package com.isprint.fido.uaf.core;

import com.dynatrace.android.agent.Global;
import com.isprint.fido.uaf.core.msg.RegistrationResponse;
import com.isprint.fido.uaf.core.tlv.AlgAndEncodingEnum;
import com.isprint.fido.uaf.core.tlv.Tags;
import com.isprint.fido.uaf.core.tlv.TagsEnum;
import com.isprint.fido.uaf.core.tlv.TlvAssertionParser;
import com.isprint.fido.uaf.rpclient.bo.OpObject;
import com.isprint.fido.uaf.rpclient.ui.LocalSharedPreference;
import com.isprint.fido.uaf.safetrust.crypto.KeyCodec;
import com.isprint.fido.uaf.safetrust.crypto.RSA;
import com.isprint.fido.uaf.safetrust.crypto.SHA;
import com.isprint.fido.uaf.utils.codec.binary.Base64;
import com.isprint.fido.uaf.utils.codec.binary.Hex;
import com.isprint.fido.uaf.utils.keystore.KeyUtil;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.logging.Logger;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1Integer;
import org.spongycastle.asn1.DERInteger;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.asn1.DLSequence;
import org.spongycastle.asn1.sec.SECNamedCurves;
import org.spongycastle.asn1.x9.X9ECParameters;
import org.spongycastle.crypto.params.ECDomainParameters;
import org.spongycastle.crypto.params.ECPublicKeyParameters;
import org.spongycastle.crypto.signers.ECDSASigner;
import org.spongycastle.jce.interfaces.ECPublicKey;
import org.spongycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes2.dex */
public class RegAssertionBuilder {
    public static final String AAID = "0052#0002";
    public static int METHOD = 1;
    public static final int PASS = 0;
    public static final int SECP = 1;
    private String keyId;
    private OpObject opObj;
    private byte[] publicKeyID;
    private Logger logger = Logger.getLogger(RegAssertionBuilder.class.getName());
    private TlvAssertionParser parser = new TlvAssertionParser();
    private KeyPair keyPair2 = null;

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    public RegAssertionBuilder(String str, OpObject opObject) {
        this.keyId = null;
        this.opObj = null;
        this.opObj = opObject;
        this.keyId = str;
    }

    public static byte[] asUnsignedByteArray(BigInteger bigInteger) {
        byte[] byteArray = bigInteger.toByteArray();
        if (byteArray[0] != 0) {
            return byteArray;
        }
        int length = byteArray.length - 1;
        byte[] bArr = new byte[length];
        System.arraycopy(byteArray, 1, bArr, 0, length);
        return bArr;
    }

    public static BigInteger[] decodeToBigIntegerArray(byte[] bArr) throws IOException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr);
        DLSequence dLSequence = (DLSequence) aSN1InputStream.readObject();
        ASN1Integer aSN1Integer = (ASN1Integer) dLSequence.getObjectAt(0);
        ASN1Integer aSN1Integer2 = (ASN1Integer) dLSequence.getObjectAt(1);
        aSN1InputStream.close();
        return new BigInteger[]{aSN1Integer.getPositiveValue(), aSN1Integer2.getPositiveValue()};
    }

    private byte[] encodeInt(int i) {
        return new byte[]{(byte) (i & 255), (byte) ((i & 65280) >> 8)};
    }

    private byte[] getAAID() throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write("0052#0002".getBytes());
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] getAttestationBasicSurrogate(byte[] bArr) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_SIGNATURE.f37id));
        byte[] signature = getSignature(bArr, AlgAndEncodingEnum.UAF_ALG_KEY_ECC_X962_RAW.f35id);
        byteArrayOutputStream.write(encodeInt(signature.length));
        byteArrayOutputStream.write(signature);
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] getCounters() throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(encodeInt(0));
        byteArrayOutputStream.write(encodeInt(1));
        byteArrayOutputStream.write(encodeInt(0));
        byteArrayOutputStream.write(encodeInt(1));
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] getFC(RegistrationResponse registrationResponse) throws NoSuchAlgorithmException {
        return SHA.sha(registrationResponse.fcParams.getBytes(), McElieceCCA2KeyGenParameterSpec.SHA256);
    }

    private byte[] getKeyId() throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(this.keyId.getBytes());
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] getPubKeyId() throws InvalidKeySpecException, NoSuchAlgorithmException, NoSuchProviderException, IOException, KeyStoreException, CertificateException, InvalidAlgorithmParameterException {
        int i = METHOD;
        if (i != 0) {
            if (i == 1) {
                return KeyCodec.getKeyAsRawBytes((ECPublicKey) KeyCodec.getPubKey(getKeyStorePublicKey()));
            }
            return null;
        }
        byte[] keyStorePublicKey = getKeyStorePublicKey();
        this.logger.info("PublicKey=" + Base64.encodeBase64URLSafeString(keyStorePublicKey));
        return keyStorePublicKey;
    }

    public static byte[] getRS(BigInteger[] bigIntegerArr) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(64);
        try {
            byteArrayOutputStream.write(asUnsignedByteArray(bigIntegerArr[0]));
            byteArrayOutputStream.write(asUnsignedByteArray(bigIntegerArr[1]));
        } catch (IOException e) {
            e.printStackTrace();
        }
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] getRegAssertion(RegistrationResponse registrationResponse) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_UAFV1_KRD.f37id));
        byte[] signedData = getSignedData(registrationResponse);
        byteArrayOutputStream.write(encodeInt(signedData.length));
        byteArrayOutputStream.write(signedData);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_ATTESTATION_BASIC_SURROGATE.f37id));
        byte[] attestationBasicSurrogate = getAttestationBasicSurrogate(byteArray);
        byteArrayOutputStream.write(encodeInt(attestationBasicSurrogate.length));
        byteArrayOutputStream.write(attestationBasicSurrogate);
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] getSignature(byte[] bArr, int i) throws Exception {
        if (METHOD != 0) {
            this.logger.info(" : dataForSigning : " + Base64.encodeBase64URLSafeString(bArr));
            byte[] mSignAndFromatToRS = new KeyUtil(this.opObj).mSignAndFromatToRS(SHA.sha(bArr, McElieceCCA2KeyGenParameterSpec.SHA256));
            System.out.println("PublicKey:" + Arrays.toString(getKeyStorePublicKey()));
            System.out.println("data:" + Arrays.toString(bArr));
            System.out.println("SHA:" + Arrays.toString(SHA.sha(bArr, McElieceCCA2KeyGenParameterSpec.SHA256)));
            return mSignAndFromatToRS;
        }
        PublicKey publicKey = this.opObj.getKeyPair().getPublic();
        PrivateKey privateKey = this.opObj.getKeyPair().getPrivate();
        byte[] signRAWPSS = RSA.signRAWPSS(privateKey, SHA.sha(bArr, McElieceCCA2KeyGenParameterSpec.SHA256));
        PublicKey publicKey2 = this.opObj.getKeyPair().getPublic();
        RSAPublicKey rSAPublicKey = (RSAPublicKey) this.opObj.getKeyPair().getPublic();
        byte[] byteArray = rSAPublicKey.getModulus().toByteArray();
        byte[] byteArray2 = rSAPublicKey.getPublicExponent().toByteArray();
        byte[] bArr2 = new byte[259];
        System.arraycopy(byteArray, 1, bArr2, 0, 256);
        System.arraycopy(byteArray2, 0, bArr2, 256, byteArray2.length);
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("String dataForSigning_Hex=\"" + Hex.encodeHexString(bArr) + "\";\n");
        stringBuffer.append("String signedData=\"" + Base64.encodeBase64URLSafeString(bArr) + "\";\n");
        stringBuffer.append("String publicKey=\"" + Base64.encodeBase64URLSafeString(publicKey.getEncoded()) + "\";\n");
        stringBuffer.append("String publicKey1=\"" + Base64.encodeBase64URLSafeString(bArr2) + "\";\n");
        stringBuffer.append("String priv=\"" + Base64.encodeBase64URLSafeString(privateKey.getEncoded()) + "\";\n");
        stringBuffer.append("String sig=\"" + Base64.encodeBase64URLSafeString(signRAWPSS) + "\";\n");
        stringBuffer.append("String sig_hex=\"" + Hex.encodeHexString(signRAWPSS) + "\";\n");
        stringBuffer.append("String sha=\"" + Base64.encodeBase64URLSafeString(SHA.sha(bArr, McElieceCCA2KeyGenParameterSpec.SHA256)) + "\";");
        System.out.println(stringBuffer.toString());
        if (RSA.verifyRAWPSS(publicKey2, SHA.sha(bArr, McElieceCCA2KeyGenParameterSpec.SHA256), signRAWPSS)) {
            return signRAWPSS;
        }
        throw new RuntimeException("Signatire match fail");
    }

    private byte[] getSignedData(RegistrationResponse registrationResponse) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException, NoSuchProviderException, KeyStoreException, CertificateException, InvalidAlgorithmParameterException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_AAID.f37id));
        byte[] aaid = getAAID();
        byteArrayOutputStream.write(encodeInt(aaid.length));
        byteArrayOutputStream.write(aaid);
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_ASSERTION_INFO.f37id));
        byteArrayOutputStream.write(encodeInt(7));
        byteArrayOutputStream.write(new byte[]{1, 0, 1, 1, 0, 0, 1});
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_FINAL_CHALLENGE.f37id));
        byte[] fc = getFC(registrationResponse);
        byteArrayOutputStream.write(encodeInt(fc.length));
        byteArrayOutputStream.write(fc);
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_KEYID.f37id));
        byte[] keyId = getKeyId();
        byteArrayOutputStream.write(encodeInt(keyId.length));
        byteArrayOutputStream.write(keyId);
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_COUNTERS.f37id));
        byte[] counters = getCounters();
        byteArrayOutputStream.write(encodeInt(counters.length));
        byteArrayOutputStream.write(counters);
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_PUB_KEY.f37id));
        byte[] pubKeyId = getPubKeyId();
        byteArrayOutputStream.write(encodeInt(pubKeyId.length));
        byteArrayOutputStream.write(pubKeyId);
        return byteArrayOutputStream.toByteArray();
    }

    public static BigInteger[] transformRawSignature(byte[] bArr) throws IOException {
        return new BigInteger[]{new BigInteger(1, Arrays.copyOfRange(bArr, 0, 32)), new BigInteger(1, Arrays.copyOfRange(bArr, 32, 64))};
    }

    public static boolean verify(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        ECDSASigner eCDSASigner = new ECDSASigner();
        X9ECParameters byName = SECNamedCurves.getByName("secp256r1");
        ECDomainParameters eCDomainParameters = new ECDomainParameters(byName.getCurve(), byName.getG(), byName.getN(), byName.getH());
        eCDSASigner.init(false, new ECPublicKeyParameters(eCDomainParameters.getCurve().decodePoint(bArr), eCDomainParameters));
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr3);
            DERSequence dERSequence = (DERSequence) aSN1InputStream.readObject();
            DERInteger dERInteger = (DERInteger) dERSequence.getObjectAt(0);
            DERInteger dERInteger2 = (DERInteger) dERSequence.getObjectAt(1);
            aSN1InputStream.close();
            return eCDSASigner.verifySignature(bArr2, dERInteger.getValue(), dERInteger2.getValue());
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public static boolean verify(byte[] bArr, byte[] bArr2, BigInteger[] bigIntegerArr) throws Exception {
        ECDSASigner eCDSASigner = new ECDSASigner();
        X9ECParameters byName = SECNamedCurves.getByName("secp256r1");
        ECDomainParameters eCDomainParameters = new ECDomainParameters(byName.getCurve(), byName.getG(), byName.getN(), byName.getH());
        eCDSASigner.init(false, new ECPublicKeyParameters(eCDomainParameters.getCurve().decodePoint(bArr), eCDomainParameters));
        return eCDSASigner.verifySignature(bArr2, bigIntegerArr[0].abs(), bigIntegerArr[1].abs());
    }

    public String getAssertions(RegistrationResponse registrationResponse) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_UAFV1_REG_ASSERTION.f37id));
        byte[] regAssertion = getRegAssertion(registrationResponse);
        byteArrayOutputStream.write(encodeInt(regAssertion.length));
        byteArrayOutputStream.write(regAssertion);
        String encodeBase64URLSafeString = Base64.encodeBase64URLSafeString(byteArrayOutputStream.toByteArray());
        this.logger.info(" : assertion : " + encodeBase64URLSafeString);
        Tags parse = this.parser.parse(encodeBase64URLSafeString);
        String str = new String(parse.getTags().get(Integer.valueOf(TagsEnum.TAG_AAID.f37id)).value);
        String str2 = new String(parse.getTags().get(Integer.valueOf(TagsEnum.TAG_KEYID.f37id)).value);
        byte[] bArr = parse.getTags().get(Integer.valueOf(TagsEnum.TAG_PUB_KEY.f37id)).value;
        byte[] bArr2 = parse.getTags().get(Integer.valueOf(TagsEnum.TAG_SIGNATURE.f37id)).value;
        byte[] bArr3 = parse.getTags().get(Integer.valueOf(TagsEnum.TAG_ASSERTION_INFO.f37id)).value;
        LocalSharedPreference.setSettingsParam(LocalSharedPreference.AAID, str);
        LocalSharedPreference.setSettingsParam("keyID", str2);
        this.logger.info(" : AAID : " + str);
        this.logger.info(" : KeyID : " + str2);
        printByte(bArr3, ": TAG_ASSERTION_INFO : ");
        printByte(bArr, ": TAG_PUB_KEY : ");
        printByte(bArr2, ": TAG_SIGNATURE : ");
        return encodeBase64URLSafeString;
    }

    public byte[] getKeyStorePublicKey() throws KeyStoreException {
        String data = this.opObj.getmLocalSharedPreference().getData(LocalSharedPreference.PUBLIC_KEY);
        if (data == null || "".equals(data)) {
            data = Base64.encodeBase64URLSafeString(this.opObj.getKeyPair().getPublic().getEncoded());
            this.opObj.getmLocalSharedPreference().storeData(LocalSharedPreference.PUBLIC_KEY, data);
        }
        return Base64.decodeBase64(data);
    }

    public void printByte(byte[] bArr, String str) {
        Byte[] bArr2 = new Byte[bArr.length];
        for (int i = 0; i < bArr.length; i++) {
            bArr2[i] = Byte.valueOf(bArr[i]);
        }
        this.logger.info(str + Global.BLANK + Arrays.deepToString(bArr2));
    }
}
