package com.hsecure.xpass.lib.sdk.authenticator.auth.api;

import android.content.Context;
import com.hsecure.xpass.lib.sdk.authenticator.common.LogUtil;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.assertion.RegAssertion;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.command.RegisterCmd;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.command.RegisterCmdResp;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.constant.AuthException;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.constant.Tags;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.crypto.AndroidKeyStore;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.crypto.CryptoHelper;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.db.AuthConfig;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.db.AuthDBHelper;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.db.Authenticator;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.db.KeyInfo;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.utility.AndroidFileHelper;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.utility.ByteHelper;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.utility.RawKeyHandle;
import com.hsecure.xpass.lib.sdk.authenticator.common.uaf.utility.Base64URLHelper;
import com.hsecure.xpass.lib.sdk.authenticator.common.uaf.utility.FIDODebug;
import java.security.KeyPair;

/* loaded from: classes.dex */
public class Auth_Register {
    private static final String TAG = "Auth_Register";

    private static RegAssertion createRegAssertion(AuthDBHelper authDBHelper, RegisterCmd registerCmd, Authenticator authenticator, KeyPair keyPair, byte[][] bArr) throws AuthException {
        RegAssertion regAssertion = new RegAssertion();
        regAssertion.setAAID(authenticator.getAAID());
        regAssertion.setAuthenticatorVersion((short) 1);
        regAssertion.setAuthenticationMode(Byte.valueOf(Tags.Value_User_Explicitly_Verified));
        regAssertion.setPublicKeyAlgAndEncoding(Short.valueOf(authenticator.getPublicKeyAlgandEncoding()));
        regAssertion.setSignatureAlgAndEncoding(Short.valueOf(authenticator.getAuthenticationAlg()));
        regAssertion.setFinalChallenge(registerCmd.getFinalChallenge());
        byte[] bArr2 = new byte[32];
        try {
            CryptoHelper.generateRandom(bArr2);
            while (authDBHelper.isKeyIdAlreadlyExist(authenticator.getAAID(), bArr2)) {
                try {
                    CryptoHelper.generateRandom(bArr2);
                } catch (AuthException unused) {
                    if (FIDODebug.Debug) {
                        LogUtil.e(TAG, "KeyId 생성에 실패함");
                    }
                    throw new AuthException("KeyId 생성에 실패함");
                }
            }
            regAssertion.setKeyId(bArr2);
            regAssertion.setRegCounter(Integer.valueOf(authenticator.getRegCounter()));
            regAssertion.setSignCounter(0);
            try {
                regAssertion.setPublicKey(CryptoHelper.getPublicKeyBytesfromPublicKey(keyPair.getPublic(), authenticator.getPublicKeyAlgandEncoding(), authenticator.getAuthenticationAlg()));
                try {
                    byte[] encode_KRD = regAssertion.encode_KRD();
                    short authenticationAlg = authenticator.getAuthenticationAlg();
                    if (registerCmd.getAttestationType().shortValue() == 15879) {
                        regAssertion.setAttestationBasicFull(true);
                        regAssertion.setSignature(CryptoHelper.sign(CryptoHelper.getPrivateKeyfromBytes(authenticator.getAttestPrivKey(), authenticationAlg), encode_KRD, authenticationAlg));
                        regAssertion.setCertificates(bArr);
                    } else {
                        regAssertion.setAttestationBasicFull(false);
                        regAssertion.setSignature(CryptoHelper.sign(keyPair.getPrivate(), encode_KRD, authenticationAlg));
                    }
                    return regAssertion;
                } catch (AuthException unused2) {
                    if (FIDODebug.Debug) {
                        LogUtil.e(TAG, "서명 값 생성에 실패함");
                    }
                    throw new AuthException("서명 값 생성에 실패함");
                }
            } catch (AuthException unused3) {
                if (FIDODebug.Debug) {
                    LogUtil.e(TAG, "공개키 생성에 실패함");
                }
                throw new AuthException("공개키 생성에 실패함");
            }
        } catch (AuthException unused4) {
            if (FIDODebug.Debug) {
                LogUtil.e(TAG, "KeyId 생성에 실패함");
            }
            throw new AuthException("KeyId 생성에 실패함");
        }
    }

    private static void debugWriteAssertion(RegAssertion regAssertion, String str) {
        try {
            byte[] encode = regAssertion.encode();
            AndroidFileHelper.outputSDFile(encode, str + ".bin");
            AndroidFileHelper.writeSDFile(Base64URLHelper.encodeToString(encode), str + ".txt", "UTF-8");
        } catch (AuthException e) {
            LogUtil.e(TAG, "AuthException : " + e.getMessage());
        }
    }

    private static byte[] getErrorTLV(short s) {
        RegisterCmdResp registerCmdResp = new RegisterCmdResp();
        registerCmdResp.setStatusCode(Short.valueOf(s));
        try {
            return registerCmdResp.encode();
        } catch (AuthException unused) {
            return null;
        }
    }

    private static boolean isAttestationTypeSupported(short s, Authenticator authenticator) {
        return s == 15879 ? authenticator.isAttestationFull() : s == 15880 && authenticator.isAttestationSurrogate();
    }

    private static boolean updateDBInfo(AuthDBHelper authDBHelper, Authenticator authenticator, byte[] bArr, byte[] bArr2) {
        if (!authDBHelper.updateRegCounter(authenticator.getAAID(), authenticator.getRegCounter() + 1)) {
            if (FIDODebug.Debug) {
                LogUtil.e(TAG, "등록 카운터 1 증가에 실패함 : " + authenticator.getRegCounter());
            }
            return false;
        }
        KeyInfo keyInfo = new KeyInfo();
        keyInfo.setAAID(authenticator.getAAID());
        keyInfo.setkHAccessToken(bArr);
        keyInfo.setKeyId(bArr2);
        keyInfo.setSignCounter(0);
        if (authDBHelper.insertKeyInfo(keyInfo)) {
            return true;
        }
        if (FIDODebug.Debug) {
            LogUtil.e(TAG, "키 정보를 DB에 삽입하는데 실패함 " + keyInfo.toString());
        }
        return false;
    }

    public byte[] process(Context context, byte[] bArr) {
        if (FIDODebug.Debug) {
            LogUtil.d(TAG, "Auth_Register 요청 메시지: " + ByteHelper.byteArrayToHexString(bArr));
        }
        try {
            RegisterCmd decode = RegisterCmd.decode(bArr);
            RegisterCmdResp registerCmdResp = new RegisterCmdResp();
            AuthDBHelper authDBHelper = AuthDBHelper.getInstance(context);
            Authenticator authenticator = authDBHelper.getAuthenticator(decode.getAuthenticatorIndex().byteValue());
            if (authenticator == null) {
                byte[] errorTLV = getErrorTLV((short) 1);
                if (FIDODebug.Debug) {
                    LogUtil.e(TAG, "Auth_Register 응답 메시지(" + decode.getAuthenticatorIndex() + " 인증장치가 존재하지 않음)" + ByteHelper.byteArrayToHexString(errorTLV));
                }
                return errorTLV;
            }
            if (AndroidKeyStore.isAndroidKeyStoreSupported()) {
                try {
                    String str = new String(authenticator.getAAID());
                    String str2 = TAG;
                    LogUtil.d(str2, "aAID : " + str);
                    byte[] decryptEncryptedKeyData = AndroidKeyStore.decryptEncryptedKeyData(AndroidKeyStore.getAuthKeyfromAndroidKeyStore(str), authenticator.getWrapKey());
                    byte[] decryptwithWrapKey = CryptoHelper.decryptwithWrapKey(decryptEncryptedKeyData, authenticator.getAttestPrivKey());
                    authenticator.setWrapKey(decryptEncryptedKeyData);
                    authenticator.setAttestPrivKey(decryptwithWrapKey);
                    LogUtil.d(str2, "Android Key Store를 이용하여 복호");
                } catch (AuthException unused) {
                    byte[] errorTLV2 = getErrorTLV((short) 1);
                    if (FIDODebug.Debug) {
                        LogUtil.e(TAG, "Auth_Register 응답 메시지(Auth PrivateKey로 Wrap Key와 Attestation Private Key를 복호화하는데 실패함): " + ByteHelper.byteArrayToHexString(errorTLV2));
                    }
                    return errorTLV2;
                }
            }
            AuthConfig authConfig = authDBHelper.getAuthConfig();
            if (authConfig == null) {
                byte[] errorTLV3 = getErrorTLV((short) 1);
                if (FIDODebug.Debug) {
                    LogUtil.e(TAG, "Auth_Register 응답 메시지(authConfig를 조회하지 못 함): " + ByteHelper.byteArrayToHexString(errorTLV3));
                }
                return errorTLV3;
            }
            if (!Auth_Verify.isUVTokenOk(authConfig, decode.getUserVerifyToken())) {
                byte[] errorTLV4 = getErrorTLV((short) 2);
                if (FIDODebug.Debug) {
                    LogUtil.e(TAG, "Auth_Register 응답 메시지(UserVerificationToken 검증에 실패함): " + ByteHelper.byteArrayToHexString(errorTLV4));
                }
                return errorTLV4;
            }
            if (!isAttestationTypeSupported(decode.getAttestationType().shortValue(), authenticator)) {
                byte[] errorTLV5 = getErrorTLV((short) 7);
                if (FIDODebug.Debug) {
                    LogUtil.e(TAG, "Auth_Register 응답 메시지(AttestationType이 지원되지 않음): " + ByteHelper.byteArrayToHexString(errorTLV5));
                }
                return errorTLV5;
            }
            try {
                KeyPair generateKeyPair = CryptoHelper.generateKeyPair(authenticator.getAuthenticationAlg());
                try {
                    RegAssertion createRegAssertion = createRegAssertion(authDBHelper, decode, authenticator, generateKeyPair, authDBHelper.getAttestationCerts(authenticator.getAAID()));
                    RawKeyHandle rawKeyHandle = new RawKeyHandle();
                    rawKeyHandle.setKHAccessToken(decode.getKHAccessToken());
                    rawKeyHandle.setUPrivKey(generateKeyPair.getPrivate().getEncoded());
                    rawKeyHandle.setUserName(decode.getUserName());
                    rawKeyHandle.setKeyId(createRegAssertion.getKeyId());
                    try {
                        byte[] generateKeyHandle = rawKeyHandle.generateKeyHandle(authenticator.getWrapKey());
                        registerCmdResp.setStatusCode((short) 0);
                        registerCmdResp.setRegAssertion(createRegAssertion);
                        registerCmdResp.setKeyHandle(generateKeyHandle);
                        try {
                            byte[] encode = registerCmdResp.encode();
                            if (updateDBInfo(authDBHelper, authenticator, decode.getKHAccessToken(), createRegAssertion.getKeyId())) {
                                if (FIDODebug.Debug) {
                                    LogUtil.d(TAG, "Auth_Register 응답 메시지(성공): " + ByteHelper.byteArrayToHexString(encode));
                                }
                                return encode;
                            }
                            byte[] errorTLV6 = getErrorTLV((short) 1);
                            if (FIDODebug.Debug) {
                                LogUtil.e(TAG, "Auth_Register 응답 메시지(DB 정보 갱신에 실패함): " + ByteHelper.byteArrayToHexString(errorTLV6));
                            }
                            return errorTLV6;
                        } catch (AuthException unused2) {
                            byte[] errorTLV7 = getErrorTLV((short) 1);
                            if (FIDODebug.Debug) {
                                LogUtil.e(TAG, "Auth_Register 응답 메시지(응답 TLV 생성에 실패함): " + ByteHelper.byteArrayToHexString(errorTLV7));
                            }
                            return errorTLV7;
                        }
                    } catch (AuthException unused3) {
                        byte[] errorTLV8 = getErrorTLV((short) 1);
                        if (FIDODebug.Debug) {
                            LogUtil.e(TAG, "Auth_Register 응답 메시지(KeyHandle 생성에 실패함): " + ByteHelper.byteArrayToHexString(errorTLV8));
                        }
                        return errorTLV8;
                    }
                } catch (AuthException unused4) {
                    byte[] errorTLV9 = getErrorTLV((short) 1);
                    if (FIDODebug.Debug) {
                        LogUtil.e(TAG, "Auth_Register 응답 메시지(등록 assertion 생성에 실패함): " + ByteHelper.byteArrayToHexString(errorTLV9));
                    }
                    return errorTLV9;
                }
            } catch (AuthException unused5) {
                byte[] errorTLV10 = getErrorTLV((short) 1);
                if (FIDODebug.Debug) {
                    LogUtil.e(TAG, "Auth_Register 응답 메시지(키 쌍 생성에 실패함): " + ByteHelper.byteArrayToHexString(errorTLV10));
                }
                return errorTLV10;
            }
        } catch (AuthException unused6) {
            byte[] errorTLV11 = getErrorTLV((short) 1);
            if (FIDODebug.Debug) {
                LogUtil.e(TAG, "Auth_Register 응답 메시지(명령어 디코딩에 실패함): " + ByteHelper.byteArrayToHexString(errorTLV11));
            }
            return errorTLV11;
        }
    }
}
