package com.noknok.android.client.asm.core.uaf;

import android.app.Activity;
import android.content.Context;
import android.content.Intent;
import android.content.pm.Signature;
import android.graphics.Bitmap;
import android.graphics.BitmapFactory;
import android.util.Base64;
import androidx.annotation.NonNull;
import com.fido.android.framework.tm.core.prov.CryptoModule;
import com.google.android.exoplayer2.C;
import com.google.gson.Gson;
import com.google.gson.JsonObject;
import com.noknok.android.client.asm.api.AsmException;
import com.noknok.android.client.asm.api.AuthenticatorInfo;
import com.noknok.android.client.asm.api.uaf.json.ASMResponse;
import com.noknok.android.client.asm.api.uaf.json.AuthenticateIn;
import com.noknok.android.client.asm.api.uaf.json.AuthenticatorInfo;
import com.noknok.android.client.asm.api.uaf.json.DeregisterIn;
import com.noknok.android.client.asm.api.uaf.json.Extension;
import com.noknok.android.client.asm.api.uaf.json.GetRegistrationsOut;
import com.noknok.android.client.asm.api.uaf.json.RegisterIn;
import com.noknok.android.client.asm.api.uaf.json.RegisterOut;
import com.noknok.android.client.asm.api.uaf.json.Version;
import com.noknok.android.client.asm.authenticator.KsUafAuthenticatorKernel;
import com.noknok.android.client.asm.core.GetInfoParams;
import com.noknok.android.client.asm.core.MatcherParamsHelper;
import com.noknok.android.client.asm.core.TransactionActivity;
import com.noknok.android.client.asm.core.shared.DescriptorLoader;
import com.noknok.android.client.asm.extensions.KeyAttestation;
import com.noknok.android.client.asm.sdk.IAKSelector;
import com.noknok.android.client.asm.sdk.IAuthenticatorDescriptor;
import com.noknok.android.client.asm.sdk.IAuthenticatorKernel;
import com.noknok.android.client.asm.sdk.IMatcher;
import com.noknok.android.client.asm.sdk.ProtocolType;
import com.noknok.android.client.asm.sdk.UVTMatcherOutParams;
import com.noknok.android.client.extension.ExtensionManager;
import com.noknok.android.client.extension.IExtensionProcessor;
import com.noknok.android.client.utils.ActivityStarter;
import com.noknok.android.client.utils.Charsets;
import com.noknok.android.client.utils.JsonObjectAdapter;
import com.noknok.android.client.utils.Logger;
import com.noknok.android.client.utils.Outcome;
import com.noknok.android.client.utils.UserSelectionUIFactory;
import com.noknok.android.uaf.asmcore.AKProcessor;
import com.noknok.android.uaf.asmcore.AuthenticatorDatabase;
import com.noknok.android.uaf.asmcore.AuthenticatorDatabaseFactory;
import com.noknok.android.uaf.asmcore.TLVCommandEncoder;
import com.noknok.android.uaf.extensions.ExtensionList;
import java.io.ByteArrayOutputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.concurrent.Semaphore;

/* loaded from: classes3.dex */
public class AuthenticatorCore {
    public static final String c = "AuthenticatorCore";
    public static final Random d = new Random();
    public AuthenticatorDatabase a;
    public final Semaphore b;
    public IAuthenticatorDescriptor e;
    public AKProcessor f;
    public AKProcessor.AkAuthnrInfo g;
    public byte[] h;
    public byte[] i;
    public TCDisplayResponse j;
    public AntiHammering k;
    public IMatcher l;
    public ExtensionManager m;
    public Context mContext;
    public Gson n;
    public IAuthenticatorKernel o;
    public boolean p;

    /* renamed from: com.noknok.android.client.asm.core.uaf.AuthenticatorCore$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class AnonymousClass1 {
        public static final /* synthetic */ int[] a;
        public static final /* synthetic */ int[] b;
        public static final /* synthetic */ int[] c = new int[Outcome.values().length];

        static {
            try {
                c[Outcome.CANCELED.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                c[Outcome.USER_LOCKOUT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            b = new int[IMatcher.EnrollState.values().length];
            try {
                b[IMatcher.EnrollState.ENROLLED.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                b[IMatcher.EnrollState.NOT_ENROLLED.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                b[IMatcher.EnrollState.UNAVAILABLE.ordinal()] = 3;
            } catch (NoSuchFieldError unused5) {
            }
            a = new int[IAuthenticatorDescriptor.TransactionUI.values().length];
            try {
                a[IAuthenticatorDescriptor.TransactionUI.Default.ordinal()] = 1;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                a[IAuthenticatorDescriptor.TransactionUI.Custom.ordinal()] = 2;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                a[IAuthenticatorDescriptor.TransactionUI.None.ordinal()] = 3;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    /* loaded from: classes3.dex */
    public static class TCDisplayResponse {
        public byte[] a;
        public Outcome b;

        public TCDisplayResponse() {
        }

        public /* synthetic */ TCDisplayResponse(byte b) {
            this();
        }

        public Outcome getOutcome() {
            return this.b;
        }

        public void setOutcome(Outcome outcome) {
            this.b = outcome;
        }
    }

    /* loaded from: classes3.dex */
    public static class UserVerifyResponse {
        public byte[] a;
        public byte[] b;
        public String c;
        public short d;
        public Byte e;
        public List<IMatcher.Extension> extensions;
        public IMatcher.MatcherInParams f;
        public MatcherParamsHelper.AuthenticatorMatcherType g;

        public UserVerifyResponse() {
            this.f = null;
        }

        public /* synthetic */ UserVerifyResponse(byte b) {
            this();
        }

        public Outcome getOutcome() {
            return Outcome.fromAsmStatusCode(this.d);
        }

        public void setOutcome(Outcome outcome) {
            this.d = outcome.getUafAsmStatusCode();
        }
    }

    /* loaded from: classes3.dex */
    public static class Username {
        public String keyHandle;
        public long timeStamp;
        public String username;

        public Username(String str, String str2, long j) {
            this.username = str;
            this.keyHandle = str2;
            this.timeStamp = j;
        }
    }

    public AuthenticatorCore() {
        this.mContext = null;
        this.e = null;
        this.a = null;
        this.f = null;
        this.g = null;
        this.h = null;
        this.i = null;
        this.j = null;
        this.k = null;
        this.l = null;
        this.m = null;
        this.n = JsonObjectAdapter.GsonBuilder().create();
        this.o = null;
        this.p = false;
        this.b = new Semaphore(1);
    }

    public AuthenticatorCore(IAuthenticatorDescriptor iAuthenticatorDescriptor) {
        this.mContext = null;
        this.e = null;
        this.a = null;
        this.f = null;
        this.g = null;
        this.h = null;
        this.i = null;
        this.j = null;
        this.k = null;
        this.l = null;
        this.m = null;
        this.n = JsonObjectAdapter.GsonBuilder().create();
        this.o = null;
        this.p = false;
        this.b = new Semaphore(1);
        this.e = iAuthenticatorDescriptor;
    }

    private byte a(@NonNull UserVerifyResponse userVerifyResponse) {
        Byte b = userVerifyResponse.e;
        if (b == null) {
            return (byte) this.g.generalInfo.authenticatorIndex;
        }
        byte byteValue = b.byteValue();
        Logger.i(c, "AuthenticatorIndex returned by matcher: " + ((int) byteValue));
        return byteValue;
    }

    private GetRegistrationsOut a(String str) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("The callerID is invalid");
        }
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        GetRegistrationsOut getRegistrationsOut = new GetRegistrationsOut();
        if (!this.g.generalInfo.isRoamingAuthenticator) {
            this.a.validateUserRegistrations(this.l);
        }
        int i = 0;
        for (AuthenticatorDatabase.RegistrationRecord registrationRecord : this.a.getRegistrations(str)) {
            Integer num = (Integer) hashMap.get(registrationRecord.appID);
            if (num == null) {
                hashMap.put(registrationRecord.appID, Integer.valueOf(i));
                arrayList.add(new GetRegistrationsOut.AppRegistration(registrationRecord.appID, registrationRecord.keyID));
                i++;
            } else {
                ((GetRegistrationsOut.AppRegistration) arrayList.get(num.intValue())).keyIDs.add(registrationRecord.keyID);
            }
        }
        getRegistrationsOut.appRegs = arrayList;
        return getRegistrationsOut;
    }

    private UserVerifyResponse a(String str, String str2, byte[] bArr, Activity activity, List<IMatcher.Extension> list) {
        Logger.d(c, "verifyUser");
        byte b = 0;
        UserVerifyResponse userVerifyResponse = new UserVerifyResponse(b);
        userVerifyResponse.setOutcome(Outcome.ACCESS_DENIED);
        if (str2 != null) {
            int i = AnonymousClass1.a[this.e.getTransactionUIType().ordinal()];
            if (i == 1) {
                boolean z = this.p;
                TCDisplayResponse tCDisplayResponse = new TCDisplayResponse(b);
                tCDisplayResponse.setOutcome(Outcome.FAILURE);
                Intent intent = new Intent(this.mContext, (Class<?>) TransactionActivity.class);
                intent.addFlags(C.ENCODING_PCM_MU_LAW);
                intent.putExtra(TransactionActivity.TRANSACTION, str2);
                intent.putExtra(TransactionActivity.TRANSACTION_TYPE, str);
                intent.putExtra("KEY_SHOW_WHEN_LOCKED", z);
                Outcome outcome = (Outcome) ActivityStarter.startActivityForResult(this.mContext, intent, null, 0);
                if (outcome != null) {
                    Outcome outcome2 = Outcome.SUCCESS;
                    if (outcome == outcome2) {
                        tCDisplayResponse.setOutcome(outcome2);
                        byte[] decode = Base64.decode(str2, 11);
                        if (decode.length == 0) {
                            Logger.e(c, "Nothing to display");
                            tCDisplayResponse.setOutcome(Outcome.FAILURE);
                        } else {
                            tCDisplayResponse.a = this.f.prepareTCToken(decode, bArr);
                        }
                    } else {
                        tCDisplayResponse.setOutcome(Outcome.CANCELED);
                    }
                }
                this.j = tCDisplayResponse;
                if (this.j.getOutcome() != Outcome.SUCCESS) {
                    Outcome outcome3 = this.j.getOutcome();
                    Outcome outcome4 = Outcome.CANCELED;
                    if (outcome3 == outcome4) {
                        userVerifyResponse.setOutcome(outcome4);
                    }
                    return userVerifyResponse;
                }
            } else if (i == 2) {
                this.j = new TCDisplayResponse(b);
                this.j.setOutcome(Outcome.SUCCESS);
                byte[] decode2 = Base64.decode(str2, 11);
                if (decode2.length == 0) {
                    Logger.e(c, "No transaction text to display");
                    this.j.setOutcome(Outcome.FAILURE);
                    return userVerifyResponse;
                }
                this.j.a = this.f.prepareTCToken(decode2, bArr);
            } else if (i == 3) {
                throw new AsmException(Outcome.ACCESS_DENIED, "The authenticator doesn't support transaction confirmation");
            }
        }
        GetInfoParams getInfoParams = new GetInfoParams(str2, null);
        userVerifyResponse.g = MatcherParamsHelper.getMatcherType(this.e.isAKManagedMatcher(), this.g.generalInfo.isRoamingAuthenticator, this.l);
        try {
            this.b.acquire();
            try {
                boolean hasRegistrations = this.a.hasRegistrations();
                this.b.release();
                userVerifyResponse.f = MatcherParamsHelper.createMatcherInParams(userVerifyResponse.g, getInfoParams, bArr, this.k, this.g.generalInfo.aaid, activity, Boolean.valueOf(hasRegistrations)).setExtensions(list);
                if (userVerifyResponse.g == MatcherParamsHelper.AuthenticatorMatcherType.MATCHER_TYPE_AKMANAGED) {
                    userVerifyResponse.setOutcome(Outcome.SUCCESS);
                    return userVerifyResponse;
                }
                IMatcher.MatcherOutParams authenticate = this.l.authenticate(userVerifyResponse.f);
                a(authenticate);
                userVerifyResponse.setOutcome(Outcome.SUCCESS);
                userVerifyResponse.b = null;
                userVerifyResponse.extensions = authenticate.getExtensions();
                userVerifyResponse.e = authenticate.getAuthIndex();
                if (authenticate.getUserID() != null) {
                    userVerifyResponse.c = Base64.encodeToString(authenticate.getUserID(), 0);
                }
                if (userVerifyResponse.g == MatcherParamsHelper.AuthenticatorMatcherType.MATCHER_TYPE_UVT) {
                    userVerifyResponse.a = ((UVTMatcherOutParams) authenticate).getUVT();
                }
                return userVerifyResponse;
            } catch (Throwable th) {
                this.b.release();
                throw th;
            }
        } catch (InterruptedException e) {
            throw new IllegalStateException(e);
        }
    }

    private UserVerifyResponse a(byte[] bArr, Activity activity, List<IMatcher.Extension> list) {
        Logger.d(c, "enrollUser");
        UserVerifyResponse userVerifyResponse = new UserVerifyResponse((byte) 0);
        userVerifyResponse.setOutcome(Outcome.ACCESS_DENIED);
        userVerifyResponse.g = MatcherParamsHelper.getMatcherType(this.e.isAKManagedMatcher(), this.g.generalInfo.isRoamingAuthenticator, this.l);
        try {
            this.b.acquire();
            try {
                boolean hasRegistrations = this.a.hasRegistrations();
                this.b.release();
                userVerifyResponse.f = MatcherParamsHelper.createMatcherInParams(userVerifyResponse.g, new GetInfoParams(), bArr, this.k, this.g.generalInfo.aaid, activity, Boolean.valueOf(hasRegistrations)).setExtensions(list);
                if (userVerifyResponse.g == MatcherParamsHelper.AuthenticatorMatcherType.MATCHER_TYPE_AKMANAGED) {
                    userVerifyResponse.setOutcome(Outcome.SUCCESS);
                    return userVerifyResponse;
                }
                IMatcher.MatcherOutParams register = this.l.register(userVerifyResponse.f);
                a(register);
                userVerifyResponse.setOutcome(Outcome.SUCCESS);
                userVerifyResponse.b = null;
                userVerifyResponse.extensions = register.getExtensions();
                userVerifyResponse.e = register.getAuthIndex();
                if (register.getUserID() != null) {
                    userVerifyResponse.c = Base64.encodeToString(register.getUserID(), 0);
                }
                if (userVerifyResponse.g == MatcherParamsHelper.AuthenticatorMatcherType.MATCHER_TYPE_UVT) {
                    userVerifyResponse.a = ((UVTMatcherOutParams) register).getUVT();
                }
                return userVerifyResponse;
            } catch (Throwable th) {
                this.b.release();
                throw th;
            }
        } catch (InterruptedException e) {
            throw new IllegalStateException(e);
        }
    }

    private Username a(List<Username> list) {
        ArrayList<String> arrayList = new ArrayList<>();
        Iterator<Username> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().username);
        }
        int openUI = UserSelectionUIFactory.getInstance().createUserSelectionUIInstance().openUI(this.mContext, arrayList, this.p);
        if (openUI < 0 || openUI >= list.size()) {
            return null;
        }
        return list.get(openUI);
    }

    private Username a(List<Username> list, AuthenticateIn authenticateIn) {
        HashMap hashMap = new HashMap();
        if (this.g.generalInfo.isRoamingAuthenticator) {
            for (Username username : list) {
                hashMap.put(username.username, username);
            }
        } else {
            String encodeToString = Base64.encodeToString(this.h, 11);
            try {
                this.b.acquire();
                try {
                    a(list, this.a.getRegistrations(encodeToString, authenticateIn.appID, authenticateIn.keyIDs), hashMap);
                } finally {
                    this.b.release();
                }
            } catch (InterruptedException e) {
                throw new IllegalStateException(e);
            }
        }
        if (hashMap.size() <= 1) {
            return hashMap.get(list.get(0).username);
        }
        Username a = a(new ArrayList(hashMap.values()));
        if (a != null) {
            return a;
        }
        Logger.w(c, "User canceled username selection");
        throw new AsmException(Outcome.CANCELED);
    }

    public static IMatcher.Extension a(Extension extension) {
        IMatcher.Extension extension2 = new IMatcher.Extension();
        extension2.fail_if_unknown = extension.fail_if_unknown.booleanValue();
        extension2.id = extension.id;
        extension2.data = extension.data.getBytes(Charsets.utf8Charset);
        return extension2;
    }

    private AKProcessor.AKResponseParams a(AKProcessor.AKRequestParams aKRequestParams, ArrayList<String> arrayList, int i) {
        for (int i2 = 0; i2 < i; i2++) {
            aKRequestParams.keyHandles.add(Base64.decode(arrayList.get(0), 11));
            arrayList.remove(0);
        }
        AKProcessor.AKResponseParams processAK = this.f.processAK(aKRequestParams);
        aKRequestParams.keyHandles.clear();
        a(processAK.additionalAKInfoToBeStored);
        return processAK;
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x005b A[Catch: all -> 0x00fb, TryCatch #0 {all -> 0x00fb, blocks: (B:3:0x000e, B:5:0x0022, B:9:0x0035, B:11:0x005b, B:12:0x005f, B:13:0x00a4, B:17:0x00b0, B:19:0x00bc, B:21:0x00c2, B:22:0x00d0, B:25:0x00d1, B:27:0x00e1, B:30:0x00ec, B:31:0x00fa, B:32:0x002d), top: B:2:0x000e }] */
    /* JADX WARN: Removed duplicated region for block: B:16:0x00ae  */
    /* JADX WARN: Removed duplicated region for block: B:27:0x00e1 A[Catch: all -> 0x00fb, TRY_LEAVE, TryCatch #0 {all -> 0x00fb, blocks: (B:3:0x000e, B:5:0x0022, B:9:0x0035, B:11:0x005b, B:12:0x005f, B:13:0x00a4, B:17:0x00b0, B:19:0x00bc, B:21:0x00c2, B:22:0x00d0, B:25:0x00d1, B:27:0x00e1, B:30:0x00ec, B:31:0x00fa, B:32:0x002d), top: B:2:0x000e }] */
    /* JADX WARN: Removed duplicated region for block: B:30:0x00ec A[Catch: all -> 0x00fb, TRY_ENTER, TryCatch #0 {all -> 0x00fb, blocks: (B:3:0x000e, B:5:0x0022, B:9:0x0035, B:11:0x005b, B:12:0x005f, B:13:0x00a4, B:17:0x00b0, B:19:0x00bc, B:21:0x00c2, B:22:0x00d0, B:25:0x00d1, B:27:0x00e1, B:30:0x00ec, B:31:0x00fa, B:32:0x002d), top: B:2:0x000e }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private com.noknok.android.uaf.asmcore.AKProcessor.AKResponseParams a(byte[] r16, com.noknok.android.client.asm.core.uaf.AuthenticatorCore.TCDisplayResponse r17, com.noknok.android.client.asm.api.uaf.json.AuthenticateIn r18, com.noknok.android.client.asm.core.uaf.AuthenticatorCore.UserVerifyResponse r19, byte[] r20, java.util.List<com.noknok.android.client.asm.sdk.IMatcher.Extension> r21, java.util.ArrayList<java.lang.String> r22) {
        /*
            Method dump skipped, instructions count: 258
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.noknok.android.client.asm.core.uaf.AuthenticatorCore.a(byte[], com.noknok.android.client.asm.core.uaf.AuthenticatorCore$TCDisplayResponse, com.noknok.android.client.asm.api.uaf.json.AuthenticateIn, com.noknok.android.client.asm.core.uaf.AuthenticatorCore$UserVerifyResponse, byte[], java.util.List, java.util.ArrayList):com.noknok.android.uaf.asmcore.AKProcessor$AKResponseParams");
    }

    public static AuthenticatorDatabase.RegistrationRecord a(List<AuthenticatorDatabase.RegistrationRecord> list, String str) {
        for (AuthenticatorDatabase.RegistrationRecord registrationRecord : list) {
            if (registrationRecord.keyHandle.equals(str)) {
                return registrationRecord;
            }
        }
        return null;
    }

    private ArrayList<String> a(AuthenticateIn authenticateIn) {
        ArrayList<String> arrayList = new ArrayList<>();
        if (this.g.generalInfo.isRoamingAuthenticator) {
            List<String> list = authenticateIn.keyIDs;
            if (list != null) {
                arrayList.addAll(list);
            }
        } else {
            String encodeToString = Base64.encodeToString(this.h, 11);
            Logger.i(c, "Authenticate. Get registrations for callerID: " + encodeToString + ", appID: " + authenticateIn.appID);
            List<AuthenticatorDatabase.RegistrationRecord> registrations = this.a.getRegistrations(encodeToString, authenticateIn.appID, authenticateIn.keyIDs);
            if (registrations.isEmpty()) {
                Logger.e(c, "No registrations found");
                throw new AsmException(Outcome.ACCESS_DENIED);
            }
            Iterator<AuthenticatorDatabase.RegistrationRecord> it = registrations.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().keyHandle);
            }
        }
        return arrayList;
    }

    public static void a(IMatcher.MatcherOutParams matcherOutParams) {
        if (matcherOutParams == null) {
            throw new AsmException(Outcome.FAILURE);
        }
        IMatcher.RESULT matchResult = matcherOutParams.getMatchResult();
        if (matchResult != IMatcher.RESULT.SUCCESS) {
            throw new AsmException(IMatcher.RESULT.fromResult(matchResult));
        }
    }

    private void a(List<Username> list, List<AuthenticatorDatabase.RegistrationRecord> list2, Map<String, Username> map) {
        ArrayList<AuthenticatorDatabase.RegistrationRecord> arrayList = new ArrayList();
        for (Username username : list) {
            AuthenticatorDatabase.RegistrationRecord a = a(list2, username.keyHandle);
            if (a != null) {
                Username username2 = map.get(username.username);
                if (username2 == null || a.timeStamp > username2.timeStamp) {
                    if (username2 != null) {
                        AuthenticatorDatabase.RegistrationRecord registrationRecord = new AuthenticatorDatabase.RegistrationRecord();
                        AuthenticatorDatabase.RegistrationRecord a2 = a(list2, username2.keyHandle);
                        if (a2 != null) {
                            registrationRecord.appID = a2.appID;
                            registrationRecord.keyID = a2.keyID;
                            arrayList.add(registrationRecord);
                        }
                    }
                    username.timeStamp = a.timeStamp;
                    map.put(username.username, username);
                } else {
                    AuthenticatorDatabase.RegistrationRecord registrationRecord2 = new AuthenticatorDatabase.RegistrationRecord();
                    registrationRecord2.appID = a.appID;
                    registrationRecord2.keyID = a.keyID;
                    arrayList.add(registrationRecord2);
                }
            }
        }
        for (AuthenticatorDatabase.RegistrationRecord registrationRecord3 : arrayList) {
            if (a(registrationRecord3.appID, registrationRecord3.keyID, new ArrayList()).getOutcome() != Outcome.SUCCESS) {
                Logger.e(c, "Database cleanup info: Can't delete old registration");
            }
        }
    }

    private void a(byte[] bArr) {
        if (bArr == null || this.g.generalInfo.isRoamingAuthenticator) {
            return;
        }
        this.a.storeAKConfig(Base64.encodeToString(bArr, 11));
    }

    private boolean a() {
        int i = AnonymousClass1.b[this.l.isUserEnrolled().ordinal()];
        if (i == 1) {
            return true;
        }
        if (i == 2) {
            return false;
        }
        if (i == 3) {
            return this.g.generalInfo.isRoamingAuthenticator || this.a.hasRegistrations();
        }
        throw new IllegalArgumentException();
    }

    public static byte[] a(Context context, String str) {
        try {
            Signature[] signatureArr = context.getPackageManager().getPackageInfo(str, 64).signatures;
            if (signatureArr == null || signatureArr.length == 0) {
                return null;
            }
            MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
            messageDigest.update(signatureArr[0].toByteArray());
            return messageDigest.digest();
        } catch (Exception e) {
            Logger.e(c, "Failed to get callerId", e);
            return null;
        }
    }

    public static boolean b(List<Extension> list) {
        for (Extension extension : list) {
            if (extension == null || !extension.isValid()) {
                return false;
            }
        }
        return true;
    }

    private byte[] b() {
        String aSMToken = this.a.getASMToken();
        if (aSMToken != null) {
            return Base64.decode(aSMToken, 11);
        }
        if (this.g.generalInfo.isRoamingAuthenticator) {
            return null;
        }
        Logger.d(c, "Not roaming authenticator setting ASMToken");
        byte[] bArr = new byte[32];
        d.nextBytes(bArr);
        this.a.storeASMToken(Base64.encodeToString(bArr, 11));
        return bArr;
    }

    private byte[] c() {
        String aKConfig = this.a.getAKConfig();
        return aKConfig != null ? Base64.decode(aKConfig, 11) : new byte[0];
    }

    /* JADX WARN: Removed duplicated region for block: B:23:0x00c2 A[Catch: AsmException -> 0x0170, TryCatch #1 {AsmException -> 0x0170, blocks: (B:3:0x0005, B:5:0x0010, B:7:0x0026, B:9:0x002c, B:10:0x0035, B:12:0x003b, B:14:0x004c, B:15:0x0066, B:17:0x0073, B:21:0x0084, B:23:0x00c2, B:24:0x00c5, B:26:0x00d5, B:27:0x00de, B:29:0x00e4, B:31:0x0123, B:33:0x0129, B:34:0x012c, B:38:0x013c, B:40:0x0144, B:42:0x014c, B:50:0x0164, B:51:0x016f, B:52:0x007e, B:36:0x012e, B:46:0x0157, B:47:0x0162), top: B:2:0x0005, inners: #0 }] */
    /* JADX WARN: Removed duplicated region for block: B:26:0x00d5 A[Catch: AsmException -> 0x0170, TryCatch #1 {AsmException -> 0x0170, blocks: (B:3:0x0005, B:5:0x0010, B:7:0x0026, B:9:0x002c, B:10:0x0035, B:12:0x003b, B:14:0x004c, B:15:0x0066, B:17:0x0073, B:21:0x0084, B:23:0x00c2, B:24:0x00c5, B:26:0x00d5, B:27:0x00de, B:29:0x00e4, B:31:0x0123, B:33:0x0129, B:34:0x012c, B:38:0x013c, B:40:0x0144, B:42:0x014c, B:50:0x0164, B:51:0x016f, B:52:0x007e, B:36:0x012e, B:46:0x0157, B:47:0x0162), top: B:2:0x0005, inners: #0 }] */
    /* JADX WARN: Removed duplicated region for block: B:38:0x013c A[Catch: AsmException -> 0x0170, TRY_ENTER, TryCatch #1 {AsmException -> 0x0170, blocks: (B:3:0x0005, B:5:0x0010, B:7:0x0026, B:9:0x002c, B:10:0x0035, B:12:0x003b, B:14:0x004c, B:15:0x0066, B:17:0x0073, B:21:0x0084, B:23:0x00c2, B:24:0x00c5, B:26:0x00d5, B:27:0x00de, B:29:0x00e4, B:31:0x0123, B:33:0x0129, B:34:0x012c, B:38:0x013c, B:40:0x0144, B:42:0x014c, B:50:0x0164, B:51:0x016f, B:52:0x007e, B:36:0x012e, B:46:0x0157, B:47:0x0162), top: B:2:0x0005, inners: #0 }] */
    /* JADX WARN: Removed duplicated region for block: B:46:0x0157 A[Catch: AsmException -> 0x0163, TRY_ENTER, TryCatch #0 {AsmException -> 0x0163, blocks: (B:36:0x012e, B:46:0x0157, B:47:0x0162), top: B:35:0x012e, outer: #1 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final com.noknok.android.client.asm.api.uaf.json.ASMResponse a(java.lang.String r13, java.lang.String r14, @androidx.annotation.NonNull java.util.List<com.noknok.android.client.asm.api.uaf.json.Extension> r15) {
        /*
            Method dump skipped, instructions count: 381
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.noknok.android.client.asm.core.uaf.AuthenticatorCore.a(java.lang.String, java.lang.String, java.util.List):com.noknok.android.client.asm.api.uaf.json.ASMResponse");
    }

    /* JADX WARN: Removed duplicated region for block: B:144:0x0360 A[Catch: all -> 0x0375, TryCatch #3 {all -> 0x0375, blocks: (B:3:0x0017, B:5:0x0022, B:9:0x0034, B:11:0x003c, B:13:0x0040, B:15:0x0048, B:16:0x0055, B:18:0x005b, B:20:0x0068, B:23:0x0071, B:104:0x026c, B:105:0x026e, B:109:0x0287, B:126:0x02fc, B:144:0x0360, B:145:0x0365, B:137:0x0357, B:178:0x0367, B:179:0x036d, B:182:0x036f, B:183:0x0374, B:22:0x006d), top: B:2:0x0017, inners: #4, #7 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.noknok.android.client.asm.api.uaf.json.ASMResponse authenticate(com.noknok.android.client.asm.api.uaf.json.AuthenticateIn r20, @androidx.annotation.NonNull java.util.List<com.noknok.android.client.asm.api.uaf.json.Extension> r21, android.app.Activity r22, java.lang.String r23) {
        /*
            Method dump skipped, instructions count: 892
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.noknok.android.client.asm.core.uaf.AuthenticatorCore.authenticate(com.noknok.android.client.asm.api.uaf.json.AuthenticateIn, java.util.List, android.app.Activity, java.lang.String):com.noknok.android.client.asm.api.uaf.json.ASMResponse");
    }

    public ASMResponse deregister(DeregisterIn deregisterIn, @NonNull List<Extension> list, String str) {
        Logger.startTimer(c, "deregister");
        this.h = a(this.mContext, str);
        try {
            this.b.acquire();
            ASMResponse aSMResponse = new ASMResponse();
            try {
                if (deregisterIn.appID != null && !deregisterIn.appID.equals("") && deregisterIn.appID.length() <= 512 && deregisterIn.keyID != null) {
                    if (deregisterIn.keyID.equals("")) {
                        aSMResponse.setOutcome(Outcome.SUCCESS);
                        Iterator<GetRegistrationsOut.AppRegistration> it = a(Base64.encodeToString(this.h, 11)).appRegs.iterator();
                        while (it.hasNext()) {
                            Iterator<String> it2 = it.next().keyIDs.iterator();
                            while (it2.hasNext()) {
                                ASMResponse a = a(deregisterIn.appID, it2.next(), list);
                                if (a.getOutcome() != Outcome.SUCCESS) {
                                    aSMResponse.setOutcome(a.getOutcome());
                                }
                            }
                        }
                    } else {
                        aSMResponse = a(deregisterIn.appID, deregisterIn.keyID, list);
                    }
                    this.b.release();
                    Logger.endTimer(c, "deregister");
                    return aSMResponse;
                }
                Logger.e(c, "Invalid DeregisterIn params");
                aSMResponse.setOutcome(Outcome.FAILURE);
                this.b.release();
                Logger.endTimer(c, "deregister");
                return aSMResponse;
            } catch (Throwable th) {
                this.b.release();
                throw th;
            }
        } catch (InterruptedException e) {
            throw new IllegalStateException(e);
        }
    }

    public AuthenticatorInfo getInfo() {
        AKProcessor.AkAuthnrInfo aKInfo = this.f.getAKInfo(this.g.generalInfo.aaid);
        try {
            this.b.acquire();
            try {
                this.a.setAuthenticatorIndex(aKInfo.generalInfo.authenticatorIndex);
                this.g.generalInfo.isUserEnrolled = a();
                this.b.release();
                AKProcessor.AkAuthnrInfo akAuthnrInfo = this.g;
                akAuthnrInfo.additionalInfo = aKInfo.additionalInfo;
                AuthenticatorInfo authenticatorInfo = akAuthnrInfo.generalInfo;
                AuthenticatorInfo authenticatorInfo2 = aKInfo.generalInfo;
                authenticatorInfo.authenticatorIndex = authenticatorInfo2.authenticatorIndex;
                authenticatorInfo.asmVersions = authenticatorInfo2.asmVersions;
                authenticatorInfo.assertionScheme = authenticatorInfo2.assertionScheme;
                authenticatorInfo.authenticationAlgorithm = authenticatorInfo2.authenticationAlgorithm;
                authenticatorInfo.attestationTypes = authenticatorInfo2.attestationTypes;
                authenticatorInfo.supportedExtensionIDs = authenticatorInfo2.supportedExtensionIDs;
                authenticatorInfo.keyProtection = authenticatorInfo2.keyProtection;
                authenticatorInfo.matcherProtection = authenticatorInfo2.matcherProtection;
                authenticatorInfo.isSecondFactorOnly = authenticatorInfo2.isSecondFactorOnly;
                authenticatorInfo.isRoamingAuthenticator = authenticatorInfo2.isRoamingAuthenticator;
                authenticatorInfo.tcDisplay = authenticatorInfo2.tcDisplay;
                authenticatorInfo.tcDisplayContentType = authenticatorInfo2.tcDisplayContentType;
                authenticatorInfo.tcDisplayPNGCharacteristics = authenticatorInfo2.tcDisplayPNGCharacteristics;
                authenticatorInfo.attachmentHint = IAuthenticatorKernel.AttachmentHint.getUafValue(this.o.getAttachmentHint());
                this.g.generalInfo.description = this.mContext.getString(this.e.getDescription());
                this.g.generalInfo.title = this.mContext.getString(this.e.getTitle());
                return this.g.generalInfo;
            } catch (Throwable th) {
                this.b.release();
                throw th;
            }
        } catch (InterruptedException e) {
            throw new IllegalStateException(e);
        }
    }

    public long getReferenceID() {
        return this.g.generalInfo.authenticatorIndex;
    }

    public ASMResponse getRegistrations(String str) {
        Outcome outcome;
        this.h = a(this.mContext, str);
        ASMResponse aSMResponse = new ASMResponse();
        try {
            this.b.acquire();
            try {
                try {
                    aSMResponse.responseData = (JsonObject) this.n.toJsonTree(a(Base64.encodeToString(this.h, 11)));
                    this.b.release();
                    outcome = Outcome.SUCCESS;
                } catch (Throwable th) {
                    this.b.release();
                    throw th;
                }
            } catch (AsmException e) {
                Outcome error = e.error();
                Logger.e(c, "Failed to get registrations", e);
                outcome = error;
            }
            aSMResponse.setOutcome(outcome);
            return aSMResponse;
        } catch (InterruptedException e2) {
            throw new IllegalStateException(e2);
        }
    }

    public boolean hasAsmVersion(Version version) {
        return this.g.generalInfo.asmVersions.contains(version);
    }

    public void initialize(Context context) {
        Logger.i(c, "initialize");
        this.mContext = context;
        this.l = DescriptorLoader.loadAuthenticatorUIFromClassName(this.e.getMatcherClass(), context, ProtocolType.UAF);
        IAKSelector loadAKSelectorFromClassName = DescriptorLoader.loadAKSelectorFromClassName(this.l, this.e, context, ProtocolType.UAF);
        IAuthenticatorDescriptor.AAIDInfo aAIDInfo = loadAKSelectorFromClassName.getAAIDInfo();
        if (aAIDInfo == null) {
            throw new AsmException(Outcome.FAILURE, "LoadAKSelector failed. No AAID Selected");
        }
        this.o = loadAKSelectorFromClassName.getAuthenticatorKernel();
        this.f = new AKProcessor(this.o);
        this.g = this.f.getAKInfo(aAIDInfo.aaid);
        try {
            this.b.acquire();
            try {
                String str = this.g.generalInfo.aaid;
                this.a = AuthenticatorDatabaseFactory.createAuthenticatorStore(this.g.generalInfo.isRoamingAuthenticator, str, new CryptoModule(str, context), context, this.f);
                if (this.o instanceof KsUafAuthenticatorKernel) {
                    Logger.i(c, "Checking the Authenticator Database");
                    if (!((KsUafAuthenticatorKernel) this.o).checkDatabase(this.a)) {
                        Logger.w(c, "Erasing the Authenticator Database");
                        this.a.eraseDatabase();
                    }
                }
                this.a.setAuthenticatorIndex(this.g.generalInfo.authenticatorIndex);
                this.g.generalInfo.userVerification = AuthenticatorInfo.UserVerification.getUafValue(this.e.getUserVerification());
                this.g.generalInfo.attachmentHint = IAuthenticatorKernel.AttachmentHint.getUafValue(this.o.getAttachmentHint());
                this.g.generalInfo.hasSettings = this.e.hasSettings();
                this.g.generalInfo.isUserEnrolled = a();
                Bitmap decodeResource = BitmapFactory.decodeResource(this.mContext.getResources(), this.e.getIcon());
                if (decodeResource != null) {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    decodeResource.compress(Bitmap.CompressFormat.PNG, 100, byteArrayOutputStream);
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    this.g.generalInfo.icon = "data:image/png;base64," + Base64.encodeToString(byteArray, 2);
                } else {
                    Logger.e(c, "Failed to find authenticator icon resource");
                }
                Logger.d(c, "Authenticator info:\n" + this.g.generalInfo);
                if (!this.g.generalInfo.isRoamingAuthenticator) {
                    this.k = new AntiHammering(this.a, null, true, this);
                }
                if (!this.g.generalInfo.isRoamingAuthenticator) {
                    this.a.validateUserRegistrations(this.l);
                }
                this.b.release();
                ArrayList arrayList = new ArrayList();
                ArrayList<String> extensionProcessors = this.e.getExtensionProcessors();
                if (extensionProcessors != null) {
                    try {
                        Iterator<String> it = extensionProcessors.iterator();
                        while (it.hasNext()) {
                            arrayList.add((IExtensionProcessor) Class.forName(it.next()).getConstructor(new Class[0]).newInstance(new Object[0]));
                        }
                    } catch (Exception e) {
                        throw new IllegalArgumentException("Failed to initialize the extension processor", e);
                    }
                }
                arrayList.add(new KeyAttestation(this.mContext));
                this.m = new ExtensionManager(arrayList);
            } catch (Throwable th) {
                this.b.release();
                throw th;
            }
        } catch (InterruptedException e2) {
            throw new IllegalStateException(e2);
        }
    }

    public ASMResponse openSettings() {
        ASMResponse aSMResponse = new ASMResponse();
        if (!this.g.generalInfo.isRoamingAuthenticator && MatcherParamsHelper.getMatcherType(this.e.isAKManagedMatcher(), this.g.generalInfo.isRoamingAuthenticator, this.l) != MatcherParamsHelper.AuthenticatorMatcherType.MATCHER_TYPE_AKMANAGED) {
            IMatcher iMatcher = this.l;
            iMatcher.settings(MatcherParamsHelper.createMatcherManageInParams(iMatcher, this.k, this.g.generalInfo.aaid));
        }
        aSMResponse.setOutcome(Outcome.SUCCESS);
        return aSMResponse;
    }

    public ASMResponse register(RegisterIn registerIn, @NonNull List<Extension> list, Activity activity, String str) {
        AKProcessor aKProcessor;
        byte[] prepareFinalChallenge;
        Logger.startTimer(c, "register");
        this.h = a(this.mContext, str);
        try {
            ASMResponse aSMResponse = new ASMResponse();
            if (!registerIn.isValid()) {
                Logger.e(c, "Invalid RegisterIn params");
                aSMResponse.setOutcome(Outcome.FAILURE);
            } else if (b(list)) {
                try {
                    Logger.d(c, "AppID for Register: " + registerIn.appID);
                    try {
                        prepareFinalChallenge = this.f.prepareFinalChallenge(registerIn.finalChallenge);
                    } catch (AsmException e) {
                        if (e.error().equals(Outcome.CANCELED)) {
                            Logger.w(c, "User cancelled to register UAF");
                        } else {
                            Logger.e(c, "Failed to register UAF credentials", e);
                        }
                        aSMResponse.setOutcome(e.error());
                        aKProcessor = this.f;
                    }
                    if (prepareFinalChallenge == null) {
                        throw new AsmException(Outcome.FAILURE, "Value \"finalChallenge\" is null");
                    }
                    try {
                        byte[] digest = MessageDigest.getInstance("SHA256").digest(registerIn.finalChallenge.getBytes(Charsets.utf8Charset));
                        this.m.start(new ExtensionList(list), null);
                        ArrayList arrayList = new ArrayList();
                        for (Extension extension : list) {
                            Logger.i(c, "Extension " + extension.id + " will be forwarded to AK");
                            arrayList.add(a(extension));
                        }
                        UserVerifyResponse a = a(prepareFinalChallenge, activity, arrayList);
                        if (a.getOutcome() != Outcome.SUCCESS) {
                            Logger.e(c, "Failed to enroll user");
                            aSMResponse.setOutcome(Outcome.ACCESS_DENIED);
                            aKProcessor = this.f;
                        } else {
                            Logger.i(c, "Is AppID expected: " + this.g.additionalInfo.expectAPPID + ", is RoamingAuthenticator: " + this.g.generalInfo.isRoamingAuthenticator);
                            try {
                                this.b.acquire();
                                try {
                                    AKProcessor.AKResponseParams processAK = this.f.processAK(new AKProcessor.AKRequestParams().setAuthenticatorIndex(a(a)).setAppID((this.g.additionalInfo.expectAPPID || this.g.generalInfo.isRoamingAuthenticator) ? registerIn.appID.getBytes(Charsets.utf8Charset) : null).setFinalChallenge(prepareFinalChallenge).setKSAttestationChallenge(digest).setUserName(registerIn.username.getBytes(Charsets.utf8Charset)).setAttestationType(registerIn.attestationType).setKHAccessToken(this.f.getKHAccessToken(registerIn.appID, this.h, this.g.generalInfo.isRoamingAuthenticator, b(), this.i)).setUserVerifyToken(a.a).setAdditionalAKArgument(c()).setMatcherInParams(a.f).setAuthenticatorDescriptor(this.e).setMatcherType(a.g).setExtensions(arrayList).setCmd(TLVCommandEncoder.Commands.REGISTER));
                                    a(processAK.additionalAKInfoToBeStored);
                                    if (processAK.getOutcome() != Outcome.SUCCESS) {
                                        Logger.e(c, "AK failed to register");
                                        aSMResponse.setOutcome(processAK.getOutcome());
                                        if (!this.a.hasRegistrations() && !this.g.generalInfo.isRoamingAuthenticator) {
                                            this.a.storeAKConfig("");
                                        }
                                        aKProcessor = this.f;
                                    } else {
                                        processAK.regToBeStored.callerID = Base64.encodeToString(this.h, 11);
                                        processAK.regToBeStored.appID = registerIn.appID;
                                        processAK.regToBeStored.timeStamp = System.currentTimeMillis();
                                        if (a.c != null && !a.c.equals("")) {
                                            Logger.d(c, "UserID is not null");
                                            try {
                                                Base64.decode(a.c, 0);
                                                processAK.regToBeStored.userID = a.c;
                                            } catch (IllegalArgumentException unused) {
                                                throw new AsmException(Outcome.INVALID_MESSAGE);
                                            }
                                        }
                                        if (!this.g.generalInfo.isRoamingAuthenticator) {
                                            this.a.addRegistration(processAK.regToBeStored);
                                        }
                                        RegisterOut registerOut = new RegisterOut();
                                        registerOut.assertion = processAK.assertion;
                                        registerOut.assertionScheme = this.g.generalInfo.assertionScheme;
                                        HashMap<IExtensionProcessor.ExtProcParamKey, String> hashMap = new HashMap<>();
                                        hashMap.put(IExtensionProcessor.ExtProcParamKey.KS_ATTESTATION_KEY, processAK.KSAttestationX509);
                                        this.m.finish(new ExtensionList(aSMResponse.exts), hashMap);
                                        aSMResponse.responseData = (JsonObject) this.n.toJsonTree(registerOut);
                                        aSMResponse.setOutcome(Outcome.SUCCESS);
                                        this.b.release();
                                        aKProcessor = this.f;
                                    }
                                } finally {
                                    this.b.release();
                                }
                            } catch (InterruptedException e2) {
                                throw new IllegalStateException(e2);
                            }
                        }
                    } catch (NoSuchAlgorithmException e3) {
                        Logger.e(c, "Failed to calculate nonce", e3);
                        aSMResponse.setOutcome(Outcome.FAILURE);
                        aKProcessor = this.f;
                    }
                    aKProcessor.postProcessAK();
                } catch (Throwable th) {
                    this.f.postProcessAK();
                    throw th;
                }
            } else {
                Logger.e(c, "Invalid inAsmExtensions");
                aSMResponse.setOutcome(Outcome.FAILURE);
            }
            return aSMResponse;
        } finally {
            Logger.endTimer(c, "register");
        }
    }
}
