package com.samsung.android.authfw.pass.Operation.Cmp.Yessign;

import a0.e;
import android.text.TextUtils;
import com.samsung.android.authfw.pass.Operation.Cmp.BaseUtil;
import com.samsung.android.authfw.pass.Operation.Cmp.Crypto;
import com.samsung.android.authfw.pass.Operation.Cmp.ICertificateListener;
import com.samsung.android.authfw.pass.Operation.Cmp.Operation;
import com.samsung.android.authfw.pass.Operation.Cmp.RValueCache;
import com.samsung.android.authfw.pass.authentication.partner.CertificationToken;
import com.samsung.android.authfw.pass.common.utils.Encoding;
import com.samsung.android.authfw.pass.logger.PSLog;
import com.yessign.fido.api.ApiException;
import com.yessign.fido.cmp.CmpException;
import com.yessign.fido.cmp.CmpManager;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateEncodingException;
import java.util.Arrays;
import m8.b;

/* loaded from: classes.dex */
public class IssueCertificate extends Operation {
    private static final String YESSIGN_ISSUE_TAG = "IssueCertificate";
    private static final int mOpCode = 48;
    private final String mAlgorithm;
    private final String mAuthCode;
    private final String mCaAddress;
    private final String mCertTokenJson;
    private byte[] mCertificate;
    private final byte[] mMagicCode;
    private final String mRefNumber;
    private final int mUid;

    public IssueCertificate(int i2, ICertificateListener iCertificateListener, String str, String str2, String str3, String str4, byte[] bArr, int i6, String str5) {
        super(i2, iCertificateListener);
        this.mCertificate = null;
        this.mAlgorithm = str;
        this.mRefNumber = str2;
        this.mAuthCode = str3;
        this.mCaAddress = str4;
        this.mMagicCode = bArr;
        this.mUid = i6;
        this.mCertTokenJson = str5;
    }

    private void finishFlow(String str, int i2) {
        finishFlow(str, i2, null);
    }

    private void finishFlow(String str, int i2, String str2) {
        if (TextUtils.isEmpty(str)) {
            if (TextUtils.isEmpty(str2)) {
                sendResult(i2);
                return;
            } else {
                sendResult(i2, str2);
                return;
            }
        }
        if (TextUtils.isEmpty(str2)) {
            showError(str, i2);
        } else {
            PSLog.e(YESSIGN_ISSUE_TAG, str);
            sendResult(i2, str2);
        }
    }

    @Override // com.samsung.android.authfw.pass.Operation.Cmp.Operation
    public int getOpCode() {
        return 48;
    }

    @Override // com.samsung.android.authfw.pass.Operation.Cmp.Operation
    public String getTag() {
        return YESSIGN_ISSUE_TAG;
    }

    @Override // com.samsung.android.authfw.pass.Operation.Cmp.Operation, java.lang.Runnable
    public void run() {
        PSLog.i(YESSIGN_ISSUE_TAG, "yic");
        if (this.mUid == 0) {
            finishFlow("uid is null", 255);
            return;
        }
        if (TextUtils.isEmpty(this.mCertTokenJson)) {
            finishFlow("cert token is null", 255);
            return;
        }
        try {
            CertificationToken fromJson = CertificationToken.fromJson(this.mCertTokenJson);
            String str = this.mAlgorithm;
            if (str == null || str.length() == 0) {
                finishFlow("algorithm is null", 255);
                return;
            }
            String str2 = this.mRefNumber;
            if (str2 == null || str2.length() == 0) {
                finishFlow("refNumber is null", 255);
                return;
            }
            String str3 = this.mAuthCode;
            if (str3 == null || str3.length() == 0) {
                finishFlow("authCode is null", 255);
                return;
            }
            String str4 = this.mCaAddress;
            if (str4 == null || str4.length() == 0) {
                finishFlow("ca address is null", 255);
                return;
            }
            byte[] hash = Encoding.hash((fromJson.getSamsungEventId() + fromJson.getSvcEventId()).getBytes(StandardCharsets.UTF_8));
            if (hash == null) {
                finishFlow("nonce is null", 255);
                return;
            }
            byte[] fidoAuthVerifyToken = fromJson.getFidoAuthVerifyToken();
            if (fidoAuthVerifyToken == null || fidoAuthVerifyToken.length == 0) {
                finishFlow("avt is null", 255);
                return;
            }
            SpassAuthFwHandler spassAuthFwHandler = new SpassAuthFwHandler(this.mAlgorithm, hash, fidoAuthVerifyToken);
            CmpManager cmpManager = new CmpManager();
            cmpManager.setSpassHandler(spassAuthFwHandler);
            try {
                cmpManager.init();
                byte[] initCertIssue = cmpManager.initCertIssue(this.mRefNumber, this.mAuthCode);
                String[] split = this.mCaAddress.split(":");
                try {
                    YessignConnector yessignConnector = new YessignConnector(split[0], Integer.parseInt(split[1]));
                    try {
                        yessignConnector.send(initCertIssue);
                        byte[] receive = yessignConnector.receive();
                        if (receive == null) {
                            finishFlow("receiving 'GenP' fails.", 16);
                            yessignConnector.close();
                            return;
                        }
                        try {
                            try {
                                yessignConnector.send(cmpManager.requestCertIssue(receive));
                                byte[] receive2 = yessignConnector.receive();
                                if (receive2 == null) {
                                    finishFlow("receiving 'IP' fails.", 16);
                                    yessignConnector.close();
                                    return;
                                }
                                try {
                                    try {
                                        yessignConnector.send(cmpManager.finishCertIssue(receive2));
                                        yessignConnector.close();
                                        byte[] vidRandom = cmpManager.getVidRandom();
                                        byte[] copyOfRange = Arrays.copyOfRange(vidRandom, 0, vidRandom.length);
                                        byte[] bArr = Crypto.CERT_RANDOM_KEY;
                                        byte[] wrapNwData = Crypto.wrapNwData(copyOfRange, bArr, this.mUid, fromJson);
                                        if (wrapNwData == null || wrapNwData.length == 0) {
                                            finishFlow("random wrap fail", 255);
                                            return;
                                        }
                                        try {
                                            byte[] encoded = cmpManager.getCert().getEncoded();
                                            this.mCertificate = encoded;
                                            if (!BaseUtil.saveCertificate(encoded, spassAuthFwHandler.getRawWrappedPrivateKey(), wrapNwData, cmpManager.getCaPubs(), fromJson.getVerificationType().intValue(), this.mMagicCode)) {
                                                finishFlow("save cert fail", 65);
                                                return;
                                            }
                                            byte[] unwrapNwData = Crypto.unwrapNwData(BaseUtil.getWrappedRValue(this.mCertificate), bArr, this.mUid, fromJson);
                                            if (unwrapNwData == null || unwrapNwData.length == 0) {
                                                finishFlow("get rvalue fail", 255);
                                                return;
                                            }
                                            String certificateSubjectDN = BaseUtil.getCertificateSubjectDN(this.mCertificate);
                                            RValueCache.setRValue(certificateSubjectDN, unwrapNwData);
                                            BaseUtil.setLatestSubjectDN(certificateSubjectDN);
                                            cmpManager.cleanKey();
                                            finishFlow(null, 0, certificateSubjectDN);
                                        } catch (CertificateEncodingException unused) {
                                            finishFlow("handling certificate fails", 255);
                                        }
                                    } catch (IOException e2) {
                                        finishFlow(e.l(e2, new StringBuilder("sending 'Confirm' fails. ")), 16);
                                        yessignConnector.close();
                                    }
                                } catch (ApiException e10) {
                                    String message = e10.getMessage();
                                    if (e10.getCause() instanceof CmpException) {
                                        StringBuilder t5 = e.t(message, " ");
                                        t5.append(e10.getCause().getMessage());
                                        message = t5.toString();
                                    }
                                    finishFlow(b.u("finishCertIssue() fails. ", message), 64, message);
                                    yessignConnector.close();
                                }
                            } catch (IOException e11) {
                                finishFlow(e.l(e11, new StringBuilder("sending 'IR' fails. ")), 16);
                                yessignConnector.close();
                            }
                        } catch (ApiException e12) {
                            String message2 = e12.getMessage();
                            if (e12.getCause() instanceof CmpException) {
                                StringBuilder t10 = e.t(message2, " ");
                                t10.append(e12.getCause().getMessage());
                                message2 = t10.toString();
                            }
                            finishFlow(b.u("requestCertIssue() fails. ", message2), 64, message2);
                            yessignConnector.close();
                        }
                    } catch (IOException e13) {
                        finishFlow(e.l(e13, new StringBuilder("sending 'GenM' fails. ")), 16);
                        yessignConnector.close();
                    }
                } catch (IOException e14) {
                    finishFlow(e.l(e14, new StringBuilder("connection error. ")), 16);
                }
            } catch (ApiException e15) {
                finishFlow("yessign init() fails. " + e15.getMessage(), 64, e15.getMessage());
            }
        } catch (IllegalArgumentException unused2) {
            finishFlow(e.p(new StringBuilder("CertToken is invalid {"), this.mCertTokenJson, "}"), 255);
        }
    }
}
