package com.kica.android.kfido.asm;

import android.content.Context;
import android.os.Bundle;
import com.kica.android.fido.uaf.auth.assertion.RegAssertion;
import com.kica.android.fido.uaf.auth.common.AuthException;
import com.kica.android.fido.uaf.auth.common.Tags;
import com.kica.android.fido.uaf.auth.crypto.CryptoHelper;
import com.kica.android.fido.uaf.metadata.Registry;
import com.kica.android.fido.uaf.util.Base64URLHelper;
import com.kica.android.fido.uaf.util.ByteHelper;
import com.kica.android.kfido.asm.db.ASMDBHelper;
import com.kica.android.kfido.authenticator.crypto.AndroidKeyStore;
import com.kica.android.kfido.authenticator.db.AuthConfig;
import com.kica.android.kfido.authenticator.db.AuthDBHelper;
import com.kica.android.kfido.authenticator.kernel.KernelUtil;
import com.kica.android.kfido.authenticator.kfido.KCertInfo;
import com.kica.android.kfido.uaf.ext.metadata.KExtensionID;
import com.sg.openews.api.exception.SGCryptoException;
import com.sg.openews.api.exception.SGPkcs7Exception;
import com.sg.openews.api.key.impl.NPKICertificate;
import java.security.KeyPair;
import java.util.ArrayList;

/* loaded from: classes3.dex */
public class z {

    /* renamed from: a, reason: collision with root package name */
    private ArrayList<String> f21275a = null;

    private static RegAssertion a(AuthDBHelper authDBHelper, t tVar, com.kica.android.kfido.authenticator.db.b bVar, KeyPair keyPair) throws AuthException {
        m.b("KICA_ASM", "Generate regAssertion [Start]");
        RegAssertion regAssertion = new RegAssertion();
        regAssertion.setAAID(bVar.getAAID());
        regAssertion.setAuthenticatorVersion((short) 1);
        regAssertion.setAuthenticationMode(Byte.valueOf(Tags.Value_User_Explicitly_Verified));
        regAssertion.setPublicKeyAlgAndEncoding(Short.valueOf(bVar.getPublicKeyAlgandEncoding()));
        regAssertion.setSignatureAlgAndEncoding(Short.valueOf(bVar.getAuthenticationAlg()));
        regAssertion.setFinalChallenge(tVar.d());
        byte[] bArr = new byte[32];
        try {
            CryptoHelper.generateRandom(bArr);
            while (authDBHelper.isKeyIdAlreadlyExist(bVar.getAAID(), bArr)) {
                try {
                    CryptoHelper.generateRandom(bArr);
                } catch (AuthException e6) {
                    m.c("KICA_AUTH", "Failed to generate KeyId (KeyIdAlreadlyExist): " + e6.getMessage());
                    throw new AuthException("Failed to generate KeyId: " + e6.getMessage());
                }
            }
            regAssertion.setKeyId(bArr);
            regAssertion.setRegCounter(Integer.valueOf(bVar.getRegCounter()));
            regAssertion.setSignCounter(0);
            try {
                regAssertion.setPublicKey(CryptoHelper.getPublicKeyBytesfromPublicKey(keyPair.getPublic(), bVar.getPublicKeyAlgandEncoding(), bVar.getAuthenticationAlg()));
                try {
                    byte[] encode_KRD = regAssertion.encode_KRD();
                    short authenticationAlg = bVar.getAuthenticationAlg();
                    if (tVar.b().shortValue() == 15879) {
                        m.a("KICA_ASM", "Generate Tag_Attestation_Basic_Full");
                        regAssertion.setAttestationBasicFull(true);
                        regAssertion.setSignature(CryptoHelper.sign(CryptoHelper.getPrivateKeyfromBytes(bVar.getAttestPrivKey(), authenticationAlg), encode_KRD, authenticationAlg));
                        regAssertion.setCertificates(authDBHelper.getAttestationCerts(bVar.getAAID()));
                    } else {
                        regAssertion.setAttestationBasicFull(false);
                        regAssertion.setSignature(CryptoHelper.sign(keyPair.getPrivate(), encode_KRD, authenticationAlg));
                    }
                    m.b("KICA_AUTH", "Generate regAssertion [End]");
                    return regAssertion;
                } catch (AuthException e7) {
                    m.c("KICA_AUTH", "Failed to generate signatrue value: " + e7.getMessage());
                    throw new AuthException("Failed to generate signatrue value: " + e7.getMessage());
                }
            } catch (AuthException e8) {
                m.c("KICA_AUTH", "Failed to generate public key: " + e8.getMessage());
                throw new AuthException("Failed to generate public key: " + e8.getMessage());
            }
        } catch (AuthException e9) {
            m.c("KICA_AUTH", "Failed to generate KeyId: " + e9.getMessage());
            throw new AuthException("Failed to generate KeyId: " + e9.getMessage());
        }
    }

    private static void a(Context context, String str, NPKICertificate nPKICertificate) {
        try {
            AuthDBHelper authDBHelper = AuthDBHelper.getInstance(context);
            ASMDBHelper aSMDBHelper = ASMDBHelper.getInstance(context);
            String[] signCertList = aSMDBHelper.getSignCertList(str);
            if (signCertList == null) {
                return;
            }
            int i6 = 0;
            while (i6 < signCertList.length && !new NPKICertificate(Base64URLHelper.decode(signCertList[i6])).getSubjectDN().equalsIgnoreCase(nPKICertificate.getSubjectDN())) {
                i6++;
            }
            if (aSMDBHelper.getKFIDODelCert(str, signCertList[i6]) > 0) {
                m.a("KICA_AUTH", ">>> OverWrite 실행");
                String str2 = aSMDBHelper.getdeleteAAID();
                String str3 = aSMDBHelper.getdeleteKeyID();
                if (!authDBHelper.deleteKeyInfo(str2.getBytes(), Base64URLHelper.decode(str3))) {
                    m.c("KICA_AUTH", "AuthDBHelper K-FIDO의 KeyInfo 삭제에 실패함");
                } else if (!aSMDBHelper.kFIDODelASMRegisterInfo(str2, str3)) {
                    m.c("KICA_AUTH", "AsmDBHelper K-FIDO의 KeyInfo 삭제에 실패함");
                }
            }
        } catch (Exception e6) {
            m.c("KICA_AUTH", "checkOverWriteCert error: " + e6.getMessage());
        }
    }

    private static byte[] a(Context context, String str, com.kica.android.kfido.authenticator.db.b bVar) throws Exception {
        AndroidKeyStore androidKeyStore = new AndroidKeyStore(context);
        m.a("KICA_AUTH", "=====================[PRE_REG_UPPER]복호화 시작==========================");
        byte[] decryptEncryptedKeyData_M = androidKeyStore.decryptEncryptedKeyData_M(androidKeyStore.getHWAuthKey_M(str), bVar.getWrapKey(), str);
        m.a("KICA_AUTH", "=====================[PRE_REG_UPPER]복호화 끝==========================");
        m.a("KICA_AUTH", "[PreProcess] 6.0 Android Key Store를 이용하여 복호");
        return decryptEncryptedKeyData_M;
    }

    private static byte[] a(t tVar) {
        p[] h6 = tVar.h();
        if (h6 != null) {
            for (int i6 = 0; i6 < h6.length; i6++) {
                if (new String(h6[i6].c()).equalsIgnoreCase(KExtensionID.ID_KFIDO_CERTIFICATE)) {
                    return h6[i6].d();
                }
            }
        }
        return null;
    }

    private static byte[] a(com.kica.android.kfido.authenticator.kfido.d dVar, byte[] bArr) {
        StringBuilder sb;
        try {
            return new com.kica.android.kfido.authenticator.kfido.e().a(dVar.b(), dVar.c(), bArr);
        } catch (SGCryptoException e6) {
            e = e6;
            e.printStackTrace();
            sb = new StringBuilder("getSignedData error: ");
            sb.append(e.getMessage());
            m.c("KICA_AUTH", sb.toString());
            return null;
        } catch (SGPkcs7Exception e7) {
            e = e7;
            e.printStackTrace();
            sb = new StringBuilder("getSignedData error: ");
            sb.append(e.getMessage());
            m.c("KICA_AUTH", sb.toString());
            return null;
        }
    }

    private static byte[] a(short s6) {
        u uVar = new u();
        uVar.a(Short.valueOf(s6));
        try {
            return uVar.a();
        } catch (AuthException unused) {
            return null;
        }
    }

    public final Bundle a(Context context, byte[] bArr) throws Exception {
        Bundle bundle = new Bundle();
        byte[] bArr2 = null;
        try {
            t a6 = t.a(bArr);
            com.kica.android.kfido.authenticator.db.b authenticator = AuthDBHelper.getInstance(context).getAuthenticator(a6.c().byteValue());
            if (AndroidKeyStore.isHWSupported()) {
                String str = new String(authenticator.getAAID());
                if (AndroidKeyStore.isAndroid6()) {
                    try {
                        bArr2 = a(context, str, authenticator);
                    } catch (Exception e6) {
                        e6.printStackTrace();
                        m.a("KICA_AUTH", "========Catch 1) 삭제");
                        com.kica.android.kfido.asm.util.a.b(context);
                        throw new AuthException(e6.getMessage());
                    }
                }
            } else {
                bArr2 = authenticator.getWrapKey();
                m.a("KICA_AUTH", "General Decryption");
            }
            if (bArr2 != null) {
                bundle.putByteArray("regKey_WrapKey", bArr2);
            }
            byte[] a7 = a(a6);
            if (a7 != null) {
                bundle.putByteArray("regKey_KCertCMD", a7);
            }
            return bundle;
        } catch (AuthException e7) {
            a((short) 1);
            m.c("KICA_AUTH", "RegisterCmd.decode error: " + e7.getMessage());
            return null;
        }
    }

    public final ArrayList<String> a() {
        return this.f21275a;
    }

    public final byte[] a(Context context, byte[] bArr, KCertInfo kCertInfo, byte[] bArr2, byte[] bArr3) throws Exception {
        byte[] bArr4;
        short s6;
        short s7;
        m.b("KICA_AUTH", "Registration [Start]");
        try {
            t a6 = t.a(bArr);
            m.a("KICA_AUTH", "Generate RegisterCMD: " + a6.toString());
            u uVar = new u();
            AuthDBHelper authDBHelper = AuthDBHelper.getInstance(context);
            com.kica.android.kfido.authenticator.db.b authenticator = authDBHelper.getAuthenticator(a6.c().byteValue());
            if (authenticator == null) {
                byte[] a7 = a((short) 1);
                m.c("KICA_AUTH", "Auth_Register 응답 메시지(" + a6.c() + " 인증장치가 존재하지 않음)" + ByteHelper.byteArrayToHexString(a7));
                return a7;
            }
            try {
                if (!AndroidKeyStore.isHWSupported()) {
                    byte[] a8 = a((short) 1);
                    m.c("KICA_AUTH", "AndroidKeystore 를 지원하지 않는 단말.");
                    return a8;
                }
                authenticator.setWrapKey(a(context, new String(authenticator.getAAID()), authenticator));
                try {
                    authenticator.setAttestPrivKey(new KernelUtil(context).a(authDBHelper.getAttestationCerts(authenticator.getAAID())[0], authenticator.getAAID()));
                    m.a("KICA_AUTH", "Decryption by KeyStore");
                    AuthConfig authConfig = authDBHelper.getAuthConfig();
                    if (authConfig == null) {
                        byte[] a9 = a((short) 1);
                        m.c("KICA_AUTH", "Auth_Register 응답 메시지(authConfig를 조회하지 못 함): " + ByteHelper.byteArrayToHexString(a9));
                        return a9;
                    }
                    byte[] g6 = a6.g();
                    if (g6 != null && !D.a(authConfig, g6)) {
                        byte[] a10 = a((short) 2);
                        m.c("KICA_AUTH", "Auth_Register 응답 메시지(UserVerificationToken 검증에 실패함): " + ByteHelper.byteArrayToHexString(a10));
                        return a10;
                    }
                    short shortValue = a6.b().shortValue();
                    if (!(shortValue != 15879 ? shortValue == 15880 && authenticator.isAttestationSurrogate() : authenticator.isAttestationFull())) {
                        byte[] a11 = a((short) 7);
                        m.c("KICA_AUTH", "Auth_Register 응답 메시지(AttestationType이 지원되지 않음): " + ByteHelper.byteArrayToHexString(a11));
                        return a11;
                    }
                    try {
                        com.kica.android.kfido.authenticator.kfido.d kRegCert = kCertInfo.getKRegCert();
                        if (kRegCert == null) {
                            byte[] a12 = a((short) 1);
                            m.c("KICA_AUTH", "Auth_Register KFIDO 인증서 null..");
                            return a12;
                        }
                        a(context, new String(authenticator.getAAID()), kRegCert.b());
                        KeyPair a13 = kRegCert.a();
                        byte[] random = kRegCert.c().getRandom();
                        try {
                            RegAssertion a14 = a(authDBHelper, a6, authenticator, a13);
                            try {
                                kCertInfo.setEncPriKey(bArr2, bArr3, a13.getPrivate(), random);
                                m.b("KICA_AUTH", "Generate RawKeyHandle");
                                H h6 = new H();
                                h6.c(a6.e());
                                h6.e(kRegCert.e());
                                if (bArr3 != null) {
                                    h6.f(kRegCert.f());
                                }
                                h6.d(a6.f());
                                h6.b(a14.getKeyId());
                                try {
                                    m.b("KICA_AUTH", "Generate KeyHandle(Encrypted RawKeyHandle)");
                                    byte[] a15 = h6.a(authenticator.getWrapKey());
                                    uVar.a((Short) 0);
                                    uVar.a(a14);
                                    uVar.b(a15);
                                    ArrayList arrayList = new ArrayList();
                                    m.b("KICA_AUTH", "KFIDO: Extension set");
                                    try {
                                        bArr4 = a(kRegCert, a14.encode_KRD());
                                    } catch (AuthException e6) {
                                        e6.printStackTrace();
                                        bArr4 = null;
                                    }
                                    p pVar = new p();
                                    pVar.a(Registry.Tag_Critical_Extension);
                                    pVar.a(KExtensionID.ID_KFIDO_SIGNED_DATA.getBytes());
                                    pVar.b(bArr4);
                                    arrayList.add(pVar);
                                    ArrayList<byte[]> i6 = a6.i();
                                    if (i6 != null) {
                                        m.a("KICA_AUTH", ">> Generate SignedData Ext for sending to RPClient");
                                        com.kica.android.kfido.authenticator.kfido.e eVar = new com.kica.android.kfido.authenticator.kfido.e();
                                        for (int i7 = 0; i7 < i6.size(); i7++) {
                                            try {
                                                byte[] a16 = eVar.a(kRegCert.b(), kRegCert.c(), i6.get(i7));
                                                if (a16 != null) {
                                                    p pVar2 = new p();
                                                    pVar2.a(Registry.Tag_Critical_Extension);
                                                    pVar2.a(KExtensionID.ID_KFIDO_RP_SIGNED_DATA.getBytes());
                                                    pVar2.b(a16);
                                                    arrayList.add(pVar2);
                                                }
                                            } catch (SGCryptoException | SGPkcs7Exception e7) {
                                                e7.printStackTrace();
                                            }
                                        }
                                        com.kica.android.kfido.asm.util.a aVar = new com.kica.android.kfido.asm.util.a();
                                        for (int i8 = 0; i8 < i6.size(); i8++) {
                                            try {
                                                String a17 = aVar.a(kRegCert.b(), kRegCert.c(), i6.get(i8));
                                                if (a17 != null) {
                                                    if (this.f21275a == null) {
                                                        this.f21275a = new ArrayList<>();
                                                    }
                                                    this.f21275a.add(Base64URLHelper.encodeToString(a17.getBytes("UTF-8")));
                                                }
                                            } catch (Exception e8) {
                                                e8.printStackTrace();
                                            }
                                        }
                                    }
                                    byte[] encoded = kRegCert.b().getEncoded();
                                    p pVar3 = new p();
                                    pVar3.a(Registry.Tag_Critical_Extension);
                                    pVar3.a(KExtensionID.ID_KFIDO_SIGNCERT.getBytes());
                                    pVar3.b(encoded);
                                    arrayList.add(pVar3);
                                    NPKICertificate d6 = kRegCert.d();
                                    if (d6 != null) {
                                        byte[] encoded2 = d6.getEncoded();
                                        p pVar4 = new p();
                                        pVar4.a(Registry.Tag_Critical_Extension);
                                        pVar4.a(KExtensionID.ID_KFIDO_KMCERT.getBytes());
                                        pVar4.b(encoded2);
                                        arrayList.add(pVar4);
                                    }
                                    if (arrayList.size() > 0) {
                                        p[] pVarArr = new p[arrayList.size()];
                                        for (int i9 = 0; i9 < arrayList.size(); i9++) {
                                            pVarArr[i9] = (p) arrayList.get(i9);
                                        }
                                        uVar.a(pVarArr);
                                    }
                                    try {
                                        byte[] a18 = uVar.a();
                                        byte[] e9 = a6.e();
                                        byte[] keyId = a14.getKeyId();
                                        if (!authDBHelper.updateRegCounter(authenticator.getAAID(), authenticator.getRegCounter() + 1)) {
                                            m.c("KICA_AUTH", "Failed to count(regcount 1): " + authenticator.getRegCounter());
                                            s6 = 1;
                                            s7 = 0;
                                        } else {
                                            com.kica.android.kfido.authenticator.db.c cVar = new com.kica.android.kfido.authenticator.db.c();
                                            cVar.a(authenticator.getAAID());
                                            cVar.c(e9);
                                            cVar.b(keyId);
                                            cVar.a(0);
                                            s6 = 1;
                                            if (!authDBHelper.insertKeyInfo(cVar)) {
                                                m.c("KICA_AUTH", "Failed to insert keyinfo: " + cVar.toString());
                                                s7 = (short) 0;
                                            } else {
                                                s7 = 1;
                                            }
                                        }
                                        if (s7 == s6) {
                                            m.b("KICA_AUTH", "Auth Register response [end]");
                                            return a18;
                                        }
                                        byte[] a19 = a(s6);
                                        m.c("KICA_AUTH", "Auth_Register 응답 메시지(DB 정보 갱신에 실패함): " + ByteHelper.byteArrayToHexString(a19));
                                        return a19;
                                    } catch (AuthException unused) {
                                        byte[] a20 = a((short) 1);
                                        m.c("KICA_AUTH", "Auth_Register 응답 메시지(응답 TLV 생성에 실패함): " + ByteHelper.byteArrayToHexString(a20));
                                        return a20;
                                    }
                                } catch (AuthException unused2) {
                                    byte[] a21 = a((short) 1);
                                    m.c("KICA_AUTH", "Auth_Register 응답 메시지(KeyHandle 생성에 실패함): " + ByteHelper.byteArrayToHexString(a21));
                                    return a21;
                                }
                            } catch (Exception e10) {
                                e10.printStackTrace();
                                byte[] a22 = a((short) 1);
                                m.c("KICA_AUTH", "인증서 암호화 하는 도중에 오류 발생: " + ByteHelper.byteArrayToHexString(a22));
                                return a22;
                            }
                        } catch (AuthException unused3) {
                            byte[] a23 = a((short) 1);
                            m.c("KICA_AUTH", "Auth_Register 응답 메시지(등록 assertion 생성에 실패함): " + ByteHelper.byteArrayToHexString(a23));
                            return a23;
                        }
                    } catch (Exception unused4) {
                        byte[] a24 = a((short) 1);
                        m.c("KICA_AUTH", "Auth_Register 응답 메시지(키 쌍 생성에 실패함): " + ByteHelper.byteArrayToHexString(a24));
                        return a24;
                    }
                } catch (Exception unused5) {
                    byte[] a25 = a((short) 1);
                    m.c("KICA_AUTH", "Auth_Register 응답 메시지(Attestation Private Key를 복호화하는데 실패함): " + ByteHelper.byteArrayToHexString(a25));
                    return a25;
                }
            } catch (Exception unused6) {
                throw new Exception("ErrorKeyStore");
            }
        } catch (AuthException e11) {
            m.c("KICA_AUTH", "Generate RegisterCMD error: " + e11.getMessage());
            return a((short) 1);
        }
    }
}
