package com.noknok.android.client.asm.authenticator;

import android.annotation.TargetApi;
import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Base64;
import com.google.android.gms.stats.CodePackage;
import com.noknok.android.client.asm.api.uaf.json.UAFPublicKeyFormat;
import com.noknok.android.client.utils.Charsets;
import com.noknok.android.client.utils.Logger;
import com.noknok.android.client.utils.TypeConverter;
import com.tmobile.commonssdk.utils.RSAEncryption;
import com.tmobile.datarepository.encryption.CipherProvider;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import org.json.JSONArray;

/* loaded from: classes3.dex */
public class KSUtils {
    public static final int GCM_NONCE_LENGTH = 12;
    public static final int GCM_TAG_LENGTH = 16;
    public static final byte PLAIN_BUFFER = -127;
    public static final byte WRAPPED_BUFFER = Byte.MIN_VALUE;

    /* renamed from: a, reason: collision with root package name */
    private static SecretKey f53319a;

    /* renamed from: com.noknok.android.client.asm.authenticator.KSUtils$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    static /* synthetic */ class AnonymousClass1 {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f53320a;

        static {
            int[] iArr = new int[Alg.values().length];
            f53320a = iArr;
            try {
                iArr[0] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                int[] iArr2 = f53320a;
                Alg alg = Alg.EC;
                iArr2[1] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* loaded from: classes3.dex */
    public enum AkMode {
        KS,
        FP,
        KG
    }

    /* JADX WARN: Enum visitor error
    jadx.core.utils.exceptions.JadxRuntimeException: Init of enum field 'EC' uses external variables
    	at jadx.core.dex.visitors.EnumVisitor.createEnumFieldByConstructor(EnumVisitor.java:451)
    	at jadx.core.dex.visitors.EnumVisitor.processEnumFieldByRegister(EnumVisitor.java:395)
    	at jadx.core.dex.visitors.EnumVisitor.extractEnumFieldsFromFilledArray(EnumVisitor.java:324)
    	at jadx.core.dex.visitors.EnumVisitor.extractEnumFieldsFromInsn(EnumVisitor.java:262)
    	at jadx.core.dex.visitors.EnumVisitor.convertToEnum(EnumVisitor.java:151)
    	at jadx.core.dex.visitors.EnumVisitor.visit(EnumVisitor.java:100)
     */
    /* JADX WARN: Failed to restore enum class, 'enum' modifier and super class removed */
    /* loaded from: classes3.dex */
    public static final class Alg {
        public static final Alg EC;
        public static final Alg RSA;

        /* renamed from: b, reason: collision with root package name */
        private static final /* synthetic */ Alg[] f53322b;

        /* renamed from: a, reason: collision with root package name */
        private final Descriptor f53323a;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: classes3.dex */
        public static class Descriptor {

            /* renamed from: a, reason: collision with root package name */
            String f53324a;

            /* renamed from: b, reason: collision with root package name */
            String f53325b;

            /* renamed from: c, reason: collision with root package name */
            short f53326c;

            /* renamed from: d, reason: collision with root package name */
            short f53327d;

            /* renamed from: e, reason: collision with root package name */
            byte f53328e;

            private Descriptor() {
            }

            /* synthetic */ Descriptor(AnonymousClass1 anonymousClass1) {
                this();
            }
        }

        static {
            AnonymousClass1 anonymousClass1 = null;
            Descriptor descriptor = new Descriptor(anonymousClass1);
            descriptor.f53324a = "EC";
            descriptor.f53325b = "SHA256withECDSA";
            descriptor.f53326c = (short) 32;
            descriptor.f53327d = (short) 64;
            descriptor.f53328e = (byte) 1;
            Alg alg = new Alg("EC", 0, descriptor);
            EC = alg;
            Descriptor descriptor2 = new Descriptor(anonymousClass1);
            descriptor2.f53324a = RSAEncryption.ENCRYPT_METHOD;
            descriptor2.f53325b = "SHA256withRSA";
            descriptor2.f53326c = UAFPublicKeyFormat.UAF_ALG_KEY_ECC_X962_RAW;
            descriptor2.f53327d = UAFPublicKeyFormat.UAF_ALG_KEY_ECC_X962_RAW;
            descriptor2.f53328e = (byte) 2;
            Alg alg2 = new Alg(RSAEncryption.ENCRYPT_METHOD, 1, descriptor2);
            RSA = alg2;
            f53322b = new Alg[]{alg, alg2};
        }

        private Alg(String str, int i4, Descriptor descriptor) {
            this.f53323a = descriptor;
        }

        public static Alg valueOf(String str) {
            return (Alg) Enum.valueOf(Alg.class, str);
        }

        public static Alg[] values() {
            return (Alg[]) f53322b.clone();
        }

        short a() {
            return this.f53323a.f53326c;
        }

        String b() {
            return this.f53323a.f53325b;
        }

        public byte getCalId() {
            return this.f53323a.f53328e;
        }

        public String getKeyAlg() {
            return this.f53323a.f53324a;
        }

        public short getSignatureSize() {
            return this.f53323a.f53327d;
        }
    }

    /* loaded from: classes3.dex */
    public enum Storage {
        Software,
        Hardware,
        SecureElement
    }

    @TargetApi(23)
    private static SecretKey a() {
        SecretKey generateKey;
        Logger.i("KSUtils", "getCryptoKey");
        SecretKey secretKey = f53319a;
        if (secretKey != null) {
            return secretKey;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(CipherProvider.ANDROID_KEY_STORE);
            keyStore.load(null);
            KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore.getEntry("CalKsCryptoKey", null);
            if (secretKeyEntry != null) {
                generateKey = secretKeyEntry.getSecretKey();
            } else {
                KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder("CalKsCryptoKey", 3);
                builder.setBlockModes(CodePackage.GCM);
                builder.setEncryptionPaddings("NoPadding");
                builder.setKeySize(256);
                KeyGenerator keyGenerator = KeyGenerator.getInstance(CipherProvider.ALGORITHM, CipherProvider.ANDROID_KEY_STORE);
                keyGenerator.init(builder.build());
                generateKey = keyGenerator.generateKey();
            }
            f53319a = generateKey;
            return f53319a;
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableEntryException | CertificateException e4) {
            Logger.e("KSUtils", "Failed to get the crypto key", e4);
            return null;
        }
    }

    private static byte[] a(byte[] bArr) {
        Alg alg = Alg.EC;
        int a4 = alg.a();
        byte[] bArr2 = new byte[a4];
        Arrays.fill(bArr2, (byte) 0);
        if (bArr.length > alg.a()) {
            System.arraycopy(bArr, 1, bArr2, 0, a4);
        } else {
            System.arraycopy(bArr, 0, bArr2, a4 - bArr.length, bArr.length);
        }
        return bArr2;
    }

    public static byte[] exportPublicKey(byte[] bArr) {
        String str;
        if (bArr == null) {
            Logger.e("KSUtils", "KSCallback: Invalid parameters, keyHandle is null");
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(CipherProvider.ANDROID_KEY_STORE);
            keyStore.load(null);
            PublicKey publicKey = keyStore.getCertificate(new String(bArr, Charsets.utf8Charset)).getPublicKey();
            String algorithm = publicKey.getAlgorithm();
            Logger.i("KSUtils", "Exporting public key for " + algorithm);
            algorithm.hashCode();
            if (algorithm.equals(RSAEncryption.ENCRYPT_METHOD)) {
                RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
                byte[] byteArray = rSAPublicKey.getModulus().toByteArray();
                byte[] byteArray2 = rSAPublicKey.getPublicExponent().toByteArray();
                short a4 = Alg.RSA.a();
                ByteBuffer allocate = ByteBuffer.allocate(byteArray2.length + a4);
                allocate.order(ByteOrder.LITTLE_ENDIAN);
                allocate.put(byteArray, byteArray.length - a4, a4);
                allocate.put(byteArray2);
                return allocate.array();
            }
            if (!algorithm.equals("EC")) {
                Logger.e("KSUtils", "Unsupported key algorithm: " + algorithm);
                return null;
            }
            ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
            byte[] byteArray3 = eCPublicKey.getW().getAffineX().toByteArray();
            byte[] byteArray4 = eCPublicKey.getW().getAffineY().toByteArray();
            Alg alg = Alg.EC;
            ByteBuffer allocate2 = ByteBuffer.allocate((alg.a() * 2) + 1);
            allocate2.order(ByteOrder.LITTLE_ENDIAN);
            allocate2.put((byte) 4);
            if (byteArray3.length > alg.a() + 1) {
                str = "Export EC public key failed: Incorrect length of x";
            } else {
                allocate2.put(a(byteArray3));
                if (byteArray4.length <= alg.a() + 1) {
                    allocate2.put(a(byteArray4));
                    return allocate2.array();
                }
                str = "Export EC public key failed: Incorrect length of y";
            }
            Logger.e("KSUtils", str);
            return null;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e4) {
            Logger.e("KSUtils", "Exporting the public key failed", e4);
            return null;
        }
    }

    @TargetApi(28)
    public static String generateKeyStoreKeyPair(Context context, KsLabel ksLabel, AkMode akMode, byte[] bArr) {
        return generateKeyStoreKeyPair(context, ksLabel, akMode, bArr, 0);
    }

    /* JADX WARN: Removed duplicated region for block: B:19:0x00f7 A[Catch: IllegalStateException -> 0x015b, NoSuchProviderException -> 0x015d, NoSuchAlgorithmException -> 0x015f, InvalidAlgorithmParameterException -> 0x0167, TryCatch #2 {IllegalStateException -> 0x015b, InvalidAlgorithmParameterException -> 0x0167, NoSuchAlgorithmException -> 0x015f, NoSuchProviderException -> 0x015d, blocks: (B:5:0x0065, B:7:0x007a, B:11:0x00de, B:13:0x00e2, B:19:0x00f7, B:20:0x00fb, B:21:0x00fe, B:23:0x0102, B:25:0x0112, B:26:0x0116, B:27:0x0119, B:31:0x012d, B:33:0x0142, B:35:0x0148, B:36:0x014b, B:40:0x0135, B:43:0x013f, B:45:0x00e6, B:46:0x00b8, B:47:0x00d2, B:48:0x00d6), top: B:4:0x0065 }] */
    /* JADX WARN: Removed duplicated region for block: B:20:0x00fb A[Catch: IllegalStateException -> 0x015b, NoSuchProviderException -> 0x015d, NoSuchAlgorithmException -> 0x015f, InvalidAlgorithmParameterException -> 0x0167, TryCatch #2 {IllegalStateException -> 0x015b, InvalidAlgorithmParameterException -> 0x0167, NoSuchAlgorithmException -> 0x015f, NoSuchProviderException -> 0x015d, blocks: (B:5:0x0065, B:7:0x007a, B:11:0x00de, B:13:0x00e2, B:19:0x00f7, B:20:0x00fb, B:21:0x00fe, B:23:0x0102, B:25:0x0112, B:26:0x0116, B:27:0x0119, B:31:0x012d, B:33:0x0142, B:35:0x0148, B:36:0x014b, B:40:0x0135, B:43:0x013f, B:45:0x00e6, B:46:0x00b8, B:47:0x00d2, B:48:0x00d6), top: B:4:0x0065 }] */
    /* JADX WARN: Removed duplicated region for block: B:23:0x0102 A[Catch: IllegalStateException -> 0x015b, NoSuchProviderException -> 0x015d, NoSuchAlgorithmException -> 0x015f, InvalidAlgorithmParameterException -> 0x0167, TryCatch #2 {IllegalStateException -> 0x015b, InvalidAlgorithmParameterException -> 0x0167, NoSuchAlgorithmException -> 0x015f, NoSuchProviderException -> 0x015d, blocks: (B:5:0x0065, B:7:0x007a, B:11:0x00de, B:13:0x00e2, B:19:0x00f7, B:20:0x00fb, B:21:0x00fe, B:23:0x0102, B:25:0x0112, B:26:0x0116, B:27:0x0119, B:31:0x012d, B:33:0x0142, B:35:0x0148, B:36:0x014b, B:40:0x0135, B:43:0x013f, B:45:0x00e6, B:46:0x00b8, B:47:0x00d2, B:48:0x00d6), top: B:4:0x0065 }] */
    /* JADX WARN: Removed duplicated region for block: B:35:0x0148 A[Catch: IllegalStateException -> 0x015b, NoSuchProviderException -> 0x015d, NoSuchAlgorithmException -> 0x015f, InvalidAlgorithmParameterException -> 0x0167, TryCatch #2 {IllegalStateException -> 0x015b, InvalidAlgorithmParameterException -> 0x0167, NoSuchAlgorithmException -> 0x015f, NoSuchProviderException -> 0x015d, blocks: (B:5:0x0065, B:7:0x007a, B:11:0x00de, B:13:0x00e2, B:19:0x00f7, B:20:0x00fb, B:21:0x00fe, B:23:0x0102, B:25:0x0112, B:26:0x0116, B:27:0x0119, B:31:0x012d, B:33:0x0142, B:35:0x0148, B:36:0x014b, B:40:0x0135, B:43:0x013f, B:45:0x00e6, B:46:0x00b8, B:47:0x00d2, B:48:0x00d6), top: B:4:0x0065 }] */
    /* JADX WARN: Removed duplicated region for block: B:42:0x013d  */
    /* JADX WARN: Removed duplicated region for block: B:44:0x013e  */
    @android.annotation.TargetApi(28)
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.lang.String generateKeyStoreKeyPair(android.content.Context r14, com.noknok.android.client.asm.authenticator.KsLabel r15, com.noknok.android.client.asm.authenticator.KSUtils.AkMode r16, byte[] r17, int r18) {
        /*
            Method dump skipped, instructions count: 373
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.noknok.android.client.asm.authenticator.KSUtils.generateKeyStoreKeyPair(android.content.Context, com.noknok.android.client.asm.authenticator.KsLabel, com.noknok.android.client.asm.authenticator.KSUtils$AkMode, byte[], int):java.lang.String");
    }

    public static String getAttestationChain(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(CipherProvider.ANDROID_KEY_STORE);
            keyStore.load(null);
            Certificate[] certificateChain = keyStore.getCertificateChain(str);
            String[] strArr = new String[certificateChain.length];
            int i4 = 0;
            for (Certificate certificate : certificateChain) {
                strArr[i4] = new String(Base64.encode(certificate.getEncoded(), 2));
                i4++;
            }
            return new JSONArray(strArr).toString();
        } catch (Exception e4) {
            Logger.e("KSUtils", "Could not export X509 certificate chain for attestation", e4);
            return "a";
        }
    }

    public static Signature initSignature(KsLabel ksLabel, String str) throws InvalidKeyException, UnrecoverableEntryException {
        try {
            KeyStore keyStore = KeyStore.getInstance(CipherProvider.ANDROID_KEY_STORE);
            keyStore.load(null);
            Signature signature = Signature.getInstance(ksLabel.getAlg().b());
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, null);
            if (privateKey == null) {
                throw new UnrecoverableEntryException();
            }
            signature.initSign(privateKey);
            return signature;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e4) {
            Logger.e("KSUtils", "Init Signature failed", e4);
            throw new IllegalArgumentException(e4);
        }
    }

    public static void removeKey(String str) {
        Logger.i("KSUtils", "removeKey");
        try {
            KeyStore keyStore = KeyStore.getInstance(CipherProvider.ANDROID_KEY_STORE);
            keyStore.load(null);
            keyStore.deleteEntry(str);
            Logger.i("KSUtils", "Key successfully removed from the KeyStore");
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e4) {
            Logger.e("KSUtils", "Failed to remove the key from the KeyStore", e4);
        }
    }

    public static byte[] signData(Signature signature, KsLabel ksLabel, byte[] bArr) throws InvalidKeyException {
        String str;
        Logger.i("KSUtils", "signData with " + ksLabel.getAlg().b());
        if (signature == null) {
            Logger.e("KSUtils", "Signature object is missing");
            return null;
        }
        try {
            signature.update(bArr);
            byte[] sign2 = signature.sign();
            Alg alg = ksLabel.getAlg();
            Alg alg2 = Alg.EC;
            if (alg == alg2 && !ksLabel.equals(KsLabel.NNL_KS_FIDO2)) {
                byte b4 = sign2[3];
                if (b4 > alg2.a() + 1) {
                    str = "Invalid ECDSA signature: incorrect length of r";
                } else {
                    int i4 = b4 + 4;
                    byte[] a4 = a(Arrays.copyOfRange(sign2, 4, i4));
                    byte b5 = sign2[i4 + 1];
                    if (b4 > alg2.a() + 1) {
                        str = "Invalid ECDSA signature: incorrect length of s";
                    } else {
                        int i5 = i4 + 2;
                        byte[] a5 = a(Arrays.copyOfRange(sign2, i5, b5 + i5));
                        byte[] bArr2 = new byte[a4.length + a5.length];
                        System.arraycopy(a4, 0, bArr2, 0, a4.length);
                        System.arraycopy(a5, 0, bArr2, a4.length, a5.length);
                        sign2 = bArr2;
                    }
                }
                Logger.e("KSUtils", str);
                sign2 = null;
            }
            StringBuilder sb = new StringBuilder();
            sb.append("Data Signing completed: ");
            sb.append(sign2 != null ? TypeConverter.byteArrayToHexString(sign2) : null);
            Logger.i("KSUtils", sb.toString());
            return sign2;
        } catch (SignatureException e4) {
            if (e4.getMessage().startsWith("android.security.KeyStoreException: Key user not authenticated")) {
                throw new KeyPermanentlyInvalidatedException(e4.getMessage());
            }
            Logger.e("KSUtils", "Problem during signing", e4);
            return null;
        }
    }

    @TargetApi(23)
    public static byte[] unwrapObject(byte[] bArr) {
        Logger.startTimer("KSUtils", "unwrapObject");
        try {
            try {
                Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                SecretKey a4 = a();
                byte[] copyOfRange = Arrays.copyOfRange(bArr, 1, 13);
                byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 13, bArr.length);
                cipher.init(2, a4, new GCMParameterSpec(128, copyOfRange));
                return cipher.doFinal(copyOfRange2);
            } finally {
                Logger.endTimer("KSUtils", "unwrapObject");
            }
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e4) {
            Logger.e("KSUtils", "unwrapObject failed", e4);
            Logger.endTimer("KSUtils", "unwrapObject");
            return null;
        }
    }

    @TargetApi(23)
    public static byte[] wrapObject(byte[] bArr) {
        Logger.startTimer("KSUtils", "wrapObject");
        try {
            try {
                Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                cipher.init(1, a());
                byte[] iv = cipher.getIV();
                if (iv == null) {
                    Logger.e("KSUtils", "Failed to get IV for encrypt operation");
                    return null;
                }
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                byteArrayOutputStream.write(-128);
                byteArrayOutputStream.write(iv);
                byteArrayOutputStream.write(cipher.doFinal(bArr));
                return byteArrayOutputStream.toByteArray();
            } finally {
                Logger.endTimer("KSUtils", "wrapObject");
            }
        } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e4) {
            Logger.e("KSUtils", "wrapObject failed", e4);
            return null;
        }
    }
}
