package com.daon.fido.client.sdk.ados;

import android.content.Context;
import android.os.Bundle;
import android.util.Base64;
import androidx.camera.camera2.internal.C2046e;
import com.daon.fido.client.sdk.authMan.D;
import com.daon.fido.client.sdk.core.impl.c;
import com.daon.fido.client.sdk.exts.d;
import com.daon.fido.client.sdk.exts.p;
import com.daon.fido.client.sdk.exts.r;
import com.daon.fido.client.sdk.exts.y;
import com.daon.sdk.crypto.cert.CertificateValidator;
import com.daon.sdk.crypto.cert.ICertificateValidator;
import com.daon.sdk.crypto.cert.IRevocationTimer;
import com.daon.sdk.crypto.cert.RevocationTimer;
import com.daon.sdk.crypto.log.LogUtils;

/* loaded from: classes.dex */
public class a implements r {

    /* renamed from: a, reason: collision with root package name */
    private final p f30004a = y.a();

    /* renamed from: b, reason: collision with root package name */
    private ICertificateValidator f30005b = new CertificateValidator();

    /* renamed from: c, reason: collision with root package name */
    private IRevocationTimer f30006c;

    private IRevocationTimer a(Context context) {
        if (this.f30006c == null) {
            this.f30006c = new RevocationTimer(context);
        }
        return this.f30006c;
    }

    private void a(Context context, String str, boolean z10) {
        if (z10) {
            try {
                if (!a(context).isRevocationRequired(c.h().g())) {
                    LogUtils.INSTANCE.logDebug(context, "ADoS Root Certificate cached and no revocation check required. Don't validate.");
                }
            } catch (Exception e10) {
                String a10 = C2046e.a(e10, new StringBuilder("Failed to validate data encryption certificate. "));
                LogUtils.INSTANCE.logError(context, a10);
                throw new d(a10, e10);
            }
        }
        LogUtils logUtils = LogUtils.INSTANCE;
        logUtils.logDebug(context, "Validate ADoS Root Certificate");
        byte[][] b10 = com.daon.fido.client.sdk.crypto.a.b(str);
        byte[][] a11 = a();
        if (a11 != null) {
            this.f30005b.validateCertificateChain(b10, a11, c.h().g());
        } else {
            logUtils.logWarn(context, "No ADoS root certificate supplied.");
        }
    }

    private byte[][] a() {
        String string = c.h().g().getString("com.daon.sdk.ados.rootCert", null);
        if (string != null) {
            return new byte[][]{Base64.decode(string, 0)};
        }
        return null;
    }

    @Override // com.daon.fido.client.sdk.exts.r
    public Bundle a(Context context, D d10) {
        if (this.f30005b != null) {
            CertificateValidator certificateValidator = new CertificateValidator();
            certificateValidator.setCertIdParamName("com.daon.sdk.ados.decId");
            this.f30005b = certificateValidator;
        }
        String a10 = this.f30004a.a("com.daon.sdk.ados.decChain", (String) null);
        if (a10 != null) {
            String b10 = b.b(context);
            boolean z10 = b10 != null && b10.equals(a10);
            a(context, a10, z10);
            if (!z10) {
                b.c(context, a10);
                try {
                    b.a(context, com.daon.fido.client.sdk.crypto.a.a(a10).getEncoded());
                } catch (Exception e10) {
                    String a11 = C2046e.a(e10, new StringBuilder("Failed to get DEK from DEC chain. "));
                    LogUtils.INSTANCE.logError(context, a11);
                    throw new d(a11, e10);
                }
            }
            b.d(context, this.f30004a.a("com.daon.sdk.ados.dekId", (String) null));
        }
        return null;
    }
}
