package com.gmrz.authenticationso.authenticator;

import android.annotation.SuppressLint;
import android.app.Activity;
import android.content.Context;
import android.os.Build;
import android.os.Bundle;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import com.noknok.android.client.asm.api.AsmException;
import com.noknok.android.client.asm.core.shared.DescriptorLoader;
import com.noknok.android.client.asm.sdk.AuthenticatorException;
import com.noknok.android.client.asm.sdk.IAuthenticatorDescriptor;
import com.noknok.android.client.asm.sdk.IAuthenticatorKernel;
import com.noknok.android.client.asm.sdk.IMatcher;
import com.noknok.android.client.asm.sdk.ProtocolType;
import com.noknok.android.client.utils.Charsets;
import com.noknok.android.client.utils.Logger;
import com.noknok.authenticator.AKException;
import io.dcloud.common.DHInterface.IApp;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Map;
import java.util.UUID;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public abstract class KSAuthenticatorKernel extends AuthenticatorKernel implements IAuthenticatorKernel {
    public static final int ERR_UNSUPPORTED = 2;
    public static final int SUCCESS = 0;
    private static final String TAG = "KSAuthenticatorKernel";
    protected static String mAppID;
    protected static Context mContext;
    protected static IAuthenticatorDescriptor mDescriptor;
    protected static boolean mIsAKManagedMatcher;
    protected static IMatcher mMatcher;
    protected static IMatcher.MatcherInParams mMatcherInParams;
    protected boolean isNewAAID;
    private long mAKContextJni;
    protected KeyStore mKeyStore;
    protected String mLabel;
    public int statusCode;

    /* loaded from: classes.dex */
    public static class keyStoreCryptoUtils {
        public static final short EC_KEY_SIZE = 32;
        private static SecretKey secretKey;

        private static byte[] copy(byte[] bArr) {
            byte[] bArr2 = new byte[32];
            Arrays.fill(bArr2, (byte) 0);
            if (bArr.length > 32) {
                System.arraycopy(bArr, 1, bArr2, 0, 32);
            } else {
                System.arraycopy(bArr, 0, bArr2, 32 - bArr.length, bArr.length);
            }
            return bArr2;
        }

        @SuppressLint({"NewApi"})
        private static byte[] generateKeyStoreECDSAKeyPair() {
            Logger.i(KSAuthenticatorKernel.TAG, "generateKeyStoreECDSAKeyPair");
            String uuid = UUID.randomUUID().toString();
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 20);
            try {
                KeyPairGeneratorSpec.Builder builder = new KeyPairGeneratorSpec.Builder(KSAuthenticatorKernel.mContext);
                builder.setAlias(uuid).setSubject(new X500Principal(String.format("CN=%s, OU=%s", uuid, KSAuthenticatorKernel.mContext.getPackageName()))).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime());
                if (Build.VERSION.SDK_INT < 19) {
                    Logger.e(KSAuthenticatorKernel.TAG, "EC algorithm is not supported");
                    throw new NoSuchAlgorithmException();
                }
                builder.setKeyType("EC").setKeySize(256);
                KeyPairGeneratorSpec build = builder.build();
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(Build.VERSION.SDK_INT < 23 ? "RSA" : "EC", "AndroidKeyStore");
                keyPairGenerator.initialize(build);
                keyPairGenerator.generateKeyPair();
                return uuid.getBytes(Charsets.utf8Charset);
            } catch (IllegalStateException | InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
                Logger.e(KSAuthenticatorKernel.TAG, "Failed to generate KeyPair, ", e);
                return null;
            }
        }

        @SuppressLint({"NewApi"})
        private static SecretKey getCryptoKey() {
            Logger.i(KSAuthenticatorKernel.TAG, "getCryptoKey");
            SecretKey secretKey2 = secretKey;
            if (secretKey2 != null) {
                return secretKey2;
            }
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                SecretKey secretKey3 = (SecretKey) keyStore.getKey("CalKsCryptoKey", null);
                if (secretKey3 != null) {
                    secretKey = secretKey3;
                } else {
                    KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder("CalKsCryptoKey", 3);
                    builder.setBlockModes("GCM");
                    builder.setEncryptionPaddings("NoPadding");
                    builder.setKeySize(256);
                    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                    keyGenerator.init(builder.build());
                    secretKey = keyGenerator.generateKey();
                }
                return secretKey;
            } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableEntryException | CertificateException e) {
                Logger.e(KSAuthenticatorKernel.TAG, "Failed to get crypto key.", e);
                return null;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void removeKey(String str) {
            Logger.i(KSAuthenticatorKernel.TAG, "removeKey");
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                if (keyStore.getKey("CalKsCryptoKey", null) != null) {
                    keyStore.deleteEntry("CalKsCryptoKey");
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
                Logger.e(KSAuthenticatorKernel.TAG, "Failed to get crypto key.", e);
            }
        }

        private static byte[] signDataWithECDSA(String str, byte[] bArr) {
            Logger.i(KSAuthenticatorKernel.TAG, "signDataWithECDSA");
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                Signature signature = Signature.getInstance("SHA256withECDSA");
                Key key = keyStore.getKey(str, null);
                if (key == null) {
                    Logger.e(KSAuthenticatorKernel.TAG, "Unable to get the signing key by name " + str);
                    return null;
                }
                signature.initSign((PrivateKey) key);
                signature.update(bArr);
                byte[] sign = signature.sign();
                byte b = sign[3];
                if (b > 33) {
                    Logger.e(KSAuthenticatorKernel.TAG, "Invalid ECDSA signature: incorrect length of r");
                    return null;
                }
                int i = b + 4;
                byte[] copy = copy(Arrays.copyOfRange(sign, 4, i));
                byte b2 = sign[i + 1];
                if (b > 33) {
                    Logger.e(KSAuthenticatorKernel.TAG, "Invalid ECDSA signature: incorrect length of s");
                    return null;
                }
                int i2 = i + 2;
                byte[] copy2 = copy(Arrays.copyOfRange(sign, i2, b2 + i2));
                byte[] bArr2 = new byte[64];
                System.arraycopy(copy, 0, bArr2, 0, 32);
                System.arraycopy(copy2, 0, bArr2, 32, 32);
                String bytesToHexString = KSAuthenticatorKernel.bytesToHexString(bArr2);
                Logger.d(KSAuthenticatorKernel.TAG, "Data Signing complete , len = 64   Signature: " + bytesToHexString);
                return bArr2;
            } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | SignatureException | UnrecoverableEntryException | CertificateException e) {
                Logger.e(KSAuthenticatorKernel.TAG, "Failed to sign Data with ECDSA", e);
                return null;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        @SuppressLint({"NewApi"})
        public static byte[] unwrapObject(byte[] bArr) {
            Logger.i(KSAuthenticatorKernel.TAG, "unwrapObject");
            try {
                Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                SecretKey cryptoKey = getCryptoKey();
                byte[] copyOfRange = Arrays.copyOfRange(bArr, 1, 13);
                byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 13, bArr.length);
                cipher.init(2, cryptoKey, new GCMParameterSpec(128, copyOfRange));
                return cipher.doFinal(copyOfRange2);
            } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
                Logger.e(KSAuthenticatorKernel.TAG, "unwrapObject failed", e);
                return null;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static byte[] wrapObject(byte[] bArr) {
            Logger.i(KSAuthenticatorKernel.TAG, "wrapObject");
            try {
                Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                cipher.init(1, getCryptoKey());
                byte[] iv = cipher.getIV();
                if (iv == null) {
                    Logger.e(KSAuthenticatorKernel.TAG, "Failed to get IV for encrypt operation");
                    return null;
                }
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                byteArrayOutputStream.write(-128);
                byteArrayOutputStream.write(iv);
                byteArrayOutputStream.write(cipher.doFinal(bArr));
                return byteArrayOutputStream.toByteArray();
            } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
                Logger.e(KSAuthenticatorKernel.TAG, "wrapObject failed", e);
                return null;
            }
        }
    }

    public KSAuthenticatorKernel() throws AKException {
        this.statusCode = 0;
        this.mKeyStore = null;
        try {
            this.mKeyStore = KeyStore.getInstance("AndroidKeyStore");
            this.mKeyStore.load(null);
            this.isNewAAID = isUseNewAAID(mContext);
            this.mLabel = performInitJni(this.isNewAAID);
            Logger.i(TAG, "Selected HardwareKeyStorePresent: true ,label: " + this.mLabel);
            String str = this.mLabel;
            if (str == null || str.isEmpty()) {
                Logger.e(TAG, "initJni returned null or empty AAID label ");
                throw new AKException("initJni is failed");
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            Logger.e(TAG, "Failed to get KeyStore instance", e);
            throw new AKException("Failed to get KeyStore instance");
        }
    }

    public KSAuthenticatorKernel(Context context, IMatcher iMatcher) throws AKException {
        this.statusCode = 0;
        this.mKeyStore = null;
        if (context == null) {
            Logger.e(TAG, "ctx passing is null");
            return;
        }
        mContext = context;
        this.isNewAAID = isUseNewAAID(context);
        this.mLabel = performInitJni(this.isNewAAID);
        Logger.i(TAG, "Selected HardwareKeyStorePresent: true ,label: " + this.mLabel);
        String str = this.mLabel;
        if (str == null || str.isEmpty()) {
            Logger.e(TAG, "initJni returned null or empty AAID label");
            throw new AKException("initJni is failed");
        }
        mMatcher = iMatcher;
    }

    public static String bytesToHexString(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            String hexString = Integer.toHexString(b & IApp.ABS_PRIVATE_WWW_DIR_APP_MODE);
            if (hexString.length() == 1) {
                sb.append("0");
            }
            sb.append(hexString);
        }
        return sb.toString();
    }

    public abstract byte[] exportPublicKey(byte[] bArr);

    public abstract byte[] generateKeyPair();

    @Override // com.gmrz.authenticationso.authenticator.AuthenticatorKernel
    public String getLabel() {
        return this.mLabel;
    }

    public int getStatus() {
        return this.statusCode;
    }

    protected void initAKManagedMatcher(byte[] bArr, Map<IAuthenticatorKernel.AKDataKeys, Object> map) throws AuthenticatorException {
        if (map != null) {
            Logger.d(TAG, "Begin Initializing AK for AK Managed Matcher");
            try {
                if (map.get(IAuthenticatorKernel.AKDataKeys.APPID) == null) {
                    Logger.d(TAG, "AppID not found");
                    mAppID = "appid0";
                } else {
                    mAppID = new String((byte[]) map.get(IAuthenticatorKernel.AKDataKeys.APPID), Charsets.utf8Charset);
                }
                IAuthenticatorDescriptor iAuthenticatorDescriptor = (IAuthenticatorDescriptor) map.get(IAuthenticatorKernel.AKDataKeys.DESCRIPTOR);
                mDescriptor = iAuthenticatorDescriptor;
                if (iAuthenticatorDescriptor != null) {
                    Logger.d(TAG, "Check AK Managed matcher :" + mDescriptor.isAKManagedMatcher() + " : ");
                }
                if (mDescriptor == null || !mDescriptor.isAKManagedMatcher()) {
                    mMatcher = null;
                    mMatcherInParams = null;
                    mDescriptor = null;
                    Logger.d(TAG, "Is NOT A AKManaged Matcher");
                    return;
                }
                mIsAKManagedMatcher = true;
                Logger.d(TAG, "Is AKManaged Matcher");
                IMatcher loadAuthenticatorUIFromClassName = DescriptorLoader.loadAuthenticatorUIFromClassName(mDescriptor.getMatcherClass(), mContext, ProtocolType.UAF);
                mMatcher = loadAuthenticatorUIFromClassName;
                if (loadAuthenticatorUIFromClassName == null) {
                    throw new AuthenticatorException("Failed to load Matcher " + mDescriptor.getMatcherClass().toString());
                }
                IMatcher.MatcherInParams matcherInParams = (IMatcher.MatcherInParams) map.get(IAuthenticatorKernel.AKDataKeys.MATCHER_IN_PARAMS);
                mMatcherInParams = matcherInParams;
                if (matcherInParams == null) {
                    throw new AuthenticatorException("MatcherInParams is null.");
                }
            } catch (AsmException e) {
                throw new AuthenticatorException("loadAuthenticatorUI failed.", e);
            } catch (ClassCastException e2) {
                throw new AuthenticatorException("APPID or Descriptor  or MatcherInParams class is incorrect.", e2);
            }
        }
    }

    public boolean isUseNewAAID(Context context) {
        try {
            Bundle bundle = context.getPackageManager().getApplicationInfo(context.getPackageName(), 128).metaData;
            if (bundle != null) {
                if (!TextUtils.isEmpty(bundle.getString("com.gmrz.authentication.API_KEY"))) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    protected abstract String performInitJni(boolean z);

    protected abstract byte[] performProcessJni(byte[] bArr);

    @Override // com.noknok.android.client.asm.sdk.IAuthenticatorKernel
    public boolean postProcess() {
        mAppID = null;
        mDescriptor = null;
        mMatcherInParams = null;
        mMatcher = null;
        mIsAKManagedMatcher = false;
        this.statusCode = 0;
        return true;
    }

    @Override // com.gmrz.authenticationso.authenticator.AuthenticatorKernel
    public byte[] processRequestJni(byte[] bArr, Map<IAuthenticatorKernel.AKDataKeys, Object> map) {
        try {
            initAKManagedMatcher(bArr, map);
        } catch (AuthenticatorException e) {
            e.printStackTrace();
        }
        return performProcessJni(bArr);
    }

    public void removeKey(byte[] bArr) {
        Logger.i(TAG, "Begin remove key.");
        keyStoreCryptoUtils.removeKey(new String(bArr, Charsets.utf8Charset));
    }

    @Override // com.noknok.android.client.asm.sdk.IAuthenticatorKernel
    public void setCallerActivity(Activity activity) {
    }

    public void setContext(Context context) {
        mContext = context;
    }

    public abstract byte[] signData(byte[] bArr, byte[] bArr2);

    public int unwrapGetLength(int i, byte b) {
        Logger.i(TAG, "unwrapGetLength");
        return b == -127 ? i - 1 : b == Byte.MIN_VALUE ? (i - 1) - 12 : i;
    }

    public byte[] unwrapObject(byte[] bArr) {
        Logger.i(TAG, "unwrapObject");
        return bArr[0] == -127 ? Arrays.copyOfRange(bArr, 1, bArr.length) : bArr[0] == Byte.MIN_VALUE ? keyStoreCryptoUtils.unwrapObject(bArr) : bArr;
    }

    public int wrapGetLength(int i) {
        Logger.i(TAG, "wrapGetLength");
        return Build.VERSION.SDK_INT < 23 ? i + 1 : i + 16 + 13;
    }

    public byte[] wrapObject(byte[] bArr) {
        Logger.i(TAG, "wrapObject");
        if (Build.VERSION.SDK_INT >= 23) {
            return keyStoreCryptoUtils.wrapObject(bArr);
        }
        byte[] bArr2 = new byte[bArr.length + 1];
        System.arraycopy(bArr, 0, bArr2, 1, bArr.length);
        bArr2[0] = -127;
        return bArr2;
    }
}
