package com.android.internal.net.eap.statemachine;

import android.net.eap.EapSessionConfig;
import android.telephony.TelephonyManager;
import android.util.Base64;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.eap.EapAuthenticator;
import com.android.internal.net.eap.EapResult;
import com.android.internal.net.eap.crypto.Fips186_2Prf;
import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
import com.android.internal.net.eap.exceptions.EapSilentException;
import com.android.internal.net.eap.exceptions.simaka.EapSimAkaAuthenticationFailureException;
import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
import com.android.internal.net.eap.exceptions.simaka.EapSimAkaUnsupportedAttributeException;
import com.android.internal.net.eap.message.EapData;
import com.android.internal.net.eap.message.EapMessage;
import com.android.internal.net.eap.message.simaka.EapAkaAttributeFactory;
import com.android.internal.net.eap.message.simaka.EapAkaTypeData;
import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData;
import com.android.internal.net.utils.Log;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Set;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/android/internal/net/eap/statemachine/EapSimAkaMethodStateMachine.class */
public abstract class EapSimAkaMethodStateMachine extends EapMethodStateMachine {
    public static final String MASTER_KEY_GENERATION_ALG = "SHA-1";
    public static final String MAC_ALGORITHM_STRING = "HmacSHA1";
    public static final int MASTER_KEY_LENGTH = 20;
    public static final int KEY_LEN = 16;
    public static final int SESSION_KEY_LENGTH = 64;
    private static final int COUNTER_SIZE = 2;
    public final byte[] mMk = new byte[getMkLength()];
    public final byte[] mKEncr = new byte[getKEncrLength()];
    public final byte[] mKAut = new byte[getKAutLength()];
    public final byte[] mMsk = new byte[getMskLength()];
    public final byte[] mEmsk = new byte[getEmskLength()];

    @VisibleForTesting
    boolean mHasReceivedSimAkaNotification = false;
    final TelephonyManager mTelephonyManager;
    final byte[] mEapIdentity;
    final EapSessionConfig.EapUiccConfig mEapUiccConfig;

    @VisibleForTesting
    Mac mMacAlgorithm;

    @VisibleForTesting
    SecureRandom mSecureRandom;

    /* JADX INFO: Access modifiers changed from: package-private */
    public EapSimAkaMethodStateMachine(TelephonyManager telephonyManager, byte[] bArr, EapSessionConfig.EapUiccConfig eapUiccConfig) {
        if (telephonyManager == null) {
            throw new IllegalArgumentException("TelephonyManager must be non-null");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("EapIdentity must be non-null");
        }
        if (eapUiccConfig == null) {
            throw new IllegalArgumentException("EapUiccConfig must be non-null");
        }
        this.mTelephonyManager = telephonyManager;
        this.mEapIdentity = bArr;
        this.mEapUiccConfig = eapUiccConfig;
        EapAuthenticator.LOG.d(getClass().getSimpleName(), this.mEapUiccConfig.getClass().getSimpleName() + ": subId=" + this.mEapUiccConfig.getSubId() + " apptype=" + this.mEapUiccConfig.getAppType());
    }

    protected int getMkLength() {
        return 20;
    }

    protected int getKEncrLength() {
        return 16;
    }

    protected int getKAutLength() {
        return 16;
    }

    protected int getMskLength() {
        return 64;
    }

    protected int getEmskLength() {
        return 64;
    }

    @Override // com.android.internal.net.eap.statemachine.EapMethodStateMachine
    EapResult handleEapNotification(String str, EapMessage eapMessage) {
        return EapStateMachine.handleNotification(str, eapMessage);
    }

    protected String getMacAlgorithm() {
        return MAC_ALGORITHM_STRING;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public EapResult buildClientErrorResponse(int i, int i2, EapSimAkaAttribute.AtClientErrorCode atClientErrorCode) {
        this.mIsExpectingEapFailure = true;
        try {
            return EapResult.EapResponse.getEapResponse(new EapMessage(2, i, new EapData(i2, getEapSimAkaTypeData(atClientErrorCode).encode())));
        } catch (EapSilentException e) {
            return new EapResult.EapError(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public EapResult buildResponseMessage(int i, int i2, int i3, List<EapSimAkaAttribute> list) {
        try {
            return EapResult.EapResponse.getEapResponse(new EapMessage(2, i3, new EapData(i, getEapSimAkaTypeData(i2, list).encode())));
        } catch (EapSilentException e) {
            return new EapResult.EapError(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @VisibleForTesting
    public void generateAndPersistKeys(String str, MessageDigest messageDigest, Fips186_2Prf fips186_2Prf, byte[] bArr) {
        byte[] digest = messageDigest.digest(bArr);
        System.arraycopy(digest, 0, this.mMk, 0, 20);
        ByteBuffer wrap = ByteBuffer.wrap(fips186_2Prf.getRandom(digest, this.mKEncr.length + this.mKAut.length + this.mMsk.length + this.mEmsk.length));
        wrap.get(this.mKEncr);
        wrap.get(this.mKAut);
        wrap.get(this.mMsk);
        wrap.get(this.mEmsk);
        EapAuthenticator.LOG.d(str, "MK input=" + EapAuthenticator.LOG.pii(bArr));
        EapAuthenticator.LOG.d(str, "MK=" + EapAuthenticator.LOG.pii(digest));
        EapAuthenticator.LOG.d(str, "K_encr=" + EapAuthenticator.LOG.pii(this.mKEncr));
        EapAuthenticator.LOG.d(str, "K_aut=" + EapAuthenticator.LOG.pii(this.mKAut));
        EapAuthenticator.LOG.d(str, "MSK=" + EapAuthenticator.LOG.pii(this.mMsk));
        EapAuthenticator.LOG.d(str, "EMSK=" + EapAuthenticator.LOG.pii(this.mEmsk));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @VisibleForTesting
    public void generateAndPersistReauthKeys(String str, MessageDigest messageDigest, Fips186_2Prf fips186_2Prf, byte[] bArr, int i, byte[] bArr2, byte[] bArr3) {
        ByteBuffer allocate = ByteBuffer.allocate(bArr.length + 2 + bArr2.length + bArr3.length);
        allocate.put(bArr);
        allocate.putShort((short) i);
        allocate.put(bArr2);
        allocate.put(bArr3);
        byte[] array = allocate.array();
        byte[] digest = messageDigest.digest(array);
        ByteBuffer wrap = ByteBuffer.wrap(fips186_2Prf.getRandom(digest, this.mMsk.length + this.mEmsk.length));
        wrap.get(this.mMsk);
        wrap.get(this.mEmsk);
        EapAuthenticator.LOG.d(str, "MK=" + EapAuthenticator.LOG.pii(bArr3));
        EapAuthenticator.LOG.d(str, "XKEY' INPUT=" + EapAuthenticator.LOG.pii(array));
        EapAuthenticator.LOG.d(str, "XKEY' =" + EapAuthenticator.LOG.pii(digest));
        EapAuthenticator.LOG.d(str, "K_encr=" + EapAuthenticator.LOG.pii(this.mKEncr));
        EapAuthenticator.LOG.d(str, "K_aut=" + EapAuthenticator.LOG.pii(this.mKAut));
        EapAuthenticator.LOG.d(str, "MSK=" + EapAuthenticator.LOG.pii(this.mMsk));
        EapAuthenticator.LOG.d(str, "EMSK=" + EapAuthenticator.LOG.pii(this.mEmsk));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public byte[] processUiccAuthentication(String str, int i, byte[] bArr) throws EapSimAkaAuthenticationFailureException {
        String iccAuthentication = this.mTelephonyManager.getIccAuthentication(this.mEapUiccConfig.getAppType(), i, Base64.encodeToString(bArr, 2));
        if (iccAuthentication != null) {
            return Base64.decode(iccAuthentication, 0);
        }
        String str2 = "UICC authentication failed. Input: " + EapAuthenticator.LOG.pii(bArr);
        EapAuthenticator.LOG.e(str, str2);
        throw new EapSimAkaAuthenticationFailureException(str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public boolean isValidMac(String str, EapMessage eapMessage, EapSimAkaTypeData eapSimAkaTypeData, byte[] bArr) throws GeneralSecurityException, EapSimAkaInvalidAttributeException, EapSilentException {
        this.mMacAlgorithm = Mac.getInstance(getMacAlgorithm());
        this.mMacAlgorithm.init(new SecretKeySpec(this.mKAut, getMacAlgorithm()));
        EapAuthenticator.LOG.d(str, "Computing MAC (raw msg): " + EapAuthenticator.LOG.pii(eapMessage.encode()));
        byte[] mac = getMac(eapMessage.eapCode, eapMessage.eapIdentifier, eapSimAkaTypeData, bArr);
        EapSimAkaAttribute.AtMac atMac = (EapSimAkaAttribute.AtMac) eapSimAkaTypeData.attributeMap.get(11);
        boolean equals = Arrays.equals(mac, atMac.mac);
        if (!equals) {
            EapAuthenticator.LOG.e(str, "Received message with invalid Mac. received=" + Log.byteArrayToHexString(atMac.mac) + ", computed=" + Log.byteArrayToHexString(mac));
        }
        return equals;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public LinkedHashMap<Integer, EapSimAkaAttribute> retrieveSecuredAttributes(String str, EapSimAkaTypeData eapSimAkaTypeData) {
        EapSimAkaAttribute.AtEncrData atEncrData = (EapSimAkaAttribute.AtEncrData) eapSimAkaTypeData.attributeMap.get(Integer.valueOf(EapSimAkaAttribute.EAP_AT_ENCR_DATA));
        if (atEncrData == null) {
            EapAuthenticator.LOG.d(str, "AT_ENCR_DATA is not included.");
            return null;
        }
        EapSimAkaAttribute.AtIv atIv = (EapSimAkaAttribute.AtIv) eapSimAkaTypeData.attributeMap.get(Integer.valueOf(EapSimAkaAttribute.EAP_AT_IV));
        if (atIv == null) {
            EapAuthenticator.LOG.d(str, "AT_IV is not included. can't decrypt ENCR DATA");
            return null;
        }
        try {
            try {
                return getSecureAttributes(str, atEncrData.getDecryptedData(this.mKEncr, atIv.iv));
            } catch (EapSimAkaInvalidAttributeException e) {
                EapAuthenticator.LOG.d(str, "Decode Fail, can't decode decrypted ENCR DATA.");
                return null;
            }
        } catch (EapSimAkaInvalidAttributeException e2) {
            EapAuthenticator.LOG.d(str, "Decrypt Fail, can't decrypt ENCR DATA");
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public byte[] retrieveNextReauthId(String str, EapAkaTypeData eapAkaTypeData) {
        EapSimAkaAttribute.AtNextReauthId atNextReauthId;
        LinkedHashMap<Integer, EapSimAkaAttribute> retrieveSecuredAttributes = retrieveSecuredAttributes(str, eapAkaTypeData);
        if (retrieveSecuredAttributes == null || (atNextReauthId = (EapSimAkaAttribute.AtNextReauthId) retrieveSecuredAttributes.get(Integer.valueOf(EapSimAkaAttribute.EAP_AT_NEXT_REAUTH_ID))) == null || atNextReauthId.reauthId == null) {
            return null;
        }
        return (byte[]) atNextReauthId.reauthId.clone();
    }

    @VisibleForTesting
    static LinkedHashMap<Integer, EapSimAkaAttribute> getSecureAttributes(String str, byte[] bArr) throws EapSimAkaInvalidAttributeException {
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        LinkedHashMap<Integer, EapSimAkaAttribute> linkedHashMap = new LinkedHashMap<>();
        EapAkaAttributeFactory eapAkaAttributeFactory = EapAkaAttributeFactory.getInstance();
        while (wrap.hasRemaining()) {
            try {
                EapSimAkaAttribute attribute = eapAkaAttributeFactory.getAttribute(wrap);
                if (linkedHashMap.containsKey(Integer.valueOf(attribute.attributeType))) {
                    EapAuthenticator.LOG.e(str, "Duplicate attribute in parsed EAP-Message");
                    throw new EapSimAkaInvalidAttributeException("Duplicated attributes");
                }
                if (attribute instanceof EapSimAkaAttribute.EapSimAkaUnsupportedAttribute) {
                    EapAuthenticator.LOG.d(str, "Unsupported EAP attribute during decoding: " + attribute.attributeType);
                }
                linkedHashMap.put(Integer.valueOf(attribute.attributeType), attribute);
            } catch (EapSimAkaUnsupportedAttributeException e) {
                EapAuthenticator.LOG.e(str, "Unrecognized, non-skippable attribute encountered", e);
                throw new EapSimAkaInvalidAttributeException("Decode fail");
            }
        }
        return linkedHashMap;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public static List<EapSimAkaAttribute> buildReauthResponse(int i, boolean z, byte[] bArr, EapSimAkaAttribute.AtIv atIv) throws EapSimAkaInvalidAttributeException {
        ByteBuffer allocate;
        ArrayList arrayList = new ArrayList();
        EapSimAkaAttribute.AtCounter atCounter = new EapSimAkaAttribute.AtCounter(i);
        if (z) {
            EapSimAkaAttribute.AtCounterTooSmall atCounterTooSmall = new EapSimAkaAttribute.AtCounterTooSmall();
            int paddingSize = getPaddingSize(16, atCounter.lengthInBytes + atCounterTooSmall.lengthInBytes);
            EapSimAkaAttribute.AtPadding atPadding = new EapSimAkaAttribute.AtPadding(paddingSize);
            allocate = ByteBuffer.allocate(atCounter.lengthInBytes + atCounterTooSmall.lengthInBytes + paddingSize);
            atCounterTooSmall.encode(allocate);
            atCounter.encode(allocate);
            atPadding.encode(allocate);
        } else {
            int paddingSize2 = getPaddingSize(16, atCounter.lengthInBytes);
            EapSimAkaAttribute.AtPadding atPadding2 = new EapSimAkaAttribute.AtPadding(paddingSize2);
            allocate = ByteBuffer.allocate(atCounter.lengthInBytes + paddingSize2);
            atCounter.encode(allocate);
            atPadding2.encode(allocate);
        }
        EapSimAkaAttribute.AtEncrData atEncrData = new EapSimAkaAttribute.AtEncrData(allocate.array(), bArr, atIv.iv);
        arrayList.add(atIv);
        arrayList.add(atEncrData);
        return arrayList;
    }

    @VisibleForTesting
    static int getPaddingSize(int i, int i2) {
        int i3 = i2 % i;
        if (i3 == 0) {
            return 0;
        }
        return i - i3;
    }

    @VisibleForTesting
    byte[] getMac(int i, int i2, EapSimAkaTypeData eapSimAkaTypeData, byte[] bArr) throws EapSimAkaInvalidAttributeException, EapSilentException {
        if (this.mMacAlgorithm == null) {
            throw new IllegalStateException("Can't calculate MAC before mMacAlgorithm is set in ChallengeState");
        }
        EapSimAkaAttribute.AtMac atMac = (EapSimAkaAttribute.AtMac) eapSimAkaTypeData.attributeMap.get(11);
        eapSimAkaTypeData.attributeMap.put(11, atMac.getAtMacWithMacCleared());
        EapMessage eapMessage = new EapMessage(i, i2, new EapData(getEapMethod(), eapSimAkaTypeData.encode()));
        EapAuthenticator.LOG.d(getClass().getSimpleName(), "Computing MAC (mac cleared): " + EapAuthenticator.LOG.pii(eapMessage.encode()));
        ByteBuffer allocate = ByteBuffer.allocate(eapMessage.eapLength + bArr.length);
        allocate.put(eapMessage.encode());
        allocate.put(bArr);
        byte[] doFinal = this.mMacAlgorithm.doFinal(allocate.array());
        eapSimAkaTypeData.attributeMap.put(11, atMac);
        return Arrays.copyOfRange(doFinal, 0, 16);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public EapResult buildResponseMessageWithMac(int i, int i2, byte[] bArr) {
        return buildResponseMessageWithMac(i, i2, bArr, new ArrayList(1), null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public EapResult buildResponseMessageWithMac(int i, int i2, byte[] bArr, List<EapSimAkaAttribute> list, @EapResult.EapResponse.EapResponseFlag int[] iArr) {
        try {
            ArrayList arrayList = new ArrayList(list);
            arrayList.add(new EapSimAkaAttribute.AtMac());
            EapSimAkaTypeData eapSimAkaTypeData = getEapSimAkaTypeData(i2, arrayList);
            eapSimAkaTypeData.attributeMap.put(11, new EapSimAkaAttribute.AtMac(getMac(2, i, eapSimAkaTypeData, bArr)));
            return EapResult.EapResponse.getEapResponse(new EapMessage(2, i, new EapData(getEapMethod(), eapSimAkaTypeData.encode())), iArr);
        } catch (EapSilentException | EapSimAkaInvalidAttributeException e) {
            return new EapResult.EapError(e);
        }
    }

    private int validateReauthAkaNotifyAndGetCounter(EapSimAkaTypeData eapSimAkaTypeData) {
        Set<Integer> keySet = eapSimAkaTypeData.attributeMap.keySet();
        if (!keySet.contains(Integer.valueOf(EapSimAkaAttribute.EAP_AT_IV)) || !keySet.contains(Integer.valueOf(EapSimAkaAttribute.EAP_AT_ENCR_DATA)) || !keySet.contains(11)) {
            return -1;
        }
        LinkedHashMap<Integer, EapSimAkaAttribute> retrieveSecuredAttributes = retrieveSecuredAttributes("Notification", eapSimAkaTypeData);
        Set<Integer> keySet2 = retrieveSecuredAttributes.keySet();
        if (!keySet2.contains(19)) {
            return -1;
        }
        if (keySet2.size() == 1 || (keySet2.size() == 2 && keySet2.contains(6))) {
            return ((EapSimAkaAttribute.AtCounter) retrieveSecuredAttributes.get(19)).counter;
        }
        return -1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public EapResult handleEapSimAkaNotification(String str, boolean z, boolean z2, boolean z3, int i, int i2, EapSimAkaTypeData eapSimAkaTypeData) {
        if (this.mHasReceivedSimAkaNotification) {
            return new EapResult.EapError(new EapInvalidRequestException("Received multiple EAP-SIM notifications"));
        }
        this.mHasReceivedSimAkaNotification = true;
        EapSimAkaAttribute.AtNotification atNotification = (EapSimAkaAttribute.AtNotification) eapSimAkaTypeData.attributeMap.get(12);
        EapAuthenticator.LOG.d(str, "Received AtNotification: S=" + (atNotification.isSuccessCode ? "1" : "0") + " P=" + (atNotification.isPreSuccessfulChallenge ? "1" : "0") + " Code=" + atNotification.notificationCode);
        if (atNotification.isPreSuccessfulChallenge) {
            return eapSimAkaTypeData.attributeMap.containsKey(11) ? buildClientErrorResponse(i, getEapMethod(), EapSimAkaAttribute.AtClientErrorCode.UNABLE_TO_PROCESS) : buildResponseMessage(getEapMethod(), eapSimAkaTypeData.eapSubtype, i, Arrays.asList(new EapSimAkaAttribute[0]));
        }
        if (z) {
            return buildClientErrorResponse(i, getEapMethod(), EapSimAkaAttribute.AtClientErrorCode.UNABLE_TO_PROCESS);
        }
        if (!eapSimAkaTypeData.attributeMap.containsKey(11) || !z3) {
            return buildClientErrorResponse(i, getEapMethod(), EapSimAkaAttribute.AtClientErrorCode.UNABLE_TO_PROCESS);
        }
        try {
            if (!Arrays.equals(getMac(1, i, eapSimAkaTypeData, new byte[0]), ((EapSimAkaAttribute.AtMac) eapSimAkaTypeData.attributeMap.get(11)).mac)) {
                return buildClientErrorResponse(i, getEapMethod(), EapSimAkaAttribute.AtClientErrorCode.UNABLE_TO_PROCESS);
            }
            if (!z2) {
                return buildResponseMessageWithMac(i, eapSimAkaTypeData.eapSubtype, new byte[0]);
            }
            int validateReauthAkaNotifyAndGetCounter = validateReauthAkaNotifyAndGetCounter(eapSimAkaTypeData);
            EapAuthenticator.LOG.d(str, "Counter in Notification: " + validateReauthAkaNotifyAndGetCounter + ",  Expecting counter for reauth" + i2);
            if (i2 == validateReauthAkaNotifyAndGetCounter) {
                return buildResponseMessageWithMac(i, eapSimAkaTypeData.eapSubtype, new byte[0], buildReauthResponse(i2, false, this.mKEncr, new EapSimAkaAttribute.AtIv(this.mSecureRandom)), null);
            }
            return buildClientErrorResponse(i, getEapMethod(), EapSimAkaAttribute.AtClientErrorCode.UNABLE_TO_PROCESS);
        } catch (EapSilentException | EapSimAkaInvalidAttributeException e) {
            return new EapResult.EapError(e);
        }
    }

    abstract EapSimAkaTypeData getEapSimAkaTypeData(EapSimAkaAttribute.AtClientErrorCode atClientErrorCode);

    abstract EapSimAkaTypeData getEapSimAkaTypeData(int i, List<EapSimAkaAttribute> list);
}
