package com.lfg.cma.strongkey.sacl.crypto;

import android.content.ContextWrapper;
import android.security.keystore.KeyInfo;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Log;
import com.lfg.cma.strongkey.sacl.utilities.Common;
import com.lfg.cma.strongkey.sacl.utilities.SaclConstants;
import com.lfg.consumerparticipant.R;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import org.json.JSONException;
import org.spongycastle.util.encoders.Hex;

/* loaded from: classes.dex */
class AndroidKeystoreDigitalSignature {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private static final String TAG = AndroidKeystoreDigitalSignature.class.getSimpleName();
    private static String MTAG = "execute";

    AndroidKeystoreDigitalSignature() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Object execute(byte[] bArr, String str, String str2, ContextWrapper contextWrapper, Signature signature) {
        KeyInfo keyInfo;
        PrivateKey privateKey;
        byte[] bArr2;
        String urlEncode;
        try {
            KeyStore keyStore = KeyStore.getInstance(SaclConstants.FIDO2_KEYSTORE_PROVIDER);
            keyStore.load(null);
            Log.v(TAG, "CREDENTIALID=" + str);
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (entry == null) {
                keyInfo = null;
                privateKey = null;
            } else {
                if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                    String string = contextWrapper.getString(R.string.ERROR_NOT_PRIVATE_KEY);
                    Log.w(TAG, string);
                    return Common.JsonError(TAG, MTAG, SaclConstants.ERROR_NOT_PRIVATE_KEY, string);
                }
                privateKey = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
                keyInfo = (KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), SaclConstants.FIDO2_KEYSTORE_PROVIDER).getKeySpec(privateKey, KeyInfo.class);
            }
            int origin = keyInfo.getOrigin();
            SaclConstants.KEY_ORIGIN key_origin = origin != 1 ? origin != 2 ? SaclConstants.KEY_ORIGIN.UNKNOWN : SaclConstants.KEY_ORIGIN.IMPORTED : SaclConstants.KEY_ORIGIN.GENERATED;
            String str3 = privateKey.getAlgorithm() + " [" + SaclConstants.FIDO2_KEY_ECDSA_CURVE + "]";
            String str4 = keyInfo.isInsideSecureHardware() + " [" + ((Object) null) + "]";
            Log.v(TAG, contextWrapper.getString(R.string.vmessage_keyname) + keyInfo.getKeystoreAlias());
            Log.v(TAG, contextWrapper.getString(R.string.vmessage_origin) + key_origin);
            Log.v(TAG, contextWrapper.getString(R.string.vmessage_algorithm) + str3);
            Log.v(TAG, contextWrapper.getString(R.string.vmessage_size) + keyInfo.getKeySize());
            Log.v(TAG, contextWrapper.getString(R.string.vmessage_userauth) + keyInfo.isUserAuthenticationRequired());
            Log.v(TAG, contextWrapper.getString(R.string.vmessage_semodule) + str4);
            if (signature == null) {
                Signature signature2 = Signature.getInstance(SaclConstants.FIDO2_SIGNATURE_ALGORITHM);
                try {
                    signature2.initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
                    byte[] urlDecode = Common.urlDecode(str2);
                    bArr2 = new byte[bArr.length + urlDecode.length];
                    System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
                    System.arraycopy(urlDecode, 0, bArr2, bArr.length, urlDecode.length);
                    signature2.update(bArr2);
                    urlEncode = Common.urlEncode(signature2.sign());
                } catch (UserNotAuthenticatedException unused) {
                    String string2 = contextWrapper.getString(R.string.ERROR_UNAUTHENTICATED_USER);
                    Log.w(TAG, string2);
                    return Common.JsonError(TAG, MTAG, SaclConstants.ERROR_UNAUTHENTICATED_USER, string2);
                }
            } else {
                if (!signature.getAlgorithm().equalsIgnoreCase(SaclConstants.FIDO2_SIGNATURE_ALGORITHM)) {
                    String string3 = contextWrapper.getString(R.string.ERROR_SIGNATURE_OBJECT_NOT_INITIALIZED);
                    Log.w(TAG, string3);
                    return Common.JsonError(TAG, MTAG, SaclConstants.ERROR_SIGNATURE_OBJECT_NOT_INITIALIZED, string3);
                }
                byte[] urlDecode2 = Common.urlDecode(str2);
                bArr2 = new byte[bArr.length + urlDecode2.length];
                System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
                System.arraycopy(urlDecode2, 0, bArr2, bArr.length, urlDecode2.length);
                signature.update(bArr2);
                urlEncode = Common.urlEncode(signature.sign());
            }
            Log.v(TAG, contextWrapper.getString(R.string.vmessage_tbs) + Hex.toHexString(bArr2) + "\n" + contextWrapper.getString(R.string.vmessage_signature) + urlEncode);
            return urlEncode;
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | UnrecoverableEntryException | CertificateException | InvalidKeySpecException | JSONException e) {
            e.printStackTrace();
            try {
                return Common.JsonError(TAG, MTAG, SaclConstants.ERROR_EXCEPTION, e.getLocalizedMessage());
            } catch (JSONException e2) {
                e2.printStackTrace();
                return null;
            }
        }
    }
}
