package com.noknok.android.client.asm.authenticator;

import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.os.Looper;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.support.v4.media.a;
import android.util.Base64;
import com.noknok.android.client.asm.api.AsmException;
import com.noknok.android.client.asm.api.uaf.json.UAFPublicKeyFormat;
import com.noknok.android.client.utils.AppSDKConfig;
import com.noknok.android.client.utils.Charsets;
import com.noknok.android.client.utils.Logger;
import com.noknok.android.client.utils.Outcome;
import com.noknok.android.client.utils.TypeConverter;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.Objects;
import java.util.UUID;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.security.auth.x500.X500Principal;
import org.json.JSONArray;

/* loaded from: classes2.dex */
public class KSUtils {
    public static final int GCM_NONCE_LENGTH = 12;
    public static final int GCM_TAG_LENGTH = 16;
    public static final byte PLAIN_BUFFER = -127;
    public static final byte WRAPPED_BUFFER = Byte.MIN_VALUE;

    /* renamed from: a, reason: collision with root package name */
    public static final String f13703a = "KSUtils";

    /* renamed from: b, reason: collision with root package name */
    public static SecretKey f13704b;

    /* renamed from: com.noknok.android.client.asm.authenticator.KSUtils$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f13705a;

        static {
            int[] iArr = new int[Alg.values().length];
            f13705a = iArr;
            try {
                iArr[Alg.EC.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f13705a[Alg.RSA.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* loaded from: classes2.dex */
    public enum AkMode {
        KS,
        FP,
        KG
    }

    /* JADX WARN: Enum visitor error
    jadx.core.utils.exceptions.JadxRuntimeException: Init of enum field 'EC' uses external variables
    	at jadx.core.dex.visitors.EnumVisitor.createEnumFieldByConstructor(EnumVisitor.java:451)
    	at jadx.core.dex.visitors.EnumVisitor.processEnumFieldByRegister(EnumVisitor.java:395)
    	at jadx.core.dex.visitors.EnumVisitor.extractEnumFieldsFromFilledArray(EnumVisitor.java:324)
    	at jadx.core.dex.visitors.EnumVisitor.extractEnumFieldsFromInsn(EnumVisitor.java:262)
    	at jadx.core.dex.visitors.EnumVisitor.convertToEnum(EnumVisitor.java:151)
    	at jadx.core.dex.visitors.EnumVisitor.visit(EnumVisitor.java:100)
     */
    /* JADX WARN: Failed to restore enum class, 'enum' modifier and super class removed */
    /* loaded from: classes2.dex */
    public static final class Alg {
        public static final Alg EC;
        public static final Alg RSA;

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ Alg[] f13707a;

        /* renamed from: b, reason: collision with root package name */
        public final Descriptor f13708b;

        /* loaded from: classes2.dex */
        public static class Descriptor {

            /* renamed from: a, reason: collision with root package name */
            public String f13709a;

            /* renamed from: b, reason: collision with root package name */
            public String f13710b;

            /* renamed from: c, reason: collision with root package name */
            public short f13711c;

            /* renamed from: d, reason: collision with root package name */
            public short f13712d;

            /* renamed from: e, reason: collision with root package name */
            public byte f13713e;

            public Descriptor() {
            }

            public /* synthetic */ Descriptor(AnonymousClass1 anonymousClass1) {
            }

            public Descriptor a(byte b11) {
                this.f13713e = b11;
                return this;
            }

            public Descriptor a(String str) {
                this.f13709a = str;
                return this;
            }

            public Descriptor a(short s11) {
                this.f13711c = s11;
                return this;
            }

            public Descriptor b(String str) {
                this.f13710b = str;
                return this;
            }

            public Descriptor b(short s11) {
                this.f13712d = s11;
                return this;
            }
        }

        static {
            AnonymousClass1 anonymousClass1 = null;
            Alg alg = new Alg("EC", 0, new Descriptor(anonymousClass1).a("EC").b("SHA256withECDSA").a((short) 32).b((short) 64).a((byte) 1));
            EC = alg;
            Alg alg2 = new Alg("RSA", 1, new Descriptor(anonymousClass1).a("RSA").b("SHA256withRSA").a(UAFPublicKeyFormat.UAF_ALG_KEY_ECC_X962_RAW).b(UAFPublicKeyFormat.UAF_ALG_KEY_ECC_X962_RAW).a((byte) 2));
            RSA = alg2;
            f13707a = new Alg[]{alg, alg2};
        }

        public Alg(String str, int i11, Descriptor descriptor) {
            this.f13708b = descriptor;
        }

        public static Alg valueOf(String str) {
            return (Alg) Enum.valueOf(Alg.class, str);
        }

        public static Alg[] values() {
            return (Alg[]) f13707a.clone();
        }

        public short a() {
            return this.f13708b.f13711c;
        }

        public String b() {
            return this.f13708b.f13710b;
        }

        public byte getCalId() {
            return this.f13708b.f13713e;
        }

        public String getKeyAlg() {
            return this.f13708b.f13709a;
        }

        public short getSignatureSize() {
            return this.f13708b.f13712d;
        }
    }

    /* loaded from: classes2.dex */
    public enum Storage {
        Software,
        Hardware,
        SecureElement
    }

    @TargetApi(23)
    public static SecretKey a() {
        Logger.i(f13703a, "getCryptoKey");
        SecretKey secretKey = f13704b;
        if (secretKey != null) {
            return secretKey;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore.getEntry("CalKsCryptoKey", null);
            if (secretKeyEntry != null) {
                f13704b = secretKeyEntry.getSecretKey();
            } else {
                KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder("CalKsCryptoKey", 3);
                builder.setBlockModes("GCM");
                builder.setEncryptionPaddings("NoPadding");
                builder.setKeySize(256);
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                keyGenerator.init(builder.build());
                f13704b = keyGenerator.generateKey();
            }
            return f13704b;
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableEntryException | CertificateException e11) {
            Logger.e(f13703a, "Failed to get the crypto key", e11);
            return null;
        }
    }

    public static byte[] a(byte[] bArr) {
        Alg alg = Alg.EC;
        int a11 = alg.a();
        byte[] bArr2 = new byte[a11];
        Arrays.fill(bArr2, (byte) 0);
        if (bArr.length > alg.a()) {
            System.arraycopy(bArr, 1, bArr2, 0, a11);
        } else {
            System.arraycopy(bArr, 0, bArr2, a11 - bArr.length, bArr.length);
        }
        return bArr2;
    }

    public static byte[] exportPublicKey(byte[] bArr) {
        if (bArr == null) {
            Logger.e(f13703a, "KSCallback: Invalid parameters, keyHandle is null");
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            PublicKey publicKey = keyStore.getCertificate(new String(bArr, Charsets.utf8Charset)).getPublicKey();
            String algorithm = publicKey.getAlgorithm();
            String str = f13703a;
            Logger.i(str, "Exporting public key for " + algorithm);
            Objects.requireNonNull(algorithm);
            if (algorithm.equals("RSA")) {
                RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
                byte[] byteArray = rSAPublicKey.getModulus().toByteArray();
                byte[] byteArray2 = rSAPublicKey.getPublicExponent().toByteArray();
                short a11 = Alg.RSA.a();
                ByteBuffer allocate = ByteBuffer.allocate(byteArray2.length + a11);
                allocate.order(ByteOrder.LITTLE_ENDIAN);
                allocate.put(byteArray, byteArray.length - a11, a11);
                allocate.put(byteArray2);
                return allocate.array();
            }
            if (!algorithm.equals("EC")) {
                Logger.e(str, "Unsupported key algorithm: " + algorithm);
                return null;
            }
            ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
            byte[] byteArray3 = eCPublicKey.getW().getAffineX().toByteArray();
            byte[] byteArray4 = eCPublicKey.getW().getAffineY().toByteArray();
            Alg alg = Alg.EC;
            ByteBuffer allocate2 = ByteBuffer.allocate((alg.a() * 2) + 1);
            allocate2.order(ByteOrder.LITTLE_ENDIAN);
            allocate2.put((byte) 4);
            if (byteArray3.length > alg.a() + 1) {
                Logger.e(str, "Export EC public key failed: Incorrect length of x");
                return null;
            }
            allocate2.put(a(byteArray3));
            if (byteArray4.length > alg.a() + 1) {
                Logger.e(str, "Export EC public key failed: Incorrect length of y");
                return null;
            }
            allocate2.put(a(byteArray4));
            return allocate2.array();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e11) {
            Logger.e(f13703a, "Exporting the public key failed", e11);
            return null;
        }
    }

    @TargetApi(28)
    public static String generateKeyStoreKeyPair(Context context, KsLabel ksLabel, AkMode akMode, byte[] bArr) {
        String keyAlg = ksLabel.getAlg().getKeyAlg();
        String str = f13703a;
        Logger.i(str, "generateKeyStoreKeyPair for " + keyAlg + " algorithm");
        String uuid = UUID.randomUUID().toString();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(new Date(0L));
        Calendar calendar2 = Calendar.getInstance();
        boolean z11 = true;
        if (AppSDKConfig.getInstance(context).get(AppSDKConfig.Key.expireKeysIn2038).getAsBoolean()) {
            calendar2.setTime(new Date(2147483647000L));
        } else {
            calendar2.add(1, 20);
        }
        try {
            String keyAlg2 = ksLabel.getAlg().getKeyAlg();
            int i11 = Build.VERSION.SDK_INT;
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAlg2, "AndroidKeyStore");
            X500Principal x500Principal = new X500Principal(String.format("CN=%s, OU=%s", uuid, context.getPackageName()));
            KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(uuid, 4);
            builder.setCertificateSubject(x500Principal).setCertificateSerialNumber(BigInteger.ONE).setKeyValidityStart(calendar.getTime()).setKeyValidityEnd(calendar2.getTime());
            int ordinal = ksLabel.getAlg().ordinal();
            if (ordinal == 0) {
                builder.setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1"));
            } else if (ordinal == 1) {
                builder.setSignaturePaddings("PKCS1");
                builder.setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(ksLabel.getAlg().a() * 8, RSAKeyGenParameterSpec.F4));
            }
            if (akMode == AkMode.FP || akMode == AkMode.KG) {
                builder.setUserAuthenticationRequired(true);
            }
            if (akMode == AkMode.KG) {
                builder.setUserAuthenticationValidityDurationSeconds(4);
            }
            builder.setDigests("SHA-256");
            if (i11 >= 24 || "N".equals(Build.VERSION.CODENAME)) {
                builder.setAttestationChallenge(bArr);
            }
            if (i11 >= 28 || "P".equals(Build.VERSION.CODENAME)) {
                if (ksLabel.getStorage() != Storage.SecureElement) {
                    z11 = false;
                }
                builder.setIsStrongBoxBacked(z11);
            }
            if (Looper.myLooper() == null) {
                Looper.prepare();
            }
            keyPairGenerator.initialize(builder.build());
            keyPairGenerator.generateKeyPair();
            Logger.i(str, "Key generation completed");
            return uuid;
        } catch (IllegalStateException e11) {
            e = e11;
            Logger.e(f13703a, "Failed to generate KeyPair", e);
            return null;
        } catch (InvalidAlgorithmParameterException e12) {
            Logger.e(f13703a, "Failed to initialize the KeyPair", e12);
            throw new AsmException(Outcome.USER_NOT_ENROLLED);
        } catch (NoSuchAlgorithmException e13) {
            e = e13;
            Logger.e(f13703a, "Failed to generate KeyPair", e);
            return null;
        } catch (NoSuchProviderException e14) {
            e = e14;
            Logger.e(f13703a, "Failed to generate KeyPair", e);
            return null;
        }
    }

    public static String getAttestationChain(String str) {
        if (Build.VERSION.SDK_INT < 24 && !"N".equals(Build.VERSION.CODENAME)) {
            return "p";
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Certificate[] certificateChain = keyStore.getCertificateChain(str);
            String[] strArr = new String[certificateChain.length];
            int i11 = 0;
            for (Certificate certificate : certificateChain) {
                strArr[i11] = new String(Base64.encode(certificate.getEncoded(), 2));
                i11++;
            }
            return new JSONArray(strArr).toString();
        } catch (Exception e11) {
            Logger.e(f13703a, "Could not export X509 certificate chain for attestation", e11);
            return "a";
        }
    }

    public static Signature initSignature(KsLabel ksLabel, String str) throws InvalidKeyException {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Signature signature = Signature.getInstance(ksLabel.getAlg().b());
            signature.initSign((PrivateKey) keyStore.getKey(str, null));
            return signature;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e11) {
            Logger.e(f13703a, "Init Signature failed", e11);
            throw new IllegalArgumentException(e11);
        }
    }

    public static void removeKey(String str) {
        String str2 = f13703a;
        Logger.i(str2, "removeKey");
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry(str);
            Logger.i(str2, "Key successfully removed from the KeyStore");
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e11) {
            Logger.e(f13703a, "Failed to remove the key from the KeyStore", e11);
        }
    }

    public static byte[] signData(Signature signature, KsLabel ksLabel, byte[] bArr) throws InvalidKeyException {
        String str = f13703a;
        StringBuilder a11 = a.a("signData with ");
        a11.append(ksLabel.getAlg().b());
        Logger.i(str, a11.toString());
        if (signature == null) {
            Logger.e(str, "Signature object is missing");
            return null;
        }
        try {
            signature.update(bArr);
            byte[] sign = signature.sign();
            Alg alg = ksLabel.getAlg();
            Alg alg2 = Alg.EC;
            if (alg == alg2) {
                byte b11 = sign[3];
                if (b11 > alg2.a() + 1) {
                    Logger.e(str, "Invalid ECDSA signature: incorrect length of r");
                } else {
                    int i11 = b11 + 4;
                    byte[] a12 = a(Arrays.copyOfRange(sign, 4, i11));
                    byte b12 = sign[i11 + 1];
                    if (b11 > alg2.a() + 1) {
                        Logger.e(str, "Invalid ECDSA signature: incorrect length of s");
                    } else {
                        int i12 = i11 + 2;
                        byte[] a13 = a(Arrays.copyOfRange(sign, i12, b12 + i12));
                        byte[] bArr2 = new byte[a12.length + a13.length];
                        System.arraycopy(a12, 0, bArr2, 0, a12.length);
                        System.arraycopy(a13, 0, bArr2, a12.length, a13.length);
                        sign = bArr2;
                    }
                }
                sign = null;
            }
            StringBuilder a14 = a.a("Data Signing completed: ");
            a14.append(sign != null ? TypeConverter.byteArrayToHexString(sign) : null);
            Logger.i(str, a14.toString());
            return sign;
        } catch (SignatureException e11) {
            if (e11.getMessage().startsWith("android.security.KeyStoreException: Key user not authenticated")) {
                throw new KeyPermanentlyInvalidatedException(e11.getMessage());
            }
            Logger.e(f13703a, "Problem during signing", e11);
            return null;
        }
    }

    @TargetApi(23)
    public static byte[] unwrapObject(byte[] bArr) {
        String str = f13703a;
        Logger.startTimer(str, "unwrapObject");
        try {
            try {
                Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                SecretKey a11 = a();
                byte[] copyOfRange = Arrays.copyOfRange(bArr, 1, 13);
                byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 13, bArr.length);
                cipher.init(2, a11, new GCMParameterSpec(128, copyOfRange));
                byte[] doFinal = cipher.doFinal(copyOfRange2);
                Logger.endTimer(str, "unwrapObject");
                return doFinal;
            } catch (Throwable th2) {
                Logger.endTimer(f13703a, "unwrapObject");
                throw th2;
            }
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e11) {
            String str2 = f13703a;
            Logger.e(str2, "unwrapObject failed", e11);
            Logger.endTimer(str2, "unwrapObject");
            return null;
        }
    }

    @TargetApi(23)
    public static byte[] wrapObject(byte[] bArr) {
        String str = f13703a;
        Logger.startTimer(str, "wrapObject");
        try {
            try {
                Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                cipher.init(1, a());
                byte[] iv2 = cipher.getIV();
                if (iv2 == null) {
                    Logger.e(str, "Failed to get IV for encrypt operation");
                    Logger.endTimer(str, "wrapObject");
                    return null;
                }
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                byteArrayOutputStream.write(-128);
                byteArrayOutputStream.write(iv2);
                byteArrayOutputStream.write(cipher.doFinal(bArr));
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                Logger.endTimer(str, "wrapObject");
                return byteArray;
            } catch (Throwable th2) {
                Logger.endTimer(f13703a, "wrapObject");
                throw th2;
            }
        } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e11) {
            String str2 = f13703a;
            Logger.e(str2, "wrapObject failed", e11);
            Logger.endTimer(str2, "wrapObject");
            return null;
        }
    }
}
