package com.lfg.cma.strongkey.sacl.asynctasks;

import android.content.Context;
import android.util.Log;
import androidx.core.app.NotificationCompat;
import com.lfg.cma.strongkey.sacl.crypto.AuthenticatorGetAssertion;
import com.lfg.cma.strongkey.sacl.roomdb.AuthenticationSignature;
import com.lfg.cma.strongkey.sacl.roomdb.PreauthenticateChallenge;
import com.lfg.cma.strongkey.sacl.roomdb.PublicKeyCredential;
import com.lfg.cma.strongkey.sacl.roomdb.SaclRepository;
import com.lfg.cma.strongkey.sacl.utilities.Common;
import com.lfg.cma.strongkey.sacl.utilities.LocalContextWrapper;
import com.lfg.cma.strongkey.sacl.utilities.SaclConstants;
import com.lfg.cma.strongkey.sacl.webservices.CallWebservice;
import com.lfg.consumerparticipant.R;
import java.util.concurrent.Callable;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class FidoUserAgentAttestedDeviceAuthenticateTask implements Callable {
    private final String TAG = FidoUserAgentAttestedDeviceAuthenticateTask.class.getSimpleName();
    private LocalContextWrapper context;
    private Long devid;
    private int did;
    private PublicKeyCredential publicKeyCredential;
    private Long rdid;
    private SaclRepository saclRepository;
    private Long uid;

    public FidoUserAgentAttestedDeviceAuthenticateTask(Context context, int i, Long l, Long l2, Long l3) {
        this.context = new LocalContextWrapper(context);
        this.did = i;
        this.uid = l;
    }

    private int getAndIncrementCounter(SaclRepository saclRepository, PublicKeyCredential publicKeyCredential) {
        int counter = publicKeyCredential.getCounter() + 1;
        publicKeyCredential.setCounter(counter);
        saclRepository.update(publicKeyCredential);
        return counter;
    }

    private JSONObject getAuthenticateParameters(AuthenticationSignature authenticationSignature, PublicKeyCredential publicKeyCredential, String str) {
        try {
            JSONObject put = new JSONObject().put(SaclConstants.JSON_KEY_SACL_FIDO_SERVICE_INPUT, new JSONObject().put("did", publicKeyCredential.getDid()).put("service", SaclConstants.SACL_FIDO_SERVICES.SACL_FIDO_SERVICE_AUTHENTICATE_FIDO_KEY).put(SaclConstants.JSON_KEY_SACL_CREDENTIALS, new JSONObject().put("uid", this.uid)).put("payload", new JSONObject().put(SaclConstants.JSON_KEY_FIDO_PAYLOAD_PUBLIC_KEY_CREDENTIAL, new JSONObject().put("type", "public-key").put("id", Common.urlEncode(publicKeyCredential.getUserid())).put("rawId", publicKeyCredential.getUserHandle()).put(SaclConstants.JSON_KEY_FIDO_PAYLOAD_RESPONSE, new JSONObject().put("clientDataJSON", authenticationSignature.getClientDataJson()).put("authenticatorData", authenticationSignature.getAuthenticatorData()).put("signature", authenticationSignature.getSignature()).put(SaclConstants.JSON_KEY_FIDO_PAYLOAD_CLIENT_EXTENSIONS, new JSONObject())))));
            Common.printVeryLongLogMessage(this.TAG, "mJSONObjectInput for Authentication: " + put.toString(2));
            return put;
        } catch (RuntimeException | JSONException e) {
            e.printStackTrace();
            Log.w(this.TAG, e.getLocalizedMessage());
            try {
                return Common.JsonError(this.TAG, NotificationCompat.CATEGORY_CALL, "error", e.getLocalizedMessage());
            } catch (JSONException unused) {
                return null;
            }
        }
    }

    @Override // java.util.concurrent.Callable
    public Object call() throws JSONException {
        AuthenticationSignature authenticationSignature;
        boolean z;
        this.saclRepository = Common.getRepository(this.context);
        String string = this.context.getResources().getString(R.string.sacl_service_hostport);
        String tldPlusOne = Common.getTldPlusOne(Common.getRfc6454Origin(string));
        PreauthenticateChallenge preauthenticateChallenge = (PreauthenticateChallenge) Common.getCurrentObject(SaclConstants.SACL_OBJECT_TYPES.PREAUTHENTICATE_CHALLENGE);
        if (preauthenticateChallenge == null) {
            Log.w(this.TAG, this.context.getResources().getString(R.string.message_challenge_error));
            try {
                return Common.JsonError(this.TAG, NotificationCompat.CATEGORY_CALL, "error", "Missing challenge");
            } catch (JSONException unused) {
                return null;
            }
        }
        if (preauthenticateChallenge.isChallengeConsumed()) {
            Log.v(this.TAG, "FIDO Challenge HAS BEEN consumed: " + preauthenticateChallenge.toString());
            return "FIDO Challenge HAS BEEN consumed: " + preauthenticateChallenge.toString();
        }
        String rpid = preauthenticateChallenge.getRpid();
        if (!rpid.equalsIgnoreCase(tldPlusOne)) {
            Log.v(this.TAG, "PreauthenticateChallenge RPID does not match webservice origin: " + rpid + " [" + tldPlusOne + "]");
            return "PreauthenticateChallenge RPID does not match webservice origin: " + rpid + " [" + tldPlusOne + "]";
        }
        PublicKeyCredential publicKeyCredential = (PublicKeyCredential) Common.getCurrentObject(SaclConstants.SACL_OBJECT_TYPES.PUBLIC_KEY_CREDENTIAL);
        if (publicKeyCredential == null) {
            JSONArray allowCredentialsJSONArray = preauthenticateChallenge.getAllowCredentialsJSONArray();
            int length = allowCredentialsJSONArray.length();
            int i = 0;
            while (true) {
                if (i < length) {
                    String string2 = allowCredentialsJSONArray.getJSONObject(i).getString("id");
                    if (string2 != null && (publicKeyCredential = this.saclRepository.getByRpidCredentialId(this.did, tldPlusOne, string2)) != null) {
                        z = true;
                        break;
                    }
                    i++;
                } else {
                    z = false;
                    break;
                }
            }
            if (!z) {
                Log.w(this.TAG, "PublicKeyCredentil does not exist with any credentialId in allowedCredentials: " + allowCredentialsJSONArray.toString(2));
                return "PublicKeyCredentil does not exist with any credentialId in allowedCredentials";
            }
        }
        if (!rpid.equalsIgnoreCase(publicKeyCredential.getRpid())) {
            Log.v(this.TAG, "Challenge RPID does not match [PKC]: " + rpid + " [" + publicKeyCredential.toString() + "]");
            return "Challenge RPID does not match [PKC]: " + rpid + " [" + publicKeyCredential.toString() + "]";
        }
        Object execute = AuthenticatorGetAssertion.execute(this.context, preauthenticateChallenge, publicKeyCredential, getAndIncrementCounter(this.saclRepository, publicKeyCredential), string);
        if (execute instanceof JSONObject) {
            String jSONObject = ((JSONObject) execute).getJSONObject("error").toString(2);
            Log.w(this.TAG, jSONObject);
            return "Error: " + jSONObject;
        }
        if (!(execute instanceof AuthenticationSignature) || (authenticationSignature = (AuthenticationSignature) execute) == null) {
            return null;
        }
        JSONObject execute2 = CallWebservice.execute(SaclConstants.JSON_KEY_FIDO_SERVICE_OPERATION_AUTHENTICATE_FIDO_KEY, getAuthenticateParameters(authenticationSignature, publicKeyCredential, string), this.context);
        if (execute2.has("error")) {
            return execute2;
        }
        authenticationSignature.setCreateDate(Common.now());
        int insert = this.saclRepository.insert(authenticationSignature);
        Log.v(this.TAG, "Save AuthenticationSignature; DB returned: " + insert);
        Common.printVeryLongLogMessage("Saved AuthenticationSignature", authenticationSignature.toString());
        Common.setCurrentObject(SaclConstants.SACL_OBJECT_TYPES.AUTHENTICATION_SIGNATURE, authenticationSignature);
        return authenticationSignature;
    }
}
