package com.gmrz.asm.fp.authenticator.kernel.gm;

import android.app.Activity;
import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.util.Log;
import com.android.AKException;
import com.android.client.asm.sdk.IAuthenticatorKernel;
import com.android.client.asm.sdk.IMatcher;
import com.android.uaf.asmcore.AKProcessor;
import com.gmrz.android.client.asm.api.uaf.json.Extension;
import com.gmrz.android.client.utils.Charsets;
import com.gmrz.android.client.utils.Logger;
import com.gmrz.asm.fp.authenticator.CryptoStore;
import com.gmrz.asm.fp.authenticator.matcherparams.KSMatcherInParams;
import com.gmrz.asm.fp.authenticator.matcherparams.KSMatcherOutParams;
import com.gmrz.asm.fp.authui.FingerprintOperation;
import com.gmrz.authenticationso.AuthKernel;
import com.gmrz.authenticationso.authenticator.KSAuthenticatorKernel;
import com.gmrz.authenticationso.utils.UtilByte;
import com.utils.AAID;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.UnrecoverableKeyException;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
import java.util.Vector;
import javax.crypto.Cipher;

/* loaded from: classes.dex */
public class FpAttestationAuthenticatorKernel extends KSAuthenticatorKernel implements IAuthenticatorKernel.IExtAuthenticatorKernel {
    private static final String TAG = "GM-KA-Kernel";
    private static final List<Extension> extensions = new ArrayList();
    private static byte[] fc = null;
    private static Activity sCallerActivity = null;
    private static boolean sIsRegisterOperation = false;

    /* renamed from: com.gmrz.asm.fp.authenticator.kernel.gm.FpAttestationAuthenticatorKernel$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$android$client$asm$sdk$IMatcher$RESULT;

        static {
            int[] iArr = new int[IMatcher.RESULT.values().length];
            $SwitchMap$com$android$client$asm$sdk$IMatcher$RESULT = iArr;
            try {
                iArr[IMatcher.RESULT.SUCCESS.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$android$client$asm$sdk$IMatcher$RESULT[IMatcher.RESULT.FINGER_SET_CHANGE.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$android$client$asm$sdk$IMatcher$RESULT[IMatcher.RESULT.CHANGE_AUTHENTICATOR.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$com$android$client$asm$sdk$IMatcher$RESULT[IMatcher.RESULT.TOOMANYATTEMPTS.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$com$android$client$asm$sdk$IMatcher$RESULT[IMatcher.RESULT.CANCEL.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                $SwitchMap$com$android$client$asm$sdk$IMatcher$RESULT[IMatcher.RESULT.USER_BIOMETRIC_PREFERRED_IRIS.ordinal()] = 6;
            } catch (NoSuchFieldError unused6) {
            }
        }
    }

    public FpAttestationAuthenticatorKernel(Context context, IMatcher iMatcher) throws AKException {
        super(context, iMatcher);
        setAKDigestMethodSM3();
    }

    private void exportKeyAttestationExtension(String str) {
        Logger.d(TAG, "exportKeyAttestationExtension");
        String exportKeyAttestation = CryptoStore.exportKeyAttestation(KSAuthenticatorKernel.mContext, str);
        Extension extension = new Extension();
        extension.data = exportKeyAttestation;
        extension.id = "fido.uaf.android.key_attestation";
        extension.fail_if_unknown = false;
        extensions.add(extension);
    }

    @Override // com.gmrz.authenticationso.authenticator.KSAuthenticatorKernel
    public byte[] encryptDecryptData(byte[] bArr, byte[] bArr2) {
        String str = new String(bArr, Charsets.utf8Charset);
        Logger.d(TAG, String.format("key alias name: %s", str));
        try {
            if (CryptoStore.loadKeyStore(KSAuthenticatorKernel.mContext).getKey(str, null) == null) {
                Logger.d(TAG, "gm:Unable to get the signing key by name " + str);
                this.statusCode = 9;
                return null;
            }
            Logger.i(TAG, "Begin encrypt or decrypt command");
            Vector<byte[]> vector = new Vector<>(1);
            IMatcher.RESULT fpEncryptDecryptData = fpEncryptDecryptData(bArr, bArr2, vector);
            Logger.d(TAG, "data encrypt or decrypt result:" + fpEncryptDecryptData);
            switch (AnonymousClass1.$SwitchMap$com$android$client$asm$sdk$IMatcher$RESULT[fpEncryptDecryptData.ordinal()]) {
                case 1:
                    byte[] bArr3 = vector.get(0);
                    Logger.i(TAG, "encrypt and decrypt command completed");
                    ByteBuffer allocate = ByteBuffer.allocate(bArr3.length + 2);
                    allocate.order(ByteOrder.LITTLE_ENDIAN);
                    allocate.putShort((short) bArr3.length);
                    allocate.put(bArr3);
                    return allocate.array();
                case 2:
                    this.statusCode = 9;
                    return null;
                case 3:
                    this.statusCode = 11;
                    return null;
                case 4:
                    this.statusCode = 98;
                    return null;
                case 5:
                    this.statusCode = 13;
                    return null;
                case 6:
                    this.statusCode = 14;
                    return null;
                default:
                    this.statusCode = 1;
                    return null;
            }
        } catch (KeyPermanentlyInvalidatedException e) {
            e = e;
            e.printStackTrace();
            Logger.e(TAG, "KeyStore key invalidated.");
            this.statusCode = 9;
            return null;
        } catch (UnrecoverableKeyException e2) {
            e = e2;
            e.printStackTrace();
            Logger.e(TAG, "KeyStore key invalidated.");
            this.statusCode = 9;
            return null;
        } catch (Exception e3) {
            e3.printStackTrace();
            Logger.e(TAG, "encrypt or decrypt failed");
            this.statusCode = 1;
            return null;
        }
    }

    @Override // com.gmrz.authenticationso.authenticator.KSAuthenticatorKernel
    public byte[] exportPublicKey(byte[] bArr) {
        return new byte[0];
    }

    @Override // com.android.client.asm.sdk.IAuthenticatorKernel.IExtAuthenticatorKernel
    public List<Extension> extExtract(AKProcessor.AKResponseParams aKResponseParams) {
        Logger.d(TAG, "extExtract");
        return extensions;
    }

    @Override // com.android.client.asm.sdk.IAuthenticatorKernel.IExtAuthenticatorKernel
    public void extInit(AKProcessor.AKRequestParams aKRequestParams) {
        Logger.d(TAG, "extInit");
        fc = aKRequestParams.finalChallenge;
    }

    public IMatcher.RESULT fpEncryptDecryptData(byte[] bArr, byte[] bArr2, Vector<byte[]> vector) throws Exception {
        byte[] doFinal;
        String str = new String(bArr, Charsets.utf8Charset);
        Logger.d(TAG, String.format("key alias name: %s", str));
        if (CryptoStore.isFpSetChangedOther(KSAuthenticatorKernel.mContext, str)) {
            Logger.e(TAG, "fingerprint set has changed ...");
            return IMatcher.RESULT.FINGER_SET_CHANGE;
        }
        Cipher initCipherRSA = CryptoStore.initCipherRSA(KSAuthenticatorKernel.mContext, str, sIsRegisterOperation ? 1 : 2);
        if (initCipherRSA == null) {
            Logger.e(TAG, "cipher RSA init failed");
            return IMatcher.RESULT.MISMATCH;
        }
        Logger.d(TAG, "cipher RSA init successfully");
        KSMatcherInParams matchUI = new KSMatcherInParams().setCustomUI(KSAuthenticatorKernel.mMatcherInParams.getCustomUI()).setAntihammeringCallback(KSAuthenticatorKernel.mMatcherInParams.getAntiHammeringCallback()).setFinalChallenge(KSAuthenticatorKernel.mMatcherInParams.getFinalChallenge()).setTransText(KSAuthenticatorKernel.mMatcherInParams.getTransText()).setCipherObject(sIsRegisterOperation ? null : initCipherRSA).setMatchUI(KSAuthenticatorKernel.mMatcherInParams.m_matcherUI);
        KSMatcherOutParams kSMatcherOutParams = sIsRegisterOperation ? (KSMatcherOutParams) KSAuthenticatorKernel.mMatcher.register(matchUI, sCallerActivity) : (KSMatcherOutParams) KSAuthenticatorKernel.mMatcher.authenticate(matchUI, sCallerActivity);
        IMatcher.RESULT matchResult = kSMatcherOutParams.getMatchResult();
        IMatcher.RESULT result = IMatcher.RESULT.SUCCESS;
        if (matchResult != result) {
            Logger.i(TAG, "Failed");
            return kSMatcherOutParams.getMatchResult();
        }
        Logger.i(TAG, "AKManaged Matcher returned Success. next will get authenticated cipher.");
        if (sIsRegisterOperation) {
            Logger.d(TAG, "Reg process: data to encrypt");
            doFinal = initCipherRSA.doFinal(bArr2);
        } else {
            Logger.d(TAG, "Auth process: data to decrypt");
            Cipher authenticatedCipher = kSMatcherOutParams.getAuthenticatedCipher();
            if (authenticatedCipher == null) {
                Logger.e(TAG, "authenticated cipher instance is null");
                return IMatcher.RESULT.MISMATCH;
            }
            doFinal = authenticatedCipher.doFinal(bArr2);
        }
        vector.add(0, doFinal);
        Logger.d(TAG, "fpEncryptDecryptData complete");
        return result;
    }

    @Override // com.gmrz.authenticationso.authenticator.KSAuthenticatorKernel
    public byte[] generateKeyPair() {
        try {
            Logger.i(TAG, "Begin Key generation");
            sIsRegisterOperation = true;
            byte[] generateKeypairUsingFpKeyStore = generateKeypairUsingFpKeyStore();
            ByteBuffer allocate = ByteBuffer.allocate(generateKeypairUsingFpKeyStore.length + 2 + 1);
            allocate.order(ByteOrder.LITTLE_ENDIAN);
            allocate.putShort((short) (generateKeypairUsingFpKeyStore.length + 1));
            allocate.put(generateKeypairUsingFpKeyStore);
            Logger.i(TAG, "End Key generation");
            return allocate.array();
        } catch (Exception e) {
            Logger.e(TAG, "KeyGeneration failed.", e);
            e.printStackTrace();
            sIsRegisterOperation = false;
            this.statusCode = 1;
            return null;
        }
    }

    public byte[] generateKeypairUsingFpKeyStore() throws Exception {
        String uuid = UUID.randomUUID().toString();
        if (!(Build.VERSION.SDK_INT < 24 ? false : CryptoStore.generateKeyPairRSA(KSAuthenticatorKernel.mContext, uuid, fc))) {
            if (new FingerprintOperation(KSAuthenticatorKernel.mContext).hasEnrolledFingerprints()) {
                throw new Exception("FpCryptoStoreUtils.generateKsRsaKeyPair failed");
            }
            KSAuthenticatorKernel.mMatcher.register(new KSMatcherInParams().setCustomUI(KSAuthenticatorKernel.mMatcherInParams.getCustomUI()).setAntihammeringCallback(KSAuthenticatorKernel.mMatcherInParams.getAntiHammeringCallback()).setMatchUI(KSAuthenticatorKernel.mMatcherInParams.m_matcherUI), sCallerActivity);
            this.statusCode = 13;
        }
        Logger.d(TAG, "FPSUI: uuid: " + uuid);
        exportKeyAttestationExtension(uuid);
        return uuid.getBytes(Charsets.utf8Charset);
    }

    @Override // com.gmrz.authenticationso.authenticator.KSAuthenticatorKernel
    public String performInitJni(boolean z) {
        return AuthKernel.initJni(KSAuthenticatorKernel.mContext, z, this, AAID.FINGER_KA_GM);
    }

    @Override // com.gmrz.authenticationso.authenticator.KSAuthenticatorKernel
    public byte[] performProcessJni(byte[] bArr) {
        Log.v(TAG, "send to Huhu => " + UtilByte.byte2hex(bArr));
        byte[] processJni = AuthKernel.processJni(bArr);
        Log.v(TAG, "received from Huhu <= " + UtilByte.byte2hex(processJni));
        return processJni;
    }

    @Override // com.gmrz.authenticationso.authenticator.KSAuthenticatorKernel, com.android.client.asm.sdk.IAuthenticatorKernel
    public boolean postProcess() {
        Logger.d(TAG, "postProcess");
        super.postProcess();
        sIsRegisterOperation = false;
        extensions.clear();
        fc = null;
        return true;
    }

    @Override // com.gmrz.authenticationso.authenticator.KSAuthenticatorKernel
    public void removeKey(byte[] bArr) {
        try {
            Logger.i(TAG, "Begin remove key.");
            CryptoStore.removeKey(KSAuthenticatorKernel.mContext, new String(bArr, Charsets.utf8Charset));
        } catch (Exception e) {
            Logger.e(TAG, "removeKey failed.", e);
            e.printStackTrace();
            this.statusCode = 1;
        }
    }

    @Override // com.gmrz.authenticationso.authenticator.KSAuthenticatorKernel, com.android.client.asm.sdk.IAuthenticatorKernel
    public void setCallerActivity(Activity activity) {
        sCallerActivity = activity;
    }

    @Override // com.gmrz.authenticationso.authenticator.KSAuthenticatorKernel
    public byte[] signData(byte[] bArr, byte[] bArr2) {
        return new byte[0];
    }
}
