package com.comcast.secclient.authentication;

import android.util.Base64;
import com.comcast.secclient.SecClientException;
import com.comcast.secclient.analytics.RelatedSpanHelper;
import com.comcast.secclient.crypto.CryptoEngine;
import com.comcast.secclient.crypto.CryptoException;
import com.comcast.secclient.model.ApiResult;
import com.comcast.secclient.model.AuthorizationResponse;
import com.comcast.secclient.model.DeviceAuthenticationResult;
import com.comcast.secclient.model.KeyProvisionResult;
import com.comcast.secclient.net.NetworkingEngine;
import com.comcast.secclient.net.SecClientNetworkException;
import com.comcast.secclient.net.SecClientNetworkResponse;
import com.comcast.secclient.swigsecapi.SecApiConstants;
import com.comcast.secclient.util.MoneyTrace;
import com.comcast.secclient.util.MoneyTraceParseException;
import com.comcast.secclient.util.SecClientUrl;
import com.comcast.secclient.util.SerializationException;
import com.comcast.secclient.util.Utilities;
import com.google.android.gms.common.internal.ImagesContract;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.util.Store;

/* loaded from: classes.dex */
public final class AuthnRequest {
    private final CryptoEngine cryptoEngine;
    private final NetworkingEngine networkingEngine;
    private final int SEC_PKCS7_RESULT_SUCCESS = 0;
    private final List<RelatedSpanHelper> relatedSpans = new ArrayList();

    public AuthnRequest(CryptoEngine cryptoEngine, NetworkingEngine networkingEngine) {
        this.cryptoEngine = cryptoEngine;
        this.networkingEngine = networkingEngine;
    }

    public final String generateRequestBody(String str, String str2, byte[] bArr) throws SerializationException {
        HashMap hashMap = new HashMap();
        hashMap.put("id", str);
        hashMap.put("client", Utilities.byteToHexString(bArr));
        hashMap.put("token", str2);
        return Utilities.getJSONFromMap(hashMap);
    }

    /* JADX WARN: Type inference failed for: r1v0, types: [com.comcast.secclient.authentication.AuthnRequest$1HeaderHelper] */
    public final Map<String, String> generateRequestHeaders(SecClientUrl secClientUrl, Map<String, String> map, String str, boolean z, String str2, byte[] bArr, DeviceAuthenticationResult deviceAuthenticationResult) {
        String generateAuthorizationValue;
        HashMap hashMap = new HashMap();
        if (map != null) {
            hashMap.putAll(map);
        }
        if (z && (generateAuthorizationValue = new Object() { // from class: com.comcast.secclient.authentication.AuthnRequest.1HeaderHelper
            /* JADX INFO: Access modifiers changed from: private */
            public String generateAuthorizationValue(SecClientUrl secClientUrl2, String str3, byte[] bArr2, byte[] bArr3, String str4) {
                try {
                    return AuthnRequest.this.cryptoEngine.generateMacHeader("sessionMacKeyId", "hmacSha256", "sha256", str3, bArr2, str4, secClientUrl2.getPath(), secClientUrl2.getHost(), secClientUrl2.getPort(), bArr3);
                } catch (Exception unused) {
                    return null;
                }
            }
        }.generateAuthorizationValue(secClientUrl, str2, bArr, deviceAuthenticationResult.getAmtToken(), str)) != null) {
            hashMap.put("Authorization", generateAuthorizationValue);
        }
        return hashMap;
    }

    public final SecClientNetworkResponse getResponse(String str, Map<String, String> map, String str2) throws SecClientNetworkException {
        long nowInMicroSeconds = Utilities.nowInMicroSeconds();
        HashMap hashMap = new HashMap();
        if (map != null) {
            hashMap.putAll(map);
        }
        try {
            Map<String, String> updateMoneyTrace = Utilities.updateMoneyTrace(hashMap);
            MoneyTrace extractMoneyTrace = Utilities.extractMoneyTrace(updateMoneyTrace);
            SecClientNetworkResponse secClientNetworkResponse = new SecClientNetworkResponse(-1);
            try {
                try {
                    SecClientNetworkResponse doPost = this.networkingEngine.doPost(str, updateMoneyTrace, str2);
                    RelatedSpanHelper relatedSpanHelper = new RelatedSpanHelper("http authn request", extractMoneyTrace, nowInMicroSeconds);
                    if (doPost != null) {
                        relatedSpanHelper.setStatusCodes(doPost.getResponseExtendedCode(), doPost.getResponseBusinessStatus());
                        relatedSpanHelper.getMoneyTrace().closeSpan(doPost.getResponseExtendedCode() != null && doPost.getResponseExtendedCode().intValue() == 200);
                    } else {
                        relatedSpanHelper.setStatusCodes(-1);
                        relatedSpanHelper.getMoneyTrace().closeSpan(false);
                    }
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put(ImagesContract.URL, str);
                    hashMap2.put("headers", Utilities.getJSONFromMapOr(updateMoneyTrace, "Failed to serialize headers"));
                    hashMap2.put("body", str2);
                    relatedSpanHelper.setApiParameters(hashMap2);
                    this.relatedSpans.add(relatedSpanHelper);
                    return doPost;
                } catch (SecClientNetworkException e) {
                    SecClientNetworkResponse secClientNetworkResponse2 = new SecClientNetworkResponse(e);
                    try {
                        throw e;
                    } catch (Throwable th) {
                        th = th;
                        secClientNetworkResponse = secClientNetworkResponse2;
                        RelatedSpanHelper relatedSpanHelper2 = new RelatedSpanHelper("http authn request", extractMoneyTrace, nowInMicroSeconds);
                        relatedSpanHelper2.setStatusCodes(secClientNetworkResponse.getResponseExtendedCode(), secClientNetworkResponse.getResponseBusinessStatus());
                        relatedSpanHelper2.getMoneyTrace().closeSpan(secClientNetworkResponse.getResponseExtendedCode() == null && secClientNetworkResponse.getResponseExtendedCode().intValue() == 200);
                        HashMap hashMap3 = new HashMap();
                        hashMap3.put(ImagesContract.URL, str);
                        hashMap3.put("headers", Utilities.getJSONFromMapOr(updateMoneyTrace, "Failed to serialize headers"));
                        hashMap3.put("body", str2);
                        relatedSpanHelper2.setApiParameters(hashMap3);
                        this.relatedSpans.add(relatedSpanHelper2);
                        throw th;
                    }
                }
            } catch (Throwable th2) {
                th = th2;
                RelatedSpanHelper relatedSpanHelper22 = new RelatedSpanHelper("http authn request", extractMoneyTrace, nowInMicroSeconds);
                relatedSpanHelper22.setStatusCodes(secClientNetworkResponse.getResponseExtendedCode(), secClientNetworkResponse.getResponseBusinessStatus());
                relatedSpanHelper22.getMoneyTrace().closeSpan(secClientNetworkResponse.getResponseExtendedCode() == null && secClientNetworkResponse.getResponseExtendedCode().intValue() == 200);
                HashMap hashMap32 = new HashMap();
                hashMap32.put(ImagesContract.URL, str);
                hashMap32.put("headers", Utilities.getJSONFromMapOr(updateMoneyTrace, "Failed to serialize headers"));
                hashMap32.put("body", str2);
                relatedSpanHelper22.setApiParameters(hashMap32);
                this.relatedSpans.add(relatedSpanHelper22);
                throw th;
            }
        } catch (MoneyTraceParseException unused) {
            throw new SecClientNetworkException(-10);
        }
    }

    /* JADX WARN: Type inference failed for: r1v0, types: [com.comcast.secclient.authentication.AuthnRequest$1ResponseHelper] */
    public final ApiResult<AuthorizationResponse> handleResponse(SecClientNetworkResponse secClientNetworkResponse, KeyProvisionResult keyProvisionResult, final byte[] bArr) {
        Integer responseExtendedCode = secClientNetworkResponse.getResponseExtendedCode();
        Integer responseBusinessStatus = secClientNetworkResponse.getResponseBusinessStatus();
        ?? r1 = new Object() { // from class: com.comcast.secclient.authentication.AuthnRequest.1ResponseHelper
            public byte[] validateAuthenticationResponse(String str) throws SecClientException {
                if (str == null) {
                    throw new SecClientException(-202);
                }
                Map<String, Object> mapFromJson = Utilities.getMapFromJson(str);
                if (mapFromJson.get("message:id") == null) {
                    throw new SecClientException(-202);
                }
                if (mapFromJson.get("message:status") == null || Integer.valueOf((String) mapFromJson.get("message:status")).intValue() != 0) {
                    throw new SecClientException(-202);
                }
                if (mapFromJson.get("message:type") == null) {
                    throw new SecClientException(-202);
                }
                if (!((String) mapFromJson.get("message:type")).equals("clientAuthenticationResponse")) {
                    throw new SecClientException(-202);
                }
                String str2 = (String) mapFromJson.get("client:authnToken");
                if (str2 == null) {
                    throw new SecClientException(-202);
                }
                try {
                    return Base64.decode(str2, 2);
                } catch (Exception unused) {
                    throw new SecClientException(-202);
                }
            }

            public byte[] verifyPkcs7Signature(byte[] bArr2) throws CryptoException {
                X509Certificate x509Certificate;
                try {
                    x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
                } catch (Exception unused) {
                    x509Certificate = null;
                }
                try {
                    CMSSignedData cMSSignedData = new CMSSignedData(bArr2);
                    Store<X509CertificateHolder> certificates = cMSSignedData.getCertificates();
                    Iterator<SignerInformation> it = cMSSignedData.getSignerInfos().getSigners().iterator();
                    while (it.hasNext()) {
                        try {
                            new JcaX509CertificateConverter().getCertificate(certificates.getMatches(it.next().getSID()).iterator().next()).verify(x509Certificate.getPublicKey());
                            return (byte[]) cMSSignedData.getSignedContent().getContent();
                        } catch (Exception unused2) {
                        }
                    }
                    byte[] bArr3 = new byte[25000];
                    for (int i = 0; i < 25000; i++) {
                        bArr3[i] = 0;
                    }
                    AuthnRequest.this.cryptoEngine.pkcs7Verify(bArr2, bArr3, SecApiConstants.SEC_OBJECTID_COMCAST_CERTCA01CERT);
                    byte[] bArr4 = new byte[bArr3.length];
                    for (int i2 = 0; i2 < bArr3.length; i2++) {
                        bArr4[i2] = bArr3[i2];
                    }
                    return bArr4;
                } catch (Exception unused3) {
                    return null;
                }
            }
        };
        AuthorizationResponse.AuthorizationResponseBuilder authorizationResponseBuilder = new AuthorizationResponse.AuthorizationResponseBuilder(secClientNetworkResponse);
        try {
            byte[] validateAuthenticationResponse = r1.validateAuthenticationResponse(secClientNetworkResponse.getResponseBody());
            if (validateAuthenticationResponse == null) {
                return responseWithError(-202, responseExtendedCode, responseBusinessStatus);
            }
            try {
                byte[] verifyPkcs7Signature = r1.verifyPkcs7Signature(validateAuthenticationResponse);
                authorizationResponseBuilder.extendedStatus(responseExtendedCode);
                authorizationResponseBuilder.businessStatus(responseBusinessStatus);
                ApiResult<AuthorizationResponse> apiResult = new ApiResult<>();
                apiResult.setResult(authorizationResponseBuilder.authnToken(new String(verifyPkcs7Signature)).build());
                apiResult.setAnalytics(this.relatedSpans);
                return apiResult;
            } catch (CryptoException unused) {
                return responseWithError(-113, responseExtendedCode, responseBusinessStatus);
            }
        } catch (SecClientException e) {
            return responseWithError(e.getStatus(), responseExtendedCode, responseBusinessStatus);
        }
    }

    public final ApiResult<AuthorizationResponse> responseWithError(int i, Integer num, Integer num2) {
        ApiResult<AuthorizationResponse> apiResult = new ApiResult<>();
        apiResult.setResult(new AuthorizationResponse.AuthorizationResponseBuilder(i).extendedStatus(num).businessStatus(num2).build());
        apiResult.setAnalytics(this.relatedSpans);
        return apiResult;
    }
}
