package com.lfg.cma.strongkey.sacl.crypto;

import android.content.ContextWrapper;
import android.security.keystore.KeyInfo;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Log;
import com.lfg.cma.constants.LFConstants;
import com.lfg.cma.strongkey.sacl.cbor.CborEncoder;
import com.lfg.cma.strongkey.sacl.utilities.Common;
import com.lfg.cma.strongkey.sacl.utilities.SaclConstants;
import com.lfg.consumerparticipant.R;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.spongycastle.util.encoders.Hex;
import org.spongycastle.util.io.pem.PemObject;
import org.spongycastle.util.io.pem.PemWriter;

/* loaded from: classes.dex */
class AndroidKeystoreAttestation {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private static final String TAG = AndroidKeystoreAttestation.class.getSimpleName();
    private static String MTAG = "attest";

    AndroidKeystoreAttestation() {
    }

    private static String buildCborAttestation(byte[] bArr, String str, byte[] bArr2, Certificate[] certificateArr) throws IOException, CertificateEncodingException, NoSuchAlgorithmException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CborEncoder cborEncoder = new CborEncoder(byteArrayOutputStream);
        cborEncoder.writeMapStart(3);
        cborEncoder.writeTextString(SaclConstants.ANDROID_KEYSTORE_ATTESTATION_LABEL_AUTHENTICATOR_DATA);
        cborEncoder.writeByteString(bArr);
        cborEncoder.writeTextString(SaclConstants.ANDROID_KEYSTORE_ATTESTATION_LABEL_FORMAT);
        cborEncoder.writeTextString(SaclConstants.ANDROID_KEYSTORE_ATTESTATION_VALUE_FORMAT);
        cborEncoder.writeTextString(SaclConstants.ANDROID_KEYSTORE_ATTESTATION_LABEL_STATEMENT);
        cborEncoder.writeMapStart(3);
        if (str == null) {
            throw new NoSuchAlgorithmException("buildCborAttestation: Empty algorithm parameter");
        }
        cborEncoder.writeTextString("alg");
        char c = 65535;
        int hashCode = str.hashCode();
        if (hashCode != 2206) {
            if (hashCode == 81440 && str.equals("RSA")) {
                c = 1;
            }
        } else if (str.equals("EC")) {
            c = 0;
        }
        if (c == 0) {
            cborEncoder.writeInt(-7L);
        } else {
            if (c != 1) {
                throw new NoSuchAlgorithmException("buildCborAttestation: Unsupported algorithm for AKS: " + str);
            }
            cborEncoder.writeInt(-257L);
        }
        if (bArr2 == null) {
            throw new IOException("buildCborAttestation: Empty attestation signature parameter");
        }
        cborEncoder.writeTextString(SaclConstants.ANDROID_KEYSTORE_ATTESTATION_LABEL_SIGNATURE);
        cborEncoder.writeByteString(bArr2);
        if (certificateArr == null) {
            throw new IOException("buildCborAttestation: Empty certificate chain parameter");
        }
        int length = certificateArr.length;
        cborEncoder.writeTextString("x5c");
        cborEncoder.writeArrayStart(length);
        cborEncoder.writeByteString(((X509Certificate) certificateArr[0]).getEncoded());
        for (int i = 1; i < length; i++) {
            cborEncoder.writeByteString(((X509Certificate) certificateArr[i]).getEncoded());
        }
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        Log.d("aaaaaa", Base64.getEncoder().encodeToString(byteArray).replace("+", "-").replace("/", "_").replace(LFConstants.COOKIE_NAME_VALUE_DELIMETER, ""));
        String urlEncode = Common.urlEncode(byteArray);
        Log.v("buildCborAttestation", "Cbor Attestation: " + urlEncode);
        return urlEncode;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static JSONObject execute(byte[] bArr, String str, String str2, ContextWrapper contextWrapper) {
        KeyInfo keyInfo;
        PrivateKey privateKey;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(SaclConstants.FIDO2_KEYSTORE_PROVIDER);
                keyStore.load(null);
                Log.v(TAG, "CREDENTIALID=" + str);
                KeyStore.Entry entry = keyStore.getEntry(str, null);
                if (entry == null) {
                    keyInfo = null;
                    privateKey = null;
                } else {
                    if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                        String string = contextWrapper.getString(R.string.ERROR_NOT_PRIVATE_KEY);
                        Log.w(TAG, string);
                        return Common.JsonError(TAG, MTAG, SaclConstants.ERROR_NOT_PRIVATE_KEY, string);
                    }
                    privateKey = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
                    keyInfo = (KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), SaclConstants.FIDO2_KEYSTORE_PROVIDER).getKeySpec(privateKey, KeyInfo.class);
                }
                int origin = keyInfo.getOrigin();
                SaclConstants.KEY_ORIGIN key_origin = origin != 1 ? origin != 2 ? SaclConstants.KEY_ORIGIN.UNKNOWN : SaclConstants.KEY_ORIGIN.IMPORTED : SaclConstants.KEY_ORIGIN.GENERATED;
                String str3 = privateKey.getAlgorithm() + " [" + SaclConstants.FIDO2_KEY_ECDSA_CURVE + "]";
                String str4 = keyInfo.isInsideSecureHardware() + " [" + ((Object) null) + "]";
                Log.v(TAG, contextWrapper.getString(R.string.vmessage_keyname) + keyInfo.getKeystoreAlias());
                Log.v(TAG, contextWrapper.getString(R.string.vmessage_origin) + key_origin);
                Log.v(TAG, contextWrapper.getString(R.string.vmessage_algorithm) + str3);
                Log.v(TAG, contextWrapper.getString(R.string.vmessage_size) + keyInfo.getKeySize());
                Log.v(TAG, contextWrapper.getString(R.string.vmessage_userauth) + keyInfo.isUserAuthenticationRequired());
                Log.v(TAG, contextWrapper.getString(R.string.vmessage_semodule) + str4);
                Signature signature = Signature.getInstance(SaclConstants.FIDO2_SIGNATURE_ALGORITHM);
                try {
                    signature.initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
                    try {
                        byte[] urlDecode = Common.urlDecode(str2);
                        byte[] bArr2 = new byte[bArr.length + urlDecode.length];
                        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
                        System.arraycopy(urlDecode, 0, bArr2, bArr.length, urlDecode.length);
                        signature.update(bArr2);
                        byte[] sign = signature.sign();
                        String urlEncode = Common.urlEncode(sign);
                        Log.v(TAG, contextWrapper.getString(R.string.vmessage_tbs) + Hex.toHexString(bArr2) + "\n" + contextWrapper.getString(R.string.vmessage_signature) + urlEncode);
                        Certificate[] certificateChain = ((KeyStore.PrivateKeyEntry) entry).getCertificateChain();
                        int length = certificateChain.length;
                        if (length == 1) {
                            String string2 = contextWrapper.getString(R.string.ERROR_SINGLE_CERTIFICATE_IN_CHAIN);
                            Log.w(TAG, string2);
                            return Common.JsonError(TAG, MTAG, SaclConstants.ERROR_SINGLE_CERTIFICATE_IN_CHAIN, string2);
                        }
                        Log.v(TAG, contextWrapper.getString(R.string.vmessage_number_of_certificates) + length);
                        JSONArray jSONArray = new JSONArray();
                        for (int i = 0; i < length; i++) {
                            X509Certificate x509Certificate = (X509Certificate) certificateChain[i];
                            StringWriter stringWriter = new StringWriter();
                            PemWriter pemWriter = new PemWriter(stringWriter);
                            pemWriter.writeObject(new PemObject("CERTIFICATE", x509Certificate.getEncoded()));
                            pemWriter.close();
                            stringWriter.close();
                            jSONArray.put(i, stringWriter.toString());
                        }
                        JSONArray put = new JSONArray().put(0, new JSONObject().put(SaclConstants.ANDROID_KEYSTORE_ATTESTATION_LABEL_CREDENTIAL_CERTIFICATE, jSONArray.getString(0)));
                        Log.v(TAG, "Added Credential Certificate: #0");
                        for (int i2 = 1; i2 < length; i2++) {
                            put.put(i2, new JSONObject().put(SaclConstants.ANDROID_KEYSTORE_ATTESTATION_LABEL_CA_CERTIFICATE, jSONArray.getString(i2)));
                            Log.v(TAG, "Added CA Certificate: #" + i2);
                        }
                        Log.v(TAG, "Number of JSONArray Certificates from jab: " + put.length());
                        Common.printVeryLongLogMessage("JSONArray of X509 Certificates", put.toString(2));
                        JSONObject put2 = new JSONObject().put(SaclConstants.ANDROID_KEYSTORE_ATTESTATION_LABEL_FIDO, new JSONObject().put(SaclConstants.ANDROID_KEYSTORE_ATTESTATION_LABEL_FIDO_JSON_FORMAT, new JSONObject().put(SaclConstants.ANDROID_KEYSTORE_ATTESTATION_LABEL_FORMAT, SaclConstants.ANDROID_KEYSTORE_ATTESTATION_VALUE_FORMAT).put(SaclConstants.ANDROID_KEYSTORE_ATTESTATION_LABEL_STATEMENT, new JSONObject().put("alg", -7).put(SaclConstants.ANDROID_KEYSTORE_ATTESTATION_LABEL_SIGNATURE, urlEncode).put("x5c", put))).put(SaclConstants.ANDROID_KEYSTORE_ATTESTATION_LABEL_FIDO_CBOR_FORMAT, buildCborAttestation(bArr, privateKey.getAlgorithm(), sign, certificateChain)));
                        Common.printVeryLongLogMessage("AndroidKeystore Attestation", put2.toString(2));
                        return put2;
                    } catch (SignatureException e) {
                        e.printStackTrace();
                        try {
                            return Common.JsonError(TAG, MTAG, SaclConstants.ERROR_EXCEPTION, e.getLocalizedMessage());
                        } catch (JSONException e2) {
                            e2.printStackTrace();
                            return null;
                        }
                    }
                } catch (UserNotAuthenticatedException unused) {
                    String string3 = contextWrapper.getString(R.string.ERROR_UNAUTHENTICATED_USER);
                    Log.w(TAG, string3);
                    return Common.JsonError(TAG, MTAG, SaclConstants.ERROR_UNAUTHENTICATED_USER, string3);
                }
            } catch (JSONException e3) {
                e = e3;
                Exception exc = e;
                exc.printStackTrace();
                try {
                    return Common.JsonError(TAG, MTAG, SaclConstants.ERROR_EXCEPTION, exc.getLocalizedMessage());
                } catch (JSONException e4) {
                    e4.printStackTrace();
                    return null;
                }
            }
        } catch (IOException e5) {
            e = e5;
            Exception exc2 = e;
            exc2.printStackTrace();
            return Common.JsonError(TAG, MTAG, SaclConstants.ERROR_EXCEPTION, exc2.getLocalizedMessage());
        } catch (InvalidKeyException e6) {
            e = e6;
            Exception exc22 = e;
            exc22.printStackTrace();
            return Common.JsonError(TAG, MTAG, SaclConstants.ERROR_EXCEPTION, exc22.getLocalizedMessage());
        } catch (KeyStoreException e7) {
            e = e7;
            Exception exc222 = e;
            exc222.printStackTrace();
            return Common.JsonError(TAG, MTAG, SaclConstants.ERROR_EXCEPTION, exc222.getLocalizedMessage());
        } catch (NoSuchAlgorithmException e8) {
            e = e8;
            Exception exc2222 = e;
            exc2222.printStackTrace();
            return Common.JsonError(TAG, MTAG, SaclConstants.ERROR_EXCEPTION, exc2222.getLocalizedMessage());
        } catch (NoSuchProviderException e9) {
            e = e9;
            Exception exc22222 = e;
            exc22222.printStackTrace();
            return Common.JsonError(TAG, MTAG, SaclConstants.ERROR_EXCEPTION, exc22222.getLocalizedMessage());
        } catch (UnrecoverableEntryException e10) {
            e = e10;
            Exception exc222222 = e;
            exc222222.printStackTrace();
            return Common.JsonError(TAG, MTAG, SaclConstants.ERROR_EXCEPTION, exc222222.getLocalizedMessage());
        } catch (CertificateException e11) {
            e = e11;
            Exception exc2222222 = e;
            exc2222222.printStackTrace();
            return Common.JsonError(TAG, MTAG, SaclConstants.ERROR_EXCEPTION, exc2222222.getLocalizedMessage());
        } catch (InvalidKeySpecException e12) {
            e = e12;
            Exception exc22222222 = e;
            exc22222222.printStackTrace();
            return Common.JsonError(TAG, MTAG, SaclConstants.ERROR_EXCEPTION, exc22222222.getLocalizedMessage());
        }
    }
}
