package com.noknok.android.client.asm.core.uaf;

import android.app.Activity;
import android.content.Context;
import android.content.Intent;
import android.content.pm.Signature;
import android.graphics.Bitmap;
import android.graphics.BitmapFactory;
import android.support.annotation.NonNull;
import android.util.Base64;
import com.fido.android.framework.tm.core.prov.CryptoModule;
import com.google.gson.Gson;
import com.google.gson.JsonObject;
import com.noknok.android.asmsdk_uaf.R;
import com.noknok.android.client.asm.api.AsmException;
import com.noknok.android.client.asm.api.uaf.json.ASMResponse;
import com.noknok.android.client.asm.api.uaf.json.AuthenticateIn;
import com.noknok.android.client.asm.api.uaf.json.AuthenticatorInfo;
import com.noknok.android.client.asm.api.uaf.json.DeregisterIn;
import com.noknok.android.client.asm.api.uaf.json.DisplayPNGCharacteristicsDescriptor;
import com.noknok.android.client.asm.api.uaf.json.Extension;
import com.noknok.android.client.asm.api.uaf.json.GetRegistrationsOut;
import com.noknok.android.client.asm.api.uaf.json.RegisterIn;
import com.noknok.android.client.asm.api.uaf.json.RegisterOut;
import com.noknok.android.client.asm.core.GetInfoParams;
import com.noknok.android.client.asm.core.MatcherParamsHelper;
import com.noknok.android.client.asm.core.TransactionActivity;
import com.noknok.android.client.asm.core.shared.DescriptorLoader;
import com.noknok.android.client.asm.extensions.KeyAttestation;
import com.noknok.android.client.asm.sdk.IAKSelector;
import com.noknok.android.client.asm.sdk.IAuthenticatorDescriptor;
import com.noknok.android.client.asm.sdk.IMatcher;
import com.noknok.android.client.asm.sdk.ProtocolType;
import com.noknok.android.client.asm.sdk.UVTMatcherInParams;
import com.noknok.android.client.asm.sdk.UVTMatcherOutParams;
import com.noknok.android.client.utils.ActivityStarter;
import com.noknok.android.client.utils.Charsets;
import com.noknok.android.client.utils.JsonObjectAdapter;
import com.noknok.android.client.utils.Logger;
import com.noknok.android.client.utils.Outcome;
import com.noknok.android.client.utils.TypeConverter;
import com.noknok.android.uaf.UVTHelper;
import com.noknok.android.uaf.asmcore.AKProcessor;
import com.noknok.android.uaf.asmcore.AuthenticatorDatabase;
import com.noknok.android.uaf.asmcore.AuthenticatorDatabaseFactory;
import com.noknok.android.uaf.asmcore.SelectFromDialogActivity;
import com.noknok.android.uaf.extensions.ExtensionManager;
import com.noknok.android.uaf.extensions.IExtensionProcessor;
import java.io.ByteArrayOutputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;

/* loaded from: classes2.dex */
public class AuthenticatorCore {
    protected static final int ASMTOKEN_SIZE = 32;
    protected static final String ASM_TOKEN = "ASMToken";
    protected static final int BASE64_ENCODING = 11;
    private static final String a = AuthenticatorCore.class.getSimpleName();
    private AntiHammering b;
    private IMatcher c;
    private Map<Class<? extends IMatcher.MatcherInParams>, MatcherParamsHelper.AuthenticatorMatcherType> d;
    private Gson e;
    private ExtensionManager f;
    protected byte[] mASMToken;
    protected AKProcessor mAkProcessor;
    protected IAuthenticatorDescriptor mAuthDx;
    protected AuthenticatorDatabase mAuthenticatorDb;
    protected byte[] mCallerID;
    protected Context mContext;
    protected CryptoModule mCryptoModule;
    protected AKProcessor.AkAuthnrInfo mInfo;
    protected byte[] mPersonaID;
    protected IAuthenticatorDescriptor.IUAFDescriptor mUafAuthDx;
    protected a tTCDisplayResponse;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.noknok.android.client.asm.core.uaf.AuthenticatorCore$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] b = new int[Outcome.values().length];

        static {
            try {
                b[Outcome.CANCELED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                b[Outcome.USER_LOCKOUT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            a = new int[IMatcher.EnrollState.values().length];
            try {
                a[IMatcher.EnrollState.ENROLLED.ordinal()] = 1;
            } catch (NoSuchFieldError e3) {
            }
            try {
                a[IMatcher.EnrollState.NOT_ENROLLED.ordinal()] = 2;
            } catch (NoSuchFieldError e4) {
            }
            try {
                a[IMatcher.EnrollState.UNAVAILABLE.ordinal()] = 3;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* loaded from: classes2.dex */
    public static class UserVerifyResponse {
        public byte[] additionalAKArgument;
        public List<IMatcher.Extension> extensions;
        public IMatcher.MatcherInParams matcherInParams = null;
        public MatcherParamsHelper.AuthenticatorMatcherType matcherType;
        public short statusCode;
        public String userID;
        public byte[] userVerifyToken;

        public Outcome getOutcome() {
            return Outcome.fromAsmStatusCode(this.statusCode);
        }

        public void setOutcome(Outcome outcome) {
            this.statusCode = outcome.getUafAsmStatusCode();
        }
    }

    /* loaded from: classes2.dex */
    public static class Username {
        public String keyHandle;
        public long timeStamp;
        public String username;

        public Username(String str, String str2, long j) {
            this.username = str;
            this.keyHandle = str2;
            this.timeStamp = j;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static class a {
        private byte[] a;
        private Outcome b;

        private a() {
        }

        /* synthetic */ a(AnonymousClass1 anonymousClass1) {
            this();
        }

        public Outcome a() {
            return this.b;
        }

        public void a(Outcome outcome) {
            this.b = outcome;
        }
    }

    public AuthenticatorCore() {
        this.mCryptoModule = null;
        this.mInfo = new AKProcessor.AkAuthnrInfo();
        this.mAuthDx = null;
        this.mUafAuthDx = null;
        this.e = JsonObjectAdapter.GsonBuilder().create();
    }

    public AuthenticatorCore(IAuthenticatorDescriptor iAuthenticatorDescriptor) {
        this.mCryptoModule = null;
        this.mInfo = new AKProcessor.AkAuthnrInfo();
        this.mAuthDx = null;
        this.mUafAuthDx = null;
        this.e = JsonObjectAdapter.GsonBuilder().create();
        this.mAuthDx = iAuthenticatorDescriptor;
        this.mUafAuthDx = this.mAuthDx.getUAFDescriptor();
        if (this.mUafAuthDx == null) {
            Logger.e(a, "UAF specific auth descriptor is not provided.");
            throw new AsmException(Outcome.FAILURE);
        }
        this.d = new HashMap();
        this.d.put(UVTMatcherInParams.class, MatcherParamsHelper.AuthenticatorMatcherType.MATCHER_TYPE_UVT);
    }

    private ASMResponse a(String str, String str2, @NonNull List<Extension> list) {
        Outcome error;
        ArrayList arrayList;
        ArrayList arrayList2;
        ASMResponse aSMResponse = new ASMResponse();
        try {
            if (this.mInfo.generalInfo.isRoamingAuthenticator) {
                arrayList = null;
            } else {
                ArrayList arrayList3 = new ArrayList();
                arrayList3.add(str2);
                String encodeToString = Base64.encodeToString(this.mCallerID, 11);
                List<AuthenticatorDatabase.RegistrationRecord> registrations = this.mAuthenticatorDb.getRegistrations(encodeToString, str, arrayList3);
                if (registrations == null || registrations.size() <= 0) {
                    arrayList2 = null;
                } else {
                    ArrayList arrayList4 = new ArrayList();
                    Iterator<AuthenticatorDatabase.RegistrationRecord> it = registrations.iterator();
                    while (it.hasNext()) {
                        arrayList4.add(Base64.decode(it.next().keyHandle, 11));
                    }
                    arrayList2 = arrayList4;
                }
                Logger.e(a, "Delete Registration GetRegistrations for calledID: ." + encodeToString);
                this.mAuthenticatorDb.removeRegistration(encodeToString, str, str2);
                arrayList = arrayList2;
            }
            AKProcessor.AKRequestParams cmd = new AKProcessor.AKRequestParams().setAppID((this.mInfo.additionalInfo.expectAPPID || this.mInfo.generalInfo.isRoamingAuthenticator) ? str.getBytes(Charsets.utf8Charset) : null).setKeyID(Base64.decode(str2, 11)).setKeyHandles(arrayList).setKHAccessToken(this.mAkProcessor.getKHAccessToken(str, this.mCallerID, this.mUafAuthDx.isRoamingAuthenticator(), this.mASMToken, this.mPersonaID)).setAuthenticatorIndex((byte) this.mInfo.generalInfo.authenticatorIndex).setCmd((short) 13316);
            this.f.start(list, null);
            if (list.size() > 0) {
                ArrayList arrayList5 = new ArrayList();
                for (Extension extension : list) {
                    IMatcher.Extension extension2 = new IMatcher.Extension();
                    extension2.fail_if_unknown = extension.fail_if_unknown;
                    extension2.id = extension.id;
                    extension2.data = extension.data.getBytes(Charsets.utf8Charset);
                    Logger.i(a, "Extension " + extension2.id + " will be forwarded to AK");
                    arrayList5.add(extension2);
                }
                if (arrayList5.size() > 0) {
                    cmd.setExtensions(arrayList5);
                }
            }
            error = Outcome.SUCCESS;
            try {
                if (Outcome.ACCESS_DENIED == this.mAkProcessor.processAK(cmd).getOutcome()) {
                    error = Outcome.ACCESS_DENIED;
                    Logger.e(a, "Dereg call to AK failed: access denied.");
                }
            } catch (AsmException e) {
                Outcome outcome = error;
                if (Outcome.AUTHENTICATOR_DISCONNECTED == e.error()) {
                    outcome = Outcome.AUTHENTICATOR_DISCONNECTED;
                }
                Logger.w(a, "Dereg call to AK failed.", e);
                error = outcome;
            }
            if (!this.mAuthenticatorDb.hasRegistrations() && !this.mInfo.generalInfo.isRoamingAuthenticator) {
                this.mAuthenticatorDb.storeAKConfig("");
            }
        } catch (AsmException e2) {
            error = e2.error();
            Logger.w(a, "Failed to delete registration.", e2);
        }
        aSMResponse.setOutcome(error);
        return aSMResponse;
    }

    private Username a(List<Username> list, AuthenticateIn authenticateIn) {
        HashMap hashMap = new HashMap();
        if (this.mInfo.generalInfo.isRoamingAuthenticator) {
            for (Username username : list) {
                hashMap.put(username.username, username);
            }
        } else {
            a(list, this.mAuthenticatorDb.getRegistrations(Base64.encodeToString(this.mCallerID, 11), authenticateIn.appID, authenticateIn.keyIDs), hashMap);
        }
        if (hashMap.size() <= 1) {
            return hashMap.get(list.get(0).username);
        }
        Username displayUsernamePicker = displayUsernamePicker(new ArrayList(hashMap.values()));
        if (displayUsernamePicker != null) {
            return displayUsernamePicker;
        }
        Logger.e(a, "user canceled username selection");
        throw new AsmException(Outcome.CANCELED);
    }

    private IMatcher.Extension a(Extension extension) {
        IMatcher.Extension extension2 = new IMatcher.Extension();
        extension2.fail_if_unknown = extension.fail_if_unknown;
        extension2.id = extension.id;
        extension2.data = extension.data.getBytes(Charsets.utf8Charset);
        return extension2;
    }

    private AKProcessor.AKResponseParams a(IAuthenticatorDescriptor.AAIDInfo aAIDInfo) {
        AKProcessor.AKRequestParams matcherVersion = new AKProcessor.AKRequestParams().setCmd((short) 13320).setAaid(aAIDInfo.aaid.getBytes(Charsets.utf8Charset)).setMatcherVersion(this.mAuthDx.getMatcherVersion());
        int size = aAIDInfo.certificateChain == null ? 0 : aAIDInfo.certificateChain.size();
        matcherVersion.setAttestationCerts(new ArrayList(size));
        for (int i = 0; i < size; i++) {
            matcherVersion.attestationCerts.add(aAIDInfo.certificateChain.get(i));
        }
        return this.mAkProcessor.processAK(matcherVersion);
    }

    private AKProcessor.AKResponseParams a(AKProcessor.AKRequestParams aKRequestParams, ArrayList<String> arrayList, int i) {
        for (int i2 = 0; i2 < i; i2++) {
            aKRequestParams.keyHandles.add(Base64.decode(arrayList.get(0), 11));
            arrayList.remove(0);
        }
        AKProcessor.AKResponseParams processAK = this.mAkProcessor.processAK(aKRequestParams);
        aKRequestParams.keyHandles.clear();
        saveAuthenticatorConfig(processAK.additionalAKInfoToBeStored);
        return processAK;
    }

    private AKProcessor.AKResponseParams a(byte[] bArr, a aVar, AuthenticateIn authenticateIn, UserVerifyResponse userVerifyResponse, byte[] bArr2, List<IMatcher.Extension> list, ArrayList<String> arrayList) {
        Logger.startTimer(a, "AK Sign");
        try {
            AKProcessor.AKRequestParams aKRequestParams = new AKProcessor.AKRequestParams();
            aKRequestParams.setCmd((short) 13315).setAppID((this.mInfo.additionalInfo.expectAPPID || this.mInfo.generalInfo.isRoamingAuthenticator) ? authenticateIn.appID.getBytes(Charsets.utf8Charset) : null).setKHAccessToken(this.mAkProcessor.getKHAccessToken(authenticateIn.appID, this.mCallerID, this.mUafAuthDx.isRoamingAuthenticator(), this.mASMToken, this.mPersonaID)).setTransaction(bArr).setTransactionConfirmationToken(aVar != null ? aVar.a : null).setUserVerifyToken(userVerifyResponse.userVerifyToken).setAdditionalAKArgument(getAuthenticatorConfig()).setAuthenticatorIndex((byte) this.mInfo.generalInfo.authenticatorIndex).setFinalChallenge(bArr2).setMatcherInParams(userVerifyResponse.matcherInParams).setAuthenticatorDescriptor(this.mAuthDx).setExtensions(list).setMatcherType(userVerifyResponse.matcherType).setKeyHandles(new ArrayList());
            ArrayList arrayList2 = new ArrayList();
            while (arrayList.size() > 16) {
                AKProcessor.AKResponseParams a2 = a(aKRequestParams, arrayList, 15);
                if (a2.getOutcome() != Outcome.SUCCESS) {
                    Logger.e(a, "AK failed to sign");
                    throw new AsmException(a2.getOutcome());
                }
                arrayList2.addAll(a2.usernames);
            }
            AKProcessor.AKResponseParams a3 = a(aKRequestParams, arrayList, arrayList.size());
            if (a3.getOutcome() != Outcome.SUCCESS) {
                Logger.e(a, "AK failed to sign");
                throw new AsmException(a3.getOutcome());
            }
            a3.usernames.addAll(arrayList2);
            return a3;
        } finally {
            Logger.endTimer(a, "AK Sign");
        }
    }

    private AuthenticatorDatabase.RegistrationRecord a(List<AuthenticatorDatabase.RegistrationRecord> list, String str) {
        for (AuthenticatorDatabase.RegistrationRecord registrationRecord : list) {
            if (registrationRecord.keyHandle.equals(str)) {
                return registrationRecord;
            }
        }
        return null;
    }

    private void a() {
    }

    private void a(IMatcher.MatcherOutParams matcherOutParams) {
        a(matcherOutParams.getMatchResult());
    }

    private void a(IMatcher.RESULT result) {
        if (result != IMatcher.RESULT.SUCCESS) {
            throw new AsmException(IMatcher.RESULT.fromResult(result));
        }
    }

    private void a(AKProcessor.AkAuthnrInfo akAuthnrInfo) {
        this.mInfo.additionalInfo = akAuthnrInfo.additionalInfo;
        this.mInfo.generalInfo.authenticatorIndex = akAuthnrInfo.generalInfo.authenticatorIndex;
        this.mInfo.generalInfo.asmVersions = akAuthnrInfo.generalInfo.asmVersions;
        this.mInfo.generalInfo.assertionScheme = akAuthnrInfo.generalInfo.assertionScheme;
        this.mInfo.generalInfo.authenticationAlgorithm = akAuthnrInfo.generalInfo.authenticationAlgorithm;
        this.mInfo.generalInfo.attestationTypes = akAuthnrInfo.generalInfo.attestationTypes;
        this.mInfo.generalInfo.supportedExtensionIDs = akAuthnrInfo.generalInfo.supportedExtensionIDs;
    }

    private boolean a(AuthenticateIn authenticateIn) {
        if (authenticateIn.appID == null || authenticateIn.appID.equals("") || authenticateIn.finalChallenge == null || authenticateIn.finalChallenge.equals("")) {
            Logger.e(a, "Invalid AuthenticateIn.");
            return false;
        }
        if (!this.mInfo.generalInfo.isSecondFactorOnly || (authenticateIn.keyIDs != null && authenticateIn.keyIDs.size() != 0)) {
            return true;
        }
        Logger.e(a, "keyIDList not provided for 2nd factor authenticator");
        return false;
    }

    private boolean a(RegisterIn registerIn) {
        if (registerIn.appID != null && !registerIn.appID.equals("") && registerIn.appID.length() <= 512 && registerIn.username != null && !registerIn.username.equals("") && registerIn.finalChallenge != null && !registerIn.finalChallenge.equals("")) {
            return true;
        }
        Logger.e(a, "Invalid RegisterIn.");
        return false;
    }

    private ArrayList<String> b(AuthenticateIn authenticateIn) {
        ArrayList<String> arrayList = new ArrayList<>();
        if (!this.mInfo.generalInfo.isRoamingAuthenticator) {
            String encodeToString = Base64.encodeToString(this.mCallerID, 11);
            Logger.e(a, "Authenticate GetRegistrations for calledID: ." + encodeToString + " , appID: " + authenticateIn.appID);
            List<AuthenticatorDatabase.RegistrationRecord> registrations = this.mAuthenticatorDb.getRegistrations(encodeToString, authenticateIn.appID, authenticateIn.keyIDs);
            if (registrations.isEmpty()) {
                Logger.e(a, "No registration found.");
                throw new AsmException(Outcome.ACCESS_DENIED);
            }
            Iterator<AuthenticatorDatabase.RegistrationRecord> it = registrations.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().keyHandle);
            }
        } else if (authenticateIn.keyIDs != null) {
            arrayList.addAll(authenticateIn.keyIDs);
        }
        return arrayList;
    }

    private void b() {
        String aSMToken = this.mAuthenticatorDb.getASMToken();
        if (aSMToken != null) {
            this.mASMToken = Base64.decode(aSMToken, 11);
            return;
        }
        if (this.mUafAuthDx.isRoamingAuthenticator()) {
            return;
        }
        Logger.d(a, "Not roaming authenticator setting ASMToken");
        this.mASMToken = new byte[32];
        new Random().nextBytes(this.mASMToken);
        this.mAuthenticatorDb.storeASMToken(Base64.encodeToString(this.mASMToken, 11));
    }

    void a(List<Username> list, List<AuthenticatorDatabase.RegistrationRecord> list2, Map<String, Username> map) {
        ArrayList<AuthenticatorDatabase.RegistrationRecord> arrayList = new ArrayList();
        for (Username username : list) {
            AuthenticatorDatabase.RegistrationRecord a2 = a(list2, username.keyHandle);
            if (a2 != null) {
                Username username2 = map.get(username.username);
                if (username2 == null || a2.timeStamp > username2.timeStamp) {
                    if (username2 != null) {
                        AuthenticatorDatabase.RegistrationRecord registrationRecord = new AuthenticatorDatabase.RegistrationRecord();
                        AuthenticatorDatabase.RegistrationRecord a3 = a(list2, username2.keyHandle);
                        if (a3 != null) {
                            registrationRecord.appID = a3.appID;
                            registrationRecord.keyID = a3.keyID;
                            arrayList.add(registrationRecord);
                        }
                    }
                    username.timeStamp = a2.timeStamp;
                    map.put(username.username, username);
                } else {
                    AuthenticatorDatabase.RegistrationRecord registrationRecord2 = new AuthenticatorDatabase.RegistrationRecord();
                    registrationRecord2.appID = a2.appID;
                    registrationRecord2.keyID = a2.keyID;
                    arrayList.add(registrationRecord2);
                }
            }
        }
        for (AuthenticatorDatabase.RegistrationRecord registrationRecord3 : arrayList) {
            if (a(registrationRecord3.appID, registrationRecord3.keyID, new ArrayList()).getOutcome() != Outcome.SUCCESS) {
                Logger.e(a, "Database cleanup info: Can't delete old registration");
            }
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:108:0x00dc A[Catch: all -> 0x00e4, TRY_ENTER, TryCatch #2 {all -> 0x00e4, blocks: (B:3:0x0007, B:5:0x0012, B:75:0x0204, B:81:0x022b, B:86:0x0290, B:95:0x0079, B:108:0x00dc, B:109:0x00e3), top: B:2:0x0007 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.noknok.android.client.asm.api.uaf.json.ASMResponse authenticate(com.noknok.android.client.asm.api.uaf.json.AuthenticateIn r18, @android.support.annotation.NonNull java.util.List<com.noknok.android.client.asm.api.uaf.json.Extension> r19) {
        /*
            Method dump skipped, instructions count: 702
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.noknok.android.client.asm.core.uaf.AuthenticatorCore.authenticate(com.noknok.android.client.asm.api.uaf.json.AuthenticateIn, java.util.List):com.noknok.android.client.asm.api.uaf.json.ASMResponse");
    }

    public ASMResponse deregister(DeregisterIn deregisterIn, @NonNull List<Extension> list) {
        ASMResponse aSMResponse;
        Logger.startTimer(a, "deregister");
        ASMResponse aSMResponse2 = new ASMResponse();
        if (deregisterIn.appID == null || deregisterIn.appID.equals("") || deregisterIn.appID.length() > 512 || deregisterIn.keyID == null) {
            Logger.e(a, "Invalid DeregisterIn.");
            aSMResponse2.setOutcome(Outcome.FAILURE);
            aSMResponse = aSMResponse2;
        } else if (deregisterIn.keyID.equals("")) {
            aSMResponse2.setOutcome(Outcome.SUCCESS);
            Iterator<GetRegistrationsOut.AppRegistration> it = getAppRegistrations(Base64.encodeToString(this.mCallerID, 11)).appRegs.iterator();
            while (it.hasNext()) {
                Iterator<String> it2 = it.next().keyIDs.iterator();
                while (it2.hasNext()) {
                    ASMResponse a2 = a(deregisterIn.appID, it2.next(), list);
                    if (a2.getOutcome() != Outcome.SUCCESS) {
                        aSMResponse2.setOutcome(a2.getOutcome());
                    }
                }
            }
            aSMResponse = aSMResponse2;
        } else {
            aSMResponse = a(deregisterIn.appID, deregisterIn.keyID, list);
        }
        Logger.endTimer(a, "deregister");
        return aSMResponse;
    }

    public void deregisterAll() {
        ArrayList arrayList = new ArrayList();
        for (AuthenticatorDatabase.RegistrationRecord registrationRecord : this.mAuthenticatorDb.getRegistrations()) {
            a(registrationRecord.appID, registrationRecord.keyID, arrayList);
        }
    }

    public Username displayUsernamePicker(List<Username> list) {
        ArrayList<String> arrayList = new ArrayList<>();
        Iterator<Username> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().username);
        }
        Intent intent = new Intent(this.mContext, (Class<?>) SelectFromDialogActivity.class);
        intent.addFlags(268435456);
        intent.putStringArrayListExtra("DIALOGLIST", arrayList);
        intent.putExtra("DIALOGTITLEID", this.mContext.getString(R.string.nnl_asmsdk_uaf_select_user));
        String str = (String) ActivityStarter.startActivityForResult(this.mContext, intent, null, 0);
        if (str != null) {
            for (Username username : list) {
                if (username.username.equals(str)) {
                    return username;
                }
            }
        }
        return null;
    }

    public UserVerifyResponse enrollUser(byte[] bArr) {
        Logger.d(a, "enrollUser");
        UserVerifyResponse userVerifyResponse = new UserVerifyResponse();
        userVerifyResponse.setOutcome(Outcome.ACCESS_DENIED);
        MatcherParamsHelper.AuthenticatorMatcherType matcherType = MatcherParamsHelper.getMatcherType(this.mAuthDx, this.c);
        IMatcher.MatcherInParams createMatcherInParams = MatcherParamsHelper.createMatcherInParams(matcherType, new GetInfoParams(), bArr, this.c, this.b, this.mInfo.generalInfo.aaid, this.mContext instanceof Activity ? (Activity) this.mContext : null, Boolean.valueOf(this.mAuthenticatorDb.hasRegistrations()));
        userVerifyResponse.matcherInParams = createMatcherInParams;
        userVerifyResponse.matcherType = matcherType;
        if (matcherType == MatcherParamsHelper.AuthenticatorMatcherType.MATCHER_TYPE_AKMANAGED || this.mUafAuthDx.isRoamingAuthenticator()) {
            userVerifyResponse.setOutcome(Outcome.SUCCESS);
            userVerifyResponse.userVerifyToken = UVTHelper.createUVT(this.mInfo.generalInfo.aaid, bArr, null, "fakeRawUVI".getBytes(Charsets.utf8Charset), null);
            return userVerifyResponse;
        }
        IMatcher.MatcherOutParams register = this.c.register(createMatcherInParams);
        a(register);
        userVerifyResponse.setOutcome(Outcome.SUCCESS);
        userVerifyResponse.additionalAKArgument = null;
        userVerifyResponse.extensions = register.getExtensions();
        if (register.getUserID() != null) {
            userVerifyResponse.userID = Base64.encodeToString(register.getUserID(), 0);
        }
        if (matcherType.equals(MatcherParamsHelper.AuthenticatorMatcherType.MATCHER_TYPE_UVT)) {
            userVerifyResponse.userVerifyToken = ((UVTMatcherOutParams) register).getUVT();
        }
        return userVerifyResponse;
    }

    public GetRegistrationsOut getAppRegistrations(String str) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("The callerID is invalid");
        }
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        GetRegistrationsOut getRegistrationsOut = new GetRegistrationsOut();
        int i = 0;
        Iterator<AuthenticatorDatabase.RegistrationRecord> it = this.mAuthenticatorDb.getRegistrations(str).iterator();
        while (true) {
            int i2 = i;
            if (!it.hasNext()) {
                getRegistrationsOut.appRegs = arrayList;
                return getRegistrationsOut;
            }
            AuthenticatorDatabase.RegistrationRecord next = it.next();
            Integer num = (Integer) hashMap.get(next.appID);
            if (num == null) {
                hashMap.put(next.appID, Integer.valueOf(i2));
                arrayList.add(new GetRegistrationsOut.AppRegistration(next.appID, next.keyID));
                i = i2 + 1;
            } else {
                ((GetRegistrationsOut.AppRegistration) arrayList.get(num.intValue())).keyIDs.add(next.keyID);
                i = i2;
            }
        }
    }

    protected byte[] getAuthenticatorConfig() {
        String aKConfig = this.mAuthenticatorDb.getAKConfig();
        return aKConfig != null ? Base64.decode(aKConfig, 11) : new byte[0];
    }

    public byte[] getCallerID(Context context, String str) {
        try {
            Signature[] signatureArr = context.getPackageManager().getPackageInfo(str, 64).signatures;
            if (signatureArr == null || signatureArr.length == 0) {
                return null;
            }
            MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
            messageDigest.update(signatureArr[0].toByteArray());
            return messageDigest.digest();
        } catch (Exception e) {
            Logger.e(a, "Failed to get callerId.", e);
            return null;
        }
    }

    public AuthenticatorInfo getInfo() {
        AKProcessor.AkAuthnrInfo aKInfo = this.mAkProcessor.getAKInfo(this.mInfo.generalInfo.aaid);
        this.mAuthenticatorDb.setAuthenticatorIndex(aKInfo.generalInfo.authenticatorIndex);
        a(aKInfo);
        this.mInfo.generalInfo.description = this.mContext.getString(this.mAuthDx.getDescription());
        this.mInfo.generalInfo.title = this.mContext.getString(this.mAuthDx.getTitle());
        Logger.d(a, "GetInfo AttestationType: " + this.mInfo.generalInfo.attestationTypes.get(0).toString());
        return this.mInfo.generalInfo;
    }

    public long getReferenceID() {
        return this.mInfo.generalInfo.authenticatorIndex;
    }

    public ASMResponse getRegistrations() {
        Outcome error;
        ASMResponse aSMResponse = new ASMResponse();
        try {
            aSMResponse.responseData = (JsonObject) this.e.toJsonTree(getAppRegistrations(Base64.encodeToString(this.mCallerID, 11)));
            error = Outcome.SUCCESS;
        } catch (AsmException e) {
            error = e.error();
            Logger.e(a, "Failed to get registrations.", e);
        }
        aSMResponse.setOutcome(error);
        return aSMResponse;
    }

    public void initialize(Context context, String str) {
        Logger.i(a, "initialize");
        this.mContext = context;
        this.c = DescriptorLoader.loadAuthenticatorUIFromClassName(this.mAuthDx.getMatcherClass(), context, ProtocolType.UAF);
        IAKSelector loadAKSelectorFromClassName = DescriptorLoader.loadAKSelectorFromClassName(this.c, this.mAuthDx, context, ProtocolType.UAF);
        if (loadAKSelectorFromClassName == null || loadAKSelectorFromClassName.getAAIDInfo() == null) {
            throw new AsmException(Outcome.FAILURE, "LoadAKSelector failed. No AAID Selected");
        }
        String str2 = loadAKSelectorFromClassName.getAAIDInfo().aaid;
        Logger.i(a, "initialize( filePath = " + str2 + " )");
        this.mCryptoModule = new CryptoModule(str2, context);
        this.mCallerID = getCallerID(context, str);
        IAuthenticatorDescriptor.AAIDInfo aAIDInfo = loadAKSelectorFromClassName.getAAIDInfo();
        this.mAkProcessor = new AKProcessor(loadAKSelectorFromClassName.getAuthenticatorKernel());
        if (aAIDInfo.autoConfigure) {
            try {
                AKProcessor.AKResponseParams a2 = a(aAIDInfo);
                if (a2.getOutcome() != Outcome.SUCCESS && a2.getOutcome() != Outcome.AUTHENTICATOR_EXISTS) {
                    Logger.e(a, "AddAuthenticator command failed with status code: " + ((int) a2.statusCode));
                    throw new AsmException(Outcome.FAILURE, "Configuring AK with new Authenticator failed");
                }
            } catch (AsmException e) {
                if (!e.error().equals(Outcome.AUTHENTICATOR_DISCONNECTED)) {
                    throw e;
                }
            }
        }
        AKProcessor.AkAuthnrInfo akAuthnrInfo = new AKProcessor.AkAuthnrInfo();
        try {
            akAuthnrInfo = this.mAkProcessor.getAKInfo(loadAKSelectorFromClassName.getAAIDInfo().aaid);
        } catch (AsmException e2) {
            Logger.e(a, "Failed to Query the AK and get AK information.", e2);
        }
        this.mAuthenticatorDb = AuthenticatorDatabaseFactory.createAuthenticatorStore(this.mUafAuthDx.isRoamingAuthenticator(), str2, this.mCryptoModule, context, this.mAkProcessor);
        this.mAuthenticatorDb.setAuthenticatorIndex(akAuthnrInfo.generalInfo.authenticatorIndex);
        a();
        b();
        if (!this.mUafAuthDx.isRoamingAuthenticator()) {
            this.b = new AntiHammering(this.mAuthenticatorDb, null, true, this);
        }
        this.mInfo.generalInfo.userVerification = this.mUafAuthDx.getUserVerification();
        this.mInfo.generalInfo.isSecondFactorOnly = this.mUafAuthDx.isSecondFactorOnly();
        this.mInfo.generalInfo.isRoamingAuthenticator = this.mUafAuthDx.isRoamingAuthenticator();
        this.mInfo.generalInfo.aaid = aAIDInfo.aaid;
        this.mInfo.generalInfo.keyProtection = (short) (aAIDInfo.keyMedium.getUafValue() | aAIDInfo.keyLocation.getUafValue());
        this.mInfo.generalInfo.matcherProtection = aAIDInfo.matcherMedium.getUafValue();
        this.mInfo.generalInfo.tcDisplay = this.mUafAuthDx.getTcDisplay();
        this.mInfo.generalInfo.tcDisplayContentType = this.mUafAuthDx.getTcDisplayContentType();
        this.mInfo.generalInfo.tcDisplayPNGCharacteristics = new ArrayList();
        this.mInfo.generalInfo.tcDisplayPNGCharacteristics.add(DisplayPNGCharacteristicsDescriptor.getDefaultPNGDescriptor());
        this.mInfo.generalInfo.attachmentHint = this.mUafAuthDx.getAttachmentHint();
        this.mInfo.generalInfo.hasSettings = this.mAuthDx.hasSettings();
        this.mInfo.generalInfo.isUserEnrolled = isUserEnrolled();
        Bitmap decodeResource = BitmapFactory.decodeResource(this.mContext.getResources(), this.mAuthDx.getIcon());
        if (decodeResource != null) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            decodeResource.compress(Bitmap.CompressFormat.PNG, 100, byteArrayOutputStream);
            this.mInfo.generalInfo.icon = "data:image/png;base64," + Base64.encodeToString(byteArrayOutputStream.toByteArray(), 2);
        } else {
            Logger.e(a, "Failed to find authenticator icon resource");
        }
        a(akAuthnrInfo);
        Logger.d(a, "ASM info:\n" + this.mInfo.generalInfo);
        if (!this.mUafAuthDx.isRoamingAuthenticator()) {
            this.mAuthenticatorDb.validateUserRegistrations(this.c);
        }
        ArrayList arrayList = new ArrayList();
        ArrayList<String> extensionProcessors = this.mAuthDx.getExtensionProcessors();
        if (extensionProcessors != null) {
            try {
                Iterator<String> it = extensionProcessors.iterator();
                while (it.hasNext()) {
                    arrayList.add((IExtensionProcessor) Class.forName(it.next()).getConstructor(new Class[0]).newInstance(new Object[0]));
                }
            } catch (Exception e3) {
                Logger.e(a, "Failed to initialize the authenticator");
            }
        }
        arrayList.add(new KeyAttestation(this.mContext));
        this.f = new ExtensionManager(arrayList);
    }

    public boolean isUserEnrolled() {
        switch (this.c.isUserEnrolled()) {
            case ENROLLED:
                return true;
            case NOT_ENROLLED:
                return false;
            case UNAVAILABLE:
                return this.mUafAuthDx.isRoamingAuthenticator() || this.mAuthenticatorDb.hasRegistrations();
            default:
                throw new IllegalArgumentException();
        }
    }

    public ASMResponse openSettings() {
        ASMResponse aSMResponse = new ASMResponse();
        if (!this.mUafAuthDx.isRoamingAuthenticator() && MatcherParamsHelper.getMatcherType(this.mAuthDx, this.c) != MatcherParamsHelper.AuthenticatorMatcherType.MATCHER_TYPE_AKMANAGED) {
            IMatcher.MatcherSettingsOutParams matcherSettingsOutParams = this.c.settings(MatcherParamsHelper.createMatcherManageInParams(this.c, this.b, this.mInfo.generalInfo.aaid));
            if (matcherSettingsOutParams == null || IMatcher.RESULT.fromResult(matcherSettingsOutParams.getResult()) != Outcome.SUCCESS) {
                aSMResponse.setOutcome(Outcome.SUCCESS);
                return aSMResponse;
            }
        }
        aSMResponse.setOutcome(Outcome.SUCCESS);
        return aSMResponse;
    }

    public ASMResponse register(RegisterIn registerIn, @NonNull List<Extension> list) {
        byte[] prepareFinalChallenge;
        Logger.startTimer(a, "register");
        try {
            ASMResponse aSMResponse = new ASMResponse();
            if (!a(registerIn)) {
                aSMResponse.setOutcome(Outcome.ACCESS_DENIED);
                Logger.endTimer(a, "register");
                return aSMResponse;
            }
            try {
                Logger.d(a, "AppID for Register: " + registerIn.appID);
                Logger.d(a, "AppID for Register in bytes: " + TypeConverter.byteArrayToHexString(registerIn.appID.getBytes(Charsets.utf8Charset)));
                try {
                    prepareFinalChallenge = this.mAkProcessor.prepareFinalChallenge(registerIn.finalChallenge);
                } catch (AsmException e) {
                    if (e.error().equals(Outcome.CANCELED)) {
                        Logger.w(a, "User cancelled to register UAF");
                    } else {
                        Logger.e(a, "Failed to registers UAF credentials.", e);
                    }
                    aSMResponse.setOutcome(e.error());
                }
                if (prepareFinalChallenge == null) {
                    throw new AsmException(Outcome.FAILURE, "Value \"finalChallenge\" is null");
                }
                try {
                    byte[] digest = MessageDigest.getInstance("SHA256").digest(registerIn.finalChallenge.getBytes());
                    UserVerifyResponse enrollUser = enrollUser(prepareFinalChallenge);
                    if (enrollUser.getOutcome() != Outcome.SUCCESS) {
                        Logger.e(a, "Failed to enroll user");
                        aSMResponse.setOutcome(Outcome.ACCESS_DENIED);
                        Logger.endTimer(a, "register");
                        return aSMResponse;
                    }
                    Logger.w(a, "APPID is expected:" + this.mInfo.additionalInfo.expectAPPID + "  is RoamingAuthenticator: " + this.mInfo.generalInfo.isRoamingAuthenticator);
                    ArrayList arrayList = new ArrayList();
                    if (enrollUser.extensions != null) {
                        arrayList.addAll(enrollUser.extensions);
                    }
                    this.f.start(list, null);
                    for (Extension extension : list) {
                        Logger.i(a, "Extension " + extension.id + " will be forwarded to AK");
                        arrayList.add(a(extension));
                    }
                    AKProcessor.AKResponseParams processAK = this.mAkProcessor.processAK(new AKProcessor.AKRequestParams().setAuthenticatorIndex((byte) this.mInfo.generalInfo.authenticatorIndex).setAppID(this.mInfo.additionalInfo.expectAPPID | this.mInfo.generalInfo.isRoamingAuthenticator ? registerIn.appID.getBytes(Charsets.utf8Charset) : null).setFinalChallenge(prepareFinalChallenge).setKSAttestationChallenge(digest).setUserName(registerIn.username.getBytes(Charsets.utf8Charset)).setAttestationType(registerIn.attestationType).setKHAccessToken(this.mAkProcessor.getKHAccessToken(registerIn.appID, this.mCallerID, this.mUafAuthDx.isRoamingAuthenticator(), this.mASMToken, this.mPersonaID)).setUserVerifyToken(enrollUser.userVerifyToken).setAdditionalAKArgument(getAuthenticatorConfig()).setMatcherInParams(enrollUser.matcherInParams).setAuthenticatorDescriptor(this.mAuthDx).setMatcherType(enrollUser.matcherType).setExtensions(arrayList).setCmd((short) 13314));
                    saveAuthenticatorConfig(processAK.additionalAKInfoToBeStored);
                    if (processAK.getOutcome() != Outcome.SUCCESS) {
                        Logger.e(a, "AK failed to register");
                        aSMResponse.setOutcome(processAK.getOutcome());
                        if (!this.mAuthenticatorDb.hasRegistrations() && !this.mInfo.generalInfo.isRoamingAuthenticator) {
                            this.mAuthenticatorDb.storeAKConfig("");
                        }
                        Logger.endTimer(a, "register");
                        return aSMResponse;
                    }
                    processAK.regToBeStored.callerID = Base64.encodeToString(this.mCallerID, 11);
                    processAK.regToBeStored.appID = registerIn.appID;
                    processAK.regToBeStored.timeStamp = System.currentTimeMillis();
                    if (enrollUser.userID != null && !enrollUser.userID.equals("")) {
                        Logger.d(a, "UserID is not null");
                        try {
                            Base64.decode(enrollUser.userID, 0);
                            processAK.regToBeStored.userID = enrollUser.userID;
                        } catch (IllegalArgumentException e2) {
                            throw new AsmException(Outcome.INVALID_MESSAGE);
                        }
                    }
                    if (!this.mInfo.generalInfo.isRoamingAuthenticator) {
                        this.mAuthenticatorDb.addRegistration(processAK.regToBeStored);
                    }
                    RegisterOut registerOut = new RegisterOut();
                    registerOut.assertion = processAK.assertion;
                    registerOut.assertionScheme = this.mInfo.generalInfo.assertionScheme;
                    HashMap<IExtensionProcessor.ExtProcParamKey, String> hashMap = new HashMap<>();
                    hashMap.put(IExtensionProcessor.ExtProcParamKey.KS_ATTESTATION_KEY, processAK.KSAttestationX509);
                    this.f.finish(aSMResponse.exts, hashMap);
                    aSMResponse.responseData = (JsonObject) this.e.toJsonTree(registerOut);
                    aSMResponse.setOutcome(Outcome.SUCCESS);
                    this.mAkProcessor.postProcessAK();
                    Logger.endTimer(a, "register");
                    return aSMResponse;
                } catch (NoSuchAlgorithmException e3) {
                    Logger.e(a, "Failed to calculate nonce", e3);
                    aSMResponse.setOutcome(Outcome.ACCESS_DENIED);
                    Logger.endTimer(a, "register");
                    return aSMResponse;
                }
            } finally {
                this.mAkProcessor.postProcessAK();
            }
        } catch (Throwable th) {
            Logger.endTimer(a, "register");
            throw th;
        }
    }

    protected void saveAuthenticatorConfig(byte[] bArr) {
        if (bArr == null || this.mUafAuthDx.isRoamingAuthenticator()) {
            return;
        }
        this.mAuthenticatorDb.storeAKConfig(Base64.encodeToString(bArr, 11));
    }

    public a showTCDisplay(String str, String str2, byte[] bArr, String str3) {
        a aVar = new a(null);
        aVar.a(Outcome.FAILURE);
        Intent intent = new Intent(this.mContext, (Class<?>) TransactionActivity.class);
        intent.addFlags(268435456);
        intent.putExtra(TransactionActivity.TRANSACTION, str2);
        intent.putExtra(TransactionActivity.TRANSACTION_TYPE, str);
        Outcome outcome = (Outcome) ActivityStarter.startActivityForResult(this.mContext, intent, null, 0);
        if (outcome != null) {
            if (outcome == Outcome.SUCCESS) {
                aVar.a(Outcome.SUCCESS);
                byte[] decode = Base64.decode(str2, 11);
                if (decode.length == 0) {
                    Logger.e(a, "Nothing to display");
                    aVar.a(Outcome.FAILURE);
                    return aVar;
                }
                aVar.a = this.mAkProcessor.prepareTCToken(decode, bArr);
            } else {
                aVar.a(Outcome.CANCELED);
            }
        }
        return aVar;
    }

    public UserVerifyResponse verifyUser(String str, String str2, String str3, byte[] bArr, boolean z) {
        AnonymousClass1 anonymousClass1 = null;
        Logger.d(a, "verifyUser");
        UserVerifyResponse userVerifyResponse = new UserVerifyResponse();
        userVerifyResponse.setOutcome(Outcome.ACCESS_DENIED);
        if (str2 != null) {
            if (this.mAuthDx.isTransactionShownByAuthUI()) {
                this.tTCDisplayResponse = new a(anonymousClass1);
                this.tTCDisplayResponse.a(Outcome.SUCCESS);
                byte[] decode = Base64.decode(str2, 11);
                if (decode.length == 0) {
                    Logger.e(a, "No transaction text to display");
                    this.tTCDisplayResponse.a(Outcome.FAILURE);
                    return userVerifyResponse;
                }
                this.tTCDisplayResponse.a = this.mAkProcessor.prepareTCToken(decode, bArr);
            } else {
                this.tTCDisplayResponse = showTCDisplay(str, str2, bArr, str3);
                if (this.tTCDisplayResponse.a() != Outcome.SUCCESS) {
                    if (this.tTCDisplayResponse.a() == Outcome.CANCELED) {
                        userVerifyResponse.setOutcome(Outcome.CANCELED);
                    }
                    return userVerifyResponse;
                }
            }
        }
        GetInfoParams getInfoParams = new GetInfoParams(str2, null, null);
        MatcherParamsHelper.AuthenticatorMatcherType matcherType = MatcherParamsHelper.getMatcherType(this.mAuthDx, this.c);
        IMatcher.MatcherInParams createMatcherInParams = MatcherParamsHelper.createMatcherInParams(matcherType, getInfoParams, bArr, this.c, this.b, this.mInfo.generalInfo.aaid, this.mContext instanceof Activity ? (Activity) this.mContext : null, Boolean.valueOf(this.mAuthenticatorDb.hasRegistrations()));
        userVerifyResponse.matcherInParams = createMatcherInParams;
        userVerifyResponse.matcherType = matcherType;
        if (matcherType == MatcherParamsHelper.AuthenticatorMatcherType.MATCHER_TYPE_AKMANAGED || this.mUafAuthDx.isRoamingAuthenticator()) {
            userVerifyResponse.setOutcome(Outcome.SUCCESS);
            userVerifyResponse.userVerifyToken = UVTHelper.createUVT(this.mInfo.generalInfo.aaid, bArr, null, "fakeRawUVI".getBytes(Charsets.utf8Charset), null);
            return userVerifyResponse;
        }
        IMatcher.MatcherOutParams authenticate = this.c.authenticate(createMatcherInParams);
        if (authenticate == null) {
            userVerifyResponse.setOutcome(Outcome.FAILURE);
            return userVerifyResponse;
        }
        userVerifyResponse.setOutcome(Outcome.SUCCESS);
        userVerifyResponse.additionalAKArgument = null;
        userVerifyResponse.extensions = authenticate.getExtensions();
        if (authenticate.getUserID() != null) {
            userVerifyResponse.userID = Base64.encodeToString(authenticate.getUserID(), 0);
        }
        if (matcherType.equals(MatcherParamsHelper.AuthenticatorMatcherType.MATCHER_TYPE_UVT)) {
            userVerifyResponse.userVerifyToken = ((UVTMatcherOutParams) authenticate).getUVT();
        }
        a(authenticate);
        return userVerifyResponse;
    }
}
