package samples;

import java.nio.charset.Charset;
import java.util.Arrays;
import javax.xml.bind.DatatypeConverter;
import tss.Helpers;
import tss.InByteBuf;
import tss.Tpm;
import tss.TpmException;
import tss.TpmHelpers;
import tss.tpm.CreatePrimaryResponse;
import tss.tpm.CreateResponse;
import tss.tpm.EncryptDecryptResponse;
import tss.tpm.ReadPublicResponse;
import tss.tpm.StartAuthSessionResponse;
import tss.tpm.TPM2B_DATA;
import tss.tpm.TPM2B_DIGEST_Symcipher;
import tss.tpm.TPM2B_ENCRYPTED_SECRET;
import tss.tpm.TPM2B_ID_OBJECT;
import tss.tpm.TPM2B_PRIVATE;
import tss.tpm.TPM2B_PUBLIC;
import tss.tpm.TPM2B_PUBLIC_KEY_RSA;
import tss.tpm.TPMA_OBJECT;
import tss.tpm.TPMS_KEYEDHASH_PARMS;
import tss.tpm.TPMS_NULL_ASYM_SCHEME;
import tss.tpm.TPMS_PCR_SELECTION;
import tss.tpm.TPMS_RSA_PARMS;
import tss.tpm.TPMS_SCHEME_HMAC;
import tss.tpm.TPMS_SENSITIVE_CREATE;
import tss.tpm.TPMS_SYMCIPHER_PARMS;
import tss.tpm.TPMT_PUBLIC;
import tss.tpm.TPMT_SYM_DEF;
import tss.tpm.TPMT_SYM_DEF_OBJECT;
import tss.tpm.TPM_ALG_ID;
import tss.tpm.TPM_HANDLE;
import tss.tpm.TPM_PT;
import tss.tpm.TPM_RC;
import tss.tpm.TPM_RH;
import tss.tpm.TPM_SE;

/* loaded from: input_file:samples/DrsClient.class */
public class DrsClient {
    static final TPM_HANDLE SRK_PersHandle = TPM_HANDLE.persistent(1);
    static final TPM_HANDLE EK_PersHandle = TPM_HANDLE.persistent(65537);
    static final TPM_HANDLE ID_KEY_PersHandle = TPM_HANDLE.persistent(256);
    static final TPMT_SYM_DEF_OBJECT Aes128SymDef = new TPMT_SYM_DEF_OBJECT(TPM_ALG_ID.AES, 128, TPM_ALG_ID.CFB);
    static final TPMT_SYM_DEF_OBJECT NullSymDef = new TPMT_SYM_DEF_OBJECT(TPM_ALG_ID.AES, 128, TPM_ALG_ID.CFB);
    static final TPMT_PUBLIC EK_Template = new TPMT_PUBLIC(TPM_ALG_ID.SHA256, new TPMA_OBJECT(TPMA_OBJECT.restricted, TPMA_OBJECT.decrypt, TPMA_OBJECT.fixedTPM, TPMA_OBJECT.fixedParent, TPMA_OBJECT.adminWithPolicy, TPMA_OBJECT.sensitiveDataOrigin), DatatypeConverter.parseHexBinary("837197674484b3f81a90cc8d46a5d724fd52d76e06520b64f2a1da1b331469aa"), new TPMS_RSA_PARMS(Aes128SymDef, new TPMS_NULL_ASYM_SCHEME(), 2048, 0), new TPM2B_PUBLIC_KEY_RSA());
    static final TPMT_PUBLIC SRK_Template = new TPMT_PUBLIC(TPM_ALG_ID.SHA256, new TPMA_OBJECT(TPMA_OBJECT.restricted, TPMA_OBJECT.decrypt, TPMA_OBJECT.fixedTPM, TPMA_OBJECT.fixedParent, TPMA_OBJECT.noDA, TPMA_OBJECT.userWithAuth, TPMA_OBJECT.sensitiveDataOrigin), new byte[0], new TPMS_RSA_PARMS(Aes128SymDef, new TPMS_NULL_ASYM_SCHEME(), 2048, 0), new TPM2B_PUBLIC_KEY_RSA());

    static void Print(String str, Object... objArr) {
        System.out.printf(str + (str.endsWith("\n") ? "" : "\n"), objArr);
    }

    static void ClearPersistent(Tpm tpm, TPM_HANDLE tpm_handle, String str) {
        tpm._allowErrors().ReadPublic(tpm_handle);
        TPM_RC _getLastResponseCode = tpm._getLastResponseCode();
        if (_getLastResponseCode == TPM_RC.SUCCESS) {
            Print("Deleting persistent %s 0x%08X", str, Integer.valueOf(tpm_handle.handle));
            tpm.EvictControl(TPM_HANDLE.from(TPM_RH.OWNER), tpm_handle, tpm_handle);
            Print("Successfully deleted persistent %s 0x%08X", str, Integer.valueOf(tpm_handle.handle));
        } else if (_getLastResponseCode == TPM_RC.HANDLE) {
            Print("%s 0x%08X does not exist", str, Integer.valueOf(tpm_handle.handle));
        } else {
            Print("Unexpected failure <%s> of TPM2_ReadPublic for %s 0x%08X", _getLastResponseCode, str, Integer.valueOf(tpm_handle.handle));
        }
    }

    static TPMT_PUBLIC CreatePersistentPrimary(Tpm tpm, TPM_HANDLE tpm_handle, TPM_RH tpm_rh, TPMT_PUBLIC tpmt_public, String str) {
        ReadPublicResponse ReadPublic = tpm._allowErrors().ReadPublic(tpm_handle);
        TPM_RC _getLastResponseCode = tpm._getLastResponseCode();
        if (_getLastResponseCode == TPM_RC.SUCCESS) {
            Print(">> %s already exists\r\n", str);
            return ReadPublic.outPublic;
        }
        if (_getLastResponseCode != TPM_RC.HANDLE) {
            Print("Unexpected failure {%s} of TPM2_ReadPublic for %s 0x%08X", _getLastResponseCode.name(), str, tpm_handle);
            return null;
        }
        CreatePrimaryResponse CreatePrimary = tpm.CreatePrimary(TPM_HANDLE.from(tpm_rh), new TPMS_SENSITIVE_CREATE(new byte[0], new byte[0]), tpmt_public, new byte[0], new TPMS_PCR_SELECTION[0]);
        Print(">> Successfully created transient %s 0x%08X\r\n", str, Integer.valueOf(CreatePrimary.handle.handle));
        tpm.EvictControl(TPM_HANDLE.from(TPM_RH.OWNER), CreatePrimary.handle, tpm_handle);
        Print(">> Successfully persisted %s as 0x%08X\r\n", str, Integer.valueOf(tpm_handle.handle));
        tpm.FlushContext(CreatePrimary.handle);
        return CreatePrimary.outPublic;
    }

    static byte[] SignData(Tpm tpm, TPMT_PUBLIC tpmt_public, byte[] bArr) {
        TPM_ALG_ID tpm_alg_id = ((TPMS_SCHEME_HMAC) ((TPMS_KEYEDHASH_PARMS) tpmt_public.parameters).scheme).hashAlg;
        int tpmProperty = TpmHelpers.getTpmProperty(tpm, TPM_PT.INPUT_BUFFER);
        if (bArr.length <= tpmProperty) {
            return tpm.HMAC(ID_KEY_PersHandle, bArr, tpm_alg_id);
        }
        int i = 0;
        int length = bArr.length;
        TPM_HANDLE HMAC_Start = tpm.HMAC_Start(ID_KEY_PersHandle, new byte[0], tpm_alg_id);
        do {
            tpm.SequenceUpdate(HMAC_Start, Arrays.copyOfRange(bArr, i, i + tpmProperty));
            length -= tpmProperty;
            i += tpmProperty;
        } while (length > tpmProperty);
        return tpm.SequenceComplete(HMAC_Start, Arrays.copyOfRange(bArr, i, i + length), TPM_HANDLE.from(TPM_RH.NULL)).result;
    }

    public static void runProvisioningSequence(Tpm tpm) {
        try {
        } catch (TpmException e) {
            Print("A TPM operations FAILED: error {%s}; message \"%s\"", e.ResponseCode == null ? "<NONE>" : e.ResponseCode.name(), e.getMessage());
        } catch (Exception e2) {
            Print("An operation FAILED: Error message: \"%s\"", e2.getMessage());
        }
        if (CmdLine.isOptionPresent("clear", "c")) {
            System.out.println("Clearing keys ...");
            ClearPersistent(tpm, EK_PersHandle, "EK");
            ClearPersistent(tpm, SRK_PersHandle, "SRK");
            ClearPersistent(tpm, ID_KEY_PersHandle, "ID");
            return;
        }
        TPMT_PUBLIC CreatePersistentPrimary = CreatePersistentPrimary(tpm, EK_PersHandle, TPM_RH.ENDORSEMENT, EK_Template, "EK");
        TPMT_PUBLIC CreatePersistentPrimary2 = CreatePersistentPrimary(tpm, SRK_PersHandle, TPM_RH.OWNER, SRK_Template, "SRK");
        byte[] bArr = new byte[4096];
        byte[] tpm2 = new TPM2B_PUBLIC(CreatePersistentPrimary).toTpm();
        byte[] tpm3 = new TPM2B_PUBLIC(CreatePersistentPrimary2).toTpm();
        int GetActivationBlob2 = DrsServer.GetActivationBlob2(tpm, tpm2, tpm2.length, tpm3, tpm3.length, bArr, 4096);
        if (GetActivationBlob2 <= 0) {
            throw new Exception("Unexpected DRS failure");
        }
        InByteBuf inByteBuf = new InByteBuf(Arrays.copyOfRange(bArr, 0, GetActivationBlob2));
        TPM2B_ID_OBJECT fromTpm = TPM2B_ID_OBJECT.fromTpm(inByteBuf);
        Print("credBlob end: %d", Integer.valueOf(inByteBuf.curPos()));
        TPM2B_ENCRYPTED_SECRET fromTpm2 = TPM2B_ENCRYPTED_SECRET.fromTpm(inByteBuf);
        Print("encSecret end: %d", Integer.valueOf(inByteBuf.curPos()));
        TPM2B_PRIVATE fromTpm3 = TPM2B_PRIVATE.fromTpm(inByteBuf);
        Print("idKeyDupBlob end: %d", Integer.valueOf(inByteBuf.curPos()));
        TPM2B_ENCRYPTED_SECRET fromTpm4 = TPM2B_ENCRYPTED_SECRET.fromTpm(inByteBuf);
        Print("encWrapKey end: %d", Integer.valueOf(inByteBuf.curPos()));
        TPM2B_PUBLIC fromTpm5 = TPM2B_PUBLIC.fromTpm(inByteBuf);
        Print("idKeyPub end: %d", Integer.valueOf(inByteBuf.curPos()));
        TPM2B_DATA fromTpm6 = TPM2B_DATA.fromTpm(inByteBuf);
        Print("encUriData end: %d", Integer.valueOf(inByteBuf.curPos()));
        StartAuthSessionResponse StartAuthSession = tpm.StartAuthSession(TPM_HANDLE.NULL, TPM_HANDLE.NULL, Helpers.getRandom(20), new byte[0], TPM_SE.POLICY, new TPMT_SYM_DEF(TPM_ALG_ID.NULL, 0, TPM_ALG_ID.NULL), TPM_ALG_ID.SHA256);
        tpm.PolicySecret(TPM_HANDLE.from(TPM_RH.ENDORSEMENT), StartAuthSession.handle, new byte[0], new byte[0], new byte[0], 0);
        byte[] ActivateCredential = tpm._withSessions(TPM_HANDLE.pwSession(new byte[0]), StartAuthSession.handle).ActivateCredential(SRK_PersHandle, EK_PersHandle, fromTpm.credential, fromTpm2.secret);
        TPMT_SYM_DEF_OBJECT tpmt_sym_def_object = new TPMT_SYM_DEF_OBJECT(TPM_ALG_ID.AES, ActivateCredential.length * 8, TPM_ALG_ID.CFB);
        TPM_HANDLE Load = tpm.Load(SRK_PersHandle, tpm.Import(SRK_PersHandle, ActivateCredential, fromTpm5.publicArea, fromTpm3, fromTpm4.secret, tpmt_sym_def_object), fromTpm5.publicArea);
        ClearPersistent(tpm, ID_KEY_PersHandle, "ID Key");
        tpm.EvictControl(TPM_HANDLE.from(TPM_RH.OWNER), Load, ID_KEY_PersHandle);
        Print("Successfully created persistent %s 0x%08X\r\n", "ID Key", Integer.valueOf(ID_KEY_PersHandle.handle));
        tpm.FlushContext(Load);
        int tpmProperty = TpmHelpers.getTpmProperty(tpm, TPM_PT.INPUT_BUFFER);
        if (fromTpm6.buffer.length > tpmProperty) {
            throw new Exception("Too long encrypted URI data string. Max supported length is " + Integer.toString(tpmProperty));
        }
        CreateResponse Create = tpm.Create(SRK_PersHandle, new TPMS_SENSITIVE_CREATE(new byte[0], ActivateCredential), new TPMT_PUBLIC(TPM_ALG_ID.SHA256, new TPMA_OBJECT(TPMA_OBJECT.decrypt, TPMA_OBJECT.fixedTPM, TPMA_OBJECT.fixedParent, TPMA_OBJECT.userWithAuth), new byte[0], new TPMS_SYMCIPHER_PARMS(tpmt_sym_def_object), new TPM2B_DIGEST_Symcipher()), new byte[0], new TPMS_PCR_SELECTION[0]);
        TPM_HANDLE Load2 = tpm.Load(SRK_PersHandle, Create.outPrivate, Create.outPublic);
        EncryptDecryptResponse EncryptDecrypt = tpm.EncryptDecrypt(Load2, (byte) 1, TPM_ALG_ID.CFB, new byte[ActivateCredential.length], fromTpm6.buffer);
        Print("Decrypted URI data size: %d", Integer.valueOf(EncryptDecrypt.outData.length));
        Print("Decrypted URI [for native]: %s", new String(EncryptDecrypt.outData, Charset.forName("UTF-8")));
        Print("Decrypted URI [for java]: %s", new String(EncryptDecrypt.outData));
        tpm.FlushContext(Load2);
        byte[] random = Helpers.getRandom(2550);
        if (DrsServer.VerifyIdSignature(tpm, random, SignData(tpm, fromTpm5.publicArea, random)) != TPM_RC.SUCCESS.toInt()) {
            throw new Exception("Failed to verify a signature created by the new Device ID key");
        }
        Print("Successfully verified a signature created by the new Device ID key", new Object[0]);
        Print("RunProvisioningSequence finished!", new Object[0]);
    }
}
