package com.dream.magic.fido.authenticator.auth.api;

import android.content.Context;
import android.os.Bundle;
import com.dream.magic.fido.authenticator.auth.AuthCore;
import com.dream.magic.fido.authenticator.common.auth.command.SignCmd;
import com.dream.magic.fido.authenticator.common.auth.command.SignCmdResp;
import com.dream.magic.fido.authenticator.common.auth.command.UserNameKeyHandle;
import com.dream.magic.fido.authenticator.common.auth.crypto.AndroidKeyStore;
import com.dream.magic.fido.authenticator.common.auth.db.AuthConfig;
import com.dream.magic.fido.authenticator.common.auth.db.AuthDBHelper;
import com.dream.magic.fido.authenticator.common.auth.db.Authenticator;
import com.dream.magic.fido.authenticator.common.auth.db.KeyInfo;
import com.dream.magic.fido.authenticator.common.auth.utility.RawKeyHandle;
import com.dream.magic.fido.authenticator.g;
import com.dream.magic.fido.authenticator.local.kfido.KSignedDataUtill;
import com.dream.magic.fido.uaf.auth.assertion.AuthAssertion;
import com.dream.magic.fido.uaf.auth.common.AuthException;
import com.dream.magic.fido.uaf.auth.common.Tags;
import com.dream.magic.fido.uaf.auth.crypto.CryptoConst;
import com.dream.magic.fido.uaf.auth.crypto.CryptoHelper;
import com.dream.magic.fido.uaf.util.ByteHelper;
import com.dreamsecurity.jcaos.pkcs.PKCS8;
import com.dreamsecurity.jcaos.pkcs.PKCS8PrivateKeyInfo;
import com.dreamsecurity.jcaos.util.encoders.Base64;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import javax.crypto.SecretKey;

/* loaded from: classes2.dex */
public class Auth_Sign {
    public static final String EXCEPTION_BIO = "INVALID_BIO_VERIFY";
    public static final String EXCEPTION_PW = "INVALID_PW_VERIFY";
    private static final String TAG = "Auth_Sign";
    private static byte[] m_tRContentHash;
    private byte[] userRandom = null;
    public final String signKey_baWrapKey = "signKey_baWrapKey";
    public final String signKey_baUserCert = "regKey_KCertCMD";
    public final String signKey_baUVToken = "signKey_baUVToken";
    private X509Certificate m_X509SvrCert = null;
    private String m_cipherAlgorithm = null;

    /* loaded from: classes2.dex */
    public class Handles {

        /* renamed from: a, reason: collision with root package name */
        private RawKeyHandle[] f7623a;

        /* renamed from: b, reason: collision with root package name */
        private UserNameKeyHandle[] f7624b;

        public Handles(Auth_Sign auth_Sign) {
        }

        public RawKeyHandle[] getRawKeyHandles() {
            return this.f7623a;
        }

        public UserNameKeyHandle[] getUserNameKeyHandles() {
            return this.f7624b;
        }

        public void setRawKeyHandles(RawKeyHandle[] rawKeyHandleArr) {
            this.f7623a = rawKeyHandleArr;
        }

        public void setUserNameKeyHandles(UserNameKeyHandle[] userNameKeyHandleArr) {
            this.f7624b = userNameKeyHandleArr;
        }

        public String toString() {
            return "UnameKeyHandles [rawKeyHandles=" + Arrays.toString(this.f7623a) + ", userNameKeyHandles=" + Arrays.toString(this.f7624b) + "]";
        }
    }

    private PKCS8PrivateKeyInfo checkPrivateKey(RawKeyHandle rawKeyHandle, byte[] bArr, boolean z) throws Exception {
        return new PKCS8(bArr).decrypt(z ? rawKeyHandle.getEncBioPrivKey() : rawKeyHandle.getEncPWPrivKey());
    }

    private static SignCmdResp createAssertionResponse(SignCmd signCmd, AuthDBHelper authDBHelper, Authenticator authenticator, RawKeyHandle rawKeyHandle, byte[] bArr) {
        String str;
        String str2;
        SignCmdResp signCmdResp = new SignCmdResp();
        KeyInfo keyInfo = authDBHelper.getKeyInfo(authenticator.getAAID(), rawKeyHandle.getKeyId());
        if (keyInfo == null) {
            str = TAG;
            str2 = "KeyInfo가 조회되지 않음";
        } else {
            AuthAssertion authAssertion = new AuthAssertion();
            authAssertion.setAAID(authenticator.getAAID());
            authAssertion.setAuthenticatorVersion(Short.valueOf(authenticator.getAuthenticatorVersion()));
            if (signCmd.getTransactionContent() == null) {
                authAssertion.setAuthenticationMode(Byte.valueOf(Tags.Value_User_Explicitly_Verified));
                authAssertion.setTrContentHash(null);
            } else {
                authAssertion.setAuthenticationMode(Byte.valueOf(Tags.Value_User_Explicitly_Confirm_Tranaction_Content));
                try {
                    byte[] hashWithSHA256 = CryptoHelper.hashWithSHA256(signCmd.getTransactionContent());
                    m_tRContentHash = hashWithSHA256;
                    authAssertion.setTrContentHash(hashWithSHA256);
                } catch (AuthException unused) {
                    str = TAG;
                    str2 = "트랜잭션 해시에 실패함";
                }
            }
            authAssertion.setSignatureAlgAndEncoding(Short.valueOf(authenticator.getAuthenticationAlg()));
            byte[] bArr2 = new byte[20];
            try {
                CryptoHelper.generateRandom(bArr2);
                authAssertion.setAuthnrNonce(bArr2);
                authAssertion.setFinalChallenge(signCmd.getFinalChallenge());
                authAssertion.setKeyId(rawKeyHandle.getKeyId());
                authAssertion.setSignCounter(Integer.valueOf(keyInfo.getSignCounter()));
                try {
                    byte[] encode_SignedData = authAssertion.encode_SignedData();
                    if (m_tRContentHash == null) {
                        m_tRContentHash = encode_SignedData;
                    }
                    short authenticationAlg = authenticator.getAuthenticationAlg();
                    authAssertion.setSignature(CryptoHelper.sign(CryptoHelper.getPrivateKeyfromBytes(bArr, authenticationAlg), encode_SignedData, authenticationAlg));
                    signCmdResp.setStatusCode((short) 0);
                    signCmdResp.setAuthAssertion(authAssertion);
                    keyInfo.setSignCounter(keyInfo.getSignCounter() + 1);
                    if (authDBHelper.updateKeyInfo(keyInfo)) {
                        return signCmdResp;
                    }
                    str = TAG;
                    str2 = "서명 카운터 정보를 DB에 갱신하는데 실패함 : " + keyInfo.toString();
                } catch (Exception unused2) {
                    str = TAG;
                    str2 = "서명 생성에 실패함";
                }
            } catch (AuthException unused3) {
                str = TAG;
                str2 = "Nonce 생성에 실패함";
            }
        }
        com.dream.magic.fido.authenticator.common.auth.utility.b.c(str, str2);
        signCmdResp.setStatusCode((short) 1);
        return signCmdResp;
    }

    private byte[] createSignedData(com.dreamsecurity.jcaos.x509.X509Certificate x509Certificate, PKCS8PrivateKeyInfo pKCS8PrivateKeyInfo, byte[] bArr) {
        KSignedDataUtill kSignedDataUtill = new KSignedDataUtill();
        String str = TAG;
        com.dream.magic.fido.authenticator.common.auth.utility.b.a(str, ">>Create Signed Data for sending to Server");
        byte[] signedData = kSignedDataUtill.getSignedData(x509Certificate, pKCS8PrivateKeyInfo, bArr);
        this.userRandom = pKCS8PrivateKeyInfo.getRandom();
        com.dream.magic.fido.authenticator.common.auth.utility.b.a(str, ">>>> userRandom : " + this.userRandom);
        if (this.m_cipherAlgorithm != null && this.m_X509SvrCert != null) {
            try {
                com.dream.magic.fido.authenticator.common.auth.utility.b.a(str, ">>Add a unsignedData in SignedData");
                byte[] random = pKCS8PrivateKeyInfo.getRandom();
                SecretKey symetricKey = kSignedDataUtill.getSymetricKey(this.m_cipherAlgorithm);
                byte[] cryptoRandom = kSignedDataUtill.getCryptoRandom(symetricKey, random);
                byte[] cryptoSymKey = kSignedDataUtill.getCryptoSymKey(this.m_X509SvrCert, symetricKey);
                ArrayList<g> arrayList = new ArrayList<>();
                arrayList.add(new g("1.2.410.2004.5.2.10.1", cryptoRandom));
                arrayList.add(new g("1.2.410.2004.5.2.10.2", cryptoSymKey));
                signedData = kSignedDataUtill.addUnSignedAttributes(signedData, kSignedDataUtill.makeUnsignedAttr(arrayList));
            } catch (Exception e2) {
                e2.printStackTrace();
                com.dream.magic.fido.authenticator.common.auth.utility.b.c(TAG, "UnsigendAttribute 생성 실패");
            }
            com.dream.magic.fido.authenticator.common.auth.utility.b.a(TAG, "SignedData : " + new String(Base64.encode((byte[]) signedData.clone())));
        }
        return signedData;
    }

    private Handles filterKeyHandle(Context context, byte[] bArr, SignCmd signCmd, byte[] bArr2) {
        byte[][] keyHandles = signCmd.getKeyHandles();
        int length = keyHandles.length;
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        int i2 = 0;
        for (int i3 = 0; i3 < length; i3++) {
            try {
                RawKeyHandle restoreRawKeyHandle = RawKeyHandle.restoreRawKeyHandle(context, bArr, keyHandles[i3]);
                if (Arrays.equals(restoreRawKeyHandle.getKHAccessToken(), bArr2)) {
                    arrayList.add(restoreRawKeyHandle);
                    arrayList2.add(new UserNameKeyHandle(restoreRawKeyHandle.getUserName(), keyHandles[i3]));
                    i2++;
                }
            } catch (AuthException unused) {
                return null;
            }
        }
        RawKeyHandle[] rawKeyHandleArr = new RawKeyHandle[i2];
        arrayList.toArray(rawKeyHandleArr);
        UserNameKeyHandle[] userNameKeyHandleArr = new UserNameKeyHandle[i2];
        arrayList2.toArray(userNameKeyHandleArr);
        Handles handles = new Handles(this);
        handles.setRawKeyHandles(rawKeyHandleArr);
        handles.setUserNameKeyHandles(userNameKeyHandleArr);
        return handles;
    }

    private static byte[] getErrorTLV(short s) {
        SignCmdResp signCmdResp = new SignCmdResp();
        signCmdResp.setStatusCode(s);
        try {
            return signCmdResp.encode();
        } catch (AuthException unused) {
            return null;
        }
    }

    private void setRandomData(byte[] bArr, String str) {
        if (bArr == null) {
            return;
        }
        try {
            this.m_X509SvrCert = (X509Certificate) CertificateFactory.getInstance(CryptoConst.CERT_X509).generateCertificate(new ByteArrayInputStream(bArr));
            this.m_cipherAlgorithm = str;
        } catch (Exception e2) {
            e2.printStackTrace();
        }
    }

    public byte[] getRandom() {
        return this.userRandom;
    }

    public byte[] getReqUVToken(Context context, byte[] bArr) {
        com.dream.magic.fido.authenticator.common.auth.utility.b.a(TAG, "Auth_Sign 요청 메시지: " + ByteHelper.byteArrayToHexString(bArr));
        try {
            return SignCmd.decode(bArr).getUserVerifyToken();
        } catch (AuthException unused) {
            byte[] errorTLV = getErrorTLV((short) 1);
            com.dream.magic.fido.authenticator.common.auth.utility.b.c(TAG, "Auth_Sign 응답 메시지(명령어 디코딩에 실패함): " + ByteHelper.byteArrayToHexString(errorTLV));
            return null;
        }
    }

    public Bundle preAuthProcess(Context context, byte[] bArr) {
        String str;
        StringBuilder sb;
        String byteArrayToHexString;
        byte[] decryptEncryptedKeyData;
        com.dream.magic.fido.authenticator.common.auth.utility.b.a(TAG, "Auth_Sign 요청 메시지: " + ByteHelper.byteArrayToHexString(bArr));
        Bundle bundle = new Bundle();
        try {
            SignCmd decode = SignCmd.decode(bArr);
            Authenticator authenticator = AuthDBHelper.getInstance(context).getAuthenticator(decode.getAuthenticatorIndex());
            if (AndroidKeyStore.isHWSupported()) {
                try {
                    decryptEncryptedKeyData = AndroidKeyStore.decryptEncryptedKeyData(AndroidKeyStore.getHWAuthKeyPair(new String(authenticator.getAAID())), authenticator.getWrapKey());
                } catch (AuthException unused) {
                    byte[] errorTLV = getErrorTLV((short) 1);
                    str = TAG;
                    sb = new StringBuilder("Auth_Register 응답 메시지(AuthPrivateKey로 Wrap Key와 Attestation Private Key를 복호화하는데 실패함): ");
                    byteArrayToHexString = ByteHelper.byteArrayToHexString(errorTLV);
                    sb.append(byteArrayToHexString);
                    com.dream.magic.fido.authenticator.common.auth.utility.b.c(str, sb.toString());
                    return null;
                }
            } else {
                decryptEncryptedKeyData = authenticator.getWrapKey();
            }
            if (decryptEncryptedKeyData != null) {
                bundle.putByteArray("signKey_baWrapKey", decryptEncryptedKeyData);
            }
            byte[] userSignCert = decode.getUserSignCert();
            if (userSignCert != null) {
                bundle.putByteArray("regKey_KCertCMD", userSignCert);
            }
            return bundle;
        } catch (AuthException unused2) {
            byte[] errorTLV2 = getErrorTLV((short) 1);
            str = TAG;
            sb = new StringBuilder("Auth_Sign 응답 메시지(명령어 디코딩에 실패함): ");
            byteArrayToHexString = ByteHelper.byteArrayToHexString(errorTLV2);
        }
    }

    public byte[] process(Context context, byte[] bArr, boolean z) throws Exception {
        return process(context, bArr, z, null, false, null);
    }

    public byte[] process(Context context, byte[] bArr, boolean z, byte[] bArr2, boolean z2, com.dreamsecurity.jcaos.x509.X509Certificate x509Certificate) throws Exception {
        return new AuthCore(context).processSign(this, bArr, z, bArr2, z2, x509Certificate);
    }

    public boolean tokenVerify(Context context, byte[] bArr) {
        AuthConfig authConfig = AuthDBHelper.getInstance(context).getAuthConfig();
        if (bArr == null || Auth_Verify.isUVTokenOk(authConfig, bArr)) {
            return true;
        }
        getErrorTLV((short) 2);
        return false;
    }
}
