package com.samsung.android.authfw.pass.mcmdl;

import a0.e;
import ac.a;
import com.samsung.android.authfw.pass.common.utils.Encoding;
import com.samsung.android.authfw.pass.logger.PSLog;
import com.samsung.android.authfw.sdk.pass.message.BiometricTokenExpiredException;
import com.samsung.android.authfw.sdk.pass.message.InvalidBiometricException;
import com.samsung.android.authfw.trustzone.TzApp;
import com.samsung.android.authfw.trustzone.tlv.TlvAccessToken;
import com.samsung.android.authfw.trustzone.tlv.TlvAuthVerifyToken;
import com.samsung.android.authfw.trustzone.tlv.TlvCreateRsaKeyPairCommand;
import com.samsung.android.authfw.trustzone.tlv.TlvCreateRsaKeyPairResponse;
import com.samsung.android.authfw.trustzone.tlv.TlvDeviceKeyKeyHandle;
import com.samsung.android.authfw.trustzone.tlv.TlvNonce;
import com.samsung.android.authfw.trustzone.tlv.TlvPlainData;
import com.samsung.android.authfw.trustzone.tlv.TlvPublicKey;
import com.samsung.android.authfw.trustzone.tlv.TlvRandomNumberCommand;
import com.samsung.android.authfw.trustzone.tlv.TlvRandomNumberResponse;
import com.samsung.android.authfw.trustzone.tlv.TlvRsaSignCommand;
import com.samsung.android.authfw.trustzone.tlv.TlvRsaSignResponse;
import com.samsung.android.authfw.trustzone.tlv.TlvRsaVerifyCommand;
import com.samsung.android.authfw.trustzone.tlv.TlvRsaVerifyResponse;
import com.samsung.android.authfw.trustzone.tlv.TlvSignature;
import com.samsung.android.authfw.trustzone.tlv.TlvSize;
import com.samsung.android.authfw.trustzone.tlv.TlvWrappedPrivateKey;
import ec.d;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.StringWriter;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: classes.dex */
public class MdlCryptoHelper {
    static final int ACCESS_TOKEN_LENGTH = 32;
    private static final short KEY_LEN_LENGTH = 2;
    private static final short MAX_RSA_E_LENGTH = 3;
    private static final short MAX_RSA_N_LENGTH = 256;
    private static final short PUBLIC_KEY_ENCODING_SCHEME_LENGTH = 2;
    private static final short PUBLIC_KEY_ENCODING_SCHEME_RAW = 1;
    private static final String TAG = "MdlCryptoHelper";

    /* JADX WARN: Type inference failed for: r4v7, types: [java.io.BufferedWriter, java.io.Writer, bc.b] */
    /* JADX WARN: Type inference failed for: r5v11, types: [ac.a, bc.a] */
    public static String createRSAKeys() throws InvalidBiometricException, BiometricTokenExpiredException {
        PSLog.i(TAG, "createRSAKeys");
        if (MdlCryptoInternal.isAccountKeyExist()) {
            PSLog.w(TAG, "AK is existing");
        }
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        byte[] encode = TlvCreateRsaKeyPairCommand.newBuilder(TlvAccessToken.newBuilder(bArr).build(), TlvAccessToken.newBuilder(MdlStorage.getDeviceKeyHandleAccessToken()).build(), TlvDeviceKeyKeyHandle.newBuilder(MdlStorage.getDeviceKeyHandle()).build(), TlvNonce.newBuilder(MdlStorage.getAuthVerifyTokenOnlineAccessToken()).build(), TlvAuthVerifyToken.newBuilder(MdlStorage.getAuthVerifyTokenOnline()).build()).build().encode();
        if (encode == null || encode.length == 0) {
            PSLog.e(TAG, "getting command failed");
            return "";
        }
        byte[] execSecurely = TzApp.getInstance().execSecurely(encode);
        if (execSecurely.length == 0) {
            PSLog.e(TAG, "execs failed");
            return "";
        }
        TlvCreateRsaKeyPairResponse tlvCreateRsaKeyPairResponse = new TlvCreateRsaKeyPairResponse(execSecurely);
        short statusCode = tlvCreateRsaKeyPairResponse.getTlvStatusCode().getStatusCode();
        if (statusCode != 0) {
            PSLog.e(TAG, "process failed : " + ((int) statusCode));
            MdlCryptoInternal.handleTaError(statusCode);
            return "";
        }
        ByteBuffer wrap = ByteBuffer.wrap(tlvCreateRsaKeyPairResponse.getTlvPublicKey().getPublicKey());
        wrap.order(ByteOrder.LITTLE_ENDIAN);
        if (wrap.getShort() != 1) {
            PSLog.e(TAG, "Invalid key encoding scheme found");
            return "";
        }
        byte[] bArr2 = new byte[wrap.getShort()];
        wrap.get(bArr2);
        byte[] bArr3 = new byte[wrap.getShort()];
        wrap.get(bArr3);
        PublicKey publicKey = MdlCryptoInternal.getPublicKey(bArr3, bArr2);
        if (publicKey == null) {
            PSLog.e(TAG, "getPublicKey failed");
            return "";
        }
        MdlStorage.setAccountKeyHandleAccessToken(bArr);
        MdlStorage.setAccountKeyHandle(tlvCreateRsaKeyPairResponse.getTlvWrappedPrivateKey().getWrappedPrivateKey());
        StringWriter stringWriter = new StringWriter();
        try {
            ?? bufferedWriter = new BufferedWriter(stringWriter);
            bufferedWriter.f2322a = new char[64];
            String str = d.f4843a;
            try {
                try {
                    bufferedWriter.a(new a(bc.a.c(publicKey)));
                    bufferedWriter.close();
                    return stringWriter.toString();
                } catch (Throwable th) {
                    try {
                        bufferedWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (hc.a e2) {
                Throwable th3 = e2.f6055a;
                if (th3 instanceof IOException) {
                    throw ((IOException) th3);
                }
                throw e2;
            }
        } catch (IOException unused) {
            PSLog.e(TAG, "PEM writing failed");
            return "";
        }
    }

    public static byte[] getRandomNumber(int i2) {
        PSLog.i(TAG, "getRandomNumber : length = " + i2);
        byte[] bArr = new byte[0];
        byte[] encode = TlvRandomNumberCommand.newBuilder(TlvSize.newBuilder(i2).build()).build().encode();
        if (encode == null || encode.length == 0) {
            PSLog.e(TAG, "getting command failed");
            return bArr;
        }
        byte[] execSecurely = TzApp.getInstance().execSecurely(encode);
        if (execSecurely.length == 0) {
            PSLog.e(TAG, "execs failed");
            return bArr;
        }
        TlvRandomNumberResponse tlvRandomNumberResponse = new TlvRandomNumberResponse(execSecurely);
        short statusCode = tlvRandomNumberResponse.getTlvStatusCode().getStatusCode();
        if (statusCode != 0) {
            PSLog.e(TAG, "process failed : " + ((int) statusCode));
            return bArr;
        }
        byte[] randomNumber = tlvRandomNumberResponse.getTlvRandomNumber().getRandomNumber();
        if (randomNumber != null && randomNumber.length == i2) {
            return randomNumber;
        }
        PSLog.e(TAG, "generating RN failed : " + ((int) statusCode));
        return new byte[0];
    }

    public static boolean mdlSecureRemove(String str) {
        PSLog.i(TAG, "secureRemove : key = " + str);
        return MdlStorage.remove(str);
    }

    public static boolean mdlSecureRemoveAll() {
        PSLog.i(TAG, "secureRemoveAll");
        return MdlStorage.removeAll();
    }

    public static boolean secureContainsKey(String str) {
        return MdlStorage.isExist(str);
    }

    public static List<byte[]> secureRead(List<String> list) throws InvalidBiometricException, BiometricTokenExpiredException {
        PSLog.i(TAG, "secureRead : keys size = " + list.size());
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            PSLog.i(TAG, "secureRead : key = " + it.next());
        }
        long currentTimeMillis = System.currentTimeMillis();
        List<byte[]> trySecureReadSmallContentsList = MdlCryptoInternal.trySecureReadSmallContentsList(list);
        if (trySecureReadSmallContentsList != null && trySecureReadSmallContentsList.size() == list.size()) {
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            PSLog.v(TAG, "secureRead takes " + (currentTimeMillis2 / 1000) + "." + (currentTimeMillis2 % 1000) + " seconds");
            return trySecureReadSmallContentsList;
        }
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            byte[] secureRead = secureRead(str);
            if (secureRead == null || secureRead.length == 0) {
                PSLog.e(TAG, "secureRead failed : " + str);
                return Collections.emptyList();
            }
            arrayList.add(secureRead);
        }
        long currentTimeMillis3 = System.currentTimeMillis() - currentTimeMillis;
        PSLog.v(TAG, "secureRead takes " + (currentTimeMillis3 / 1000) + "." + (currentTimeMillis3 % 1000) + " seconds");
        return arrayList;
    }

    public static byte[] secureRead(String str) throws InvalidBiometricException, BiometricTokenExpiredException {
        byte[] decodeContents;
        PSLog.i(TAG, "secureRead : key = " + str);
        long currentTimeMillis = System.currentTimeMillis();
        if (!MdlCryptoInternal.isDeviceKeyExist()) {
            PSLog.e(TAG, "DK is not found");
            return new byte[0];
        }
        if (str.equals("DPri")) {
            return MdlCryptoInternal.isAccountKeyExist() ? "DPri".getBytes(StandardCharsets.UTF_8) : new byte[0];
        }
        byte[] read = MdlStorage.read(str);
        if (read.length == 0) {
            PSLog.i(TAG, "No value found");
            return new byte[0];
        }
        ByteBuffer wrap = ByteBuffer.wrap(read);
        wrap.order(ByteOrder.LITTLE_ENDIAN);
        int i2 = wrap.getInt();
        byte[] copyOfRange = Arrays.copyOfRange(wrap.array(), wrap.position(), wrap.limit());
        if (i2 == 1) {
            decodeContents = MdlCryptoInternal.decodeContents(str, copyOfRange);
        } else if (i2 == 2) {
            decodeContents = MdlCryptoInternal.decodeBigContents(str, copyOfRange);
        } else if (i2 != 3) {
            PSLog.e(TAG, "invalid format found : " + i2);
            decodeContents = new byte[0];
        } else {
            decodeContents = MdlCryptoInternal.decodeBigContentsWithFastMode(str, copyOfRange);
        }
        if (decodeContents == null || decodeContents.length == 0) {
            PSLog.e(TAG, "decoding failed");
            return new byte[0];
        }
        long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
        StringBuilder u10 = e.u("secureRead(", str, " : ");
        u10.append(decodeContents.length / 1024);
        u10.append(".");
        u10.append(decodeContents.length % 1024);
        u10.append(" KB) takes ");
        u10.append(currentTimeMillis2 / 1000);
        u10.append(".");
        u10.append(currentTimeMillis2 % 1000);
        u10.append(" seconds");
        PSLog.v(TAG, u10.toString());
        return decodeContents;
    }

    public static boolean secureStore(String str, byte[] bArr) throws InvalidBiometricException, BiometricTokenExpiredException {
        PSLog.i(TAG, "secureStore : key = " + str);
        long currentTimeMillis = System.currentTimeMillis();
        if (!MdlCryptoInternal.ensureCreateDeviceKey()) {
            PSLog.d(TAG, "ensureCreateDeviceKey failed");
            return false;
        }
        byte[] encodeBigContentsWithFastMode = bArr.length > 12288 ? MdlCryptoInternal.encodeBigContentsWithFastMode(str, bArr) : bArr.length > 6144 ? MdlCryptoInternal.encodeBigContents(str, bArr) : MdlCryptoInternal.encodeContents(str, bArr);
        if (encodeBigContentsWithFastMode.length == 0) {
            PSLog.e(TAG, "generating contents failed");
            return false;
        }
        boolean store = MdlStorage.store(str, encodeBigContentsWithFastMode);
        long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
        StringBuilder u10 = e.u("secureStore(", str, " : ");
        u10.append(bArr.length / 1024);
        u10.append(".");
        u10.append(bArr.length % 1024);
        u10.append(" KB) takes ");
        u10.append(currentTimeMillis2 / 1000);
        u10.append(".");
        u10.append(currentTimeMillis2 % 1000);
        u10.append(" seconds");
        PSLog.v(TAG, u10.toString());
        return store;
    }

    public static boolean secureStore(Map<String, byte[]> map) throws InvalidBiometricException, BiometricTokenExpiredException {
        PSLog.i(TAG, "secureStore : keyValuePairs size = " + map.size());
        Iterator<String> it = map.keySet().iterator();
        while (it.hasNext()) {
            PSLog.i(TAG, "secureStore : key = " + it.next());
        }
        long currentTimeMillis = System.currentTimeMillis();
        if (MdlCryptoInternal.trySecureStoreSmallContentsList(map)) {
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            PSLog.v(TAG, "secureStore takes " + (currentTimeMillis2 / 1000) + "." + (currentTimeMillis2 % 1000) + " seconds");
            return true;
        }
        for (Map.Entry<String, byte[]> entry : map.entrySet()) {
            if (!secureStore(entry.getKey(), entry.getValue())) {
                PSLog.e(TAG, "secureStore failed : " + entry.getKey());
                return false;
            }
        }
        long currentTimeMillis3 = System.currentTimeMillis() - currentTimeMillis;
        PSLog.v(TAG, "secureStore takes " + (currentTimeMillis3 / 1000) + "." + (currentTimeMillis3 % 1000) + " seconds");
        return false;
    }

    public static byte[] sign(byte[] bArr) throws InvalidBiometricException, BiometricTokenExpiredException {
        PSLog.i(TAG, "sign : " + bArr.length);
        PSLog.d(TAG, "sign data = ".concat(new String(bArr, StandardCharsets.UTF_8)));
        byte[] bArr2 = new byte[0];
        if (!MdlCryptoInternal.isDeviceKeyExist()) {
            PSLog.e(TAG, "DK is not found");
            return bArr2;
        }
        if (!MdlCryptoInternal.isAccountKeyExist()) {
            PSLog.e(TAG, "AK is not found");
            return bArr2;
        }
        byte[] encode = TlvRsaSignCommand.newBuilder(TlvPlainData.newBuilder(Encoding.hash(bArr)).build(), TlvAccessToken.newBuilder(MdlStorage.getAccountKeyHandleAccessToken()).build(), TlvWrappedPrivateKey.newBuilder(MdlStorage.getAccountKeyHandle()).build(), TlvAccessToken.newBuilder(MdlStorage.getDeviceKeyHandleAccessToken()).build(), TlvDeviceKeyKeyHandle.newBuilder(MdlStorage.getDeviceKeyHandle()).build(), TlvNonce.newBuilder(MdlStorage.getAuthVerifyTokenOnlineAccessToken()).build(), TlvAuthVerifyToken.newBuilder(MdlStorage.getAuthVerifyTokenOnline()).build()).build().encode();
        if (encode == null || encode.length == 0) {
            PSLog.e(TAG, "getting command failed");
            return bArr2;
        }
        byte[] execSecurely = TzApp.getInstance().execSecurely(encode);
        if (execSecurely.length == 0) {
            PSLog.e(TAG, "execs failed");
            return bArr2;
        }
        TlvRsaSignResponse tlvRsaSignResponse = new TlvRsaSignResponse(execSecurely);
        short statusCode = tlvRsaSignResponse.getTlvStatusCode().getStatusCode();
        if (statusCode == 0) {
            return tlvRsaSignResponse.getTlvSignature().getSignature();
        }
        PSLog.e(TAG, "process failed : " + ((int) statusCode));
        MdlCryptoInternal.handleTaError(statusCode);
        return bArr2;
    }

    public static boolean verify(byte[] bArr, byte[] bArr2, PublicKey publicKey) {
        PSLog.i(TAG, "verify : " + bArr.length + " : " + bArr2.length);
        PSLog.d(TAG, "verify data = ".concat(new String(bArr, StandardCharsets.UTF_8)));
        TlvPlainData build = TlvPlainData.newBuilder(Encoding.hash(bArr)).build();
        TlvSignature build2 = TlvSignature.newBuilder(bArr2).build();
        RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
        byte[] convertBigIntegerToByteArray = MdlCryptoInternal.convertBigIntegerToByteArray(rSAPublicKey.getPublicExponent());
        byte[] convertBigIntegerToByteArray2 = MdlCryptoInternal.convertBigIntegerToByteArray(rSAPublicKey.getModulus());
        ByteBuffer allocate = ByteBuffer.allocate(265);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        allocate.putShort((short) 1);
        allocate.putShort((short) convertBigIntegerToByteArray.length);
        allocate.put(Arrays.copyOf(convertBigIntegerToByteArray, 3));
        allocate.putShort((short) convertBigIntegerToByteArray2.length);
        allocate.put(Arrays.copyOf(convertBigIntegerToByteArray2, 256));
        byte[] encode = TlvRsaVerifyCommand.newBuilder(build, build2, TlvPublicKey.newBuilder(allocate.array()).build()).build().encode();
        if (encode == null || encode.length == 0) {
            PSLog.e(TAG, "getting command failed");
            return false;
        }
        byte[] execSecurely = TzApp.getInstance().execSecurely(encode);
        if (execSecurely.length == 0) {
            PSLog.e(TAG, "execs failed");
            return false;
        }
        short statusCode = new TlvRsaVerifyResponse(execSecurely).getTlvStatusCode().getStatusCode();
        if (statusCode == 0) {
            PSLog.v(TAG, "Verification success : " + ((int) statusCode));
            return true;
        }
        PSLog.e(TAG, "process failed : " + ((int) statusCode));
        return false;
    }
}
