package com.ifaa.sdk.authenticatorservice.compat.manager;

import android.util.Base64;
import com.esandinfo.ifaa.bean.IFAARandom;
import com.esandinfo.ifaa.bean.KeyExchange;
import com.esandinfo.ifaa.bean.SessionKey;
import com.ifaa.sdk.auth.AuthenticatorLOG;
import com.ifaa.sdk.authenticatorservice.compat.manager.EtasKeystore;
import com.ifaa.sdk.util.AESUtils;
import com.ifaa.sdk.util.DataUtils;
import com.ifaa.sdk.util.HmacUtils;
import com.ifaa.sdk.util.PRFUtils;
import com.ifaa.sdk.util.RSAUtils;
import java.util.Arrays;
import org.bouncycastle.jcajce.spec.TLSKeyMaterialSpec;

/* loaded from: classes4.dex */
public class EtasMasterSecret {
    private static final int DEFAULT_SESSION_ENC_IV_SIZE = 16;
    private static final int DEFAULT_SESSION_ENC_KEY_SIZE = 32;
    private static final int DEFAULT_SESSION_MAC_KEY_SIZE = 32;
    private IFAARandom random = new IFAARandom();
    private byte[] masterSecret = EtasKeystore.random(32);

    private byte[] calKeyBlock(byte[] bArr, byte[] bArr2, byte[] bArr3, int i, HmacUtils.HmacAlgorithm hmacAlgorithm) {
        byte[] bytes = TLSKeyMaterialSpec.f.getBytes();
        byte[] bArr4 = new byte[bytes.length + bArr2.length + bArr3.length];
        System.arraycopy(bytes, 0, bArr4, 0, bytes.length);
        int length = bytes.length;
        System.arraycopy(bArr2, 0, bArr4, length, bArr2.length);
        System.arraycopy(bArr3, 0, bArr4, length + bArr2.length, bArr3.length);
        return PRFUtils.doPRF(hmacAlgorithm, bArr, bArr4, i);
    }

    public SessionKey calSession(KeyExchange keyExchange) {
        byte[] random = this.random.getRandom();
        byte[] random2 = keyExchange.getRandom().getRandom();
        byte[] decode = Base64.decode(keyExchange.getMasterIv(), 2);
        HmacUtils.HmacAlgorithm hmacAlgorithm = HmacUtils.HmacAlgorithm.HmacSHA256;
        int i = AESUtils.BLOCK_SIZE * 2;
        int size = hmacAlgorithm.getSize();
        byte[] calKeyBlock = calKeyBlock(this.masterSecret, random2, random, i + size, hmacAlgorithm);
        byte[] bArr = new byte[i];
        System.arraycopy(calKeyBlock, 0, bArr, 0, i);
        byte[] bArr2 = new byte[size];
        System.arraycopy(calKeyBlock, i, bArr2, 0, size);
        SessionKey sessionKey = new SessionKey();
        sessionKey.setMasterSecret(bArr);
        sessionKey.setMasterIv(decode);
        sessionKey.setMacSecret(bArr2);
        return sessionKey;
    }

    public KeyExchange createKeyExchange() {
        KeyExchange keyExchange = new KeyExchange();
        try {
            byte[] encrypt = EtasKeystore.encrypt(EtasKeystore.RegisterKeyAlias.IFAA_TRANSPORT_ENCRYPT_KEY, RSAUtils.RSAEncryptAlgorithm.PKCS1_1_5.getAlgorithm(), this.masterSecret);
            keyExchange.setRandom(this.random);
            keyExchange.setMasterSecret(Base64.encodeToString(encrypt, 0));
        } catch (Exception e) {
            AuthenticatorLOG.error("createKeyExchange failed, error:" + e.getMessage());
            AuthenticatorLOG.error(e);
        }
        return keyExchange;
    }

    public byte[] decryptData(SessionKey sessionKey, byte[] bArr) {
        try {
            byte[] decrypt = AESUtils.decrypt(sessionKey.getMasterSecret(), sessionKey.getMasterIv(), bArr, AESUtils.AESAlgorithm.CBC.getAlgorithm());
            int length = decrypt.length;
            if (length < 4) {
                AuthenticatorLOG.error("incorrect parameter length.");
                return null;
            }
            byte[] bArr2 = new byte[4];
            System.arraycopy(decrypt, 0, bArr2, 0, 4);
            int bigEndianToInt = DataUtils.bigEndianToInt(bArr2, 0);
            int i = 4 + bigEndianToInt;
            if (length < i) {
                AuthenticatorLOG.error("incorrect parameter length.");
                return null;
            }
            byte[] bArr3 = new byte[bigEndianToInt];
            System.arraycopy(decrypt, 4, bArr3, 0, bigEndianToInt);
            int i2 = bigEndianToInt + 8;
            if (length < i2) {
                AuthenticatorLOG.error("incorrect parameter length.");
                return null;
            }
            byte[] bArr4 = new byte[4];
            System.arraycopy(decrypt, i, bArr4, 0, 4);
            int bigEndianToInt2 = DataUtils.bigEndianToInt(bArr4, 0);
            if (length < i2 + bigEndianToInt2) {
                AuthenticatorLOG.error("incorrect parameter length.");
                return null;
            }
            byte[] bArr5 = new byte[bigEndianToInt2];
            System.arraycopy(decrypt, i2, bArr5, 0, bigEndianToInt2);
            byte[] hash = HmacUtils.hash(sessionKey.getMacSecret(), bArr3, HmacUtils.HmacAlgorithm.HmacSHA256.getAlgorithm());
            if (bigEndianToInt2 == hash.length && Arrays.equals(hash, bArr5)) {
                return bArr3;
            }
            AuthenticatorLOG.error("Mac value does not match.");
            return null;
        } catch (Exception e) {
            AuthenticatorLOG.error("Failure to decrypt data, error:" + e.getMessage());
            AuthenticatorLOG.error(e);
            return null;
        }
    }
}
