package com.isprint.fido.uaf.core;

import com.isprint.fido.uaf.core.msg.AuthenticationResponse;
import com.isprint.fido.uaf.core.msg.Transaction;
import com.isprint.fido.uaf.core.tlv.AlgAndEncodingEnum;
import com.isprint.fido.uaf.core.tlv.TagsEnum;
import com.isprint.fido.uaf.rpclient.bo.OpObject;
import com.isprint.fido.uaf.safetrust.crypto.BCrypt;
import com.isprint.fido.uaf.safetrust.crypto.RSA;
import com.isprint.fido.uaf.safetrust.crypto.SHA;
import com.isprint.fido.uaf.utils.EncodingUtil;
import com.isprint.fido.uaf.utils.codec.binary.Base64;
import com.isprint.fido.uaf.utils.codec.binary.Hex;
import com.isprint.fido.uaf.utils.keystore.KeyUtil;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.logging.Logger;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

/* loaded from: classes2.dex */
public class AuthAssertionBuilder {
    public static final String AAID = "0052#0002";
    public static AtomicInteger COUNTER = new AtomicInteger(1);
    private OpObject cryptoObject;
    private String keyId;
    private KeyPair keyPair;
    private Logger logger = Logger.getLogger(AuthAssertionBuilder.class.getName());
    private Transaction[] trx;

    public AuthAssertionBuilder(KeyPair keyPair, String str, Transaction[] transactionArr, OpObject opObject) {
        this.keyPair = null;
        this.keyPair = keyPair;
        this.keyId = str;
        this.trx = transactionArr;
        this.cryptoObject = opObject;
    }

    private byte[] computeHashTrxContent(byte[] bArr) {
        try {
            return SHA.sha(bArr, McElieceCCA2KeyGenParameterSpec.SHA256);
        } catch (NoSuchAlgorithmException e) {
            this.logger.info("Failed to compute hash" + e.getMessage());
            return null;
        }
    }

    private byte[] encodeInt(int i) {
        return new byte[]{(byte) (i & 255), (byte) ((i & 65280) >> 8)};
    }

    private byte[] getAAID() throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write("0052#0002".getBytes());
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] getAuthAssertion(AuthenticationResponse authenticationResponse) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_UAFV1_SIGNED_DATA.f37id));
        byte[] signedData = getSignedData(authenticationResponse);
        byteArrayOutputStream.write(encodeInt(signedData.length));
        byteArrayOutputStream.write(signedData);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_SIGNATURE.f37id));
        byte[] signature = getSignature(byteArray, AlgAndEncodingEnum.UAF_ALG_KEY_ECC_X962_RAW.f35id);
        byteArrayOutputStream.write(encodeInt(signature.length));
        byteArrayOutputStream.write(signature);
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] getCounters() throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(encodeInt(0));
        byteArrayOutputStream.write(encodeInt(COUNTER.incrementAndGet()));
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] getFC(AuthenticationResponse authenticationResponse) throws NoSuchAlgorithmException {
        return SHA.sha(authenticationResponse.fcParams.getBytes(), McElieceCCA2KeyGenParameterSpec.SHA256);
    }

    private byte[] getKeyId(String str) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(str.getBytes());
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] getSignature(byte[] bArr, int i) throws Exception {
        if (RegAssertionBuilder.METHOD != 0) {
            byte[] mSignAndFromatToRS = new KeyUtil(this.cryptoObject).mSignAndFromatToRS(SHA.sha(bArr, McElieceCCA2KeyGenParameterSpec.SHA256));
            this.logger.info(" : signature : " + Base64.encodeBase64URLSafeString(mSignAndFromatToRS));
            return mSignAndFromatToRS;
        }
        PublicKey publicKey = this.keyPair.getPublic();
        PrivateKey privateKey = this.keyPair.getPrivate();
        byte[] signRAWPSS = RSA.signRAWPSS(privateKey, SHA.sha(bArr, McElieceCCA2KeyGenParameterSpec.SHA256));
        PublicKey publicKey2 = this.keyPair.getPublic();
        RSAPublicKey rSAPublicKey = (RSAPublicKey) this.keyPair.getPublic();
        byte[] byteArray = rSAPublicKey.getModulus().toByteArray();
        byte[] byteArray2 = rSAPublicKey.getPublicExponent().toByteArray();
        byte[] bArr2 = new byte[259];
        System.arraycopy(byteArray, 1, bArr2, 0, 256);
        System.arraycopy(byteArray2, 0, bArr2, 256, byteArray2.length);
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("String dataForSigning_Hex=\"" + Hex.encodeHexString(bArr) + "\";\n");
        stringBuffer.append("String signedData=\"" + Base64.encodeBase64URLSafeString(bArr) + "\";\n");
        stringBuffer.append("String publicKey=\"" + Base64.encodeBase64URLSafeString(publicKey.getEncoded()) + "\";\n");
        stringBuffer.append("String publicKey1=\"" + Base64.encodeBase64URLSafeString(bArr2) + "\";\n");
        stringBuffer.append("String priv=\"" + Base64.encodeBase64URLSafeString(privateKey.getEncoded()) + "\";\n");
        stringBuffer.append("String sig=\"" + Base64.encodeBase64URLSafeString(signRAWPSS) + "\";\n");
        stringBuffer.append("String sig_hex=\"" + Hex.encodeHexString(signRAWPSS) + "\";\n");
        stringBuffer.append("String sha=\"" + Base64.encodeBase64URLSafeString(SHA.sha(bArr, McElieceCCA2KeyGenParameterSpec.SHA256)) + "\";");
        System.out.println(stringBuffer.toString());
        if (RSA.verifyRAWPSS(publicKey2, SHA.sha(bArr, McElieceCCA2KeyGenParameterSpec.SHA256), signRAWPSS)) {
            return signRAWPSS;
        }
        throw new RuntimeException("Signatire match fail");
    }

    private byte[] getSignedData(AuthenticationResponse authenticationResponse) throws IOException, NoSuchAlgorithmException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_AAID.f37id));
        byte[] aaid = getAAID();
        byteArrayOutputStream.write(encodeInt(aaid.length));
        byteArrayOutputStream.write(aaid);
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_ASSERTION_INFO.f37id));
        byteArrayOutputStream.write(encodeInt(5));
        byteArrayOutputStream.write(new byte[]{1, 0, 1, 1, 0});
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_AUTHENTICATOR_NONCE.f37id));
        byte[] bytes = SHA.sha256(BCrypt.gensalt()).getBytes();
        byteArrayOutputStream.write(encodeInt(bytes.length));
        byteArrayOutputStream.write(bytes);
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_FINAL_CHALLENGE.f37id));
        byte[] fc = getFC(authenticationResponse);
        byteArrayOutputStream.write(encodeInt(fc.length));
        byteArrayOutputStream.write(fc);
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_TRANSACTION_CONTENT_HASH.f37id));
        Transaction[] transactionArr = this.trx;
        if (transactionArr == null) {
            byteArrayOutputStream.write(encodeInt(0));
        } else {
            byte[] computeHashTrxContent = computeHashTrxContent(Base64.decodeBase64(EncodingUtil.getAsciiBytes(transactionArr[0].content)));
            byteArrayOutputStream.write(encodeInt(computeHashTrxContent.length));
            byteArrayOutputStream.write(computeHashTrxContent);
        }
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_KEYID.f37id));
        byte[] keyId = getKeyId(this.keyId);
        byteArrayOutputStream.write(encodeInt(keyId.length));
        byteArrayOutputStream.write(keyId);
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_COUNTERS.f37id));
        byte[] counters = getCounters();
        byteArrayOutputStream.write(encodeInt(counters.length));
        byteArrayOutputStream.write(counters);
        return byteArrayOutputStream.toByteArray();
    }

    public String getAssertions(AuthenticationResponse authenticationResponse) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_UAFV1_AUTH_ASSERTION.f37id));
        byte[] authAssertion = getAuthAssertion(authenticationResponse);
        byteArrayOutputStream.write(encodeInt(authAssertion.length));
        byteArrayOutputStream.write(authAssertion);
        return Base64.encodeBase64URLSafeString(byteArrayOutputStream.toByteArray());
    }
}
