertionList().get(0).getAssertion())).getTlvSignedData();
                    if (tlvSignedData == null) {
                        PSLog.e(getTag(), "tlvSignedData is null");
                        return null;
                    }
                    List<TlvExtension> tlvExtensionList = tlvSignedData.getTlvExtensionList();
                    if (tlvExtensionList == null) {
                        PSLog.e(getTag(), "tlvExtensions is null");
                        return null;
                    }
                    for (TlvExtension tlvExtension : tlvExtensionList) {
                        if (new String(tlvExtension.getTlvExtensionId().getId(), StandardCharsets.UTF_8).equals("SEC_EXT_PASS_AAT")) {
                            byte[] encode = tlvExtension.encode();
                            PSLog.v(getTag(), "found aat");
                            return encode;
                        }
                    }
                    return null;
                } catch (IllegalArgumentException | IllegalStateException unused) {
                    PSLog.e(getTag(), "AuthenticationResponseList.fromJson(protocolMessage=" + uafProtocolMessage + ") occurred IllegalStateException.");
                    return null;
                }
            } catch (IllegalArgumentException | IllegalStateException unused2) {
                PSLog.e(getTag(), "UafMessage.fromJson(message=" + stringExtra + ") occurred IllegalStateException.");
                return null;
            }
        } catch (Exception e2) {
            PSLog.v(getTag(), "Not found aat : " + e2.getMessage());
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void doCancel() {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void doFidoClientOperation() {
        try {
            new ClientAuthenticate(getAppId(), getAppVersion(), getAppCertHash(), getPrepareToken().getSamsungEventId(), getVerificationType(), getPrepareToken().getUafRequest(), this.mWrappedData, makeAuthnrExtensions(), new AuthenticateOperation.FidoClientOperationCallback(this)).request();
        } catch (IllegalArgumentException e2) {
            PSLog.e(getTag(), "IllegalArgumentException : " + e2.getMessage());
            e.x(255, getEventHandler(), 3);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void doPassOperation(String str) {
        if (TextUtils.isEmpty(str)) {
            PSLog.w(getTag(), "uafResponse is invalid");
            e.x(255, getEventHandler(), 3);
        } else {
            this.mFidoAuthAuthTokenSignature = g3.e.f5643c.a(str);
            getEventHandler().obtainMessage(13).sendToTarget();
        }
    }

    private byte[] getFullNonce() {
        return Encoding.hash((getSamsungEventId() + getSvcEventId()).getBytes(Charset.forName("UTF-8")));
    }

    private PrepareToken getPrepareToken() {
        return this.mPrepareToken;
    }

    /* JADX WARN: Removed duplicated region for block: B:25:? A[RETURN, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:7:0x007e  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.util.Map<java.lang.String, java.lang.String> makeAuthnrExtensions() {
        /*
            r7 = this;
            java.lang.String r0 = r7.getTag()
            java.lang.String r1 = "For AAT"
            com.samsung.android.authfw.pass.logger.PSLog.v(r0, r1)
            r0 = 36
            java.nio.ByteBuffer r0 = java.nio.ByteBuffer.allocate(r0)
            java.nio.ByteOrder r1 = java.nio.ByteOrder.LITTLE_ENDIAN
            r0.order(r1)
            r1 = 1
            r2 = 0
            java.lang.String r3 = r7.getSamsungEventId()     // Catch: java.lang.IllegalArgumentException -> L46
            boolean r3 = android.text.TextUtils.isEmpty(r3)     // Catch: java.lang.IllegalArgumentException -> L46
            r3 = r3 ^ r1
            java.lang.String r4 = "samsung event id is invalid"
            com.samsung.android.authfw.pass.common.utils.Preconditions.checkArgument(r3, r4)     // Catch: java.lang.IllegalArgumentException -> L46
            java.lang.String r3 = r7.mSvcEventId     // Catch: java.lang.IllegalArgumentException -> L46
            boolean r3 = android.text.TextUtils.isEmpty(r3)     // Catch: java.lang.IllegalArgumentException -> L46
            r3 = r3 ^ r1
            java.lang.String r4 = "service event id is invalid"
            com.samsung.android.authfw.pass.common.utils.Preconditions.checkArgument(r3, r4)     // Catch: java.lang.IllegalArgumentException -> L46
            java.lang.StringBuilder r3 = new java.lang.StringBuilder     // Catch: java.lang.IllegalArgumentException -> L46
            r3.<init>()     // Catch: java.lang.IllegalArgumentException -> L46
            java.lang.String r4 = r7.getSamsungEventId()     // Catch: java.lang.IllegalArgumentException -> L46
            r3.append(r4)     // Catch: java.lang.IllegalArgumentException -> L46
            java.lang.String r4 = r7.mSvcEventId     // Catch: java.lang.IllegalArgumentException -> L46
            r3.append(r4)     // Catch: java.lang.IllegalArgumentException -> L46
            java.lang.String r3 = r3.toString()     // Catch: java.lang.IllegalArgumentException -> L46
            goto L47
        L46:
            r3 = r2
        L47:
            if (r3 == 0) goto L7b
            java.lang.String r4 = "SHA-256"
            java.security.MessageDigest r4 = java.security.MessageDigest.getInstance(r4)     // Catch: java.security.NoSuchAlgorithmException -> L61
            java.lang.String r5 = "UTF-8"
            java.nio.charset.Charset r5 = java.nio.charset.Charset.forName(r5)     // Catch: java.security.NoSuchAlgorithmException -> L61
            byte[] r3 = r3.getBytes(r5)     // Catch: java.security.NoSuchAlgorithmException -> L61
            r4.update(r3)     // Catch: java.security.NoSuchAlgorithmException -> L61
            byte[] r3 = r4.digest()     // Catch: java.security.NoSuchAlgorithmException -> L61
            goto L7c
        L61:
            r3 = move-exception
            java.lang.String r4 = r7.getTag()
            java.lang.StringBuilder r5 = new java.lang.StringBuilder
            java.lang.String r6 = "NoSuchAlgorithmException : "
            r5.<init>(r6)
            java.lang.String r3 = r3.getMessage()
            r5.append(r3)
            java.lang.String r3 = r5.toString()
            com.samsung.android.authfw.pass.logger.PSLog.e(r4, r3)
        L7b:
            r3 = r2
        L7c:
            if (r3 == 0) goto Lf3
            r0.put(r3)
            com.samsung.android.authfw.pass.common.PolicyScheme$Builder r2 = com.samsung.android.authfw.pass.common.PolicyScheme.newBuilder()
            com.samsung.android.authfw.pass.common.args.AdditionalData r3 = r7.mAdditionalData
            if (r3 == 0) goto Lb7
            java.lang.String r3 = r3.getKeyScheme()
            boolean r3 = com.samsung.android.authfw.pass.common.KeyScheme.contains(r3)
            if (r3 == 0) goto Lb7
            com.samsung.android.authfw.pass.common.args.AdditionalData r3 = r7.mAdditionalData     // Catch: java.lang.NumberFormatException -> La2
            java.lang.String r3 = r3.getKeyScheme()     // Catch: java.lang.NumberFormatException -> La2
            java.lang.Integer r3 = java.lang.Integer.valueOf(r3)     // Catch: java.lang.NumberFormatException -> La2
            int r3 = r3.intValue()     // Catch: java.lang.NumberFormatException -> La2
            goto La3
        La2:
            r3 = 0
        La3:
            r4 = r3 & 2
            r5 = 2
            if (r4 != r5) goto Lb2
            r3 = r3 & r1
            if (r3 != r1) goto Lb2
            r2.setKeyTypeContinuous()
            r2.setKeyModePermissive()
            goto Lb7
        Lb2:
            if (r4 != r5) goto Lb7
            r2.setKeyTypeContinuous()
        Lb7:
            com.samsung.android.authfw.pass.common.PolicyScheme r1 = r2.build()
            int r1 = r1.getPolicy()
            java.lang.String r7 = r7.getTag()
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            java.lang.String r3 = "policy = "
            r2.<init>(r3)
            java.lang.String r3 = com.samsung.android.authfw.pass.common.PolicyScheme.stringValueOf(r1)
            r2.append(r3)
            java.lang.String r2 = r2.toString()
            com.samsung.android.authfw.pass.logger.PSLog.v(r7, r2)
            r0.putInt(r1)
            java.util.HashMap r2 = new java.util.HashMap
            r2.<init>()
            g3.c r7 = g3.e.f5644d
            g3.e r7 = r7.g()
            byte[] r0 = r0.array()
            java.lang.String r7 = r7.c(r0)
            java.lang.String r0 = "SEC_EXT_PASS_AAT"
            r2.put(r0, r7)
        Lf3:
            return r2
        */
        throw new UnsupportedOperationException("Method not decompiled: com.samsung.android.authfw.pass.authentication.partner.SaasOperation.makeAuthnrExtensions():java.util.Map");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void sendError(int i2) {
        sendAuthenticationResult(i2, null);
        sendSaEventLog(false);
        getEventHandler().obtainMessage(0).sendToTarget();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void sendSuccess(AuthenticationResult authenticationResult) {
        sendAuthenticationResult(0, authenticationResult);
        sendSaEventLog(true);
        getEventHandler().obtainMessage(0).sendToTarget();
    }

    @Override // com.samsung.android.authfw.pass.authentication.AuthenticateOperation
    public void cancel() {
        PSLog.w(getTag(), "Cancel");
    }

    @Override // com.samsung.android.authfw.pass.authentication.AuthenticateOperation
    public void complete() {
        this.mServerResponse = null;
        this.mFidoAuthAuthToken = null;
        this.mFidoAuthAuthTokenSignature = null;
        super.complete();
    }

    @Override // com.samsung.android.authfw.pass.authentication.AuthenticateOperation
    public Handler createHandler(Looper looper) {
        PSLog.v(getTag(), "create handler");
        return new EventHandler(looper);
    }

    public abstract void doPostPassOperation();

    public abstract void doSaasOperation();

    public void doTransactionRecovery(int i2) {
        try {
            SamsungPassNetworkOperations.TransactionArguments transactionArgument = getTransactionArgument();
            transactionArgument.setNeedServerCert(true);
            SamsungPassNetworkOperations.postTransaction(transactionArgument, new TransactionRecoveryListener(this, i2, 0));
        } catch (IllegalArgumentException unused) {
            e.x(255, getEventHandler(), 3);
        }
    }

    @Override // com.samsung.android.authfw.pass.authentication.AuthenticateOperation
    public void doUafResponse(Intent intent) {
        byte[] creteFidoAuthAuthToken = creteFidoAuthAuthToken(intent);
        this.mFidoAuthAuthToken = creteFidoAuthAuthToken;
        if (creteFidoAuthAuthToken == null) {
            e.x(255, getEventHandler(), 3);
        } else {
            super.doUafResponse(intent);
        }
    }

    public AdditionalData getAdditionalData() {
        return this.mAdditionalData;
    }

    public int getCertificateRecoveryCount() {
        return this.mCertificateRecoveryCount;
    }

    public byte[] getFidoAuthAuthToken() {
        return this.mFidoAuthAuthToken;
    }

    public byte[] getFidoAuthAuthTokenSignature() {
        return this.mFidoAuthAuthTokenSignature;
    }

    @Override // com.samsung.android.authfw.pass.authentication.AuthenticateOperation
    public String getFidoOperationType() {
        return "Auth";
    }

    @Override // com.samsung.android.authfw.pass.authentication.AuthenticateOperation
    public String getSamsungEventId() {
        return this.mPrepareToken.getSamsungEventId();
    }

    public BindResponse getServerResponse() {
        return this.mServerResponse;
    }

    @Override // com.samsung.android.authfw.pass.authentication.partner.PartnerOperation
    public int getStartEvent() {
        return 10;
    }

    public String getSvcBizCode() {
        return this.mSvcBizCode;
    }

    public String getSvcEventId() {
        return this.mSvcEventId;
    }

    public String getSvcUserId() {
        return this.mSvcUserId;
    }

    public boolean isExternalCertificateRequired() {
        if (getAdditionalData() == null) {
            return false;
        }
        if (getAppId().equals(getAdditionalData().getAppId())) {
            if (CertificateScheme.contains(getAdditionalData().getCertificateScheme())) {
                try {
                    return Integer.valueOf(getAdditionalData().getCertificateScheme()).intValue() == 2;
                } catch (NumberFormatException unused) {
                    return false;
                }
            }
            PSLog.v(getTag(), "additionalData is not allowed");
            return false;
        }
        PSLog.v(getTag(), "additionalData is not allowed (" + getAdditionalData().getAppId() + ":" + getAppId() + ")");
        return false;
    }

    @Override // com.samsung.android.authfw.pass.authentication.AuthenticateOperation
    public void setOperationTimeout() {
    }

    public byte[] verifyAuthAuthToken() {
        boolean z10 = false;
        f.g(getSamsungEventId().length() > 0);
        f.g(getSvcEventId().length() > 0);
        f.g(getFidoAuthAuthToken() != null && getFidoAuthAuthToken().length > 0);
        if (getFidoAuthAuthTokenSignature() != null && getFidoAuthAuthTokenSignature().length > 0) {
            z10 = true;
        }
        f.g(z10);
        TlvNonce build = TlvNonce.newBuilder(getFullNonce()).build();
        TlvAuthAuthToken build2 = TlvAuthAuthToken.newBuilder(getFidoAuthAuthToken()).build();
        TlvSignature build3 = TlvSignature.newBuilder(getFidoAuthAuthTokenSignature()).build();
        PSLog.v(getTag(), "serverCert = " + SettingStorage.getServerCert());
        PSLog.v(getTag(), "serviceRootCert = " + SettingStorage.getServiceRootCert());
        ArrayList arrayList = new ArrayList();
        c cVar = g3.e.f5643c;
        arrayList.add(TlvCertificate.newBuilder(cVar.a(SettingStorage.getServerCert())).build());
        arrayList.add(TlvCertificate.newBuilder(cVar.a(SettingStorage.getServiceRootCert())).build());
        return TokenVerifier.verifyAuthAuthToken(TlvServerAuthAuthTokenAssertion.newBuilder(build, build2, build3, arrayList).build().encode());
    }
}
