package com.yubico.yubikit.piv;

import androidx.activity.a;
import com.microsoft.a3rdc.rdp.RdpConstants;
import com.yubico.yubikit.core.Transport;
import com.yubico.yubikit.core.Version;
import com.yubico.yubikit.core.application.ApplicationSession;
import com.yubico.yubikit.core.application.Feature;
import com.yubico.yubikit.core.keys.PublicKeyValues;
import com.yubico.yubikit.core.smartcard.Apdu;
import com.yubico.yubikit.core.smartcard.ApduException;
import com.yubico.yubikit.core.smartcard.ApduFormat;
import com.yubico.yubikit.core.smartcard.AppId;
import com.yubico.yubikit.core.smartcard.SmartCardConnection;
import com.yubico.yubikit.core.smartcard.SmartCardProtocol;
import com.yubico.yubikit.core.util.Tlv;
import com.yubico.yubikit.core.util.Tlvs;
import com.yubico.yubikit.piv.KeyType;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.LinkedHashMap;
import java.util.Locale;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes3.dex */
public class PivSession extends ApplicationSession<PivSession> {
    public static final Feature.Versioned i = new Feature.Versioned("Curve P384", 4, 0);
    public static final Feature.Versioned j = new Feature.Versioned("PIN/Touch Policy", 4, 0);
    public static final Feature.Versioned k = new Feature.Versioned("Cached Touch Policy", 4, 3);

    /* renamed from: l, reason: collision with root package name */
    public static final Feature.Versioned f15768l;
    public static final Feature m;
    public static final Logger n;

    /* renamed from: f, reason: collision with root package name */
    public final SmartCardProtocol f15769f;
    public final Version g;
    public int h = 3;

    /* renamed from: com.yubico.yubikit.piv.PivSession$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    public class AnonymousClass1 extends Feature<PivSession> {
        @Override // com.yubico.yubikit.core.application.Feature
        public final boolean b(Version version) {
            return version.e(4, 2, 6) < 0 || version.e(4, 3, 5) >= 0;
        }
    }

    /* renamed from: com.yubico.yubikit.piv.PivSession$2, reason: invalid class name */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class AnonymousClass2 {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f15770a;

        static {
            int[] iArr = new int[KeyType.Algorithm.values().length];
            f15770a = iArr;
            try {
                iArr[0] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f15770a[1] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    static {
        new Feature.Versioned("Attestation", 4, 3);
        new Feature.Versioned("Serial Number", 5, 0);
        f15768l = new Feature.Versioned("Metadata", 5, 3);
        new Feature.Versioned("AES Management Key", 5, 4);
        m = new Feature("RSA key generation");
        n = LoggerFactory.b(PivSession.class);
    }

    public PivSession(SmartCardConnection smartCardConnection) {
        SmartCardProtocol smartCardProtocol = new SmartCardProtocol(smartCardConnection);
        this.f15769f = smartCardProtocol;
        try {
            smartCardProtocol.b(new Apdu(-92, 4, 0, AppId.f15753a));
            byte[] b = smartCardProtocol.b(new Apdu(-3, 0, 0, null));
            if (b.length < 3) {
                throw new IllegalArgumentException("Version byte array must contain 3 bytes.");
            }
            Version version = new Version(b[0], b[1], b[2]);
            this.g = version;
            if (smartCardConnection.d0() == Transport.f15731f && version.e(4, 2, 0) >= 0 && version.e(4, 2, 7) < 0) {
                smartCardProtocol.h = true;
            }
            if (smartCardConnection.m1() && version.e(4, 0, 0) >= 0) {
                smartCardProtocol.g = ApduFormat.g;
            }
            com.yubico.yubikit.core.internal.Logger.a(n, "PIV session initialized (version={})", version);
        } catch (ApduException e) {
            short s = e.f15750f;
            if (s != 27266 && s != 27904) {
                throw new IOException("Unexpected SW", e);
            }
            throw new Exception("The application couldn't be selected", e);
        }
    }

    public static PublicKeyValues j(KeyType keyType, byte[] bArr) {
        LinkedHashMap b = Tlvs.b(bArr);
        KeyType.KeyParams keyParams = keyType.g;
        if (keyParams.f15764a == KeyType.Algorithm.f15763f) {
            return new PublicKeyValues.Rsa(new BigInteger(1, (byte[]) b.get(129)), new BigInteger(1, (byte[]) b.get(130)));
        }
        if (keyParams instanceof KeyType.EcKeyParams) {
            return PublicKeyValues.Ec.b(((KeyType.EcKeyParams) keyParams).c, (byte[]) b.get(134));
        }
        throw new IllegalArgumentException("Unsupported key type");
    }

    public static byte[] k(char[] cArr) {
        ByteBuffer encode = StandardCharsets.UTF_8.encode(CharBuffer.wrap(cArr));
        try {
            int limit = encode.limit() - encode.position();
            if (limit > 8) {
                throw new IllegalArgumentException("PIN/PUK must be no longer than 8 bytes");
            }
            byte[] copyOf = Arrays.copyOf(encode.array(), 8);
            Arrays.fill(copyOf, limit, 8, (byte) -1);
            return copyOf;
        } finally {
            Arrays.fill(encode.array(), (byte) 0);
        }
    }

    @Override // com.yubico.yubikit.core.application.ApplicationSession
    public final Version a() {
        return this.g;
    }

    public final void c(KeyType keyType, PinPolicy pinPolicy, TouchPolicy touchPolicy, boolean z) {
        Version version = this.g;
        if (version.f15734f == 0) {
            return;
        }
        if (keyType == KeyType.ECCP384) {
            b(i);
        }
        if (pinPolicy != PinPolicy.DEFAULT || touchPolicy != TouchPolicy.DEFAULT) {
            b(j);
            if (touchPolicy == TouchPolicy.CACHED) {
                b(k);
            }
        }
        if (z && keyType.g.f15764a == KeyType.Algorithm.f15763f) {
            b(m);
        }
        if (version.e(4, 4, 0) < 0 || version.e(4, 5, 0) >= 0) {
            return;
        }
        if (keyType == KeyType.RSA1024) {
            throw new UnsupportedOperationException("RSA 1024 is not supported on YubiKey FIPS");
        }
        if (pinPolicy == PinPolicy.NEVER) {
            throw new UnsupportedOperationException("PinPolicy.NEVER is not allowed on YubiKey FIPS");
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public final void close() {
        this.f15769f.close();
    }

    public final X509Certificate e(Slot slot) {
        Logger logger = n;
        com.yubico.yubikit.core.internal.Logger.a(logger, "Reading certificate in slot {}", slot);
        int i2 = slot.g;
        com.yubico.yubikit.core.internal.Logger.a(logger, "Reading data from object slot {}", Integer.toString(i2, 16));
        LinkedHashMap b = Tlvs.b(Tlvs.e(83, this.f15769f.b(new Apdu(-53, 63, 255, new Tlv(92, ObjectId.a(i2)).a()))));
        byte[] bArr = (byte[]) b.get(113);
        byte[] bArr2 = (byte[]) b.get(Integer.valueOf(RdpConstants.Key.F1));
        if (bArr != null && bArr.length > 0 && bArr[0] != 0) {
            try {
                bArr2 = GzipUtils.a(bArr2);
            } catch (IOException e) {
                throw new Exception("Failed to decompress certificate", e);
            }
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr2));
        } catch (CertificateException e2) {
            throw new Exception("Failed to parse certificate: ", e2);
        }
    }

    public final int g(int i2) {
        if (i2 == 27011) {
            return 0;
        }
        if (this.g.e(1, 0, 4) < 0) {
            if (i2 < 25344 || i2 > 25599) {
                return -1;
            }
            return i2 & 255;
        }
        if (i2 < 25536 || i2 > 25551) {
            return -1;
        }
        return i2 & 15;
    }

    public final SlotMetadata i(Slot slot) {
        com.yubico.yubikit.core.internal.Logger.a(n, "Getting metadata for slot {}", slot);
        b(f15768l);
        LinkedHashMap b = Tlvs.b(this.f15769f.b(new Apdu(-9, 0, slot.f15772f, null)));
        byte[] bArr = (byte[]) b.get(2);
        byte b2 = ((byte[]) b.get(1))[0];
        for (KeyType keyType : KeyType.values()) {
            if (keyType.f15762f == b2) {
                byte b3 = bArr[0];
                if (b3 < 0 || b3 >= PinPolicy.values().length) {
                    throw new IllegalArgumentException(a.k(b3, "Not a valid PinPolicy :"));
                }
                PinPolicy pinPolicy = PinPolicy.values()[b3];
                byte b4 = bArr[1];
                for (TouchPolicy touchPolicy : TouchPolicy.values()) {
                    if (touchPolicy.f15774f == b4) {
                        byte b5 = ((byte[]) b.get(3))[0];
                        return new SlotMetadata(keyType, pinPolicy, touchPolicy, (byte[]) b.get(4));
                    }
                }
                throw new IllegalArgumentException(a.k(b4, "Not a valid TouchPolicy :"));
            }
        }
        throw new IllegalArgumentException(a.k(b2, "Not a valid KeyType:"));
    }

    public final void m(int i2, byte[] bArr) {
        com.yubico.yubikit.core.internal.Logger.a(n, "Writing data to object slot {}", Integer.toString(i2, 16));
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(92, ObjectId.a(i2));
        linkedHashMap.put(83, bArr);
        this.f15769f.b(new Apdu(-37, 63, 255, Tlvs.d(linkedHashMap)));
    }

    public final byte[] n(Slot slot, KeyType keyType, byte[] bArr, boolean z) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(130, null);
        linkedHashMap.put(Integer.valueOf(z ? 133 : 129), bArr);
        try {
            return Tlvs.e(130, Tlvs.e(RdpConstants.Key.F13, this.f15769f.b(new Apdu(-121, keyType.f15762f, slot.f15772f, new Tlv(RdpConstants.Key.F13, Tlvs.d(linkedHashMap)).a()))));
        } catch (ApduException e) {
            short s = e.f15750f;
            if (27264 == s) {
                throw new ApduException(s, String.format(Locale.ROOT, "Make sure that %s key is generated on slot %02X", keyType.name(), Integer.valueOf(slot.f15772f)));
            }
            throw e;
        }
    }

    public final void p(char[] cArr) {
        try {
            n.a("Verifying PIN");
            this.f15769f.b(new Apdu(32, 0, -128, k(cArr)));
            this.h = 3;
        } catch (ApduException e) {
            int g = g(e.f15750f);
            if (g < 0) {
                throw e;
            }
            this.h = g;
            throw new Exception(a.k(g, "Invalid PIN/PUK. Remaining attempts: "));
        }
    }
}
