package com.hsecure.xpass.lib.sdk.authenticator.auth.api;

import android.content.Context;
import com.hsecure.xpass.lib.sdk.authenticator.common.LogUtil;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.assertion.AuthAssertion;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.command.SignCmd;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.command.SignCmdResp;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.command.UserNameKeyHandle;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.constant.AuthException;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.constant.Tags;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.crypto.AndroidKeyStore;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.crypto.CryptoHelper;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.db.AuthConfig;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.db.AuthDBHelper;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.db.Authenticator;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.db.KeyInfo;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.utility.AndroidFileHelper;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.utility.ByteHelper;
import com.hsecure.xpass.lib.sdk.authenticator.common.auth.utility.RawKeyHandle;
import com.hsecure.xpass.lib.sdk.authenticator.common.uaf.utility.Base64URLHelper;
import com.hsecure.xpass.lib.sdk.authenticator.common.uaf.utility.FIDODebug;
import java.util.ArrayList;
import java.util.Arrays;

/* loaded from: classes.dex */
public class Auth_Sign {
    private static final String TAG = "Auth_Sign";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class Handles {
        private RawKeyHandle[] rawKeyHandles;
        private UserNameKeyHandle[] userNameKeyHandles;

        private Handles() {
        }

        public RawKeyHandle[] getRawKeyHandles() {
            return this.rawKeyHandles;
        }

        public UserNameKeyHandle[] getUserNameKeyHandles() {
            return this.userNameKeyHandles;
        }

        public void setRawKeyHandles(RawKeyHandle[] rawKeyHandleArr) {
            this.rawKeyHandles = rawKeyHandleArr;
        }

        public void setUserNameKeyHandles(UserNameKeyHandle[] userNameKeyHandleArr) {
            this.userNameKeyHandles = userNameKeyHandleArr;
        }

        public String toString() {
            return "UnameKeyHandles [rawKeyHandles=" + Arrays.toString(this.rawKeyHandles) + ", userNameKeyHandles=" + Arrays.toString(this.userNameKeyHandles) + "]";
        }
    }

    private static SignCmdResp createAssertionResponse(SignCmd signCmd, AuthDBHelper authDBHelper, Authenticator authenticator, RawKeyHandle rawKeyHandle) {
        SignCmdResp signCmdResp = new SignCmdResp();
        KeyInfo keyInfo = authDBHelper.getKeyInfo(authenticator.getAAID(), rawKeyHandle.getKeyId());
        if (keyInfo == null) {
            if (FIDODebug.Debug) {
                LogUtil.e(TAG, "KeyInfo가 조회되지 않음");
            }
            signCmdResp.setStatusCode((short) 1);
            return signCmdResp;
        }
        AuthAssertion authAssertion = new AuthAssertion();
        authAssertion.setAAID(authenticator.getAAID());
        authAssertion.setAuthenticatorVersion(Short.valueOf(authenticator.getAuthenticatorVersion()));
        if (signCmd.getTransactionContent() == null) {
            authAssertion.setAuthenticationMode(Byte.valueOf(Tags.Value_User_Explicitly_Verified));
            authAssertion.setTrContentHash(null);
        } else {
            authAssertion.setAuthenticationMode(Byte.valueOf(Tags.Value_User_Explicitly_Confirm_Tranaction_Content));
            try {
                authAssertion.setTrContentHash(CryptoHelper.hashWithSHA256(signCmd.getTransactionContent()));
            } catch (AuthException unused) {
                if (FIDODebug.Debug) {
                    LogUtil.e(TAG, "트랜잭션 해시에 실패함");
                }
                signCmdResp.setStatusCode((short) 1);
                return signCmdResp;
            }
        }
        authAssertion.setSignatureAlgAndEncoding(Short.valueOf(authenticator.getAuthenticationAlg()));
        byte[] bArr = new byte[20];
        try {
            CryptoHelper.generateRandom(bArr);
            authAssertion.setAuthnrNonce(bArr);
            authAssertion.setFinalChallenge(signCmd.getFinalChallenge());
            authAssertion.setKeyId(rawKeyHandle.getKeyId());
            authAssertion.setSignCounter(Integer.valueOf(keyInfo.getSignCounter()));
            try {
                byte[] encode_SignedData = authAssertion.encode_SignedData();
                short authenticationAlg = authenticator.getAuthenticationAlg();
                authAssertion.setSignature(CryptoHelper.sign(CryptoHelper.getPrivateKeyfromBytes(rawKeyHandle.getUPrivKey(), authenticationAlg), encode_SignedData, authenticationAlg));
                signCmdResp.setStatusCode((short) 0);
                signCmdResp.setAuthAssertion(authAssertion);
                keyInfo.setSignCounter(keyInfo.getSignCounter() + 1);
                if (!authDBHelper.updateKeyInfo(keyInfo)) {
                    if (FIDODebug.Debug) {
                        LogUtil.e(TAG, "서명 카운터 정보를 DB에 갱신하는데 실패함 : " + keyInfo.toString());
                    }
                    signCmdResp.setStatusCode((short) 1);
                }
                return signCmdResp;
            } catch (AuthException unused2) {
                if (FIDODebug.Debug) {
                    LogUtil.e(TAG, "서명 생성에 실패함");
                }
                signCmdResp.setStatusCode((short) 1);
                return signCmdResp;
            }
        } catch (AuthException unused3) {
            if (FIDODebug.Debug) {
                LogUtil.e(TAG, "Nonce 생성에 실패함");
            }
            signCmdResp.setStatusCode((short) 1);
            return signCmdResp;
        }
    }

    private static void debugWriteAssertion(AuthAssertion authAssertion, String str) {
        try {
            byte[] encode = authAssertion.encode();
            AndroidFileHelper.outputSDFile(encode, str + ".bin");
            AndroidFileHelper.writeSDFile(Base64URLHelper.encodeToString(encode), str + ".txt", "UTF-8");
        } catch (AuthException e) {
            LogUtil.e(TAG, e.getMessage());
        }
    }

    private Handles filterKeyHandle(byte[] bArr, byte[][] bArr2, byte[] bArr3) {
        int length = bArr2.length;
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        int i = 0;
        int i2 = 0;
        while (true) {
            if (i >= length) {
                RawKeyHandle[] rawKeyHandleArr = new RawKeyHandle[i2];
                arrayList.toArray(rawKeyHandleArr);
                UserNameKeyHandle[] userNameKeyHandleArr = new UserNameKeyHandle[i2];
                arrayList2.toArray(userNameKeyHandleArr);
                Handles handles = new Handles();
                handles.setRawKeyHandles(rawKeyHandleArr);
                handles.setUserNameKeyHandles(userNameKeyHandleArr);
                return handles;
            }
            try {
                RawKeyHandle restoreRawKeyHandle = RawKeyHandle.restoreRawKeyHandle(bArr, bArr2[i]);
                if (Arrays.equals(restoreRawKeyHandle.getKHAccessToken(), bArr3)) {
                    arrayList.add(restoreRawKeyHandle);
                    arrayList2.add(new UserNameKeyHandle(restoreRawKeyHandle.getUserName(), bArr2[i]));
                    i2++;
                }
                i++;
            } catch (AuthException unused) {
                return null;
            }
        }
    }

    private static byte[] getErrorTLV(short s) {
        SignCmdResp signCmdResp = new SignCmdResp();
        signCmdResp.setStatusCode(s);
        try {
            return signCmdResp.encode();
        } catch (AuthException unused) {
            return null;
        }
    }

    public byte[] process(Context context, byte[] bArr) {
        if (FIDODebug.Debug) {
            LogUtil.d(TAG, "Auth_Sign 요청 메시지: " + ByteHelper.byteArrayToHexString(bArr));
        }
        try {
            SignCmd decode = SignCmd.decode(bArr);
            SignCmdResp signCmdResp = new SignCmdResp();
            AuthDBHelper authDBHelper = AuthDBHelper.getInstance(context);
            Authenticator authenticator = authDBHelper.getAuthenticator(decode.getAuthenticatorIndex().byteValue());
            if (authenticator == null) {
                byte[] errorTLV = getErrorTLV((short) 1);
                if (FIDODebug.Debug) {
                    LogUtil.e(TAG, "Auth_Sign 응답 메시지 " + decode.getAuthenticatorIndex() + " 인증장치가 존재하지 않음): " + ByteHelper.byteArrayToHexString(errorTLV));
                }
                return errorTLV;
            }
            if (AndroidKeyStore.isAndroidKeyStoreSupported()) {
                try {
                    byte[] decryptEncryptedKeyData = AndroidKeyStore.decryptEncryptedKeyData(AndroidKeyStore.getAuthKeyfromAndroidKeyStore(new String(authenticator.getAAID())), authenticator.getWrapKey());
                    byte[] decryptwithWrapKey = CryptoHelper.decryptwithWrapKey(decryptEncryptedKeyData, authenticator.getAttestPrivKey());
                    authenticator.setWrapKey(decryptEncryptedKeyData);
                    authenticator.setAttestPrivKey(decryptwithWrapKey);
                    LogUtil.d(TAG, "Android Key Store를 이용하여 복호");
                } catch (AuthException unused) {
                    byte[] errorTLV2 = getErrorTLV((short) 1);
                    if (FIDODebug.Debug) {
                        LogUtil.e(TAG, "Auth_Sign 응답 메시지(Auth PrivateKey로 Wrap Key와 Attestation Private Key를 복호화하는데 실패함): " + ByteHelper.byteArrayToHexString(errorTLV2));
                    }
                    return errorTLV2;
                }
            }
            AuthConfig authConfig = authDBHelper.getAuthConfig();
            if (authConfig == null) {
                byte[] errorTLV3 = getErrorTLV((short) 1);
                if (FIDODebug.Debug) {
                    LogUtil.e(TAG, "Auth_Sign 응답 메시지(authConfig를 조회하지 못 함): " + ByteHelper.byteArrayToHexString(errorTLV3));
                }
                return errorTLV3;
            }
            if (!Auth_Verify.isUVTokenOk(authConfig, decode.getUserVerifyToken())) {
                byte[] errorTLV4 = getErrorTLV((short) 2);
                if (FIDODebug.Debug) {
                    LogUtil.e(TAG, "Auth_Sign 응답 메시지(UserVerificationToken 검증에 실패함): " + ByteHelper.byteArrayToHexString(errorTLV4));
                }
                return errorTLV4;
            }
            Handles filterKeyHandle = filterKeyHandle(authenticator.getWrapKey(), decode.getKeyHandles(), decode.getKHAccessToken());
            if (filterKeyHandle == null) {
                byte[] errorTLV5 = getErrorTLV((short) 1);
                if (FIDODebug.Debug) {
                    LogUtil.e(TAG, "Auth_Sign 응답 메시지(Raw Key Handle 복원에 실패함): " + ByteHelper.byteArrayToHexString(errorTLV5));
                }
                return errorTLV5;
            }
            RawKeyHandle[] rawKeyHandles = filterKeyHandle.getRawKeyHandles();
            int length = rawKeyHandles.length;
            if (length == 0) {
                byte[] errorTLV6 = getErrorTLV((short) 2);
                if (FIDODebug.Debug) {
                    LogUtil.e(TAG, "Auth_Sign 응답 메시지(조건에 맞는 Raw Key Handle이 없음): " + ByteHelper.byteArrayToHexString(errorTLV6));
                }
                return errorTLV6;
            }
            if (length == 1) {
                signCmdResp = createAssertionResponse(decode, authDBHelper, authenticator, rawKeyHandles[0]);
            } else if (length >= 2) {
                UserNameKeyHandle[] userNameKeyHandles = filterKeyHandle.getUserNameKeyHandles();
                signCmdResp.setStatusCode((short) 0);
                signCmdResp.setUserNameKeyHandles(userNameKeyHandles);
            }
            try {
                byte[] encode = signCmdResp.encode();
                if (signCmdResp.getStatusCode() == 0) {
                    if (FIDODebug.Debug) {
                        LogUtil.d(TAG, "Auth_Sign 응답 메시지(성공): " + ByteHelper.byteArrayToHexString(encode));
                    }
                } else if (FIDODebug.Debug) {
                    LogUtil.d(TAG, "Auth_Sign 응답 메시지(실패): " + ByteHelper.byteArrayToHexString(encode));
                }
                return encode;
            } catch (AuthException unused2) {
                byte[] errorTLV7 = getErrorTLV((short) 1);
                if (FIDODebug.Debug) {
                    LogUtil.e(TAG, "Auth_Sign 응답 메시지(Auth_Sign_Response TLV 생성에 실패함): " + ByteHelper.byteArrayToHexString(errorTLV7));
                }
                return errorTLV7;
            }
        } catch (AuthException unused3) {
            byte[] errorTLV8 = getErrorTLV((short) 1);
            if (FIDODebug.Debug) {
                LogUtil.e(TAG, "Auth_Sign 응답 메시지(명령어 디코딩에 실패함): " + ByteHelper.byteArrayToHexString(errorTLV8));
            }
            return errorTLV8;
        }
    }
}
