package x3;

import a3.q;
import a3.r;
import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import com.akamai.mfa.krypton.CryptoException;
import com.akamai.mfa.krypton.RegisterRequest;
import com.akamai.mfa.krypton.RegisterResponse;
import com.google.firebase.crashlytics.internal.common.CrashlyticsReportDataCapture;
import gh.a;
import j7.a;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.util.Calendar;
import java.util.Date;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicLong;
import javax.security.auth.x500.X500Principal;
import jd.w;
import l9.n;
import le.j;
import m9.i;
import okio.ByteString;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import r3.p;
import t3.b0;
import t3.d0;
import t3.m;
import w9.k;
import w9.l;

/* compiled from: U2F.kt */
/* loaded from: classes.dex */
public final class f {

    /* renamed from: a, reason: collision with root package name */
    public static final f f17469a = new f();

    /* renamed from: b, reason: collision with root package name */
    public static final byte[] f17470b = {44, -27, -56, -33, 23, -30, 46, -14, 15, -45, -125, 3, -3, 45, -103, -104};

    /* renamed from: c, reason: collision with root package name */
    public static final p f17471c = new p("com.akamai.pushzero.webauthn.key.duuid");

    /* compiled from: U2F.kt */
    /* loaded from: classes.dex */
    public static final class a {
        public static final String a(r3.g gVar) {
            return d.e.a("com.akamai.pushzero.webauthn.key.", gVar.a().m());
        }

        public static final byte[] b(byte[] bArr, byte[] bArr2, p pVar) {
            k.e(bArr, "d");
            k.e(pVar, "s");
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    ByteString.Companion companion = ByteString.INSTANCE;
                    byteArrayOutputStream.write(ByteString.Companion.d(companion, bArr, 0, 0, 3).G().J());
                    byteArrayOutputStream.write(companion.c(pVar.f13293a).G().J());
                    byteArrayOutputStream.write(ByteString.Companion.d(companion, bArr2, 0, 0, 3).G().J());
                    q8.c.h(byteArrayOutputStream, null);
                    byteArrayOutputStream = new ByteArrayOutputStream();
                    try {
                        f fVar = f.f17469a;
                        byteArrayOutputStream.write(f.f17470b);
                        byteArrayOutputStream.write(bArr2);
                        byte[] byteArray = byteArrayOutputStream.toByteArray();
                        k.d(byteArray, "innerHash.toByteArray()");
                        byteArrayOutputStream.write(ByteString.Companion.d(companion, byteArray, 0, 0, 3).G().J());
                        byte[] byteArray2 = byteArrayOutputStream.toByteArray();
                        q8.c.h(byteArrayOutputStream, null);
                        k.d(byteArray2, "{\n                val in…          }\n            }");
                        return byteArray2;
                    } finally {
                    }
                } finally {
                    try {
                        throw th;
                    } finally {
                    }
                }
            } catch (Exception e10) {
                throw new CryptoException(e10);
            }
        }

        public static final b c(Context context, p pVar) {
            k.e(pVar, "rpId");
            byte[] a10 = f.f17469a.a();
            byte[] seed = SecureRandom.getSeed(32);
            k.d(seed, "getSeed(32)");
            r3.g gVar = new r3.g(ByteString.Companion.d(ByteString.INSTANCE, b(a10, seed, pVar), 0, 0, 3));
            return new b(context, d(a(gVar), pVar), gVar);
        }

        public static final KeyStore.PrivateKeyEntry d(String str, p pVar) {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                KeyStore.Entry entry = keyStore.getEntry(str, null);
                if (entry instanceof KeyStore.PrivateKeyEntry) {
                    return (KeyStore.PrivateKeyEntry) entry;
                }
                a.C0159a c0159a = gh.a.f7950a;
                c0159a.j("Not an instance of a PrivateKeyEntry... generating new key", new Object[0]);
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
                KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(str, 12);
                builder.setDigests("SHA-1", "SHA-256", "SHA-512");
                builder.setUserAuthenticationRequired(false);
                builder.setCertificateNotBefore(new Date());
                builder.setCertificateSubject(new X500Principal("CN=" + pVar));
                keyPairGenerator.initialize(builder.build());
                long currentTimeMillis = System.currentTimeMillis();
                keyPairGenerator.generateKeyPair();
                long currentTimeMillis2 = System.currentTimeMillis();
                KeyStore.Entry entry2 = keyStore.getEntry(str, null);
                c0159a.f("KeyGen took %s", Long.valueOf(currentTimeMillis2 - currentTimeMillis));
                if (entry2 != null) {
                    return (KeyStore.PrivateKeyEntry) entry2;
                }
                throw new NullPointerException("null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
            } catch (Exception e10) {
                gh.a.f7950a.c(e10);
                throw new CryptoException(e10);
            }
        }
    }

    /* compiled from: U2F.kt */
    /* loaded from: classes.dex */
    public static final class b {

        /* renamed from: a, reason: collision with root package name */
        public final KeyStore.PrivateKeyEntry f17472a;

        /* renamed from: b, reason: collision with root package name */
        public final r3.g f17473b;

        /* compiled from: U2F.kt */
        /* loaded from: classes.dex */
        public static final class a {

            /* renamed from: a, reason: collision with root package name */
            public final ByteString f17474a;

            /* renamed from: b, reason: collision with root package name */
            public final ByteString f17475b;

            public a(ByteString byteString, ByteString byteString2) {
                this.f17474a = byteString;
                this.f17475b = byteString2;
            }

            public boolean equals(Object obj) {
                if (this == obj) {
                    return true;
                }
                if (!(obj instanceof a)) {
                    return false;
                }
                a aVar = (a) obj;
                return k.a(this.f17474a, aVar.f17474a) && k.a(this.f17475b, aVar.f17475b);
            }

            public int hashCode() {
                return this.f17475b.hashCode() + (this.f17474a.hashCode() * 31);
            }

            public String toString() {
                return "SignedAuthenticatorData(authData=" + this.f17474a + ", signature=" + this.f17475b + ")";
            }
        }

        /* compiled from: U2F.kt */
        /* renamed from: x3.f$b$b, reason: collision with other inner class name */
        /* loaded from: classes.dex */
        public static final class C0307b extends l implements v9.l<e9.g, n> {

            /* renamed from: d, reason: collision with root package name */
            public final /* synthetic */ d0 f17476d;

            /* renamed from: q, reason: collision with root package name */
            public final /* synthetic */ b f17477q;

            /* renamed from: x, reason: collision with root package name */
            public final /* synthetic */ AtomicLong f17478x;

            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            public C0307b(d0 d0Var, b bVar, AtomicLong atomicLong) {
                super(1);
                this.f17476d = d0Var;
                this.f17477q = bVar;
                this.f17478x = atomicLong;
            }

            @Override // v9.l
            public n w(e9.g gVar) {
                k.e(gVar, "$this$transaction");
                b0 d10 = this.f17476d.u(this.f17477q.f17473b.a()).d();
                if (d10 != null) {
                    this.f17478x.set(d10.f15110c);
                    this.f17476d.c(d10.f15108a);
                    this.f17476d.t(new b0(d10.f15108a, d10.f15109b, d10.f15110c + 1, d10.f15111d, d10.f15112e, d10.f15113f, d10.f15114g, d10.f15115h, null));
                }
                return n.f10218a;
            }
        }

        /* compiled from: U2F.kt */
        @r9.e(c = "com.akamai.mfa.krypton.U2F$KeyPair", f = "U2F.kt", l = {332}, m = "signAuthenticateRequest-ThNkgig")
        /* loaded from: classes.dex */
        public static final class c extends r9.c {
            public Object H1;
            public Object I1;
            public Object J1;
            public Object K1;
            public /* synthetic */ Object L1;
            public int N1;

            /* renamed from: x, reason: collision with root package name */
            public Object f17479x;

            /* renamed from: y, reason: collision with root package name */
            public Object f17480y;

            public c(p9.d<? super c> dVar) {
                super(dVar);
            }

            @Override // r9.a
            public final Object E(Object obj) {
                this.L1 = obj;
                this.N1 |= Integer.MIN_VALUE;
                return b.this.d(null, null, null, null, null, null, null, null, this);
            }
        }

        public b(Context context, KeyStore.PrivateKeyEntry privateKeyEntry, r3.g gVar) {
            k.e(privateKeyEntry, "keyPair");
            this.f17472a = privateKeyEntry;
            this.f17473b = gVar;
        }

        public final X509Certificate a() {
            try {
                Date date = new Date(System.currentTimeMillis());
                androidx.appcompat.widget.n nVar = new androidx.appcompat.widget.n(ke.b.f10003m);
                nVar.g(ke.b.f9994d, "Krypton Key");
                X500Principal x500Principal = new X500Principal(nVar.j().o("DER"));
                BigInteger bigInteger = new BigInteger(CrashlyticsReportDataCapture.SIGNAL_DEFAULT);
                Calendar calendar = Calendar.getInstance();
                calendar.setTime(date);
                calendar.add(1, 10);
                Date time = calendar.getTime();
                dg.a a10 = new eg.a("SHA256WithECDSA").a(this.f17472a.getPrivateKey());
                oe.c cVar = new oe.c(x500Principal, bigInteger, date, time, x500Principal, this.f17472a.getCertificate().getPublicKey());
                try {
                    cVar.f12105b.a(new w("2.5.29.19"), false, new j(false));
                    oe.b bVar = new oe.b();
                    bVar.f12101a = new oe.d(new BouncyCastleProvider());
                    X509Certificate a11 = bVar.a(cVar.a(a10));
                    k.d(a11, "{\n                //http…entSigner))\n            }");
                    return a11;
                } catch (IOException e10) {
                    throw new CertIOException("cannot encode extension: " + e10.getMessage(), e10);
                }
            } catch (Exception e11) {
                gh.a.f7950a.c(e11);
                throw new CryptoException(e11);
            }
        }

        /* JADX WARN: Multi-variable type inference failed */
        public final ByteString b() {
            try {
                byte[] b10 = f.f17469a.b(this.f17472a);
                if (b10.length != 65) {
                    throw new CryptoException("unsupportedMethodForKeyType");
                }
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    x2.b bVar = new x2.b(byteArrayOutputStream);
                    y2.b<x2.a> b11 = new x2.a().b();
                    b11.b(1L, 2L);
                    b11.b(3L, -7L);
                    b11.b(-1L, 1L);
                    b11.c(b11.a(-2L), new a3.c(i.p0(b10, new ba.c(1, 32))));
                    b11.c(b11.a(-3L), new a3.c(i.p0(b10, new ba.c(33, 64))));
                    bVar.b(((x2.a) ((y2.a) b11.f17949a)).f17427b);
                    ByteString.Companion companion = ByteString.INSTANCE;
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    k.d(byteArray, "it.toByteArray()");
                    ByteString d10 = ByteString.Companion.d(companion, byteArray, 0, 0, 3);
                    q8.c.h(byteArrayOutputStream, null);
                    return d10;
                } finally {
                }
            } catch (CryptoException e10) {
                throw new RuntimeException(e10);
            }
        }

        public final long c() {
            long j10;
            synchronized (f.class) {
                AtomicLong atomicLong = new AtomicLong(0L);
                t3.l lVar = m.f15158a;
                if (lVar == null) {
                    k.l("database");
                    throw null;
                }
                d0 i10 = lVar.i();
                i10.l(false, new C0307b(i10, this, atomicLong));
                j10 = atomicLong.get();
            }
            return j10;
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Removed duplicated region for block: B:33:0x0055  */
        /* JADX WARN: Removed duplicated region for block: B:61:0x00ac A[SYNTHETIC] */
        /* JADX WARN: Removed duplicated region for block: B:63:? A[LOOP:0: B:48:0x0081->B:63:?, LOOP_END, SYNTHETIC] */
        /* JADX WARN: Removed duplicated region for block: B:8:0x002d  */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public final java.lang.Object d(android.content.Context r18, com.squareup.moshi.q r19, r3.g r20, r3.g r21, java.lang.String r22, r3.p r23, okio.ByteString r24, com.akamai.mfa.service.PosturePolicy r25, p9.d<? super com.akamai.mfa.krypton.AuthenticateResponse> r26) {
            /*
                Method dump skipped, instructions count: 425
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: x3.f.b.d(android.content.Context, com.squareup.moshi.q, r3.g, r3.g, java.lang.String, r3.p, okio.ByteString, com.akamai.mfa.service.PosturePolicy, p9.d):java.lang.Object");
        }

        public final byte[] e(byte[] bArr) {
            try {
                Signature signature = Signature.getInstance("SHA256withECDSA");
                signature.initSign(this.f17472a.getPrivateKey());
                signature.update(bArr);
                byte[] sign = signature.sign();
                k.d(sign, "{\n                val si…gner.sign()\n            }");
                return sign;
            } catch (Exception e10) {
                throw new CryptoException(e10);
            }
        }

        public final RegisterResponse f(RegisterRequest registerRequest) {
            k.e(registerRequest, "request");
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                byte[] b10 = f.f17469a.b(this.f17472a);
                DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
                try {
                    dataOutputStream.writeByte(0);
                    ByteString.Companion companion = ByteString.INSTANCE;
                    dataOutputStream.write(companion.c(registerRequest.f4089a.f13293a).G().J());
                    dataOutputStream.write(registerRequest.f4090b.J());
                    dataOutputStream.write(this.f17473b.f13279a.J());
                    dataOutputStream.write(b10);
                    q8.c.h(dataOutputStream, null);
                    byte[] encoded = a().getEncoded();
                    byte[] e10 = e(byteArrayOutputStream.toByteArray());
                    ByteString h10 = k.a(registerRequest.f4092d, Boolean.TRUE) ? h(registerRequest.f4089a, this.f17473b, true, registerRequest.f4090b) : null;
                    ByteString d10 = ByteString.Companion.d(companion, b10, 0, 0, 3);
                    r3.g gVar = this.f17473b;
                    k.d(encoded, "u2fAttestation");
                    return new RegisterResponse(d10, gVar, ByteString.Companion.d(companion, encoded, 0, 0, 3), ByteString.Companion.d(companion, e10, 0, 0, 3), h10, null);
                } finally {
                }
            } catch (Exception e11) {
                throw new CryptoException(e11);
            }
        }

        public final a g(p pVar, long j10, ByteString byteString, ByteString byteString2) {
            k.e(pVar, "rpId");
            k.e(byteString, "challenge");
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
            try {
                ByteString.Companion companion = ByteString.INSTANCE;
                dataOutputStream.write(companion.c(pVar.f13293a).G().J());
                dataOutputStream.writeByte(byteString2 != null ? 129 : 1);
                dataOutputStream.writeInt((int) j10);
                if (byteString2 != null) {
                    dataOutputStream.write(byteString2.J());
                }
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                k.d(byteArray, "payload.toByteArray()");
                dataOutputStream.write(byteString.J());
                q8.c.h(dataOutputStream, null);
                return new a(ByteString.Companion.d(companion, byteArray, 0, 0, 3), ByteString.Companion.d(companion, e(byteArrayOutputStream.toByteArray()), 0, 0, 3));
            } finally {
            }
        }

        /* JADX WARN: Multi-variable type inference failed */
        public final ByteString h(p pVar, r3.g gVar, boolean z10, ByteString byteString) {
            k.e(pVar, "rpId");
            k.e(gVar, "credentialId");
            k.e(byteString, "challenge");
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
            try {
                ByteString.Companion companion = ByteString.INSTANCE;
                dataOutputStream.write(companion.c(pVar.f13293a).G().J());
                dataOutputStream.writeByte((z10 ? 5 : 1) | 64);
                dataOutputStream.writeInt(0);
                f fVar = f.f17469a;
                dataOutputStream.write(f.f17470b);
                dataOutputStream.writeShort(gVar.f13279a.w());
                dataOutputStream.write(gVar.f13279a.J());
                dataOutputStream.write(b().J());
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                k.d(byteArray, "payload.toByteArray()");
                dataOutputStream.write(byteString.J());
                q8.c.h(dataOutputStream, null);
                ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                try {
                    x2.b bVar = new x2.b(byteArrayOutputStream2);
                    y2.b<x2.a> b10 = new x2.a().b();
                    a3.i iVar = new a3.i();
                    b10.c(new q("attStmt"), iVar);
                    q qVar = new q("alg");
                    if (iVar.f40b.put(qVar, -7 >= 0 ? new r(-7L) : new a3.j(-7L)) == null) {
                        iVar.f41c.add(qVar);
                    }
                    byte[] e10 = e(byteArrayOutputStream.toByteArray());
                    q qVar2 = new q("sig");
                    if (iVar.f40b.put(qVar2, new a3.c(e10)) == null) {
                        iVar.f41c.add(qVar2);
                    }
                    b10.d("authData", byteArray);
                    b10.c(new q("fmt"), new q("packed"));
                    bVar.b(((x2.a) ((y2.a) b10.f17949a)).f17427b);
                    byte[] byteArray2 = byteArrayOutputStream2.toByteArray();
                    k.d(byteArray2, "it.toByteArray()");
                    ByteString d10 = ByteString.Companion.d(companion, byteArray2, 0, 0, 3);
                    q8.c.h(byteArrayOutputStream2, null);
                    return d10;
                } finally {
                }
            } finally {
            }
        }
    }

    public final synchronized byte[] a() {
        return ByteString.Companion.d(ByteString.INSTANCE, b(a.d("com.akamai.pushzero.webauthn.key.duuid", f17471c)), 0, 0, 3).G().J();
    }

    public final byte[] b(KeyStore.PrivateKeyEntry privateKeyEntry) {
        k.e(privateKeyEntry, "sk");
        PublicKey publicKey = privateKeyEntry.getCertificate().getPublicKey();
        Objects.requireNonNull(publicKey, "null cannot be cast to non-null type java.security.interfaces.ECPublicKey");
        try {
            return j7.a.c(a.EnumC0182a.NIST_P256, a.b.UNCOMPRESSED, ((ECPublicKey) publicKey).getW());
        } catch (Exception e10) {
            throw new CryptoException(e10);
        }
    }
}
