package com.samsung.android.oneconnect.support.onboarding.device.stdk.ble.b;

import android.content.Context;
import com.osp.app.signin.sasdk.common.Constants;
import com.samsung.android.oneconnect.base.debugmode.g;
import com.samsung.android.oneconnect.support.onboarding.common.HashConverterKt;
import com.samsung.android.oneconnect.support.onboarding.device.stdk.KeyGenerationFailureException;
import com.samsung.android.oneconnect.support.onboarding.device.stdk.VerificationFailureException;
import com.samsung.android.oneconnect.support.onboarding.device.stdk.entity.StdkAuthenticationType;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.List;
import java.util.Random;
import java.util.Set;
import kotlin.KotlinNothingValueException;
import kotlin.Result;
import kotlin.collections.k;
import kotlin.collections.p0;
import kotlin.jvm.internal.i;
import kotlin.jvm.internal.o;
import kotlin.r;

/* loaded from: classes7.dex */
public final class d {
    private final byte[] a;

    /* renamed from: b, reason: collision with root package name */
    private final Context f15832b;

    /* renamed from: c, reason: collision with root package name */
    private final StdkAuthenticationType f15833c;

    /* loaded from: classes7.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(i iVar) {
            this();
        }
    }

    static {
        new a(null);
    }

    public d(Context context, StdkAuthenticationType authenticationType) {
        o.i(context, "context");
        o.i(authenticationType, "authenticationType");
        this.f15832b = context;
        this.f15833c = authenticationType;
        byte[] bArr = new byte[16];
        new Random().nextBytes(bArr);
        r rVar = r.a;
        this.a = bArr;
    }

    private final String a(byte[] bArr) {
        String str = null;
        if (bArr != null) {
            if (((bArr.length == 0) ^ true ? bArr : null) != null) {
                str = "0x" + HashConverterKt.k(bArr);
            }
        }
        return str != null ? str : "";
    }

    private final KeyPair c() {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "generateEphemeralEcKeySECP256R1", "getInstance[KeyPairGenerator]-done");
        keyPairGenerator.initialize(256);
        com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "generateEphemeralEcKeySECP256R1", "[KeyPairGenerator]initialize-done");
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        if (generateKeyPair != null) {
            StringBuilder sb = new StringBuilder();
            sb.append("done, keyPair-public.encoded:");
            PublicKey publicKey = generateKeyPair.getPublic();
            o.h(publicKey, "it.public");
            sb.append(a(publicKey.getEncoded()));
            sb.append("/private.encoded:");
            PrivateKey privateKey = generateKeyPair.getPrivate();
            o.h(privateKey, "it.private");
            sb.append(a(privateKey.getEncoded()));
            com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "generateEphemeralEcKeySECP256R1", sb.toString());
            if (generateKeyPair != null) {
                return generateKeyPair;
            }
        }
        throw new KeyGenerationFailureException(null, "Key pair is empty", null, 5, null);
    }

    private final PublicKey e(String str) {
        PublicKey it = KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(HashConverterKt.b(str)));
        StringBuilder sb = new StringBuilder();
        sb.append("done, encoded:");
        o.h(it, "it");
        sb.append(a(it.getEncoded()));
        com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "generatePublicKeyFromString", sb.toString());
        return it;
    }

    private final byte[] f(String str) {
        byte[] p;
        byte[] bArr = this.a;
        byte[] copyOf = Arrays.copyOf(HashConverterKt.b(str), 16);
        o.h(copyOf, "java.util.Arrays.copyOf(this, newSize)");
        p = k.p(bArr, copyOf);
        com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "generateTotalRandom", "done, totalRandom:" + a(p));
        return p;
    }

    private final byte[] g(PublicKey publicKey, byte[] bArr) {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "generateVerifyBytesSHA256", "getInstance[MessageDigest]-done");
        messageDigest.update(publicKey.getEncoded());
        com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "generateVerifyBytesSHA256", "[MessageDigest]update(publicKey.encoded)-done");
        messageDigest.update(bArr);
        com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "generateVerifyBytesSHA256", "[MessageDigest]update(random)-done");
        byte[] digest = messageDigest.digest();
        com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "generateVerifyBytesSHA256", "done, message:" + a(digest));
        o.h(digest, "MessageDigest\n          …  )\n                    }");
        return digest;
    }

    private final boolean n(PublicKey publicKey, byte[] bArr, byte[] bArr2) {
        Signature signature = Signature.getInstance("NONEwithECDSA");
        com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "verifyWithKey", "getInstance[Signature]-done");
        signature.initVerify(publicKey);
        com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "verifyWithKey", "[Signature]initVerify-done");
        signature.update(bArr);
        com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "verifyWithKey", "[Signature]update(message)-done");
        return signature.verify(bArr2);
    }

    public final X509Certificate b(String pemData) {
        boolean N;
        o.i(pemData, "pemData");
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        N = kotlin.text.r.N(pemData, "-----BEGIN CERTIFICATE-----", false, 2, null);
        if (!N) {
            Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(HashConverterKt.b(pemData)));
            if (generateCertificate != null) {
                return (X509Certificate) generateCertificate;
            }
            throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
        }
        Charset charset = StandardCharsets.UTF_8;
        o.h(charset, "StandardCharsets.UTF_8");
        byte[] bytes = pemData.getBytes(charset);
        o.h(bytes, "(this as java.lang.String).getBytes(charset)");
        Certificate generateCertificate2 = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
        if (generateCertificate2 != null) {
            return (X509Certificate) generateCertificate2;
        }
        throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
    }

    public final b d(String remoteRandom, String certificatePemDevice, String certificatePemSub, String remotePublicKey, String signature) {
        o.i(remoteRandom, "remoteRandom");
        o.i(certificatePemDevice, "certificatePemDevice");
        o.i(certificatePemSub, "certificatePemSub");
        o.i(remotePublicKey, "remotePublicKey");
        o.i(signature, "signature");
        com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "generateInformer", "in");
        try {
            Result.a aVar = Result.a;
            if (!m(certificatePemDevice, certificatePemSub)) {
                throw new VerificationFailureException(null, "verification leaf/intermediate certificate fail", null, 5, null);
            }
            com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "generateInformer", "verifyCertificationPem-done");
            byte[] f2 = f(remoteRandom);
            KeyPair c2 = c();
            PublicKey publicKey = e(remotePublicKey);
            PublicKey pubKeyFromCert = b(certificatePemDevice).getPublicKey();
            StringBuilder sb = new StringBuilder();
            sb.append("convertCertFromPem.publicKey-done/ encoded:");
            o.h(pubKeyFromCert, "pubKeyFromCert");
            sb.append(a(pubKeyFromCert.getEncoded()));
            com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "generateInformer", sb.toString());
            o.h(publicKey, "publicKey");
            byte[] g2 = g(publicKey, f2);
            byte[] b2 = HashConverterKt.b(signature);
            com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "generateInformer", "Base64.decode-done/ message:" + a(b2));
            if (!n(pubKeyFromCert, g2, b2)) {
                throw new VerificationFailureException(null, "verification signature with public key fail", null, 5, null);
            }
            com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "generateInformer", "verifyWithKey-done");
            PrivateKey privateKey = c2.getPrivate();
            o.h(privateKey, "keyPair.private");
            PublicKey publicKey2 = c2.getPublic();
            o.h(publicKey2, "keyPair.public");
            byte[] encoded = publicKey2.getEncoded();
            o.h(encoded, "keyPair.public.encoded");
            return new b(privateKey, publicKey, f2, HashConverterKt.f(encoded));
        } catch (Throwable th) {
            Result.a aVar2 = Result.a;
            Object a2 = kotlin.k.a(th);
            Result.b(a2);
            Throwable d2 = Result.d(a2);
            if (d2 != null) {
                com.samsung.android.oneconnect.base.debug.a.k("[Onboarding] SharedKeyProvider", "generateInformer", "e-" + d2);
            }
            kotlin.k.b(a2);
            throw new KotlinNothingValueException();
        }
    }

    public final String h() {
        com.samsung.android.oneconnect.base.debug.a.f("[Onboarding] SharedKeyProvider", "getClientRandom", "key:" + this.a);
        return HashConverterKt.f(this.a);
    }

    public final X509Certificate i() {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        InputStream open = this.f15832b.getAssets().open("certificates/Samsung_OCF_RootCA.tmp");
        o.h(open, "context.assets.open(certPath)");
        Certificate generateCertificate = certificateFactory.generateCertificate(open);
        if (generateCertificate != null) {
            return (X509Certificate) generateCertificate;
        }
        throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
    }

    public final X509Certificate j() {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        InputStream open = this.f15832b.getAssets().open("certificates/Samsung_SAKv2.pem");
        o.h(open, "context.assets.open(certPath)");
        Certificate generateCertificate = certificateFactory.generateCertificate(open);
        if (generateCertificate != null) {
            return (X509Certificate) generateCertificate;
        }
        throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
    }

    public final X509Certificate k() {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        InputStream open = this.f15832b.getAssets().open("certificates/Samsung_OCF_TestRootCA.tmp");
        o.h(open, "context.assets.open(certPath)");
        Certificate generateCertificate = certificateFactory.generateCertificate(open);
        if (generateCertificate != null) {
            return (X509Certificate) generateCertificate;
        }
        throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
    }

    public final boolean l(X509Certificate subCaCert, X509Certificate deviceCert) {
        Object a2;
        List<? extends Certificate> j;
        Set c2;
        CertPathValidatorResult validate;
        o.i(subCaCert, "subCaCert");
        o.i(deviceCert, "deviceCert");
        if (g.f(this.f15832b) == 2) {
            com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "retryVerifyCertWithTestCertification", "VALUE_DEBUG_IOT_SERVER_PROD");
            return false;
        }
        com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "retryVerifyCertWithTestCertification", "not VALUE_DEBUG_IOT_SERVER_PROD");
        X509Certificate k = k();
        try {
            Result.a aVar = Result.a;
            CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            j = kotlin.collections.o.j(deviceCert, subCaCert);
            CertPath generateCertPath = certificateFactory.generateCertPath(j);
            c2 = p0.c(new TrustAnchor(k, null));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) c2);
            pKIXParameters.setRevocationEnabled(false);
            r rVar = r.a;
            validate = certPathValidator.validate(generateCertPath, pKIXParameters);
        } catch (Throwable th) {
            Result.a aVar2 = Result.a;
            a2 = kotlin.k.a(th);
            Result.b(a2);
        }
        if (validate == null) {
            throw new NullPointerException("null cannot be cast to non-null type java.security.cert.PKIXCertPathValidatorResult");
        }
        a2 = Boolean.TRUE;
        Result.b(a2);
        if (Result.h(a2)) {
            ((Boolean) a2).booleanValue();
            com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "retryVerifyCertWithTestCertification", Constants.Result.SUCCESS);
        }
        Throwable d2 = Result.d(a2);
        if (d2 != null) {
            com.samsung.android.oneconnect.base.debug.a.k("[Onboarding] SharedKeyProvider", "retryVerifyCertWithTestCertification", "failure-" + d2);
        }
        Boolean bool = Boolean.FALSE;
        if (Result.f(a2)) {
            a2 = bool;
        }
        return ((Boolean) a2).booleanValue();
    }

    public final boolean m(String certificatePemDevice, String certificatePemSub) {
        X509Certificate i2;
        Object a2;
        List<? extends Certificate> j;
        Set c2;
        CertPathValidatorResult validate;
        o.i(certificatePemDevice, "certificatePemDevice");
        o.i(certificatePemSub, "certificatePemSub");
        if (this.f15833c.equals(StdkAuthenticationType.X509_SAK)) {
            com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "verifyCertificationPem", "getSAKRootCertificate-done");
            i2 = j();
        } else {
            i2 = i();
            com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "verifyCertificationPem", "getRootCertificate-done");
        }
        X509Certificate b2 = b(certificatePemSub);
        com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "verifyCertificationPem", "convertCertFromPem(intermediate)-done");
        X509Certificate b3 = b(certificatePemDevice);
        com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "verifyCertificationPem", "convertCertFromPem(leaf)-done");
        try {
            Result.a aVar = Result.a;
            CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            j = kotlin.collections.o.j(b3, b2);
            CertPath generateCertPath = certificateFactory.generateCertPath(j);
            c2 = p0.c(new TrustAnchor(i2, null));
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) c2);
            pKIXParameters.setRevocationEnabled(false);
            r rVar = r.a;
            validate = certPathValidator.validate(generateCertPath, pKIXParameters);
        } catch (Throwable th) {
            Result.a aVar2 = Result.a;
            a2 = kotlin.k.a(th);
            Result.b(a2);
        }
        if (validate == null) {
            throw new NullPointerException("null cannot be cast to non-null type java.security.cert.PKIXCertPathValidatorResult");
        }
        a2 = (PKIXCertPathValidatorResult) validate;
        Result.b(a2);
        if (Result.h(a2)) {
            com.samsung.android.oneconnect.base.debug.a.x("[Onboarding] SharedKeyProvider", "verifyCertificationPem", Constants.Result.SUCCESS);
        }
        if (Result.d(a2) == null) {
            return true;
        }
        if (this.f15833c.equals(StdkAuthenticationType.X509_SAK)) {
            com.samsung.android.oneconnect.base.debug.a.k("[Onboarding] SharedKeyProvider", "verifyCertificationPem", "SAK verify failure!");
            return false;
        }
        com.samsung.android.oneconnect.base.debug.a.k("[Onboarding] SharedKeyProvider", "verifyCertificationPem", "failure, retry with test ca");
        return l(b2, b3);
    }
}
