package com.samsung.android.authfw.pass;

import com.samsung.android.authfw.pass.logger.PSLog;
import com.samsung.android.authfw.sdk.pass.message.AccessDeniedException;
import com.samsung.android.authfw.sdk.pass.message.GenerateKeyPairRequest;
import com.samsung.android.authfw.sdk.pass.message.GenerateKeyPairResponse;
import com.samsung.android.authfw.sdk.pass.message.InvalidBiometricException;
import com.samsung.android.authfw.sdk.pass.message.SignRequest;
import com.samsung.android.authfw.sdk.pass.message.SignResponse;
import com.samsung.android.authfw.sdk.pass.message.UnwrapNwDataRequest;
import com.samsung.android.authfw.sdk.pass.message.UnwrapNwDataResponse;
import com.samsung.android.authfw.sdk.pass.message.WrapNwDataRequest;
import com.samsung.android.authfw.sdk.pass.message.WrapNwDataResponse;
import com.samsung.android.authfw.trustzone.TzApp;
import com.samsung.android.authfw.trustzone.tlv.TlvAuthVerifyToken;
import com.samsung.android.authfw.trustzone.tlv.TlvCryptoAlgorithm;
import com.samsung.android.authfw.trustzone.tlv.TlvGenerateKeyPairCommand;
import com.samsung.android.authfw.trustzone.tlv.TlvGenerateKeyPairResponse;
import com.samsung.android.authfw.trustzone.tlv.TlvKeyPolicy;
import com.samsung.android.authfw.trustzone.tlv.TlvKeyType;
import com.samsung.android.authfw.trustzone.tlv.TlvNonce;
import com.samsung.android.authfw.trustzone.tlv.TlvPlainData;
import com.samsung.android.authfw.trustzone.tlv.TlvPublicKey;
import com.samsung.android.authfw.trustzone.tlv.TlvSignCommand;
import com.samsung.android.authfw.trustzone.tlv.TlvSignResponse;
import com.samsung.android.authfw.trustzone.tlv.TlvUnwrapNwDataCommand;
import com.samsung.android.authfw.trustzone.tlv.TlvUnwrapNwDataResponse;
import com.samsung.android.authfw.trustzone.tlv.TlvUviPolicy;
import com.samsung.android.authfw.trustzone.tlv.TlvWrapNwDataCommand;
import com.samsung.android.authfw.trustzone.tlv.TlvWrapNwDataResponse;
import com.samsung.android.authfw.trustzone.tlv.TlvWrappedData;
import com.samsung.android.authfw.trustzone.tlv.TlvWrappedPrivateKey;
import java.nio.charset.StandardCharsets;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class PassCmpOperation {
    private static final String TAG = "PassCmpOperation";

    private PassCmpOperation() {
        throw new AssertionError();
    }

    public static String generateKeyPair(String str) {
        GenerateKeyPairRequest fromJson = GenerateKeyPairRequest.fromJson(str);
        String str2 = TAG;
        PSLog.i(str2, "gkp");
        try {
            byte[] encode = TlvGenerateKeyPairCommand.newBuilder(TlvCryptoAlgorithm.newBuilder(fromJson.getAlgorithm().getBytes(StandardCharsets.UTF_8)).build(), TlvNonce.newBuilder(fromJson.getNonce()).build(), TlvAuthVerifyToken.newBuilder(fromJson.getAuthVerifyToken()).build()).build().encode();
            if (encode != null && encode.length != 0) {
                byte[] execSecurely = TzApp.getInstance().execSecurely(encode);
                if (execSecurely.length == 0) {
                    PSLog.e(str2, "failed to securely tz-execute");
                    return "";
                }
                TlvGenerateKeyPairResponse tlvGenerateKeyPairResponse = new TlvGenerateKeyPairResponse(execSecurely);
                short statusCode = tlvGenerateKeyPairResponse.getTlvStatusCode().getStatusCode();
                if (statusCode != 0) {
                    PSLog.e(str2, "process failed : " + ((int) statusCode));
                    return "";
                }
                TlvPublicKey tlvPublicKey = tlvGenerateKeyPairResponse.getTlvPublicKey();
                if (tlvPublicKey.getPublicKey().length == 0) {
                    PSLog.e(str2, "resultPublicKey failed");
                    return "";
                }
                TlvWrappedPrivateKey tlvWrappedPrivateKey = tlvGenerateKeyPairResponse.getTlvWrappedPrivateKey();
                if (tlvWrappedPrivateKey.getWrappedPrivateKey().length == 0) {
                    PSLog.e(str2, "resultWrappedPrivateKey failed");
                    return "";
                }
                byte[] encode2 = tlvPublicKey.encode();
                byte[] encode3 = tlvWrappedPrivateKey.encode();
                byte[] bArr = new byte[encode2.length + encode3.length];
                System.arraycopy(encode2, 0, bArr, 0, encode2.length);
                System.arraycopy(encode3, 0, bArr, encode2.length, encode3.length);
                return GenerateKeyPairResponse.newBuilder(bArr).build().toJson();
            }
            PSLog.e(str2, "getting command failed");
            return "";
        } catch (Exception e2) {
            a0.e.z(e2, new StringBuilder("generate key pair failed : "), TAG);
            return "";
        }
    }

    private static void handleTaError(int i2) throws InvalidBiometricException, AccessDeniedException {
        handleTaErrorForInvalidBiometricException(i2);
        handleTaErrorForAccessDeniedException(i2);
    }

    private static void handleTaErrorForAccessDeniedException(int i2) throws AccessDeniedException {
        if (i2 != 2) {
            return;
        }
        PSLog.e(TAG, "AccessDeniedException is triggered");
        throw new AccessDeniedException("Access via biometric authentication is denied. Make sure the user is the correct authentication method.");
    }

    private static void handleTaErrorForInvalidBiometricException(int i2) throws InvalidBiometricException {
        if (i2 != 4) {
            return;
        }
        PSLog.e(TAG, "InvalidBiometricException is triggered");
        throw new InvalidBiometricException("Invalid biometric found due to UVI mismatch, which means that all contents on secure storage have been revoked and invalidated. After removing all of them, they need to be newly stored again");
    }

    public static String sign(String str) throws InvalidBiometricException, AccessDeniedException {
        SignRequest fromJson = SignRequest.fromJson(str);
        String algorithm = fromJson.getAlgorithm();
        byte[] plainData = fromJson.getPlainData();
        byte[] wrappedPrivateKey = fromJson.getWrappedPrivateKey();
        byte[] rawPublicKey = fromJson.getRawPublicKey();
        byte[] nonce = fromJson.getNonce();
        byte[] authVerifyToken = fromJson.getAuthVerifyToken();
        int keyPolicy = fromJson.getKeyPolicy();
        boolean allowMultiMatch = fromJson.getAllowMultiMatch();
        String str2 = TAG;
        PSLog.i(str2, "sign");
        if (algorithm != null) {
            try {
                if (algorithm.length() != 0) {
                    TlvSignCommand.Builder newBuilder = TlvSignCommand.newBuilder(TlvCryptoAlgorithm.newBuilder(algorithm.getBytes(StandardCharsets.UTF_8)).build(), TlvPlainData.newBuilder(plainData).build(), TlvWrappedPrivateKey.newBuilder(wrappedPrivateKey).build(), TlvPublicKey.newBuilder(rawPublicKey).build(), TlvNonce.newBuilder(nonce).build(), TlvAuthVerifyToken.newBuilder(authVerifyToken).build(), TlvKeyPolicy.newBuilder(keyPolicy).build());
                    if (allowMultiMatch) {
                        newBuilder.setTlvUviPolicy(TlvUviPolicy.newBuilder(1).build());
                    }
                    byte[] encode = newBuilder.build().encode();
                    if (encode != null && encode.length != 0) {
                        byte[] execSecurely = TzApp.getInstance().execSecurely(encode);
                        if (execSecurely.length == 0) {
                            PSLog.e(str2, "failed to securely tz-execute");
                            return "";
                        }
                        TlvSignResponse tlvSignResponse = new TlvSignResponse(execSecurely);
                        short statusCode = tlvSignResponse.getTlvStatusCode().getStatusCode();
                        if (statusCode != 0) {
                            if (allowMultiMatch) {
                                handleTaError(statusCode);
                            }
                            return "";
                        }
                        byte[] signature = tlvSignResponse.getTlvSignature().getSignature();
                        if (signature.length != 0) {
                            return SignResponse.newBuilder(signature).build().toJson();
                        }
                        PSLog.e(str2, "resultAlgorithm failed");
                        return "";
                    }
                    PSLog.e(str2, "getting command failed");
                    return "";
                }
            } catch (AccessDeniedException | InvalidBiometricException e2) {
                throw e2;
            } catch (Exception e10) {
                a0.e.z(e10, new StringBuilder("sign failed : "), TAG);
                return "";
            }
        }
        PSLog.e(str2, "algorithm is invalid");
        return "";
    }

    public static synchronized String unwrapNwData(String str) {
        synchronized (PassCmpOperation.class) {
            UnwrapNwDataRequest fromJson = UnwrapNwDataRequest.fromJson(str);
            try {
                byte[] encode = TlvUnwrapNwDataCommand.newBuilder(TlvWrappedData.newBuilder(fromJson.getWrappedData()).build(), TlvKeyType.newBuilder(fromJson.getKeyType()).build(), TlvNonce.newBuilder(fromJson.getNonce()).build(), TlvAuthVerifyToken.newBuilder(fromJson.getAuthVerifyToken()).build()).build().encode();
                if (encode != null && encode.length != 0) {
                    byte[] execSecurely = TzApp.getInstance().execSecurely(encode);
                    if (execSecurely.length == 0) {
                        return "";
                    }
                    TlvUnwrapNwDataResponse tlvUnwrapNwDataResponse = new TlvUnwrapNwDataResponse(execSecurely);
                    if (tlvUnwrapNwDataResponse.getTlvStatusCode().getStatusCode() != 0) {
                        return "";
                    }
                    byte[] plainData = tlvUnwrapNwDataResponse.getTlvPlainData().getPlainData();
                    if (plainData != null && plainData.length != 0) {
                        return UnwrapNwDataResponse.newBuilder(plainData).build().toJson();
                    }
                    return "";
                }
                return "";
            } catch (Exception unused) {
                return "";
            }
        }
    }

    public static synchronized String wrapNwData(String str) {
        synchronized (PassCmpOperation.class) {
            WrapNwDataRequest fromJson = WrapNwDataRequest.fromJson(str);
            try {
                byte[] encode = TlvWrapNwDataCommand.newBuilder(TlvPlainData.newBuilder(fromJson.getPlainData()).build(), TlvKeyType.newBuilder(fromJson.getKeyType()).build(), TlvNonce.newBuilder(fromJson.getNonce()).build(), TlvAuthVerifyToken.newBuilder(fromJson.getAuthVerifyToken()).build()).build().encode();
                if (encode != null && encode.length != 0) {
                    byte[] execSecurely = TzApp.getInstance().execSecurely(encode);
                    if (execSecurely.length == 0) {
                        return "";
                    }
                    TlvWrapNwDataResponse tlvWrapNwDataResponse = new TlvWrapNwDataResponse(execSecurely);
                    if (tlvWrapNwDataResponse.getTlvStatusCode().getStatusCode() != 0) {
                        return "";
                    }
                    byte[] wrappedData = tlvWrapNwDataResponse.getTlvWrappedData().getWrappedData();
                    if (wrappedData.length == 0) {
                        return "";
                    }
                    return WrapNwDataResponse.newBuilder(wrappedData).build().toJson();
                }
                return "";
            } catch (Exception unused) {
                return "";
            }
        }
    }
}
