package com.lfg.cma.strongkey.sacl.asynctasks;

import android.content.Context;
import android.util.Log;
import androidx.core.app.NotificationCompat;
import com.google.gson.Gson;
import com.lfg.cma.constants.Constants;
import com.lfg.cma.constants.LFConstants;
import com.lfg.cma.fido.FIDOErrorResponse;
import com.lfg.cma.preferences.LFSharedPreferenceData;
import com.lfg.cma.strongkey.sacl.crypto.AuthenticatorGetAssertion;
import com.lfg.cma.strongkey.sacl.roomdb.AuthenticationSignature;
import com.lfg.cma.strongkey.sacl.roomdb.PreauthenticateChallenge;
import com.lfg.cma.strongkey.sacl.roomdb.PublicKeyCredential;
import com.lfg.cma.strongkey.sacl.roomdb.SaclRepository;
import com.lfg.cma.strongkey.sacl.utilities.Common;
import com.lfg.cma.strongkey.sacl.utilities.LocalContextWrapper;
import com.lfg.cma.strongkey.sacl.utilities.SaclConstants;
import com.lfg.cma.strongkey.sacl.webservices.CallWebservice;
import com.lfg.cma.utility.LFUtility;
import com.lfg.consumerparticipant.R;
import java.nio.charset.StandardCharsets;
import java.util.concurrent.Callable;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import webauthnkit.core.util.ByteArrayUtil;

/* loaded from: classes.dex */
public class FidoUserAgentAuthenticateTask implements Callable {
    private final String TAG = FidoUserAgentAuthenticateTask.class.getSimpleName();
    private LocalContextWrapper context;
    private int did;
    private PublicKeyCredential publicKeyCredential;
    private SaclRepository saclRepository;
    private Long uid;

    public FidoUserAgentAuthenticateTask(Context context, int i, Long l) {
        this.context = new LocalContextWrapper(context);
        this.did = i;
        this.uid = l;
    }

    private int getAndIncrementCounter(SaclRepository saclRepository, PublicKeyCredential publicKeyCredential) {
        int counter = publicKeyCredential.getCounter() + 1;
        publicKeyCredential.setCounter(counter);
        saclRepository.update(publicKeyCredential);
        Log.d(this.TAG, "Current counter value for DID-CREDENTIALID [" + this.did + "-" + publicKeyCredential.getCredentialId() + "]: " + counter);
        return counter;
    }

    private JSONObject getAuthenticateParameters(AuthenticationSignature authenticationSignature, PublicKeyCredential publicKeyCredential, String str) {
        try {
            Object sessionId = new LFSharedPreferenceData().getSessionId(this.context.getApplicationContext());
            JSONObject jSONObject = new JSONObject();
            JSONObject jSONObject2 = new JSONObject();
            jSONObject.put("rpId", Constants.RPID);
            jSONObject.put(SaclConstants.WEBAUTHN_CLIENT_DATA_TOKEN_BINDING_KEY, (Object) null);
            jSONObject.put(SaclConstants.JSON_KEY_FIDO_SESSION_ID, sessionId);
            jSONObject.put("origin", "https://idm.web.lfg.com");
            JSONObject jSONObject3 = new JSONObject();
            JSONObject jSONObject4 = new JSONObject();
            jSONObject3.put("authenticatorData", authenticationSignature.getAuthenticatorData());
            jSONObject3.put("clientDataJSON", authenticationSignature.getClientDataJson());
            jSONObject3.put("signature", authenticationSignature.getSignature());
            jSONObject3.put("userHandle", ByteArrayUtil.INSTANCE.encodeBase64URL(publicKeyCredential.getUserid().getBytes()));
            jSONObject2.put(SaclConstants.JSON_KEY_FIDO_PAYLOAD_RESPONSE, jSONObject3);
            jSONObject4.put(SaclConstants.FIDO_EXTENSION_APPID, (Object) null);
            jSONObject4.put(SaclConstants.FIDO_EXTENSION_TXAUTH_SIMPLE, (Object) null);
            jSONObject4.put(SaclConstants.FIDO_EXTENSION_TXAUTH_GENERIC, (Object) null);
            jSONObject4.put(SaclConstants.FIDO_EXTENSION_AUTHENTICATOR_SELECTION, (Object) null);
            jSONObject4.put(SaclConstants.FIDO_EXTENSION_SUPPORTED_EXTENSIONS, (Object) null);
            jSONObject4.put(SaclConstants.FIDO_EXTENSION_USER_VERIFICATION_INDEX, (Object) null);
            jSONObject4.put(SaclConstants.FIDO_EXTENSION_LOCATION, (Object) null);
            jSONObject4.put(SaclConstants.FIDO_EXTENSION_BIOMETRIC_PERFBOUNDS, (Object) null);
            jSONObject4.put("credProps", (Object) null);
            jSONObject2.put(SaclConstants.JSON_KEY_FIDO_PAYLOAD_EXTENSIONS, jSONObject4);
            String encodeBase64URL = ByteArrayUtil.INSTANCE.encodeBase64URL(authenticationSignature.getCredentialId().getBytes());
            jSONObject2.put("id", encodeBase64URL);
            jSONObject2.put("type", "public-key");
            if (LFUtility.authType.equals("auth_settings_page")) {
                jSONObject2.put("oldCredentialId", encodeBase64URL);
            } else {
                jSONObject2.put("oldCredentialId", "");
            }
            jSONObject.put(SaclConstants.JSON_KEY_FIDO_PAYLOAD_PUBLIC_KEY_CREDENTIAL, jSONObject2);
            Common.printVeryLongLogMessage(this.TAG, "mJSONObjectInput for Authentication: " + jSONObject.toString(2));
            return jSONObject;
        } catch (RuntimeException | JSONException e) {
            e.printStackTrace();
            Log.w(this.TAG, e.getLocalizedMessage());
            try {
                return Common.JsonError(this.TAG, NotificationCompat.CATEGORY_CALL, "error", e.getLocalizedMessage());
            } catch (JSONException unused) {
                return null;
            }
        }
    }

    @Override // java.util.concurrent.Callable
    public Object call() throws JSONException {
        AuthenticationSignature authenticationSignature;
        this.saclRepository = Common.getRepository(this.context);
        PreauthenticateChallenge preauthenticateChallenge = (PreauthenticateChallenge) Common.getCurrentObject(SaclConstants.SACL_OBJECT_TYPES.PREAUTHENTICATE_CHALLENGE);
        if (preauthenticateChallenge == null) {
            Log.w(this.TAG, this.context.getResources().getString(R.string.message_challenge_error));
            try {
                return Common.JsonError(this.TAG, NotificationCompat.CATEGORY_CALL, "error", "Missing challenge");
            } catch (JSONException unused) {
                return null;
            }
        }
        if (preauthenticateChallenge.isChallengeConsumed()) {
            Log.v(this.TAG, "FIDO Challenge HAS BEEN consumed: " + preauthenticateChallenge.toString());
            return "FIDO Challenge HAS BEEN consumed: " + preauthenticateChallenge.toString();
        }
        String rpid = preauthenticateChallenge.getRpid();
        PublicKeyCredential publicKeyCredential = (PublicKeyCredential) Common.getCurrentObject(SaclConstants.SACL_OBJECT_TYPES.PUBLIC_KEY_CREDENTIAL);
        if (publicKeyCredential == null) {
            JSONArray allowCredentialsJSONArray = preauthenticateChallenge.getAllowCredentialsJSONArray();
            boolean z = false;
            if (allowCredentialsJSONArray != null) {
                int length = allowCredentialsJSONArray.length();
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    String string = allowCredentialsJSONArray.getJSONObject(i).getString("id");
                    if (string != null) {
                        publicKeyCredential = this.saclRepository.getPublicKeyCredentialByRpidCredentialId(this.did, rpid, new String(Common.urlDecode(string), StandardCharsets.UTF_8));
                        if (publicKeyCredential != null) {
                            z = true;
                            break;
                        }
                    }
                    i++;
                }
            }
            if (!z) {
                this.saclRepository.deleteAll();
                Log.w(this.TAG, "PublicKeyCredential does not exist with any credentialId in allowedCredentials: ");
                return LFConstants.CREDENTIALS_NOT_FOUND;
            }
        }
        if (!rpid.equalsIgnoreCase(publicKeyCredential.getRpid())) {
            Log.v(this.TAG, "Challenge RPID does not match [PKC]: " + rpid + " [" + publicKeyCredential.toString() + "]");
            return "Challenge RPID does not match [PKC]: " + rpid + " [" + publicKeyCredential.toString() + "]";
        }
        Object execute = AuthenticatorGetAssertion.execute(this.context, preauthenticateChallenge, publicKeyCredential, getAndIncrementCounter(this.saclRepository, publicKeyCredential), "https://idm.web.lfg.com");
        if (execute instanceof JSONObject) {
            String jSONObject = ((JSONObject) execute).getJSONObject("error").toString(2);
            Log.w(this.TAG, jSONObject);
            return "Error: " + jSONObject;
        }
        if (!(execute instanceof AuthenticationSignature) || (authenticationSignature = (AuthenticationSignature) execute) == null) {
            return null;
        }
        JSONObject execute2 = CallWebservice.execute(SaclConstants.JSON_KEY_FIDO_SERVICE_OPERATION_AUTHENTICATE_FIDO_KEY, getAuthenticateParameters(authenticationSignature, publicKeyCredential, "https://idm.web.lfg.com"), this.context);
        FIDOErrorResponse fIDOErrorResponse = (FIDOErrorResponse) new Gson().fromJson(String.valueOf(execute2), FIDOErrorResponse.class);
        if (fIDOErrorResponse != null && (fIDOErrorResponse.getServerResponse().getInternalError().equalsIgnoreCase(LFConstants.CREDENTIALS_NOT_FOUND) || fIDOErrorResponse.getServerResponse().getInternalError().equalsIgnoreCase(LFConstants.INTERNAL_SERVER_ERROR))) {
            return execute2;
        }
        if (execute2.has("error")) {
            return null;
        }
        if (LFUtility.authType.equals("auth_settings_page")) {
            this.saclRepository.deleteAll();
        } else {
            authenticationSignature.setCreateDate(Common.now());
            int insert = this.saclRepository.insert(authenticationSignature);
            Log.v(this.TAG, "Save AuthenticationSignature; DB returned: " + insert);
            Common.printVeryLongLogMessage("Saved AuthenticationSignature", authenticationSignature.toString());
            Common.setCurrentObject(SaclConstants.SACL_OBJECT_TYPES.AUTHENTICATION_SIGNATURE, authenticationSignature);
        }
        return execute2;
    }
}
