package com.samsung.android.authfw.pass.Operation.Cmp;

import android.util.Base64;
import com.samsung.android.authfw.pass.common.KeyScheme;
import com.samsung.android.authfw.pass.common.PolicyScheme;
import com.samsung.android.authfw.pass.common.args.AdditionalData;
import com.samsung.android.authfw.pass.common.utils.Encoding;
import com.samsung.android.authfw.pass.logger.PSLog;
import com.samsung.android.authfw.pass.storage.KeyInfoStorage;
import com.samsung.android.authfw.pass.storage.db.KeyInfo;
import java.io.IOException;
import java.nio.charset.Charset;

/* loaded from: classes.dex */
public class ContinuousSign {
    private static final String TAG = "ContinuousSign";
    private final String mAdditionalData;
    private final String mAppGroupId;
    private final String mAppHash;
    private final String mAuthType;
    private final byte[] mCertificate;
    private final byte[] mPlainData;
    private final String mSvcUserId;

    public ContinuousSign(byte[] bArr, byte[] bArr2, String str, String str2, String str3, String str4, String str5) {
        this.mPlainData = bArr;
        this.mCertificate = bArr2;
        this.mAppGroupId = str;
        this.mAppHash = str2;
        this.mSvcUserId = str3;
        this.mAuthType = str4;
        this.mAdditionalData = str5;
    }

    public synchronized byte[] getSignature() {
        int i2;
        int i6;
        String str = TAG;
        PSLog.i(str, "csi");
        String str2 = this.mAdditionalData;
        if (str2 == null || str2.length() == 0) {
            PSLog.e(str, "additionalData is invalid");
            return new byte[0];
        }
        try {
            AdditionalData fromJson = AdditionalData.fromJson(this.mAdditionalData);
            if (!KeyScheme.contains(fromJson.getKeyScheme())) {
                PSLog.e(str, "not supported key scheme");
                return new byte[0];
            }
            try {
                i2 = Integer.valueOf(fromJson.getCertificateScheme()).intValue();
            } catch (NumberFormatException unused) {
                i2 = 0;
            }
            if (i2 != 2) {
                PSLog.e(TAG, "not supported certificate scheme");
                return new byte[0];
            }
            try {
                i6 = Integer.valueOf(fromJson.getKeyScheme()).intValue();
            } catch (NumberFormatException unused2) {
                i6 = 0;
            }
            if ((i6 & 2) == 2 && (i6 & 1) == 1) {
                PSLog.e(TAG, "keyScheme is invalid 2");
                return new byte[0];
            }
            if (i6 != 2) {
                PSLog.e(TAG, "sign continuous 1");
                return new byte[0];
            }
            KeyInfo keyInfo = KeyInfoStorage.get(this.mAppGroupId, this.mAppHash, this.mSvcUserId, this.mAuthType);
            if (keyInfo == null) {
                PSLog.e(TAG, "mkif is null");
                return new byte[0];
            }
            if (keyInfo.getAuthToken() == null) {
                PSLog.e(TAG, "can not use continuous sign without full sign");
                return new byte[0];
            }
            byte[] decode = Encoding.Base64.decode(keyInfo.getAuthToken());
            if (decode != null && decode.length != 0) {
                byte[] hash = Encoding.hash((this.mAppHash + this.mAppGroupId + this.mSvcUserId).getBytes(Charset.forName("UTF-8")));
                if (hash != null && hash.length != 0) {
                    BaseTeePrivateKey wrappedPrivateKey = BaseUtil.getWrappedPrivateKey(this.mCertificate);
                    if (wrappedPrivateKey == null) {
                        PSLog.e(TAG, "btpKey is null");
                        return new byte[0];
                    }
                    byte[] hash2 = Encoding.hash(wrappedPrivateKey.getWrappedPrivateKey());
                    if (hash2 != null && hash2.length != 0) {
                        byte[] bArr = new byte[64];
                        System.arraycopy(hash, 0, bArr, 0, hash.length);
                        System.arraycopy(hash2, 0, bArr, hash.length, hash2.length);
                        byte[] hash3 = Encoding.hash(bArr);
                        if (hash3 == null || 32 != hash3.length) {
                            PSLog.e(TAG, "nonce is null");
                            return new byte[0];
                        }
                        try {
                            BaseTeeSigner baseTeeSigner = new BaseTeeSigner("SHA256withRSA", BaseUtil.getRawPublicKey(this.mCertificate), hash3, decode);
                            baseTeeSigner.engineInit(BaseUtil.getWrappedPrivateKey(this.mCertificate));
                            baseTeeSigner.engineUpdate(this.mPlainData);
                            baseTeeSigner.setKeyPolicy(PolicyScheme.newBuilder().setKeyTypeContinuous().build().getPolicy());
                            byte[] engineSign = baseTeeSigner.engineSign();
                            if (engineSign != null && engineSign.length != 0) {
                                baseTeeSigner.engineDoFinal();
                                PSLog.d(TAG, "signature:" + Base64.encodeToString(engineSign, 2));
                                return engineSign;
                            }
                            PSLog.e(TAG, "signature is null");
                            baseTeeSigner.engineDoFinal();
                            return new byte[0];
                        } catch (IOException | IllegalArgumentException | NullPointerException | UnsupportedOperationException e2) {
                            PSLog.e(TAG, "sign fail." + e2.getMessage());
                            return new byte[0];
                        }
                    }
                    PSLog.e(TAG, "hashkkh is null");
                    return new byte[0];
                }
                PSLog.e(TAG, "accessToken is null");
                return new byte[0];
            }
            PSLog.e(TAG, "avt is invalid");
            return new byte[0];
        } catch (IllegalArgumentException | NullPointerException unused3) {
            PSLog.e(TAG, "additionalData is invalid 2");
            return new byte[0];
        }
    }
}
