package com.comcast.secclient.authentication;

import android.util.Base64;
import com.comcast.secclient.crypto.CryptoEngine;
import com.comcast.secclient.crypto.DH;
import com.comcast.secclient.model.DeviceAuthenticationResult;
import com.comcast.secclient.swigsecapi.SWIGTYPE_p_Sec_DigestHandle;
import com.comcast.secclient.swigsecapi.SWIGTYPE_p_unsigned_int;
import com.comcast.secclient.swigsecapi.SecApi;
import com.comcast.secclient.swigsecapi.SecApiConstants;
import com.comcast.secclient.util.Utilities;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.KeyParameter;

/* loaded from: classes.dex */
public final class ProvisionXACS {
    private final CryptoEngine cryptoEngine;
    private final DeviceAuthenticationResult.DeviceAuthenticationResultBuilder deviceAuthenticationResult = new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(0);

    public ProvisionXACS(CryptoEngine cryptoEngine) {
        this.cryptoEngine = cryptoEngine;
    }

    private final byte[] deriveConcatKDF(byte[] bArr, int i, int i2, byte[] bArr2) {
        byte[] bArr3 = null;
        if (!this.cryptoEngine.secKeyIsSymetric(i)) {
            return null;
        }
        int secKeyGetKeyLenForKeyType = this.cryptoEngine.secKeyGetKeyLenForKeyType(i);
        int secDigestGetDigestLenForAlgorithm = this.cryptoEngine.secDigestGetDigestLenForAlgorithm(i2);
        byte[] bArr4 = new byte[secKeyGetKeyLenForKeyType];
        byte b = 0;
        for (int i3 = 0; i3 < secKeyGetKeyLenForKeyType; i3++) {
            bArr4[i3] = 0;
        }
        int i4 = secKeyGetKeyLenForKeyType / secDigestGetDigestLenForAlgorithm;
        int i5 = secKeyGetKeyLenForKeyType % secDigestGetDigestLenForAlgorithm;
        int i6 = 1;
        int i7 = i4 + (i5 == 0 ? 0 : 1);
        if (i7 > 255) {
            return null;
        }
        byte[] bArr5 = {0, 0, 0, 0};
        int i8 = 0;
        while (i6 <= i7) {
            bArr5[3] = (byte) i6;
            SWIGTYPE_p_Sec_DigestHandle newDigestHandle = this.cryptoEngine.newDigestHandle(i2);
            if (newDigestHandle == null || SecApi.SecDigest_Update(newDigestHandle, bArr5, bArr5.length) != 0 || SecApi.SecDigest_Update(newDigestHandle, bArr, bArr.length) != 0 || SecApi.SecDigest_Update(newDigestHandle, bArr2, bArr2.length) != 0) {
                return bArr3;
            }
            byte[] bArr6 = new byte[SecApiConstants.SEC_DIGEST_MAX_LEN];
            for (int i9 = 0; i9 < SecApiConstants.SEC_DIGEST_MAX_LEN; i9++) {
                bArr6[i6] = b;
            }
            SWIGTYPE_p_unsigned_int new_uintp = SecApi.new_uintp();
            int i10 = i7;
            SecApi.uintp_assign(new_uintp, SecApiConstants.SEC_MAC_MAX_LEN);
            if (SecApi.SecDigest_Release(newDigestHandle, bArr6, new_uintp) != 0) {
                return null;
            }
            int uintp_value = (int) SecApi.uintp_value(new_uintp);
            byte[] bArr7 = new byte[uintp_value];
            for (int i11 = 0; i11 < uintp_value; i11++) {
                bArr7[i11] = bArr6[i11];
            }
            i7 = i10;
            if (i6 < i7 || i5 == 0) {
                System.arraycopy(bArr7, 0, bArr4, i8, bArr7.length);
            } else {
                for (int i12 = 0; i12 < i5; i12++) {
                    bArr4[i12 + i8] = bArr7[i12];
                }
            }
            i8 = i6 * secDigestGetDigestLenForAlgorithm;
            i6++;
            bArr3 = null;
            b = 0;
        }
        return bArr4;
    }

    private final byte[] getAESECBEncrypt(byte[] bArr, byte[] bArr2, String str) {
        try {
            Cipher cipher = Cipher.getInstance(str);
            cipher.init(1, new SecretKeySpec(bArr, "AES"));
            return cipher.doFinal(bArr2);
        } catch (Exception unused) {
            return null;
        }
    }

    private final byte[] getHMAC(byte[] bArr, byte[] bArr2) {
        if (bArr != null && bArr2 != null) {
            try {
                HMac hMac = new HMac(new SHA256Digest());
                byte[] bArr3 = new byte[hMac.getMacSize()];
                hMac.init(new KeyParameter(bArr));
                hMac.update(bArr2, 0, bArr2.length);
                hMac.doFinal(bArr3, 0);
                return bArr3;
            } catch (Exception unused) {
            }
        }
        return null;
    }

    private final int readDeviceAuthenticationKeys() {
        byte[] bArr;
        String bigInteger = SecApiConstants.SEC_OBJECTID_COMCAST_XCALSESSIONMACKEY.toString(16);
        String bigInteger2 = SecApiConstants.SEC_OBJECTID_COMCAST_XCALSESSIONENCKEY.toString(16);
        int exportKeySize = this.cryptoEngine.exportKeySize(SecApiConstants.SEC_OBJECTID_COMCAST_XCALSESSIONMACKEY);
        byte[] bArr2 = null;
        if (exportKeySize > 0) {
            byte[] bArr3 = new byte[exportKeySize];
            bArr = bArr3;
            exportKeySize = this.cryptoEngine.exportKey(SecApiConstants.SEC_OBJECTID_COMCAST_XCALSESSIONMACKEY, bArr3);
        } else {
            bArr = null;
        }
        if (exportKeySize > 0 && bArr != null) {
            this.deviceAuthenticationResult.sessionMacingKeyAdd(bigInteger, Base64.encodeToString(bArr, 2));
            int exportKeySize2 = this.cryptoEngine.exportKeySize(SecApiConstants.SEC_OBJECTID_COMCAST_XCALSESSIONENCKEY);
            if (exportKeySize2 > 0) {
                bArr2 = new byte[exportKeySize2];
                exportKeySize2 = this.cryptoEngine.exportKey(SecApiConstants.SEC_OBJECTID_COMCAST_XCALSESSIONENCKEY, bArr2);
            }
            if (exportKeySize2 > 0 && bArr2 != null) {
                this.deviceAuthenticationResult.sessionEncryptionKeyAdd(bigInteger2, Base64.encodeToString(bArr2, 2));
                return 0;
            }
        }
        return -14;
    }

    private final byte[] verifyEncKey(byte[] bArr, byte[] bArr2, byte[] bArr3, String str, String str2, String str3) {
        byte[] aESECBEncrypt;
        byte[] deriveConcatKDF = deriveConcatKDF(bArr2, this.cryptoEngine.getCipherKeyType(str2), 1, bArr);
        if (deriveConcatKDF == null || (aESECBEncrypt = getAESECBEncrypt(deriveConcatKDF, bArr3, str3)) == null || !Base64.encodeToString(aESECBEncrypt, 2).equals(str)) {
            return null;
        }
        return deriveConcatKDF;
    }

    private final byte[] verifyMacKey(byte[] bArr, byte[] bArr2, byte[] bArr3, String str, String str2) {
        byte[] deriveConcatKDF = deriveConcatKDF(bArr2, this.cryptoEngine.getCipherKeyType(str2), 1, bArr);
        if (deriveConcatKDF != null && Base64.encodeToString(getHMAC(deriveConcatKDF, bArr3), 2).equals(str)) {
            return deriveConcatKDF;
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v0, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r1v1 */
    public final DeviceAuthenticationResult.DeviceAuthenticationResultBuilder provisionXACSObject(Map<String, Object> map, DH dh, String str, byte[] bArr) {
        int i = "client:accessMacId";
        try {
            try {
                if (!map.containsKey("client:sessionKeyAgreementPublicKey")) {
                    return new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(-12);
                }
                byte[] computeSharedKey = dh.computeSharedKey(Base64.decode((String) map.get("client:sessionKeyAgreementPublicKey"), 2));
                if (computeSharedKey[0] < 0) {
                    byte[] bArr2 = new byte[computeSharedKey.length + 1];
                    bArr2[0] = 0;
                    System.arraycopy(computeSharedKey, 0, bArr2, 1, computeSharedKey.length);
                    computeSharedKey = bArr2;
                }
                if (!map.containsKey("client:providerDeviceId")) {
                    return new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(-12);
                }
                String str2 = (String) map.get("client:providerDeviceId");
                if (!map.containsKey("client:sessionKeyAgreementMacVerify")) {
                    return new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(-12);
                }
                String str3 = (String) map.get("client:sessionKeyAgreementMacVerify");
                if (!map.containsKey("client:sessionKeyAgreementMacKeyAlgorithm")) {
                    return new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(-12);
                }
                String str4 = (String) map.get("client:sessionKeyAgreementMacKeyAlgorithm");
                if (!map.containsKey("client:sessionKeyAgreementEncVerify")) {
                    return new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(-12);
                }
                String str5 = (String) map.get("client:sessionKeyAgreementEncVerify");
                if (!map.containsKey("client:sessionKeyAgreementEncKeyAlgorithm")) {
                    return new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(-12);
                }
                String str6 = (String) map.get("client:sessionKeyAgreementEncKeyAlgorithm");
                if (!map.containsKey("client:sessionKeyAgreementEncKeyCipherAlgorithm")) {
                    return new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(-12);
                }
                String str7 = (String) map.get("client:sessionKeyAgreementEncKeyCipherAlgorithm");
                if (!map.containsKey("client:accessMacId")) {
                    return new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(-12);
                }
                this.deviceAuthenticationResult.deviceAuthenticationClientMacId((String) map.get("client:accessMacId"));
                if (!map.containsKey("client:accessMacAlgorithm")) {
                    return new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(-116);
                }
                String str8 = (String) map.get("client:accessMacAlgorithm");
                if (!DeviceAuthenticationResult.isValidMacAlgorithm(str8)) {
                    return new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(-116);
                }
                HashMap hashMap = new HashMap();
                hashMap.put("accessMacAlgorithm", str8);
                this.deviceAuthenticationResult.deviceAuthenticationContext(hashMap);
                if (!map.containsKey("client:authnTokenDurationSeconds")) {
                    return new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(-12);
                }
                this.deviceAuthenticationResult.refreshDuration(Integer.valueOf((String) map.get("client:authnTokenDurationSeconds")).intValue());
                ArrayList arrayList = new ArrayList();
                arrayList.add(str4);
                arrayList.add(str2);
                arrayList.add(bArr);
                arrayList.add(str);
                byte[] verifyMacKey = verifyMacKey(Utilities.generateOtherInfo(arrayList), computeSharedKey, bArr, str3, str4);
                if (verifyMacKey == null) {
                    return new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(-110);
                }
                arrayList.clear();
                arrayList.add(str6);
                arrayList.add(str2);
                arrayList.add(bArr);
                arrayList.add(str);
                byte[] verifyEncKey = verifyEncKey(Utilities.generateOtherInfo(arrayList), computeSharedKey, bArr, str5, str6, str7);
                if (verifyEncKey == null) {
                    return new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(-112);
                }
                if (!map.containsKey("client:accessMacToken")) {
                    return new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(-12);
                }
                String str9 = (String) map.get("client:accessMacToken");
                if (!map.containsKey("client:authnToken")) {
                    return new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(-12);
                }
                String str10 = (String) map.get("client:authnToken");
                if (this.cryptoEngine.provisionBundle(SecApiConstants.SEC_OBJECTID_COMCAST_XCALSESSIONMACKEYTOKEN, str9.getBytes(Charset.forName("UTF-8"))) != 0) {
                    return new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(-14);
                }
                this.deviceAuthenticationResult.amtToken(Base64.decode(str9, 2));
                if (this.cryptoEngine.provisionBundle(SecApiConstants.SEC_OBJECTID_COMCAST_XCALSESSIONCONTEXTTOKEN, str10.getBytes(Charset.forName("UTF-8"))) != 0) {
                    return new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(-14);
                }
                this.deviceAuthenticationResult.deviceToken(str10);
                if (this.cryptoEngine.provisionKey(SecApiConstants.SEC_OBJECTID_COMCAST_XCALSESSIONMACKEY, 4, verifyMacKey) == 0 && this.cryptoEngine.provisionKey(SecApiConstants.SEC_OBJECTID_COMCAST_XCALSESSIONENCKEY, 0, verifyEncKey) == 0) {
                    int readDeviceAuthenticationKeys = readDeviceAuthenticationKeys();
                    return readDeviceAuthenticationKeys != 0 ? new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(readDeviceAuthenticationKeys) : this.deviceAuthenticationResult;
                }
                return new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(-14);
            } catch (Exception unused) {
                return new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(i);
            }
        } catch (Exception unused2) {
            i = -12;
        }
    }
}
