package com.android.internal.net.eap.statemachine;

import android.content.Context;
import android.net.eap.EapSessionConfig;
import android.telephony.TelephonyManager;
import com.android.internal.net.eap.EapAuthenticator;
import com.android.internal.net.eap.EapResult;
import com.android.internal.net.eap.crypto.Fips186_2Prf;
import com.android.internal.net.eap.exceptions.EapInvalidRequestException;
import com.android.internal.net.eap.exceptions.EapSilentException;
import com.android.internal.net.eap.exceptions.simaka.EapSimAkaAuthenticationFailureException;
import com.android.internal.net.eap.exceptions.simaka.EapSimAkaIdentityUnavailableException;
import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidAttributeException;
import com.android.internal.net.eap.exceptions.simaka.EapSimAkaInvalidLengthException;
import com.android.internal.net.eap.message.EapMessage;
import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData;
import com.android.internal.net.eap.message.simaka.EapSimTypeData;
import com.android.internal.net.eap.statemachine.EapMethodStateMachine;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class EapSimMethodStateMachine extends EapSimAkaMethodStateMachine {
    private final EapSimTypeData.EapSimTypeDataDecoder mEapSimTypeDataDecoder;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes.dex */
    public class ChallengeState extends EapMethodStateMachine.EapMethodState {
        private final int mBytesPerShort;
        boolean mHadSuccessfulChallenge;
        final byte[] mIdentity;
        private final int mKcLenBytes;
        private final byte[] mNonce;
        private final int mSresLenBytes;
        private final String mTAG;
        private final int mVersionLenBytes;
        private final List<Integer> mVersions;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: classes.dex */
        public class RandChallengeResult {
            public final byte[] kc;
            public final byte[] sres;

            RandChallengeResult(byte[] bArr, byte[] bArr2) throws EapSimAkaInvalidLengthException {
                this.sres = bArr;
                this.kc = bArr2;
                if (bArr.length != 4) {
                    throw new EapSimAkaInvalidLengthException("Invalid SRES length");
                }
                if (bArr2.length != 8) {
                    throw new EapSimAkaInvalidLengthException("Invalid Kc length");
                }
            }

            public boolean equals(Object obj) {
                if (this == obj) {
                    return true;
                }
                if (!(obj instanceof RandChallengeResult)) {
                    return false;
                }
                RandChallengeResult randChallengeResult = (RandChallengeResult) obj;
                return Arrays.equals(this.sres, randChallengeResult.sres) && Arrays.equals(this.kc, randChallengeResult.kc);
            }

            public int hashCode() {
                return (Arrays.hashCode(this.sres) * 31) + Arrays.hashCode(this.kc);
            }
        }

        protected ChallengeState(List<Integer> list, EapSimAkaAttribute.AtNonceMt atNonceMt, byte[] bArr) {
            super();
            this.mTAG = ChallengeState.class.getSimpleName();
            this.mBytesPerShort = 2;
            this.mVersionLenBytes = 2;
            this.mSresLenBytes = 4;
            this.mKcLenBytes = 8;
            this.mHadSuccessfulChallenge = false;
            this.mVersions = list;
            this.mNonce = atNonceMt.nonceMt;
            this.mIdentity = bArr;
        }

        private byte[] getMkInputData(List<RandChallengeResult> list) {
            ByteBuffer allocate = ByteBuffer.allocate(this.mIdentity.length + (list.size() * 8) + this.mNonce.length + (this.mVersions.size() * 2) + 2);
            allocate.put(this.mIdentity);
            Iterator<RandChallengeResult> it = list.iterator();
            while (it.hasNext()) {
                allocate.put(it.next().kc);
            }
            allocate.put(this.mNonce);
            Iterator<Integer> it2 = this.mVersions.iterator();
            while (it2.hasNext()) {
                allocate.putShort((short) it2.next().intValue());
            }
            allocate.putShort((short) 1);
            return allocate.array();
        }

        RandChallengeResult getRandChallengeResultFromResponse(byte[] bArr) throws EapSimAkaInvalidLengthException {
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            if (Byte.toUnsignedInt(wrap.get()) != 4) {
                throw new EapSimAkaInvalidLengthException("Invalid SRES length specified");
            }
            byte[] bArr2 = new byte[4];
            wrap.get(bArr2);
            if (Byte.toUnsignedInt(wrap.get()) != 8) {
                throw new EapSimAkaInvalidLengthException("Invalid Kc length specified");
            }
            byte[] bArr3 = new byte[8];
            wrap.get(bArr3);
            return new RandChallengeResult(bArr2, bArr3);
        }

        List<RandChallengeResult> getRandChallengeResults(EapSimTypeData eapSimTypeData) throws EapSimAkaInvalidLengthException, EapSimAkaAuthenticationFailureException {
            List<byte[]> list = ((EapSimAkaAttribute.AtRandSim) eapSimTypeData.attributeMap.get(1)).rands;
            ArrayList arrayList = new ArrayList();
            for (byte[] bArr : list) {
                ByteBuffer allocate = ByteBuffer.allocate(bArr.length + 1);
                allocate.put((byte) bArr.length);
                allocate.put(bArr);
                RandChallengeResult randChallengeResultFromResponse = getRandChallengeResultFromResponse(EapSimMethodStateMachine.this.processUiccAuthentication(this.mTAG, 128, allocate.array()));
                arrayList.add(randChallengeResultFromResponse);
                EapAuthenticator.LOG.d(this.mTAG, "RAND=" + EapAuthenticator.LOG.pii(bArr));
                EapAuthenticator.LOG.d(this.mTAG, "SRES=" + EapAuthenticator.LOG.pii(randChallengeResultFromResponse.sres));
                EapAuthenticator.LOG.d(this.mTAG, "Kc=" + EapAuthenticator.LOG.pii(randChallengeResultFromResponse.kc));
            }
            return arrayList;
        }

        boolean isValidChallengeAttributes(EapSimTypeData eapSimTypeData) {
            Set<Integer> keySet = eapSimTypeData.attributeMap.keySet();
            return keySet.contains(1) && keySet.contains(11);
        }

        @Override // com.android.internal.net.utils.SimpleStateMachine.SimpleState
        public EapResult process(EapMessage eapMessage) {
            if (eapMessage.eapCode == 3) {
                if (this.mHadSuccessfulChallenge) {
                    EapSimMethodStateMachine.this.transitionTo((EapMethodStateMachine.EapMethodState) new EapMethodStateMachine.FinalState());
                    return new EapResult.EapSuccess(EapSimMethodStateMachine.this.mMsk, EapSimMethodStateMachine.this.mEmsk);
                }
                EapAuthenticator.LOG.e(this.mTAG, "Received unexpected EAP-Success");
                return new EapResult.EapError(new EapInvalidRequestException("Received an EAP-Success in the ChallengeState"));
            }
            EapResult handleEapSuccessFailureNotification = handleEapSuccessFailureNotification(this.mTAG, eapMessage);
            if (handleEapSuccessFailureNotification != null) {
                return handleEapSuccessFailureNotification;
            }
            EapSimAkaTypeData.DecodeResult<EapSimTypeData> decode = EapSimMethodStateMachine.this.mEapSimTypeDataDecoder.decode(eapMessage.eapData.eapTypeData);
            if (!decode.isSuccessfulDecode()) {
                return EapSimMethodStateMachine.this.buildClientErrorResponse(eapMessage.eapIdentifier, 18, decode.atClientErrorCode);
            }
            EapSimTypeData eapSimTypeData = decode.eapTypeData;
            switch (eapSimTypeData.eapSubtype) {
                case 11:
                    if (!isValidChallengeAttributes(eapSimTypeData)) {
                        EapAuthenticator.LOG.e(this.mTAG, "Invalid attributes: " + eapSimTypeData.attributeMap.keySet());
                        return EapSimMethodStateMachine.this.buildClientErrorResponse(eapMessage.eapIdentifier, 18, EapSimAkaAttribute.AtClientErrorCode.UNABLE_TO_PROCESS);
                    }
                    try {
                        List<RandChallengeResult> randChallengeResults = getRandChallengeResults(eapSimTypeData);
                        try {
                            EapSimMethodStateMachine.this.generateAndPersistKeys(this.mTAG, MessageDigest.getInstance(EapSimAkaMethodStateMachine.MASTER_KEY_GENERATION_ALG), new Fips186_2Prf(), getMkInputData(randChallengeResults));
                            try {
                                if (!EapSimMethodStateMachine.this.isValidMac(this.mTAG, eapMessage, eapSimTypeData, this.mNonce)) {
                                    return EapSimMethodStateMachine.this.buildClientErrorResponse(eapMessage.eapIdentifier, 18, EapSimAkaAttribute.AtClientErrorCode.UNABLE_TO_PROCESS);
                                }
                                ByteBuffer allocate = ByteBuffer.allocate(randChallengeResults.size() * 4);
                                Iterator<RandChallengeResult> it = randChallengeResults.iterator();
                                while (it.hasNext()) {
                                    allocate.put(it.next().sres);
                                }
                                this.mHadSuccessfulChallenge = true;
                                return EapSimMethodStateMachine.this.buildResponseMessageWithMac(eapMessage.eapIdentifier, 11, allocate.array());
                            } catch (EapSilentException | EapSimAkaInvalidAttributeException | GeneralSecurityException e) {
                                EapAuthenticator.LOG.e(this.mTAG, "Error computing MAC for EapMessage", e);
                                return new EapResult.EapError(e);
                            }
                        } catch (BufferUnderflowException | NoSuchAlgorithmException e2) {
                            EapAuthenticator.LOG.e(this.mTAG, "Error while creating keys", e2);
                            return EapSimMethodStateMachine.this.buildClientErrorResponse(eapMessage.eapIdentifier, 18, EapSimAkaAttribute.AtClientErrorCode.UNABLE_TO_PROCESS);
                        }
                    } catch (EapSimAkaAuthenticationFailureException e3) {
                        return new EapResult.EapError(e3);
                    } catch (EapSimAkaInvalidLengthException | BufferUnderflowException e4) {
                        EapAuthenticator.LOG.e(this.mTAG, "Invalid SRES/Kc tuple returned from SIM", e4);
                        return EapSimMethodStateMachine.this.buildClientErrorResponse(eapMessage.eapIdentifier, 18, EapSimAkaAttribute.AtClientErrorCode.UNABLE_TO_PROCESS);
                    }
                case 12:
                    return EapSimMethodStateMachine.this.handleEapSimAkaNotification(this.mTAG, false, false, this.mHadSuccessfulChallenge, eapMessage.eapIdentifier, 0, eapSimTypeData);
                default:
                    return EapSimMethodStateMachine.this.buildClientErrorResponse(eapMessage.eapIdentifier, 18, EapSimAkaAttribute.AtClientErrorCode.UNABLE_TO_PROCESS);
            }
        }
    }

    /* loaded from: classes.dex */
    protected class CreatedState extends EapMethodStateMachine.EapMethodState {
        private final String mTAG;

        protected CreatedState() {
            super();
            this.mTAG = CreatedState.class.getSimpleName();
        }

        @Override // com.android.internal.net.utils.SimpleStateMachine.SimpleState
        public EapResult process(EapMessage eapMessage) {
            EapResult handleEapSuccessFailureNotification = handleEapSuccessFailureNotification(this.mTAG, eapMessage);
            if (handleEapSuccessFailureNotification != null) {
                return handleEapSuccessFailureNotification;
            }
            EapSimAkaTypeData.DecodeResult<EapSimTypeData> decode = EapSimMethodStateMachine.this.mEapSimTypeDataDecoder.decode(eapMessage.eapData.eapTypeData);
            if (!decode.isSuccessfulDecode()) {
                return EapSimMethodStateMachine.this.buildClientErrorResponse(eapMessage.eapIdentifier, 18, decode.atClientErrorCode);
            }
            EapSimTypeData eapSimTypeData = decode.eapTypeData;
            switch (eapSimTypeData.eapSubtype) {
                case 10:
                    byte[] bArr = new byte[16];
                    EapSimMethodStateMachine.this.mSecureRandom.nextBytes(bArr);
                    try {
                        return (EapResult) EapSimMethodStateMachine.this.transitionAndProcess(new StartState(new EapSimAkaAttribute.AtNonceMt(bArr)), eapMessage);
                    } catch (EapSimAkaInvalidAttributeException e) {
                        EapAuthenticator.LOG.wtf(this.mTAG, "Exception thrown while creating AtNonceMt", e);
                        return new EapResult.EapError(e);
                    }
                case 11:
                default:
                    return EapSimMethodStateMachine.this.buildClientErrorResponse(eapMessage.eapIdentifier, 18, EapSimAkaAttribute.AtClientErrorCode.UNABLE_TO_PROCESS);
                case 12:
                    return EapSimMethodStateMachine.this.handleEapSimAkaNotification(this.mTAG, true, false, false, eapMessage.eapIdentifier, 0, eapSimTypeData);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes.dex */
    public class StartState extends EapMethodStateMachine.EapMethodState {
        private final EapSimAkaAttribute.AtNonceMt mAtNonceMt;
        byte[] mIdentity;
        private final String mTAG;
        private List<Integer> mVersions;

        protected StartState(EapSimAkaAttribute.AtNonceMt atNonceMt) {
            super();
            this.mTAG = StartState.class.getSimpleName();
            this.mIdentity = EapSimMethodStateMachine.this.mEapIdentity;
            this.mAtNonceMt = atNonceMt;
        }

        EapSimAkaAttribute.AtIdentity getIdentityResponse(EapSimTypeData eapSimTypeData) throws EapSimAkaInvalidAttributeException, EapSimAkaIdentityUnavailableException {
            Set<Integer> keySet = eapSimTypeData.attributeMap.keySet();
            if (!keySet.contains(10) && !keySet.contains(17) && !keySet.contains(13)) {
                return null;
            }
            String subscriberId = EapSimMethodStateMachine.this.mTelephonyManager.getSubscriberId();
            if (subscriberId == null) {
                throw new EapSimAkaIdentityUnavailableException("IMSI for subId (" + EapSimMethodStateMachine.this.mEapUiccConfig.getSubId() + ") not available");
            }
            String str = "1" + subscriberId;
            this.mIdentity = str.getBytes(StandardCharsets.US_ASCII);
            EapAuthenticator.LOG.d(this.mTAG, "EAP-SIM/Identity=" + EapAuthenticator.LOG.pii(str));
            return EapSimAkaAttribute.AtIdentity.getAtIdentity(this.mIdentity);
        }

        boolean isValidStartAttributes(EapSimTypeData eapSimTypeData) {
            Set<Integer> keySet = eapSimTypeData.attributeMap.keySet();
            if (!keySet.contains(15)) {
                return false;
            }
            int i = keySet.contains(10) ? 0 + 1 : 0;
            if (keySet.contains(13)) {
                i++;
            }
            if (keySet.contains(17)) {
                i++;
            }
            return (i > 1 || keySet.contains(11) || keySet.contains(Integer.valueOf(EapSimAkaAttribute.EAP_AT_IV)) || keySet.contains(Integer.valueOf(EapSimAkaAttribute.EAP_AT_ENCR_DATA))) ? false : true;
        }

        @Override // com.android.internal.net.utils.SimpleStateMachine.SimpleState
        public EapResult process(EapMessage eapMessage) {
            EapResult handleEapSuccessFailureNotification = handleEapSuccessFailureNotification(this.mTAG, eapMessage);
            if (handleEapSuccessFailureNotification != null) {
                return handleEapSuccessFailureNotification;
            }
            EapSimAkaTypeData.DecodeResult<EapSimTypeData> decode = EapSimMethodStateMachine.this.mEapSimTypeDataDecoder.decode(eapMessage.eapData.eapTypeData);
            if (!decode.isSuccessfulDecode()) {
                return EapSimMethodStateMachine.this.buildClientErrorResponse(eapMessage.eapIdentifier, 18, decode.atClientErrorCode);
            }
            EapSimTypeData eapSimTypeData = decode.eapTypeData;
            switch (eapSimTypeData.eapSubtype) {
                case 10:
                    if (!isValidStartAttributes(eapSimTypeData)) {
                        EapAuthenticator.LOG.e(this.mTAG, "Invalid attributes: " + eapSimTypeData.attributeMap.keySet());
                        return EapSimMethodStateMachine.this.buildClientErrorResponse(eapMessage.eapIdentifier, 18, EapSimAkaAttribute.AtClientErrorCode.UNABLE_TO_PROCESS);
                    }
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(this.mAtNonceMt);
                    this.mVersions = ((EapSimAkaAttribute.AtVersionList) eapSimTypeData.attributeMap.get(15)).versions;
                    if (!this.mVersions.contains(1)) {
                        return EapSimMethodStateMachine.this.buildClientErrorResponse(eapMessage.eapIdentifier, 18, EapSimAkaAttribute.AtClientErrorCode.UNSUPPORTED_VERSION);
                    }
                    arrayList.add(EapSimAkaAttribute.AtSelectedVersion.getSelectedVersion());
                    try {
                        EapSimAkaAttribute.AtIdentity identityResponse = getIdentityResponse(eapSimTypeData);
                        if (identityResponse != null) {
                            arrayList.add(identityResponse);
                        }
                        return EapSimMethodStateMachine.this.buildResponseMessage(18, 10, eapMessage.eapIdentifier, arrayList);
                    } catch (EapSimAkaIdentityUnavailableException e) {
                        EapAuthenticator.LOG.e(this.mTAG, "Unable to get IMSI for subId=" + EapSimMethodStateMachine.this.mEapUiccConfig.getSubId());
                        return new EapResult.EapError(e);
                    } catch (EapSimAkaInvalidAttributeException e2) {
                        EapAuthenticator.LOG.wtf(this.mTAG, "Exception thrown while making AtIdentity attribute", e2);
                        return new EapResult.EapError(e2);
                    }
                case 11:
                    return (EapResult) EapSimMethodStateMachine.this.transitionAndProcess(new ChallengeState(this.mVersions, this.mAtNonceMt, this.mIdentity), eapMessage);
                case 12:
                    return EapSimMethodStateMachine.this.handleEapSimAkaNotification(this.mTAG, true, false, false, eapMessage.eapIdentifier, 0, eapSimTypeData);
                default:
                    return EapSimMethodStateMachine.this.buildClientErrorResponse(eapMessage.eapIdentifier, 18, EapSimAkaAttribute.AtClientErrorCode.UNABLE_TO_PROCESS);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EapSimMethodStateMachine(Context context, byte[] bArr, EapSessionConfig.EapSimConfig eapSimConfig, SecureRandom secureRandom) {
        this((TelephonyManager) context.getSystemService("phone"), bArr, eapSimConfig, secureRandom, EapSimTypeData.getEapSimTypeDataDecoder());
    }

    EapSimMethodStateMachine(TelephonyManager telephonyManager, byte[] bArr, EapSessionConfig.EapSimConfig eapSimConfig, SecureRandom secureRandom, EapSimTypeData.EapSimTypeDataDecoder eapSimTypeDataDecoder) {
        super(telephonyManager.createForSubscriptionId(eapSimConfig.getSubId()), bArr, eapSimConfig);
        if (eapSimTypeDataDecoder == null) {
            throw new IllegalArgumentException("EapSimTypeDataDecoder must be non-null");
        }
        this.mSecureRandom = secureRandom;
        this.mEapSimTypeDataDecoder = eapSimTypeDataDecoder;
        transitionTo((EapMethodStateMachine.EapMethodState) new CreatedState());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.android.internal.net.eap.statemachine.EapMethodStateMachine
    public int getEapMethod() {
        return 18;
    }

    @Override // com.android.internal.net.eap.statemachine.EapSimAkaMethodStateMachine
    /* bridge */ /* synthetic */ EapSimAkaTypeData getEapSimAkaTypeData(int i, List list) {
        return getEapSimAkaTypeData(i, (List<EapSimAkaAttribute>) list);
    }

    @Override // com.android.internal.net.eap.statemachine.EapSimAkaMethodStateMachine
    EapSimTypeData getEapSimAkaTypeData(int i, List<EapSimAkaAttribute> list) {
        return new EapSimTypeData(i, list);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.android.internal.net.eap.statemachine.EapSimAkaMethodStateMachine
    public EapSimTypeData getEapSimAkaTypeData(EapSimAkaAttribute.AtClientErrorCode atClientErrorCode) {
        return new EapSimTypeData(14, (List<EapSimAkaAttribute>) Arrays.asList(atClientErrorCode));
    }
}
