package com.entrust.identityGuard.mobilesc.sdk.a;

import android.content.Context;
import android.util.Log;
import com.entrust.identityGuard.mobilesc.sdk.PIVKeyAndCertType;
import com.entrust.identityGuard.mobilesc.sdk.PinRulesValue;
import com.entrust.identityGuard.mobilesc.sdk.SmartCredentialActivationStatus;
import com.entrust.identityGuard.mobilesc.sdk.SmartCredentialPinRules;
import com.entrust.identityGuard.mobilesc.sdk.SmartCredentialSDK;
import com.entrust.identityGuard.mobilesc.sdk.crypto.android.PRNGFixes;
import com.microsoft.identity.common.java.eststelemetry.SchemaConstants;
import com.yubico.yubikit.core.fido.CtapException;
import java.io.ByteArrayInputStream;
import java.io.FileNotFoundException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.SecretKey;
import org.conscrypt.util.IntegralToString;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class h {
    private static final byte[] b;
    private static final byte[] c;
    private static final byte[] d;
    private static final byte[] e;
    private static final byte[] f;
    private static final List<byte[]> g;
    private boolean cacheValid = false;
    private SmartCredentialActivationStatus cachedActivationStatus;
    private byte[] cachedCardAuthCertificate;
    private Date cachedCardAuthCertificateExpiryDate;
    private byte[] cachedCardHolderFacialImage;
    private byte[] cachedDigSignCertificate;
    private Date cachedDigSignCertificateExpiryDate;
    private byte[] cachedEncryptionCertificate;
    private Date cachedEncryptionCertificateExpiryDate;
    private boolean cachedFipsModeRequired;
    private boolean cachedIsUnblockSupported;
    private byte[] cachedPIVAuthCertificate;
    private Date cachedPIVAuthCertificateExpiryDate;
    private int cachedPinAttemptsRemaining;
    private SmartCredentialPinRules cachedPinRules;
    private List<Date> certExpiryDates;
    private List<byte[]> certList;
    private c dataManager;
    private String jsState;
    private e keyManager;
    private Context m_context;
    private SecureRandom secureRandom;
    private String stateFilename;
    private static final byte[] a = {-96, 0, 0, 3, 8, 0, 0, 16, 0, 1, 0};
    private static final List<Integer> h = Arrays.asList(154, 156, 157, 158);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.entrust.identityGuard.mobilesc.sdk.a.h$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] a;

        static {
            int[] iArr = new int[PIVKeyAndCertType.values().length];
            a = iArr;
            try {
                iArr[PIVKeyAndCertType.PIV_AUTH.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                a[PIVKeyAndCertType.DIGITAL_SIGN.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                a[PIVKeyAndCertType.CARD_AUTH.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                a[PIVKeyAndCertType.ENCRYPT.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    static {
        byte[] bArr = {95, -63, 5};
        b = bArr;
        byte[] bArr2 = {95, -63, 10};
        c = bArr2;
        byte[] bArr3 = {95, -63, 11};
        d = bArr3;
        byte[] bArr4 = {95, -63, 1};
        e = bArr4;
        byte[] bArr5 = {95, -63, 8};
        f = bArr5;
        g = Arrays.asList(bArr, bArr2, bArr3, bArr4, bArr5);
    }

    public h(Context context, String str) {
        this.m_context = context;
        this.stateFilename = str;
        com.entrust.identityGuard.mobilesc.sdk.d b2 = com.entrust.identityGuard.mobilesc.sdk.d.b();
        if (!b2.a()) {
            PRNGFixes.a();
            b2.a(true);
        }
        this.secureRandom = new SecureRandom();
        this.keyManager = new e();
        this.dataManager = new c();
        v();
    }

    public h(JSONObject jSONObject) {
        com.entrust.identityGuard.mobilesc.sdk.d b2 = com.entrust.identityGuard.mobilesc.sdk.d.b();
        if (!b2.a()) {
            PRNGFixes.a();
            b2.a(true);
        }
        this.secureRandom = new SecureRandom();
        this.keyManager = new e();
        this.dataManager = new c();
        h(jSONObject);
    }

    private SmartCredentialActivationStatus a(JSONObject jSONObject, boolean z) {
        try {
            JSONArray b2 = b(jSONObject);
            if (b2 == null) {
                return SmartCredentialActivationStatus.UNKNOWN;
            }
            for (int i = 0; i < b2.length(); i++) {
                JSONObject jSONObject2 = b2.getJSONObject(i);
                if (jSONObject2.has("keyType")) {
                    if (jSONObject2.getInt("keyType") == 1 && jSONObject2.getInt("containerState") == 3) {
                        return SmartCredentialActivationStatus.ACTIVATED;
                    }
                } else if (jSONObject2.getInt("t") == 1 && jSONObject2.getInt("s") == 3) {
                    return SmartCredentialActivationStatus.ACTIVATED;
                }
            }
            return z ? SmartCredentialActivationStatus.ACTIVATED : SmartCredentialActivationStatus.PARTIALLY_ACTIVATED;
        } catch (JSONException e2) {
            com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "JSON error retrieving activation status: ", e2);
            return SmartCredentialActivationStatus.UNKNOWN;
        }
    }

    private JSONObject a(JSONObject jSONObject) {
        if (!jSONObject.has("appletStates")) {
            return null;
        }
        JSONArray jSONArray = jSONObject.getJSONArray("appletStates");
        for (int i = 0; i < jSONArray.length(); i++) {
            JSONObject jSONObject2 = jSONArray.getJSONObject(i);
            if (Arrays.equals(g.b(jSONObject2.getJSONArray("aid").toString()), a)) {
                return jSONObject2;
            }
        }
        return null;
    }

    private byte[] a(JSONObject jSONObject, int i) {
        if (jSONObject == null) {
            return null;
        }
        try {
            if (!jSONObject.has("dataContainerManager")) {
                return null;
            }
            JSONObject jSONObject2 = jSONObject.getJSONObject("dataContainerManager");
            if (!jSONObject2.has("containers")) {
                return null;
            }
            JSONArray jSONArray = jSONObject2.getJSONArray("containers");
            for (int i2 = 0; i2 < jSONArray.length(); i2++) {
                JSONObject jSONObject3 = jSONArray.getJSONObject(i2);
                if (Arrays.equals(g.b(jSONObject3.getJSONArray("t")), g.get(i))) {
                    return c(this.dataManager.a(jSONObject3.getString("h")));
                }
            }
            return null;
        } catch (JSONException e2) {
            com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "JSON error retrieving certificate: ", e2);
            return null;
        }
    }

    private JSONArray b(JSONObject jSONObject) {
        if (jSONObject == null) {
            return null;
        }
        try {
            JSONObject jSONObject2 = jSONObject.has("keyContainerManager") ? jSONObject.getJSONObject("keyContainerManager") : null;
            if (jSONObject2 != null && jSONObject2.has("containers")) {
                return jSONObject2.getJSONArray("containers");
            }
        } catch (JSONException e2) {
            com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "JSON error getting key manager containers: ", e2);
        }
        return null;
    }

    private PinRulesValue c(int i) {
        return i == 0 ? PinRulesValue.NOT_ALLOWED : i == 1 ? PinRulesValue.ALLOWED : PinRulesValue.REQUIRED;
    }

    private boolean c(JSONObject jSONObject) {
        try {
            JSONArray b2 = b(jSONObject);
            if (b2 == null) {
                return false;
            }
            for (int i = 0; i < b2.length(); i++) {
                JSONObject jSONObject2 = b2.getJSONObject(i);
                if (jSONObject2.getInt("r") == 0 && jSONObject2.getInt("s") == 3) {
                    return true;
                }
            }
            return false;
        } catch (JSONException e2) {
            com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "JSON error retrieving unblock supported status: ", e2);
            return false;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:26:0x0061, code lost:
    
        if (r6.booleanValue() == false) goto L42;
     */
    /* JADX WARN: Code restructure failed: missing block: B:28:0x0067, code lost:
    
        return com.entrust.identityGuard.mobilesc.sdk.a.g.b(r2);
     */
    /* JADX WARN: Code restructure failed: missing block: B:31:?, code lost:
    
        return r2;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private byte[] c(byte[] r6) {
        /*
            r5 = this;
            r0 = 0
            if (r6 == 0) goto L68
            int r1 = r6.length
            if (r1 != 0) goto L7
            goto L68
        L7:
            com.entrust.identityGuard.mobilesc.sdk.a.a r1 = new com.entrust.identityGuard.mobilesc.sdk.a.a     // Catch: java.lang.Exception -> L68
            r1.<init>(r6)     // Catch: java.lang.Exception -> L68
            r6 = r0
            r2 = r6
        Le:
            int r3 = r1.a()     // Catch: java.lang.Exception -> L68
            r4 = 112(0x70, float:1.57E-43)
            if (r3 != r4) goto L1a
            byte[] r2 = r1.b()     // Catch: java.lang.Exception -> L68
        L1a:
            int r3 = r1.a()     // Catch: java.lang.Exception -> L68
            r4 = 113(0x71, float:1.58E-43)
            if (r3 != r4) goto L3e
            byte[] r3 = r1.b()     // Catch: java.lang.Exception -> L68
            if (r3 == 0) goto L3e
            byte[] r3 = r1.b()     // Catch: java.lang.Exception -> L68
            int r3 = r3.length     // Catch: java.lang.Exception -> L68
            r4 = 1
            if (r3 != r4) goto L3e
            byte[] r6 = r1.b()     // Catch: java.lang.Exception -> L68
            r3 = 0
            r6 = r6[r3]     // Catch: java.lang.Exception -> L68
            if (r6 != r4) goto L3c
            java.lang.Boolean r6 = java.lang.Boolean.TRUE     // Catch: java.lang.Exception -> L68
            goto L3e
        L3c:
            java.lang.Boolean r6 = java.lang.Boolean.FALSE     // Catch: java.lang.Exception -> L68
        L3e:
            if (r2 == 0) goto L43
            if (r6 == 0) goto L43
            goto L5b
        L43:
            byte[] r3 = r1.c()     // Catch: java.lang.Exception -> L68
            if (r3 == 0) goto L5b
            byte[] r3 = r1.c()     // Catch: java.lang.Exception -> L68
            int r3 = r3.length     // Catch: java.lang.Exception -> L68
            if (r3 <= 0) goto L5b
            com.entrust.identityGuard.mobilesc.sdk.a.a r3 = new com.entrust.identityGuard.mobilesc.sdk.a.a     // Catch: java.lang.Exception -> L68
            byte[] r1 = r1.c()     // Catch: java.lang.Exception -> L68
            r3.<init>(r1)     // Catch: java.lang.Exception -> L68
            r1 = r3
            goto Le
        L5b:
            if (r6 == 0) goto L67
            boolean r6 = r6.booleanValue()     // Catch: java.lang.Exception -> L68
            if (r6 == 0) goto L67
            byte[] r2 = com.entrust.identityGuard.mobilesc.sdk.a.g.b(r2)     // Catch: java.lang.Exception -> L68
        L67:
            return r2
        L68:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.entrust.identityGuard.mobilesc.sdk.a.h.c(byte[]):byte[]");
    }

    private int d(JSONObject jSONObject) {
        JSONObject jSONObject2;
        if (jSONObject == null) {
            return -1;
        }
        try {
            JSONObject jSONObject3 = jSONObject.has("pinManager") ? jSONObject.getJSONObject("pinManager") : null;
            if (jSONObject3 == null || (jSONObject2 = jSONObject3.getJSONObject("applicationPIN")) == null) {
                return -1;
            }
            return jSONObject2.getInt("retries");
        } catch (JSONException e2) {
            com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "JSON error retrieving pin attempts remaining: ", e2);
            return -1;
        }
    }

    private byte[] d(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return null;
        }
        try {
            if ((new a(bArr).a() & 255) != 188) {
                return null;
            }
            com.entrust.identityGuard.mobilesc.sdk.b.a.c("VirtualSmartCard", "Found Facial Image in Smart Credential");
            return e(bArr);
        } catch (Exception unused) {
            return null;
        }
    }

    private SmartCredentialPinRules e(JSONObject jSONObject) {
        JSONObject jSONObject2;
        if (jSONObject == null) {
            return null;
        }
        try {
            JSONObject jSONObject3 = jSONObject.has("pinManager") ? jSONObject.getJSONObject("pinManager") : null;
            if (jSONObject3 == null || (jSONObject2 = jSONObject3.getJSONObject("applicationPINPolicy")) == null) {
                return null;
            }
            SmartCredentialPinRules smartCredentialPinRules = new SmartCredentialPinRules();
            smartCredentialPinRules.setDigitPolicy(c(jSONObject2.getInt("dp")));
            smartCredentialPinRules.setIsPinUpdateAllowed(jSONObject2.getBoolean("pu"));
            smartCredentialPinRules.setLowercasePolicy(c(jSONObject2.getInt("lap")));
            smartCredentialPinRules.setMinimumLength(jSONObject2.getInt("ml"));
            smartCredentialPinRules.setSpecialCharactersPolicy(c(jSONObject2.getInt("scp")));
            smartCredentialPinRules.setUppercasePolicy(c(jSONObject2.getInt("uap")));
            return smartCredentialPinRules;
        } catch (JSONException e2) {
            com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "JSON error retrieving pin rules: ", e2);
            return null;
        }
    }

    private byte[] e(byte[] bArr) {
        String bytesToHexString = IntegralToString.bytesToHexString(bArr, true);
        int indexOf = bytesToHexString.indexOf("FFD8");
        if (indexOf == -1) {
            return null;
        }
        return IntegralToString.hexStringToByteArray(bytesToHexString.substring(indexOf, bytesToHexString.length() - 4));
    }

    private Date f(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return null;
        }
        try {
            return ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr))).getNotAfter();
        } catch (CertificateException e2) {
            com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "Error retrieving certificate expiry date.", e2);
            return null;
        }
    }

    private void f(JSONObject jSONObject) {
        if (jSONObject != null) {
            try {
                if (jSONObject.has("dataContainerManager")) {
                    JSONObject jSONObject2 = jSONObject.getJSONObject("dataContainerManager");
                    if (jSONObject2.has("containers")) {
                        JSONArray jSONArray = jSONObject2.getJSONArray("containers");
                        for (int i = 0; i < jSONArray.length(); i++) {
                            JSONObject jSONObject3 = jSONArray.getJSONObject(i);
                            byte[] b2 = g.b(jSONObject3.getJSONArray("t"));
                            List<byte[]> list = g;
                            if (Arrays.equals(b2, list.get(0))) {
                                byte[] c2 = c(this.dataManager.a(jSONObject3.getString("h")));
                                this.cachedPIVAuthCertificate = c2;
                                this.certList.add(c2);
                            }
                            if (Arrays.equals(b2, list.get(1))) {
                                byte[] c3 = c(this.dataManager.a(jSONObject3.getString("h")));
                                this.cachedDigSignCertificate = c3;
                                this.certList.add(c3);
                            }
                            if (Arrays.equals(b2, list.get(2))) {
                                byte[] c4 = c(this.dataManager.a(jSONObject3.getString("h")));
                                this.cachedEncryptionCertificate = c4;
                                this.certList.add(c4);
                            }
                            if (Arrays.equals(b2, list.get(3))) {
                                byte[] c5 = c(this.dataManager.a(jSONObject3.getString("h")));
                                this.cachedCardAuthCertificate = c5;
                                this.certList.add(c5);
                            }
                            if (Arrays.equals(b2, list.get(4))) {
                                this.cachedCardHolderFacialImage = d(this.dataManager.a(jSONObject3.getString("h")));
                            }
                        }
                    }
                }
            } catch (JSONException e2) {
                com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "JSON error retrieving certificate: ", e2);
            }
        }
    }

    private boolean g(JSONObject jSONObject) {
        if (jSONObject != null) {
            try {
                if (jSONObject.has("fips")) {
                    return jSONObject.getBoolean("fips");
                }
            } catch (Exception e2) {
                com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "JSON error reading FIPS mode required: ", e2);
            }
        }
        return false;
    }

    private void h(JSONObject jSONObject) {
        if (jSONObject != null) {
            com.entrust.identityGuard.mobilesc.sdk.b.a.c("VirtualSmartCard", "Loading existing smart credential state.");
            i(jSONObject.optJSONObject("native"));
            JSONObject optJSONObject = jSONObject.optJSONObject("javascript");
            if (optJSONObject != null) {
                if (optJSONObject.has("cplcData")) {
                    this.jsState = optJSONObject.toString();
                } else {
                    try {
                        optJSONObject.put("cplcData", new JSONArray(g.c(w())));
                        b(optJSONObject.toString());
                    } catch (JSONException e2) {
                        com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "Unable to set CPLC data for pre-existing Virtual Smart Card: " + e2.toString());
                    }
                }
            }
        }
        String str = this.jsState;
        if (str == null || str.length() == 0) {
            JSONObject jSONObject2 = new JSONObject();
            try {
                jSONObject2.put("cplcData", new JSONArray(g.c(w())));
                b(jSONObject2.toString());
            } catch (JSONException e3) {
                com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "Unable to create a new Virtual Smart Card with CPLC data: " + e3.toString());
            }
        }
    }

    private void i(JSONObject jSONObject) {
        if (jSONObject == null) {
            return;
        }
        JSONObject optJSONObject = jSONObject.optJSONObject("keyManager");
        if (optJSONObject != null) {
            this.keyManager.a(optJSONObject);
        }
        JSONObject optJSONObject2 = jSONObject.optJSONObject("dataManager");
        if (optJSONObject2 != null) {
            this.dataManager.a(optJSONObject2);
        }
    }

    private void t() {
        JSONObject jSONObject;
        JSONObject jSONObject2;
        synchronized (this) {
            if (this.cacheValid) {
                return;
            }
            this.cachedPinRules = null;
            boolean z = false;
            this.cachedPinAttemptsRemaining = 0;
            this.cachedIsUnblockSupported = false;
            this.cachedActivationStatus = SmartCredentialActivationStatus.UNKNOWN;
            this.cachedPIVAuthCertificate = null;
            this.cachedPIVAuthCertificateExpiryDate = null;
            this.cachedDigSignCertificate = null;
            this.cachedDigSignCertificateExpiryDate = null;
            this.cachedEncryptionCertificate = null;
            this.cachedEncryptionCertificateExpiryDate = null;
            this.cachedCardAuthCertificate = null;
            this.cachedCardHolderFacialImage = null;
            this.cachedCardAuthCertificateExpiryDate = null;
            this.certList = new ArrayList();
            this.certExpiryDates = new ArrayList();
            this.cachedFipsModeRequired = false;
            try {
                jSONObject = new JSONObject(n());
                jSONObject2 = jSONObject.has("secureChannelState") ? jSONObject.getJSONObject("secureChannelState") : null;
            } catch (JSONException unused) {
            }
            if (jSONObject2 == null) {
                this.cachedActivationStatus = SmartCredentialActivationStatus.NOT_ACTIVATED;
                return;
            }
            if (!jSONObject2.has("keyVersion") || jSONObject2.getInt("keyVersion") != 3) {
                z = true;
            }
            JSONObject a2 = a(jSONObject);
            if (a2 == null) {
                this.cachedActivationStatus = z ? SmartCredentialActivationStatus.NOT_ACTIVATED : SmartCredentialActivationStatus.PARTIALLY_ACTIVATED;
                return;
            }
            this.cachedActivationStatus = a(a2, z);
            this.cachedIsUnblockSupported = c(a2);
            this.cachedPinAttemptsRemaining = d(a2);
            this.cachedPinRules = e(a2);
            f(a2);
            this.cachedFipsModeRequired = g(a2);
            u();
            this.cacheValid = true;
        }
    }

    private void u() {
        if (this.certList.isEmpty()) {
            return;
        }
        Date f2 = f(this.cachedPIVAuthCertificate);
        this.cachedPIVAuthCertificateExpiryDate = f2;
        this.certExpiryDates.add(f2);
        Date f3 = f(this.cachedDigSignCertificate);
        this.cachedDigSignCertificateExpiryDate = f3;
        this.certExpiryDates.add(f3);
        Date f4 = f(this.cachedEncryptionCertificate);
        this.cachedEncryptionCertificateExpiryDate = f4;
        this.certExpiryDates.add(f4);
        Date f5 = f(this.cachedCardAuthCertificate);
        this.cachedCardAuthCertificateExpiryDate = f5;
        this.certExpiryDates.add(f5);
    }

    private void v() {
        SecretKey secretKey;
        JSONObject jSONObject = null;
        try {
            com.entrust.identityGuard.mobilesc.sdk.crypto.android.b.a(this.m_context);
            secretKey = com.entrust.identityGuard.mobilesc.sdk.crypto.android.b.a().b();
        } catch (Exception e2) {
            com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "VirtualSmartCard key management failure: " + e2.getMessage());
            secretKey = null;
        }
        if (secretKey != null) {
            try {
                jSONObject = com.entrust.identityGuard.mobilesc.sdk.crypto.android.c.b(this.m_context, this.stateFilename, secretKey);
            } catch (FileNotFoundException unused) {
                com.entrust.identityGuard.mobilesc.sdk.b.a.c("VirtualSmartCard", "Virtual Smart Card data file not found. Creating a new one.");
            } catch (Exception e3) {
                com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "Problem reading Virtual Smart Card data file: " + e3.getMessage() + " gonna retry with re-encryption");
                com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "ReEncryption success:" + com.entrust.identityGuard.mobilesc.sdk.crypto.android.c.a(this.m_context, this.stateFilename, secretKey, true) + " for file:" + this.stateFilename);
                try {
                    jSONObject = com.entrust.identityGuard.mobilesc.sdk.crypto.android.c.b(this.m_context, this.stateFilename, secretKey);
                } catch (Exception e4) {
                    e4.printStackTrace();
                    com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "Problem reading Virtual Smart Card data file: " + e4.getMessage());
                }
            }
        }
        if (jSONObject != null) {
            i(jSONObject.optJSONObject("native"));
            JSONObject optJSONObject = jSONObject.optJSONObject("javascript");
            if (optJSONObject != null) {
                if (optJSONObject.has("cplcData")) {
                    this.jsState = optJSONObject.toString();
                } else {
                    try {
                        optJSONObject.put("cplcData", new JSONArray(g.c(w())));
                        b(optJSONObject.toString());
                    } catch (JSONException e5) {
                        com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "Unable to set CPLC data for pre-existing Virtual Smart Card: " + e5.toString());
                    }
                }
            }
        }
        String str = this.jsState;
        if (str == null || str.length() == 0) {
            JSONObject jSONObject2 = new JSONObject();
            try {
                jSONObject2.put("cplcData", new JSONArray(g.c(w())));
                b(jSONObject2.toString());
            } catch (JSONException e6) {
                com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "Unable to create a new Virtual Smart Card with CPLC data: " + e6.toString());
            }
        }
    }

    private byte[] w() {
        int i;
        com.entrust.identityGuard.mobilesc.sdk.b.a.c("VirtualSmartCard", "Generating new CPLC data.");
        byte[] bArr = new byte[42];
        bArr[0] = -1;
        bArr[1] = 1;
        a(bArr, 2, 2);
        while (true) {
            a(bArr, 10, 2);
            byte b2 = (byte) (bArr[10] & 243);
            bArr[10] = b2;
            if (((b2 & CtapException.ERR_VENDOR_FIRST) >> 4) < 10) {
                byte b3 = bArr[11];
                int i2 = (b3 & CtapException.ERR_VENDOR_FIRST) >> 4;
                int i3 = b3 & 15;
                if (i2 < 10 && i3 < 10 && (i = ((b2 & 15) * 100) + (i2 * 10) + i3) >= 1 && i <= 365) {
                    a(bArr, 12, 6);
                    return bArr;
                }
            }
        }
    }

    private List<byte[]> x() {
        JSONObject a2;
        ArrayList arrayList = new ArrayList();
        try {
            a2 = a(new JSONObject(n()));
        } catch (JSONException e2) {
            Log.e(SmartCredentialSDK.APP_NAME, "JSON error retrieving certificate: ", e2);
        }
        if (a2 != null && a2.has("dataContainerManager")) {
            JSONObject jSONObject = a2.getJSONObject("dataContainerManager");
            if (jSONObject.has("containers")) {
                JSONArray jSONArray = jSONObject.getJSONArray("containers");
                List<byte[]> r = r();
                if (!r.isEmpty()) {
                    for (int i = 0; i < jSONArray.length(); i++) {
                        JSONObject jSONObject2 = jSONArray.getJSONObject(i);
                        byte[] b2 = g.b(jSONObject2.getJSONArray("t"));
                        Iterator<byte[]> it = r.iterator();
                        while (it.hasNext()) {
                            if (Arrays.equals(b2, it.next())) {
                                byte[] c2 = c(this.dataManager.a(jSONObject2.getString("h")));
                                if (c2 != null) {
                                    arrayList.add(c2);
                                }
                            }
                        }
                    }
                }
            }
            return arrayList;
        }
        return null;
    }

    public SmartCredentialActivationStatus a() {
        SmartCredentialActivationStatus smartCredentialActivationStatus;
        synchronized (this) {
            t();
            smartCredentialActivationStatus = this.cachedActivationStatus;
        }
        return smartCredentialActivationStatus;
    }

    public String a(String str) {
        return "{\"native\":{\"keyManager\":" + this.keyManager.a() + SchemaConstants.SEPARATOR_COMMA + "\"dataManager\":" + this.dataManager.a() + "}" + SchemaConstants.SEPARATOR_COMMA + "\"javascript\":" + str + "}";
    }

    public String a(String str, int i, JSONArray jSONArray) {
        return this.keyManager.a(str, i, jSONArray);
    }

    public String a(String str, int i, byte[] bArr) {
        return this.keyManager.a(str, i, bArr);
    }

    public String a(byte[] bArr) {
        return this.keyManager.a(bArr);
    }

    public Map<PIVKeyAndCertType, Map<List<byte[]>, List<byte[]>>> a(List<PIVKeyAndCertType> list) {
        List<byte[]> x;
        List<byte[]> s;
        HashMap hashMap = new HashMap();
        for (PIVKeyAndCertType pIVKeyAndCertType : list) {
            HashMap hashMap2 = new HashMap();
            if (pIVKeyAndCertType.equals(PIVKeyAndCertType.RETIRED_CERTS)) {
                x = x();
                if (x.isEmpty()) {
                    Log.i(SmartCredentialSDK.APP_NAME, "Retired Certs Not Found");
                } else {
                    s = s();
                    if (s.isEmpty() || s.size() != x.size()) {
                        Log.e(SmartCredentialSDK.APP_NAME, "The number of retired certs and keys does not match");
                    } else {
                        hashMap2.put(x, s);
                        hashMap.put(pIVKeyAndCertType, hashMap2);
                    }
                }
            } else {
                byte[] a2 = a(pIVKeyAndCertType.getTypeCode());
                PrivateKey b2 = b(pIVKeyAndCertType.getTypeCode());
                if (a2 != null && b2 != null) {
                    byte[] encoded = b2.getEncoded();
                    x = Arrays.asList(a2);
                    s = Arrays.asList(encoded);
                    hashMap2.put(x, s);
                    hashMap.put(pIVKeyAndCertType, hashMap2);
                }
            }
        }
        return hashMap;
    }

    public void a(byte[] bArr, int i, int i2) {
        byte[] bArr2 = new byte[i2];
        this.secureRandom.nextBytes(bArr2);
        System.arraycopy(bArr2, 0, bArr, i, i2);
    }

    public byte[] a(int i) {
        try {
            JSONObject a2 = a(new JSONObject(n()));
            if (a2 == null) {
                return null;
            }
            return a(a2, i);
        } catch (JSONException unused) {
            return null;
        }
    }

    public byte[] a(PIVKeyAndCertType pIVKeyAndCertType) {
        t();
        int i = AnonymousClass1.a[pIVKeyAndCertType.ordinal()];
        if (i == 1) {
            return this.cachedPIVAuthCertificate;
        }
        if (i == 2) {
            return this.cachedDigSignCertificate;
        }
        if (i == 3) {
            return this.cachedCardAuthCertificate;
        }
        if (i != 4) {
            return null;
        }
        return this.cachedEncryptionCertificate;
    }

    public byte[] a(String str, String str2, byte[] bArr) {
        com.entrust.identityGuard.mobilesc.sdk.b.a.c("VirtualSmartCard", "VirtualSmartCard.decryptData()");
        return this.keyManager.b(str, str2, bArr);
    }

    public byte[] a(String str, String str2, byte[] bArr, byte[] bArr2) {
        com.entrust.identityGuard.mobilesc.sdk.b.a.c("VirtualSmartCard", "VirtualSmartCard.cmacData()");
        return this.keyManager.a(str, str2, bArr, bArr2);
    }

    public byte[] a(String str, byte[] bArr) {
        com.entrust.identityGuard.mobilesc.sdk.b.a.c("VirtualSmartCard", "VirtualSmartCard.mac3Ot3TDES()");
        return this.keyManager.a(str, bArr);
    }

    public byte[] a(String str, byte[] bArr, byte[] bArr2) {
        com.entrust.identityGuard.mobilesc.sdk.b.a.c("VirtualSmartCard", "VirtualSmartCard.mac3Ot3DESRetail()");
        return this.keyManager.a(str, bArr, bArr2);
    }

    public String b(byte[] bArr) {
        com.entrust.identityGuard.mobilesc.sdk.b.a.c("VirtualSmartCard", "VirtualSmartCard.putData()");
        return this.dataManager.a(bArr);
    }

    public PrivateKey b(int i) {
        try {
            int intValue = h.get(i).intValue();
            JSONArray b2 = b(a(new JSONObject(n())));
            for (int i2 = 0; i2 < b2.length(); i2++) {
                JSONObject jSONObject = b2.getJSONObject(i2);
                if (jSONObject.getInt("r") == intValue) {
                    return this.keyManager.a(jSONObject.optString("h", ""));
                }
            }
            return null;
        } catch (JSONException unused) {
            return null;
        }
    }

    public HashMap<String, String> b(PIVKeyAndCertType pIVKeyAndCertType) {
        String str;
        HashMap<String, String> hashMap = new HashMap<>();
        int i = AnonymousClass1.a[pIVKeyAndCertType.ordinal()];
        if (i == 1) {
            hashMap.put("keyReference", "0x9a");
            str = "[0x5f, 0xc1, 0x05]";
        } else if (i == 2) {
            hashMap.put("keyReference", "0x9c");
            str = "[0x5f, 0xc1, 0x0A]";
        } else if (i == 3) {
            hashMap.put("keyReference", "0x9e");
            str = "[0x5f, 0xc1, 0x01]";
        } else {
            if (i != 4) {
                return null;
            }
            hashMap.put("keyReference", "0x9d");
            str = "[0x5f, 0xc1, 0x0B]";
        }
        hashMap.put("dataTag", str);
        return hashMap;
    }

    public void b(String str) {
        synchronized (this) {
            if (str != null) {
                this.jsState = str;
                String a2 = a(str);
                if (a2 != null) {
                    try {
                        com.entrust.identityGuard.mobilesc.sdk.crypto.android.b.a(this.m_context);
                        com.entrust.identityGuard.mobilesc.sdk.crypto.android.c.b(this.m_context, this.stateFilename, com.entrust.identityGuard.mobilesc.sdk.crypto.android.b.a().b(), a2);
                        this.cacheValid = false;
                    } catch (Exception e2) {
                        com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "VirtualSmartCard key management failure on saveState: " + e2.getMessage());
                    }
                }
            }
        }
    }

    public byte[] b() {
        t();
        return this.cachedPIVAuthCertificate;
    }

    public byte[] b(String str, String str2, byte[] bArr) {
        com.entrust.identityGuard.mobilesc.sdk.b.a.c("VirtualSmartCard", "VirtualSmartCard.encryptData()");
        return this.keyManager.a(str, str2, bArr);
    }

    public byte[] b(String str, String str2, byte[] bArr, byte[] bArr2) {
        com.entrust.identityGuard.mobilesc.sdk.b.a.c("VirtualSmartCard", "VirtualSmartCard.hmacData()");
        return this.keyManager.b(str, str2, bArr, bArr2);
    }

    public Date c() {
        t();
        return this.cachedPIVAuthCertificateExpiryDate;
    }

    public boolean c(String str) {
        return this.keyManager.d(str);
    }

    public byte[] c(String str, String str2, byte[] bArr, byte[] bArr2) {
        com.entrust.identityGuard.mobilesc.sdk.b.a.c("VirtualSmartCard", "VirtualSmartCard.decryptDataIv()");
        return this.keyManager.d(str, str2, bArr, bArr2);
    }

    public Date d() {
        t();
        return this.cachedDigSignCertificateExpiryDate;
    }

    public boolean d(String str) {
        return this.keyManager.e(str);
    }

    public byte[] d(String str, String str2, byte[] bArr, byte[] bArr2) {
        com.entrust.identityGuard.mobilesc.sdk.b.a.c("VirtualSmartCard", "VirtualSmartCard.encryptDataIv()");
        return this.keyManager.c(str, str2, bArr, bArr2);
    }

    public PublicKey e(String str) {
        return this.keyManager.b(str);
    }

    public Date e() {
        t();
        return this.cachedEncryptionCertificateExpiryDate;
    }

    public Date f() {
        t();
        return this.cachedCardAuthCertificateExpiryDate;
    }

    public byte[] f(String str) {
        com.entrust.identityGuard.mobilesc.sdk.b.a.c("VirtualSmartCard", "VirtualSmartCard.getData()");
        return this.dataManager.a(str);
    }

    public boolean g() {
        boolean z;
        synchronized (this) {
            t();
            z = this.cachedIsUnblockSupported;
        }
        return z;
    }

    public boolean g(String str) {
        com.entrust.identityGuard.mobilesc.sdk.b.a.c("VirtualSmartCard", "VirtualSmartCard.removeData()");
        return this.dataManager.b(str);
    }

    public SmartCredentialPinRules h() {
        t();
        return this.cachedPinRules;
    }

    public boolean i() {
        boolean z;
        synchronized (this) {
            t();
            z = this.cachedFipsModeRequired;
        }
        return z;
    }

    public String j() {
        JSONArray optJSONArray;
        JSONObject jSONObject;
        JSONObject jSONObject2;
        JSONArray jSONArray;
        synchronized (this) {
            try {
                optJSONArray = new JSONObject(n()).optJSONArray("appletStates");
            } catch (JSONException e2) {
                com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "JSON Error trying to retrieve the application PIN.", e2);
            }
            if (optJSONArray == null) {
                return null;
            }
            for (int i = 0; i < optJSONArray.length(); i++) {
                JSONObject jSONObject3 = optJSONArray.getJSONObject(i);
                if (Arrays.equals(g.b(jSONObject3.getJSONArray("aid").toString()), a) && (jSONObject = jSONObject3.getJSONObject("pinManager")) != null && (jSONObject2 = jSONObject.getJSONObject("applicationPIN")) != null && (jSONArray = jSONObject2.getJSONArray("pin")) != null) {
                    byte[] b2 = g.b(jSONArray.toString());
                    int i2 = 0;
                    for (int i3 = 0; i3 < b2.length && b2[i3] != -1; i3++) {
                        i2++;
                    }
                    return new String(b2, 0, i2);
                }
            }
            com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "getApplicationPin() was called on an invalid card.");
            return null;
        }
    }

    public int k() {
        int i;
        synchronized (this) {
            t();
            i = this.cachedPinAttemptsRemaining;
        }
        return i;
    }

    public byte[] l() {
        byte[] b2;
        synchronized (this) {
            try {
                b2 = g.b(new JSONObject(n()).getJSONArray("cplcData").toString());
            } catch (JSONException e2) {
                com.entrust.identityGuard.mobilesc.sdk.b.a.a("VirtualSmartCard", "JSON error retrieving CPLC data: " + e2.getMessage());
                return null;
            }
        }
        return b2;
    }

    public String m() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("{");
        stringBuffer.append("\"");
        stringBuffer.append("native");
        stringBuffer.append("\"");
        stringBuffer.append(":");
        stringBuffer.append("{");
        stringBuffer.append("\"");
        stringBuffer.append("keyManager");
        stringBuffer.append("\"");
        stringBuffer.append(":");
        stringBuffer.append(this.keyManager.a());
        stringBuffer.append(SchemaConstants.SEPARATOR_COMMA);
        stringBuffer.append("\"");
        stringBuffer.append("dataManager");
        stringBuffer.append("\"");
        stringBuffer.append(":");
        stringBuffer.append(this.dataManager.a());
        stringBuffer.append("}");
        stringBuffer.append(SchemaConstants.SEPARATOR_COMMA);
        stringBuffer.append("\"");
        stringBuffer.append("javascript");
        stringBuffer.append("\"");
        stringBuffer.append(":");
        stringBuffer.append(this.jsState);
        stringBuffer.append("}");
        return stringBuffer.toString();
    }

    public String n() {
        return this.jsState;
    }

    public Date o() {
        t();
        List<Date> list = this.certExpiryDates;
        if (list != null) {
            list.removeAll(Collections.singleton(null));
            if (!this.certExpiryDates.isEmpty()) {
                return (Date) Collections.min(this.certExpiryDates);
            }
        }
        return null;
    }

    public byte[] p() {
        return this.cachedCardHolderFacialImage;
    }

    public Map<String, Date> q() {
        t();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("PIV Authentication", c());
        linkedHashMap.put("Digital Signature", d());
        linkedHashMap.put("Key Management", e());
        linkedHashMap.put("Card Authentication", f());
        return linkedHashMap;
    }

    public List<byte[]> r() {
        ArrayList arrayList = new ArrayList();
        for (int i = 13; i <= 32; i++) {
            arrayList.add(new byte[]{95, -63, (byte) i});
        }
        return arrayList;
    }

    public List<byte[]> s() {
        ArrayList arrayList = new ArrayList();
        try {
            JSONArray b2 = b(a(new JSONObject(n())));
            if (b2 != null) {
                for (int i = 0; i < b2.length(); i++) {
                    JSONObject jSONObject = b2.getJSONObject(i);
                    int i2 = jSONObject.getInt("r");
                    for (int i3 = 130; i3 <= 149; i3++) {
                        if (i2 == i3) {
                            String optString = jSONObject.optString("h", "");
                            if (this.keyManager.a(optString) != null) {
                                arrayList.add(this.keyManager.a(optString).getEncoded());
                            }
                        }
                    }
                }
            }
        } catch (JSONException unused) {
        }
        return arrayList;
    }
}
