package com.ncsoft.fido.uaf.operation;

import android.os.Build;
import com.ncsoft.fido.client.FidoPreferences;
import com.ncsoft.fido.client.LogUtil;
import com.ncsoft.fido.uaf.Constant;
import com.ncsoft.fido.uaf.crypto.BCrypt;
import com.ncsoft.fido.uaf.crypto.Base64url;
import com.ncsoft.fido.uaf.crypto.FidoSigner;
import com.ncsoft.fido.uaf.crypto.SHA;
import com.ncsoft.fido.uaf.model.UafResponseData;
import com.ncsoft.fido.uaf.tlv.AlgAndEncodingEnum;
import com.ncsoft.fido.uaf.tlv.TagsEnum;
import java.io.ByteArrayOutputStream;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.KeyPair;

/* loaded from: classes.dex */
public class AuthAssertionBuilder {
    private static final String TAG = AuthAssertionBuilder.class.getSimpleName();
    private FidoSigner fidoSigner;
    private KeyPair signingKeyPair;
    private String username;

    public AuthAssertionBuilder(String str, FidoSigner fidoSigner, KeyPair keyPair) {
        this.username = str;
        this.fidoSigner = fidoSigner;
        this.signingKeyPair = keyPair;
    }

    private byte[] encodeInt(int i) {
        return new byte[]{(byte) (i & 255), (byte) ((65280 & i) >> 8)};
    }

    private byte[] getAAID() {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(Constant.AAID.getBytes());
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] getAuthAssertion(UafResponseData uafResponseData) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_UAFV1_SIGNED_DATA.id));
        byte[] signedData = getSignedData(uafResponseData);
        byteArrayOutputStream.write(encodeInt(signedData.length));
        byteArrayOutputStream.write(signedData);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_SIGNATURE.id));
        byte[] signature = getSignature(byteArray);
        byteArrayOutputStream.write(encodeInt(signature.length));
        byteArrayOutputStream.write(signature);
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] getCounters() {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(encodeInt(0));
        byteArrayOutputStream.write(encodeInt(1));
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] getFC(UafResponseData uafResponseData) {
        return SHA.sha(uafResponseData.getFcParams().getBytes(), "SHA-256");
    }

    private byte[] getKeyId() {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        String userKeyId = FidoPreferences.INSTANCE.getUserKeyId(this.username);
        LogUtil.INSTANCE.d(TAG, String.format("userId : %s, keyId : %s", this.username, userKeyId));
        byteArrayOutputStream.write(userKeyId.getBytes());
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] getSignature(byte[] bArr) {
        LogUtil.INSTANCE.d(TAG, "getSignature");
        LogUtil.INSTANCE.i(TAG, "dataForSigning : " + Base64url.encode(bArr));
        byte[] sign = this.fidoSigner.sign(bArr, this.signingKeyPair);
        LogUtil.INSTANCE.i(TAG, "signature : " + Base64url.encode(sign));
        return sign;
    }

    private byte[] getSignedData(UafResponseData uafResponseData) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_AAID.id));
        byte[] aaid = getAAID();
        byteArrayOutputStream.write(encodeInt(aaid.length));
        byteArrayOutputStream.write(aaid);
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_ASSERTION_INFO.id));
        byte[] makeAssertionInfo = makeAssertionInfo();
        byteArrayOutputStream.write(encodeInt(makeAssertionInfo.length));
        byteArrayOutputStream.write(makeAssertionInfo);
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_AUTHENTICATOR_NONCE.id));
        byte[] bytes = SHA.sha256(BCrypt.gensalt()).getBytes();
        byteArrayOutputStream.write(encodeInt(bytes.length));
        byteArrayOutputStream.write(bytes);
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_FINAL_CHALLENGE.id));
        byte[] fc = getFC(uafResponseData);
        byteArrayOutputStream.write(encodeInt(fc.length));
        byteArrayOutputStream.write(fc);
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_TRANSACTION_CONTENT_HASH.id));
        byteArrayOutputStream.write(encodeInt(0));
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_KEYID.id));
        byte[] keyId = getKeyId();
        byteArrayOutputStream.write(encodeInt(keyId.length));
        byteArrayOutputStream.write(keyId);
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_COUNTERS.id));
        byte[] counters = getCounters();
        byteArrayOutputStream.write(encodeInt(counters.length));
        byteArrayOutputStream.write(counters);
        return byteArrayOutputStream.toByteArray();
    }

    private static byte[] makeAssertionInfo() {
        ByteBuffer allocate = ByteBuffer.allocate(5);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        allocate.put((byte) 0);
        allocate.put((byte) 0);
        allocate.put((byte) 1);
        if (Build.VERSION.SDK_INT >= 23) {
            allocate.putShort((short) AlgAndEncodingEnum.UAF_ALG_SIGN_SECP256R1_ECDSA_SHA256_DER.id);
        } else {
            allocate.putShort((short) AlgAndEncodingEnum.UAF_ALG_SIGN_SECP256R1_ECDSA_SHA256_RAW.id);
        }
        return (byte[]) allocate.array().clone();
    }

    public String getAssertions(UafResponseData uafResponseData) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(encodeInt(TagsEnum.TAG_UAFV1_AUTH_ASSERTION.id));
        byte[] authAssertion = getAuthAssertion(uafResponseData);
        byteArrayOutputStream.write(encodeInt(authAssertion.length));
        byteArrayOutputStream.write(authAssertion);
        String encodeToString = Base64url.encodeToString(byteArrayOutputStream.toByteArray());
        LogUtil.INSTANCE.i(TAG, "assertion : " + encodeToString);
        return encodeToString;
    }
}
