package com.android.internal.net.eap.statemachine;

import android.annotation.Nullable;
import android.content.Context;
import android.net.eap.EapSessionConfig;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.crypto.KeyGenerationUtils;
import com.android.internal.net.eap.EapAuthenticator;
import com.android.internal.net.eap.EapResult;
import com.android.internal.net.eap.crypto.HmacSha256ByteSigner;
import com.android.internal.net.eap.message.EapMessage;
import com.android.internal.net.eap.message.simaka.EapAkaPrimeTypeData;
import com.android.internal.net.eap.message.simaka.EapAkaTypeData;
import com.android.internal.net.eap.message.simaka.EapSimAkaAttribute;
import com.android.internal.net.eap.message.simaka.EapSimAkaTypeData;
import com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine;
import com.android.internal.net.eap.statemachine.EapMethodStateMachine;
import java.nio.BufferOverflowException;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.LinkedHashMap;
import java.util.List;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/android/internal/net/eap/statemachine/EapAkaPrimeMethodStateMachine.class */
public class EapAkaPrimeMethodStateMachine extends EapAkaMethodStateMachine {
    public static final int K_AUT_LEN = 32;
    public static final int K_RE_LEN = 32;
    private static final String AKA_PRIME_IDENTITY_PREFIX = "6";
    private static final int SUPPORTED_KDF = 1;
    private static final int FC = 32;
    private static final int SQN_XOR_AK_LEN = 6;
    private static final int IK_PRIME_LENGTH = 16;
    private static final int CK_PRIME_LENGTH = 16;
    private static final String MAC_ALGORITHM_STRING = "HmacSHA256";
    private static final String MK_DATA_PREFIX = "EAP-AKA'";
    private static final int MK_LEN_BYTES = 208;
    public final byte[] mKRe;
    private final EapSessionConfig.EapAkaPrimeConfig mEapAkaPrimeConfig;
    private final EapAkaPrimeTypeData.EapAkaPrimeTypeDataDecoder mEapAkaPrimeTypeDataDecoder;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/android/internal/net/eap/statemachine/EapAkaPrimeMethodStateMachine$ChallengeState.class */
    public class ChallengeState extends EapAkaMethodStateMachine.ChallengeState {
        private final String mTAG;

        ChallengeState() {
            super(EapAkaPrimeMethodStateMachine.this);
            this.mTAG = ChallengeState.class.getSimpleName();
        }

        ChallengeState(byte[] bArr) {
            super(bArr);
            this.mTAG = ChallengeState.class.getSimpleName();
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine.ChallengeState
        public EapResult handleChallengeAuthentication(EapMessage eapMessage, EapAkaTypeData eapAkaTypeData) {
            EapAkaPrimeTypeData eapAkaPrimeTypeData = (EapAkaPrimeTypeData) eapAkaTypeData;
            return !isValidChallengeAttributes(eapAkaPrimeTypeData) ? buildAuthenticationRejectMessage(eapMessage.eapIdentifier) : super.handleChallengeAuthentication(eapMessage, eapAkaPrimeTypeData);
        }

        @VisibleForTesting
        boolean isValidChallengeAttributes(EapAkaPrimeTypeData eapAkaPrimeTypeData) {
            LinkedHashMap<Integer, EapSimAkaAttribute> linkedHashMap = eapAkaPrimeTypeData.attributeMap;
            if (!linkedHashMap.containsKey(24) || !linkedHashMap.containsKey(23) || ((EapSimAkaAttribute.AtKdf) linkedHashMap.get(24)).kdf != 1) {
                return false;
            }
            EapSimAkaAttribute.AtKdfInput atKdfInput = (EapSimAkaAttribute.AtKdfInput) linkedHashMap.get(23);
            if (atKdfInput.networkName.length == 0) {
                return false;
            }
            return EapAkaPrimeMethodStateMachine.this.mEapAkaPrimeConfig.allowsMismatchedNetworkNames() || hasMatchingNetworkNames(EapAkaPrimeMethodStateMachine.this.mEapAkaPrimeConfig.getNetworkName(), new String(atKdfInput.networkName, StandardCharsets.UTF_8));
        }

        @VisibleForTesting
        boolean hasMatchingNetworkNames(String str, String str2) {
            if (str.isEmpty() || str2.isEmpty()) {
                return true;
            }
            String[] split = str.split(":");
            String[] split2 = str2.split(":");
            int min = Math.min(split.length, split2.length);
            for (int i = 0; i < min; i++) {
                if (!split[i].equals(split2[i])) {
                    EapAuthenticator.LOG.i(this.mTAG, "EAP-AKA' network names don't match. Peer: " + EapAuthenticator.LOG.pii(str) + ", Server: " + EapAuthenticator.LOG.pii(str2));
                    return false;
                }
            }
            return true;
        }

        @Override // com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine.ChallengeState
        @Nullable
        protected EapResult generateAndPersistEapAkaKeys(EapAkaMethodStateMachine.ChallengeState.RandChallengeResult randChallengeResult, int i, EapAkaTypeData eapAkaTypeData) {
            try {
                byte[] deriveCkIkPrime = deriveCkIkPrime(randChallengeResult, (EapSimAkaAttribute.AtKdfInput) eapAkaTypeData.attributeMap.get(23), (EapSimAkaAttribute.AtAutn) eapAkaTypeData.attributeMap.get(2));
                ByteBuffer allocate = ByteBuffer.allocate(32);
                allocate.put(deriveCkIkPrime, 16, 16);
                allocate.put(deriveCkIkPrime, 0, 16);
                ByteBuffer allocate2 = ByteBuffer.allocate(EapAkaPrimeMethodStateMachine.MK_DATA_PREFIX.length() + this.mIdentity.length);
                allocate2.put(EapAkaPrimeMethodStateMachine.MK_DATA_PREFIX.getBytes(StandardCharsets.US_ASCII));
                allocate2.put(this.mIdentity);
                ByteBuffer wrap = ByteBuffer.wrap(KeyGenerationUtils.prfPlus(HmacSha256ByteSigner.getInstance(), allocate.array(), allocate2.array(), 208));
                wrap.get(EapAkaPrimeMethodStateMachine.this.mKEncr);
                wrap.get(EapAkaPrimeMethodStateMachine.this.mKAut);
                wrap.get(EapAkaPrimeMethodStateMachine.this.mKRe);
                wrap.get(EapAkaPrimeMethodStateMachine.this.mMsk);
                wrap.get(EapAkaPrimeMethodStateMachine.this.mEmsk);
                EapAuthenticator.LOG.d(this.mTAG, "K_encr=" + EapAuthenticator.LOG.pii(EapAkaPrimeMethodStateMachine.this.mKEncr));
                EapAuthenticator.LOG.d(this.mTAG, "K_aut=" + EapAuthenticator.LOG.pii(EapAkaPrimeMethodStateMachine.this.mKAut));
                EapAuthenticator.LOG.d(this.mTAG, "K_re=" + EapAuthenticator.LOG.pii(EapAkaPrimeMethodStateMachine.this.mKRe));
                EapAuthenticator.LOG.d(this.mTAG, "MSK=" + EapAuthenticator.LOG.pii(EapAkaPrimeMethodStateMachine.this.mMsk));
                EapAuthenticator.LOG.d(this.mTAG, "EMSK=" + EapAuthenticator.LOG.pii(EapAkaPrimeMethodStateMachine.this.mEmsk));
                return null;
            } catch (BufferOverflowException | BufferUnderflowException | GeneralSecurityException e) {
                EapAuthenticator.LOG.e(this.mTAG, "Error while generating keys", e);
                return EapAkaPrimeMethodStateMachine.this.buildClientErrorResponse(i, EapAkaPrimeMethodStateMachine.this.getEapMethod(), EapSimAkaAttribute.AtClientErrorCode.UNABLE_TO_PROCESS);
            }
        }

        @VisibleForTesting
        byte[] deriveCkIkPrime(EapAkaMethodStateMachine.ChallengeState.RandChallengeResult randChallengeResult, EapSimAkaAttribute.AtKdfInput atKdfInput, EapSimAkaAttribute.AtAutn atAutn) throws GeneralSecurityException {
            byte[] copyOf = Arrays.copyOf(atAutn.autn, 6);
            ByteBuffer allocate = ByteBuffer.allocate(1 + atKdfInput.networkName.length + 2 + 6 + 2);
            allocate.put((byte) 32);
            allocate.put(atKdfInput.networkName);
            allocate.putShort((short) atKdfInput.networkName.length);
            allocate.put(copyOf);
            allocate.putShort((short) 6);
            ByteBuffer allocate2 = ByteBuffer.allocate(randChallengeResult.ck.length + randChallengeResult.ik.length);
            allocate2.put(randChallengeResult.ck);
            allocate2.put(randChallengeResult.ik);
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(allocate2.array(), "HmacSHA256"));
            return mac.doFinal(allocate.array());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EapAkaPrimeMethodStateMachine(Context context, byte[] bArr, EapSessionConfig.EapAkaPrimeConfig eapAkaPrimeConfig) {
        this(context, bArr, eapAkaPrimeConfig, EapAkaPrimeTypeData.getEapAkaPrimeTypeDataDecoder());
    }

    @VisibleForTesting
    protected EapAkaPrimeMethodStateMachine(Context context, byte[] bArr, EapSessionConfig.EapAkaPrimeConfig eapAkaPrimeConfig, EapAkaPrimeTypeData.EapAkaPrimeTypeDataDecoder eapAkaPrimeTypeDataDecoder) {
        super(context, bArr, eapAkaPrimeConfig);
        this.mKRe = new byte[getKReLen()];
        this.mEapAkaPrimeConfig = eapAkaPrimeConfig;
        this.mEapAkaPrimeTypeDataDecoder = eapAkaPrimeTypeDataDecoder;
        transitionTo((EapMethodStateMachine.EapMethodState) new EapAkaMethodStateMachine.CreatedState());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine, com.android.internal.net.eap.statemachine.EapMethodStateMachine
    public int getEapMethod() {
        return 50;
    }

    @Override // com.android.internal.net.eap.statemachine.EapSimAkaMethodStateMachine
    protected int getKAutLength() {
        return 32;
    }

    protected int getKReLen() {
        return 32;
    }

    @Override // com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine
    protected EapSimAkaTypeData.DecodeResult<EapAkaTypeData> decode(byte[] bArr) {
        return this.mEapAkaPrimeTypeDataDecoder.decode(bArr);
    }

    @Override // com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine
    protected String getIdentityPrefix() {
        return AKA_PRIME_IDENTITY_PREFIX;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine
    public ChallengeState buildChallengeState() {
        return new ChallengeState();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine
    public ChallengeState buildChallengeState(byte[] bArr) {
        return new ChallengeState(bArr);
    }

    @Override // com.android.internal.net.eap.statemachine.EapSimAkaMethodStateMachine
    protected String getMacAlgorithm() {
        return "HmacSHA256";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine, com.android.internal.net.eap.statemachine.EapSimAkaMethodStateMachine
    public EapAkaPrimeTypeData getEapSimAkaTypeData(EapSimAkaAttribute.AtClientErrorCode atClientErrorCode) {
        return new EapAkaPrimeTypeData(14, (List<EapSimAkaAttribute>) Arrays.asList(atClientErrorCode));
    }

    @Override // com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine, com.android.internal.net.eap.statemachine.EapSimAkaMethodStateMachine
    EapAkaPrimeTypeData getEapSimAkaTypeData(int i, List<EapSimAkaAttribute> list) {
        return new EapAkaPrimeTypeData(i, list);
    }

    @Override // com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine, com.android.internal.net.eap.statemachine.EapSimAkaMethodStateMachine
    /* bridge */ /* synthetic */ EapAkaTypeData getEapSimAkaTypeData(int i, List list) {
        return getEapSimAkaTypeData(i, (List<EapSimAkaAttribute>) list);
    }

    @Override // com.android.internal.net.eap.statemachine.EapAkaMethodStateMachine, com.android.internal.net.eap.statemachine.EapSimAkaMethodStateMachine
    /* bridge */ /* synthetic */ EapSimAkaTypeData getEapSimAkaTypeData(int i, List list) {
        return getEapSimAkaTypeData(i, (List<EapSimAkaAttribute>) list);
    }
}
