package com.samsung.android.authfw.pass.authentication.pass;

import android.content.Intent;
import android.support.v4.media.session.f;
import android.text.TextUtils;
import com.samsung.android.authfw.common.utils.HashUtil;
import com.samsung.android.authfw.pass.authentication.AuthenticateOperation;
import com.samsung.android.authfw.pass.authentication.IAuthenticateListener;
import com.samsung.android.authfw.pass.authentication.fido.ClientAuthenticate;
import com.samsung.android.authfw.pass.common.PolicyScheme;
import com.samsung.android.authfw.pass.common.utils.Encoding;
import com.samsung.android.authfw.pass.common.utils.Preconditions;
import com.samsung.android.authfw.pass.logger.PSLog;
import com.samsung.android.authfw.pass.mcmdl.MdlStorage;
import com.samsung.android.authfw.pass.signature.TokenVerifier;
import com.samsung.android.authfw.pass.storage.KeyStorage;
import com.samsung.android.authfw.pass.storage.SettingStorage;
import com.samsung.android.authfw.trustzone.TzApp;
import com.samsung.android.authfw.trustzone.tlv.Tag;
import com.samsung.android.authfw.trustzone.tlv.TlvAuthAuthToken;
import com.samsung.android.authfw.trustzone.tlv.TlvCertificate;
import com.samsung.android.authfw.trustzone.tlv.TlvNonce;
import com.samsung.android.authfw.trustzone.tlv.TlvServerAuthAuthTokenAssertion;
import com.samsung.android.authfw.trustzone.tlv.TlvServerCryptoAuthTokenAssertion;
import com.samsung.android.authfw.trustzone.tlv.TlvSignature;
import com.samsung.android.authfw.trustzone.tlv.TlvVerifyCryptoAuthTokenCommand;
import com.samsung.android.authfw.trustzone.tlv.TlvVerifyCryptoAuthTokenResponse;
import com.sec.android.fido.uaf.message.internal.tag.uafv1tlv.TlvAuthAssertion;
import com.sec.android.fido.uaf.message.internal.tag.uafv1tlv.TlvExtension;
import com.sec.android.fido.uaf.message.internal.tag.uafv1tlv.TlvSignedData;
import com.sec.android.fido.uaf.message.protocol.AuthenticationResponseList;
import com.sec.android.fido.uaf.message.protocol.UafMessage;
import g3.c;
import g3.e;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/* loaded from: classes.dex */
public class Authenticate extends AuthOperation {
    private static final String TAG = "Authenticate";
    private byte[] mAuthAuthToken;
    private byte[] mCryptoAuthToken;
    private boolean mIsMdl;
    private final byte[] mWrappedData;

    public Authenticate(int i2, int i6, String str, byte[] bArr, IAuthenticateListener iAuthenticateListener, boolean z10) {
        super(i2, i6, str, iAuthenticateListener);
        this.mCryptoAuthToken = null;
        this.mAuthAuthToken = null;
        this.mWrappedData = bArr;
        this.mIsMdl = z10;
    }

    private boolean createCryptoAuthToken(Intent intent) {
        try {
            String stringExtra = intent.getStringExtra("message");
            try {
                String uafProtocolMessage = UafMessage.fromJson(stringExtra).getUafProtocolMessage();
                try {
                    TlvSignedData tlvSignedData = new TlvAuthAssertion(e.f5644d.g().a(AuthenticationResponseList.fromJson(uafProtocolMessage).getAuthenticationResponseList().get(0).getAuthSignAssertionList().get(0).getAssertion())).getTlvSignedData();
                    if (tlvSignedData == null) {
                        PSLog.e(TAG, "tlvSignedData is null");
                        return false;
                    }
                    List<TlvExtension> tlvExtensionList = tlvSignedData.getTlvExtensionList();
                    if (tlvExtensionList == null) {
                        PSLog.e(TAG, "tlvExtensions is null");
                        return false;
                    }
                    this.mCryptoAuthToken = null;
                    for (TlvExtension tlvExtension : tlvExtensionList) {
                        String str = new String(tlvExtension.getTlvExtensionId().getId(), StandardCharsets.UTF_8);
                        if (str.equals("SEC_EXT_PASS_AAT")) {
                            this.mAuthAuthToken = tlvExtension.encode();
                            PSLog.v(getTag(), "found aat");
                            return true;
                        }
                        if (str.equals("SEC_EXT_PASS_CAT")) {
                            this.mCryptoAuthToken = tlvExtension.getTlvExtensionData().getData();
                            PSLog.v(TAG, "found cat");
                            return true;
                        }
                    }
                    return true;
                } catch (IllegalArgumentException | IllegalStateException unused) {
                    PSLog.e(TAG, "AuthenticationResponseList.fromJson(protocolMessage=" + uafProtocolMessage + ") occurred IllegalStateException.");
                    return false;
                }
            } catch (IllegalArgumentException | IllegalStateException unused2) {
                PSLog.e(TAG, "UafMessage.fromJson(message=" + stringExtra + ") occurred IllegalStateException.");
                return false;
            }
        } catch (Exception e2) {
            PSLog.v(TAG, "Not found cat : " + e2.getMessage());
            return true;
        }
    }

    private Map<String, String> makeAuthnrExtensions() {
        PSLog.v(getTag(), "makeMdlAuthnrExtensions");
        Preconditions.checkArgument(!TextUtils.isEmpty(getSamsungEventId()), "samsung event id is invalid");
        HashMap hashMap = new HashMap();
        hashMap.put("SEC_EXT_PASS_CAT", getPrepareToken().getSamsungEventId());
        return hashMap;
    }

    private Map<String, String> makeMdlAuthnrExtensions() {
        PSLog.v(getTag(), "makeMdlAuthnrExtensions");
        Preconditions.checkArgument(!TextUtils.isEmpty(getSamsungEventId()), "samsung event id is invalid");
        HashMap hashMap = new HashMap();
        ByteBuffer allocate = ByteBuffer.allocate(36);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        allocate.put(HashUtil.digest(getSamsungEventId().getBytes(Charset.forName("UTF-8")), "SHA-256"));
        int policy = PolicyScheme.newBuilder().build().getPolicy();
        PSLog.v(getTag(), "policy = " + PolicyScheme.stringValueOf(policy));
        allocate.putInt(policy);
        hashMap.put("SEC_EXT_PASS_AAT", e.f5644d.g().c(allocate.array()));
        return hashMap;
    }

    private void verifyAuthAuthToken(String str) {
        f.g(str != null && str.length() > 0);
        f.g(getSamsungEventId().length() > 0);
        c cVar = e.f5643c;
        byte[] a3 = cVar.a(str);
        byte[] digest = HashUtil.digest(getSamsungEventId().getBytes(Charset.forName("UTF-8")), "SHA-256");
        TlvNonce build = TlvNonce.newBuilder(digest).build();
        TlvAuthAuthToken build2 = TlvAuthAuthToken.newBuilder(this.mAuthAuthToken).build();
        TlvSignature build3 = TlvSignature.newBuilder(a3).build();
        PSLog.v(getTag(), "serverCert = " + SettingStorage.getServerCert());
        PSLog.v(getTag(), "serviceRootCert = " + SettingStorage.getServiceRootCert());
        ArrayList arrayList = new ArrayList();
        arrayList.add(TlvCertificate.newBuilder(cVar.a(SettingStorage.getServerCert())).build());
        arrayList.add(TlvCertificate.newBuilder(cVar.a(SettingStorage.getServiceRootCert())).build());
        byte[] verifyAuthAuthToken = TokenVerifier.verifyAuthAuthToken(TlvServerAuthAuthTokenAssertion.newBuilder(build, build2, build3, arrayList).build().encode());
        MdlStorage.setAuthVerifyTokenOnlineAccessToken(digest);
        MdlStorage.setAuthVerifyTokenOnline(verifyAuthAuthToken);
    }

    private void verifyCryptoAuthToken() {
        byte[] bytes = "Not supported yet".getBytes(Charset.forName("UTF-8"));
        ByteBuffer allocate = ByteBuffer.allocate(this.mCryptoAuthToken.length + 12 + bytes.length);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        allocate.putShort(Tag.TAG_PASS_SERVER_CRYPTO_AUTH_TOKEN_ASSERTION);
        allocate.putShort((short) (this.mCryptoAuthToken.length + 8 + bytes.length));
        allocate.putShort(Tag.TAG_PASS_CRYPTO_AUTH_TOKEN);
        allocate.putShort((short) this.mCryptoAuthToken.length);
        allocate.put(this.mCryptoAuthToken);
        allocate.putShort(Tag.TAG_PASS_SIGNATURE);
        allocate.putShort((short) bytes.length);
        allocate.put(bytes);
        verifyCryptoAuthToken(Arrays.copyOfRange(allocate.array(), 0, allocate.position()));
    }

    private void verifyCryptoAuthToken(byte[] bArr) {
        String str = TAG;
        PSLog.i(str, "vcat start");
        if (bArr.length == 0) {
            PSLog.e(str, "input data is invalid");
            return;
        }
        try {
            byte[] encode = TlvVerifyCryptoAuthTokenCommand.newBuilder(new TlvServerCryptoAuthTokenAssertion(bArr)).build().encode();
            if (encode != null && encode.length != 0) {
                byte[] execSecurely = TzApp.getInstance().execSecurely(encode);
                if (execSecurely.length == 0) {
                    PSLog.e(str, "failed to securely tz-execute");
                    return;
                }
                TlvVerifyCryptoAuthTokenResponse tlvVerifyCryptoAuthTokenResponse = new TlvVerifyCryptoAuthTokenResponse(execSecurely);
                short statusCode = tlvVerifyCryptoAuthTokenResponse.getTlvStatusCode().getStatusCode();
                if (statusCode != 0) {
                    PSLog.e(str, "process failed : " + ((int) statusCode));
                    return;
                } else {
                    byte[] cryptoVerifyToken = tlvVerifyCryptoAuthTokenResponse.getTlvCryptoVerifyToken().getCryptoVerifyToken();
                    if (cryptoVerifyToken != null && cryptoVerifyToken.length != 0) {
                        KeyStorage.setCryptoVerifyTokenOnline(Encoding.Base64Url.encode(cryptoVerifyToken));
                        return;
                    }
                    PSLog.e(str, "cvto is null");
                    return;
                }
            }
            PSLog.e(str, "getting command failed");
        } catch (Exception e2) {
            a0.e.z(e2, new StringBuilder("verifyCryptoAuthToken failed : "), TAG);
        }
    }

    @Override // com.samsung.android.authfw.pass.authentication.pass.AuthOperation
    public void doFidoClientOperation() {
        PSLog.v(TAG, "For CAT : Pass authenticate");
        try {
            new ClientAuthenticate(getAppId(), getAppVersion(), getAppCertHash(), getPrepareToken().getSamsungEventId(), getVerificationType(), getPrepareToken().getUafRequest(), this.mWrappedData, this.mIsMdl ? makeMdlAuthnrExtensions() : makeAuthnrExtensions(), new AuthenticateOperation.FidoClientOperationCallback(this)).request();
        } catch (IllegalArgumentException e2) {
            PSLog.e(TAG, "IllegalArgumentException : " + e2.getMessage());
            a0.e.x(255, getEventHandler(), 3);
        }
    }

    @Override // com.samsung.android.authfw.pass.authentication.pass.AuthOperation
    public void doPassOperation(String str) {
        try {
            byte[] bArr = this.mAuthAuthToken;
            if (bArr != null && bArr.length > 0) {
                verifyAuthAuthToken(str);
            }
            byte[] bArr2 = this.mCryptoAuthToken;
            if (bArr2 != null && bArr2.length > 0) {
                verifyCryptoAuthToken();
            }
        } catch (Exception e2) {
            a0.e.z(e2, new StringBuilder("processing aat/cat failed : "), getTag());
        }
        getEventHandler().obtainMessage(1, null).sendToTarget();
    }

    @Override // com.samsung.android.authfw.pass.authentication.AuthenticateOperation
    public void doUafResponse(Intent intent) {
        if (createCryptoAuthToken(intent)) {
            super.doUafResponse(intent);
        } else {
            a0.e.x(255, getEventHandler(), 3);
        }
    }

    @Override // com.samsung.android.authfw.pass.authentication.AuthenticateOperation
    public String getFidoOperationType() {
        return "Auth";
    }

    @Override // com.samsung.android.authfw.pass.authentication.AuthenticateOperation
    public String getTag() {
        return TAG;
    }
}
