package com.noknok.android.client.asm.authenticator;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.UserNotAuthenticatedException;
import com.noknok.android.client.asm.api.AsmException;
import com.noknok.android.client.asm.authenticator.KSUtils;
import com.noknok.android.client.asm.authenticator.matcherparams.KSMatcherInParams;
import com.noknok.android.client.asm.authenticator.matcherparams.KSMatcherOutParams;
import com.noknok.android.client.asm.core.ICryptoLayer;
import com.noknok.android.client.asm.sdk.IAuthenticatorDescriptor;
import com.noknok.android.client.asm.sdk.IAuthenticatorKernel;
import com.noknok.android.client.asm.sdk.IMatcher;
import com.noknok.android.client.utils.Charsets;
import com.noknok.android.client.utils.Logger;
import com.noknok.android.client.utils.Outcome;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableEntryException;
import java.util.Arrays;
import java.util.Map;

/* loaded from: classes4.dex */
public class KsUafCryptoLayer implements ICryptoLayer {
    private static final String TAG = "KsUafCryptoLayer";

    /* renamed from: a, reason: collision with root package name */
    public static final /* synthetic */ int f4998a = 0;
    private static SecureRandom sr;
    private final KSUtils.AkMode mAkMode;
    private final Context mContext;
    private final KsLabel mLabel;
    private final IMatcher mMatcher;
    public int statusCode = 0;

    public KsUafCryptoLayer(Context context, IMatcher iMatcher, KSUtils.AkMode akMode, IAuthenticatorDescriptor.AAIDInfo aAIDInfo) {
        SecureRandom instanceStrong;
        this.mContext = context;
        this.mMatcher = iMatcher;
        this.mAkMode = akMode;
        this.mLabel = KsLabel.byName(aAIDInfo.label);
        synchronized (KsUafCryptoLayer.class) {
            if (sr == null) {
                if (Build.VERSION.SDK_INT >= 26) {
                    try {
                        instanceStrong = SecureRandom.getInstanceStrong();
                        sr = instanceStrong;
                    } catch (NoSuchAlgorithmException e) {
                        Logger.e(TAG, "Error during getting the SecureRandom instance. The old mechanism will be used", e);
                        sr = new SecureRandom();
                    }
                } else {
                    sr = new SecureRandom();
                }
            }
        }
        if (!this.mLabel.isSupported(this.mContext)) {
            throw new IllegalArgumentException(String.format("Unsupported label %s", aAIDInfo.label));
        }
    }

    private ICryptoLayer.OutParams performMatcherOperation(Signature signature, boolean z, Map<IAuthenticatorKernel.AKDataKeys, Object> map) {
        if (map == null) {
            throw new AsmException(Outcome.FAILURE, "Additional parameters for the request is null.");
        }
        if (this.mMatcher == null) {
            throw new AsmException(Outcome.FAILURE, "Matcher object is null.");
        }
        try {
            IMatcher.MatcherInParams matcherInParams = (IMatcher.MatcherInParams) map.get(IAuthenticatorKernel.AKDataKeys.MATCHER_IN_PARAMS);
            if (matcherInParams == null) {
                throw new AsmException(Outcome.FAILURE, "MatcherInParams is null.");
            }
            if (this.mAkMode == KSUtils.AkMode.FP) {
                matcherInParams = new KSMatcherInParams().setCustomUI(matcherInParams.getCustomUI()).setAntihammeringCallback(matcherInParams.getAntiHammeringCallback()).setFinalChallenge(matcherInParams.getFinalChallenge()).setTransText(matcherInParams.getTransText()).setSignatureObject(signature).setCallerActivity(matcherInParams.getCallerActivity()).setExtensions(matcherInParams.getExtensions());
            }
            ICryptoLayer.OutParams outParams = z ? (ICryptoLayer.OutParams) this.mMatcher.register(matcherInParams) : (ICryptoLayer.OutParams) this.mMatcher.authenticate(matcherInParams);
            Outcome fromResult = IMatcher.RESULT.fromResult(outParams.getMatchResult());
            if (fromResult == Outcome.SUCCESS) {
                return outParams;
            }
            throw new AsmException(fromResult);
        } catch (ClassCastException e) {
            throw new AsmException(Outcome.FAILURE, "MatcherInParams class is incorrect.", e);
        }
    }

    public static byte[] unwrapObjectStatic(byte[] bArr) {
        byte b = bArr[0];
        return b == -127 ? Arrays.copyOfRange(bArr, 1, bArr.length) : b == Byte.MIN_VALUE ? KSUtils.unwrapObject(bArr) : bArr;
    }

    public static byte[] wrapObjectStatic(byte[] bArr) {
        return KSUtils.wrapObject(bArr);
    }

    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    public byte[] exportPublicKey(byte[] bArr) {
        try {
            String str = TAG;
            Logger.i(str, "Export public key");
            this.statusCode = 0;
            byte[] exportPublicKey = KSUtils.exportPublicKey(bArr);
            if (exportPublicKey == null) {
                this.statusCode = 1;
            }
            Logger.i(str, "Key export completed");
            return exportPublicKey;
        } catch (Exception e) {
            Logger.e(TAG, "Failed to retrieve public key for the given UUID", e);
            this.statusCode = Outcome.FAILURE.getCalErrorCode();
            return null;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:24:0x009e A[Catch: Exception -> 0x00dd, AsmException -> 0x00ec, TryCatch #4 {AsmException -> 0x00ec, Exception -> 0x00dd, blocks: (B:12:0x0037, B:17:0x004b, B:19:0x0053, B:20:0x005f, B:24:0x009e, B:27:0x00ac, B:31:0x006b, B:33:0x0071, B:36:0x0077, B:38:0x007f, B:40:0x0092), top: B:11:0x0037, inners: #3 }] */
    /* JADX WARN: Removed duplicated region for block: B:27:0x00ac A[Catch: Exception -> 0x00dd, AsmException -> 0x00ec, TRY_LEAVE, TryCatch #4 {AsmException -> 0x00ec, Exception -> 0x00dd, blocks: (B:12:0x0037, B:17:0x004b, B:19:0x0053, B:20:0x005f, B:24:0x009e, B:27:0x00ac, B:31:0x006b, B:33:0x0071, B:36:0x0077, B:38:0x007f, B:40:0x0092), top: B:11:0x0037, inners: #3 }] */
    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    @android.annotation.SuppressLint({"MissingPermission"})
    @android.annotation.TargetApi(28)
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public byte[] generateKey(java.util.Map<com.noknok.android.client.asm.sdk.IAuthenticatorKernel.AKDataKeys, java.lang.Object> r11) {
        /*
            Method dump skipped, instructions count: 248
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.noknok.android.client.asm.authenticator.KsUafCryptoLayer.generateKey(java.util.Map):byte[]");
    }

    public byte getInfo() {
        Logger.i(TAG, String.format("Selected algorithm type is: %s", getLabel()));
        return this.mLabel.getAlg().getCalId();
    }

    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    public String getLabel() {
        return this.mLabel.name();
    }

    public byte[] hashData(byte[] bArr) {
        byte[] bArr2 = new byte[0];
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException unused) {
            Logger.i(TAG, "SHA-256 algorithm does not support");
            return bArr2;
        }
    }

    public byte[] randGen(byte[] bArr) {
        synchronized (KsUafCryptoLayer.class) {
            sr.nextBytes(bArr);
        }
        return bArr;
    }

    public void randSeed(byte[] bArr) {
        synchronized (KsUafCryptoLayer.class) {
            sr.setSeed(bArr);
        }
    }

    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    public void removeKey(byte[] bArr) {
        try {
            Logger.i(TAG, "Removing the key from the CryptoProvider store");
            KSUtils.removeKey(new String(bArr, Charsets.utf8Charset));
            this.statusCode = 0;
        } catch (Exception e) {
            Logger.e(TAG, "Key removing failed", e);
            this.statusCode = Outcome.FAILURE.getCalErrorCode();
        }
    }

    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    public byte[] signData(byte[] bArr, byte[] bArr2, Map<IAuthenticatorKernel.AKDataKeys, Object> map, Signature signature) {
        this.statusCode = Outcome.SUCCESS.getCalErrorCode();
        if (bArr2 == null) {
            return ByteBuffer.allocate(this.mLabel.getAlg().getSignatureSize()).array();
        }
        String str = TAG;
        Logger.i(str, "Begin Sign command");
        if (bArr == null) {
            Logger.e(str, "No key handle for signing");
            this.statusCode = Outcome.FAILURE.getCalErrorCode();
            return null;
        }
        String str2 = new String(bArr, Charsets.utf8Charset);
        if (signature == null) {
            try {
                try {
                    signature = KSUtils.initSignature(this.mLabel, str2);
                } catch (InvalidKeyException e) {
                    Logger.w(TAG, "Signing has failed", e);
                    this.statusCode = Outcome.CMD_NOT_SUPPORTED.getCalErrorCode();
                    if (e instanceof KeyPermanentlyInvalidatedException) {
                        this.statusCode = Outcome.KEY_DISAPPEARED_PERMANENTLY.getCalErrorCode();
                    }
                    return null;
                } catch (UnrecoverableEntryException unused) {
                    this.statusCode = Outcome.KEY_DISAPPEARED_PERMANENTLY.getCalErrorCode();
                    return null;
                }
            } catch (IllegalArgumentException unused2) {
                Logger.e(TAG, "Data Signing call to KeyStoreCallback failed. Invalid KeyHandle");
                this.statusCode = Outcome.CMD_NOT_SUPPORTED.getCalErrorCode();
                return null;
            } catch (Exception e2) {
                Logger.e(TAG, "Data Signing failed", e2);
                return null;
            }
        }
        byte[] signData = KSUtils.signData(signature, this.mLabel, bArr2);
        if (signData == null) {
            Logger.e(str, "Data Signing call to KeyStoreCallback failed");
            this.statusCode = Outcome.FAILURE.getCalErrorCode();
            return null;
        }
        if (map.get(IAuthenticatorKernel.AKDataKeys.KSATTESTATIONCHALLENGE) != null) {
            map.put(IAuthenticatorKernel.AKDataKeys.KSATTESTATIONX509, KSUtils.getAttestationChain(str2));
        }
        Logger.i(str, "Sign Command completed");
        return signData;
    }

    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    public int unwrapGetLength(int i, byte b) {
        return b == -127 ? i - 1 : b == Byte.MIN_VALUE ? (i - 1) - 12 : i;
    }

    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    public byte[] unwrapObject(byte[] bArr) {
        try {
            return unwrapObjectStatic(bArr);
        } catch (Exception e) {
            Logger.e(TAG, "unwrapObject failed", e);
            return null;
        }
    }

    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    public ICryptoLayer.OutParams verifyUser(byte[] bArr, boolean z, Map<IAuthenticatorKernel.AKDataKeys, Object> map) {
        Signature signature;
        Logger.i(TAG, "Begin verifyUser command");
        try {
            try {
                IAuthenticatorKernel.AKDataKeys aKDataKeys = IAuthenticatorKernel.AKDataKeys.AUTH_FP_SILENTLY;
                boolean booleanValue = map.containsKey(aKDataKeys) ? ((Boolean) map.get(aKDataKeys)).booleanValue() : false;
                if (this.mAkMode == KSUtils.AkMode.FP && !booleanValue) {
                    if (bArr == null) {
                        throw new AsmException(Outcome.PARAMS_INVALID, "No key handle for signing");
                    }
                    try {
                        signature = KSUtils.initSignature(this.mLabel, new String(bArr, Charsets.utf8Charset));
                    } catch (InvalidKeyException e) {
                        if (!(e instanceof UserNotAuthenticatedException)) {
                            throw e;
                        }
                    }
                    ICryptoLayer.OutParams performMatcherOperation = (this.mAkMode == KSUtils.AkMode.FP || !booleanValue) ? performMatcherOperation(signature, z, map) : new KSMatcherOutParams.KSMatcherOutParamsBuilder().setMatchResult(IMatcher.RESULT.SUCCESS).createKSMatcherOutParams(this.mContext);
                    this.statusCode = Outcome.SUCCESS.getCalErrorCode();
                    Logger.i(TAG, "End verifyUser command");
                    return performMatcherOperation;
                }
                signature = null;
                if (this.mAkMode == KSUtils.AkMode.FP) {
                }
                this.statusCode = Outcome.SUCCESS.getCalErrorCode();
                Logger.i(TAG, "End verifyUser command");
                return performMatcherOperation;
            } catch (InvalidKeyException e2) {
                Logger.w(TAG, "verifyUser has failed", e2);
                this.statusCode = Outcome.FAILURE.getCalErrorCode();
                if (e2 instanceof KeyPermanentlyInvalidatedException) {
                    this.statusCode = Outcome.KEY_DISAPPEARED_PERMANENTLY.getCalErrorCode();
                }
                return null;
            }
        } catch (AsmException e3) {
            if (e3.error() == Outcome.CANCELED || e3.error() == Outcome.SYSTEM_CANCELED) {
                Logger.i(TAG, "verifyUser has been canceled by user or system");
            } else {
                Logger.e(TAG, "verifyUser has failed", e3);
            }
            this.statusCode = e3.error().getCalErrorCode();
            return null;
        } catch (UnrecoverableEntryException e4) {
            Logger.e(TAG, "verifyUser has failed", e4);
            this.statusCode = Outcome.KEY_DISAPPEARED_PERMANENTLY.getCalErrorCode();
            return null;
        } catch (Exception e5) {
            Logger.e(TAG, "verifyUser has failed", e5);
            this.statusCode = Outcome.FAILURE.getCalErrorCode();
            return null;
        }
    }

    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    public int wrapGetLength(int i) {
        return i + 16 + 13;
    }

    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    public byte[] wrapObject(byte[] bArr) {
        try {
            return wrapObjectStatic(bArr);
        } catch (Exception e) {
            Logger.e(TAG, "wrapObject failed", e);
            return null;
        }
    }
}
