package com.google.android.libraries.access.security;

import android.content.Context;
import android.text.TextUtils;
import android.util.Base64;
import com.google.android.libraries.access.apconnection.ApConnector;
import com.google.android.libraries.access.common.logwrapper.Logger;
import com.google.android.libraries.access.httputils.FetchHttpUrl;
import com.google.android.libraries.access.httputils.FetchJetstreamUrl;
import com.google.android.libraries.access.security.Pcr0Value;
import com.google.android.libraries.access.security.Pcr1Value;
import com.google.android.libraries.access.security.tss.TpmPubkey;
import com.google.api.client.http.HttpStatusCodes;
import defpackage.ot;
import defpackage.xw;
import defpackage.xx;
import defpackage.xy;
import defpackage.xz;
import defpackage.ya;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.json.JSONObject;

/* compiled from: PG */
/* loaded from: classes.dex */
public class LocalIdentityHelper {
    public static final int AI_OFFSET = 200;
    public static final int ASN1_OFFSET = 24;
    public static final int EI_OFFSET = 100;
    public static final int MIN_AI_RESPONSE_LENGTH = 1100;
    public static final int MIN_EI_RESPONSE_LENGTH = 1500;
    public static final int MIN_PI_RESPONSE_LENGTH = 16;
    public static final int NONCE_BASE_LENGTH = 32;
    public static final int NONCE_BIT_LENGTH = 128;
    public static final int PI_OFFSET = 300;
    public static final int TPM_STATUS_LENGTH = 2;
    public static ot<Integer, Reason> statusErrorMap;
    public final ApConnector apConnector;
    public FetchHttpUrl.ResponseHandler callback;
    public CertificateProvider certProvider;
    public FetchJetstreamUrl fetchJetstreamUrl;
    public IdentityState identityState;
    public String setupCode;
    public Reason stateReason;
    public static final List<String> SUPPORTED_HARDWARE = Arrays.asList("WHIRLWIND", "Storm", "ARKHAM");
    public static ya endorsementInfo = null;
    public static xz attestationInfo = null;
    public static xw identityInfo = null;
    public static String nonce = null;
    public static boolean identityVerified = false;
    public String cause = null;
    public FetchHttpUrl.ResponseHandler stateCallback = new FetchHttpUrl.ResponseHandler() { // from class: com.google.android.libraries.access.security.LocalIdentityHelper.1
        @Override // com.google.android.libraries.access.httputils.FetchHttpUrl.ResponseHandler
        public void result(JSONObject jSONObject) {
            FetchJetstreamUrl.JetstreamResults jetstreamResults = new FetchJetstreamUrl.JetstreamResults(jSONObject);
            LocalIdentityHelper.this.doState(jetstreamResults.getEncodedResponseBody(), jetstreamResults.getErrorString(), jetstreamResults.getErrorCode());
        }
    };
    public ApConnector.Callback apStateCallback = new ApConnector.Callback() { // from class: com.google.android.libraries.access.security.LocalIdentityHelper.2
        @Override // com.google.android.libraries.access.apconnection.ApConnector.Callback
        public void onLocalApOperationComplete(ApConnector.LocalApResult localApResult) {
            LocalIdentityHelper.this.doState(localApResult.getEncodedResponseBody(), localApResult.getErrorString(), localApResult.getErrorCode());
        }
    };
    public SecureRandom random = new SecureRandom();

    /* compiled from: PG */
    /* renamed from: com.google.android.libraries.access.security.LocalIdentityHelper$3, reason: invalid class name */
    /* loaded from: classes.dex */
    /* synthetic */ class AnonymousClass3 {
        public static final /* synthetic */ int[] $SwitchMap$com$google$android$libraries$access$security$LocalIdentityHelper$IdentityState = new int[IdentityState.values().length];

        static {
            try {
                $SwitchMap$com$google$android$libraries$access$security$LocalIdentityHelper$IdentityState[IdentityState.START.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$google$android$libraries$access$security$LocalIdentityHelper$IdentityState[IdentityState.REQUEST_ENDORSEMENT_INFO.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$google$android$libraries$access$security$LocalIdentityHelper$IdentityState[IdentityState.PROCESS_ENDORSEMENT_INFO.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$google$android$libraries$access$security$LocalIdentityHelper$IdentityState[IdentityState.CHECK_EI_STATUS.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$google$android$libraries$access$security$LocalIdentityHelper$IdentityState[IdentityState.CHECK_EK_CERT.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$com$google$android$libraries$access$security$LocalIdentityHelper$IdentityState[IdentityState.REQUEST_ATTESTATION_INFO.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$com$google$android$libraries$access$security$LocalIdentityHelper$IdentityState[IdentityState.PROCESS_ATTESTATION_INFO.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$com$google$android$libraries$access$security$LocalIdentityHelper$IdentityState[IdentityState.CHECK_AI_STATUS.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$com$google$android$libraries$access$security$LocalIdentityHelper$IdentityState[IdentityState.CHECK_ATTESTATION.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$com$google$android$libraries$access$security$LocalIdentityHelper$IdentityState[IdentityState.REQUEST_PROVE_IDENTITY.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$com$google$android$libraries$access$security$LocalIdentityHelper$IdentityState[IdentityState.PROCESS_PROVE_IDENTITY.ordinal()] = 11;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$com$google$android$libraries$access$security$LocalIdentityHelper$IdentityState[IdentityState.CHECK_PI_STATUS.ordinal()] = 12;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$com$google$android$libraries$access$security$LocalIdentityHelper$IdentityState[IdentityState.CHECK_IDENTITY.ordinal()] = 13;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$com$google$android$libraries$access$security$LocalIdentityHelper$IdentityState[IdentityState.CHECK_SETUP_CODE.ordinal()] = 14;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$com$google$android$libraries$access$security$LocalIdentityHelper$IdentityState[IdentityState.STOP.ordinal()] = 15;
            } catch (NoSuchFieldError e15) {
            }
        }
    }

    /* compiled from: PG */
    /* loaded from: classes.dex */
    public enum IdentityState {
        START,
        STOP,
        REQUEST_ENDORSEMENT_INFO,
        REQUEST_ATTESTATION_INFO,
        REQUEST_PROVE_IDENTITY,
        PROCESS_ENDORSEMENT_INFO,
        PROCESS_ATTESTATION_INFO,
        PROCESS_PROVE_IDENTITY,
        CHECK_EI_STATUS,
        CHECK_AI_STATUS,
        CHECK_PI_STATUS,
        CHECK_EK_CERT,
        CHECK_SETUP_CODE,
        CHECK_ATTESTATION,
        CHECK_IDENTITY
    }

    /* compiled from: PG */
    /* loaded from: classes.dex */
    public enum Reason {
        OK,
        EI_STATUS_UNEXPECTED_DEVICE_ERROR,
        EI_STATUS_NOT_AVAILABLE,
        EI_STATUS_NOT_READY,
        EI_STATUS_NOT_ALLOWED,
        EI_STATUS_INVALID_PARAMETER,
        EI_STATUS_REQUEST_DENIED_BY_CA,
        EI_STATUS_CA_NOT_AVAILABLE,
        EI_STATUS_UNKNOWN,
        EI_HTTP_BAD_REQUEST,
        EI_HTTP_FORBIDDEN,
        EI_HTTP_NOT_FOUND,
        EI_HTTP_SERVER_ERROR,
        EI_HTTP_OTHER,
        EI_RESPONSE_BODY_EMPTY,
        EI_RESPONSE_BODY_PARSE_FAILED,
        EI_RESPONSE_BODY_TRUNCATED,
        EI_EK_CERT_INVALID,
        EI_SETUP_CODE_NULL,
        EI_SETUP_CODE_EMPTY,
        EI_SETUP_CODE_INVALID,
        AI_STATUS_UNEXPECTED_DEVICE_ERROR,
        AI_STATUS_NOT_AVAILABLE,
        AI_STATUS_NOT_READY,
        AI_STATUS_NOT_ALLOWED,
        AI_STATUS_INVALID_PARAMETER,
        AI_STATUS_REQUEST_DENIED_BY_CA,
        AI_STATUS_CA_NOT_AVAILABLE,
        AI_STATUS_UNKNOWN,
        AI_HTTP_BAD_REQUEST,
        AI_HTTP_FORBIDDEN,
        AI_HTTP_NOT_FOUND,
        AI_HTTP_SERVER_ERROR,
        AI_HTTP_OTHER,
        AI_RESPONSE_BODY_EMPTY,
        AI_RESPONSE_BODY_PARSE_FAILED,
        AI_RESPONSE_BODY_TRUNCATED,
        AI_FIRMWARE_UNVERIFIED,
        AI_MODE_DEVELOPER,
        AI_MODE_RECOVERY,
        AI_HARDWARE_UNKNOWN,
        PI_STATUS_UNEXPECTED_DEVICE_ERROR,
        PI_STATUS_NOT_AVAILABLE,
        PI_STATUS_NOT_READY,
        PI_STATUS_NOT_ALLOWED,
        PI_STATUS_INVALID_PARAMETER,
        PI_STATUS_REQUEST_DENIED_BY_CA,
        PI_STATUS_CA_NOT_AVAILABLE,
        PI_STATUS_UNKNOWN,
        PI_ENCRYPT_FAILED,
        PI_HTTP_BAD_REQUEST,
        PI_HTTP_FORBIDDEN,
        PI_HTTP_NOT_FOUND,
        PI_HTTP_SERVER_ERROR,
        PI_HTTP_OTHER,
        PI_RESPONSE_BODY_EMPTY,
        PI_RESPONSE_BODY_PARSE_FAILED,
        PI_RESPONSE_BODY_TRUNCATED,
        PI_DECRYPT_FAILED
    }

    public LocalIdentityHelper(Context context, ApConnector apConnector) {
        this.apConnector = apConnector;
        this.certProvider = new CertificateProvider(context);
        ot<Integer, Reason> otVar = new ot<>();
        statusErrorMap = otVar;
        otVar.put(101, Reason.EI_STATUS_UNEXPECTED_DEVICE_ERROR);
        statusErrorMap.put(102, Reason.EI_STATUS_NOT_AVAILABLE);
        statusErrorMap.put(103, Reason.EI_STATUS_NOT_READY);
        statusErrorMap.put(104, Reason.EI_STATUS_NOT_ALLOWED);
        statusErrorMap.put(105, Reason.EI_STATUS_INVALID_PARAMETER);
        statusErrorMap.put(106, Reason.EI_STATUS_REQUEST_DENIED_BY_CA);
        statusErrorMap.put(107, Reason.EI_STATUS_CA_NOT_AVAILABLE);
        statusErrorMap.put(Integer.valueOf(HttpStatusCodes.STATUS_CODE_CREATED), Reason.AI_STATUS_UNEXPECTED_DEVICE_ERROR);
        statusErrorMap.put(202, Reason.AI_STATUS_NOT_AVAILABLE);
        statusErrorMap.put(203, Reason.AI_STATUS_NOT_READY);
        statusErrorMap.put(Integer.valueOf(HttpStatusCodes.STATUS_CODE_NO_CONTENT), Reason.AI_STATUS_NOT_ALLOWED);
        statusErrorMap.put(205, Reason.AI_STATUS_INVALID_PARAMETER);
        statusErrorMap.put(206, Reason.AI_STATUS_REQUEST_DENIED_BY_CA);
        statusErrorMap.put(207, Reason.AI_STATUS_CA_NOT_AVAILABLE);
        statusErrorMap.put(Integer.valueOf(HttpStatusCodes.STATUS_CODE_MOVED_PERMANENTLY), Reason.PI_STATUS_UNEXPECTED_DEVICE_ERROR);
        statusErrorMap.put(Integer.valueOf(HttpStatusCodes.STATUS_CODE_FOUND), Reason.PI_STATUS_NOT_AVAILABLE);
        statusErrorMap.put(Integer.valueOf(HttpStatusCodes.STATUS_CODE_SEE_OTHER), Reason.PI_STATUS_NOT_READY);
        statusErrorMap.put(Integer.valueOf(HttpStatusCodes.STATUS_CODE_NOT_MODIFIED), Reason.PI_STATUS_NOT_ALLOWED);
        statusErrorMap.put(305, Reason.PI_STATUS_INVALID_PARAMETER);
        statusErrorMap.put(306, Reason.PI_STATUS_REQUEST_DENIED_BY_CA);
        statusErrorMap.put(Integer.valueOf(HttpStatusCodes.STATUS_CODE_TEMPORARY_REDIRECT), Reason.PI_STATUS_CA_NOT_AVAILABLE);
    }

    private boolean attestationInfoParsed() {
        return attestationInfo != null;
    }

    private boolean attestationStatusIsSuccess() {
        return attestationInfo.a == 0;
    }

    private FetchJetstreamUrl createFetchJetstreamUrl(FetchHttpUrl.ResponseHandler responseHandler) {
        return new FetchJetstreamUrl().setCallback(responseHandler);
    }

    private String createNonce() {
        return new BigInteger(128, this.random).toString(32);
    }

    private byte[] createProvideIdentityBytes(String str) {
        byte[] bArr;
        if (TextUtils.isEmpty(str)) {
            Logger.w("Failed to create encrypted identity credential: nonce is empty");
            return null;
        }
        PublicKey ekPublicKey = getEkPublicKey();
        if (ekPublicKey == null) {
            Logger.w("Failed to create encrypted identity credential: EK public key missing");
            return null;
        }
        TpmPubkey tpmPubkey = getTpmPubkey();
        if (tpmPubkey == null) {
            Logger.w("Failed to create encrypted identity credential: public key in TPM format missing");
            return null;
        }
        try {
            xy build = new EncryptedIdentityCredentialBuilder().build((RSAPublicKey) ekPublicKey, str.getBytes(), tpmPubkey);
            xx xxVar = new xx();
            xxVar.a = build;
            bArr = xx.toByteArray(xxVar);
        } catch (EncryptedIdentityCredentialBuilderException e) {
            Logger.w("Failed to create encrypted identity credential", e);
            bArr = null;
        }
        return bArr;
    }

    private void doState() {
        doState(null, null, -1);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void doState(String str, String str2, int i) {
        Object[] objArr = {this.identityState.name(), this.stateReason.name()};
        switch (this.identityState) {
            case START:
            case REQUEST_ENDORSEMENT_INFO:
                setIdentityState(IdentityState.PROCESS_ENDORSEMENT_INFO, Reason.OK);
                if (this.apConnector != null) {
                    this.apConnector.requestApEndorsementInfo(this.apStateCallback);
                    return;
                } else {
                    this.fetchJetstreamUrl = createFetchJetstreamUrl(this.stateCallback);
                    this.fetchJetstreamUrl.requestJetstreamEndorsementInfo();
                    return;
                }
            case STOP:
                if (this.callback != null) {
                    this.callback.result(new JSONObject());
                    return;
                }
                return;
            case REQUEST_ATTESTATION_INFO:
                setIdentityState(IdentityState.PROCESS_ATTESTATION_INFO, Reason.OK);
                this.fetchJetstreamUrl = createFetchJetstreamUrl(this.stateCallback);
                this.fetchJetstreamUrl.requestJetstreamAttestationInfo();
                return;
            case REQUEST_PROVE_IDENTITY:
                nonce = createNonce();
                byte[] createProvideIdentityBytes = createProvideIdentityBytes(nonce);
                if (createProvideIdentityBytes == null) {
                    setIdentityState(IdentityState.STOP, Reason.PI_ENCRYPT_FAILED);
                    doState();
                    return;
                } else {
                    setIdentityState(IdentityState.PROCESS_PROVE_IDENTITY, Reason.OK);
                    this.fetchJetstreamUrl = createFetchJetstreamUrl(this.stateCallback);
                    this.fetchJetstreamUrl.sendJetstreamProveIdentity(createProvideIdentityBytes);
                    return;
                }
            case PROCESS_ENDORSEMENT_INFO:
                if (TextUtils.isEmpty(str2)) {
                    String valueOf = String.valueOf(str);
                    if (valueOf.length() != 0) {
                        "Encoded response body: ".concat(valueOf);
                    } else {
                        new String("Encoded response body: ");
                    }
                    if (TextUtils.isEmpty(str)) {
                        setIdentityState(IdentityState.STOP, Reason.EI_RESPONSE_BODY_EMPTY);
                    } else {
                        endorsementInfo = parseEncodedEndorsementInfo(str);
                    }
                } else {
                    String valueOf2 = String.valueOf(str2);
                    Logger.w(valueOf2.length() != 0 ? "Failed to retrieve endorsement info: ".concat(valueOf2) : new String("Failed to retrieve endorsement info: "));
                    if (i == 400) {
                        setIdentityState(IdentityState.STOP, Reason.EI_HTTP_BAD_REQUEST);
                    } else if (i == 403) {
                        setIdentityState(IdentityState.STOP, Reason.EI_HTTP_FORBIDDEN);
                    } else if (i == 404) {
                        setIdentityState(IdentityState.STOP, Reason.EI_HTTP_NOT_FOUND);
                    } else if (i == 500) {
                        setIdentityState(IdentityState.STOP, Reason.EI_HTTP_SERVER_ERROR);
                    } else {
                        setIdentityState(IdentityState.STOP, Reason.EI_HTTP_OTHER);
                        setCause(str2);
                    }
                }
                doState();
                return;
            case PROCESS_ATTESTATION_INFO:
                if (TextUtils.isEmpty(str2)) {
                    String valueOf3 = String.valueOf(str);
                    if (valueOf3.length() != 0) {
                        "Encoded response body: ".concat(valueOf3);
                    } else {
                        new String("Encoded response body: ");
                    }
                    if (TextUtils.isEmpty(str)) {
                        setIdentityState(IdentityState.STOP, Reason.AI_RESPONSE_BODY_EMPTY);
                    } else {
                        attestationInfo = parseEncodedAttestationInfo(str);
                    }
                } else {
                    String valueOf4 = String.valueOf(str2);
                    Logger.w(valueOf4.length() != 0 ? "Failed to retrieve attestation info: ".concat(valueOf4) : new String("Failed to retrieve attestation info: "));
                    if (i == 400) {
                        setIdentityState(IdentityState.STOP, Reason.AI_HTTP_BAD_REQUEST);
                    } else if (i == 403) {
                        setIdentityState(IdentityState.STOP, Reason.AI_HTTP_FORBIDDEN);
                    } else if (i == 404) {
                        setIdentityState(IdentityState.STOP, Reason.AI_HTTP_NOT_FOUND);
                    } else if (i == 500) {
                        setIdentityState(IdentityState.STOP, Reason.AI_HTTP_SERVER_ERROR);
                    } else {
                        setIdentityState(IdentityState.STOP, Reason.AI_HTTP_OTHER);
                        setCause(str2);
                    }
                }
                doState();
                return;
            case PROCESS_PROVE_IDENTITY:
                if (TextUtils.isEmpty(str2)) {
                    String valueOf5 = String.valueOf(str);
                    if (valueOf5.length() != 0) {
                        "Encoded response body: ".concat(valueOf5);
                    } else {
                        new String("Encoded response body: ");
                    }
                    if (TextUtils.isEmpty(str)) {
                        setIdentityState(IdentityState.STOP, Reason.PI_RESPONSE_BODY_EMPTY);
                    } else {
                        identityInfo = parseEncodedIdentityInfo(str);
                    }
                } else {
                    String valueOf6 = String.valueOf(str2);
                    Logger.w(valueOf6.length() != 0 ? "Failed to prove identity: ".concat(valueOf6) : new String("Failed to prove identity: "));
                    if (i == 400) {
                        setIdentityState(IdentityState.STOP, Reason.PI_HTTP_BAD_REQUEST);
                    } else if (i == 403) {
                        setIdentityState(IdentityState.STOP, Reason.PI_HTTP_FORBIDDEN);
                    } else if (i == 404) {
                        setIdentityState(IdentityState.STOP, Reason.PI_HTTP_NOT_FOUND);
                    } else if (i == 500) {
                        setIdentityState(IdentityState.STOP, Reason.PI_HTTP_SERVER_ERROR);
                    } else {
                        setIdentityState(IdentityState.STOP, Reason.PI_HTTP_OTHER);
                        setCause(str2);
                    }
                }
                doState();
                return;
            case CHECK_EI_STATUS:
                checkEndorsementInfoStatus(endorsementInfo);
                doState();
                return;
            case CHECK_AI_STATUS:
                checkAttestationInfoStatus(attestationInfo);
                doState();
                return;
            case CHECK_PI_STATUS:
                checkIdentityInfoStatus(identityInfo);
                doState();
                return;
            case CHECK_EK_CERT:
                if (hasValidEkCert()) {
                    setIdentityState(IdentityState.REQUEST_ATTESTATION_INFO, Reason.OK);
                } else {
                    setIdentityState(IdentityState.STOP, Reason.EI_EK_CERT_INVALID);
                }
                doState();
                return;
            case CHECK_SETUP_CODE:
                if (this.setupCode == null) {
                    setIdentityState(IdentityState.STOP, Reason.EI_SETUP_CODE_NULL);
                } else if (TextUtils.isEmpty(this.setupCode)) {
                    setIdentityState(IdentityState.STOP, Reason.EI_SETUP_CODE_EMPTY);
                } else if (hasValidSetupCode()) {
                    setIdentityState(IdentityState.STOP, Reason.OK);
                } else {
                    setIdentityState(IdentityState.STOP, Reason.EI_SETUP_CODE_INVALID);
                }
                doState();
                return;
            case CHECK_ATTESTATION:
                checkAttestationInfoRegisters();
                doState();
                return;
            case CHECK_IDENTITY:
                if (hasProvenIdentity()) {
                    identityVerified = true;
                    setIdentityState(IdentityState.CHECK_SETUP_CODE, Reason.OK);
                } else {
                    setIdentityState(IdentityState.STOP, Reason.PI_DECRYPT_FAILED);
                }
                doState();
                return;
            default:
                return;
        }
    }

    private boolean endorsementInfoParsed() {
        return endorsementInfo != null;
    }

    private boolean endorsementStatusIsSuccess() {
        return endorsementInfo.a == 0;
    }

    private PublicKey getAikPublicKey() {
        if (!attestationInfoParsed()) {
            Logger.w("Failed to get AIK public key: proto not parsed");
            return null;
        }
        if (!attestationStatusIsSuccess()) {
            Logger.w("Failed to get AIK publid key: status=%d", Integer.valueOf(attestationInfo.a));
            return null;
        }
        try {
            return KeyFactory.getInstance(KeyConverter.RSA_KEY_FACTORY_ALGORITHM).generatePublic(new X509EncodedKeySpec(attestationInfo.b));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            Logger.w("Couldn't load AIK public key", e);
            return null;
        }
    }

    private X509Certificate getEkCert() {
        return this.certProvider.getCertificateFromByteArrayInputStream(endorsementInfo.c);
    }

    private PublicKey getEkPublicKey() {
        try {
            return KeyFactory.getInstance(KeyConverter.RSA_KEY_FACTORY_ALGORITHM).generatePublic(new X509EncodedKeySpec(endorsementInfo.b));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            Logger.w("Couldn't load EK public key", e);
            return null;
        }
    }

    private String getNonceResponse() {
        if (!proveIdentityParsed()) {
            Logger.w("Failed to get nonce response: proto not parsed");
            return null;
        }
        if (proveIdentityStatusIsSuccess()) {
            return new String(identityInfo.b);
        }
        Logger.w("Failed to get nonce response: status=%d", Integer.valueOf(identityInfo.a));
        return null;
    }

    private Pcr0Value getPcr0Value(PublicKey publicKey) {
        if (!attestationInfoParsed()) {
            Logger.w("Failed to create PCR0 value: proto not parsed");
            return null;
        }
        if (!attestationStatusIsSuccess()) {
            Logger.w("Failed to create PCR0 value: status=%d", Integer.valueOf(attestationInfo.a));
            return null;
        }
        try {
            return new Pcr0Value.Factory(new Sha1RsaSignatureVerifier()).create(attestationInfo.d, publicKey);
        } catch (PcrValueException e) {
            Logger.w("Failed to create PCR0 value", e);
            return null;
        }
    }

    private Pcr1Value getPcr1Value(PublicKey publicKey) {
        if (!attestationInfoParsed()) {
            Logger.w("Failed to create PCR1 value: proto not parsed");
            return null;
        }
        if (!attestationStatusIsSuccess()) {
            Logger.w("Failed to create PCR1 value: status=%d", Integer.valueOf(attestationInfo.a));
            return null;
        }
        try {
            return new Pcr1Value.Factory(new Sha1RsaSignatureVerifier()).create(attestationInfo.e, publicKey);
        } catch (PcrValueException e) {
            Logger.w("Failed to create the PCR1 value", e);
            return null;
        }
    }

    private TpmPubkey getTpmPubkey() {
        if (!attestationInfoParsed()) {
            Logger.w("Failed to get TPM public key: proto not parsed");
            return null;
        }
        if (!attestationStatusIsSuccess()) {
            Logger.w("Failed to get TPM publid key: status=%d", Integer.valueOf(attestationInfo.a));
            return null;
        }
        try {
            return TpmPubkey.parseFrom(attestationInfo.c);
        } catch (IOException e) {
            Logger.w("Couldn't load TPM public key", e);
            return null;
        }
    }

    private Set<TrustAnchor> getTrustAnchors() {
        return this.certProvider.getJetstreamTpmVendorTrustAnchors();
    }

    private boolean hasKnownHardware(Pcr1Value pcr1Value) {
        Iterator<String> it = SUPPORTED_HARDWARE.iterator();
        while (it.hasNext()) {
            if (pcr1Value.getHwid().toLowerCase().startsWith(it.next().toLowerCase())) {
                return true;
            }
        }
        Logger.w("Unknown hardware found: %s", pcr1Value.getHwid());
        return false;
    }

    private boolean hasProvenIdentity() {
        String nonceResponse = getNonceResponse();
        if (nonceResponse.equals(nonce)) {
            return true;
        }
        Logger.w("Identity check failed: %s != %s", nonceResponse, nonce);
        return false;
    }

    private boolean hasValidEkCert() {
        if (!endorsementInfoParsed()) {
            Logger.w("EK cert check failed: proto not parsed");
            return false;
        }
        if (!endorsementStatusIsSuccess()) {
            Logger.w("EK cert check failed: status=%d", Integer.valueOf(endorsementInfo.a));
            return false;
        }
        X509Certificate ekCert = getEkCert();
        if (ekCert == null) {
            Logger.w("EK cert check failed: null cert");
            return false;
        }
        if (CertificateVerifier.isValidCertificate(ekCert, getTrustAnchors())) {
            return true;
        }
        Logger.w("EK cert check failed: invalid cert");
        return false;
    }

    private boolean hasValidSetupCode() {
        if (endorsementInfo.b == null) {
            Logger.w("Setup code verification failed: EK public key null");
            return false;
        }
        if (endorsementInfo.b.length == 0) {
            Logger.w("Setup code verification failed: EK public key empty");
            return false;
        }
        new Object[1][0] = Base64.encodeToString(endorsementInfo.b, 2);
        byte[] copyOfRange = Arrays.copyOfRange(endorsementInfo.b, 24, endorsementInfo.b.length);
        new Object[1][0] = Base64.encodeToString(copyOfRange, 2);
        String generatePsk = PskGenerator.generatePsk(copyOfRange);
        if (generatePsk.equals(this.setupCode)) {
            return true;
        }
        Logger.w("Setup code verification failed: %s (received) != %s (expected)", this.setupCode, generatePsk);
        return false;
    }

    private boolean hasVerifiedFirmware(Pcr0Value pcr0Value) {
        if (pcr0Value.getFirmwareType() == Pcr0Value.FirmwareType.VERIFIED) {
            return true;
        }
        Logger.w("Unverified firmware found: %s", pcr0Value.getFirmwareType());
        return false;
    }

    private boolean proveIdentityParsed() {
        return identityInfo != null;
    }

    private boolean proveIdentityStatusIsSuccess() {
        return identityInfo.a == 0;
    }

    private void setCause(String str) {
        this.cause = str;
    }

    private void setIdentityState(IdentityState identityState, Reason reason) {
        this.identityState = identityState;
        this.stateReason = reason;
    }

    public boolean cancel() {
        Logger.w("Canceling identity verification");
        this.callback = null;
        return true;
    }

    public void checkAttestationInfoRegisters() {
        PublicKey aikPublicKey = getAikPublicKey();
        Pcr0Value pcr0Value = getPcr0Value(aikPublicKey);
        Pcr1Value pcr1Value = getPcr1Value(aikPublicKey);
        if (!hasVerifiedFirmware(pcr0Value)) {
            setIdentityState(IdentityState.STOP, Reason.AI_FIRMWARE_UNVERIFIED);
            return;
        }
        if (pcr0Value.isInDeveloperMode()) {
            setIdentityState(IdentityState.STOP, Reason.AI_MODE_DEVELOPER);
            return;
        }
        if (pcr0Value.isInRecoveryMode()) {
            setIdentityState(IdentityState.STOP, Reason.AI_MODE_RECOVERY);
        } else if (hasKnownHardware(pcr1Value)) {
            setIdentityState(IdentityState.REQUEST_PROVE_IDENTITY, Reason.OK);
        } else {
            setIdentityState(IdentityState.STOP, Reason.AI_HARDWARE_UNKNOWN);
            setCause(getHardware(pcr1Value));
        }
    }

    public void checkAttestationInfoStatus(xz xzVar) {
        if (xzVar.a == 0) {
            setIdentityState(IdentityState.CHECK_ATTESTATION, Reason.OK);
            return;
        }
        int i = xzVar.a + 200;
        if (statusErrorMap.containsKey(Integer.valueOf(i))) {
            setIdentityState(IdentityState.STOP, statusErrorMap.get(Integer.valueOf(i)));
        } else {
            setIdentityState(IdentityState.STOP, Reason.AI_STATUS_UNKNOWN);
        }
    }

    public void checkEndorsementInfoStatus(ya yaVar) {
        if (yaVar.a == 0) {
            setIdentityState(IdentityState.CHECK_EK_CERT, Reason.OK);
            return;
        }
        int i = yaVar.a + 100;
        if (statusErrorMap.containsKey(Integer.valueOf(i))) {
            setIdentityState(IdentityState.STOP, statusErrorMap.get(Integer.valueOf(i)));
        } else {
            setIdentityState(IdentityState.STOP, Reason.EI_STATUS_UNKNOWN);
        }
    }

    public void checkIdentityInfoStatus(xw xwVar) {
        if (xwVar.a == 0) {
            setIdentityState(IdentityState.CHECK_IDENTITY, Reason.OK);
            return;
        }
        int i = xwVar.a + 300;
        if (statusErrorMap.containsKey(Integer.valueOf(i))) {
            setIdentityState(IdentityState.STOP, statusErrorMap.get(Integer.valueOf(i)));
        } else {
            setIdentityState(IdentityState.STOP, Reason.PI_STATUS_UNKNOWN);
        }
    }

    public String getCause() {
        return this.cause;
    }

    public String getHardware(Pcr1Value pcr1Value) {
        String hwid = pcr1Value.getHwid();
        return hwid.contains(" ") ? hwid.split(" ")[0] : hwid;
    }

    public String getState() {
        return this.identityState.name();
    }

    public String getStateReason() {
        return this.cause != null ? String.format("%s (%s)", this.stateReason.name(), this.cause) : this.stateReason.name();
    }

    public boolean isIdentityVerified() {
        return identityVerified;
    }

    public xz parseEncodedAttestationInfo(String str) {
        byte[] decode = Base64.decode(str, 0);
        attestationInfo = new xz();
        try {
            setIdentityState(IdentityState.CHECK_AI_STATUS, Reason.OK);
        } catch (IOException e) {
            Logger.w("Failed to retrieve attestation info: error parsing proto (%s)", e.getMessage());
            setIdentityState(IdentityState.STOP, Reason.AI_RESPONSE_BODY_PARSE_FAILED);
        }
        if (decode.length > 2 && decode.length < 1100) {
            setIdentityState(IdentityState.STOP, Reason.AI_RESPONSE_BODY_TRUNCATED);
        }
        return attestationInfo;
    }

    public ya parseEncodedEndorsementInfo(String str) {
        byte[] decode = Base64.decode(str, 0);
        endorsementInfo = new ya();
        try {
            setIdentityState(IdentityState.CHECK_EI_STATUS, Reason.OK);
        } catch (IOException e) {
            Logger.w("Failed to retrieve endorsement info: error parsing proto (%s)", e.getMessage());
            setIdentityState(IdentityState.STOP, Reason.EI_RESPONSE_BODY_PARSE_FAILED);
        }
        if (decode.length > 2 && decode.length < 1500) {
            setIdentityState(IdentityState.STOP, Reason.EI_RESPONSE_BODY_TRUNCATED);
        }
        return endorsementInfo;
    }

    public xw parseEncodedIdentityInfo(String str) {
        byte[] decode = Base64.decode(str, 0);
        identityInfo = new xw();
        try {
            setIdentityState(IdentityState.CHECK_PI_STATUS, Reason.OK);
        } catch (IOException e) {
            Logger.w("Failed to retrieve identity info: error parsing proto (%s)", e.getMessage());
            setIdentityState(IdentityState.STOP, Reason.PI_RESPONSE_BODY_PARSE_FAILED);
        }
        if (decode.length > 2 && decode.length < 16) {
            setIdentityState(IdentityState.STOP, Reason.PI_RESPONSE_BODY_TRUNCATED);
        }
        return identityInfo;
    }

    public void verifyIdentity(FetchHttpUrl.ResponseHandler responseHandler, String str) {
        this.callback = responseHandler;
        this.setupCode = str;
        setIdentityState(IdentityState.START, Reason.OK);
        doState();
    }
}
