package com.isprint.fido.uaf.rpclient.utils;

import android.content.Context;
import com.isprint.fido.uaf.asm.AsmContext;
import com.isprint.fido.uaf.asm.generic.wrapper.PKCS11Exception;
import com.isprint.fido.uaf.asm.wrapper.TokenApiReturn;
import com.isprint.fido.uaf.core.util.Base64Util;
import com.isprint.fido.uaf.rpclient.bo.OpObject;
import com.isprint.fido.uaf.rpclient.error.FidoException;
import com.isprint.fido.uaf.rpclient.ui.LocalSharedPreference;
import com.isprint.fido.uaf.safetrust.ECKeyPair;
import com.isprint.fido.uaf.safetrust.TokenApi;
import com.isprint.fido.uaf.utils.codec.binary.Base64;
import java.io.ByteArrayOutputStream;
import java.util.Arrays;
import javax.crypto.Cipher;

/* loaded from: classes2.dex */
public class RawKeyHandle {
    private byte[] khAccessToken;
    private final int len_KHAccessToken;
    private final int len_UAuth_priv;
    private byte[] mKeyHandle;
    private byte[] uauth_priv;
    private byte[] username;

    public RawKeyHandle() {
        this.len_KHAccessToken = 32;
        this.len_UAuth_priv = ECKeyPair.getKeyTagLength();
    }

    public RawKeyHandle(byte[] bArr, byte[] bArr2, byte[] bArr3) throws FidoException {
        this.len_KHAccessToken = 32;
        int keyTagLength = ECKeyPair.getKeyTagLength();
        this.len_UAuth_priv = keyTagLength;
        if (bArr.length != 32) {
            throw new FidoException("Invalid length of KHAccessToken! wrong length = " + bArr.length);
        }
        if (bArr2.length != keyTagLength) {
            throw new FidoException("Invalid length of UAuth_priv! wrong length = " + bArr2.length);
        }
        if (bArr3.length <= 128) {
            this.khAccessToken = bArr;
            this.uauth_priv = bArr2;
            this.username = bArr3;
        } else {
            throw new FidoException("Invalid length of username! wrong length = " + bArr3.length);
        }
    }

    private long getWrapSym(TokenApi tokenApi, String str) throws PKCS11Exception, FidoException {
        TokenApiReturn find_AESKey = tokenApi.find_AESKey(str);
        long j = find_AESKey.ck_rv;
        if (j != 0) {
            throw new PKCS11Exception(j, "Wrap.Sym key not found");
        }
        long[] jArr = (long[]) find_AESKey.extra;
        if (jArr.length == 1) {
            return jArr[0];
        }
        if (jArr.length > 1) {
            throw new FidoException("More thant one Wrap.Sym key found: " + jArr.length);
        }
        TokenApiReturn generate_AESKey = tokenApi.generate_AESKey(str);
        long j2 = generate_AESKey.ck_rv;
        if (j2 == 0) {
            return ((Long) generate_AESKey.extra).longValue();
        }
        throw new PKCS11Exception(j2, "generate_AESKey failed");
    }

    public byte[] getKeyHandle() {
        return this.mKeyHandle;
    }

    public byte[] getKhAccessToken() {
        return this.khAccessToken;
    }

    public byte[] getUauth_priv() {
        return this.uauth_priv;
    }

    public byte[] getUsername() {
        return this.username;
    }

    public RawKeyHandle unwrap(Context context, byte[] bArr, byte[] bArr2) {
        try {
            this.mKeyHandle = bArr;
            TokenApi tokenApiInstance = AsmContext.getTokenApiInstance();
            if (tokenApiInstance == null) {
                tokenApiInstance = new TokenApi(context).init();
            }
            TokenApiReturn do_AES_decrypt = tokenApiInstance.do_AES_decrypt(getWrapSym(tokenApiInstance, Base64Util.urlEncode(bArr2)), bArr);
            if (do_AES_decrypt.ck_rv != 0) {
                throw new PKCS11Exception(do_AES_decrypt.ck_rv, "do_AES_decrypt failed");
            }
            byte[] bArr3 = (byte[]) do_AES_decrypt.extra;
            if (bArr3.length < this.len_UAuth_priv + 32 + 2) {
                throw new FidoException("Invalid length of RawKeyHandle");
            }
            int length = ((bArr3.length - 32) - this.len_UAuth_priv) - 1;
            if (bArr3[this.len_UAuth_priv + 32] != length) {
                throw new FidoException("Username length does not match!");
            }
            byte[] bArr4 = new byte[32];
            this.khAccessToken = bArr4;
            this.uauth_priv = new byte[this.len_UAuth_priv];
            this.username = new byte[((bArr3.length - 32) - this.len_UAuth_priv) - 1];
            System.arraycopy(bArr3, 0, bArr4, 0, 32);
            System.arraycopy(bArr3, 32, this.uauth_priv, 0, this.len_UAuth_priv);
            System.arraycopy(bArr3, this.len_UAuth_priv + 32 + 1, this.username, 0, length);
            if (Arrays.equals(this.khAccessToken, bArr2)) {
                return this;
            }
            throw new FidoException("Wrong khAccessToken! failed to unwrap!");
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public RawKeyHandle unwrapKeyHandler(Context context, String str, byte[] bArr, OpObject opObject) {
        if (str == null) {
            return null;
        }
        try {
            byte[] decodeBase64 = Base64.decodeBase64(str);
            this.mKeyHandle = decodeBase64;
            if (decodeBase64.length < this.len_UAuth_priv + 32 + 2) {
                throw new FidoException("Invalid length of RawKeyHandle");
            }
            int length = ((decodeBase64.length - 32) - this.len_UAuth_priv) - 1;
            if (decodeBase64[this.len_UAuth_priv + 32] != length) {
                throw new FidoException("Username length does not match!");
            }
            byte[] bArr2 = new byte[32];
            this.khAccessToken = bArr2;
            this.uauth_priv = new byte[this.len_UAuth_priv];
            this.username = new byte[((decodeBase64.length - 32) - this.len_UAuth_priv) - 1];
            System.arraycopy(decodeBase64, 0, bArr2, 0, 32);
            System.arraycopy(decodeBase64, 32, this.uauth_priv, 0, this.len_UAuth_priv);
            System.arraycopy(decodeBase64, this.len_UAuth_priv + 32 + 1, this.username, 0, length);
            if (Arrays.equals(this.khAccessToken, bArr)) {
                return this;
            }
            throw new FidoException("Wrong khAccessToken! failed to unwrap!");
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public byte[] wrap() {
        byte[] bArr = null;
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(this.khAccessToken);
            byteArrayOutputStream.write(this.uauth_priv);
            byteArrayOutputStream.write((byte) this.username.length);
            byteArrayOutputStream.write(this.username);
            bArr = byteArrayOutputStream.toByteArray();
            this.mKeyHandle = bArr;
            LocalSharedPreference.setSettingsParam(LocalSharedPreference.TEMP_RAW_KEY_HANDLER, Base64.encodeBase64String(bArr));
            LocalSharedPreference.setSettingsParam(LocalSharedPreference.TEMP_KEY_HANDLER, Base64.encodeBase64String(this.mKeyHandle));
        } catch (Exception e) {
            e.printStackTrace();
        }
        return bArr;
    }

    public byte[] wrap(Context context) {
        if (context == null) {
            return wrap();
        }
        byte[] bArr = null;
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(this.khAccessToken);
            byteArrayOutputStream.write(this.uauth_priv);
            byteArrayOutputStream.write((byte) this.username.length);
            byteArrayOutputStream.write(this.username);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            TokenApi tokenApiInstance = AsmContext.getTokenApiInstance();
            if (tokenApiInstance == null) {
                tokenApiInstance = new TokenApi(context).init();
            }
            TokenApiReturn do_AES_encrypt = tokenApiInstance.do_AES_encrypt(getWrapSym(tokenApiInstance, Base64Util.urlEncode(this.khAccessToken)), byteArray);
            if (do_AES_encrypt.ck_rv != 0) {
                throw new PKCS11Exception(do_AES_encrypt.ck_rv, "do_AES_encrypt failed");
            }
            byte[] bArr2 = (byte[]) do_AES_encrypt.extra;
            try {
                this.mKeyHandle = bArr2;
                return bArr2;
            } catch (Exception e) {
                bArr = bArr2;
                e = e;
                e.printStackTrace();
                return bArr;
            }
        } catch (Exception e2) {
            e = e2;
        }
    }

    public byte[] wrap(Cipher cipher) {
        byte[] bArr = null;
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(this.khAccessToken);
            byteArrayOutputStream.write(this.uauth_priv);
            byteArrayOutputStream.write((byte) this.username.length);
            byteArrayOutputStream.write(this.username);
            bArr = byteArrayOutputStream.toByteArray();
            this.mKeyHandle = bArr;
            LocalSharedPreference.setSettingsParam(LocalSharedPreference.RAW_KEY_HANDLER, Base64.encodeBase64String(cipher.doFinal(Base64.encodeBase64String(bArr).getBytes())));
            LocalSharedPreference.setSettingsParam(LocalSharedPreference.TEMP_KEY_HANDLER, Base64.encodeBase64String(this.mKeyHandle));
        } catch (Exception e) {
            e.printStackTrace();
        }
        return bArr;
    }
}
