package cn.authing.webauthn.authenticator.internal.key;

import android.annotation.TargetApi;
import android.security.keystore.KeyGenParameterSpec;
import cn.authing.webauthn.authenticator.AttestationObject;
import cn.authing.webauthn.authenticator.AuthenticatorData;
import cn.authing.webauthn.authenticator.COSEKey;
import cn.authing.webauthn.authenticator.COSEKeyEC2;
import cn.authing.webauthn.error.InvalidStateException;
import cn.authing.webauthn.util.ByteArrayUtil;
import cn.authing.webauthn.util.WAKLogger;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.util.Arrays;
import java.util.HashMap;
import kotlin.TypeCastException;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;

/* compiled from: DefaultKeySupport.kt */
@TargetApi(23)
/* loaded from: classes.dex */
public final class DefaultKeySupport implements KeySupport {
    public static final Companion Companion = new Companion(null);
    public static final String TAG = Reflection.getOrCreateKotlinClass(DefaultKeySupport.class).getSimpleName();
    public final int alg;

    /* compiled from: DefaultKeySupport.kt */
    /* loaded from: classes.dex */
    public static final class Companion {
        public Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public DefaultKeySupport(int i) {
        this.alg = i;
    }

    @Override // cn.authing.webauthn.authenticator.internal.key.KeySupport
    public AttestationObject buildAttestationObject(String alias, byte[] clientDataHash, AuthenticatorData authenticatorData) {
        Intrinsics.checkParameterIsNotNull(alias, "alias");
        Intrinsics.checkParameterIsNotNull(clientDataHash, "clientDataHash");
        Intrinsics.checkParameterIsNotNull(authenticatorData, "authenticatorData");
        byte[] bytes = authenticatorData.toBytes();
        if (bytes == null) {
            WAKLogger.INSTANCE.d(TAG, "failed to build authenticator data");
            return null;
        }
        byte[] sign = sign(alias, ByteArrayUtil.INSTANCE.merge(bytes, clientDataHash));
        if (sign == null) {
            WAKLogger.INSTANCE.d(TAG, "failed to sign authenticator data");
            return null;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("alg", Long.valueOf(getAlg()));
        hashMap.put("sig", sign);
        WAKLogger.INSTANCE.d(TAG, "this android device doesn't support secure-hardware, so, build self attestation");
        return new AttestationObject("packed", authenticatorData, hashMap);
    }

    public final KeyGenParameterSpec createGenParameterSpec(String str, byte[] bArr) {
        return createGenParameterSpecN(str, bArr);
    }

    @TargetApi(24)
    public final KeyGenParameterSpec createGenParameterSpecN(String str, byte[] bArr) {
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(str, 4).setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setDigests("SHA-256").setUserAuthenticationRequired(false).setUserAuthenticationValidityDurationSeconds(300).setAttestationChallenge(bArr).build();
        Intrinsics.checkExpressionValueIsNotNull(build, "KeyGenParameterSpec.Buil…ash)\n            .build()");
        return build;
    }

    @Override // cn.authing.webauthn.authenticator.internal.key.KeySupport
    public COSEKey createKeyPair(String alias, byte[] clientDataHash) {
        Intrinsics.checkParameterIsNotNull(alias, "alias");
        Intrinsics.checkParameterIsNotNull(clientDataHash, "clientDataHash");
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            keyPairGenerator.initialize(createGenParameterSpec(alias, clientDataHash));
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Intrinsics.checkExpressionValueIsNotNull(generateKeyPair, "generator.generateKeyPair()");
            PublicKey publicKey = generateKeyPair.getPublic();
            if (publicKey == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.security.interfaces.ECPublicKey");
            }
            byte[] encoded = ((ECPublicKey) publicKey).getEncoded();
            if (encoded.length != 91) {
                throw new InvalidStateException("length of ECPublicKey should be 91");
            }
            byte[] x = Arrays.copyOfRange(encoded, 27, 59);
            byte[] y = Arrays.copyOfRange(encoded, 59, 91);
            int alg = getAlg();
            Intrinsics.checkExpressionValueIsNotNull(x, "x");
            Intrinsics.checkExpressionValueIsNotNull(y, "y");
            return new COSEKeyEC2(alg, 1, x, y);
        } catch (Exception e) {
            WAKLogger.INSTANCE.w(TAG, "failed to create key pair: " + e.getLocalizedMessage());
            return null;
        }
    }

    @Override // cn.authing.webauthn.authenticator.internal.key.KeySupport
    public int getAlg() {
        return this.alg;
    }

    @Override // cn.authing.webauthn.authenticator.internal.key.KeySupport
    public byte[] sign(String alias, byte[] data) {
        Intrinsics.checkParameterIsNotNull(alias, "alias");
        Intrinsics.checkParameterIsNotNull(data, "data");
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        Key key = keyStore.getKey(alias, null);
        if (key == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.security.PrivateKey");
        }
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign((PrivateKey) key);
        signature.update(data);
        return signature.sign();
    }
}
