package com.samsung.android.authfw.pass.Operation.Cmp;

import a0.e;
import com.samsung.android.authfw.pass.logger.PSLog;
import com.samsung.android.authfw.trustzone.TzApp;
import com.samsung.android.authfw.trustzone.tlv.TlvAuthVerifyToken;
import com.samsung.android.authfw.trustzone.tlv.TlvCryptoAlgorithm;
import com.samsung.android.authfw.trustzone.tlv.TlvGenerateKeyPairCommand;
import com.samsung.android.authfw.trustzone.tlv.TlvGenerateKeyPairResponse;
import com.samsung.android.authfw.trustzone.tlv.TlvNonce;
import com.samsung.android.authfw.trustzone.tlv.TlvPublicKey;
import com.samsung.android.authfw.trustzone.tlv.TlvWrappedPrivateKey;
import com.yessign.fido.api.yessignManager;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import signgate.core.crypto.asn1.a;

/* loaded from: classes.dex */
public class BaseTeeKeyPair {
    private static final short TAG_PASS_PUBLIC_KEY = 10519;
    private static final short TAG_PASS_WRAPPED_PRIVATE_KEY = 10520;
    private final String TAG = "BaseTeeKeyPair";
    private byte[] mRawPublicKey;
    private byte[] mRawWrappedPrivateKey;

    public boolean generate(String str, byte[] bArr, byte[] bArr2) {
        PSLog.v(this.TAG, "generate");
        if (str == null) {
            PSLog.e(this.TAG, "algorithm is null");
            return false;
        }
        byte[] generateKeyPair = generateKeyPair(str, bArr, bArr2);
        if (generateKeyPair == null || generateKeyPair.length == 0) {
            PSLog.e(this.TAG, "generate key pair error");
            return false;
        }
        ByteBuffer order = ByteBuffer.wrap(generateKeyPair, 0, generateKeyPair.length).order(ByteOrder.LITTLE_ENDIAN);
        if (order.getShort() != 10519) {
            PSLog.e(this.TAG, "TAG_PASS_PUBLIC_KEY parsing error");
            return false;
        }
        short s4 = order.getShort();
        PSLog.v(this.TAG, "decodedLength:" + ((int) s4));
        if (s4 == 0) {
            PSLog.e(this.TAG, "TAG_PASS_PUBLIC_KEY key length error");
            return false;
        }
        int i2 = s4 + 4;
        this.mRawPublicKey = Arrays.copyOfRange(order.array(), 4, i2);
        order.position(i2);
        if (order.getShort() != 10520) {
            PSLog.e(this.TAG, "TAG_PASS_WRAPPED_PRIVATE_KEY parsing error");
            return false;
        }
        short s8 = order.getShort();
        if (s8 == 0) {
            PSLog.e(this.TAG, "TAG_PASS_WRAPPED_PRIVATE_KEY key length error");
            return false;
        }
        int i6 = s4 + 8;
        this.mRawWrappedPrivateKey = Arrays.copyOfRange(order.array(), i6, s8 + i6);
        return true;
    }

    public byte[] generateKeyPair(String str, byte[] bArr, byte[] bArr2) {
        PSLog.i(this.TAG, "gkp");
        if (str != null) {
            try {
                if (str.length() != 0) {
                    if (bArr != null && bArr.length != 0) {
                        if (bArr2 != null && bArr2.length != 0) {
                            byte[] encode = TlvGenerateKeyPairCommand.newBuilder(TlvCryptoAlgorithm.newBuilder(str.getBytes(StandardCharsets.UTF_8)).build(), TlvNonce.newBuilder(bArr).build(), TlvAuthVerifyToken.newBuilder(bArr2).build()).build().encode();
                            if (encode != null && encode.length != 0) {
                                byte[] execSecurely = TzApp.getInstance().execSecurely(encode);
                                if (execSecurely.length == 0) {
                                    PSLog.e(this.TAG, "failed to securely tz-execute");
                                    return new byte[0];
                                }
                                TlvGenerateKeyPairResponse tlvGenerateKeyPairResponse = new TlvGenerateKeyPairResponse(execSecurely);
                                short statusCode = tlvGenerateKeyPairResponse.getTlvStatusCode().getStatusCode();
                                if (statusCode != 0) {
                                    PSLog.e(this.TAG, "process failed : " + ((int) statusCode));
                                    return new byte[0];
                                }
                                TlvPublicKey tlvPublicKey = tlvGenerateKeyPairResponse.getTlvPublicKey();
                                if (tlvPublicKey.getPublicKey().length == 0) {
                                    PSLog.e(this.TAG, "resultPublicKey failed");
                                    return new byte[0];
                                }
                                TlvWrappedPrivateKey tlvWrappedPrivateKey = tlvGenerateKeyPairResponse.getTlvWrappedPrivateKey();
                                if (tlvWrappedPrivateKey.getWrappedPrivateKey().length == 0) {
                                    PSLog.e(this.TAG, "resultWrappedPrivateKey failed");
                                    return new byte[0];
                                }
                                byte[] encode2 = tlvPublicKey.encode();
                                byte[] encode3 = tlvWrappedPrivateKey.encode();
                                byte[] bArr3 = new byte[encode2.length + encode3.length];
                                System.arraycopy(encode2, 0, bArr3, 0, encode2.length);
                                System.arraycopy(encode3, 0, bArr3, encode2.length, encode3.length);
                                return bArr3;
                            }
                            PSLog.e(this.TAG, "getting command failed");
                            return new byte[0];
                        }
                        PSLog.e(this.TAG, "avt is invalid");
                        return new byte[0];
                    }
                    PSLog.e(this.TAG, "nonce is invalid");
                    return new byte[0];
                }
            } catch (Exception e2) {
                e.z(e2, new StringBuilder("generate key pair failed : "), this.TAG);
                return new byte[0];
            }
        }
        PSLog.e(this.TAG, "algorithm is invalid");
        return new byte[0];
    }

    public PublicKey getPublicKey() throws NoSuchAlgorithmException, InvalidKeySpecException {
        PSLog.v(this.TAG, "getPublicKey");
        return KeyFactory.getInstance(yessignManager.ASYM_KEY_STR).generatePublic(getPublicKeySpec());
    }

    public RSAPublicKeySpec getPublicKeySpec() throws NoSuchAlgorithmException, InvalidKeySpecException {
        PSLog.v(this.TAG, "getPublicKeySpec");
        byte[] copyOfRange = Arrays.copyOfRange(this.mRawPublicKey, 0, r0.length - 3);
        byte[] bArr = this.mRawPublicKey;
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, bArr.length - 3, bArr.length);
        if ((copyOfRange[0] & a.f6for) != 0) {
            ByteBuffer allocate = ByteBuffer.allocate(copyOfRange.length + 1);
            allocate.put((byte) 0);
            allocate.put(copyOfRange);
            copyOfRange = Arrays.copyOfRange(allocate.array(), 0, allocate.position());
        }
        if ((copyOfRange2[0] & a.f6for) != 0) {
            ByteBuffer allocate2 = ByteBuffer.allocate(copyOfRange2.length + 1);
            allocate2.put((byte) 0);
            allocate2.put(copyOfRange2);
            copyOfRange2 = Arrays.copyOfRange(allocate2.array(), 0, allocate2.position());
        }
        return new RSAPublicKeySpec(new BigInteger(copyOfRange), new BigInteger(copyOfRange2));
    }

    public byte[] getRawPublicKey() {
        return this.mRawPublicKey;
    }

    public byte[] getRawWrappedPrivateKey() {
        return this.mRawWrappedPrivateKey;
    }

    public BaseTeePrivateKey getTeePrivateKey() {
        PSLog.v(this.TAG, "getTeePrivateKey");
        return new BaseTeePrivateKey(this.mRawWrappedPrivateKey);
    }
}
