package com.comcast.secclient.authentication;

import android.util.Base64;
import com.comcast.secclient.analytics.RelatedSpanHelper;
import com.comcast.secclient.crypto.CryptoEngine;
import com.comcast.secclient.crypto.CryptoException;
import com.comcast.secclient.crypto.DH;
import com.comcast.secclient.model.ApiResult;
import com.comcast.secclient.model.AuthorizationResponse;
import com.comcast.secclient.model.ChallengeResponse;
import com.comcast.secclient.model.DeviceAuthenticationResult;
import com.comcast.secclient.model.KeyProvisionResult;
import com.comcast.secclient.net.NetworkingEngine;
import com.comcast.secclient.net.SecClientNetworkException;
import com.comcast.secclient.net.SecClientNetworkResponse;
import com.comcast.secclient.swigsecapi.SecApiConstants;
import com.comcast.secclient.util.SecClientUrl;
import com.comcast.secclient.util.SerializationException;
import com.comcast.secclient.util.Utilities;
import java.net.MalformedURLException;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;

/* loaded from: classes.dex */
public final class AuthenticationClient {
    private final byte[] clientNonce;
    private final CryptoEngine cryptoEngine;
    private final byte[] deviceId;
    private final NetworkingEngine networkingEngine;
    private final int SEC_AUTHN_CLIENTNONCE_LEN = 20;
    private final String SEC_AUTHN_XACS_IDP_CHALLENGE_3_0 = "/xacs/idp/challenge/3.0";
    private final String SEC_AUTHN_XACS_IDP_AUTHN_3_0 = "/xacs/idp/authn/3.0";
    private final String traceId = UUID.randomUUID().toString();
    private final List<RelatedSpanHelper> relatedSpans = new ArrayList();

    public AuthenticationClient(CryptoEngine cryptoEngine, NetworkingEngine networkingEngine) throws CryptoException {
        this.cryptoEngine = cryptoEngine;
        this.networkingEngine = networkingEngine;
        this.deviceId = this.cryptoEngine.getDeviceId();
        this.clientNonce = cryptoEngine.generateRandomBytes(20);
    }

    private final ApiResult<AuthorizationResponse> getAuthnToken(String str, Map<String, String> map, boolean z, String str2, String str3, KeyProvisionResult keyProvisionResult, DeviceAuthenticationResult deviceAuthenticationResult, byte[] bArr) {
        AuthnRequest authnRequest = new AuthnRequest(this.cryptoEngine, this.networkingEngine);
        try {
            SecClientUrl secClientUrl = new SecClientUrl(str);
            secClientUrl.addPath("/xacs/idp/authn/3.0");
            try {
                String generateRequestBody = authnRequest.generateRequestBody(str2, str3, this.deviceId);
                Map<String, String> generateRequestHeaders = authnRequest.generateRequestHeaders(secClientUrl, map, generateRequestBody, z, str2, this.clientNonce, deviceAuthenticationResult);
                if (generateRequestHeaders == null) {
                    return authnRequest.responseWithError(-11, null, null);
                }
                new SecClientNetworkResponse(-1);
                try {
                    return authnRequest.handleResponse(authnRequest.getResponse(secClientUrl.toString(), generateRequestHeaders, generateRequestBody), keyProvisionResult, bArr);
                } catch (SecClientNetworkException e) {
                    return authnRequest.responseWithError(e.getStatus(), e.getExtendedStatus(), e.getBusinessStatus());
                }
            } catch (SerializationException unused) {
                return authnRequest.responseWithError(-11, null, null);
            }
        } catch (MalformedURLException unused2) {
            return authnRequest.responseWithError(-6, null, null);
        }
    }

    private final ApiResult<ChallengeResponse> getChallengeToken(String str, Map<String, String> map, String str2, String str3, String str4) {
        ChallengeRequest challengeRequest = new ChallengeRequest(this.networkingEngine);
        try {
            SecClientUrl secClientUrl = new SecClientUrl(str);
            secClientUrl.addPath("/xacs/idp/challenge/3.0");
            Map<String, String> generateRequestHeaders = challengeRequest.generateRequestHeaders(map, str2, str3, str4);
            new SecClientNetworkResponse(-1);
            try {
                return challengeRequest.handleResponse(challengeRequest.getResponse(secClientUrl.toString(), generateRequestHeaders));
            } catch (SecClientNetworkException e) {
                return challengeRequest.responseWithError(e.getStatus(), e.getExtendedStatus(), e.getBusinessStatus());
            }
        } catch (MalformedURLException unused) {
            return challengeRequest.responseWithError(-6, null, null);
        }
    }

    private final ApiResult<DeviceAuthenticationResult> responseWithError(int i, Integer num) {
        ApiResult<DeviceAuthenticationResult> apiResult = new ApiResult<>();
        apiResult.setResult(new DeviceAuthenticationResult.DeviceAuthenticationResultBuilder(i).extendedStatus(num).build());
        apiResult.setAnalytics(this.relatedSpans);
        return apiResult;
    }

    /* JADX WARN: Type inference failed for: r10v0, types: [com.comcast.secclient.authentication.AuthenticationClient$1AuthHelper] */
    public final ApiResult<DeviceAuthenticationResult> authenticateDevice(String str, Map<String, String> map, KeyProvisionResult keyProvisionResult, DeviceAuthenticationResult deviceAuthenticationResult, String str2) {
        ?? r10 = new Object() { // from class: com.comcast.secclient.authentication.AuthenticationClient.1AuthHelper
            /* JADX INFO: Access modifiers changed from: private */
            public String generateClientToken(Map<String, String> map2, String str3, String str4, String str5) throws SerializationException, CryptoException {
                HashMap hashMap = new HashMap();
                hashMap.put("message:type", "clientAuthentication");
                hashMap.put("client:nonce", Base64.encodeToString(AuthenticationClient.this.clientNonce, 2));
                hashMap.put("client:authnToken", str3);
                hashMap.put("client:sessionKeyAgreementPublicKey", str4);
                if (str5 != null) {
                    hashMap.put("client:accountToken", str5);
                }
                if (map2 != null) {
                    hashMap.putAll(map2);
                }
                byte[] bytes = Utilities.getJSONFromMap(hashMap).getBytes(Charset.forName("UTF-8"));
                byte[] bArr = new byte[25000];
                for (int i = 0; i < 25000; i++) {
                    bArr[i] = 0;
                }
                AuthenticationClient.this.cryptoEngine.pkcs7Sign(bytes, bArr, SecApiConstants.SEC_OBJECTID_COMCAST_SGNKEY, SecApiConstants.SEC_OBJECTID_COMCAST_SGNCERT);
                byte[] bArr2 = new byte[bArr.length];
                for (int i2 = 0; i2 < bArr.length; i2++) {
                    bArr2[i2] = bArr[i2];
                }
                return Base64.encodeToString(bArr2, 2);
            }

            /* JADX INFO: Access modifiers changed from: private */
            public Boolean validateAuthorizationValues(Map<String, Object> map2) {
                return (map2 == null || map2.get("message:id") == null || !map2.get("message:type").equals("clientAuthenticationResponseToken") || !map2.get("client:nonce").equals(Base64.encodeToString(AuthenticationClient.this.clientNonce, 2)) || map2.get("client:authnToken") == null || map2.get("client:authnTokenIssueDate") == null || map2.get("client:authnTokenNotBefore") == null || map2.get("client:authnTokenNotOnOrAfter") == null || map2.get("client:authnTokenDurationSeconds") == null) ? false : true;
            }

            Map<String, String> ensureMobileIdentity(Map<String, String> map2) {
                HashMap hashMap = new HashMap();
                if (map2 != null) {
                    hashMap.putAll(map2);
                }
                if (!hashMap.containsKey("client:product")) {
                    hashMap.put("client:product", "cdvr");
                }
                if (!hashMap.containsKey("client:type")) {
                    hashMap.put("client:type", "xacsMobileAuthn");
                }
                return hashMap;
            }

            byte[] getSigningKey(DeviceAuthentication deviceAuthentication, KeyProvisionResult keyProvisionResult2) {
                String str3 = Utilities.byteToHexString(SecApiConstants.SEC_OBJECTID_COMCAST_CERTCA01CERT.toByteArray()) + ".cert";
                if (keyProvisionResult2 == null || keyProvisionResult2.getProvisionObjects() == null || !keyProvisionResult2.getProvisionObjects().containsKey(str3)) {
                    return null;
                }
                byte[] decode = Base64.decode(keyProvisionResult2.getProvisionObjects().get(str3), 2);
                if (Boolean.valueOf(deviceAuthentication.restoreProvisionedKeys(keyProvisionResult2)).booleanValue()) {
                    return decode;
                }
                return null;
            }
        };
        DeviceAuthentication deviceAuthentication = new DeviceAuthentication(this.cryptoEngine);
        map.putAll(r10.ensureMobileIdentity(map));
        String str3 = map.get("client:type");
        ApiResult<ChallengeResponse> challengeToken = getChallengeToken(str, map, this.traceId, str3, Utilities.byteToHexString(this.deviceId));
        ChallengeResponse result = challengeToken.getResult();
        this.relatedSpans.addAll(challengeToken.getAnalytics());
        if (result == null) {
            return responseWithError(-201, null);
        }
        if (result.getStatus() != 0) {
            return responseWithError(result.getStatus(), result.getExtendedStatus());
        }
        DH dh = new DH(DeviceAuthentication.sec_authn_dh_p, DeviceAuthentication.sec_authn_dh_g, 320);
        String encodeToString = Base64.encodeToString(Utilities.sizeBytes(dh.generatePublicKey(), 384), 2);
        if (encodeToString == null) {
            return responseWithError(-108, null);
        }
        boolean z = deviceAuthenticationResult != null && deviceAuthenticationResult.getStatus() == 0;
        if (deviceAuthenticationResult != null) {
            try {
                if (!deviceAuthentication.restoreDeviceAuthenticationKeys(deviceAuthenticationResult)) {
                    return responseWithError(-116, null);
                }
            } catch (Exception unused) {
                return responseWithError(-14, null);
            }
        }
        try {
            ApiResult<AuthorizationResponse> authnToken = getAuthnToken(str, map, z, result.getId(), r10.generateClientToken(map, result.getChallengeToken(), encodeToString, str2), keyProvisionResult, deviceAuthenticationResult, r10.getSigningKey(deviceAuthentication, keyProvisionResult));
            AuthorizationResponse result2 = authnToken.getResult();
            this.relatedSpans.addAll(authnToken.getAnalytics());
            if (result2 == null) {
                return responseWithError(-202, null);
            }
            if (result2.getStatus() != 0) {
                return responseWithError(result2.getStatus(), result2.getExtendedStatus());
            }
            Map<String, Object> mapFromJson = Utilities.getMapFromJson(result2.getAuthnToken());
            if (!mapFromJson.isEmpty() && r10.validateAuthorizationValues(mapFromJson).booleanValue()) {
                DeviceAuthenticationResult.DeviceAuthenticationResultBuilder provisionXACSObject = new ProvisionXACS(this.cryptoEngine).provisionXACSObject(mapFromJson, dh, str3, this.clientNonce);
                provisionXACSObject.extendedStatus(result2.getExtendedStatus());
                ApiResult<DeviceAuthenticationResult> apiResult = new ApiResult<>();
                apiResult.setResult(provisionXACSObject.build());
                apiResult.setAnalytics(this.relatedSpans);
                return apiResult;
            }
            return responseWithError(-202, result2.getExtendedStatus());
        } catch (CryptoException | SerializationException unused2) {
            return responseWithError(-113, null);
        }
    }
}
