package com.noknok.android.client.asm.authenticator;

import android.annotation.SuppressLint;
import android.annotation.TargetApi;
import android.content.Context;
import android.hardware.fingerprint.FingerprintManager;
import android.os.Build;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.UserNotAuthenticatedException;
import coil.decode.r;
import com.noknok.android.client.asm.api.AsmException;
import com.noknok.android.client.asm.authenticator.KSUtils;
import com.noknok.android.client.asm.authenticator.matcherparams.KSMatcherInParams;
import com.noknok.android.client.asm.authenticator.matcherparams.KSMatcherOutParams;
import com.noknok.android.client.asm.core.ICryptoLayer;
import com.noknok.android.client.asm.sdk.IAuthenticatorDescriptor;
import com.noknok.android.client.asm.sdk.IAuthenticatorKernel;
import com.noknok.android.client.asm.sdk.IMatcher;
import com.noknok.android.client.utils.Charsets;
import com.noknok.android.client.utils.Logger;
import com.noknok.android.client.utils.Outcome;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.UnrecoverableEntryException;
import java.util.Arrays;
import java.util.Map;

/* loaded from: classes4.dex */
public class KsUafCryptoLayer implements ICryptoLayer {
    private static final String TAG = "KsUafCryptoLayer";

    /* renamed from: a, reason: collision with root package name */
    public static final /* synthetic */ int f26467a = 0;

    /* renamed from: sr, reason: collision with root package name */
    private static SecureRandom f26468sr;
    private final KSUtils.AkMode mAkMode;
    private final Context mContext;
    private final KsLabel mLabel;
    private final IMatcher mMatcher;
    public int statusCode = 0;

    /* renamed from: com.noknok.android.client.asm.authenticator.KsUafCryptoLayer$1, reason: invalid class name */
    /* loaded from: classes4.dex */
    public class AnonymousClass1 extends FingerprintManager.AuthenticationCallback {
    }

    public KsUafCryptoLayer(Context context, IMatcher iMatcher, KSUtils.AkMode akMode, IAuthenticatorDescriptor.AAIDInfo aAIDInfo) {
        this.mContext = context;
        this.mMatcher = iMatcher;
        this.mAkMode = akMode;
        this.mLabel = KsLabel.byName(aAIDInfo.label);
        synchronized (KsUafCryptoLayer.class) {
            if (f26468sr == null) {
                try {
                    f26468sr = SecureRandom.getInstanceStrong();
                } catch (NoSuchAlgorithmException e11) {
                    Logger.e(TAG, "Error during getting the SecureRandom instance. The old mechanism will be used", e11);
                    f26468sr = new SecureRandom();
                }
            }
        }
        if (!this.mLabel.isSupported(this.mContext)) {
            throw new IllegalArgumentException(String.format("Unsupported label %s", aAIDInfo.label));
        }
    }

    private ICryptoLayer.OutParams performMatcherOperation(Signature signature, boolean z11, Map<IAuthenticatorKernel.AKDataKeys, Object> map) {
        if (map == null) {
            throw new AsmException(Outcome.FAILURE, "Additional parameters for the request is null.");
        }
        if (this.mMatcher == null) {
            throw new AsmException(Outcome.FAILURE, "Matcher object is null.");
        }
        try {
            IMatcher.MatcherInParams matcherInParams = (IMatcher.MatcherInParams) map.get(IAuthenticatorKernel.AKDataKeys.MATCHER_IN_PARAMS);
            if (matcherInParams == null) {
                throw new AsmException(Outcome.FAILURE, "MatcherInParams is null.");
            }
            if (this.mAkMode == KSUtils.AkMode.FP) {
                matcherInParams = new KSMatcherInParams().setCustomUI(matcherInParams.getCustomUI()).setAntihammeringCallback(matcherInParams.getAntiHammeringCallback()).setFinalChallenge(matcherInParams.getFinalChallenge()).setTransText(matcherInParams.getTransText()).setSignatureObject(signature).setCallerActivity(matcherInParams.getCallerActivityProxy()).setExtensions(matcherInParams.getExtensions());
            }
            ICryptoLayer.OutParams outParams = z11 ? (ICryptoLayer.OutParams) this.mMatcher.register(matcherInParams) : (ICryptoLayer.OutParams) this.mMatcher.authenticate(matcherInParams);
            Outcome fromResult = IMatcher.RESULT.fromResult(outParams.getMatchResult());
            if (fromResult == Outcome.SUCCESS) {
                return outParams;
            }
            throw new AsmException(fromResult);
        } catch (ClassCastException e11) {
            throw new AsmException(Outcome.FAILURE, "MatcherInParams class is incorrect.", e11);
        }
    }

    public static byte[] unwrapObjectStatic(byte[] bArr) {
        byte b11 = bArr[0];
        return b11 == -127 ? Arrays.copyOfRange(bArr, 1, bArr.length) : b11 == Byte.MIN_VALUE ? KSUtils.unwrapObject(bArr) : bArr;
    }

    public static byte[] wrapObjectStatic(byte[] bArr) {
        return KSUtils.wrapObject(bArr);
    }

    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    public byte[] exportPublicKey(byte[] bArr) {
        String str = TAG;
        Logger.i(str, "Export public key");
        this.statusCode = 0;
        byte[] exportPublicKey = KSUtils.exportPublicKey(bArr);
        if (exportPublicKey == null) {
            this.statusCode = 1;
        }
        Logger.i(str, "Key export completed");
        return exportPublicKey;
    }

    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    @SuppressLint({"MissingPermission"})
    @TargetApi(28)
    public byte[] generateKey(Map<IAuthenticatorKernel.AKDataKeys, Object> map) {
        String str;
        KSUtils.AkMode akMode = KSUtils.AkMode.KS;
        try {
            Logger.i(TAG, "Begin key generation");
            byte[] bArr = (byte[]) map.get(IAuthenticatorKernel.AKDataKeys.KSATTESTATIONCHALLENGE);
            int i11 = 0;
            while (true) {
                if (i11 >= 2) {
                    break;
                }
                try {
                    IAuthenticatorKernel.AKDataKeys aKDataKeys = IAuthenticatorKernel.AKDataKeys.AUTH_VALIDITY_DURATION;
                    str = KSUtils.generateKeyStoreKeyPair(this.mContext, this.mLabel, this.mAkMode, bArr, map.containsKey(aKDataKeys) ? ((Integer) map.get(aKDataKeys)).intValue() : 0);
                    break;
                } catch (ProviderException e11) {
                    if (Build.VERSION.SDK_INT >= 28 && r.j(e11)) {
                        Logger.w(TAG, "StrongBox KeyMaster is not available", e11);
                        break;
                    }
                    String str2 = TAG;
                    Logger.e(str2, "Problem during key generation", e11);
                    if (!e11.getMessage().contains("attestation")) {
                        break;
                    }
                    Logger.e(str2, "Do key generation without attestation");
                    i11++;
                    bArr = null;
                }
            }
            str = null;
            if (str == null) {
                Logger.e(TAG, "Key generation failed");
                this.statusCode = Outcome.FAILURE.getCalErrorCode();
                return null;
            }
            byte[] bytes = str.getBytes(Charsets.utf8Charset);
            ByteBuffer allocate = ByteBuffer.allocate(bytes.length + 3);
            allocate.order(ByteOrder.LITTLE_ENDIAN);
            allocate.putShort((short) (bytes.length + 1));
            allocate.put(bytes);
            this.statusCode = Outcome.SUCCESS.getCalErrorCode();
            Logger.i(TAG, "End key generation");
            return allocate.array();
        } catch (AsmException e12) {
            this.statusCode = e12.error().getCalErrorCode();
            return null;
        }
    }

    public byte getInfo() {
        Logger.i(TAG, String.format("Selected algorithm type is: %s", getLabel()));
        return this.mLabel.getAlg().getCalId();
    }

    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    public String getLabel() {
        return this.mLabel.name();
    }

    public byte[] hashData(byte[] bArr) {
        byte[] bArr2 = new byte[0];
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException unused) {
            Logger.i(TAG, "SHA-256 algorithm does not support");
            return bArr2;
        }
    }

    public byte[] randGen(byte[] bArr) {
        synchronized (KsUafCryptoLayer.class) {
            f26468sr.nextBytes(bArr);
        }
        return bArr;
    }

    public void randSeed(byte[] bArr) {
        synchronized (KsUafCryptoLayer.class) {
            f26468sr.setSeed(bArr);
        }
    }

    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    public void removeKey(byte[] bArr) {
        Logger.i(TAG, "Removing the key from the CryptoProvider store");
        KSUtils.removeKey(new String(bArr, Charsets.utf8Charset));
        this.statusCode = 0;
    }

    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    public byte[] signData(byte[] bArr, byte[] bArr2, Map<IAuthenticatorKernel.AKDataKeys, Object> map, Signature signature) {
        this.statusCode = Outcome.SUCCESS.getCalErrorCode();
        if (bArr2 == null) {
            return ByteBuffer.allocate(this.mLabel.getAlg().getSignatureSize()).array();
        }
        String str = TAG;
        Logger.i(str, "Begin Sign command");
        if (bArr == null) {
            Logger.e(str, "No key handle for signing");
            this.statusCode = Outcome.FAILURE.getCalErrorCode();
            return null;
        }
        String str2 = new String(bArr, Charsets.utf8Charset);
        try {
            if (signature == null) {
                try {
                    signature = KSUtils.initSignature(this.mLabel, str2);
                } catch (InvalidKeyException e11) {
                    Logger.w(TAG, "Signing has failed", e11);
                    this.statusCode = Outcome.CMD_NOT_SUPPORTED.getCalErrorCode();
                    if (e11 instanceof KeyPermanentlyInvalidatedException) {
                        this.statusCode = Outcome.KEY_DISAPPEARED_PERMANENTLY.getCalErrorCode();
                    }
                    return null;
                } catch (UnrecoverableEntryException unused) {
                    this.statusCode = Outcome.KEY_DISAPPEARED_PERMANENTLY.getCalErrorCode();
                    return null;
                }
            }
            byte[] signData = KSUtils.signData(signature, this.mLabel, bArr2);
            if (signData == null) {
                Logger.e(str, "Data Signing call to KeyStoreCallback failed");
                this.statusCode = Outcome.FAILURE.getCalErrorCode();
                return null;
            }
            if (map.get(IAuthenticatorKernel.AKDataKeys.KSATTESTATIONCHALLENGE) != null) {
                map.put(IAuthenticatorKernel.AKDataKeys.KSATTESTATIONX509, KSUtils.getAttestationChain(str2));
            }
            Logger.i(str, "Sign Command completed");
            return signData;
        } catch (IllegalArgumentException unused2) {
            Logger.e(TAG, "Data Signing call to KeyStoreCallback failed. Invalid KeyHandle");
            this.statusCode = Outcome.CMD_NOT_SUPPORTED.getCalErrorCode();
            return null;
        }
    }

    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    public int unwrapGetLength(int i11, byte b11) {
        return b11 == -127 ? i11 - 1 : b11 == Byte.MIN_VALUE ? i11 - 13 : i11;
    }

    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    public byte[] unwrapObject(byte[] bArr) {
        return unwrapObjectStatic(bArr);
    }

    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    public ICryptoLayer.OutParams verifyUser(byte[] bArr, boolean z11, Map<IAuthenticatorKernel.AKDataKeys, Object> map) {
        Signature signature;
        Logger.i(TAG, "Begin verifyUser command");
        try {
            try {
                IAuthenticatorKernel.AKDataKeys aKDataKeys = IAuthenticatorKernel.AKDataKeys.AUTH_FP_SILENTLY;
                boolean booleanValue = map.containsKey(aKDataKeys) ? ((Boolean) map.get(aKDataKeys)).booleanValue() : false;
                if (this.mAkMode == KSUtils.AkMode.FP && !booleanValue) {
                    if (bArr == null) {
                        throw new AsmException(Outcome.PARAMS_INVALID, "No key handle for signing");
                    }
                    try {
                        signature = KSUtils.initSignature(this.mLabel, new String(bArr, Charsets.utf8Charset));
                    } catch (InvalidKeyException e11) {
                        if (!(e11 instanceof UserNotAuthenticatedException)) {
                            throw e11;
                        }
                    }
                    ICryptoLayer.OutParams performMatcherOperation = (this.mAkMode == KSUtils.AkMode.FP || !booleanValue) ? performMatcherOperation(signature, z11, map) : new KSMatcherOutParams.KSMatcherOutParamsBuilder().setMatchResult(IMatcher.RESULT.SUCCESS).createKSMatcherOutParams(this.mContext);
                    this.statusCode = Outcome.SUCCESS.getCalErrorCode();
                    Logger.i(TAG, "End verifyUser command");
                    return performMatcherOperation;
                }
                signature = null;
                if (this.mAkMode == KSUtils.AkMode.FP) {
                }
                this.statusCode = Outcome.SUCCESS.getCalErrorCode();
                Logger.i(TAG, "End verifyUser command");
                return performMatcherOperation;
            } catch (InvalidKeyException e12) {
                Logger.w(TAG, "verifyUser has failed", e12);
                this.statusCode = Outcome.FAILURE.getCalErrorCode();
                if (e12 instanceof KeyPermanentlyInvalidatedException) {
                    this.statusCode = Outcome.KEY_DISAPPEARED_PERMANENTLY.getCalErrorCode();
                }
                return null;
            }
        } catch (AsmException e13) {
            if (e13.error() == Outcome.CANCELED || e13.error() == Outcome.SYSTEM_CANCELED) {
                Logger.i(TAG, "verifyUser has been canceled by user or system");
            } else {
                Logger.e(TAG, "verifyUser has failed", e13);
            }
            this.statusCode = e13.error().getCalErrorCode();
            return null;
        } catch (UnrecoverableEntryException e14) {
            Logger.e(TAG, "verifyUser has failed", e14);
            this.statusCode = Outcome.KEY_DISAPPEARED_PERMANENTLY.getCalErrorCode();
            return null;
        }
    }

    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    public int wrapGetLength(int i11) {
        return i11 + 29;
    }

    @Override // com.noknok.android.client.asm.core.ICryptoLayer
    public byte[] wrapObject(byte[] bArr) {
        return wrapObjectStatic(bArr);
    }
}
