package com.samsung.android.clavis.fido.uaf.ra.operation;

import android.content.Context;
import android.os.CancellationSignal;
import android.os.Handler;
import android.os.Looper;
import android.os.Message;
import android.util.SparseArray;
import com.google.common.base.Preconditions;
import com.google.common.io.BaseEncoding;
import com.samsung.android.clavis.fido.uaf.ra.authenticator.AuthenticatorInfoOperation;
import com.samsung.android.clavis.fido.uaf.ra.authenticator.AuthenticatorManager;
import com.samsung.android.clavis.fido.uaf.ra.authenticator.operation.verifier.VerifierOperation;
import com.samsung.android.clavis.fido.uaf.ra.authenticator.operation.verifier.VerifierOperations;
import com.samsung.android.clavis.fido.uaf.ra.common.util.RaLog;
import com.samsung.android.clavis.fido.uaf.ra.sdk.UafAuthenticator;
import com.samsung.android.clavis.fido.uaf.ra.storage.StorageArgs;
import com.samsung.android.clavis.fido.uaf.ra.storage.StorageManager;
import com.samsung.android.clavis.fido.uaf.ra.storage.StorageSearchOption;
import com.sec.android.fido.uaf.message.internal.tag.cmdtlv.TlvSignCommand;
import com.sec.android.fido.uaf.message.internal.tag.cmdtlv.TlvSignResponse;
import com.sec.android.fido.uaf.message.internal.tag.tlv.TlvKeyHandle;
import com.sec.android.fido.uaf.message.internal.tag.tlv.TlvStatusCode;
import com.sec.android.fido.uaf.message.internal.tag.tlv.TlvUserVerifyToken;
import java.lang.ref.WeakReference;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class Sign extends UafAuthenticatorOperation {
    private static final int IDENTIFICATION_TIMEOUT = 35;
    private AuthenticatorInfoOperation mAuthenticatorInfo;
    private CancellationSignal mCancellationSignal;
    private TlvSignCommand mOriginalTlvSignCommand;
    private Handler mResultHandler;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.samsung.android.clavis.fido.uaf.ra.operation.Sign$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$samsung$android$clavis$fido$uaf$ra$sdk$UafAuthenticator$AuthResult;

        static {
            int[] iArr = new int[UafAuthenticator.AuthResult.values().length];
            $SwitchMap$com$samsung$android$clavis$fido$uaf$ra$sdk$UafAuthenticator$AuthResult = iArr;
            try {
                iArr[UafAuthenticator.AuthResult.CANCEL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$samsung$android$clavis$fido$uaf$ra$sdk$UafAuthenticator$AuthResult[UafAuthenticator.AuthResult.TIMEOUT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$samsung$android$clavis$fido$uaf$ra$sdk$UafAuthenticator$AuthResult[UafAuthenticator.AuthResult.FAIL.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$com$samsung$android$clavis$fido$uaf$ra$sdk$UafAuthenticator$AuthResult[UafAuthenticator.AuthResult.SUCCESS.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class MyCancelListener implements CancellationSignal.OnCancelListener {
        private final WeakReference<CancellationSignal> mDelegate;
        private final WeakReference<Sign> mOuter;

        public MyCancelListener(Sign sign, CancellationSignal cancellationSignal) {
            this.mOuter = new WeakReference<>(sign);
            this.mDelegate = new WeakReference<>(cancellationSignal);
        }

        @Override // android.os.CancellationSignal.OnCancelListener
        public void onCancel() {
            Preconditions.checkState(this.mOuter.get() != null, "outer reference is null");
            CancellationSignal cancellationSignal = this.mDelegate.get();
            Preconditions.checkState(cancellationSignal != null, "cancellationSignal is null");
            cancellationSignal.cancel();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class MyIdentificationCallback implements VerifierOperation.IdentificationCallback {
        private final WeakReference<Sign> mOuter;

        public MyIdentificationCallback(Sign sign) {
            this.mOuter = new WeakReference<>(sign);
        }

        @Override // com.samsung.android.clavis.fido.uaf.ra.authenticator.operation.verifier.VerifierOperation.IdentificationCallback
        public void onCanceled() {
            Sign sign = this.mOuter.get();
            Preconditions.checkState(sign != null, "outer reference is null");
            Preconditions.checkState(sign.mResultHandler != null, "mResultHandler is null");
            Preconditions.checkState(sign.mCancellationSignal != null, "mCancellationSignal is null");
            if (sign.mCancellationSignal.isCanceled()) {
                return;
            }
            sign.mResultHandler.obtainMessage(35).sendToTarget();
        }

        @Override // com.samsung.android.clavis.fido.uaf.ra.authenticator.operation.verifier.VerifierOperation.IdentificationCallback
        public void onFailed(int i) {
            Sign sign = this.mOuter.get();
            Preconditions.checkState(sign != null, "outer reference is null");
            Preconditions.checkState(sign.mResultHandler != null, "mResultHandler is null");
            sign.mResultHandler.obtainMessage(i).sendToTarget();
        }

        @Override // com.samsung.android.clavis.fido.uaf.ra.authenticator.operation.verifier.VerifierOperation.IdentificationCallback
        public void onSucceeded() {
            Sign sign = this.mOuter.get();
            Preconditions.checkState(sign != null, "outer reference is null");
            Preconditions.checkState(sign.mResultHandler != null, "mResultHandler is null");
            sign.mResultHandler.obtainMessage(32).sendToTarget();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static final class MyMessageHandler extends Handler {
        private static final int CANCEL_IDENTIFICATION = 268369922;
        private final WeakReference<Sign> mOuter;

        public MyMessageHandler(Sign sign, Looper looper) {
            super(looper);
            this.mOuter = new WeakReference<>(sign);
        }

        @Override // android.os.Handler
        public void handleMessage(Message message) {
            Sign sign = this.mOuter.get();
            Preconditions.checkState(sign != null, "outer reference is null");
            Looper myLooper = Looper.myLooper();
            Preconditions.checkState(myLooper != null, "myLooper is null");
            int i = message.what;
            if (i == 41) {
                sign.mResultHandler.removeMessages(CANCEL_IDENTIFICATION);
                sign.sendErrorResult((short) 2);
                myLooper.quit();
                return;
            }
            if (i == CANCEL_IDENTIFICATION) {
                Preconditions.checkState(sign.mCancellationSignal != null, "mCancellationSignal is null");
                RaLog.v(sign.getTag(), "enroll canceled");
                sign.sendErrorResult((short) 5);
                sign.mCancellationSignal.cancel();
                return;
            }
            if (i == 49 || i == 50) {
                return;
            }
            switch (i) {
                case 32:
                    sign.mResultHandler.removeMessages(CANCEL_IDENTIFICATION);
                    sign.doSign();
                    myLooper.quit();
                    return;
                case 33:
                case 34:
                case 36:
                case 37:
                    sign.mResultHandler.removeMessages(CANCEL_IDENTIFICATION);
                    sign.sendErrorResult((short) 2);
                    myLooper.quit();
                    return;
                case 35:
                    sign.mResultHandler.removeMessages(CANCEL_IDENTIFICATION);
                    sign.sendErrorResult((short) 5);
                    myLooper.quit();
                    return;
                default:
                    RaLog.e(sign.getTag(), "Unknown message = " + message.what);
                    myLooper.quit();
                    throw new UnsupportedOperationException("Unknown message = " + message.what);
            }
        }
    }

    public Sign(OperationArgs operationArgs) {
        super(operationArgs);
        this.mOriginalTlvSignCommand = null;
        this.mAuthenticatorInfo = null;
        this.mResultHandler = null;
        this.mCancellationSignal = null;
        RaLog.v(getTag(), "Sign is created");
    }

    private TlvSignCommand buildCommand(AuthenticatorInfoOperation authenticatorInfoOperation, TlvSignCommand tlvSignCommand, byte[] bArr) {
        TlvSignCommand.Builder newBuilder = TlvSignCommand.newBuilder(tlvSignCommand.getTlvAuthenticatorIndex(), tlvSignCommand.getTlvFinalChallenge(), tlvSignCommand.getTlvKeyHandleAccessToken());
        if (tlvSignCommand.getTlvAppId() != null) {
            newBuilder.setTlvAppId(tlvSignCommand.getTlvAppId());
        }
        if (tlvSignCommand.getTlvTransactionContent() != null) {
            newBuilder.setTlvTransactionContent(tlvSignCommand.getTlvTransactionContent());
        }
        List<TlvKeyHandle> buildCommandKeyHandlesForFirstFactor = authenticatorInfoOperation.getRecord().isSecondFactor() ^ true ? buildCommandKeyHandlesForFirstFactor(authenticatorInfoOperation, tlvSignCommand) : tlvSignCommand.getTlvKeyHandleList();
        if (buildCommandKeyHandlesForFirstFactor == null || buildCommandKeyHandlesForFirstFactor.isEmpty()) {
            RaLog.v(getTag(), "No keyHandles found");
            return null;
        }
        newBuilder.setTlvKeyHandleList(buildCommandKeyHandlesForFirstFactor);
        if (tlvSignCommand.getTlvExtensionList() != null) {
            newBuilder.setTlvExtensionList(tlvSignCommand.getTlvExtensionList());
        }
        newBuilder.setTlvUserVerifyToken(TlvUserVerifyToken.newBuilder(bArr).build());
        return newBuilder.build();
    }

    private List<TlvKeyHandle> buildCommandKeyHandlesForFirstFactor(AuthenticatorInfoOperation authenticatorInfoOperation, TlvSignCommand tlvSignCommand) {
        List<TlvKeyHandle> tlvKeyHandleList = tlvSignCommand.getTlvKeyHandleList();
        OperationArgs operationArgs = getOperationArgs();
        short authenticatorIndex = tlvSignCommand.getTlvAuthenticatorIndex().getAuthenticatorIndex();
        List<String> callerId = AuthenticatorManager.getInstance().getCallerId(operationArgs.getContext(), operationArgs.getCallerPackageName());
        ByteBuffer allocate = ByteBuffer.allocate(1024);
        Iterator<String> it = callerId.iterator();
        while (it.hasNext()) {
            allocate.put(it.next().getBytes());
        }
        String encode = BaseEncoding.base64Url().omitPadding().encode(Arrays.copyOfRange(allocate.array(), 0, allocate.position()));
        String encode2 = BaseEncoding.base64Url().omitPadding().encode(operationArgs.getRemoteCallerId().getBytes());
        byte[] appId = tlvSignCommand.getTlvAppId().getAppId();
        if (authenticatorInfoOperation.getRecord().isNeedAppIdParam()) {
            Preconditions.checkState(appId != null, "TAG_APPID is required");
        }
        String encode3 = appId != null ? BaseEncoding.base64Url().omitPadding().encode(appId) : null;
        return (tlvKeyHandleList == null || tlvKeyHandleList.isEmpty()) ? retrieveRegistrationAll(authenticatorInfoOperation, authenticatorIndex, encode, encode2, encode3) : retrieveRegistrationWithKeyId(authenticatorInfoOperation, authenticatorIndex, encode, encode2, encode3, tlvKeyHandleList);
    }

    private TlvSignResponse buildResponse(TlvSignResponse tlvSignResponse) {
        TlvSignResponse.Builder newBuilder = TlvSignResponse.newBuilder(tlvSignResponse.getTlvStatusCode());
        if (tlvSignResponse.getTlvStatusCode().getValue() == 0) {
            if (tlvSignResponse.getTlvUserNameAndKeyHandleList() != null) {
                Preconditions.checkState(tlvSignResponse.getTlvAuthenticatorAssertion() == null, "choice 2 is not null");
                newBuilder.setTlvUserNameAndKeyHandleList(tlvSignResponse.getTlvUserNameAndKeyHandleList());
            }
            if (tlvSignResponse.getTlvAuthenticatorAssertion() != null) {
                Preconditions.checkState(tlvSignResponse.getTlvUserNameAndKeyHandleList() == null, "choice 1 is not null");
                newBuilder.setTlvAuthenticatorAssertion(tlvSignResponse.getTlvAuthenticatorAssertion());
            }
            if (tlvSignResponse.getTlvExtensionList() != null) {
                newBuilder.setTlvExtensionList(tlvSignResponse.getTlvExtensionList());
            }
        }
        return newBuilder.build();
    }

    private void doRun() {
        OperationArgs operationArgs = getOperationArgs();
        if (!isValidArgs(operationArgs) || this.mOriginalTlvSignCommand == null) {
            RaLog.e(getTag(), "args is invalid");
            sendErrorResult((short) 1);
            return;
        }
        CancellationSignal cancellationSignal = operationArgs.getCancellationSignal();
        if (cancellationSignal != null && cancellationSignal.isCanceled()) {
            RaLog.w(getTag(), "operation has been canceled");
            sendErrorResult((short) 5);
            return;
        }
        boolean hasExternalVerificationUi = operationArgs.hasExternalVerificationUi();
        if (hasExternalVerificationUi) {
            int i = AnonymousClass1.$SwitchMap$com$samsung$android$clavis$fido$uaf$ra$sdk$UafAuthenticator$AuthResult[operationArgs.getExternalAuthResult().ordinal()];
            if (i == 1) {
                RaLog.v(getTag(), "CANCEL");
                sendErrorResult((short) 5);
                return;
            }
            if (i == 2) {
                RaLog.v(getTag(), "TIMEOUT");
                sendErrorResult((short) 5);
                return;
            } else if (i == 3) {
                RaLog.v(getTag(), "FAIL");
                sendErrorResult((short) 2);
                return;
            } else {
                if (i != 4) {
                    RaLog.e(getTag(), "authResult is invalid");
                    sendErrorResult((short) 1);
                    return;
                }
                RaLog.v(getTag(), "SUCCESS");
            }
        }
        Context context = operationArgs.getContext();
        AuthenticatorManager authenticatorManager = AuthenticatorManager.getInstance();
        authenticatorManager.start(context);
        short authenticatorIndex = this.mOriginalTlvSignCommand.getTlvAuthenticatorIndex().getAuthenticatorIndex();
        SparseArray<AuthenticatorInfoOperation> localAuthenticatorInfos = authenticatorManager.getLocalAuthenticatorInfos();
        if (localAuthenticatorInfos == null || localAuthenticatorInfos.size() == 0) {
            RaLog.e(getTag(), "authenticatorInfos is invalid");
            sendErrorResult((short) 1);
            return;
        }
        RaLog.v(getTag(), "authenticatorInfos.size() : " + localAuthenticatorInfos.size());
        AuthenticatorInfoOperation authenticatorInfoOperation = localAuthenticatorInfos.get(authenticatorIndex);
        this.mAuthenticatorInfo = authenticatorInfoOperation;
        if (authenticatorInfoOperation == null) {
            RaLog.e(getTag(), "info is null");
            sendErrorResult((short) 1);
            return;
        }
        if (authenticatorInfoOperation.getRecord().isNeedAppIdParam() && this.mOriginalTlvSignCommand.getTlvAppId() == null) {
            RaLog.e(getTag(), "TAG_APPID is required");
            sendErrorResult((short) 1);
            return;
        }
        byte[] finalChallenge = this.mOriginalTlvSignCommand.getTlvFinalChallenge().getFinalChallenge();
        if (hasExternalVerificationUi) {
            doSign();
            return;
        }
        VerifierOperation verifier = VerifierOperations.getVerifier(context, authenticatorInfoOperation.getRecord().getUserVerification());
        if (verifier == null) {
            RaLog.e(getTag(), "verifier is null");
            sendErrorResult((short) 1);
            return;
        }
        if (!verifier.isEnrolled(context)) {
            RaLog.e(getTag(), "No enrollment found");
            sendErrorResult((short) 3);
            return;
        }
        Looper.prepare();
        Looper myLooper = Looper.myLooper();
        Preconditions.checkState(myLooper != null, "myLooper is null");
        this.mResultHandler = new MyMessageHandler(this, myLooper);
        this.mCancellationSignal = new CancellationSignal();
        if (cancellationSignal != null) {
            cancellationSignal.setOnCancelListener(new MyCancelListener(this, this.mCancellationSignal));
        }
        if (authenticatorInfoOperation.prepareIdentify(context, finalChallenge) != 0) {
            RaLog.e(getTag(), "prepareIdentify failed");
            sendErrorResult((short) 1);
            myLooper.quit();
        } else {
            int identify = verifier.identify(context, new MyIdentificationCallback(this), this.mCancellationSignal);
            if (identify != 0) {
                if (8 == identify) {
                    RaLog.v(getTag(), "identify canceled");
                    sendErrorResult((short) 5);
                } else {
                    RaLog.e(getTag(), "identify failed");
                    sendErrorResult((short) 1);
                }
                myLooper.quit();
            } else {
                this.mResultHandler.sendEmptyMessageDelayed(268369922, 35L);
            }
        }
        Looper.loop();
        RaLog.v(getTag(), "looper for Sign terminated");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void doSign() {
        Preconditions.checkState(this.mOriginalTlvSignCommand != null, "mOriginalTlvSignCommand is null");
        Preconditions.checkState(this.mAuthenticatorInfo != null, "mAuthenticatorInfo is null");
        AuthenticatorInfoOperation authenticatorInfoOperation = this.mAuthenticatorInfo;
        byte[] finalizeIdentify = authenticatorInfoOperation.finalizeIdentify(getOperationArgs().getContext(), this.mOriginalTlvSignCommand.getTlvFinalChallenge().getFinalChallenge());
        if (finalizeIdentify == null) {
            RaLog.e(getTag(), "finalizeIdentify failed");
            sendErrorResult((short) 2);
            return;
        }
        TlvSignCommand buildCommand = buildCommand(authenticatorInfoOperation, this.mOriginalTlvSignCommand, finalizeIdentify);
        if (buildCommand == null) {
            RaLog.v(getTag(), "buildCommand failed");
            sendErrorResult((short) 2);
            return;
        }
        TlvSignResponse processSign = authenticatorInfoOperation.processSign(buildCommand);
        if (processSign != null) {
            sendResult(buildResponse(processSign).encode());
        } else {
            RaLog.e(getTag(), "processSign failed");
            sendErrorResult((short) 1);
        }
    }

    private List<TlvKeyHandle> retrieveRegistrationAll(AuthenticatorInfoOperation authenticatorInfoOperation, int i, String str, String str2, String str3) {
        ArrayList arrayList = new ArrayList();
        List<StorageArgs> search = StorageManager.getInstance().search(StorageArgs.newBuilder(i, str).setRemoteCallerId(str2).setAppId(str3).build(), StorageSearchOption.newBuilder().setOptionLimit(authenticatorInfoOperation.getRecord().getMaxKeyHandles()).setOptionOrderBy((short) 1).build(), getOperationArgs().getContext());
        if (search != null && !search.isEmpty()) {
            Iterator<StorageArgs> it = search.iterator();
            while (it.hasNext()) {
                StorageArgs next = it.next();
                boolean z = false;
                Preconditions.checkState(next != null, "result is null");
                if (next.getKeyHandle() != null) {
                    z = true;
                }
                Preconditions.checkState(z, "keyHandle is null");
                arrayList.add(TlvKeyHandle.newBuilder(BaseEncoding.base64Url().omitPadding().decode(next.getKeyHandle())).build());
            }
        }
        return arrayList;
    }

    private List<TlvKeyHandle> retrieveRegistrationWithKeyId(AuthenticatorInfoOperation authenticatorInfoOperation, int i, String str, String str2, String str3, List<TlvKeyHandle> list) {
        ArrayList arrayList = new ArrayList();
        HashSet hashSet = new HashSet();
        Iterator<TlvKeyHandle> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            TlvKeyHandle next = it.next();
            Preconditions.checkState(next != null, "tlvKeyHandle is null");
            List<StorageArgs> search = StorageManager.getInstance().search(StorageArgs.newBuilder(i, str).setRemoteCallerId(str2).setAppId(str3).setKeyId(BaseEncoding.base64Url().omitPadding().encode(next.getValue())).build(), StorageSearchOption.newBuilder().setOptionLimit((short) 1).setOptionOrderBy((short) 1).build(), getOperationArgs().getContext());
            if (search != null && !search.isEmpty()) {
                Preconditions.checkState(search.get(0).getKeyHandle() != null, "keyHandle is null");
                hashSet.add(search.get(0).getKeyHandle());
                if (hashSet.size() == authenticatorInfoOperation.getRecord().getMaxKeyHandles()) {
                    RaLog.w(getTag(), "keyHandle is limited");
                    break;
                }
            }
        }
        Preconditions.checkState(hashSet.size() <= authenticatorInfoOperation.getRecord().getMaxKeyHandles(), "keyHandle is invalid");
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            arrayList.add(TlvKeyHandle.newBuilder(BaseEncoding.base64Url().omitPadding().decode((String) it2.next())).build());
        }
        return arrayList;
    }

    @Override // com.samsung.android.clavis.fido.uaf.ra.operation.UafAuthenticatorOperation
    protected String getTag() {
        return "SG";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.samsung.android.clavis.fido.uaf.ra.operation.UafAuthenticatorOperation
    public boolean isValidArgs(OperationArgs operationArgs) {
        if (!super.isValidArgs(operationArgs)) {
            RaLog.e(getTag(), "args is invalid");
            return false;
        }
        try {
            this.mOriginalTlvSignCommand = new TlvSignCommand(BaseEncoding.base64Url().omitPadding().decode(operationArgs.getCommand()));
            if (!operationArgs.hasExternalVerificationUi() || operationArgs.getExternalAuthResult() != null) {
                return true;
            }
            RaLog.e(getTag(), "no AuthResult is given with the external verification UI");
            return false;
        } catch (IllegalArgumentException | IllegalStateException unused) {
            RaLog.e(getTag(), "args is invalid");
            return false;
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        try {
            RaLog.i(getTag(), "[1]");
            doRun();
        } catch (Exception e) {
            if (e.getMessage() != null) {
                RaLog.e(getTag(), "run failed : " + e.getMessage());
            } else {
                e.printStackTrace();
            }
            sendErrorResult((short) 1);
        }
        RaLog.i(getTag(), "[3]");
    }

    @Override // com.samsung.android.clavis.fido.uaf.ra.operation.UafAuthenticatorOperation
    protected void sendErrorResult(short s) {
        TlvSignResponse build = TlvSignResponse.newBuilder(TlvStatusCode.newBuilder(s).build()).build();
        RaLog.i(getTag(), "[2][" + ((int) s) + "]");
        sendResult(build.encode());
    }
}
