package me.id.mobile.helper.u2f;

import android.app.Activity;
import android.support.annotation.NonNull;
import android.support.annotation.VisibleForTesting;
import android.support.v4.util.Pair;
import com.annimon.stream.Exceptional;
import com.annimon.stream.Optional;
import com.annimon.stream.function.Function;
import com.annimon.stream.function.Predicate;
import com.annimon.stream.function.Supplier;
import java.nio.ByteBuffer;
import java.security.KeyPair;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import me.id.mobile.WalletApplication;
import me.id.mobile.controller.SessionController;
import me.id.mobile.helper.ByteArrayHelper;
import me.id.mobile.helper.DeviceHelper;
import me.id.mobile.helper.crypto.ECCryptoHelper;
import me.id.mobile.helper.u2f.exception.U2fRegistrationOrAuthenticationException;
import me.id.mobile.model.Session;
import me.id.mobile.model.User;
import me.id.mobile.model.mfa.u2f.U2fError;
import me.id.webverifylib.exception.UserCanceledException;
import org.spongycastle.util.encoders.Hex;
import org.threeten.bp.LocalDateTime;
import rx.Completable;
import rx.Single;
import rx.functions.Func0;
import rx.functions.Func1;
import rx.schedulers.Schedulers;

/* loaded from: classes.dex */
public class AuthenticatorController implements Authenticator {

    @Inject
    SessionController sessionController;

    @Inject
    Storage storage;
    private Map<String, Identity> unsavedIdentities = new HashMap();

    @Inject
    UserPresenceVerifier userPresenceVerifier;

    public AuthenticatorController() {
        WalletApplication.getContext().inject(this);
    }

    /* renamed from: getKeyHandle */
    public byte[] lambda$registrationRequest$0(@NonNull RegistrationRequest registrationRequest, @NonNull String str, @NonNull String str2) {
        return ByteArrayHelper.concat(str2.getBytes(), DeviceHelper.getDeviceId().getBytes(), str.getBytes(), registrationRequest.getClientData().getOrigin().getBytes());
    }

    public static /* synthetic */ IllegalStateException lambda$null$11() {
        return new IllegalStateException("The user cannot be null");
    }

    public static /* synthetic */ IdentityData lambda$null$12(@NonNull RegistrationRequest registrationRequest, RegistrationResponse registrationResponse, KeyPair keyPair) throws Throwable {
        return new IdentityData(Hex.toHexString(registrationRequest.getApplication()), Hex.toHexString(registrationResponse.getUserPublicKey()), new String(ECCryptoHelper.getPrivateKeyFromKeyPair(keyPair), "UTF-8"));
    }

    public static /* synthetic */ boolean lambda$null$14(Identity identity) {
        return identity.getData() != null;
    }

    public static /* synthetic */ String lambda$null$7() {
        return "";
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static /* synthetic */ RegistrationResponse lambda$registrationRequest$5(Pair pair) {
        return (RegistrationResponse) pair.second;
    }

    @NonNull
    private Throwable mapPinValidatorError(Throwable th) {
        return ((th instanceof SecurityException) || (th instanceof UserCanceledException)) ? U2fError.ERROR_VERIFYING_USER_PRESENCE.getException(th) : th;
    }

    private Exceptional<byte[]> signDataWithPrivateKey(byte[] bArr, String str) {
        return ECCryptoHelper.signDataWithPrivateKey(bArr, str);
    }

    private String vendorAttestationCertificate() {
        return "308201d030820177a00302010202090098d5906f2166952e300a06082a8648ce3d0403023045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464301e170d3137303531323230323435345a170d3138303531323230323435345a3045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643059301306072a8648ce3d020106082a8648ce3d0301070342000459e35da061b8e13474fd88686316f71e1ca4611c66a7a8091bd3918793463acce684fb35102d68e80941b2ada23d431faf09c5c2dd226f18e0b3cbcdeeb663c8a350304e301d0603551d0e04160414652fd68b746523ccdff1a1b2ec273a487576c45c301f0603551d23041830168014652fd68b746523ccdff1a1b2ec273a487576c45c300c0603551d13040530030101ff300a06082a8648ce3d0403020347003044022065247f5faaa7d32497a09dc93e7b27f33a797bc556c08a15cd02629d47dc0b2e0220196b1fdbcb5711b22fe0d7f6bda385cf57bde3f6fbcd64e07926acd9bb7de571";
    }

    private String vendorPrivateKey() {
        return "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgxOuKV2kDcMdtNiL4eFpzCRYXhC8UW5nCi1fRdlggqFyhRANCAARZ412gYbjhNHT9iGhjFvceHKRhHGanqAkb05GHk0Y6zOaE+zUQLWjoCUGyraI9Qx+vCcXC3SJvGOCzy83utmPI";
    }

    @Override // me.id.mobile.helper.u2f.Authenticator
    @NonNull
    public Single<AuthenticationResponse> authenticationRequest(@NonNull Activity activity, @NonNull AuthenticationRequest authenticationRequest) {
        Function function;
        Optional ofNullable = Optional.ofNullable(this.storage.get(U2fUtils.getKeyHandleStringRepresentation(authenticationRequest.getKeyHandle())));
        function = AuthenticatorController$$Lambda$8.instance;
        return (Single) ofNullable.map(function).map(AuthenticatorController$$Lambda$9.lambdaFactory$(this, activity, authenticationRequest)).orElse(Single.error(U2fError.INVALID_KEY_HANDLE.getException()));
    }

    @VisibleForTesting
    protected boolean doesKeyHandleAlreadyExist(String str) {
        return Optional.ofNullable(this.storage.get(str)).isPresent();
    }

    @Override // me.id.mobile.helper.u2f.Authenticator
    @NonNull
    public Set<IdentityMetadata> getIdentitiesMetadata(@NonNull String str) {
        return this.storage.getIdentitiesMetadata(str);
    }

    @Override // me.id.mobile.helper.u2f.Authenticator
    @NonNull
    public Optional<IdentityMetadata> getIdentityMetadata(@NonNull String str) {
        Function function;
        Optional ofNullable = Optional.ofNullable(this.storage.get(str));
        function = AuthenticatorController$$Lambda$10.instance;
        return ofNullable.map(function);
    }

    public /* synthetic */ Single lambda$authenticationRequest$10(@NonNull Activity activity, @NonNull AuthenticationRequest authenticationRequest, Pin pin) {
        Func0 func0;
        Completable onErrorResumeNext = this.userPresenceVerifier.verifyUser(activity, pin).onErrorResumeNext(AuthenticatorController$$Lambda$21.lambdaFactory$(this));
        func0 = AuthenticatorController$$Lambda$22.instance;
        return onErrorResumeNext.toSingle(func0).flatMap(AuthenticatorController$$Lambda$23.lambdaFactory$(this, authenticationRequest));
    }

    public /* synthetic */ void lambda$null$15(String str, Identity identity) {
        IdentityData data = identity.getData();
        IdentityMetadata metadata = identity.getMetadata();
        data.incrementAccessCount();
        metadata.setAccessCount(data.getAccessCount());
        metadata.setLastAccess(LocalDateTime.now());
        this.storage.put(str, identity);
    }

    public /* synthetic */ Single lambda$null$2(Throwable th) {
        return Single.error(mapVerifiedRequestError(th));
    }

    public /* synthetic */ Completable lambda$null$6(Throwable th) {
        return Completable.error(mapPinValidatorError(th));
    }

    public /* synthetic */ Single lambda$null$8(Throwable th) {
        return Single.error(mapVerifiedRequestError(th));
    }

    public /* synthetic */ Single lambda$null$9(@NonNull AuthenticationRequest authenticationRequest, String str) {
        return verifiedAuthenticationRequest(authenticationRequest).onErrorResumeNext(AuthenticatorController$$Lambda$24.lambdaFactory$(this));
    }

    public /* synthetic */ Single lambda$registrationRequest$1(Throwable th) {
        return Single.error(mapPinValidatorError(th));
    }

    public /* synthetic */ Single lambda$registrationRequest$3(@NonNull RegistrationRequest registrationRequest, byte[] bArr, Pin pin) {
        return verifiedRegistrationRequest(registrationRequest, bArr, pin).onErrorResumeNext(AuthenticatorController$$Lambda$25.lambdaFactory$(this));
    }

    /* JADX WARN: Multi-variable type inference failed */
    public /* synthetic */ void lambda$registrationRequest$4(String str, Pair pair) {
        this.unsavedIdentities.put(str, pair.first);
    }

    public /* synthetic */ void lambda$saveIdentity$17(@NonNull String str, Identity identity) {
        this.storage.put(str, identity);
    }

    public /* synthetic */ AuthenticationResponse lambda$verifiedAuthenticationRequest$16(@NonNull AuthenticationRequest authenticationRequest) throws Exception {
        Predicate predicate;
        Function function;
        String keyHandleStringRepresentation = U2fUtils.getKeyHandleStringRepresentation(authenticationRequest.getKeyHandle());
        Optional ofNullable = Optional.ofNullable(this.storage.get(keyHandleStringRepresentation));
        predicate = AuthenticatorController$$Lambda$14.instance;
        Optional executeIfPresent = ofNullable.filter(predicate).executeIfPresent(AuthenticatorController$$Lambda$15.lambdaFactory$(this, keyHandleStringRepresentation));
        function = AuthenticatorController$$Lambda$16.instance;
        Optional map = executeIfPresent.map(function);
        U2fError u2fError = U2fError.ERROR_ACCESSING_STORED_KEYS;
        u2fError.getClass();
        IdentityData identityData = (IdentityData) map.orElseThrow(AuthenticatorController$$Lambda$17.lambdaFactory$(u2fError));
        ByteBuffer allocate = ByteBuffer.allocate(4);
        allocate.putInt(identityData.getAccessCount());
        return new AuthenticationResponse(identityData.getAccessCount(), signDataWithPrivateKey(ByteArrayHelper.concat(authenticationRequest.getApplicationData(), new byte[]{1}, allocate.array(), authenticationRequest.getChallenge()), identityData.getPrivateKey()).getOrThrow(U2fError.SIGNATURE_ERROR.getException()), true);
    }

    public /* synthetic */ Pair lambda$verifiedRegistrationRequest$13(@NonNull RegistrationRequest registrationRequest, @NonNull byte[] bArr, @NonNull Pin pin) throws Exception {
        Function<? super Session, ? extends U> function;
        Supplier supplier;
        Optional<Session> session = this.sessionController.getSession();
        function = AuthenticatorController$$Lambda$18.instance;
        Optional<U> map = session.map(function);
        supplier = AuthenticatorController$$Lambda$19.instance;
        User user = (User) map.orElseThrow(supplier);
        KeyPair orThrow = ECCryptoHelper.generateKeyPairs().getOrThrow(U2fError.ERROR_CREATING_EC_KEY.getException());
        byte[] orThrow2 = ECCryptoHelper.getPublicKeyFromKeyPair(orThrow).getOrThrow(U2fError.ERROR_CREATING_EC_KEY.getException());
        RegistrationResponse registrationResponse = new RegistrationResponse(Hex.decode(vendorAttestationCertificate()), bArr, signDataWithPrivateKey(ByteArrayHelper.concat(new byte[]{0}, registrationRequest.getApplication(), registrationRequest.getChallenge(), bArr, orThrow2), vendorPrivateKey()).getOrThrow(U2fError.SIGNATURE_ERROR.getException()), orThrow2);
        return new Pair(Identity.builder().data((IdentityData) Exceptional.of(AuthenticatorController$$Lambda$20.lambdaFactory$(registrationRequest, registrationResponse, orThrow)).getOrThrowRuntimeException()).metadata(IdentityMetadata.builder().id(user.getId()).email(user.getEmail()).keyHandle(U2fUtils.getKeyHandleStringRepresentation(registrationResponse.getKeyHandle())).build()).pin(pin).build(), registrationResponse);
    }

    @VisibleForTesting
    @NonNull
    protected Throwable mapVerifiedRequestError(Throwable th) {
        return !(th instanceof U2fRegistrationOrAuthenticationException) ? U2fError.UNKNOWN.getException(th) : th;
    }

    @Override // me.id.mobile.helper.u2f.Authenticator
    @NonNull
    public Single<RegistrationResponse> registrationRequest(@NonNull Activity activity, @NonNull RegistrationRequest registrationRequest, @NonNull String str) {
        Function<? super Session, ? extends U> function;
        Function function2;
        Func1 func1;
        Optional<Session> session = this.sessionController.getSession();
        function = AuthenticatorController$$Lambda$1.instance;
        Optional<U> map = session.map(function);
        function2 = AuthenticatorController$$Lambda$2.instance;
        byte[] bArr = (byte[]) map.map(function2).map(AuthenticatorController$$Lambda$3.lambdaFactory$(this, registrationRequest, str)).get();
        String keyHandleStringRepresentation = U2fUtils.getKeyHandleStringRepresentation(bArr);
        if (doesKeyHandleAlreadyExist(keyHandleStringRepresentation)) {
            return Single.error(U2fError.DEVICE_ALREADY_REGISTERED.getException());
        }
        Single doOnSuccess = this.userPresenceVerifier.registerPin(activity).onErrorResumeNext(AuthenticatorController$$Lambda$4.lambdaFactory$(this)).flatMap(AuthenticatorController$$Lambda$5.lambdaFactory$(this, registrationRequest, bArr)).doOnSuccess(AuthenticatorController$$Lambda$6.lambdaFactory$(this, keyHandleStringRepresentation));
        func1 = AuthenticatorController$$Lambda$7.instance;
        return doOnSuccess.map(func1);
    }

    @Override // me.id.mobile.helper.u2f.Authenticator
    public void reset() {
        this.storage.reset();
    }

    @Override // me.id.mobile.helper.u2f.Authenticator
    public void revoke(@NonNull String str) {
        this.storage.remove(str);
    }

    @Override // me.id.mobile.helper.u2f.Authenticator
    public void saveIdentity(@NonNull String str) {
        Optional.ofNullable(this.unsavedIdentities.get(str)).ifPresent(AuthenticatorController$$Lambda$13.lambdaFactory$(this, str));
    }

    @NonNull
    public Single<AuthenticationResponse> verifiedAuthenticationRequest(@NonNull AuthenticationRequest authenticationRequest) {
        return Single.fromCallable(AuthenticatorController$$Lambda$12.lambdaFactory$(this, authenticationRequest)).subscribeOn(Schedulers.computation());
    }

    @VisibleForTesting
    @NonNull
    protected Single<Pair<Identity, RegistrationResponse>> verifiedRegistrationRequest(@NonNull RegistrationRequest registrationRequest, @NonNull byte[] bArr, @NonNull Pin pin) {
        return Single.fromCallable(AuthenticatorController$$Lambda$11.lambdaFactory$(this, registrationRequest, bArr, pin)).subscribeOn(Schedulers.computation());
    }
}
