package com.echoworx.edt.internal.credential;

import com.echoworx.edt.common.pki.EDTCertificate;
import com.echoworx.edt.common.pki.EDTPKIException;
import com.echoworx.edt.common.pki.EDTX509Certificate;
import com.echoworx.edt.common.pki.PKCS12Container;
import com.echoworx.edt.common.registry.CryptographyFacade;
import com.echoworx.edt.common.registry.HandlerRegistry;
import com.echoworx.edt.common.registry.HandlerType;
import com.echoworx.edt.common.registry.LoggingFacade;
import com.echoworx.edt.common.registry.PKIFacade;
import com.echoworx.edt.credential.domain.Password;
import com.echoworx.edt.credential.domain.UserCredentials;
import com.echoworx.edt.internal.common.CryptographyConstants;
import com.echoworx.edt.internal.common.KeyInfo;
import com.echoworx.edt.internal.util.Base64;
import com.echoworx.edt.internal.util.ByteUtils;
import com.echoworx.edt.internal.util.CryptographyUtils;
import com.echoworx.edt.internal.util.PKIUtils;

/* loaded from: classes.dex */
public class CredentialPackageDataModel {
    protected PKCS12Container cipherKeyContainer;
    protected String credentialThumbPrint;
    protected byte[] fHashedAnswers;
    protected ProtectedCredentialsPackage fOriginalProtectedCredentials;
    protected Password fPassword;
    protected EDTCertificate fRemovedTemplateCertificate;
    protected String fSecureId;
    protected byte[] fSessionKey;
    protected byte[] passwordKeyCrypt;
    protected PKCS12Container signingKeyContainer;
    protected LoggingFacade logger = ((LoggingFacade) HandlerRegistry.getHandler(HandlerType.LOG_FACADE)).getLogger(KeyDrawModel.class);
    protected CryptographyFacade crypto_helper = (CryptographyFacade) HandlerRegistry.getHandler(HandlerType.CRYPTOGRAPHY_FACADE);
    protected PKIFacade pki_helper = (PKIFacade) HandlerRegistry.getHandler(HandlerType.PKI_FACADE);
    byte[] fIV = this.crypto_helper.decodeHex(CryptographyConstants.AES_INITIALIZATION_VECTOR.getBytes());

    public CredentialPackageDataModel(String str, Password password, PKCS12Container pKCS12Container, PKCS12Container pKCS12Container2) {
        this.fSecureId = str;
        this.fPassword = password;
        this.cipherKeyContainer = pKCS12Container2;
        this.signingKeyContainer = pKCS12Container;
    }

    public CredentialPackageDataModel(String str, Password password, ProtectedCredentialsPackage protectedCredentialsPackage) {
        this.fSecureId = str;
        this.fPassword = password;
        this.fOriginalProtectedCredentials = protectedCredentialsPackage;
        this.passwordKeyCrypt = protectedCredentialsPackage.getPasswordKeyCrypt();
        this.logger.info("Beginning to parse and build credential package data model.");
        calculateThumbprint(protectedCredentialsPackage.getSigningKeyBlobContents(), protectedCredentialsPackage.getCipherKeyBlobContents());
        protectedCredentialsPackage.setSigningKeyBlobContents(Base64.decode(protectedCredentialsPackage.getSigningKeyBlobContents()));
        protectedCredentialsPackage.setCipherKeyBlobContents(Base64.decode(protectedCredentialsPackage.getCipherKeyBlobContents()));
        byte[] decryptDataWithAES = this.crypto_helper.decryptDataWithAES(this.fIV, CryptographyUtils.getInstance().generateAESKey(this.fSecureId, this.fPassword), protectedCredentialsPackage.getSigningKeyBlobContents());
        this.signingKeyContainer = this.pki_helper.loadPKCS12Container(decryptDataWithAES, this.fPassword);
        this.logger.debug("Signing PFX has been processed.");
        KeyInfo keyInfo = PKIUtils.getInstance().getKeyInfo(decryptDataWithAES, this.fPassword, PKIUtils.KEY_SERVICE_TEMPORARY_CERTIFICATE_NAME);
        if (this.passwordKeyCrypt != null && this.passwordKeyCrypt.length > 0) {
            this.fHashedAnswers = PKIUtils.getInstance().decryptAndVerifyPKCS7(this.passwordKeyCrypt, keyInfo.getKey(), keyInfo.getCertificate());
        }
        byte[] decryptAndVerifyPKCS7 = PKIUtils.getInstance().decryptAndVerifyPKCS7(protectedCredentialsPackage.getKeyPrincipal(), keyInfo.getKey(), keyInfo.getCertificate());
        Password password2 = new Password(CryptographyUtils.getInstance().getSHA1Digest(decryptAndVerifyPKCS7).substring(0, 30));
        this.cipherKeyContainer = this.pki_helper.loadPKCS12Container(this.crypto_helper.decryptDataWithAES(this.fIV, decryptAndVerifyPKCS7, protectedCredentialsPackage.getCipherKeyBlobContents()), password2);
        this.cipherKeyContainer.changePassword(this.fPassword);
        this.logger.debug("Cipher PFX has been processed.");
    }

    protected void calculateThumbprint(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr2.length + bArr.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        this.credentialThumbPrint = ByteUtils.byteArrayToHexString(this.crypto_helper.hash(bArr3, 1));
        this.logger.debug("Calculated thumbprint:" + this.credentialThumbPrint);
    }

    public ProtectedCredentialsPackage generateProtectedCredentials(EDTX509Certificate eDTX509Certificate) {
        EDTX509Certificate eDTX509Certificate2 = (EDTX509Certificate) this.signingKeyContainer.getCertificateByCanonicalName(PKIUtils.KEY_SERVICE_TEMPORARY_CERTIFICATE_NAME);
        if (eDTX509Certificate2 == null) {
            throw new EDTPKIException("Could not find required certificate in the signed credential package");
        }
        this.fSessionKey = this.crypto_helper.generateRandomData(256);
        byte[] encryptPKCS7 = this.pki_helper.encryptPKCS7(this.pki_helper.signPKCS7(this.fSessionKey, this.signingKeyContainer.getKeyRelatedToCertificate(eDTX509Certificate, null), eDTX509Certificate, new EDTX509Certificate[]{eDTX509Certificate}), new EDTX509Certificate[]{eDTX509Certificate2});
        this.cipherKeyContainer.changePassword(new Password(ByteUtils.byteArrayToHexString(this.crypto_helper.hash(this.fSessionKey, 1)).substring(0, 30)));
        ProtectedCredentialsPackage produceNewProtectedCredentials = produceNewProtectedCredentials(CryptographyUtils.getInstance().generateAESKey(this.fSecureId, this.fPassword), encryptPKCS7);
        this.cipherKeyContainer.changePassword(this.fPassword);
        return produceNewProtectedCredentials;
    }

    public UserCredentials generateUserCredentials() {
        return new UserCredentials(this.signingKeyContainer, this.cipherKeyContainer, this.credentialThumbPrint);
    }

    public PKCS12Container getCipherKeyContainer() {
        return this.cipherKeyContainer;
    }

    public String getCredentialThumbPrint() {
        return this.credentialThumbPrint;
    }

    public byte[] getHashedAnswers() {
        return this.fHashedAnswers;
    }

    public byte[] getSessionKey() {
        return this.fSessionKey;
    }

    public PKCS12Container getSigningKeyContainer() {
        return this.signingKeyContainer;
    }

    public ProtectedCredentialsPackage produceNewProtectedCredentials(byte[] bArr, byte[] bArr2) {
        byte[] encryptDataWithAES = this.crypto_helper.encryptDataWithAES(this.fIV, bArr, this.signingKeyContainer.getEncoded());
        byte[] encoded = this.cipherKeyContainer.getEncoded();
        byte[] bArr3 = null;
        if (this.fSessionKey != null) {
            bArr3 = this.crypto_helper.encryptDataWithAES(this.fIV, this.fSessionKey, encoded);
        } else if (this.fOriginalProtectedCredentials != null) {
            bArr3 = this.fOriginalProtectedCredentials.getCipherKeyBlobContents();
        }
        calculateThumbprint(Base64.encode(encryptDataWithAES).getBytes(), Base64.encode(bArr3).getBytes());
        if (bArr2 == null && this.fOriginalProtectedCredentials != null) {
            bArr2 = this.fOriginalProtectedCredentials.getKeyPrincipal();
        }
        return new ProtectedCredentialsPackage(this.passwordKeyCrypt, bArr2, bArr3, encryptDataWithAES);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPassword(Password password) {
        this.fPassword = password;
    }

    public void setSigningKeyContainer(PKCS12Container pKCS12Container) {
        this.signingKeyContainer = pKCS12Container;
    }
}
