package com.samsung.android.authfw.fido2.domain.interactor;

import androidx.fragment.app.FragmentActivity;
import com.google.gson.GsonBuilder;
import com.samsung.android.authfw.client.OxygenUafServiceHelperActivity;
import com.samsung.android.authfw.crosscuttingconcern.logging.Logger;
import com.samsung.android.authfw.crosscuttingconcern.tools.base64.Base64Kt;
import com.samsung.android.authfw.domain.common.shared.json.JsonUtil;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.AuthenticationExtensionsClientOutputs;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.AuthenticatorAssertionResponse;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.CollectedClientData;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.PublicKeyCredentialDescriptor;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.PublicKeyCredentialRequestOptions;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.Registry;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.UserVerificationRequirement;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.entity.PublicKeyCredentialSource;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.entity.PublicKeyCredentialSourceClient;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.exception.AbortException;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.exception.NotAllowedException;
import com.samsung.android.authfw.domain.fido2.shared.dictionary.exception.UnknownException;
import com.samsung.android.authfw.domain.fido2.util.ClientDataUtil;
import com.samsung.android.authfw.fido2.domain.authenticator.Authenticator;
import com.samsung.android.authfw.fido2.domain.authenticator.AuthenticatorDetector;
import com.samsung.android.authfw.fido2.domain.authenticator.message.AuthenticatorData;
import com.samsung.android.authfw.fido2.domain.authenticator.message.AuthenticatorExtensionsInput;
import com.samsung.android.authfw.fido2.domain.authenticator.message.AuthenticatorGetAssertion;
import com.samsung.android.authfw.fido2.domain.authenticator.message.AuthenticatorGetAssertionRequest;
import com.samsung.android.authfw.fido2.domain.authenticator.message.AuthenticatorGetAssertionResponse;
import com.samsung.android.authfw.fido2.domain.authenticator.message.AuthenticatorOptions;
import com.samsung.android.authfw.fido2.domain.util.UserVerificationRequirementUtil;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import s6.h;
import s6.n;
import s6.r;
import y7.i;

/* loaded from: classes.dex */
public final class RequestCredential extends UseCase<Param, AuthenticatorAssertionResponse> {
    public static final Companion Companion = new Companion(null);
    private static final String TAG = "RequestCredential";
    private final AuthenticatorDetector authenticatorDetector;
    private final ClientExtensionProcess clientExtensionProcess;
    private final Set<Authenticator> issuedRequests;
    private final Map<Authenticator, byte[]> savedCredentialIds;

    /* loaded from: classes.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(y7.e eVar) {
            this();
        }
    }

    /* loaded from: classes.dex */
    public static final class Param {
        private final FragmentActivity activity;
        private final PublicKeyCredentialRequestOptions option;

        public Param(FragmentActivity fragmentActivity, PublicKeyCredentialRequestOptions publicKeyCredentialRequestOptions) {
            i.f(OxygenUafServiceHelperActivity.MODE, fragmentActivity);
            i.f("option", publicKeyCredentialRequestOptions);
            this.activity = fragmentActivity;
            this.option = publicKeyCredentialRequestOptions;
        }

        public static /* synthetic */ Param copy$default(Param param, FragmentActivity fragmentActivity, PublicKeyCredentialRequestOptions publicKeyCredentialRequestOptions, int i2, Object obj) {
            if ((i2 & 1) != 0) {
                fragmentActivity = param.activity;
            }
            if ((i2 & 2) != 0) {
                publicKeyCredentialRequestOptions = param.option;
            }
            return param.copy(fragmentActivity, publicKeyCredentialRequestOptions);
        }

        public final FragmentActivity component1() {
            return this.activity;
        }

        public final PublicKeyCredentialRequestOptions component2() {
            return this.option;
        }

        public final Param copy(FragmentActivity fragmentActivity, PublicKeyCredentialRequestOptions publicKeyCredentialRequestOptions) {
            i.f(OxygenUafServiceHelperActivity.MODE, fragmentActivity);
            i.f("option", publicKeyCredentialRequestOptions);
            return new Param(fragmentActivity, publicKeyCredentialRequestOptions);
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof Param)) {
                return false;
            }
            Param param = (Param) obj;
            return i.a(this.activity, param.activity) && i.a(this.option, param.option);
        }

        public final FragmentActivity getActivity() {
            return this.activity;
        }

        public final PublicKeyCredentialRequestOptions getOption() {
            return this.option;
        }

        public int hashCode() {
            return this.option.hashCode() + (this.activity.hashCode() * 31);
        }

        public String toString() {
            return "Param(activity=" + this.activity + ", option=" + this.option + ")";
        }
    }

    public RequestCredential(AuthenticatorDetector authenticatorDetector, ClientExtensionProcess clientExtensionProcess) {
        i.f("authenticatorDetector", authenticatorDetector);
        i.f("clientExtensionProcess", clientExtensionProcess);
        this.authenticatorDetector = authenticatorDetector;
        this.clientExtensionProcess = clientExtensionProcess;
        this.issuedRequests = new LinkedHashSet();
        this.savedCredentialIds = new LinkedHashMap();
    }

    public static final r buildUseCaseObservable$lambda$0(x7.b bVar, Object obj) {
        i.f("$tmp0", bVar);
        return (r) bVar.invoke(obj);
    }

    public final void cancelRemainingAuthenticator() {
        Iterator<T> it = this.issuedRequests.iterator();
        while (it.hasNext()) {
            ((Authenticator) it.next()).authenticatorCancel();
        }
    }

    private final byte[] createClientDataHash(PublicKeyCredentialRequestOptions publicKeyCredentialRequestOptions) {
        String encodeBase64Url = Base64Kt.encodeBase64Url(publicKeyCredentialRequestOptions.getChallenge());
        ClientDataUtil.Companion companion = ClientDataUtil.Companion;
        String rpId = publicKeyCredentialRequestOptions.getRpId();
        i.c(rpId);
        CollectedClientData collectedClientData = new CollectedClientData(Registry.WEBAUTHN_GET, encodeBase64Url, companion.getCallerOrigin(rpId, publicKeyCredentialRequestOptions.getCallerOrigin()), null, false, null, 56, null);
        JsonUtil.Companion companion2 = JsonUtil.Companion;
        GsonBuilder gsonBuilder = new GsonBuilder();
        gsonBuilder.b(collectedClientData.getSerializer());
        Optional ofNullable = Optional.ofNullable(gsonBuilder.a().g(collectedClientData));
        i.c(ofNullable);
        Object orElseThrow = ofNullable.map(new a(RequestCredential$createClientDataHash$1.INSTANCE, 1)).orElseThrow(new b(1));
        i.e("orElseThrow(...)", orElseThrow);
        return (byte[]) orElseThrow;
    }

    public static final byte[] createClientDataHash$lambda$3(x7.b bVar, Object obj) {
        i.f("$tmp0", bVar);
        return (byte[]) bVar.invoke(obj);
    }

    public static final UnknownException createClientDataHash$lambda$4() {
        return new UnknownException(null, 1, null);
    }

    public final n doPostStepsBeforeInvokingAuthenticator(Param param, byte[] bArr, Authenticator authenticator) {
        this.issuedRequests.remove(authenticator);
        PublicKeyCredentialRequestOptions option = param.getOption();
        AuthenticatorGetAssertionResponse fromCbor = AuthenticatorGetAssertionResponse.Companion.fromCbor(bArr);
        AuthenticatorAssertionResponse authenticatorAssertionResponse = null;
        if (fromCbor == null) {
            throw new UnknownException(null, 1, null);
        }
        byte[] bArr2 = this.savedCredentialIds.get(authenticator);
        if (bArr2 == null) {
            PublicKeyCredentialDescriptor credential = fromCbor.getCredential();
            bArr2 = credential != null ? credential.getId() : null;
            i.c(bArr2);
        }
        byte[] bArr3 = bArr2;
        cancelRemainingAuthenticator();
        if (fromCbor.getAuthData().length != 37) {
            Logger.Companion.w$default(Logger.Companion, TAG, a0.e.j(fromCbor.getAuthData().length, "decoded byte size is wrong with "), null, 4, null);
        }
        AuthenticatorData.Companion companion = AuthenticatorData.Companion;
        AuthenticatorData decode = companion.decode(fromCbor.getAuthData());
        if (decode == null) {
            throw new IllegalStateException("Required value was null.".toString());
        }
        AuthenticationExtensionsClientOutputs processingAuthenticationAfterInvokingAuthenticator = this.clientExtensionProcess.processingAuthenticationAfterInvokingAuthenticator(decode);
        AuthenticatorData decode2 = companion.decode(fromCbor.getAuthData());
        if (decode2 != null) {
            byte[] authData = fromCbor.getAuthData();
            byte[] signature = fromCbor.getSignature();
            PublicKeyCredentialSourceClient pkcs = param.getOption().getPkcs();
            i.c(pkcs);
            byte[] userHandle = pkcs.getUserHandle();
            String encodeBase64Url = Base64Kt.encodeBase64Url(option.getChallenge());
            ClientDataUtil.Companion companion2 = ClientDataUtil.Companion;
            String rpId = option.getRpId();
            i.c(rpId);
            CollectedClientData collectedClientData = new CollectedClientData(Registry.WEBAUTHN_GET, encodeBase64Url, companion2.getCallerOrigin(rpId, option.getCallerOrigin()), null, false, null, 56, null);
            JsonUtil.Companion companion3 = JsonUtil.Companion;
            GsonBuilder gsonBuilder = new GsonBuilder();
            gsonBuilder.b(collectedClientData.getSerializer());
            Optional ofNullable = Optional.ofNullable(gsonBuilder.a().g(collectedClientData));
            i.c(ofNullable);
            Object obj = ofNullable.get();
            i.e("get(...)", obj);
            byte[] bytes = ((String) obj).getBytes(ma.a.f7529a);
            i.e("this as java.lang.String).getBytes(charset)", bytes);
            authenticatorAssertionResponse = new AuthenticatorAssertionResponse(authData, signature, userHandle, bArr3, bytes, decode2.getCounter(), processingAuthenticationAfterInvokingAuthenticator);
        }
        return n.c(authenticatorAssertionResponse);
    }

    private final n doPreStepsBeforeInvokingAuthenticator(Param param) {
        PublicKeyCredentialRequestOptions option = param.getOption();
        byte[] clientDataHash = option.getClientDataHash();
        if (clientDataHash == null) {
            clientDataHash = createClientDataHash(option);
        }
        return n.c(clientDataHash);
    }

    public final n doStepsWhenAuthenticatorIsAvailable(PublicKeyCredentialRequestOptions publicKeyCredentialRequestOptions, Authenticator authenticator, byte[] bArr) {
        n c3;
        validateAuthenticator(publicKeyCredentialRequestOptions.getUserVerification(), authenticator);
        boolean userVerification = UserVerificationRequirementUtil.Companion.getUserVerification(publicKeyCredentialRequestOptions.getUserVerification(), authenticator);
        Logger.Companion companion = Logger.Companion;
        List<PublicKeyCredentialDescriptor> allowCredentials = publicKeyCredentialRequestOptions.getAllowCredentials();
        Logger.Companion.i$default(companion, TAG, "allowCredentials size:" + (allowCredentials != null ? Integer.valueOf(allowCredentials.size()) : null), null, 4, null);
        AuthenticatorExtensionsInput processingBeforeInvokingAuthenticator = this.clientExtensionProcess.processingBeforeInvokingAuthenticator(publicKeyCredentialRequestOptions);
        List<PublicKeyCredentialDescriptor> allowCredentials2 = publicKeyCredentialRequestOptions.getAllowCredentials();
        if (allowCredentials2 == null || allowCredentials2.isEmpty()) {
            String rpId = publicKeyCredentialRequestOptions.getRpId();
            i.c(rpId);
            AuthenticatorGetAssertion authenticatorGetAssertion = new AuthenticatorGetAssertion(rpId, bArr, null, processingBeforeInvokingAuthenticator, new AuthenticatorOptions(Boolean.TRUE, Boolean.valueOf(userVerification)), null, null, null, null, 480, null);
            PublicKeyCredentialSourceClient pkcs = publicKeyCredentialRequestOptions.getPkcs();
            i.c(pkcs);
            byte[] cbor = new AuthenticatorGetAssertionRequest(authenticatorGetAssertion, new PublicKeyCredentialSource(pkcs.getCredentialId(), pkcs.getKeyHandle(), pkcs.getRpId(), pkcs.getUserHandle(), pkcs.getDisplayName(), pkcs.getIcon(), pkcs.getName(), pkcs.getSignCounter())).toCbor();
            if (cbor == null) {
                throw new UnknownException(null, 1, null);
            }
            c3 = n.c(cbor);
        } else {
            ArrayList arrayList = new ArrayList();
            d7.c cVar = new d7.c(h.b(publicKeyCredentialRequestOptions.getAllowCredentials()), new e(new RequestCredential$doStepsWhenAuthenticatorIsAvailable$2(arrayList), 0), 1);
            y6.b.b(16, "capacityHint");
            c3 = new e7.e(new e7.e(new e7.e(new d7.d(cVar), new e(new RequestCredential$doStepsWhenAuthenticatorIsAvailable$3(arrayList, this, authenticator), 1), 1), new e(new RequestCredential$doStepsWhenAuthenticatorIsAvailable$4(this, arrayList), 2), 1), new e(new RequestCredential$doStepsWhenAuthenticatorIsAvailable$5(publicKeyCredentialRequestOptions, bArr, arrayList, processingBeforeInvokingAuthenticator, true, userVerification), 3), 1);
        }
        this.issuedRequests.add(authenticator);
        return c3;
    }

    public static final Boolean doStepsWhenAuthenticatorIsAvailable$lambda$6(x7.b bVar, Object obj) {
        i.f("$tmp0", bVar);
        return (Boolean) bVar.invoke(obj);
    }

    public static final l7.n doStepsWhenAuthenticatorIsAvailable$lambda$7(x7.b bVar, Object obj) {
        i.f("$tmp0", bVar);
        return (l7.n) bVar.invoke(obj);
    }

    public static final HashSet doStepsWhenAuthenticatorIsAvailable$lambda$8(x7.b bVar, Object obj) {
        i.f("$tmp0", bVar);
        return (HashSet) bVar.invoke(obj);
    }

    public static final byte[] doStepsWhenAuthenticatorIsAvailable$lambda$9(x7.b bVar, Object obj) {
        i.f("$tmp0", bVar);
        return (byte[]) bVar.invoke(obj);
    }

    public final void handleError(Throwable th) {
        if (th instanceof AbortException) {
            cancelRemainingAuthenticator();
        }
    }

    private final h isCredentialBoundToAuthenticator(String str, PublicKeyCredentialDescriptor publicKeyCredentialDescriptor, Authenticator authenticator) {
        r lookupCredSource = authenticator.lookupCredSource(publicKeyCredentialDescriptor.getId());
        lookupCredSource.getClass();
        return new d7.c((lookupCredSource instanceof z6.a ? ((z6.a) lookupCredSource).a() : new d7.n(1, lookupCredSource)).a(new e(RequestCredential$isCredentialBoundToAuthenticator$1.INSTANCE, 4)), new e(new RequestCredential$isCredentialBoundToAuthenticator$2(str, publicKeyCredentialDescriptor), 5), 1);
    }

    public static final s6.i isCredentialBoundToAuthenticator$lambda$11(x7.b bVar, Object obj) {
        i.f("$tmp0", bVar);
        return (s6.i) bVar.invoke(obj);
    }

    public static final Boolean isCredentialBoundToAuthenticator$lambda$12(x7.b bVar, Object obj) {
        i.f("$tmp0", bVar);
        return (Boolean) bVar.invoke(obj);
    }

    public final HashSet<String> makeTransportSet(ArrayList<PublicKeyCredentialDescriptor> arrayList) {
        HashSet<String> hashSet = new HashSet<>();
        Iterator<T> it = arrayList.iterator();
        while (it.hasNext()) {
            List<String> transports = ((PublicKeyCredentialDescriptor) it.next()).getTransports();
            if (transports != null) {
                Iterator<T> it2 = transports.iterator();
                while (it2.hasNext()) {
                    hashSet.add((String) it2.next());
                }
            }
        }
        return hashSet;
    }

    public static final r postBuildUseCaseObservable$lambda$2(x7.b bVar, Object obj) {
        i.f("$tmp0", bVar);
        return (r) bVar.invoke(obj);
    }

    public static final r preBuildUseCaseObservable$lambda$1(x7.b bVar, Object obj) {
        i.f("$tmp0", bVar);
        return (r) bVar.invoke(obj);
    }

    private final void validateAuthenticator(String str, Authenticator authenticator) {
        if (i.a(str, UserVerificationRequirement.Required.INSTANCE.getValue()) && !authenticator.canPerformingUserVerification()) {
            throw new NotAllowedException(null, 1, null);
        }
    }

    @Override // com.samsung.android.authfw.fido2.domain.interactor.UseCase
    public n buildUseCaseObservable(Param param) {
        i.f("param", param);
        Logger.Companion.i$default(Logger.Companion, TAG, "build", null, 4, null);
        n doPreStepsBeforeInvokingAuthenticator = doPreStepsBeforeInvokingAuthenticator(param);
        c cVar = new c(new RequestCredential$buildUseCaseObservable$1(this, param), 29);
        doPreStepsBeforeInvokingAuthenticator.getClass();
        return new e7.e(doPreStepsBeforeInvokingAuthenticator, cVar, 0);
    }

    @Override // com.samsung.android.authfw.fido2.domain.interactor.UseCase
    public n postBuildUseCaseObservable(Param param) {
        i.f("param", param);
        Logger.Companion.i$default(Logger.Companion, TAG, "postBuildUseCaseObservable", null, 4, null);
        n doPreStepsBeforeInvokingAuthenticator = doPreStepsBeforeInvokingAuthenticator(param);
        c cVar = new c(new RequestCredential$postBuildUseCaseObservable$1(this, param), 28);
        doPreStepsBeforeInvokingAuthenticator.getClass();
        return new e7.e(doPreStepsBeforeInvokingAuthenticator, cVar, 0);
    }

    @Override // com.samsung.android.authfw.fido2.domain.interactor.UseCase
    public n preBuildUseCaseObservable(Param param) {
        i.f("param", param);
        Logger.Companion.i$default(Logger.Companion, TAG, "preBuild", null, 4, null);
        n doPreStepsBeforeInvokingAuthenticator = doPreStepsBeforeInvokingAuthenticator(param);
        c cVar = new c(new RequestCredential$preBuildUseCaseObservable$1(this, param), 27);
        doPreStepsBeforeInvokingAuthenticator.getClass();
        return new e7.e(doPreStepsBeforeInvokingAuthenticator, cVar, 0);
    }
}
