package com.gallagher.security.fidoauthenticators;

import android.content.Context;
import javax.crypto.SecretKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import rx.Observable;
import rx.functions.Action0;
import rx.functions.Action1;
import rx.functions.Func1;
import rx.schedulers.Schedulers;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class FidoPinAuthenticator {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private static final String AES_TRANSFORMATION = "AES/CBC/PKCS7Padding";
    private static final String HMAC_ALIAS = "HMAC-0041#A006";
    private static final String KEYHANDLE_ENCRYPTOR_ALIAS = "KeyhandleEncryptor-0041#A006";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) FidoPinAuthenticator.class);
    static final String AAID_STRING = "0041#A006";
    static final FidoAuthenticatorParams authenticatorParams = new FidoAuthenticatorParams(AAID_STRING.getBytes(FidoAssertionBuilder.UTF8), 1, FidoAuthenticationAlgorithm.ALG_SIGN_SECP256R1_ECDSA_SHA256_RAW, FidoPublicKeyEncoding.ALG_KEY_ECC_X962_RAW, true, false);

    FidoPinAuthenticator() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Observable<Void> authenticate(Context context, final FidoASMPersistenceKeyHandle fidoASMPersistenceKeyHandle, final FidoASM fidoASM, final TitleAndDescription titleAndDescription, final String str) throws Exception {
        final Ref ref = new Ref(null);
        final FidoASMUnwrappedKeyHandle decryptKeyHandle = Utils.decryptKeyHandle(fidoASMPersistenceKeyHandle, Utils.getKeyHandleEncryptorKey(KEYHANDLE_ENCRYPTOR_ALIAS), AES_TRANSFORMATION, Utils.getHmacKey(HMAC_ALIAS));
        decryptKeyHandle.incrementSignCount();
        fidoASM.updateKeyHandle(context, AAID_STRING, str, fidoASMPersistenceKeyHandle.keyID, getEncryptedKeyHandle(decryptKeyHandle).getBase64UrlSafe());
        return FidoUiHostActivity.start(context).flatMap(new Func1<FidoUiHostActivity, Observable<Void>>() { // from class: com.gallagher.security.fidoauthenticators.FidoPinAuthenticator.9
            @Override // rx.functions.Func1
            public Observable<Void> call(FidoUiHostActivity fidoUiHostActivity) {
                Ref.this.set(fidoUiHostActivity);
                return new FidoPinAuthenticationManager(fidoUiHostActivity, titleAndDescription.getTitle(), titleAndDescription.getDescription(), new String(Base64.decodeBase64UrlSafe(fidoASMPersistenceKeyHandle.keyID))).authenticate(decryptKeyHandle, fidoASM, fidoASMPersistenceKeyHandle.keyID, str);
            }
        }).doOnNext(new Action1<Void>() { // from class: com.gallagher.security.fidoauthenticators.FidoPinAuthenticator.8
            @Override // rx.functions.Action1
            public void call(Void r1) {
                FidoUiHostActivity fidoUiHostActivity = (FidoUiHostActivity) Ref.this.get();
                if (fidoUiHostActivity != null) {
                    fidoUiHostActivity.finish();
                }
            }
        }).observeOn(Clock.wrap(AndroidMainThreadScheduler.getInstance())).doOnUnsubscribe(new Action0() { // from class: com.gallagher.security.fidoauthenticators.FidoPinAuthenticator.7
            @Override // rx.functions.Action0
            public void call() {
                FidoUiHostActivity fidoUiHostActivity = (FidoUiHostActivity) Ref.this.get();
                if (fidoUiHostActivity != null) {
                    fidoUiHostActivity.finish(200L);
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Observable<String> authenticate(final FidoEngine fidoEngine, final FidoASMPersistenceKeyHandle fidoASMPersistenceKeyHandle, final FidoASM fidoASM, final TitleAndDescription titleAndDescription, final String str) throws Exception {
        final Ref ref = new Ref(null);
        final FidoASMUnwrappedKeyHandle decryptKeyHandle = Utils.decryptKeyHandle(fidoASMPersistenceKeyHandle, Utils.getKeyHandleEncryptorKey(KEYHANDLE_ENCRYPTOR_ALIAS), AES_TRANSFORMATION, Utils.getHmacKey(HMAC_ALIAS));
        decryptKeyHandle.incrementSignCount();
        fidoASM.updateKeyHandle(fidoEngine.context, AAID_STRING, str, fidoASMPersistenceKeyHandle.keyID, getEncryptedKeyHandle(decryptKeyHandle).getBase64UrlSafe());
        return FidoUiHostActivity.start(fidoEngine.context).flatMap(new Func1<FidoUiHostActivity, Observable<Void>>() { // from class: com.gallagher.security.fidoauthenticators.FidoPinAuthenticator.6
            @Override // rx.functions.Func1
            public Observable<Void> call(FidoUiHostActivity fidoUiHostActivity) {
                Ref.this.set(fidoUiHostActivity);
                return new FidoPinAuthenticationManager(fidoUiHostActivity, titleAndDescription.getTitle(), titleAndDescription.getDescription(), fidoEngine.getKeyName()).authenticate(decryptKeyHandle, fidoASM, fidoASMPersistenceKeyHandle.keyID, str);
            }
        }).observeOn(Clock.wrap(Schedulers.newThread())).flatMap(new Func1<Void, Observable<String>>() { // from class: com.gallagher.security.fidoauthenticators.FidoPinAuthenticator.5
            @Override // rx.functions.Func1
            public Observable<String> call(Void r3) {
                return FidoEngine.this.authenticate(decryptKeyHandle.getSignCount());
            }
        }).observeOn(Clock.wrap(AndroidMainThreadScheduler.getInstance())).doOnUnsubscribe(new Action0() { // from class: com.gallagher.security.fidoauthenticators.FidoPinAuthenticator.4
            @Override // rx.functions.Action0
            public void call() {
                FidoUiHostActivity fidoUiHostActivity = (FidoUiHostActivity) Ref.this.get();
                if (fidoUiHostActivity != null) {
                    fidoUiHostActivity.finish(200L);
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Observable<Void> deregister(final FidoEngine fidoEngine) {
        return fidoEngine.deregister().subscribeOn(Schedulers.newThread()).observeOn(AndroidMainThreadScheduler.getInstance()).doOnNext(new Action1<Void>() { // from class: com.gallagher.security.fidoauthenticators.FidoPinAuthenticator.10
            @Override // rx.functions.Action1
            public void call(Void r2) {
                FidoPinAuthenticationManager.deregister(FidoEngine.this.getKeyName(), FidoEngine.this.context);
            }
        });
    }

    public static KeyIDAndUsername[] getDecryptedKeyAndUsernames(FidoASMPersistenceKeyHandle[] fidoASMPersistenceKeyHandleArr) throws Exception {
        return Utils.getDecryptedKeyAndUsernames(fidoASMPersistenceKeyHandleArr, Utils.getKeyHandleEncryptorKey(KEYHANDLE_ENCRYPTOR_ALIAS), AES_TRANSFORMATION, Utils.getHmacKey(HMAC_ALIAS));
    }

    public static EncryptedKeyHandle getEncryptedKeyHandle(FidoASMUnwrappedKeyHandle fidoASMUnwrappedKeyHandle) throws Exception {
        return Utils.encrypt(fidoASMUnwrappedKeyHandle.getBytePacket(), Utils.getKeyHandleEncryptorKey(KEYHANDLE_ENCRYPTOR_ALIAS), AES_TRANSFORMATION, Utils.getHmacKey(HMAC_ALIAS));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Observable<FidoRegistrationAndMetadata> register(final FidoEngine fidoEngine, final TitleAndDescription titleAndDescription, final String str, String str2) {
        try {
            SecretKey hmacKey = Utils.getHmacKey(HMAC_ALIAS);
            final long verifyAndReturnRegistrationCount = str2.equals("1") ? 1L : Utils.verifyAndReturnRegistrationCount(hmacKey, str2);
            if (verifyAndReturnRegistrationCount < 1) {
                return Observable.error(new AuthenticatorException("HMAC verification failed!", null));
            }
            final String registrationCountPacket = Utils.getRegistrationCountPacket(verifyAndReturnRegistrationCount, hmacKey);
            if (registrationCountPacket == null) {
                return Observable.error(new AuthenticatorException("Failed to get HMAC verification packet!", null));
            }
            final Ref ref = new Ref(null);
            return FidoUiHostActivity.start(fidoEngine.context).flatMap(new Func1<FidoUiHostActivity, Observable<FidoASMUnwrappedKeyHandle>>() { // from class: com.gallagher.security.fidoauthenticators.FidoPinAuthenticator.3
                @Override // rx.functions.Func1
                public Observable<FidoASMUnwrappedKeyHandle> call(FidoUiHostActivity fidoUiHostActivity) {
                    Ref.this.set(fidoUiHostActivity);
                    FidoPinAuthenticationManager fidoPinAuthenticationManager = new FidoPinAuthenticationManager(fidoUiHostActivity, titleAndDescription.getTitle(), titleAndDescription.getDescription(), fidoEngine.getKeyName());
                    return !fidoPinAuthenticationManager.canRegister() ? Observable.error(new FidoRegistrationException("PIN registration not available")) : fidoPinAuthenticationManager.register(str);
                }
            }).observeOn(Clock.wrap(Schedulers.newThread())).flatMap(new Func1<FidoASMUnwrappedKeyHandle, Observable<FidoRegistrationAndMetadata>>() { // from class: com.gallagher.security.fidoauthenticators.FidoPinAuthenticator.2
                @Override // rx.functions.Func1
                public Observable<FidoRegistrationAndMetadata> call(final FidoASMUnwrappedKeyHandle fidoASMUnwrappedKeyHandle) {
                    return FidoEngine.this.register(verifyAndReturnRegistrationCount).map(new Func1<String, FidoRegistrationAndMetadata>() { // from class: com.gallagher.security.fidoauthenticators.FidoPinAuthenticator.2.1
                        @Override // rx.functions.Func1
                        public FidoRegistrationAndMetadata call(String str3) {
                            try {
                                return new FidoRegistrationAndMetadata(str3, Utils.encrypt(fidoASMUnwrappedKeyHandle.getBytePacket(), Utils.getKeyHandleEncryptorKey(FidoPinAuthenticator.KEYHANDLE_ENCRYPTOR_ALIAS), FidoPinAuthenticator.AES_TRANSFORMATION, Utils.getHmacKey(FidoPinAuthenticator.HMAC_ALIAS)).getBase64UrlSafe(), registrationCountPacket);
                            } catch (Exception e) {
                                FidoPinAuthenticator.LOG.error("Failed to encrypt key handle", (Throwable) e);
                                return null;
                            }
                        }
                    });
                }
            }).observeOn(Clock.wrap(AndroidMainThreadScheduler.getInstance())).doOnUnsubscribe(new Action0() { // from class: com.gallagher.security.fidoauthenticators.FidoPinAuthenticator.1
                @Override // rx.functions.Action0
                public void call() {
                    FidoUiHostActivity fidoUiHostActivity = (FidoUiHostActivity) Ref.this.get();
                    if (fidoUiHostActivity != null) {
                        fidoUiHostActivity.finish(200L);
                    }
                }
            });
        } catch (Exception e) {
            LOG.error("Failed to obtain HMAC key", (Throwable) e);
            return Observable.error(e);
        }
    }
}
