package com.gallagher.security.fidoauthenticators;

import android.security.keystore.KeyGenParameterSpec;
import java.io.BufferedInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.net.ssl.HttpsURLConnection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
class Utils {
    private static final String HMAC_ALGORITHM = "HmacSHA256";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) Utils.class);
    public static final String MIGRATED_USERNAME = "Migrated";

    Utils() {
    }

    public static HttpURLConnection createConnection(String str, String str2, boolean z) throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setDoOutput(z);
        httpURLConnection.setRequestMethod(str2);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setConnectTimeout(0);
        httpURLConnection.setReadTimeout(0);
        httpURLConnection.setRequestProperty("Content-Type", "application/json");
        httpURLConnection.setInstanceFollowRedirects(false);
        httpURLConnection.connect();
        return httpURLConnection;
    }

    public static byte[] decrypt(byte[] bArr, Key key, byte[] bArr2, String str) throws Exception {
        Cipher cipher = Cipher.getInstance(str);
        cipher.init(2, key, new IvParameterSpec(bArr2));
        return cipher.doFinal(bArr);
    }

    public static FidoASMUnwrappedKeyHandle decryptKeyHandle(FidoASMPersistenceKeyHandle fidoASMPersistenceKeyHandle, SecretKey secretKey, String str, SecretKey secretKey2) throws Exception {
        if (fidoASMPersistenceKeyHandle.getKeyHandlePacket() == null) {
            return new FidoASMUnwrappedKeyHandle(MIGRATED_USERNAME);
        }
        byte[] decodeBase64UrlSafe = Base64.decodeBase64UrlSafe(fidoASMPersistenceKeyHandle.getKeyHandlePacket());
        ByteBuffer wrap = ByteBuffer.wrap(decodeBase64UrlSafe);
        byte[] bArr = new byte[16];
        byte[] bArr2 = new byte[32];
        byte[] bArr3 = new byte[(decodeBase64UrlSafe.length - 16) - 32];
        wrap.get(bArr);
        wrap.get(bArr2);
        wrap.get(bArr3);
        if (verifyHmac(secretKey2, bArr3, bArr2)) {
            return new FidoASMUnwrappedKeyHandle(decrypt(bArr3, secretKey, bArr, str));
        }
        throw new FidoASMException("Failed to verify HMAC for key handle!");
    }

    public static EncryptedKeyHandle encrypt(byte[] bArr, Key key, String str, SecretKey secretKey) throws Exception {
        Cipher cipher = Cipher.getInstance(str);
        cipher.init(1, key);
        byte[] iv = cipher.getIV();
        byte[] doFinal = cipher.doFinal(bArr);
        return new EncryptedKeyHandle(doFinal, iv, performHmac(secretKey, doFinal));
    }

    public static String fetch(String str, String str2, Map<String, String> map, String str3) throws IOException {
        byte[] bArr;
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL(str).openConnection();
        try {
            httpsURLConnection.setRequestMethod(str2);
            if (map != null) {
                for (Map.Entry<String, String> entry : map.entrySet()) {
                    httpsURLConnection.setRequestProperty(entry.getKey(), entry.getValue());
                }
            }
            if (str3 != null) {
                httpsURLConnection.setDoOutput(true);
                OutputStream outputStream = httpsURLConnection.getOutputStream();
                outputStream.write(str3.getBytes(FidoAssertionBuilder.UTF8));
                outputStream.flush();
            }
            InputStream errorStream = httpsURLConnection.getResponseCode() >= 400 ? httpsURLConnection.getErrorStream() : httpsURLConnection.getInputStream();
            String str4 = null;
            if (errorStream != null) {
                BufferedInputStream bufferedInputStream = new BufferedInputStream(errorStream);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                byte[] bArr2 = new byte[512];
                while (true) {
                    int read = bufferedInputStream.read(bArr2);
                    if (read == -1) {
                        break;
                    }
                    byteArrayOutputStream.write(bArr2, 0, read);
                }
                bArr = byteArrayOutputStream.toByteArray();
            } else {
                bArr = null;
            }
            if (bArr != null && bArr.length != 0) {
                str4 = new String(bArr, FidoAssertionBuilder.UTF8);
            }
            return str4;
        } finally {
            httpsURLConnection.disconnect();
        }
    }

    public static FidoAuthenticatorParams getAuthenticatorParams(String str) {
        str.hashCode();
        char c = 65535;
        switch (str.hashCode()) {
            case 1534736024:
                if (str.equals("0041#A003")) {
                    c = 0;
                    break;
                }
                break;
            case 1534736025:
                if (str.equals("0041#A004")) {
                    c = 1;
                    break;
                }
                break;
            case 1534736027:
                if (str.equals("0041#A006")) {
                    c = 2;
                    break;
                }
                break;
        }
        switch (c) {
            case 0:
                return FidoSilentAuthenticator.authenticatorParams;
            case 1:
                return FidoFingerprintAuthenticator.authenticatorParams;
            case 2:
                return FidoPinAuthenticator.authenticatorParams;
            default:
                return null;
        }
    }

    public static KeyIDAndUsername[] getDecryptedKeyAndUsernames(FidoASMPersistenceKeyHandle[] fidoASMPersistenceKeyHandleArr, SecretKey secretKey, String str, SecretKey secretKey2) throws Exception {
        FidoASMUnwrappedKeyHandle decryptKeyHandle;
        ArrayList arrayList = new ArrayList();
        for (FidoASMPersistenceKeyHandle fidoASMPersistenceKeyHandle : fidoASMPersistenceKeyHandleArr) {
            if (fidoASMPersistenceKeyHandle.getKeyHandlePacket() != null && (decryptKeyHandle = decryptKeyHandle(fidoASMPersistenceKeyHandle, secretKey, str, secretKey2)) != null && decryptKeyHandle.getUsername() != null) {
                arrayList.add(new KeyIDAndUsername(fidoASMPersistenceKeyHandle.getKeyID(), decryptKeyHandle.getUsername()));
            }
        }
        return (KeyIDAndUsername[]) arrayList.toArray(new KeyIDAndUsername[arrayList.size()]);
    }

    public static SecretKey getHmacKey(String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        SecretKey secretKey = (SecretKey) keyStore.getKey(str, null);
        if (secretKey != null) {
            return secretKey;
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance(HMAC_ALGORITHM, "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 4).build());
        return keyGenerator.generateKey();
    }

    public static SecretKey getKeyHandleEncryptorKey(String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (keyStore.getKey(str, null) != null) {
            return (SecretKey) keyStore.getKey(str, null);
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").build());
        return keyGenerator.generateKey();
    }

    public static String getRegistrationCountPacket(long j, SecretKey secretKey) {
        ByteBuffer allocate = ByteBuffer.allocate(8);
        allocate.putLong(j + 1);
        try {
            byte[] performHmac = performHmac(secretKey, allocate.array());
            ByteBuffer allocate2 = ByteBuffer.allocate(allocate.capacity() + performHmac.length);
            allocate2.put(allocate.array());
            allocate2.put(performHmac);
            return Base64.encodeBase64UrlSafe(allocate2.array());
        } catch (Exception e) {
            LOG.error("Failed to get HMAC", (Throwable) e);
            return null;
        }
    }

    public static String getTrustedFacetList(String str) throws IOException {
        return getTrustedFacetList(createConnection(str, "GET", false), 0);
    }

    private static String getTrustedFacetList(HttpURLConnection httpURLConnection, int i) {
        try {
            int responseCode = httpURLConnection.getResponseCode();
            if (responseCode >= 300 && responseCode <= 399 && i < 5) {
                if (Boolean.parseBoolean(httpURLConnection.getHeaderField("FIDO-AppID-Redirect-Authorized"))) {
                    return getTrustedFacetList(createConnection(httpURLConnection.getHeaderField("Location"), "GET", false), i + 1);
                }
                return null;
            }
            if (responseCode != 200 && responseCode != 201) {
                return null;
            }
            InputStream inputStream = httpURLConnection.getInputStream();
            if (inputStream == null) {
                return null;
            }
            BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[512];
            while (true) {
                int read = bufferedInputStream.read(bArr);
                if (read == -1) {
                    return new String(byteArrayOutputStream.toByteArray(), FidoAssertionBuilder.UTF8);
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
        } catch (IOException unused) {
            return null;
        } finally {
            httpURLConnection.disconnect();
        }
    }

    public static byte[] performHmac(SecretKey secretKey, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance(HMAC_ALGORITHM);
        mac.init(secretKey);
        return mac.doFinal(bArr);
    }

    static String[] removeString(String[] strArr, String str) {
        String[] strArr2 = new String[strArr.length];
        int i = 0;
        for (String str2 : strArr) {
            if (!str2.equals(str)) {
                strArr2[i] = str2;
                i++;
            }
        }
        return i < strArr.length ? (String[]) Arrays.copyOf(strArr2, i) : strArr2;
    }

    public static long verifyAndReturnRegistrationCount(SecretKey secretKey, String str) {
        ByteBuffer wrap = ByteBuffer.wrap(Base64.decodeBase64UrlSafe(str));
        long j = wrap.getLong();
        wrap.position(0);
        byte[] bArr = new byte[8];
        wrap.get(bArr);
        byte[] bArr2 = new byte[32];
        if (wrap.remaining() != 32) {
            throw new FatalError("HMAC not expected length!");
        }
        wrap.get(bArr2);
        try {
            if (verifyHmac(secretKey, bArr, bArr2)) {
                return j;
            }
            return -1L;
        } catch (Exception e) {
            LOG.error("Failed to verify HMAC for registration count", (Throwable) e);
            return -1L;
        }
    }

    public static boolean verifyHmac(SecretKey secretKey, byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance(HMAC_ALGORITHM);
        mac.init(secretKey);
        return Arrays.equals(mac.doFinal(bArr), bArr2);
    }
}
