package com.samsung.android.authfw.common.onpremise.acl;

import com.samsung.android.authfw.common.CommonLog;
import com.samsung.android.authfw.trustzone.CommandGenerator;
import com.samsung.android.authfw.trustzone.DeviceAttestationKeySpec;
import com.samsung.android.authfw.trustzone.TzApp;
import com.samsung.android.authfw.trustzone.tlv.TlvAccessToken;
import com.samsung.android.authfw.trustzone.tlv.TlvCertificate;
import com.samsung.android.authfw.trustzone.tlv.TlvClientAccessControlListKeyHandle;
import com.samsung.android.authfw.trustzone.tlv.TlvClientChallenge;
import com.samsung.android.authfw.trustzone.tlv.TlvClientGenerateChallengeCommand;
import com.samsung.android.authfw.trustzone.tlv.TlvClientGenerateChallengeResponse;
import com.samsung.android.authfw.trustzone.tlv.TlvDrkKeyHandle;
import com.samsung.android.authfw.trustzone.tlv.TlvServerAccessControlList;
import com.samsung.android.authfw.trustzone.tlv.TlvServerVerifyAccessControlListCommand;
import com.samsung.android.authfw.trustzone.tlv.TlvServerVerifyAccessControlListResponse;
import com.samsung.android.authfw.trustzone.tlv.TlvSignature;
import e3.n;
import g3.e;
import java.util.ArrayList;
import q4.c;

/* loaded from: classes.dex */
final class OnPremiseTaOperation {
    private static final String TAG = "OnPremiseTaOperation";

    private TlvClientGenerateChallengeResponse doGenerateClientChallengeResponseWithAclk(byte[] bArr, byte[] bArr2) {
        TlvClientGenerateChallengeResponse tlvClientGenerateChallengeResponse;
        String str = TAG;
        CommonLog.i(str, "gccrwa");
        TlvAccessToken build = TlvAccessToken.newBuilder(bArr).build();
        byte[] encode = TlvClientGenerateChallengeCommand.newBuilder(build).setTlvClientAccessControlListKeyHandle(TlvClientAccessControlListKeyHandle.newBuilder(bArr2).build()).build().encode();
        if (encode == null || encode.length == 0) {
            CommonLog.e(str, "getting tlvSaSignUpCommand failed");
        } else {
            byte[] execSecurely = TzApp.getInstance().execSecurely(encode);
            if (execSecurely.length != 0) {
                tlvClientGenerateChallengeResponse = new TlvClientGenerateChallengeResponse(execSecurely);
                CommonLog.i(str, "gccrwa completed");
                return tlvClientGenerateChallengeResponse;
            }
            CommonLog.e(str, "failed to securely tz-execute");
        }
        tlvClientGenerateChallengeResponse = null;
        CommonLog.i(str, "gccrwa completed");
        return tlvClientGenerateChallengeResponse;
    }

    private TlvClientGenerateChallengeResponse doGenerateClientChallengeResponseWithDrk(byte[] bArr) {
        TlvClientGenerateChallengeResponse tlvClientGenerateChallengeResponse;
        String str = TAG;
        CommonLog.i(str, "gccrwd");
        final TlvAccessToken build = TlvAccessToken.newBuilder(bArr).build();
        byte[] execSecurelyWithDeviceKey = TzApp.getInstance().execSecurelyWithDeviceKey(new CommandGenerator() { // from class: com.samsung.android.authfw.common.onpremise.acl.OnPremiseTaOperation.1
            @Override // com.samsung.android.authfw.trustzone.CommandGenerator
            public byte[] getCommand(c cVar, byte[] bArr2) {
                byte[] encode = TlvClientGenerateChallengeCommand.newBuilder(build).setTlvDrkKeyHandle(TlvDrkKeyHandle.newBuilder(bArr2).build()).build().encode();
                if (encode != null && encode.length != 0) {
                    return encode;
                }
                CommonLog.e(OnPremiseTaOperation.TAG, "getting tlvSaSignUpCommand failed");
                return new byte[0];
            }
        }, DeviceAttestationKeySpec.DEFAULT);
        if (execSecurelyWithDeviceKey.length == 0) {
            CommonLog.e(str, "execSecurelyWithDrk() failed");
            tlvClientGenerateChallengeResponse = null;
        } else {
            tlvClientGenerateChallengeResponse = new TlvClientGenerateChallengeResponse(execSecurelyWithDeviceKey);
        }
        CommonLog.i(str, "gccrwd completed");
        return tlvClientGenerateChallengeResponse;
    }

    private TlvServerVerifyAccessControlListResponse doVerifyServerAccessControlListCommand(byte[] bArr, String str, String str2, String str3, String str4) {
        TlvServerVerifyAccessControlListResponse tlvServerVerifyAccessControlListResponse;
        String str5 = TAG;
        CommonLog.i(str5, "vsacl");
        TlvClientChallenge build = TlvClientChallenge.newBuilder(bArr).build();
        TlvServerAccessControlList build2 = TlvServerAccessControlList.newBuilder(str.getBytes(n.f4712a)).build();
        g3.c cVar = e.f5643c;
        TlvSignature build3 = TlvSignature.newBuilder(cVar.a(str2)).build();
        TlvCertificate build4 = TlvCertificate.newBuilder(cVar.a(str3)).build();
        TlvCertificate build5 = TlvCertificate.newBuilder(cVar.a(str4)).build();
        ArrayList arrayList = new ArrayList();
        arrayList.add(build4);
        arrayList.add(build5);
        byte[] encode = TlvServerVerifyAccessControlListCommand.newBuilder(build, build2, build3, arrayList).build().encode();
        if (encode == null || encode.length == 0) {
            CommonLog.e(str5, "getting tlvSaSignUpCommand failed");
        } else {
            byte[] execSecurely = TzApp.getInstance().execSecurely(encode);
            if (execSecurely.length != 0) {
                tlvServerVerifyAccessControlListResponse = new TlvServerVerifyAccessControlListResponse(execSecurely);
                CommonLog.i(str5, "vsacl completed");
                return tlvServerVerifyAccessControlListResponse;
            }
            CommonLog.e(str5, "failed to securely tz-execute");
        }
        tlvServerVerifyAccessControlListResponse = null;
        CommonLog.i(str5, "vsacl completed");
        return tlvServerVerifyAccessControlListResponse;
    }

    public TlvClientGenerateChallengeResponse generateClientChallengeResponse(byte[] bArr, byte[] bArr2) {
        try {
            return bArr2 != null ? doGenerateClientChallengeResponseWithAclk(bArr, bArr2) : doGenerateClientChallengeResponseWithDrk(bArr);
        } catch (Exception e2) {
            CommonLog.e(TAG, "generateClientChallengeResponse failed : " + e2.getMessage());
            return null;
        }
    }

    public TlvServerVerifyAccessControlListResponse verifyServerAccessControlListCommand(byte[] bArr, String str, String str2, String str3, String str4) {
        try {
            return doVerifyServerAccessControlListCommand(bArr, str, str2, str3, str4);
        } catch (Exception e2) {
            CommonLog.e(TAG, "verifyServerAccessControlListCommand failed : " + e2.getMessage());
            return null;
        }
    }
}
